social-auth-core
Python social authentication made simple.
Why this rank:Strong adoptionRelease freshnessHealthy release cadence
Description
# Python Social Auth - Core Python Social Auth is an easy to setup social authentication/registration mechanism with support for several frameworks and auth providers. ## Description This is the core component of the python-social-auth ecosystem, it implements the common interface to define new authentication backends to third parties services, implement integrations with web frameworks and storage solutions. ## Documentation Project documentation is available at https://python-social-auth.readthedocs.io/. ## Setup ```shell $ pip install social-auth-core ``` ## Contributing Contributions are welcome! Only the core and Django modules are currently in development. All others are in maintenance only mode, and maintainers are especially welcome there. See the [CONTRIBUTING.md](https://github.com/python-social-auth/.github/blob/main/CONTRIBUTING.md) document for details. ## Versioning This project follows [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html). ## License This project follows the BSD license. See the [LICENSE](LICENSE) for details. ## Donations This project welcomes donations to make the development sustainable, you can fund Python Social Auth on following platforms: - [GitHub Sponsors](https://github.com/sponsors/python-social-auth/) - [Open Collective](https://opencollective.com/python-social-auth)
Release History
| Version | Changes | Urgency | Date |
|---|---|---|---|
| 4.9.1 | ### Changed - GitHub backend now handles scoped email fetching deterministically. ### Fixed - OpenID Connect missing token handling. - Microsoft refresh token and expiry handling. - Partial pipeline handling for Django `QueryDict` values. | High | 4/30/2026 |
| 4.8.7 | ### Added - OpenID Connect backends can now opt in to PKCE support ### Changed - PKCE defaults now match RFC 7636 requirements ### Security - Tightened redirect URL validation - Tightened OAuth state handling for Clever, Eventbrite, GoClio, MailChimp, SurveyMonkey and Untappd backends - SAML authentication now restores saved sessions only after response validation | High | 4/23/2026 |
| 4.8.6 | Imported from PyPI (4.8.6) | Low | 4/21/2026 |
| 4.8.5 | ### Changed - Fixed partial pipeline handling for unauthenticated users ### Donations This project welcomes donations to make the development sustainable. The following platforms are available for funding Python Social Auth: - [GitHub Sponsors](https://github.com/sponsors/python-social-auth/) - [Open Collective](https://opencollective.com/python-social-auth) | Low | 2/10/2026 |
| 4.8.4 | ### Changed - Improved type annotations - Code cleanups - Improved error handling in SAML ### Added - Add Azure AD(Entra ID) federated client assertion support (FIC) ### Donations This project welcomes donations to make the development sustainable. The following platforms are available for funding Python Social Auth: - [GitHub Sponsors](https://github.com/sponsors/python-social-auth/) - [Open Collective](https://opencollective.com/python-social-auth) | Low | 2/10/2026 |
| 4.8.3 | ### Changed - Added registry to configure default strategy ### Donations This project welcomes donations to make the development sustainable. The following platforms are available for funding Python Social Auth: - [GitHub Sponsors](https://github.com/sponsors/python-social-auth/) - [Open Collective](https://opencollective.com/python-social-auth) | Low | 12/18/2025 |
| 4.8.2 | ### Changed - The timeout parameter can be again configured - Refactored HTTP authentication code - Loosened some type checks for better downstream compatibility - `ID_KEY` is now configurable - Improved token expiry validation - Additional OIDC parameters are now supported - Improved refresh token logic - Extended type annotations - String RelayState in SAML is again supported - Better handle OpenID exceptions ### Removed - itembase backend - nk backend - OAuth1 backend for | Low | 12/18/2025 |
