authlib
authlib copied to clipboard
lepture
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
**Describe the bug** authlib.integrations.requests_client.OAuth2Session does not set a default http 'User-Agent' header **Error Stacks** N/A **To Reproduce** ```python from authlib.integrations.base_client import FrameworkIntegration from authlib.integrations.flask_client import FlaskOAuth2App oauth_app = FlaskOAuth2App( FrameworkIntegration('keycloak'),...
This is a follow-up of #657, that concerned the server-side implementation: > The client itself only supports S256. We need to add support for plain for the client.
Hi, We are trying to get the OpenID certification for our identity manager, and one of the tests registers a client with two `redirect_uri`, and then makes a request with...
**The OAuth2 `leeway` marks short-lived valid token as expired breaking the flow** In my case IdP returns `access_token` which is valid 59 seconds. It **does not** return `refresh_token`. The `leeway`...
**OAuthError: invalid_client: Client authentication failed** I have successfully built 3 SSOs already, on Google, on Facebook, and on Twitter (X). Now I am trying to do the same with LinkedIn....
It would be nice for Authlib to support [Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc9126.html) described in RFC9126. This would be a complement to #723 Basically, it consists in letting clients push a JWT...
I suggest to implement the [Initiating User Registration via OpenID Connect 1.0](https://openid.net/specs/openid-connect-prompt-create-1_0.html) spec. It adds a `create` prompt value that is supposed to be used to redirect users to a...
As [OIDC core §3.1.2.6](https://openid.net/specs/openid-connect-core-1_0.html#AuthError) indicates, a `consent_required` error should be raised on the authorization endpoint when `prompt=none` but the end-user have not given their consent: > consent_required The Authorization Server...
[OIDC Core §3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) details a `max_age` claim that indicate the maximum age of the session of authenticated users until they need to authenticate anew. > max_age OPTIONAL. Maximum Authentication Age....
[RFC 9728 OAuth 2.0 Protected Resource Metadata](https://www.rfc-editor.org/rfc/rfc9728.html) details how resource servers can provide metada about themselves, and among other thing, from which AS they would accept tokens. This is very...