OAuth 2.0 Client Library

raw JSON →
4.1.3 verified Tue May 12 auth: no python install: verified deprecated

oauth2client is a Python library designed for interacting with OAuth 2.0 protected resources, primarily for Google APIs. As of version 4.1.0, the library is officially deprecated, with no new features planned and limited support. Users are strongly advised to migrate to `google-auth` and `oauthlib` for modern and actively maintained OAuth 2.0 client functionality. The current version is 4.1.3.

pip install oauth2client

Common errors

error ModuleNotFoundError: No module named 'oauth2client'
cause The 'oauth2client' library is not installed in the Python environment, or the Python interpreter being used does not have access to the installed package.
fix
Install the library using pip: pip install oauth2client or pip3 install oauth2client if using Python 3 specifically. For Google App Engine, vendoring the library might be necessary.
error invalid_grant
cause This generic OAuth2 error typically occurs during the token exchange process when the authorization grant (e.g., authorization code or refresh token) is invalid, expired, revoked, or has been used already. Common reasons include expired authorization codes, reusing a one-time authorization code, or a revoked refresh token.
fix
Re-authenticate the user to obtain a new authorization code and refresh token. Ensure authorization codes are exchanged for tokens immediately upon receipt and not reused. Check if the refresh token has been revoked or expired. For service accounts, verify the credentials are correct and not compromised.
error oauth2client.clientsecrets.InvalidClientSecretsError: File not found: "client_secrets.json"
cause The application cannot locate the `client_secrets.json` file, which contains the OAuth 2.0 client credentials. This usually means the file is missing, misspelled, or not in the expected directory.
fix
Ensure the client_secrets.json file is present in the same directory as your script, or provide the correct absolute or relative path to the file when loading credentials. Verify that the file is correctly named and not corrupted.
error oauth2client is now deprecated. No more features will be added to the libraries and the core team is turning down support. We recommend you use google-auth and oauthlib.
cause This is a deprecation warning indicating that the `oauth2client` library is no longer actively maintained or developed. While it might still function, Google recommends migrating to `google-auth` and `oauthlib` for future compatibility, security, and features.
fix
Migrate your authentication code to use the google-auth library (and oauthlib where appropriate). This involves updating imports and authentication flow logic, for example, replacing oauth2client.service_account.ServiceAccountCredentials with google.oauth2.service_account.Credentials.from_service_account_file().

Warnings

breaking The `oauth2client` library is officially deprecated as of v4.1.0. No new features will be added, and support is winding down. Continued use is discouraged.
fix Migrate your application to use `google-auth` for Google-specific authentication and `oauthlib` for general OAuth 2.0 client needs.
breaking Version 4.0.0 dropped support for Python 2.6 and 3.3. It also removed the `oauth2client.contrib.multistore_file` module.
fix Ensure your environment uses Python 2.7 or 3.4+. If you were using `multistore_file`, refactor your code to use `oauth2client.contrib.multiprocess_storage` or implement custom storage.
breaking Changes in `oauth2client.contrib.django_util` and `oauth2client.contrib.django_orm` in v2.2.0 broke compatibility with Django versions below 1.8.
fix If using `oauth2client` with Django, ensure your Django project is running version 1.8 or higher.
gotcha The library is tightly coupled with `httplib2`, which has faced periods of limited maintenance. This dependency may introduce security vulnerabilities or compatibility issues with modern HTTP practices.
fix Prefer modern OAuth libraries (like `google-auth` or `oauthlib`) that use actively maintained HTTP clients (e.g., `requests`, `httpx`).
gotcha The OAuth 2.0 Implicit Flow, which `oauth2client` may facilitate, is now considered deprecated due to inherent security vulnerabilities (e.g., token exposure in URLs, no refresh token support).
fix If your application uses the Implicit Flow, migrate to the more secure Authorization Code Flow with PKCE (Proof Key for Code Exchange).
gotcha The `oauth2client` library requires `OAUTH2CLIENT_CLIENT_ID` and `OAUTH2CLIENT_CLIENT_SECRET` (or similar client credentials) to be set as environment variables or configured in the code for authentication and authorization flows to function.
fix Before attempting to use `oauth2client` for any authentication flows, ensure that the necessary client ID and client secret are provided to the application, typically via environment variables or configuration files.

