🔴 Authlib OAuth 20 Authorization Server, Unauthenticated Open Redirect, GHSA-w8p2-r796-3vmq (Critical) -DC-Jun2026-280 dailycve.com/authlib-oauth-2…

Polar — The fastest growing billing platform for AI Startups is open source & would never have been possible without... Python Backend > @FastAPI by @tiangolo > Starlette, HTTPX & Uvicorn > Dramatiq by Bogdan Popa > @pydantic > @sqlalchemy > Authlib by @lepture > APScheduler > React Email by @resend Frontend > @nextjs > @shadcn > @tailwindcss > Motion by @mattgperry > React Query by @tannerlinsley > @nuqs47ng > React Hook Form

@Replit 10 year anniversary Build 6 - @KevinBlumson collab What if the universe is a tiny rewrite rule applied to a graph, trillions of times per second? That's the Wolfram Physics Project premise. Their team has catalogued hundreds of small hypergraph rewriting rules and shown some produce structures resembling spacetime, quantum mechanics, and general relativity. The open question: which rule is the right one? The search space has over 125 million candidates, and verifying a single one takes millions of simulation steps. We built Hypergraph Rule Explorer to go look. Every browser tab that opens the app becomes a compute node. JavaScript calls into a full Python interpreter (Pyodide, via WebAssembly) to simulate rules locally. Each session leases a slice of unexplored rule space from a coordinator, runs verification, and ships hits back. No install. No account needed. The verification pipeline runs four gates on each candidate: causal invariance (multiple update orderings must converge, the hypergraph equivalent of Lorentz invariance), growth class analysis, asymptotic dimension estimation (flagging rules that consistently produce ~3 1D structure), and branchial graph analysis for quantum-like branch merging. Rules passing all four gates are recorded as discoveries, stored with a permalink, a downloadable reproduction recipe, and a rendered hypergraph thumbnail. Novelty detection runs against a canonical registry of 21,000 known rules. Candidates are normalized to canonical form before comparison so no variable-renaming or isomorphism creates a false positive. Stack: Flask, SQLite, PostgreSQL coordination store, Pyodide, Plotly.js, Jinja2, Authlib OIDC, all running on Replit with zero external infrastructure. From idea to a distributed physics search engine with auth, a leaderboard, visualization, and an Atom discovery feed: one environment, one tab. Mad science. Possibly the Theory of Everything. Built on Replit. #Replit #AdeviousAI #BuildInPublic #Science

認証基盤で広く使われるAuthlibに、JWT偽造や認証回避、暗号文の解読につながる重大欠陥3件が見つかった。設定や実装次第では、攻撃者が正規ユーザーになりすまして保護された機能へ到達し、機密データの扱いやログイン基盤そのものを揺るがす恐れがある。 問題は、OAuthやOpenID Connect実装で使われるAuthlibに見つかった3件の脆弱性である。CVE-2026-27962は、検証時にkey=Noneが渡る条件下で、トークンヘッダー内の攻撃者指定鍵を信用してしまい、任意のJWTを正当な署名付きとして受け入れ得る。CVE-2026-28498は、未認識のalgを検出しても失敗せずTrueを返すため、OIDCのIDトークン検証をすり抜けかねない。CVE-2026-28490は、RSA1_5処理で例外の違いが露出し、FlaskやDjango、FastAPIで識別可能な応答差を生み、パディングオラクル攻撃の足場になる。影響は1.6.8までの全版に及ぶ。月間8600万超のダウンロードがある広範なライブラリだけに、影響範囲は大きい。 securityonline.info/broken-k…

“Kriptaz Hub” Identity Server has successfully completed all development phases. The system provides seamless integration with various technology stacks: - Spring Security OIDC for Java - authlib for Python - league/oauth2-client for PHP - coreos/go-oidc for Go - Microsoft.Identity for .NET @kriptazChain

📢 AUTHLIB webinar How do illiberals challenge democracy in Austria, Italy & France? 🗓️ Jan 26 |🕒 10:00 CET 🎙️Batuhan Eren @scuolanormale, @CaterinaFroio @SciencesPo_CEE, Sylvia Kritzinger @univienna & @VeghZsuzsanna @gmfus ⬇️ t.ly/DdE4e

Finally I implemented Google OAuth2 in my app using > fastapi > authlib > passlib > pyjwt - It was a simple thing yet confusing.

💥 New AUTHLIB Blog How do terror attacks reshape political debate? Elena Cossu @elle_cossu @SciencesPo_CEE @sciencespo shows how attacks in France pushed mainstream parties closer to far-right positions on multiculturalism. authlib.eu/how-terror-attack…

Completed Phase II of Hackhaton II ( Todo Web Application ) using only Claude Code & Specskitplus. TechStack: ↳ Next.js ↳ FastAPI ↳ NeonDB ↳ BetterAuth ↳ JWT ↳ Authlib ↳ SQL Model @0xAsharib | @SheikhAmeenAlam | @ziakhan

@peterkreko (Eötvös Loránd University) and Gábor Orosz @Flinders discussed the initial findings of their democratic inoculation experiment that is bridging AUTHLIB and the recently launched @MORES_HORIZON project

❗ Illiberal forces impact policies and institutions. AUTHLIB studied their influence across various policy areas. 🔥 Mieke Verloo @Radboud_Uni analyzed how illiberals influence knowledge production in service of their authoritarian agenda creating a mutually reinforcing cycle.

💡 Moving from theory to practice, AUTHLIB put forward recommendations to counter illiberal chalenges to democracy and strengthen liberal democracy in Europe.

🗣️ AUTHLIB has explored the discourse of illiberal actors and the role of emotions in political communication. 📄 Carsten Q. Schneider @ceu discussed if and how political leaders’ public speech can act as an early warning signal of democratic decline.

💭 Radosław Markowski and @PiotrZag @SWPSUniversity discussed the varieties of trust in government and satisfaction with democracy as it emerges from the AUTHLIB Survey.

Good day at the Authlib closing conference in Budapest today!

🗣️Finally, we heard from @CaterinaFroio @SciencesPo_CEE @sciencespo showing how illiberalism is rising in France and how it influences the country's political landscape. 📚Stay tuned for our AUTHLIB Country Paper series including our Sciences Po team's paper on France!

💥 Our two-day concluding conference is already underway at the Central European University @ceu! If you are in Budapest, come by today and tomorrow to learn about illiberalism in Europe from all the excellent scholars of AUTHLIB and join our discussion!

💡New on the AUTHLIB Blog Europe is torn between shock, indignation, and complacency regarding the US National Security Strategy, writes @DanielHegedus82 @gmfus. Instead, it should prepare to counter the threats it may pose to the EU. 💭 Read now: authlib.eu/the-blueprint-to-…