I just got flask-oauthlib working in a website I'm building. However, I noticed that the front page of the project has a warning to use authlib instead.
If you use flask-oauthlib in production are you planning to migrate to authlib? Is anyone aware of a simple project repo where this migration has been done? I'd very much appreciate glancing at something.
flask-oauthlib page, note the warning:
https://flask-oauthlib.readthedocs.io/en/latest/
Answering your question at first:
- This project has migrated from Flask-OAuthlib to Authlib: https://github.com/opendatateam/udata/pull/1434
- And then upgrade to Authlib v0.6: https://github.com/opendatateam/udata/pull/1572
But it would be easier to check the example at https://github.com/authlib/example-oauth2-server
I'm the author of Flask-OAuthlib and Authlib. Here is the differences:
- Flask-OAuthlib is developed a long time ago, it depends on oauthlib. I now have a better understanding of OAuth than that time.
- Authlib contains the implementation from low level RFC to high level framework integrations. It is more correct. And the RFC implementation works with framework integrations better.
- Flask-OAuthlib is licensed under BSD, but Authlib is licensed under AGPL. If license is a problem, and you don't want to buy a commercial license, you should choose Flask-OAuthlib.
- Authlib offers commercial support and license. If you are a company, it is better to use Authlib, since it is better designed, it has security mail list. There will be more features in commercial plans.