OAuth2/OIDC login for Arvel — Google, GitHub, Microsoft, Apple, and generic OIDC.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
arvel-oauth
OAuth2 / OIDC social login for Arvel — Google, GitHub, Microsoft, Apple, and any generic OIDC issuer.
Status: Pre-alpha.
Documentation: https://arvel.dev/packages/oauth
What it does
- Runs the authorization-code flow with PKCE (
S256) and a signed state cookie. - Links the external identity to your existing
Usermodel through an installable migration. - Issues a JWT session via the framework's
AuthServiceafter a successful exchange. - Encrypts provider tokens at rest (AES-256-GCM, keyed from
APP_KEY).
Install
uv add "arvel[oauth]"
# or: pip install arvel-oauth
Register the provider in bootstrap/providers.py:
from arvel_oauth import OAuthServiceProvider
providers = [
# ...other providers...
OAuthServiceProvider,
]
Publish the migration and run it:
arvel vendor:publish --tag=arvel-oauth # or: arvel oauth:install
arvel migrate
OAuthServiceProvider binds OAuthConfig and OAuthManager as singletons and ships the
oauth_accounts table migration.
Supported providers
| Name | Class | Notes |
|---|---|---|
google |
GoogleProvider |
OIDC userinfo; requests offline access |
github |
GitHubProvider |
Not OIDC; PKCE follows OAUTH_USE_PKCE (default on) |
microsoft |
MicrosoftProvider |
Entra ID; tenant from OAUTH_MICROSOFT_TENANT |
apple |
AppleProvider |
JWT client secret; identity from the verified id_token |
oidc |
OIDCProvider |
Generic; discovers config from the issuer's .well-known endpoint |
Configure
OAuthConfig reads OAUTH_* environment variables. Set the credentials for the providers you use:
OAUTH_GOOGLE_CLIENT_ID=...
OAUTH_GOOGLE_CLIENT_SECRET=...
OAUTH_GOOGLE_REDIRECT_URI=https://app.example.com/auth/google/callback
# Shared flow settings (defaults shown)
OAUTH_USE_PKCE=true
OAUTH_SUCCESS_REDIRECT_URL=/
OAUTH_ERROR_REDIRECT_URL=/login
A provider counts as "configured" once its credentials are present — client id + secret for Google / GitHub / Microsoft, client id + private key for Apple, and issuer URL + client id for OIDC.
Mounting the routes
The package does not auto-mount routes. Build a controller and register the redirect + callback endpoints yourself:
from arvel_oauth.http import OAuthController, register_oauth_routes
controller = OAuthController(manager=manager, config=config, auth=auth_service)
register_oauth_routes(router, controller)
See the full guide for the controller wiring and the complete HTTP flow.
License
MIT — see LICENSE.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file arvel_oauth-0.6.0.tar.gz.
File metadata
- Download URL: arvel_oauth-0.6.0.tar.gz
- Upload date:
- Size: 22.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a84c81030d7cfcec9a9ad2e15bb001d68243bcd174aff6dbaa774bb4cc532c60
|
|
| MD5 |
f284a3b08d99a7ef3d0b5b2f51258d10
|
|
| BLAKE2b-256 |
d910cb760ea144d0d818cf13ae1f3e547b0fc335af2a2c3799738fe45d2a1852
|
Provenance
The following attestation bundles were made for arvel_oauth-0.6.0.tar.gz:
Publisher:
publish.yml on mohamed-rekiba/arvel
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
arvel_oauth-0.6.0.tar.gz -
Subject digest:
a84c81030d7cfcec9a9ad2e15bb001d68243bcd174aff6dbaa774bb4cc532c60 - Sigstore transparency entry: 1695791467
- Sigstore integration time:
-
Permalink:
mohamed-rekiba/arvel@30bab9ac12549cabcb11640d04935a3f2be313a0 -
Branch / Tag:
refs/tags/arvel-oauth-v0.6.0 - Owner: https://github.com/mohamed-rekiba
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@30bab9ac12549cabcb11640d04935a3f2be313a0 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file arvel_oauth-0.6.0-py3-none-any.whl.
File metadata
- Download URL: arvel_oauth-0.6.0-py3-none-any.whl
- Upload date:
- Size: 25.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b8e5ade6495e6abb70e079624a72787c562c3dcbebb72a49c3f1c6b375cb6b58
|
|
| MD5 |
b4cf172e217d148edaa8f984171a3647
|
|
| BLAKE2b-256 |
2224a76d2a5804cf71f22e8128bda9aae00fa4ee36dbe6f41c2b1df07218bb65
|
Provenance
The following attestation bundles were made for arvel_oauth-0.6.0-py3-none-any.whl:
Publisher:
publish.yml on mohamed-rekiba/arvel
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
arvel_oauth-0.6.0-py3-none-any.whl -
Subject digest:
b8e5ade6495e6abb70e079624a72787c562c3dcbebb72a49c3f1c6b375cb6b58 - Sigstore transparency entry: 1695791694
- Sigstore integration time:
-
Permalink:
mohamed-rekiba/arvel@30bab9ac12549cabcb11640d04935a3f2be313a0 -
Branch / Tag:
refs/tags/arvel-oauth-v0.6.0 - Owner: https://github.com/mohamed-rekiba
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@30bab9ac12549cabcb11640d04935a3f2be313a0 -
Trigger Event:
workflow_dispatch
-
Statement type:
