authlib
authlib copied to clipboard
lepture
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
Per https://datatracker.ietf.org/doc/html/rfc7521#section-4.1, client_id parameter, although optional, can still be passed when using assertions as authorization grants. Adding a way to pass that id to refresh token body. **What kind of...
At work, there's confusion around the license. It looks like it's open source BSD license, but the website says the it's BSD only for open source projects. I believed that's...
[Documented](https://docs.authlib.org/en/latest/client/requests.html?highlight=verify#self-signed-certificate) way of dealing with self signed certificates by setting `CURL_CA_BUNDLE=""` env variable will not work with `requests` from [version 2.28.0](https://requests.readthedocs.io/en/latest/community/updates/#release-history) onward due to > Fixed bug where setting CURL_CA_BUNDLE...
In `generate_token` method we are getting default generator with: `func = self._token_generators.get('default')`. **What kind of change does this PR introduce?** (check at least one) - [ ] Bugfix - [...
The documentation for authlib.integrations.httpx_client.OAuth1Client suggests it supports passing in a realm argument, but it actually calls it OAuth1Session, which probably means it is a copy-paste from the requests section. https://docs.authlib.org/en/latest/client/api.html?highlight=realm#authlib.integrations.httpx_client.OAuth1Client.fetch_request_token...
i am currently making oauth 1 signed requests using the `requests-oauthlib` library. ```python from requests_oauthlib import OAuth1Session self.session = OAuth1Session( OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, oauth_token, oauth_token_secret, signature_type='auth_header', realm='http://api.twitter.com' ) self.session.headers = self.default_headers...
**Is your feature request related to a problem? Please describe.** We use python with strict typing at our organization which means we have to add a bunch of "type: ignore"...
**Is your feature request related to a problem? Please describe.** For now, `authorize_access_token` directly parses the parameters of GET/POST request and process it. I can't reuse only "processing" part without...
**Describe the bug** This issue is related to #222 * `kid` is optional in JWK, [RFC7517](https://datatracker.ietf.org/doc/html/rfc7517#section-4.5) * `kid` is optional in JWS header, [RFC7515](https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.4) If JWKS only one key specifies...
I've succesfully implemented an OAuth2/OIDC provider using authlib. But now stumbled upon a issue where a clients is not able to actually use the id_token (in addition to the access...
