Features and platforms¶
OAuth 1.0a is fully supported for both clients and providers.
All standard signature methods defined in RFC 5849 The OAuth 1.0 Protocol are supported:
Non-standard signature methods that replaces SHA-1 with stronger digest algorithms are also supported:
The OAuth 1.0a signature can be placed in the header, URL or body of the request.
OAuth 2.0 full client and provider supports for:
- RFC 6749 section-4.1: Authorization Code Grant
- RFC 6749 section-4.2: Implicit Grant
- RFC 6749 section-4.3: Resource Owner Password Credentials Grant
- RFC 6749 section-4.4: Client Credentials Grant
- RFC 6749 section-6: Refresh Tokens
- RFC 6750: Bearer Tokens
- RFC 7009: Token Revocation
- RFC 7636: Proof Key for Code Exchange by OAuth Public Clients (PKCE)
- RFC Draft Message Authentication Code (MAC) Tokens
Only OAuth2.0 Provider has been implemented:
Only OAuth2.0 Client has been implemented:
- RFC 8628: Device Authorization Grant
- Bearer JWT as Client Authentication
- Dynamic client registration
- OpenID Discovery
- OpenID Session Management
Any help are welcomed and will be carefully reviewed and integrated to the project. Don’t hesitate to be part of the community !
OAuthLib is mainly developed and tested on 64-bit Linux. It works on Unix and Unix-like operating systems (including macOS), as well as Microsoft Windows.
It should work on any platform that supports Python, if features requiring RSA public-key cryptography is not used.
If features requiring RSA public-key cryptography is used (e.g RSA-SHA1 and RS256), it should work on any platform supported by PyCA’s cryptography package. RSA features require installing additional packages: see the installation instructions for details.