django-authlib

0.17.2 verified Mon Apr 27 auth: no python

Authentication utilities for Django, providing reusable views and helpers for OAuth2, SAML, OpenID Connect, and more. Current version 0.17.2, requires Python >=3.9. Released irregularly, maintained by matthiask.

pip install django-authlib

Common errors

error ImportError: cannot import name 'OAuth2Client' from 'authlib.client' ↓

cause The module authlib.client was removed in 0.17. OAuth2Client is now in authlib.oauth2.

fix

from authlib.oauth2 import OAuth2Client

error django.core.exceptions.ImproperlyConfigured: The AUTH_TOKEN_URL setting is required. ↓

cause Missing required settings in Django configuration.

fix

Add AUTH_TOKEN_URL, AUTH_CLIENT_ID, and AUTH_CLIENT_SECRET to your Django settings or environment variables.

error AttributeError: module 'authlib' has no attribute 'views' ↓

cause The package is not installed correctly or a different library named authlib is installed.

fix

Uninstall any other authlib package and install django-authlib: pip uninstall authlib; pip install django-authlib

Warnings

breaking In version 0.17, the OAuth2 client was moved from authlib.client to authlib.oauth2. Old imports will break. ↓

fix Update imports to use authlib.oauth2.OAuth2Client instead of authlib.client.OAuth2Client.

deprecated The SAML support in authlib.saml is deprecated in favor of third-party libraries. ↓

fix Use django-saml2 or python3-saml instead.

gotcha Setting AUTH_TOKEN_URL, AUTH_CLIENT_ID, and AUTH_CLIENT_SECRET in Django settings is mandatory; missing these will cause runtime errors. ↓

fix Ensure these settings are defined in Django settings.py or via environment variables.

gotcha The package does not include migrations; user model must already exist with appropriate fields (e.g., email, username). ↓

fix Create a custom user model or use Django's default auth.User; ensure proper fields are present.

breaking As of 0.16, the callback URL pattern changed from /auth/callback/ to /auth/complete/. Custom templates may break. ↓

fix Update URL references in templates or redirects to use the new path.

Imports

LoginView

wrong

from authlib import LoginView

correct

from authlib.views import LoginView

Views are under authlib.views

OAuth2Client

wrong

from authlib.client import OAuth2Client

correct

from authlib.oauth2 import OAuth2Client

OAuth2 client moved to authlib.oauth2 in 0.17

Quickstart

Minimal setup with login/logout views using environment variables for OAuth2 credentials.

import os
from django.conf import settings
from django.urls import path
from authlib.views import LoginView, LogoutView

# Ensure required settings
if not settings.configured:
    settings.configure(
        DEBUG=True,
        SECRET_KEY='test-secret',
        ROOT_URLCONF=__name__,
        AUTH_USER_MODEL='auth.User',
        AUTH_TOKEN_URL=os.environ.get('AUTH_TOKEN_URL', 'https://provider/token'),
        AUTH_CLIENT_ID=os.environ.get('AUTH_CLIENT_ID', 'client-id'),
        AUTH_CLIENT_SECRET=os.environ.get('AUTH_CLIENT_SECRET', 'secret'),
    )

urlpatterns = [
    path('login/', LoginView.as_view(), name='login'),
    path('logout/', LogoutView.as_view(), name='logout'),
]

if __name__ == '__main__':
    from django.core.management import execute_from_command_line
    execute_from_command_line(['manage.py', 'runserver'])