Python: OAuth Library [closed]

Answer 1

OAuth official website recommends both rauth and oauthlib. Quoting them regarding rauth:

Max Countryman maintains the rauth and it is considered the most up-to-date and unit-tested implementation of OAuth for Python.

Regarding oauthlib:

Another great library is OAuthlib which implements the latest RFC, including client and server.

UPDATE: Feb 9th, 2019

Both libraries are still mentioned in the OAuth recommended libs for Python, but looking at their Github page, oauthlib has been more frequently maintained.

Answer 2

Use Kenneth Reitz's awesome requests library along with the requests-oauth plugin linked off of http://docs.python-requests.org/en/latest/community/out-there/

Answer 3

Check out Mike Knapp's library on GitHub. Nice and simple, no install needed. And works on Google App Engine.

Answer 4

I think Leah Culver's python-oauth (that you've already found) is the best starting point even though it's not complete.

Leah has a mirror up on github which would make it easy to collaborate: http://github.com/leah/python-oauth/tree/master/oauth/

Update: As it stands today, it looks like SimpleGeo's python-oauth2 is the best starting point.

Answer 5

Rauth is the new best answer as far as I'm concerned. Wraps requests library and it's well-maintained.

Answer 6

Yet another answer to the 9-year-old question. The following are libraries for OAuth 2.0 and OpenID Connect and sample implementations written in Python. Note that they use Authlete as a backend service.

1. authlete-python : library for Python (GitHub, PyPI)
2. authlete-python-django : library for Django (GitHub, PyPI)
3. django-oauth-server : sample implementation of an authorization server
4. django-resource-server : sample implementation of a resource server

The question was posted in 2009. Since then, many important specifications have been developed. The following are some examples.

• 2012, Oct - RFC 6749, The OAuth 2.0 Authorization Framework
• 2012, Oct - RFC 6750, The OAuth 2.0 Authorization Framework: Bearer Token Usage
• 2014, Nov - OpenID Connect Core 1.0
• 2014, Nov - OpenID Connect Discovery 1.0
• 2014, Nov - OpenID Connect Dynamic Client Registration 1.0
• 2015, Sep - RFC 7636, Proof Key for Code Exchange by OAuth Public Clients
• 2018, Oct - Financial-grade API (FAPI) Implementer's Draft 2 (Part 1, Part 2)
• 2019, Feb - OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0
• 2019, Aug - RFC 8628, OAuth 2.0 Device Authorization Grant
• (Draft) - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens

Now the volume of specifications related to OAuth 2.0 and OpenID Connect is huge, full-fledged implementations are rare. For example, at the time of this writing (Aug 20, 2019), the number of certified OpenID Provider implementations that support Financial-grade API (FAPI) is just 4. Also, the number of certified OpenID Provider implementations that support Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP and Form Post OP is 5. (Authlete is the only implementation that is included in both)

The following are some consideration points for OAuth 2.0 implementations:

1. RFC 7636 support (important for security)
2. OpenID Connect support (or just OAuth 2.0?)
3. Financial-grade API (FAPI) support, if you need higher security. See "Financial-grade API (FAPI), explained by an implementer" for technical details.