OAuth2/OIDC login for Arvel — Google, GitHub, Microsoft, Apple, and generic OIDC.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mrekiba from gravatar.com mrekiba

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Arvel contributors
  • Tags arvel , authentication , oauth , oauth2 , oidc , sso
  • Requires: Python >=3.14
Classifiers
Report project as malware

Project description

arvel-oauth

PyPI MIT License

OAuth2 / OIDC social login for Arvel — Google, GitHub, Microsoft, Apple, and any generic OIDC issuer.

Status: Pre-alpha.

Documentation: https://arvel.dev/packages/oauth

What it does

  • Runs the authorization-code flow with PKCE (S256) and a signed state cookie.
  • Links the external identity to your existing User model through an installable migration.
  • Issues a JWT session via the framework's AuthService after a successful exchange.
  • Encrypts provider tokens at rest (AES-256-GCM, keyed from APP_KEY).

Install

uv add "arvel[oauth]"
# or: pip install arvel-oauth

Register the provider in bootstrap/providers.py:

from arvel_oauth import OAuthServiceProvider

providers = [
    # ...other providers...
    OAuthServiceProvider,
]

Publish the migration and run it:

arvel vendor:publish --tag=arvel-oauth   # or: arvel oauth:install
arvel migrate

OAuthServiceProvider binds OAuthConfig and OAuthManager as singletons and ships the oauth_accounts table migration.

Supported providers

Name Class Notes
google GoogleProvider OIDC userinfo; requests offline access
github GitHubProvider Not OIDC; PKCE follows OAUTH_USE_PKCE (default on)
microsoft MicrosoftProvider Entra ID; tenant from OAUTH_MICROSOFT_TENANT
apple AppleProvider JWT client secret; identity from the verified id_token
oidc OIDCProvider Generic; discovers config from the issuer's .well-known endpoint

Configure

OAuthConfig reads OAUTH_* environment variables. Set the credentials for the providers you use:

OAUTH_GOOGLE_CLIENT_ID=...
OAUTH_GOOGLE_CLIENT_SECRET=...
OAUTH_GOOGLE_REDIRECT_URI=https://app.example.com/auth/google/callback

# Shared flow settings (defaults shown)
OAUTH_USE_PKCE=true
OAUTH_SUCCESS_REDIRECT_URL=/
OAUTH_ERROR_REDIRECT_URL=/login

A provider counts as "configured" once its credentials are present — client id + secret for Google / GitHub / Microsoft, client id + private key for Apple, and issuer URL + client id for OIDC.

Mounting the routes

The package does not auto-mount routes. Build a controller and register the redirect + callback endpoints yourself:

from arvel_oauth.http import OAuthController, register_oauth_routes

controller = OAuthController(manager=manager, config=config, auth=auth_service)
register_oauth_routes(router, controller)

See the full guide for the controller wiring and the complete HTTP flow.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mrekiba from gravatar.com mrekiba

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Arvel contributors
  • Tags arvel , authentication , oauth , oauth2 , oidc , sso
  • Requires: Python >=3.14
Classifiers

Release history Release notifications | RSS feed

0.6.3

0.6.2

This version

0.6.1

0.6.0

0.5.1

0.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

arvel_oauth-0.6.1.tar.gz (22.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

arvel_oauth-0.6.1-py3-none-any.whl (25.0 kB view details)

Uploaded Python 3

File details

Details for the file arvel_oauth-0.6.1.tar.gz.

File metadata

  • Download URL: arvel_oauth-0.6.1.tar.gz
  • Upload date:
  • Size: 22.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for arvel_oauth-0.6.1.tar.gz
Algorithm Hash digest
SHA256 165dd261125afd1f8c26f4bbec08d30c382f0e6e3023bdc38827a3473b8b6792
MD5 23eb7fbb352feb72669c87656d7caaa2
BLAKE2b-256 bf7a68c8d0fa8cc33e88a56d328be13e3e8e2783390f677561695b0c1aefa538

See more details on using hashes here.

Provenance

The following attestation bundles were made for arvel_oauth-0.6.1.tar.gz:

Publisher: publish.yml on mohamed-rekiba/arvel

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file arvel_oauth-0.6.1-py3-none-any.whl.

File metadata

  • Download URL: arvel_oauth-0.6.1-py3-none-any.whl
  • Upload date:
  • Size: 25.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for arvel_oauth-0.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 aeda64ab07ac90b4806e05ed7eaebb20aaa7e7ea421c5fc261c06196438fb604
MD5 b192b0a6a7355af34fc6e87c754c9ed8
BLAKE2b-256 f06d66b97d751528e6ddd0e9b48f8dcd85ee7aca092c756078ba0ba919f2e3b7

See more details on using hashes here.

Provenance

The following attestation bundles were made for arvel_oauth-0.6.1-py3-none-any.whl:

Publisher: publish.yml on mohamed-rekiba/arvel

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page