From fe4628f4ae430a0ff551de66a35ab7650350be17 Mon Sep 17 00:00:00 2001 From: Sebastian Rittau Date: Wed, 26 Feb 2025 12:15:24 +0100 Subject: [PATCH 1/4] Update authlib to 1.5.* Closes: #13536 --- stubs/Authlib/@tests/stubtest_allowlist.txt | 5 +--- stubs/Authlib/METADATA.toml | 2 +- stubs/Authlib/authlib/__init__.pyi | 6 +++- stubs/Authlib/authlib/jose/rfc7519/claims.pyi | 9 +++--- .../Authlib/authlib/oauth2/rfc7523/client.pyi | 13 +++++---- .../Authlib/authlib/oauth2/rfc7591/claims.pyi | 5 +++- .../authlib/oauth2/rfc7591/endpoint.pyi | 12 ++++---- .../authlib/oauth2/rfc7592/endpoint.pyi | 10 +++---- .../Authlib/authlib/oauth2/rfc9068/claims.pyi | 1 - .../authlib/oauth2/rfc9207/__init__.pyi | 3 ++ .../authlib/oauth2/rfc9207/parameter.pyi | 4 +++ stubs/Authlib/authlib/oidc/core/claims.pyi | 3 -- .../Authlib/authlib/oidc/core/grants/util.pyi | 1 + .../authlib/oidc/registration/__init__.pyi | 3 ++ .../authlib/oidc/registration/claims.pyi | 29 +++++++++++++++++++ 15 files changed, 72 insertions(+), 34 deletions(-) create mode 100644 stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi create mode 100644 stubs/Authlib/authlib/oidc/registration/__init__.pyi create mode 100644 stubs/Authlib/authlib/oidc/registration/claims.pyi diff --git a/stubs/Authlib/@tests/stubtest_allowlist.txt b/stubs/Authlib/@tests/stubtest_allowlist.txt index a28af110d1af..e23991b2554b 100644 --- a/stubs/Authlib/@tests/stubtest_allowlist.txt +++ b/stubs/Authlib/@tests/stubtest_allowlist.txt @@ -1,3 +1,4 @@ +# TODO: check these entries authlib.jose.ECKey.PRIVATE_KEY_CLS authlib.jose.ECKey.PUBLIC_KEY_CLS authlib.jose.RSAKey.PRIVATE_KEY_CLS @@ -29,8 +30,4 @@ authlib.oauth2.rfc7521.AssertionClient.oauth_error_class authlib.oauth2.rfc7521.client.AssertionClient.oauth_error_class authlib.oauth2.rfc7523.JWTBearerTokenValidator.token_cls authlib.oauth2.rfc7523.validator.JWTBearerTokenValidator.token_cls -authlib.oauth2.rfc7591.ClientRegistrationEndpoint.claims_class -authlib.oauth2.rfc7591.endpoint.ClientRegistrationEndpoint.claims_class -authlib.oauth2.rfc7592.ClientConfigurationEndpoint.claims_class -authlib.oauth2.rfc7592.endpoint.ClientConfigurationEndpoint.claims_class authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate diff --git a/stubs/Authlib/METADATA.toml b/stubs/Authlib/METADATA.toml index d45cede42927..9772f67caeba 100644 --- a/stubs/Authlib/METADATA.toml +++ b/stubs/Authlib/METADATA.toml @@ -1,4 +1,4 @@ -version = "1.4.*" +version = "1.5.*" upstream_repository = "https://github.com/lepture/authlib" requires = ["cryptography"] partial_stub = true diff --git a/stubs/Authlib/authlib/__init__.pyi b/stubs/Authlib/authlib/__init__.pyi index d1c285f4e6d6..0f2fa8cf2242 100644 --- a/stubs/Authlib/authlib/__init__.pyi +++ b/stubs/Authlib/authlib/__init__.pyi @@ -1,4 +1,8 @@ -from .consts import homepage, version +from typing import Final + +from .consts import author, homepage, version __version__ = version __homepage__ = homepage +__author__ = author +__license__: Final[str] diff --git a/stubs/Authlib/authlib/jose/rfc7519/claims.pyi b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi index e195536a74b4..5f5315cd1a4f 100644 --- a/stubs/Authlib/authlib/jose/rfc7519/claims.pyi +++ b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi @@ -1,16 +1,17 @@ from _typeshed import Incomplete +from typing import ClassVar class BaseClaims(dict[str, object]): - REGISTERED_CLAIMS: Incomplete + REGISTERED_CLAIMS: ClassVar[list[str]] header: Incomplete options: Incomplete params: Incomplete def __init__(self, payload, header, options: Incomplete | None = None, params: Incomplete | None = None) -> None: ... - def __getattr__(self, key): ... - def get_registered_claims(self): ... + # TODO: Adds an attribute for each key in REGISTERED_CLAIMS + def __getattr__(self, key: str): ... + def get_registered_claims(self) -> dict[str, Incomplete]: ... class JWTClaims(BaseClaims): - REGISTERED_CLAIMS: Incomplete def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ... def