OAuth2/OIDC login for Arvel — Google, GitHub, Microsoft, Apple, and generic OIDC.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mrekiba from gravatar.com mrekiba

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Arvel contributors
  • Tags arvel , authentication , oauth , oauth2 , oidc , sso
  • Requires: Python >=3.14
Classifiers
Report project as malware

Project description

arvel-oauth

PyPI MIT License

OAuth2 / OIDC social login for Arvel — Google, GitHub, Microsoft, Apple, and any generic OIDC issuer.

Status: Pre-alpha.

Documentation: https://arvel.dev/packages/oauth

What it does

  • Runs the authorization-code flow with PKCE (S256) and a signed state cookie.
  • Links the external identity to your existing User model through an installable migration.
  • Issues a JWT session via the framework's AuthService after a successful exchange.
  • Encrypts provider tokens at rest (AES-256-GCM, keyed from APP_KEY).

Install

uv add "arvel[oauth]"
# or: pip install arvel-oauth

Register the provider in bootstrap/providers.py:

from arvel_oauth import OAuthServiceProvider

providers = [
    # ...other providers...
    OAuthServiceProvider,
]

Publish the migration and run it:

arvel vendor:publish --tag=arvel-oauth   # or: arvel oauth:install
arvel migrate

OAuthServiceProvider binds OAuthConfig and OAuthManager as singletons and ships the oauth_accounts table migration.

Supported providers

Name Class Notes
google GoogleProvider OIDC userinfo; requests offline access
github GitHubProvider Not OIDC; PKCE follows OAUTH_USE_PKCE (default on)
microsoft MicrosoftProvider Entra ID; tenant from OAUTH_MICROSOFT_TENANT
apple AppleProvider JWT client secret; identity from the verified id_token
oidc OIDCProvider Generic; discovers config from the issuer's .well-known endpoint

Configure

OAuthConfig reads OAUTH_* environment variables. Set the credentials for the providers you use:

OAUTH_GOOGLE_CLIENT_ID=...
OAUTH_GOOGLE_CLIENT_SECRET=...
OAUTH_GOOGLE_REDIRECT_URI=https://app.example.com/auth/google/callback

# Shared flow settings (defaults shown)
OAUTH_USE_PKCE=true
OAUTH_SUCCESS_REDIRECT_URL=/
OAUTH_ERROR_REDIRECT_URL=/login

A provider counts as "configured" once its credentials are present — client id + secret for Google / GitHub / Microsoft, client id + private key for Apple, and issuer URL + client id for OIDC.

Mounting the routes

The package does not auto-mount routes. Build a controller and register the redirect + callback endpoints yourself:

from arvel_oauth.http import OAuthController, register_oauth_routes

controller = OAuthController(manager=manager, config=config, auth=auth_service)
register_oauth_routes(router, controller)

See the full guide for the controller wiring and the complete HTTP flow.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mrekiba from gravatar.com mrekiba

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Arvel contributors
  • Tags arvel , authentication , oauth , oauth2 , oidc , sso
  • Requires: Python >=3.14
Classifiers

Release history Release notifications | RSS feed

0.6.3

This version

0.6.2

0.6.1

0.6.0

0.5.1

0.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

arvel_oauth-0.6.2.tar.gz (22.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

arvel_oauth-0.6.2-py3-none-any.whl (25.0 kB view details)

Uploaded Python 3

File details

Details for the file arvel_oauth-0.6.2.tar.gz.

File metadata

  • Download URL: arvel_oauth-0.6.2.tar.gz
  • Upload date:
  • Size: 22.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for arvel_oauth-0.6.2.tar.gz
Algorithm Hash digest
SHA256 6f59fb1b4d33367f111ca829bc41a82dfec113cd7337ff40fb4dbdaaf6473327
MD5 3761c26de35fb493756e05e4b6b12dfa
BLAKE2b-256 bf82b5c418a830083a323c121c51611ed58d8473dfb34003b8c4bc9855dd923b

See more details on using hashes here.

Provenance

The following attestation bundles were made for arvel_oauth-0.6.2.tar.gz:

Publisher: publish.yml on mohamed-rekiba/arvel

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file arvel_oauth-0.6.2-py3-none-any.whl.

File metadata

  • Download URL: arvel_oauth-0.6.2-py3-none-any.whl
  • Upload date:
  • Size: 25.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for arvel_oauth-0.6.2-py3-none-any.whl
Algorithm Hash digest
SHA256 8796e8da8b06b3a5984d4d1c2840988530f78bf8266be54ad845796417febf94
MD5 a5911f8b3412a67fccf647813685c1f8
BLAKE2b-256 3100062a97fe81e3984ea1c5a7be71dfbf706a479141cc23419ad5fdd4280875

See more details on using hashes here.

Provenance

The following attestation bundles were made for arvel_oauth-0.6.2-py3-none-any.whl:

Publisher: publish.yml on mohamed-rekiba/arvel

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page