Authorization Server

An Authorization Server is the component that authenticates users and issues access tokens to clients. Build this when you want to run your own OAuth 2.0 or OpenID Connect provider.

Not sure this is the right role? See Concepts for an overview of all OAuth 2.0 roles.

Looking for the Resource Server (protecting an API)? Or the Client (consuming an OAuth provider)?

Understand

Before implementing, read the concept guides:

• Concepts — OAuth 2.0 roles, flows, and grant types

How-to

OAuth 2.0

• Flask Integration
  • Authorization Server
  • Register Grants
  • Token Endpoints
  • Flask OIDC Provider
  • Reference
• Django Integration
  • Authorization Server
  • Register Grants
  • Token Endpoints
  • Django OIDC Provider
  • Reference

Reference

Relevant specifications:

• RFC6749: The OAuth 2.0 Authorization Framework — The OAuth 2.0 Authorization Framework

• RFC7636: Proof Key for Code Exchange by OAuth Public Clients — PKCE

• RFC7591: OAuth 2.0 Dynamic Client Registration Protocol — Dynamic Client Registration

• RFC8414: OAuth 2.0 Authorization Server Metadata — Authorization Server Metadata

• OpenID Connect 1.0 — OpenID Connect Core