Consider using an OAuth client library

[snarfed]

Bridgy uses oauth-dropins, our home grown OAuth client library, to auth with the 11 different services that Bridgy needs. (Everything on the front page, minus Facebook and Instagram, plus IndieAuth.)

oauth-dropins is fine, but it takes a fair amount of maintenance, and it's not very widely adopted outside of Bridgy and granary, so we don't really get any benefit from using it. There's a solid selection of others that are more mature and widely supported that we could migrate to instead. It would be a significant project, and none of them have all of the services we need yet - Mastodon is a significant one that's missing from all of them, and takes extra work to implement - but long term, the ROI might be worth it.

Here are the options I've looked at:

Authlib / loginpass

• Flask support
• normalized user info: yes, based on OpenID Connect UserInfo claims
• storage: none built in
• loginpass seems to be a thin wrapper with built in configurations for many existing services, but it also says, Most of the time, you don't have to use loginpass, you can just register a remote app with Authlib's framework integrations. So, not sure which we'd use.
• authlib example code: Flask, multiple login
• Missing services: Blogger, Flickr, IndieAuth, Mastodon, Medium, Tumblr, WordPress.com
• optional commercial license

Authomatic

• Flask support
• storage: only legacy app engine ndb, Add Firestore support for the new standard GAE Python3 authomatic/authomatic#194
• normalized user data
• missing: Blogger, IndieAuth, Mastodon, Medium, WordPress
• how to add a new service: Create an OAuth2 subclass authomatic/authomatic#17

python-social-auth

• unmaintained?! looking for maintainers, Open for contributors python-social-auth/social-core#539
• Flask support
• storage: SQLAlchemy, MongoEngine, Peewee
• normalized user data: only username and email
• how to add a new provider
• missing: IndieAuth, Mastodon, Medium, Reddit, WordPress