Supported features and platforms


OAuth 1.0a

OAuth 1.0a is fully supported for both clients and providers.

All standard signature methods defined in RFC 5849 The OAuth 1.0 Protocol are supported:

  • RSA-SHA1

Non-standard signature methods that replaces SHA-1 with stronger digest algorithms are also supported:

  • HMAC-SHA256
  • HMAC-SHA512
  • RSA-SHA256
  • RSA-SHA512

The OAuth 1.0a signature can be placed in the header, URL or body of the request.

OAuth 2.0

OAuth 2.0 client and provider support for:

Features to be implemented (any help/PR are welcomed):

  • OAuth2.0 Client: OpenID Connect Core
  • OAuth2.0 Client: RFC 7636: Proof Key for Code Exchange by OAuth Public Clients (PKCE)
  • OAuth2.0 Client: RFC 7662: Token Introspection
  • OAuth2.0 Client: RFC 8414: Authorization Server Metadata
  • SAML2
  • Bearer JWT as Client Authentication
  • Dynamic client registration
  • OpenID Discovery
  • OpenID Session Management
  • …and more


OAuthLib is mainly developed and tested on 64-bit Linux. It works on Unix and Unix-like operating systems (including macOS), as well as Microsoft Windows.

It should work on any platform that supports Python, if features requiring RSA public-key cryptography is not used.

If features requiring RSA public-key cryptography is used (e.g RSA-SHA1 and RS256), it should work on any platform supported by PyCA’s cryptography package. RSA features require installing additional packages: see the installation instructions for details.