https://github.com/authlib/authlib
django flask jose jwe jwk jws jwt oauth oauth2 oauth2-provider oauth2-server oidc openid-connect
Score: 32.623957694301765
Last synced: about 23 hours ago
JSON representation
Repository metadata:
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS, JWE, JWK, JWA, JWT included.
- Host: GitHub
- URL: https://github.com/authlib/authlib
- Owner: authlib
- License: bsd-3-clause
- Created: 2017-10-27T06:52:26.000Z (over 8 years ago)
- Default Branch: main
- Last Pushed: 2026-05-21T03:20:51.000Z (30 days ago)
- Last Synced: 2026-06-13T00:30:51.074Z (7 days ago)
- Topics: django, flask, jose, jwe, jwk, jws, jwt, oauth, oauth2, oauth2-provider, oauth2-server, oidc, openid-connect
- Language: Python
- Homepage: https://authlib.org
- Size: 3.8 MB
- Stars: 5,343
- Watchers: 56
- Forks: 539
- Open Issues: 140
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Security: .github/SECURITY.md
-
Funding:
- Github: authlib, lepture
Owner metadata:
- Name: Authlib
- Login: authlib
- Email:
- Kind: organization
- Description: The ultimate Python library in building OAuth and OpenID Connect servers.
- Website: https://authlib.org/
- Location: Japan
- Twitter: authlib
- Company:
- Icon url: https://avatars.githubusercontent.com/u/32964472?v=4
- Repositories: 12
- Last Synced at: 2026-04-03T07:12:35.268Z
- Profile URL: https://github.com/authlib
GitHub Events
Total
- Create event: 10
- Delete event: 4
- Fork event: 24
- Issue comment event: 91
- Issues event: 50
- Pull request event: 38
- Pull request review comment event: 20
- Pull request review event: 32
- Push event: 39
- Release event: 3
- Watch event: 209
- Total: 520
Last Year
- Create event: 10
- Delete event: 4
- Fork event: 24
- Issue comment event: 91
- Issues event: 50
- Pull request event: 38
- Pull request review comment event: 20
- Pull request review event: 32
- Push event: 39
- Release event: 3
- Watch event: 209
- Total: 520
Committers metadata
Last synced: 3 months ago
Total Commits: 1,529
Total Committers: 139
Avg Commits per committer: 11.0
Development Distribution Score (DDS): 0.233
Commits in past year: 194
Committers in past year: 12
Avg Commits per committer in past year: 16.167
Development Distribution Score (DDS) in past year: 0.356
| Name | Commits | |
|---|---|---|
| Hsiaoming Yang | m****e@l****m | 1172 |
| Éloi Rivard | e****i@y****p | 175 |
| Ber Zoidberg | b****g@g****m | 7 |
| Kai A. Hiller | g****t@k****e | 4 |
| Kartik Ohri | k****3@g****m | 4 |
| Jaap Roes | j****s@l****l | 4 |
| Félix Rohrlich | f****x@y****p | 4 |
| Tom Christie | t****m@t****m | 3 |
| Rogier van der Geer | r****r@g****m | 3 |
| Pablo Marti | p****o@a****u | 3 |
| Nikita Spivachuk | n****k@d****m | 3 |
| Grey Li | w****i@g****m | 3 |
| Alex Ball | a****l | 3 |
| Dong | l****y@g****m | 2 |
| François Voron | f****n@g****m | 2 |
| Bastian Venthur | m****l@v****e | 2 |
| princekhunt | i****o@p****m | 2 |
| Tomasz Kontusz | t****z@g****m | 2 |
| Tim Gates | t****s@i****m | 2 |
| Thomas Scholtes | g****r@a****m | 2 |
| Jacopo Nespolo | j****o@e****t | 2 |
| Mario Jimenez Carrasco | m****o@g****m | 2 |
| Randy Duodu | d****9@g****m | 2 |
| Dave Hallam | d****b@y****m | 2 |
| Jay Turner | j****r@k****o | 2 |
| Vlad Dmitrievich | 2****s@g****m | 2 |
| Thibault | t****t@T****l | 2 |
| Max Murashov | m****v@r****u | 2 |
| Borislav Ivanov | b****v@h****m | 1 |
| Cattī Crūdēlēs | 1****7 | 1 |
| and 109 more... | ||
Issue and Pull Request metadata
Last synced: 5 months ago
Total issues: 47
Total pull requests: 53
Average time to close issues: about 1 year
Average time to close pull requests: 9 days
Total issue authors: 34
Total pull request authors: 19
Average comments per issue: 1.79
Average comments per pull request: 0.7
Merged pull request: 30
Bot issues: 0
Bot pull requests: 1
Past year issues: 32
Past year pull requests: 46
Past year average time to close issues: about 1 month
Past year average time to close pull requests: 9 days
Past year issue authors: 20
Past year pull request authors: 13
Past year average comments per issue: 1.06
Past year average comments per pull request: 0.59
Past year merged pull request: 24
Past year bot issues: 0
Past year bot pull requests: 1
Top Issue Authors
- azmeuk (11)
- markhobson (3)
- bendavis78 (2)
- InfernalAzazel (1)
- Jsalaz1989 (1)
- MaidScientistIzutsumiMarin (1)
- kimminw00 (1)
- rcludwick (1)
- NomAnor (1)
- ziwang-com (1)
- spenhand (1)
- hfroot (1)
- agentydragon (1)
- Aetylus (1)
- se7entynine (1)
Top Pull Request Authors
- azmeuk (23)
- lepture (5)
- shc261392 (3)
- zachswasey (3)
- EpicWink (2)
- MartinPaulEve (2)
- Aetylus (2)
- aliaksei-protchanka (2)
- jdeepee (1)
- AL-Cybision (1)
- yannj-fr (1)
- V02460 (1)
- hxtmdev (1)
- kursataktas (1)
- thibault-tiro (1)
Top Issue Labels
- spec (7)
- role:authorization_server (6)
- documentation (5)
- bug (4)
- client (3)
- server (3)
- integration:httpx (2)
- jose (2)
- good first issue (2)
- spec:rfc6749 (1)
- Security (1)
- question (1)
- role:client (1)
- integration:flask (1)
- integration:requests (1)
Top Pull Request Labels
- bug (2)
- role:authorization_server (2)
- documentation (1)
- feature request (1)
- dependencies (1)
- github_actions (1)
Package metadata
- Total packages: 4
-
Total downloads:
- conda: 6,996 total
- pypi: 130,503,737 last-month
- Total docker downloads: 62,849,134
- Total dependent packages: 161 (may contain duplicates)
- Total dependent repositories: 2,188 (may contain duplicates)
- Total versions: 121
- Total maintainers: 1
- Total advisories: 12
pypi.org: authlib
The ultimate Python library in building OAuth and OpenID Connect servers and clients.
