{"id":13421578,"url":"https://github.com/authomatic/authomatic","last_synced_at":"2026-04-05T17:40:50.196Z","repository":{"id":6825791,"uuid":"8073983","full_name":"authomatic/authomatic","owner":"authomatic","description":"Simple yet powerful authorization / authentication client library for Python web applications.","archived":false,"fork":false,"pushed_at":"2025-12-12T08:28:51.000Z","size":7121,"stargazers_count":1047,"open_issues_count":49,"forks_count":389,"subscribers_count":32,"default_branch":"master","last_synced_at":"2025-12-13T19:09:20.414Z","etag":null,"topics":["authentication","authorization","oauth-client","oauth2-client","openid-client","python"],"latest_commit_sha":null,"homepage":"https://authomatic.github.io/authomatic","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authomatic.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGES.rst","contributing":"CONTRIBUTING.rst","funding":"FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["gnuamua","jensens"]}},"created_at":"2013-02-07T14:13:35.000Z","updated_at":"2025-12-12T08:28:55.000Z","dependencies_parsed_at":"2024-11-07T11:29:47.457Z","dependency_job_id":"9bb3c23d-fa36-41e1-8b9c-aaf5d71a2e09","html_url":"https://github.com/authomatic/authomatic","commit_stats":{"total_commits":1049,"total_committers":46,"mean_commits":"22.804347826086957","dds":0.219256434699714,"last_synced_commit":"676382221a3818c4ccaea9f359e1dd4e2df25839"},"previous_names":["peterhudec/authomatic"],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/authomatic/authomatic","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authomatic%2Fauthomatic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authomatic%2Fauthomatic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authomatic%2Fauthomatic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authomatic%2Fauthomatic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authomatic","download_url":"https://codeload.github.com/authomatic/authomatic/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authomatic%2Fauthomatic/sbom","scorecard":{"id":217074,"data":{"date":"2025-08-11","repo":{"name":"github.com/authomatic/authomatic","commit":"32d2e2519aad0858ecdb4118064ec20057b5fae1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Maintained","score":6,"reason":"8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":2,"reason":"Found 3/11 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/authomatic/authomatic/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/authomatic/authomatic/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/authomatic/authomatic/main.yml/master?enable=pin","Warn: pipCommand not pinned by hash: bootstrap.sh:7","Warn: pipCommand not pinned by hash: build_docs.sh:2","Warn: pipCommand not pinned by hash: travis/before_deploy.sh:11","Warn: pipCommand not pinned by hash: travis/before_deploy.sh:19","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:47","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:56","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   7 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/main.yml:16"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2018-66 / GHSA-562c-5r94-xh97","Warn: Project is vulnerable to: PYSEC-2019-179 / GHSA-5wv5-4vpf-pj6m","Warn: Project is vulnerable to: PYSEC-2023-62 / GHSA-m2qf-hxjv-5gpq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T01:51:13.592Z","repository_id":6825791,"created_at":"2025-08-17T01:51:13.592Z","updated_at":"2025-08-17T01:51:13.592Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27781556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-17T02:00:08.291Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","oauth-client","oauth2-client","openid-client","python"],"created_at":"2024-07-30T23:00:25.531Z","updated_at":"2025-12-17T10:09:53.261Z","avatar_url":"https://github.com/authomatic.png","language":"Python","readme":".. |gae| replace:: Google App Engine\n.. _gae: https://developers.google.com/appengine/\n\n.. |webapp2| replace:: Webapp2\n.. _webapp2: http://webapp-improved.appspot.com/\n\n.. |oauth2| replace:: OAuth 2.0\n.. _oauth2: http://oauth.net/2/\n\n.. |oauth1| replace:: OAuth 1.0a\n.. _oauth1: http://oauth.net/core/1.0a/\n\n.. |openid| replace:: OpenID\n.. _openid: http://openid.net/\n\n.. |pyopenid| replace:: python-openid\n.. _pyopenid: http://pypi.python.org/pypi/python-openid/\n\n==========\nAuthomatic\n==========\n\n Google Summer of Code 2025:\n  - Contributor: Andrew Himelstieb\n  - Mentor: Jens Klein\n  - This package was included in the GSOC '25 program with the Plone Foundation. This 2.0 release was a major aspect to the project.