| 4.8.1 | ### Changed - Fixed `extra_data()` invocation from `refresh_token()` - Replaced jose with PyJWT in Ping backend - Dropped OAuth1 backend for OpenStreetMap ### Added - OAuth2 URLs can now be overridden in the configuration | Low | 10/9/2025 |
| 4.8.0 | ### Changed - Fixed Gitea backend API authentication headers - Improved `RelayState` and attributes handling in the SAML backend - Missing configured attributes now cause an `AuthMissingParameter` error - Changed domains for VK backend - All API calls now include User-Agent header - OIDC uses info from `id_token` when not present in the response - Bring back option to skip and customize `at_hash` validation in OIDC - Dropped support for Python 3.9 and added support for Python 3.14 - | Low | 10/7/2025 |
| 4.7.0 | ### Changed - Fixed getting user info in LinkedIn authentication. - Fixed okta OIDC authentication URLs. - Dropped AOL OpenID backend. - Improved error handling in ORCID. - Fixed Soundcloud OAuth2 authorization. ### Added - More OIDC configuration options. - Session restore with stricter SameSite cookie policy. - JWT leeway configuration for some backends. ### Donations This project welcomes donations to make the development sustainable, you can fund Python Social Auth on th | Low | 6/27/2025 |
| 4.6.1 | ### Changed - Fixed crash in partial pipelines for some backends ### Donations This project welcomes donations to make the development sustainable, you can fund Python Social Auth on following platforms: - [GitHub Sponsors](https://github.com/sponsors/python-social-auth/) - [Open Collective](https://opencollective.com/python-social-auth) | Low | 4/28/2025 |
| 4.6.0 | ### Changed - Added type annotations - Modernized build system - OAuth2 backends now default to POST method - Code cleanups - Tests use responses instead of HTTPretty - Improved error handling in case of missing parameters ### Added - Kick OAuth2 backend - OpenIdConnect-based backend for Fedora - Lifescience AAI backend - NFDI (OpenID Connect) backend ### Removed - Removed no longer available backends: khanacademy, professionali.ru, BitBucket OAuth 1.0 ### Donations | Low | 4/25/2025 |
| 4.5.6 | ## What's Changed * fix: revert API changes from #986 by @nijel in https://github.com/python-social-auth/social-core/pull/1020 * chore: release 4.5.6 by @nijel in https://github.com/python-social-auth/social-core/pull/1021 * fix: corrected backeds nonce interface by @nijel in https://github.com/python-social-auth/social-core/pull/1022 **Full Changelog**: https://github.com/python-social-auth/social-core/compare/4.5.5...4.5.6 | Low | 2/13/2025 |
| 4.5.5 | ## What's Changed * Fix defusedxml requirement by @bj00rn in https://github.com/python-social-auth/social-core/pull/912 * build(deps-dev): bump pre-commit from 3.7.0 to 3.7.1 by @dependabot in https://github.com/python-social-auth/social-core/pull/913 * Fix ORCID login when no family name was given by @nikoder in https://github.com/python-social-auth/social-core/pull/914 * Fix https://github.com/python-social-auth/social-core/issues/918 by @Fleapse in https://github.com/python-social-auth/so | Low | 2/13/2025 |
| 4.5.4 | ### Added - LinkedIn supports refresh token ### Changed - SteamOpenId validation of identify URL - Box state redirestion - The `uid` is automatically converted to string in the pipeline - Mediawiki error handling | Low | 4/25/2024 |
| 4.5.3 | ### Added - OpenStreetMap OAuth2 ### Changed - Etsy backend fixes | Low | 2/14/2024 |
| 4.5.2 | ### Added - Etsy backend ### Changed - Updated Facebook API version to 18.0 - Make AppleID work with multiple identifiers | Low | 1/26/2024 |
| 4.5.1 | ### Changed - OpenID Connect skips `at_hash` validation when missing - `redirect_name` is now passed to backend on `do_complete` - `next` is preserved through SAML RelayState - Add Discogs backend - Add BitbucketDataCenterOAuth2 backend - Keycloak's `ID_KEY` is no longer configurable (it never worked) | Low | 11/29/2023 |
