License Confusion

[rcludwick]

At work, there's confusion around the license. It looks like it's open source BSD license, but the website says the it's BSD only for open source projects. I believed that's been fixed in the repo, but not the website.

I believe two things will solve this.

1. Remove the commercial license from the repo and move it to the website or clarify the license is for commercial support only.
2. Clarify that all projects may use the BSD license, but that purchased support will follow the commercial license.

It's a great library. I'd hate to not use it because of this.

[bjmc]

I know developers don't always control the purse strings, but IMHO if your company is making money using free software, you should just pony up for a commercial license to support the authors of that software. Getting cheap about this stuff is how you wind up with two part-time devs maintaining core infrastructure out of the goodness of their hearts.

[rcludwick]

@bjmc

I think you're absolutely spot on here. And that's a conversation that needs to happen with managers, not typically the devs -- because as you say, we don't hold the purse strings -- and I certainly don't here.

But as I understand the license terms of this project, purchasing of commercial support is not required for commercial use. And that's what I want clarified.

Otherwise this project is not open source under the various definitions of open source software.

[lepture]

As said on readme:

If your company is creating a closed source OAuth provider, it is strongly suggested that your company purchasing a commercial license.

No confusion from readme.

[rcludwick]

1. We're not creating our own closed source OAuth provider. We're using the client functionality. For an oauth client $1000/yr is too much.

Also It should be pretty clear I'm using the django_client from this github issue in 2020.

#216

2. The website says this:

Authlib Licenses
Authlib offers two licenses, one is BSD for open source projects, one is a commercial license for closed source projects.

https://docs.authlib.org/en/latest/community/licenses.html

So license lawyers read that and it's pretty clear that if true, then your software really isn't OSS.

I recommend you using the same language from the README on the website.

[v3ss0n]

Then , if i start a startup project using authlib , just for Social Login do i have to pay? I won't even know if i would make money or not.

[lepture]

@v3ss0n You don't have to. Just choose the BSD license.

[v3ss0n]

Oh , then thats great , we have confusion in opensource community with permissive licensing , should we use yours or not.
Better clear it up somewhere in which cases , it is not eligible for this lib to be used. Like for example Building A competing Close Source Product like Auth0 that uses your library and sell. (I think thats the case?)
I had mentioned about this case in below topic , in case you want to explain.

[rcludwick]

I think this sums up the situation perfectly.

litestar-org/litestar#878 (comment)

Website says one thing. Pypi says another. This comment thread says a third.