flaskflask-oauthlibauthlib

Flask-oauthlib or authlib in production?


I just got flask-oauthlib working in a website I'm building. However, I noticed that the front page of the project has a warning to use authlib instead.

If you use flask-oauthlib in production are you planning to migrate to authlib? Is anyone aware of a simple project repo where this migration has been done? I'd very much appreciate glancing at something.

flask-oauthlib page, note the warning:

https://flask-oauthlib.readthedocs.io/en/latest/


Solution

  • Answering your question at first:

    1. This project has migrated from Flask-OAuthlib to Authlib: https://github.com/opendatateam/udata/pull/1434
    2. And then upgrade to Authlib v0.6: https://github.com/opendatateam/udata/pull/1572

    But it would be easier to check the example at https://github.com/authlib/example-oauth2-server


    I'm the author of Flask-OAuthlib and Authlib. Here is the differences:

    1. Flask-OAuthlib is developed a long time ago, it depends on oauthlib. I now have a better understanding of OAuth than that time.
    2. Authlib contains the implementation from low level RFC to high level framework integrations. It is more correct. And the RFC implementation works with framework integrations better.
    3. Flask-OAuthlib is licensed under BSD, but Authlib is licensed under AGPL. If license is a problem, and you don't want to buy a commercial license, you should choose Flask-OAuthlib.
    4. Authlib offers commercial support and license. If you are a company, it is better to use Authlib, since it is better designed, it has security mail list. There will be more features in commercial plans.