OAuth2/OIDC login for Arvel — Google, GitHub, Microsoft, Apple, and generic OIDC.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mrekiba from gravatar.com mrekiba

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Arvel contributors
  • Tags arvel , authentication , oauth , oauth2 , oidc , sso
  • Requires: Python >=3.14
Classifiers
Report project as malware

Project description

arvel-oauth

PyPI MIT License

OAuth2 / OIDC social login for Arvel — Google, GitHub, Microsoft, Apple, and any generic OIDC issuer.

Status: Pre-alpha — v0.3.0.

Documentation: https://arvel.dev/packages/oauth

What it does

  • Runs the authorization-code flow with PKCE (S256) and a signed state cookie.
  • Links the external identity to your existing User model through an installable migration.
  • Issues a JWT session via the framework's AuthService after a successful exchange.
  • Encrypts provider tokens at rest (AES-256-GCM, keyed from APP_KEY).

Install

uv add "arvel[oauth]"
# or: pip install arvel-oauth

Register the provider in bootstrap/providers.py:

from arvel_oauth import OAuthServiceProvider

providers = [
    # ...other providers...
    OAuthServiceProvider,
]

Publish the migration and run it:

arvel vendor:publish --tag=arvel-oauth   # or: arvel oauth:install
arvel migrate

OAuthServiceProvider binds OAuthConfig and OAuthManager as singletons and ships the oauth_accounts table migration.

Supported providers

Name Class Notes
google GoogleProvider OIDC userinfo; requests offline access
github GitHubProvider Not OIDC; PKCE follows OAUTH_USE_PKCE (default on)
microsoft MicrosoftProvider Entra ID; tenant from OAUTH_MICROSOFT_TENANT
apple AppleProvider JWT client secret; identity from the verified id_token
oidc OIDCProvider Generic; discovers config from the issuer's .well-known endpoint

Configure

OAuthConfig reads OAUTH_* environment variables. Set the credentials for the providers you use:

OAUTH_GOOGLE_CLIENT_ID=...
OAUTH_GOOGLE_CLIENT_SECRET=...
OAUTH_GOOGLE_REDIRECT_URI=https://app.example.com/auth/google/callback

# Shared flow settings (defaults shown)
OAUTH_USE_PKCE=true
OAUTH_SUCCESS_REDIRECT_URL=/
OAUTH_ERROR_REDIRECT_URL=/login

A provider counts as "configured" once its credentials are present — client id + secret for Google / GitHub / Microsoft, client id + private key for Apple, and issuer URL + client id for OIDC.

Mounting the routes

The package does not auto-mount routes. Build a controller and register the redirect + callback endpoints yourself:

from arvel_oauth.http import OAuthController, register_oauth_routes

controller = OAuthController(manager=manager, config=config, auth=auth_service)
register_oauth_routes(router, controller)

See the full guide for the controller wiring and the complete HTTP flow.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mrekiba from gravatar.com mrekiba

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Arvel contributors
  • Tags arvel , authentication , oauth , oauth2 , oidc , sso
  • Requires: Python >=3.14
Classifiers

Release history Release notifications | RSS feed

0.6.3

0.6.2

0.6.1

0.6.0

0.5.1

This version

0.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

arvel_oauth-0.5.0.tar.gz (21.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

arvel_oauth-0.5.0-py3-none-any.whl (25.0 kB view details)

Uploaded Python 3

File details

Details for the file arvel_oauth-0.5.0.tar.gz.

File metadata

  • Download URL: arvel_oauth-0.5.0.tar.gz
  • Upload date:
  • Size: 21.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for arvel_oauth-0.5.0.tar.gz
Algorithm Hash digest
SHA256 b93481011e6a62fc36a9fd9fa188792dd66e318755a33009af1b452381ec8924
MD5 69b1f96c5c431c8d89af8a5f35761e20
BLAKE2b-256 ef47016a39aac91c749b090c431578d0b433e39615fb75a21a3a25470691ab5c

See more details on using hashes here.

Provenance

The following attestation bundles were made for arvel_oauth-0.5.0.tar.gz:

Publisher: publish.yml on mohamed-rekiba/arvel

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file arvel_oauth-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: arvel_oauth-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 25.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for arvel_oauth-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3e1a728e99d03f0223ffa490dea2390e216caa1378b38605f8aa39ff0ad719b1
MD5 a38b8407d2e93d6f82c445f6a04e3265
BLAKE2b-256 75845cdc52cb97f48a5f7555451a71256ac02cb634eaaf8d555647ef322f9da7

See more details on using hashes here.

Provenance

The following attestation bundles were made for arvel_oauth-0.5.0-py3-none-any.whl:

Publisher: publish.yml on mohamed-rekiba/arvel

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page