Awesome Open Source
Awesome Open Source


Build Status Coverage Status PyPI Version Maintainability Follow Twitter

The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.

Authlib is compatible with Python2.7+ and Python3.6+.

Authlib v1.0 will only support Python 3.6+.


If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at
A blogging and podcast hosting platform with minimal design but powerful features. Host your blog and Podcast with

Fund Authlib to access additional features


Generic, spec-compliant implementation to build clients and providers:

Connect third party OAuth providers with Authlib built-in client integrations:

Build your own OAuth 1.0, OAuth 2.0, and OpenID Connect providers:

Useful Links

  1. Homepage:
  2. Documentation:
  3. Purchase Commercial License:
  4. Blog:
  5. Twitter:
  6. StackOverflow:
  7. Other Repositories:
  8. Subscribe Tidelift:

Security Reporting

If you found security bugs, please do not send a public issue or patch. You can send me email at [email protected]. Attachment with patch is welcome. My PGP Key fingerprint is:

72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C

Or, you can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.


Authlib offers two licenses:


Companies can purchase a commercial license at Authlib Plans.

If your company is creating a closed source OAuth provider, it is strongly suggested that your company purchasing a commercial license.


If you need any help, you can always ask questions on StackOverflow with a tag of "Authlib". DO NOT ASK HELP IN GITHUB ISSUES.

We also provide commercial consulting and supports. You can find more information at

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
python (55,471
django (1,052
flask (540
jwt (414
oauth2 (315
oauth (176
openid-connect (70
oidc (47
oauth2-server (39
jws (20
jose (19
jwe (17
oauth2-provider (17