./security/py-authlib, Ultimate Python library in building OAuth and OpenID Connect servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.6.9, Package name: py313-authlib-1.6.9, Maintainer: pkgsrc-users

OAuth often seems complicated and difficult-to-implement. There are several
prominent libraries for handling OAuth requests, but they all suffer from one
or both of the following:

* They predate the OAuth 1.0 spec, AKA RFC 5849.
* They predate the OAuth 2.0 spec, AKA RFC 6749.
* They assume the usage of a specific HTTP request library.

OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
client support onto your favorite HTTP library, or provider support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.


Required to run:
[devel/py-setuptools] [security/py-cryptography] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 161.264 KB

Version history: (Expand)

CVS history: (Expand)


   2026-03-02 12:40:57 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.9

1.6.9

Changes in jose module

Not using header's jwk automatically
Add ES256K into default jwt algorithms
Remove deprecated algorithm from default registry
Generate random cek when cek length doesn't match
   2026-02-15 13:58:15 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.8

1.6.8
Bug fixes
   2026-02-07 08:58:08 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.7

1.6.7
Set supported algorithms for the default jwt instance.
   2025-12-12 13:08:17 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.6

1.6.6

get_jwt_config takes a client parameter.
Fix incorrect signature when Content-Type is x-www-form-urlencoded for OAuth 1.0 \ 
Client.
Use expires_in in OAuth2Token when expires_at is unparsable.
Always track state in session for OAuth client integrations.
   2025-10-03 07:43:47 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.5

1.6.5
Unknown changes
   2025-09-22 12:47:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.4

1.6.4

fix(jose): prevent public/unprotected header overwriting protected header
Fix InsecureTransportError raising
Add conventional-commits pre-commit hook
Fix response_mode=form_post with Starlette client
Specify README.md as project long description
Migrate tests to pytest paradigm
jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
Use explicit *.test urls in unit tests
   2025-08-26 20:56:16 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.3

1.6.3

Add diff-cover check in GHA
Run GHA unit tests with uv
Move from pre-commit to prek
Sign OIDC id_token according to id_token_signed_response_alg client metadata
   2025-08-25 10:20:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.2

1.6.2
Allow insecure transport for 127.0.0.1 for debugging
Raise a MissingCodeError when code parameter is missing
Temporarily restore OAuth2Request body parameter
Raise MissingCodeException when code parameter is missing
Fix id_token generation with EdDSA alg