Python Authorization

Open-source Python projects categorized as Authorization

Missing quite a few other open source projects in this space like SuperTokens ( and Keycloak.

Top 23 Python Authorization Projects

  • OPAL

    Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...) (by permitio)

  • Project mention: How to Model Cloud-Native Authorization | | 2024-05-13

    Automating updates and deployments through CI/CD ensures that changes are applied consistently and without human error across all environments. This automation speeds up the deployment process and enhances security by reducing the risk of misconfigurations. At, we primarily manage the policy life cycle as part of a CI process by using projects and environments together with the Environment API. By working with Permit environments for CI, CD is automatically achieved using OPAL, as every environment is automatically deployed to PDPs mapped to them (via their API secret key).

  • Scout Monitoring

    Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in is all you need to start monitoring your apps. Sign up for our free tier today.

    Scout Monitoring logo
  • OAuthLib

    A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

  • django-rules

    Awesome Django authorization, without the database

  • pycasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Python

  • KubiScan

    A tool to scan Kubernetes cluster for risky permissions

  • Authomatic

    Simple yet powerful authorization / authentication client library for Python web applications.

  • Autorize

    Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

  • Project mention: Autorize – The most popular tool to discover AuthZ/AuthN flaws | | 2023-12-28
  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • Python Social

    Python Social Auth - Core

  • Project mention: New, easy to integrate OAuth2 authentication for FastAPI | /r/Python | 2023-08-22

    fastapi-oauth2 is a middleware-based social authentication mechanism supporting several OAuth2 providers. It leverages the social-core authentication backends and integrates seamlessly with FastAPI applications.

  • django-rest-framework-passwordless

    Passwordless Auth for Django REST Framework

  • easyauth

    Create a centralized Authentication and Authorization token server. Easily secure FastAPI endpoints based on Users, Groups, Roles or Permissions with very little database usage.

  • drf-social-oauth2

    drf-social-oauth2 makes it easy to integrate Django social authentication with major OAuth2 providers, i.e., Facebook, Twitter, Google, etc.

  • Project mention: How to efficiently use drf_social_oauth2 and django_rest_framework_simplejwt | | 2024-06-12

    It's a lot but for now, just ctrl + c and ctrl + v. The code is from the official drf_social_oauth codebase, I'm just overriding it.

  • access

    Access, a centralized portal for employees to transparently discover, request, and manage their access for all internal systems needed to do their jobs (by discord)

  • Project mention: How Discord Built `Access!` - An Authorization Management Portal | | 2024-06-18

    To address these concerns, the folks at Discord built an internal portal for staff to manage user permissions for their internal users, organizational stakeholders, and developers. Focusing on workforce identity (We’ll get to customer identity in a sec with, they created it with the goals of being secure, transparent, and easy to use, and eventually made the tool publicly available and free to use.

  • route-detect

    Find authentication (authn) and authorization (authz) security bugs in web application routes.

  • Project mention: Introducing route-detect: find authentication and authorization bugs in web application routes | /r/netsec | 2023-06-29

    Here's the paper [PDF] behind route-detect if you're interested in the details:

  • raider

    OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions (by OWASP)

  • django-casbin

    Authorization middleware for Django based on PyCasbin

  • Project mention: Ask HN: How do you implement authorization in Django? | | 2023-12-03
  • sanic-security

    An effective, simple, and async security library for the Sanic framework.

  • deny

    Python authorization library

  • simple-auth0-fastapi-react-app

    A simple application for authentication, authorization and user management based on Auth0. 🐍 Python ⚡ FastAPI + React.

  • fastapi-auth-middleware

    Lightweight auth middleware for FastAPI that just works. Fits most auth workflows with only a few lines of code

  • EdgeAuth-Token-Python

    Akamai Authorization Token for Python

  • targe

    Policy based authorization library built for python.

  • blog-rbac

    A simple blogging application built using Flask featuring RBAC model based on Google Zanzibar implemented via Permify service. (by BOVAGE)

  • VividBlog

    Vividblog is an API for managing blogs and comments, allowing users to create, read, update, and delete blogs, along with associated comments, with authentication support and error handling.

  • Project mention: The Art of API Design: Lessons Learned in Building VividBlog | | 2024-06-08

    The old adage, "Measure twice, cut once," applies perfectly to API design. A well-designed API is the foundation for a robust and maintainable application. In this post, I'll share my experiences designing the API for VividBlog, a blog platform I recently built, highlighting the importance of thorough planning and the thought processes behind key decisions.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Python Authorization discussion

Log in or Post with

Python Authorization related posts

  • The Art of API Design: Lessons Learned in Building VividBlog

    1 project | | 8 Jun 2024
  • How to Model Cloud-Native Authorization

    1 project | | 13 May 2024
  • 45 Questions to Ask Yourself Before Modeling Authorization

    1 project | | 9 May 2024
  • OPA, Cedar, OpenFGA: Why are Policy Languages Trending Right Now?

    1 project | | 2 May 2024
  • Top 5 Access Control Features You Should Implement in 2024

    2 projects | | 27 Dec 2023
  • How Reddit Built Authorization with OPA

    2 projects | | 18 Dec 2023
  • OPAL: A Flexible, Self-Hosted Authorization Solution Inspired by Netflix's AuthZ Strategy

    1 project | /r/selfhosted | 11 Dec 2023
  • A note from our sponsor - Scout Monitoring | 22 Jun 2024
    Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in is all you need to start monitoring your apps. Sign up for our free tier today. Learn more →


What are some of the best open-source Authorization projects in Python? This list will help you:

Project Stars
1 OPAL 3,529
2 OAuthLib 2,761
3 django-rules 1,797
4 pycasbin 1,301
5 KubiScan 1,293
6 Authomatic 1,028
7 Autorize 895
8 Python Social 833
9 django-rest-framework-passwordless 701
10 easyauth 539
11 drf-social-oauth2 261
12 access 245
13 route-detect 234
14 raider 102
15 django-casbin 99
16 sanic-security 89
17 deny 85
18 simple-auth0-fastapi-react-app 82
19 fastapi-auth-middleware 78
20 EdgeAuth-Token-Python 28
21 targe 9
22 blog-rbac 5
23 VividBlog 2

Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in is all you need to start monitoring your apps. Sign up for our free tier today.