Features and platforms

OAuth 1.0a

OAuth 1.0a is fully supported for both clients and providers.

All standard signature methods defined in RFC 5849 The OAuth 1.0 Protocol are supported:

  • RSA-SHA1

Non-standard signature methods that replaces SHA-1 with stronger digest algorithms are also supported:

  • HMAC-SHA256
  • HMAC-SHA512
  • RSA-SHA256
  • RSA-SHA512

The OAuth 1.0a signature can be placed in the header, URL or body of the request.

OAuth 2.0

OAuth 2.0 full client and provider supports for:

Only OAuth2.0 Provider has been implemented:

Only OAuth2.0 Client has been implemented:

Missing features:

  • SAML2
  • Bearer JWT as Client Authentication
  • Dynamic client registration
  • OpenID Discovery
  • OpenID Session Management

Any help are welcomed and will be carefully reviewed and integrated to the project. Don’t hesitate to be part of the community !


OAuthLib is mainly developed and tested on 64-bit Linux. It works on Unix and Unix-like operating systems (including macOS), as well as Microsoft Windows.

It should work on any platform that supports Python, if features requiring RSA public-key cryptography is not used.

If features requiring RSA public-key cryptography is used (e.g RSA-SHA1 and RS256), it should work on any platform supported by PyCA’s cryptography package. RSA features require installing additional packages: see the installation instructions for details.