Authlib
Description​
Authlib is a comprehensive library that provides a full suite of tools for building OAuth 1.0, OAuth 2.0, and OpenID Connect servers. It includes robust implementations of JWS (JSON Web Signature), JWK (JSON Web Key), JWA (JSON Web Algorithms), and JWT (JSON Web Tokens), making it a versatile choice for developers looking to secure their web applications and services. Authlib aims to offer an easy-to-use, yet highly flexible framework for authentication and authorisation.
General details​
- Developer(s): Primarily developed by Hsiaoming Yang, with contributions from a community of developers.
- Open Source: Yes
- Language(s): Python
- Repository: https://github.com/lepture/authlib
- License: BSD-3-Clause License
- Operating system(s): OS Independent
- Actively maintained: Yes (one month ago)
Intended use on the device​
The SOUP is used in the medical device for the following specific purposes only:
- Create (encode), decode and verify JSON Web Tokens that web API users need to communicate with authorized endpoints.
Requirements​
For the integration and safe usage of this SOUP within a software system, it's important to outline both functional and performance requirements. These requirements help mitigate risks and ensure compatibility and performance standards are met.
Functional​
- OAuth 2.0 implementation: Support all core functionalities of the OAuth 2.0 protocol, including authorisation code flow, implicit flow, password grant, client credentials, and refresh tokens.
- JWT handling: Provide robust mechanisms for creating, decoding, and verifying JWTs as specified by the RFC 7519 standard, including support for multiple signing algorithms.
- Extensibility: Allow easy extension and customisation of authentication and authorisation mechanisms to cater to various application-specific needs.
- Integration: Offer seamless integration capabilities with popular Python web frameworks such as FastAPI.
Performance​
- Security: Implement up-to-date security practices, including proper handling of encryption and secure storage of sensitive information.
- Scalability: Be capable of handling a large number of authentication and authorisation requests efficiently without significant degradation in response times.
- Resource efficiency: Have optimised algorithms and data structures to minimise CPU and memory usage, considering the computational demands of signing and encrypting content.
System requirements​
Establishing minimum software and hardware requirements is important to mitigate risks, such as security vulnerabilities, performance issues, or compatibility problems, and to ensure that the SOUP functions effectively within the intended environment.
Software​
After evaluation, we find that there are no specific software requirements for this SOUP. It works properly on standard computing devices, which includes our environment.
Hardware​
After evaluation, we find that there are no specific hardware requirements for this SOUP. It works properly on standard computing devices, which includes our environment.
Documentation​
The official SOUP documentation can be found at https://docs.authlib.org/en/latest/.
Additionally, a criterion for validating the SOUP is that all the items of the following checklist are satisfied:
- The vendor maintains clear and comprehensive documentation of the SOUP describing its functional capabilities, user guidelines, and tutorials, which facilitates learning and rapid adoption.
- The documentation for the SOUP is regularly updated and clearly outlines every feature utilized by the medical device, doing so for all integrated versions of the SOUP.
Related software items​
We catalog the interconnections between the microservices within our software architecture and the specific versions of the SOUP they utilise. This mapping ensures clarity and traceability, facilitating both the understanding of the system's dependencies and the management of SOUP components.
Although the title of the section mentions software items, the relationship with SOUP versions has been established with microservices (also considered software items, by the way) because each one is inside a different Docker container and, therefore, has its own isolated runtime environment.
| SOUP version | Software item(s) | 
|---|---|
| 1.3.0 | WEB API GATEWAY | 
Related risks​
The following are risks applicable to this SOUP from the table found in document R-TF-013-002 Risk management record_2023_001:
- 58. SOUP presents an anomaly that makes it incompatible with other SOUPs or with software elements of the device.
- 59. SOUP is not being maintained nor regularly patched.
- 60. SOUP presents cybersecurity vulnerabilities.
Lists of published anomalies​
The incidents, anomalies, known issues or changes between versions for this SOUP can be found at:
History of evaluation of SOUP anomalies​
01 Mar 2024​
- Reviewer of the anomalies: Alejandro Carmena Magro
- Version(s) of the SOUP reviewed: 1.3.0
No anomalies have been found.
Record signature meaning​
- Author: JD-004
- Reviewer: JD-003
- Approver: JD-005