Install compatibility verified last tested: 2026-05-12

python os / libc status wheel install import disk
3.10 alpine (musl) wheel - 0.47s 22.9M
3.10 alpine (musl) - - 0.50s 22.9M
3.10 slim (glibc) wheel 2.0s 0.37s 23M
3.10 slim (glibc) - - 0.37s 23M
3.11 alpine (musl) wheel - 0.64s 25.8M
3.11 alpine (musl) - - 0.69s 25.8M
3.11 slim (glibc) wheel 2.1s 0.54s 26M
3.11 slim (glibc) - - 0.53s 26M
3.12 alpine (musl) wheel - 0.58s 17.5M
3.12 alpine (musl) - - 0.64s 17.5M
3.12 slim (glibc) wheel 2.0s 0.56s 18M
3.12 slim (glibc) - - 0.61s 18M
3.13 alpine (musl) wheel - 0.54s 17.2M
3.13 alpine (musl) - - 0.59s 17.1M
3.13 slim (glibc) wheel 2.0s 0.55s 18M
3.13 slim (glibc) - - 0.59s 18M
3.9 alpine (musl) wheel - 0.44s 22.4M
3.9 alpine (musl) - - 0.45s 22.4M
3.9 slim (glibc) wheel 2.4s 0.37s 23M
3.9 slim (glibc) - - 0.38s 23M

Imports

Quickstart last tested: 2026-04-24

This quickstart demonstrates a basic OAuth 2.0 web server flow using `oauth2client.client.OAuth2WebServerFlow` and `oauth2client.tools.run_flow` to obtain user credentials. The `run_flow` utility is suitable for local development as it opens a browser for user interaction. In a production web application, the authorization redirect and code exchange steps would be handled explicitly. Credentials are saved to a local JSON file using `oauth2client.file.Storage` for simplicity.

import os
import httplib2 # oauth2client relies heavily on httplib2
from oauth2client.client import OAuth2WebServerFlow
from oauth2client.tools import run_flow
from oauth2client.file import Storage

# NOTE: This library is deprecated. Consider migrating to google-auth and oauthlib.

# These values would typically come from your Google API Console project.
# For a quickstart, we use environment variables for demonstration.
CLIENT_ID = os.environ.get('OAUTH2CLIENT_CLIENT_ID', 'YOUR_CLIENT_ID')
CLIENT_SECRET = os.environ.get('OAUTH2CLIENT_CLIENT_SECRET', 'YOUR_CLIENT_SECRET')
REDIRECT_URI = 'http://localhost:8080/oauth2callback' # Must match a registered redirect URI in your Google project

def main():
    if CLIENT_ID == 'YOUR_CLIENT_ID' or CLIENT_SECRET == 'YOUR_CLIENT_SECRET':
        print("Please set OAUTH2CLIENT_CLIENT_ID and OAUTH2CLIENT_CLIENT_SECRET environment variables,")
        print("or replace 'YOUR_CLIENT_ID' and 'YOUR_CLIENT_SECRET' in the code.")
        return

    # 1. Create a flow object for a web server application
    flow = OAuth2WebServerFlow(
        client_id=CLIENT_ID,
        client_secret=CLIENT_SECRET,
        scope='https://www.googleapis.com/auth/userinfo.email',
        redirect_uri=REDIRECT_URI
    )

    # 2. Authorize the user
    # The `run_flow` function is typically used for local development and
    # will open a browser window for user authentication.
    # In a production web application, you would manage the redirects and
    # authorization code exchange manually.
    try:
        http = httplib2.Http()
        # Simple file storage for credentials; in production, use a secure database.
        storage = Storage('oauth2client_creds.json')
        
        print(f"Attempting to authorize. Please check your browser or navigate to: {flow.step1_get_authorize_url()}")
        credentials = run_flow(flow, storage, http=http)

        print(f"\nAuthorization successful!")
        print(f"Access Token: {credentials.access_token[:10]}...{credentials.access_token[-10:]}")
        if credentials.refresh_token:
            print(f"Refresh Token: {credentials.refresh_token[:10]}...{credentials.refresh_token[-10:]}")
        else:
            print("No Refresh Token (may be due to scope or one-time access).")
        print(f"Credentials saved to: {storage.filename}")
        
    except Exception as e:
        print(f"\nAn error occurred during OAuth2 flow: {e}")
        print("Ensure your client ID, client secret, and redirect URI are correctly configured and match your Google project.")
        print("Also, ensure 'oauth2client_creds.json' is writable or doesn't exist.")
        
if __name__ == '__main__':
    main()
last verified Tue May 12
next check Sat Jun 27