> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pleo.io/llms.txt
> Use this file to discover all available pages before exploring further.
# OAuth 2.0 Libraries and Standards
Pleo integrations are strongly encouraged to use **industry-standard OAuth 2.0 client libraries** rather than implementing OAuth 2.0 flows from scratch.
OAuth 2.0 is a security-critical protocol. Using a mature, well-maintained library significantly reduces the risk of implementation errors, security vulnerabilities, and non-standard behaviour.
## Why Use an OAuth 2.0 Library
Implementing OAuth 2.0 manually is complex and error-prone. Established libraries help ensure that your integration:
* Adheres to OAuth 2.0 standards
* Correctly handles redirects, tokens, and error conditions
* Applies security best practices by default (for example, PKCE and CSRF protection)
* Remains maintainable as standards evolve
Using a library allows you to focus on your product logic rather than protocol details.
## What OAuth 2.0 Libraries Typically Handle
Most OAuth 2.0 client libraries provide built-in support for:
* Generating authorisation requests (including `state` and PKCE parameters)
* Redirecting users to the authorisation server
* Handling authorisation responses and errors
* Exchanging authorisation codes for access and refresh tokens
* Refreshing access tokens
* Tracking token expiry
* Protecting against CSRF and replay attacks
Many libraries also allow customisation, such as:
* Integrating with your web framework’s routing and redirect mechanisms
* Plugging in your own persistence layer for tokens and transient values (for example `state` and `code_verifier`)
* Customising success and error handling
* Hooking into lifecycle events during the OAuth 2.0 flow
Exact features and extension points depend on the library you choose. Always consult the documentation of your selected library.
## Recommended OAuth 2.0 Client Libraries
The following libraries are commonly used, well-supported, and suitable for production OAuth 2.0 integrations:
### Java
* `spring-security-oauth2-client`
### Python
* `Authlib`
* `Requests-OAuthlib`
### JavaScript
* OAuth 2.0 strategies for `passport.js`
* Standards-compliant OAuth 2.0 / OIDC client libraries appropriate to your framework
### .NET
* `Microsoft.Identity.Web`
These libraries are widely adopted and actively maintained. Equivalent standards-compliant libraries may be used in other ecosystems.
## OAuth 2.0 Standards and Compliance
Pleo’s OAuth 2.0 implementation follows **standard OAuth 2.0 specifications and best practices**, including:
* **RFC 6749 – OAuth 2.0 Authorisation Framework**
* Proof Key for Code Exchange (PKCE)
* Standard token and refresh flows
No proprietary extensions or custom protocol behaviour are required to integrate with Pleo.
Integrations should avoid custom or non-standard OAuth 2.0 implementations, as these can introduce security risks and compatibility issues.
## What You Still Need to Implement
Even when using an OAuth 2.0 library, integrations are responsible for:
* Providing a user interface to initiate the connection (for example, a “Connect to Pleo” button)
* Persisting access and refresh tokens securely
* Handling token lifecycle events (expiry, refresh failures, revocation)
* Implementing appropriate error handling and user messaging
* Designing a token refresh strategy that fits your system architecture
These responsibilities are covered in more detail in the authentication workflow and token lifecycle guides.
## FAQs
These terms describe different parts of how OAuth 2.0 works in the Pleo platform.
The difference between an **integration**, **application**, and **OAuth 2.0 client** is explained in the [OAuth 2.0 Concepts and Terminology](/docs/current/authentication/oauth/oauth-overview#concepts-and-terminology) section.
## Related Reading
* [Client Configuration](/docs/current/integration-design/auth/oauth/getting-set-up/oauth-client-configuration)
* [OAuth 2.0 Setup Workflow Guide](/docs/current/guides/oauth-workflow-guide)