← Back to all products
$10
OAuth2 Implementation
Complete OAuth2 server/client with authorization code, PKCE, client credentials, and refresh flows.
JSONMarkdownPython
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 9 files
oauth2-implementation/
├── LICENSE
├── README.md
├── examples/
│ └── config.example.json
├── free-sample.zip
├── guide/
│ ├── 01_oauth2-implementation.md
│ ├── 02_features.md
│ └── 03_quick-start.md
├── index.html
└── src/
└── main.py
📖 Documentation Preview README excerpt
OAuth2 Implementation
Complete OAuth2 server/client with authorization code, PKCE, client credentials, and token refresh flows. Zero dependencies.
Part of the Auth Vault toolkit by [CodeVault](https://codevault.dev).
Features
- Authorization Code Grant with PKCE support (RFC 7636)
- Client Credentials Grant for machine-to-machine authentication
- Token refresh with automatic rotation and revocation
- CSRF protection via cryptographic state parameter
- Scope-based authorization with consent flow
- Configurable token expiration and signing (HMAC-SHA256)
- In-memory token store with JSON persistence
- CLI tool for server, client, and token management
- Zero dependencies — Python stdlib only
Quick Start
# Start the OAuth2 authorization server
python3 src/main.py serve --port 8080
# Register a new client
python3 src/main.py register --name "My App" \
--redirect-uri https://app.example.com/callback \
--scopes read write
# Generate a PKCE challenge
python3 src/main.py pkce
# Exchange an authorization code for tokens
python3 src/main.py exchange --code AUTH_CODE --verifier PKCE_VERIFIER
# Validate a token
python3 src/main.py validate --token ACCESS_TOKEN
Using as a Library
from main import OAuth2Server, OAuth2Client, PKCEChallenge
# Server setup
server = OAuth2Server(signing_secret="your-secret-here")
client_id, client_secret = server.register_client(
name="My App",
redirect_uris=["https://app.example.com/callback"],
scopes=["read", "write"],
)
# PKCE flow (client side)
pkce = PKCEChallenge.generate()
auth_url = client.build_authorization_url(
client_id=client_id,
redirect_uri="https://app.example.com/callback",
scopes=["read", "write"],
code_challenge=pkce.challenge,
)
*... continues with setup instructions, usage examples, and more.*
📄 Code Sample .py preview
src/main.py
#!/usr/bin/env python3
"""
OAuth2 Implementation — Authorization Code + PKCE + Token Refresh
==================================================================
A complete OAuth2 implementation covering authorization code grant with PKCE,
client credentials grant, token refresh, and scope-based authorization.
Why build your own? Because every OAuth2 library pulls in 15 dependencies
and half of them are abandoned. This implementation uses Python stdlib only
and teaches you exactly what's happening at each step of the protocol.
Zero dependencies. Import or run as CLI.
Part of the Auth Vault toolkit by DataNest.
License: MIT
"""
from __future__ import annotations
import base64
import hashlib
import hmac
import json
import logging
import os
import secrets
import threading
import time
import urllib.parse
from dataclasses import dataclass, field, asdict
from datetime import datetime, timezone, timedelta
from http.server import HTTPServer, BaseHTTPRequestHandler
from typing import Any
# ---------------------------------------------------------------------------
# Configuration
# ---------------------------------------------------------------------------
DEFAULT_HOST = "0.0.0.0"
DEFAULT_PORT = 8080
ACCESS_TOKEN_TTL = 3600 # 1 hour
REFRESH_TOKEN_TTL = 86400 * 30 # 30 days
AUTH_CODE_TTL = 600 # 10 minutes
DEFAULT_SCOPES = ["read", "write"]
logging.basicConfig(
level=logging.INFO,
format="%(asctime)s [%(levelname)s] %(message)s",
datefmt="%Y-%m-%dT%H:%M:%S",
# ... 634 more lines ...