\n\nThis 2.0 Release contains major breaking changes that will be incorperated into the official changelog soon.\nThese changes include the following: \n  - Removed Travis CI \n  - Removed Python Support for version \u003c Python 3.10\n  - Removed Support for Deprecated OAuth1 authentication Flow \n   - Includes all OAuth1 Provders:\n    - Bitbucket\n    - Flickr\n    - Meetup\n    - Plurk\n    - Twitter\n    - Tumblr\n    - UbuntuOne\n    - Vimeo\n    - Xero\n    - Xing\n    - Yahoo\n   - Removed OpenID support\n   - The following Providers were updated to OAuth2 Authenication FLow and classes added to OAuth2.py:\n    - Bitbucket\n    - Twitter/x\n    - Tumblr\n    - Vimeo\n    - Yahoo\n  - New Functional Tests were created using pytest-httpx to mock the authentication flow in a ping-pong fashion for:\n   - Google\n   - Github\n   - Facebook\n   - Twitter/x\n   - Amazon\n\n**Authomatic**\nis a **framework agnostic** library\nfor **Python** web applications\nwith a **minimalistic** but **powerful** interface\nwhich simplifies **authentication** of users\nby third party providers like **Facebook** or **Twitter**\nthrough standards like **OAuth** and **OpenID**.\n\nFor more info visit the project page at http://authomatic.github.io/authomatic.\n\nMaintainers\n===========\n\n**Authomatic** was migrated from a private project of Peter Hudec to a community-managed project.\nMany thanks to Peter Hudec for all his hard work for creating and maintaining **authomatic**!\nWe are now a small team of volunteers, not paid for the work here.\nAny help is appreciated!\n\n\nFeatures\n========\n\n* Loosely coupled.\n* Tiny but powerful interface.\n* The |pyopenid|_ library is the only **optional** dependency.\n* **Framework agnostic** thanks to adapters.\n  Out of the box support for **Django**, **Flask**, **Pyramid** and **Webapp2**.\n* Ready to accommodate future authorization/authentication protocols.\n* Makes provider API calls a breeze.\n* Asynchronous requests.\n* JavaScript library as a bonus.\n* Out of the box support for:\n\n  * |oauth1|_ providers: **Bitbucket**, **Flickr**, **Meetup**, **Plurk**,\n    **Twitter**, **Tumblr**, **UbuntuOne**, **Vimeo**, **Xero**, **Xing** and **Yahoo**.\n  * |oauth2|_ providers: **Amazon**, **Behance**, **Bitly**, **Cosm**,\n    **DeviantART**, **Eventbrite**, **Facebook**, **Foursquare**,\n    **GitHub**, **Google**, **LinkedIn**, **PayPal**, **Reddit**,\n    **Viadeo**, **VK**, **WindowsLive**, **Yammer** and **Yandex**.\n  * |pyopenid|_ and |gae|_ based |openid|_.\n\nLicense\n=======\n\nThe package is licensed under\n`MIT license \u003chttp://en.wikipedia.org/wiki/MIT_License\u003e`__.\n\nRequirements\n============\n\nRequires **Python 3.4** or newer.\n**Python 3.x** support added in **Authomatic 0.0.11** thanks to Emmanuel Leblond \u003chttps://github.com/touilleMan\u003e`__.\n\nLive Demo\n=========\n\nThere is a |gae| based live demo app running at\nhttp://authomatic-example.appspot.com which makes use of most of the features.\n\nContribute\n==========\n\nContributions of any kind are very welcome.\nIf you want to contribute, please read the\n`Development Guide \u003chttp://authomatic.github.io/authomatic/development.html\u003e`__\nfirst. The project is hosted on\n`GitHub \u003chttps://github.com/authomatic/authomatic\u003e`__.\n\nUsage\n=====\n\nRead the exhaustive documentation at http://authomatic.github.io/authomatic.\n\nChangelog\n=========\n\nThe `Changelog is part of the documentation \u003chttps://authomatic.github.io/authomatic/changelog.html\u003e`_.\n\n","funding_links":["https://github.com/sponsors/gnuamua","https://github.com/sponsors/jensens"],"categories":["Authentication","Python","Authorization","Third-Party Extensions","Authorization \u0026 Authentication","`Authentication Development`","Awesome Python"],"sub_categories":["\u003ca name=\"authN-python\"\u003e\u003c/a\u003ePython","Auth","Authentication"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthomatic%2Fauthomatic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauthomatic%2Fauthomatic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthomatic%2Fauthomatic/lists"}