SDK for verifying access tokens and securing APIs with Auth0, using Authlib.
The auth0-api-python library allows you to secure APIs running on Python, particularly for verifying Auth0-issued access tokens.
It’s intended as a foundation for building more framework-specific integrations (e.g., with FastAPI, Django, etc.), but you can also use it directly in any Python server-side environment.
📚 Documentation - 🚀 Getting Started - 💬 Feedback
This library requires Python 3.9+.
pip install auth0-api-python
If you’re using Poetry:
poetry install auth0-api-python
Create an instance of the ApiClient. This instance will be imported and used anywhere we need access to the methods.
from auth0_api_python import ApiClient, ApiClientOptions
api_client = ApiClient(ApiClientOptions(
domain="<AUTH0_DOMAIN>",
audience="<AUTH0_AUDIENCE>"
))
AUTH0_DOMAIN can be obtained from the Auth0 Dashboard once you've created an application.AUTH0_AUDIENCE is the identifier of the API. You can find this in the APIs section of the Auth0 Dashboard.Use the verify_access_token method to validate access tokens. The method automatically checks critical claims like iss, aud, exp, nbf.
import asyncio
from auth0_api_python import ApiClient, ApiClientOptions
async def main():
api_client = ApiClient(ApiClientOptions(
domain="<AUTH0_DOMAIN>",
audience="<AUTH0_AUDIENCE>"
))
access_token = "..."
decoded_and_verified_token = await api_client.verify_access_token(access_token=access_token)
print(decoded_and_verified_token)
asyncio.run(main())
In this example, the returned dictionary contains the decoded claims (like sub, scope, etc.) from the verified token.
If your application demands extra claims, specify them with required_claims:
decoded_and_verified_token = await api_client.verify_access_token(
access_token=access_token,
required_claims=["my_custom_claim"]
)
If the token lacks my_custom_claim or fails any standard check (issuer mismatch, expired token, invalid signature), the method raises a VerifyAccessTokenError.
We appreciate feedback and contribution to this repo! Before you get started, please read the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.
FAQs
SDK for verifying access tokens and securing APIs with Auth0, using Authlib.
We found that auth0-api-python demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
Security News
TypeScript Native Previews offers a 10x faster Go-based compiler, now available on npm for public testing with early editor and language support.
Research
Security News
Malicious npm packages targeting React, Vue, Vite, Node.js, and Quill remained undetected for two years while deploying destructive payloads.