flask-dance icon indicating copy to clipboard operation
flask-dance copied to clipboard
verified publisher icon singingwolfboy

Comparison vs authlib/loginpass

Open cancan101 opened this issue 6 years ago • 5 comments

As part of the README, it would be helpful to have a comparison section vs alternative libraries. authlib/loginpass seems the most relevant.

cancan101 avatar Apr 24 '19 00:04 cancan101

I don't really want to do that. Those things are rarely genuine or truthful and I don't see much need to compare ourselves to anyone else. It takes a second to skim each README and make up your own mind. We might want to explain a bit better what flask-Dance does in the README, but that's about it.

daenney avatar Apr 24 '19 06:04 daenney

That's a shame; some sort of comparison (even if just admitting these are competing libraries) would be useful IMO.

It appears that:

  • the projects share the common goal of supporting the "Login with (your_favorite_provider)" use-case.
  • flask-dance depends on oauthlib for the OAuth implemention; loginpass uses its own (authlib)
  • loginpass feels like a very bare-bones demo for authlib, while flask-dance has more configuration/options, documentation, quickstart apps, etc.

Unfortunately both projects' README do not mention OpenID Connect, which is an extension of OAuth2 intended to be used for authentication, but I've verified that using loginpass with Google does the OIDC "Authorization Code" Flow as described in Google's docs:

  • passing the additional openid scope, and a random nonce.
  • querying the OIDC "token endpoint" as part of the authentication process instead of getting an OAuth2 token and then using it to make yet another request for the user information.

flask-dance on the other hand appears to implement a plain OAuth2 (without the OpenID Connect extensions) flow, like loginpass' predecessor https://github.com/lepture/flask-oauthlib did.

nickolay avatar Oct 03 '19 17:10 nickolay

@nickolay: your comparison feels accurate to me. Would you like to make a pull request to the docs directory of this project, and add it to the documentation?

singingwolfboy avatar Oct 04 '19 07:10 singingwolfboy

@singingwolfboy Thanks for confirming! I'm going to pass on making a PR for this, but if anyone else wants to reuse any part of my comment to make a proper PR, they should feel free to do so.

nickolay avatar Oct 05 '19 02:10 nickolay

Thanks for mention loginpass. Yes, loginpass is a very simple wrapper around authlib.

@nickdirienzo

Unfortunately both projects' README do not mention OpenID Connect

No, loginpass readme "Features" section has:

It supports OAuth 1, OAuth 2 and OpenID Connect for now.

Apparently, loginpass is still in its early stage, and lacks of documentation.

lepture avatar Oct 24 '19 08:10 lepture