惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
P
Privacy International News Feed
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
NISL@THU
NISL@THU
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
GbyAI
GbyAI
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
CERT Recently Published Vulnerability Notes
N
Netflix TechBlog - Medium
S
Security Affairs
Spread Privacy
Spread Privacy
罗磊的独立博客
腾讯CDC
MyScale Blog
MyScale Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
L
LINUX DO - 热门话题
The Cloudflare Blog
L
LangChain Blog
博客园_首页
H
Hacker News: Front Page
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
博客园 - 聂微东
SecWiki News
SecWiki News
A
Arctic Wolf
爱范儿
爱范儿
Google Online Security Blog
Google Online Security Blog
T
Threat Research - Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
Cyberwarzone
Cyberwarzone
博客园 - 叶小钗
V
Visual Studio Blog
V
V2EX
T
Tailwind CSS Blog
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
MongoDB | Blog
MongoDB | Blog
D
Docker

Just lepture

我用 AI 造新語 丟失的表達欲 註冊郵箱攻擊 個人域名郵箱免費方案 Markdown on ruby markup Display country flags emoji on Windows 週記,垂死病中驚坐起 程序員與文學衝突 Fireside 遷移記 Typlog 三週年 How to style RSS feed 談談獨立播客 貓與網絡暴力 那霸的夜 Authlib Under BSD License PyCon JP 2018 記 摩登 OAuth 2.0:簡介 夜思 Structure of a Flask Project 三藩記 佐渡與阿賀町記 週記,九月末 前端的基礎修養:ARIA Live Regions 週記,九月三週
Announcement of Authlib
2018-01-08 · via Just lepture

It has been 4 years since I posted Create an OAuth Server. Flask-OAuthlib has been shining in the Flask community, but it's time to say goodbye. Authlib is going to replace Flask-OAuthlib.

Authlib contains everything you need to create OAuth clients and servers. It contains:

  • python-requests OAuth1Session and OAuth2Session
  • Flask OAuth clients integrations
  • Django OAuth clients integrations
  • Flask OAuth servers implementations
  • Django OAuth servers implementations (not ready)
  • OpenID and many other things

Documentation & Playground

No, there will be no guide on how to create an OAuth server in this post. It is hard to keep information updated in a single blog post. Instead, I've deployed a real OAuth server online so that everyone can play with.

To get a better understanding, you can read the official documentation and the source code of Authlib playground:

  1. Official Documentation: https://docs.authlib.org/
  2. Source Code of Authlib: https://github.com/lepture/authlib
  3. Online Playground: https://play.authlib.org/
  4. Source Code of Playground: https://github.com/authlib/playground
Authlib Playground Screenshot

Starting from Scratch

I have several reasons to deprecate Flask-OAuthlib. But the main reason is that Flask-OAuthlib is not maintained well. And it seems things will not go well in the future. Flask-OAuthlib depends on OAuthLib which I believe is in a chaotic maintenance (although I am a maintainer too). Besides, there are many designs I don't like.

I created Authlib from scratch - from specification implementation to framework integrations. I didn't understand OAuth well enough when writing Flask-OAuthlib. However, this time, I read every RFC carefully so that there will be less misunderstanding (I'm not a native English speaker). The experience in OAuthLib helps too.

Being Monolithic

I started Authlib with a monolithic design in mind. As I've said "it is designed from specification implementation to framework integrations". Being monolithic is a feature of Authlib. I've always hated the micro modules in Node ecosystem, there are even lots of one line code modules in npm.

Being monolithic means it won't break things. When specifications changed, implementation will change too. It keeps everything synchronized. You don’t have to worry about monolithic, it doesn’t cost your memory. If you don’t import a module, it won’t be loaded.

Will it always be monolithic? It depends. As time goes and Authlib becomes mature, maybe I will separate the framework integrations from Authlib source code.

Profitable = Sustainable

Flask-OAuthlib is not sustainable. I can't spare too much time on it. That's why I created Authlib with a sustainable idea from the beginning. I hope the project will last long enough.

Profitable equals sustainable. If I can make a living on Authlib, I can spare more time on it, keeping it updated, fixing bugs, resolving vulnerable securities. OAuth server implementation is an enterprise level problem, if you are running a company, you wouldn't like to use a non-sustainable module for such an important feature. What you need is a sustainable solution.

The price model for Authlib is simple yet affordable. It is $1000/year (or $500/year if your company is small), it is just 1/10 of one month salary for one year. However, if you don't care, you can always use the open source license.

Road Map

I've released Authlib v0.3 when writing this post. It is started from Oct 21, 2017:

  1. Common client and Flask client integration is available in v0.1
  2. Django client integration is available in v0.2
  3. Flask OAuth 2 server is available in v0.3

Flask comes first, Django comes second.

The next implementation will be Flask OAuth 1 server. After that, there will be Django OAuth servers, and more OAuth 2 specification implementation. I wish I can make a version 1.0 in the end of this year.


Now, head over to the documentation and play with Authlib.