OAuth 1.0a is fully supported for both clients and providers.
All standard signature methods defined in RFC 5849 The OAuth 1.0 Protocol are supported:
- HMAC-SHA1
- RSA-SHA1
- PLAINTEXT
Non-standard signature methods that replaces SHA-1 with stronger digest algorithms are also supported:
- HMAC-SHA256
- HMAC-SHA512
- RSA-SHA256
- RSA-SHA512
The OAuth 1.0a signature can be placed in the header, URL or body of the request.
OAuth 2.0 full client and provider supports for:
- RFC 6749 section-4.1: Authorization Code Grant
- RFC 6749 section-4.2: Implicit Grant
- RFC 6749 section-4.3: Resource Owner Password Credentials Grant
- RFC 6749 section-4.4: Client Credentials Grant
- RFC 6749 section-6: Refresh Tokens
- RFC 6750: Bearer Tokens
- RFC 7009: Token Revocation
- RFC 7636: Proof Key for Code Exchange by OAuth Public Clients (PKCE)
- RFC Draft Message Authentication Code (MAC) Tokens
Only OAuth2.0 Provider has been implemented:
- OpenID Connect Core
- RFC 7662: Token Introspection
- RFC 8414: Authorization Server Metadata
Only OAuth2.0 Client has been implemented:
- RFC 8628: Device Authorization Grant
Missing features:
- SAML2
- Bearer JWT as Client Authentication
- Dynamic client registration
- OpenID Discovery
- OpenID Session Management
Any help are welcomed and will be carefully reviewed and integrated to the project. Don't hesitate to be part of the community !
OAuthLib is mainly developed and tested on 64-bit Linux. It works on Unix and Unix-like operating systems (including macOS), as well as Microsoft Windows.
It should work on any platform that supports Python, if features requiring RSA public-key cryptography is not used.
If features requiring RSA public-key cryptography is used (e.g RSA-SHA1 and RS256), it should work on any platform supported by PyCA's cryptography package. RSA features require installing additional packages: see the installation instructions for details.