diff --git a/Authlib-1.3.0.tar.gz b/Authlib-1.3.0.tar.gz
deleted file mode 100644
index 67c3215a85ef445658eccc7552386c63c2556336..0000000000000000000000000000000000000000
Binary files a/Authlib-1.3.0.tar.gz and /dev/null differ
diff --git a/authlib-1.6.0.tar.gz b/authlib-1.6.0.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..b466c3dedf75c6c8facc69573aa84f1d5fc03d39
Binary files /dev/null and b/authlib-1.6.0.tar.gz differ
diff --git a/backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch b/backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch
deleted file mode 100644
index f9d75d1cf35fc4f4e6d29b438581ab5476c9b4fd..0000000000000000000000000000000000000000
--- a/backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3bea812acefebc9ee108aa24557be3ba8971daf1 Mon Sep 17 00:00:00 2001
-From: Hsiaoming Yang <me@lepture.com>
-Date: Tue, 4 Jun 2024 11:34:43 +0900
-Subject: [PATCH] fix: prevent OctKey to import ssh/rsa/pem keys
-
-https://github.com/lepture/authlib/issues/654
----
- authlib/jose/rfc7518/oct_key.py | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/authlib/jose/rfc7518/oct_key.py b/authlib/jose/rfc7518/oct_key.py
-index 1db321a..44e1f72 100644
---- a/authlib/jose/rfc7518/oct_key.py
-+++ b/authlib/jose/rfc7518/oct_key.py
-@@ -6,6 +6,16 @@ from authlib.common.security import generate_token
- from ..rfc7517 import Key
- 
- 
-+POSSIBLE_UNSAFE_KEYS = (
-+    b"-----BEGIN ",
-+    b"---- BEGIN ",
-+    b"ssh-rsa ",
-+    b"ssh-dss ",
-+    b"ssh-ed25519 ",
-+    b"ecdsa-sha2-",
-+)
-+
-+
- class OctKey(Key):
-     """Key class of the ``oct`` key type."""
- 
-@@ -65,6 +75,11 @@ class OctKey(Key):
-             key._dict_data = raw
-         else:
-             raw_key = to_bytes(raw)
-+
-+            # security check
-+            if raw_key.startswith(POSSIBLE_UNSAFE_KEYS):
-+                raise ValueError("This key may not be safe to import")
-+
-             key = cls(raw_key=raw_key, options=options)
-         return key
- 
--- 
-2.33.0
-
diff --git a/python-Authlib.spec b/python-Authlib.spec
index d57d020f2835a5dcecc6bb55a0c174548d317758..7aae40cea5867406313cf725a46f08857a42c504 100644
--- a/python-Authlib.spec
+++ b/python-Authlib.spec
@@ -1,15 +1,13 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-Authlib
-Version:	1.3.0
+Version:	1.6.0
 Release:	1
 Summary:	The ultimate Python library in building OAuth and OpenID Connect servers and clients.
 License:	BSD 3-Clause License
 URL:		https://authlib.org/
-Source0:	https://files.pythonhosted.org/packages/source/A/Authlib/Authlib-1.3.0.tar.gz
+Source0:	%{pypi_source authlib}
 BuildArch:	noarch
 
-Patch0001:	backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch
-
 Requires:	python3-cryptography
 
 %description
@@ -34,7 +32,7 @@ The ultimate Python library in building OAuth and OpenID Connect servers.
 JWS, JWK, JWA, JWT are included.
 
 %prep
-%autosetup -p1 -n Authlib-1.3.0
+%autosetup -p1 -n authlib-%{version}
 
 %build
 %py3_build
@@ -74,6 +72,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Thu Jun 19 2025 liwenqiang <liwq@teligen.net> - 1.6.0-1
+- update to 1.6.0
+
 * Fri Feb 28 2025 gongzhengtang<gong_zhengtang@163.com> - 1.3.0-1
 - update to v1.3.0