Recommended Code Libraries
| Library | Description | Errors | Maintained | Popularity | Security | Usability | Comment | Downloads and Docs |
|---|---|---|---|---|---|---|---|---|
Android AppAuth | A library for implementing OpenID Connect in Android against any compliant OIDC Provider | The leading open source library for authentication via the Android system browser and retrieving tokens. | ||||||
Android HAAPI SDK | A Curity library for implementing OpenID Connect by following API hypermedia responses | Implements OpenID Connect to financial grade and provides full control over the login user experience. | ||||||
Angular auth oidc client | A library for implementing the Code Flow (PKCE) and session management for Angular Apps | Manages OpenID Connect messages, renewal of tokens, token validation and logout. | ||||||
ASP.NET Core JWT Bearer Middleware | Framework for API token validation, claims handling and authorization | Strong overall framework support for JWT and JWKS processing, with mechanisms to enforce claims and scopes. | ||||||
ASP.NET Core OpenID Connect | Framework for securing websites via OpenID Connect and issuing authentication cookies for the browser | Mature support for managing authorization, setting auth cookies and working with OAuth tokens in C# code. | ||||||
Curity BFF API (Container) | A Back End for Front End API that can be deployed as a Docker container | Issues SameSite HTTP Only cookies for the SPA in line with OpenID Connect best practices. | ||||||
Curity Express OAuth JWT | A library for securing NodeJS Express endpoints with JWTs, or using token introspection if required | Enables simple and efficient integration of JWT validation into NodeJS Express APIs. | ||||||
Curity Flask of Oil | An extension for Flask APIs to enable JWTs to be validated simply and efficiently | Supports JWKS downloads, JWT validation and working with claims in Python Flask APIs. | ||||||
Curity Java OAuth Filter | A Curity servlet filter for handling both JWTs and opaque access tokens | Supports JWT validation and introspection with caching of results, then provides claims to the API application. | ||||||
Curity OAuth Assistant | A Curity library for implementing the Assisted Token Flow and SPA session management | Manages OpenID Connect messages, secure iframing, renewal of tokens and logout. | ||||||
iOS AppAuth | A library for implementing OpenID Connect in iOS against any compliant OIDC Provider | The leading open source library for authentication via the iOS system browser and retrieving tokens. | ||||||
iOS HAAPI SDK | A Curity library for implementing OpenID Connect by following API hypermedia responses | Implements OpenID Connect to financial grade and provides full control over the login user experience. | ||||||
jose4j | A Java library for JSON web security, providing API features for token validation and managing JWKS keys | Strong support for JWT and JWKS processing, with clear error codes, to set up claims and scopes ready for authorization. | ||||||
JSON Web Token for Go | A JWT signer, verifier and validator for Go (Golang) APIs | Easy to validate JWTs via a few lines of code, enabling the API to implement authorization via scopes and claims. | ||||||
JWT Bundle | A PHP library that uses the JWT Framework to handle all things related to JWTs, including key management, signature validation and claims validation | Good library to handle all things JWT-related in a PHP application. | ||||||
Lexik Jose Bridge | A library to secure Symfony APIs with JWTs and provide OAuth claims to the API | A Symfony bundle which enables an easy way of securing endpoints with JWTs. | ||||||
NodeJS JOSE | A library for JSON Web Security that can be used in NodeJS APIs for validating tokens and reading claims | Comprehensive support for Json Web processing in Javascript code, including JWT and JWKS handling for APIs. | ||||||
oidc client | A library for implementing the Code Flow (PKCE) and SPA session management | Manages OpenID Connect messages, renewal of tokens, token validation and logout. | ||||||
OpenID Client | A popular library for NodeJS websites, with support for multiple OAuth flows | Supports many OAuth client flows in NodeJS, with mature support for the Authorization Code Flow used by websites. | ||||||
pac4j | A security engine for Java to authenticate users and manage their profiles. | A framework-agnostic library for handling OAuth and OIDC flows. | ||||||
PyJWT | A Python library which allows you to decode and validate JSON Web Tokens in APIs | Strong support for JWT processing, with some limitations in support for managing JWKS keys. | ||||||
Python Social Auth | An easy-to-setup social authentication and authorization mechanism supporting OAuth (1 and 2) and OpenID Connect. | A framework-agnostic library for handling OAuth and OIDC flows with a good support for Django. | ||||||
Requests OAuthLib | A Python library providing support for OAuth 1 and OAuth 2.0 flows. | A framework-agnostic library for handling OAuth flows. | ||||||
ScribeJava | A simple and complete OAuth 2 library. | A framework-agnostic library for handling OAuth flows. | ||||||
Spring Security OAuth Resource Server | Framework for API token validation, claims handling and authorization | Strong overall framework support for JWT and JWKS processing, and also introspection, with mechanisms to enforce claims and scopes. | ||||||
Spring Security OAuth2 Client | Spring Security component for performing OAuth2 and OIDC flows. | Support for OAuth 2 and OIDC flows to Spring Security. |