RFC9207: OAuth 2.0 Authorization Server Issuer Identification

This section contains the generic implementation of RFC9207.

In summary, RFC9207 advise to return an iss parameter in authorization code responses. This can simply be done by implementing the get_issuer() method in the IssuerParameter class, and pass it as a AuthorizationCodeGrant extension:

from authlib.oauth2 import rfc9207

class IssuerParameter(rfc9207.IssuerParameter):
    def get_issuer(self) -> str:
        return "https://auth.example.org"

...

authorization_server.register_extension(IssuerParameter())

API Reference

class authlib.oauth2.rfc9207.IssuerParameter

get_issuer() → str | None

Return the issuer URL. Developers MAY implement this method if they want to support RFC9207:

def get_issuer(self) -> str:
    return "https://auth.example.org"