litestar-oauth

OAuth2 authentication plugin for Litestar.

Features

Async-First Design: Built on httpx for async HTTP operations
Pre-built Providers: GitHub, Google, Discord, and a generic provider for any OAuth2/OIDC service
Type-Safe: Full typing with Protocol-based interfaces
CSRF Protection: Built-in state management to prevent cross-site request forgery
Automatic Routes: Plugin registers login and callback routes automatically
Normalized User Data: Consistent user info format across all providers
Extensible: Easy to add custom providers for any OAuth2-compliant identity provider

Installation

uv add litestar-oauth

Or with pip:

pip install litestar-oauth

Quick Start

from litestar import Litestar
from litestar_oauth.contrib.litestar import OAuthPlugin, OAuthConfig

app = Litestar(
    plugins=[
        OAuthPlugin(
            config=OAuthConfig(
                redirect_base_url="https://example.com",
                github_client_id="your-client-id",
                github_client_secret="your-client-secret",
            )
        )
    ],
)

# Routes automatically registered:
# GET /auth/github/login    - Redirects to GitHub OAuth
# GET /auth/github/callback - Handles OAuth callback

Standalone Usage

Use the OAuth providers without the Litestar plugin:

from litestar_oauth.providers import GitHubOAuthProvider

provider = GitHubOAuthProvider(
    client_id="your-client-id",
    client_secret="your-client-secret",
)

# Generate authorization URL
auth_url = provider.get_authorization_url(
    redirect_uri="https://example.com/callback",
    state="random-state-token",
)

# After callback, exchange code for token
token = await provider.exchange_code(
    code="authorization-code",
    redirect_uri="https://example.com/callback",
)

# Get user info
user_info = await provider.get_user_info(token.access_token)
print(f"Hello, {user_info.username}!")

Supported Providers

Provider	Class	Default Scopes
GitHub	`GitHubOAuthProvider`	`read:user`, `user:email`
Google	`GoogleOAuthProvider`	`openid`, `email`, `profile`
Discord	`DiscordOAuthProvider`	`identify`, `email`
Generic	`GenericOAuthProvider`	Configurable

Use GenericOAuthProvider for any OAuth2/OIDC provider like Keycloak, Auth0, Okta, or Azure AD.

Optional Extras

# Apple Sign In (requires JWT signing)
uv add litestar-oauth[apple]

# All provider extras
uv add litestar-oauth[all]

Links

License

MIT License - see LICENSE for details.

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
.github		.github
docs		docs
scripts		scripts
src/litestar_oauth		src/litestar_oauth
tests		tests
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.python-version		.python-version
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
Makefile		Makefile
PLAN.md		PLAN.md
README.md		README.md
TESTING_SUMMARY.md		TESTING_SUMMARY.md
pyproject.toml		pyproject.toml
uv.lock		uv.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

litestar-oauth

Features

Installation

Quick Start

Standalone Usage

Supported Providers

Optional Extras

Links

License

About

Uh oh!

Releases 1

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

litestar-oauth

Features

Installation

Quick Start

Standalone Usage

Supported Providers

Optional Extras

Links

License

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages