Recommended Code Libraries

LibraryDescriptionErrorsMaintainedPopularitySecurityUsabilityCommentDownloads and Docs
Angular auth oidc client
A library for implementing the Code Flow (PKCE) and session management for Angular AppsManages OpenID Connect messages, renewal of tokens, token validation and logout.
ASP.NET Core JWT Bearer Middleware
Framework for API token validation, claims handling and authorizationStrong overall framework support for JWT and JWKS processing, with mechanisms to enforce claims and scopes.
ASP.NET Core OpenID Connect
Framework for securing websites via OpenID Connect and issuing authentication cookies for the browserMature support for managing authorization, setting auth cookies and working with OAuth tokens in C# code.
Curity Express OAuth JWT
A library for securing NodeJS Express endpoints with JWTs, or using token introspection if requiredEnables simple and efficient integration of JWT validation into NodeJS Express APIs.
Curity Flask of Oil
An extension for Flask APIs to enable JWTs to be validated simply and efficientlySupports JWKS downloads, JWT validation and working with claims in Python Flask APIs.
Curity Java OAuth Filter
A Curity servlet filter for handling both JWTs and opaque access tokensSupports JWT validation and introspection with caching of results, then provides claims to the API application.
Curity OAuth Assistant
A Curity library for implementing the Assisted Token Flow and SPA session managementManages OpenID Connect messages, secure iframing, renewal of tokens and logout.
jose4j
A Java library for JSON web security, providing API features for token validation and managing JWKS keysStrong support for JWT and JWKS processing, with clear error codes, to set up claims and scopes ready for authorization.
JSON Web Token for Go
A JWT signer, verifier and validator for Go (Golang) APIsEasy to validate JWTs via a few lines of code, enabling the API to implement authorization via scopes and claims.
JWT Bundle
A PHP library that uses the JWT Framework to handle all things related to JWTs, including key management, signature validation and claims validationGood library to handle all things JWT-related in a PHP application.
Lexik Jose Bridge
A library to secure Symfony APIs with JWTs and provide OAuth claims to the APIA Symfony bundle which enables an easy way of securing endpoints with JWTs.
NodeJS JOSE
A library for JSON Web Security that can be used in NodeJS APIs for validating tokens and reading claimsComprehensive support for Json Web processing in Javascript code, including JWT and JWKS handling for APIs.
oidc client
A library for implementing the Code Flow (PKCE) and SPA session managementManages OpenID Connect messages, renewal of tokens, token validation and logout.
OpenID Client
A popular library for NodeJS websites, with support for multiple OAuth flowsSupports many OAuth client flows in NodeJS, with mature support for the Authorization Code Flow used by websites.
pac4j
A security engine for Java to authenticate users and manage their profiles.A framework-agnostic library for handling OAuth and OIDC flows.
PyJWT
A Python library which allows you to decode and validate JSON Web Tokens in APIsStrong support for JWT processing, with some limitations in support for managing JWKS keys.
Python Social Auth
An easy-to-setup social authentication and authorization mechanism supporting OAuth (1 and 2) and OpenID Connect.A framework-agnostic library for handling OAuth and OIDC flows with a good support for Django.
Requests OAuthLib
A Python library providing support for OAuth 1 and OAuth 2.0 flows.A framework-agnostic library for handling OAuth flows.
ScribeJava
A simple and complete OAuth 2 library.A framework-agnostic library for handling OAuth flows.
Spring Security OAuth Resource Server
Framework for API token validation, claims handling and authorizationStrong overall framework support for JWT and JWKS processing, and also introspection, with mechanisms to enforce claims and scopes.
Spring Security OAuth2 Client
Spring Security component for performing OAuth2 and OIDC flows.Support for OAuth 2 and OIDC flows to Spring Security.