Supported features and platforms

OAuth 1 is fully supported per the RFC for both clients and providers. Extensions and variations that are outside the spec are not supported.

  • HMAC-SHA1, RSA-SHA1 and plaintext signatures.
  • Signature placement in header, url or body.

OAuth 2.0 client and provider support for:

Features to be implemented (any help/PR are welcomed):

  • OAuth2.0 Client: OpenID Connect Core
  • OAuth2.0 Client: RFC7636: Proof Key for Code Exchange by OAuth Public Clients (PKCE)
  • OAuth2.0 Client: RFC7662: Token Introspection
  • OAuth2.0 Client: RFC8414: Authorization Server Metadata
  • SAML2
  • Bearer JWT as Client Authentication
  • Dynamic client registration
  • OpenID Discovery
  • OpenID Session Management
  • …and more

Supported platforms

OAuthLib is mainly developed/tested on 64 bit Linux but works on Unix (incl. OS X) and Windows as well. Unless you are using the RSA features of OAuth 1 you should be able to use OAuthLib on any platform that supports Python. If you use RSA you are limited to the platforms supported by cryptography.