| 4.5.0 | ### Changed - Add backend for LinkedIn OpenID Connect - Add backend for EGI Check-in - Support Python 3.12 (and 3.11) - Add backend for the WLCG IAM testing site - Add ping identity OIDC backend - Add uffd oauth2 backend - Add Clever backend - Add Twitter OAuth2 backend - Add backend for e-infra.cz - Replace jose with pyjwt | Low | 10/31/2023 |
| 4.4.2 | ### Changed - Fixed Azure AD Tenant authentication with custom signing keys - Added CAS OIDC backend | Low | 4/22/2023 |
| 4.4.1 | ### Changed - Moved Facebook Limited Login to a separate module to avoid extra dependency - Update Azure AD B2C base URL to match updated endpoints | Low | 3/30/2023 |
| 4.4.0 | ### Added - Backend for OpenInfra OpenID - Facebook Limited Login backend - Add support for Python 3.11 ### Changed - Removed OpenStackDevOpenId backend - Updated `user_data` method in `StripeOAuth2` to return `email` in `get_user_details` - Removes fixed version of `lxml` - Fixed OIDC crash on groups - Fixed Qiita users identification - Dropped support for TLSv1 - Coding style improvements | Low | 3/15/2023 |
| 4.3.0 | ### Added - Add backend for Hashicorp Vault OIDC backend - Add generic OpenID Connect backend - Add Grafana OAuth2 backend - Add MusicBrainz OAuth2 backend ### Changed - Fixed redirect state for Keycloak backend - Add fallback to RSA256 in OpenID Connect when alg is not set - Fixed Azure backend so it can be used with all Azure authority hosts | Low | 6/13/2022 |
| 4.2.0 | ### Added - Add fields that populate on create but not update `SOCIAL_AUTH_IMMUTABLE_USER_FIELDS` - Add Gitea oauth2 backend - Add Twitch OpenId backend - Add CI Logon backend - Add support for Python 3.10 ### Changed - Fixed Slack user identity API call with Bearer headers - Fixed microsoft-graph login error - Fixed Twitch OAuth2 backend - Fixed Facebook API version - Fixed Okta authentication URLs - Fixed Globus JWT signature algorithm - Fixed kid key rotation for OpenID Connect | Low | 1/17/2022 |
| 4.1.0 | Changes: * Discourse backend * Add get and delete class methods for NonceMixin * Use stretegies as interface to fetch backends * Get Apple user first and last name from `self.data` * Instagram Legacy API has been replaced with Instagram Basic Display API since the first one was deprecated, see. * Store `expires_in` for Zoom backend | Low | 3/5/2021 |
| 4.0.3 | ### Changed - Updated `PyJWT` version to `2.0.0` - Remove `six` dependency | Low | 1/12/2021 |
| 4.0.2 | ### Changed - Fixes to Github-action release mechanism | Low | 1/10/2021 |
| 4.0.1 | ### Changed - Fixes to Github-action release mechanism | Low | 1/10/2021 |
| 4.0.0 | ### Added - PayPal backend - Fence OIDC-based backend ### Changed - Dropped Python 2 support from testing stack - Remove discontinued Google OpenId backend - Remove discontinued Yahoo OpenId backend - Fix `jwt.decode()` passed algorithm - Prevent `PyJWT` v2.0.0 being installed - Update Facebook Graph API to 8.0 - Update Amazon fetch-profile URL - Fix Azure AD Tenant, unable to load certificate - Fix Okta well-known URL - Updated Discord's API hostname from discordapp.com to discor | Low | 1/10/2021 |
Dependencies & License Audit
Loading dependencies...
Similar Packages
@agenticmail/enterpriseAgenticMail Enterprise â cloud-hosted AI agent identity, email, auth & compliance for organizationsv0.5.615
More from pypi
markitdownUtility tool for converting various files to Markdown
fastapiFastAPI framework, high performance, easy to learn, fast to code, ready for production
djangoA high-level Python web framework that encourages rapid development and clean, pragmatic design.
flaskA simple framework for building complex web applications.
More in Security
clineAutonomous coding agent right in your IDE, capable of creating/editing files, executing commands, using the browser, and more with your permission every step of the way.
E2BOpen-source, secure environment with real-world tools for enterprise-grade agents.
vm0the easiest way to run natural language-described workflows automatically
AgenvoyAgentic framework | Self-improving memory | Pluggable tool extensions | Sandbox execution