- Homepage:
- Documentation: https://docs.authlib.org/
- Licenses: BSD-3-Clause
- Latest release: 1.7.2 (published about 1 month ago)
- Last Synced: 2026-06-13T18:11:11.511Z (6 days ago)
- Versions: 63
- Dependent Packages: 157
- Dependent Repositories: 2,180
- Downloads: 130,503,737 Last month
- Docker Downloads: 62,849,134
-
Rankings:
- Downloads: 0.103%
- Dependent packages count: 0.15%
- Dependent repos count: 0.236%
- Docker downloads count: 0.618%
- Average: 0.816%
- Stargazers count: 1.123%
- Forks count: 2.665%
- Maintainers (1)
-
Funding:
- https://github.com/sponsors/lepture
-
Advisories:
- Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type
- Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect
- Authlib: Cross-site request forging when using cache
- Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
- Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
- Authlib JWS JWK Header Injection: Signature Verification Bypass
- Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
- Authlib has 1-click Account Takeover vulnerability
- Authlib : JWE zip=DEF decompression bomb enables DoS
- Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
- Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
- Authlib has algorithm confusion with asymmetric public keys
proxy.golang.org: github.com/authlib/authlib
- Homepage:
- Documentation: https://pkg.go.dev/github.com/authlib/authlib#section-documentation
- Licenses: bsd-3-clause
- Latest release: v1.7.2 (published about 1 month ago)
- Last Synced: 2026-06-13T00:02:26.340Z (7 days ago)
- Versions: 42
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Dependent packages count: 5.488%
- Average: 5.672%
- Dependent repos count: 5.857%
anaconda.org: authlib
The ultimate Python library in building OAuth and OpenID Connect servers. It is designed from low level specifications implementations to high level frameworks integrations, to meet the needs of everyone.
- Homepage: https://authlib.org
- Licenses: BSD-3-Clause
- Latest release: 1.7.2 (published 11 days ago)
- Last Synced: 2026-06-08T23:03:57.523Z (11 days ago)
- Versions: 14
- Dependent Packages: 4
- Dependent Repositories: 8
- Downloads: 6,996 Total
-
Rankings:
- Dependent packages count: 11.114%
- Stargazers count: 13.772%
- Forks count: 17.638%
- Average: 20.523%
- Dependent repos count: 39.565%
spack.io: py-authlib
The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
- Homepage: https://github.com/authlib/authlib
- Licenses: []
- Latest release: 1.6.7 (published 4 months ago)
- Last Synced: 2026-06-13T00:02:25.919Z (7 days ago)
- Versions: 2
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Dependent repos count: 0.0%
- Average: 26.511%
- Dependent packages count: 53.022%
Dependencies
- actions/checkout v2 composite
- github/codeql-action/analyze v1 composite
- github/codeql-action/init v1 composite
- actions/checkout v2 composite
- actions/setup-python v2 composite
- codecov/codecov-action v1 composite
- cryptography >=3.2
- coverage * test
- cryptography * test
- pytest * test
- anyio * test
- cachelib * test
- django * test
- flask * test
- httpx * test
- pytest-asyncio * test
- requests * test
- starlette * test
- werkzeug * test
- Django * test
- pytest-django * test
- Flask * test
- Flask-SQLAlchemy * test
- Django *
- Flask *
- SQLAlchemy *
- cryptography *
- httpx >=0.18.2
- pycryptodomex >=3.10,<4
- requests *
- shibuya *
- sphinx ==6.2.1
- sphinx-copybutton ==0.5.2
- sphinx-design ==0.4.1
- starlette *
- actions/checkout v3 composite
- actions/download-artifact v3 composite
- actions/setup-python v4 composite
- actions/upload-artifact v3 composite
- pypa/gh-action-pypi-publish release/v1 composite