Supported features and platforms¶
OAuth 1 is fully supported per the RFC for both clients and providers. Extensions and variations that are outside the spec are not supported.
- HMAC-SHA1, RSA-SHA1 and plaintext signatures.
- Signature placement in header, url or body.
OAuth 2.0 client and provider support for:
- RFC6749#section-4.1: Authorization Code Grant
- RFC6749#section-4.2: Implicit Grant
- RFC6749#section-4.3: Resource Owner Password Credentials Grant
- RFC6749#section-4.4: Client Credentials Grant
- RFC6749#section-6: Refresh Tokens
- RFC6750: Bearer Tokens
- RFC7009: Token Revocation
- RFC Draft MAC tokens
- OAuth2.0 Provider: OpenID Connect Core
- OAuth2.0 Provider: RFC7636: Proof Key for Code Exchange by OAuth Public Clients (PKCE)
- OAuth2.0 Provider: RFC7662: Token Introspection
- OAuth2.0 Provider: RFC8414: Authorization Server Metadata
Features to be implemented (any help/PR are welcomed):
- OAuth2.0 Client: OpenID Connect Core
- OAuth2.0 Client: RFC7636: Proof Key for Code Exchange by OAuth Public Clients (PKCE)
- OAuth2.0 Client: RFC7662: Token Introspection
- OAuth2.0 Client: RFC8414: Authorization Server Metadata
- SAML2
- Bearer JWT as Client Authentication
- Dynamic client registration
- OpenID Discovery
- OpenID Session Management
- …and more
Supported platforms¶
OAuthLib is mainly developed/tested on 64 bit Linux but works on Unix (incl. OS X) and Windows as well. Unless you are using the RSA features of OAuth 1 you should be able to use OAuthLib on any platform that supports Python. If you use RSA you are limited to the platforms supported by cryptography.