validate_iss(self) -> None: ... def validate_sub(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi index 7e5d18b6c823..50b6ae797299 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi @@ -1,12 +1,13 @@ -from _typeshed import Incomplete +from typing import Final -ASSERTION_TYPE: str +ASSERTION_TYPE: Final[str] class JWTBearerClientAssertion: - CLIENT_ASSERTION_TYPE = ASSERTION_TYPE - CLIENT_AUTH_METHOD: str - token_url: Incomplete - def __init__(self, token_url, validate_jti: bool = True) -> None: ... + CLIENT_ASSERTION_TYPE: Final[str] + CLIENT_AUTH_METHOD: Final[str] + token_url: str + leeway: int + def __init__(self, token_url: str, validate_jti: bool = True, leeway: int = 60) -> None: ... def __call__(self, query_client, request): ... def create_claims_options(self): ... def process_assertion_claims(self, assertion, resolve_key): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi index 8145438834dd..e79d2fddca8f 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi @@ -1,9 +1,10 @@ from _typeshed import Incomplete +from collections.abc import Mapping +from typing import Any from authlib.jose import BaseClaims class ClientMetadataClaims(BaseClaims): - REGISTERED_CLAIMS: Incomplete def validate(self) -> None: ... def validate_redirect_uris(self) -> None: ... def validate_token_endpoint_auth_method(self) -> None: ... @@ -20,3 +21,5 @@ class ClientMetadataClaims(BaseClaims): def validate_jwks(self) -> None: ... def validate_software_id(self) -> None: ... def validate_software_version(self) -> None: ... + @classmethod + def get_claims_options(cls, metadata: Mapping[str, Incomplete]) -> dict[str, Any]: ... # dict values are key-dependent diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi index 36e0bf6a2c70..c0af6f0c57ea 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi @@ -1,18 +1,16 @@ from _typeshed import Incomplete - -from authlib.oauth2.rfc7591 import ClientMetadataClaims +from typing import Final class ClientRegistrationEndpoint: - ENDPOINT_NAME: str - claims_class = ClientMetadataClaims + ENDPOINT_NAME: Final = "client_registration" software_statement_alg_values_supported: Incomplete server: Incomplete - def __init__(self, server) -> None: ... - def __call__(self, request): ... + claims_classes: list[type[Incomplete]] + def __init__(self, server: Incomplete | None = None, claims_classes: list[type[Incomplete]] | None = None) -> None: ... + def __call__(self, request) -> dict[Incomplete, Incomplete]: ... def create_registration_response(self, request): ... def extract_client_metadata(self, request): ... def extract_software_statement(self, software_statement, request): ... - def get_claims_options(self): ... def generate_client_info(self): ... def generate_client_registration_info(self, client, request) -> None: ... def create_endpoint_request(self, request): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi index e5cf2ac32311..9c393a221416 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi @@ -1,12 +1,11 @@ from _typeshed import Incomplete - -from authlib.oauth2.rfc7591 import ClientMetadataClaims +from typing import Final class ClientConfigurationEndpoint: - ENDPOINT_NAME: str - claims_class = ClientMetadataClaims + ENDPOINT_NAME: Final = "client_configuration" server: Incomplete - def __init__(self, server) -> None: ... + claims_classes: list[type[Incomplete]] + def __init__(self, server: Incomplete | None = None, claims_classes: list[type[Incomplete]] | None = None) -> None: ... def __call__(self, request): ... def create_configuration_response(self, request): ... def create_endpoint_request(self, request): ... @@ -14,7 +13,6 @@ class ClientConfigurationEndpoint: def create_delete_client_response(self, client, request): ... def create_update_client_response(self, client, request): ... def extract_client_metadata(self, request): ... - def get_claims_options(self): ... def introspect_client(self, client): ... def generate_client_registration_info(self, client, request) -> None: ... def authenticate_token(self, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi index 405ba4c103e9..6351408041fa 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi @@ -3,7 +3,6 @@ from _typeshed import Incomplete from authlib.jose import JWTClaims class JWTAccessTokenClaims(JWTClaims): - REGISTERED_CLAIMS: Incomplete def validate(self, now: Incomplete | None = None, leeway: int = 0, **kwargs) -> None: ... def validate_typ(self) -> None: ... def validate_client_id(self): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi new file mode 100644 index 000000000000..f0d14fa1c1f4 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi @@ -0,0 +1,3 @@ +from .parameter import IssuerParameter as IssuerParameter + +__all__ = ["IssuerParameter"] diff --git a/stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi b/stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi new file mode 100644 index 000000000000..8e06d4bb7b46 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi @@ -0,0 +1,4 @@ +class IssuerParameter: + def __call__(self, grant) -> None: ... + def add_issuer_parameter(self, hook_type: str, response) -> None: ... + def get_issuer(self) -> str | None: ... diff --git a/stubs/Authlib/authlib/oidc/core/claims.pyi b/stubs/Authlib/authlib/oidc/core/claims.pyi index b4452f6d636d..96342e7ff69e 100644 --- a/stubs/Authlib/authlib/oidc/core/claims.pyi +++ b/stubs/Authlib/authlib/oidc/core/claims.pyi @@ -16,17 +16,14 @@ class IDToken(JWTClaims): class CodeIDToken(IDToken): RESPONSE_TYPES: Incomplete - REGISTERED_CLAIMS: Incomplete class ImplicitIDToken(IDToken): RESPONSE_TYPES: Incomplete ESSENTIAL_CLAIMS: Incomplete - REGISTERED_CLAIMS: Incomplete def validate_at_hash(self) -> None: ... class HybridIDToken(ImplicitIDToken): RESPONSE_TYPES: Incomplete - REGISTERED_CLAIMS: Incomplete def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ... def validate_c_hash(self) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/util.pyi b/stubs/Authlib/authlib/oidc/core/grants/util.pyi index d93f15590e43..9800380f4659 100644 --- a/stubs/Authlib/authlib/oidc/core/grants/util.pyi +++ b/stubs/Authlib/authlib/oidc/core/grants/util.pyi @@ -14,5 +14,6 @@ def generate_id_token( nonce: str | None = None, auth_time: int | None = None, code: str | None = None, + kid: str | None = None, ) -> str: ... def create_response_mode_response(redirect_uri, params, response_mode): ... diff --git a/stubs/Authlib/authlib/oidc/registration/__init__.pyi b/stubs/Authlib/authlib/oidc/registration/__init__.pyi new file mode 100644 index 000000000000..e0fca8da8da3 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/registration/__init__.pyi @@ -0,0 +1,3 @@ +from .claims import ClientMetadataClaims as ClientMetadataClaims + +__all__ = ["ClientMetadataClaims"] diff --git a/stubs/Authlib/authlib/oidc/registration/claims.pyi b/stubs/Authlib/authlib/oidc/registration/claims.pyi new file mode 100644 index 000000000000..f2dd67de8278 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/registration/claims.pyi @@ -0,0 +1,29 @@ +from _typeshed import Incomplete +from collections.abc import Mapping + +from authlib.jose import BaseClaims + +class ClientMetadataClaims(BaseClaims): + def validate(self) -> None: ... + # The "cls" argument is called "self" in the actual implementation, + # but stubtest will not allow that. + @classmethod + def get_claims_options(cls, metadata: Mapping[str, Incomplete]) -> dict[str, Incomplete]: ... + def validate_token_endpoint_auth_signing_alg(self) -> None: ... + def validate_application_type(self) -> None: ... + def validate_sector_identifier_uri(self) -> None: ... + def validate_subject_type(self) -> None: ... + def validate_id_token_signed_response_alg(self) -> None: ... + def validate_id_token_encrypted_response_alg(self) -> None: ... + def validate_id_token_encrypted_response_enc(self) -> None: ... + def validate_userinfo_signed_response_alg(self) -> None: ... + def validate_userinfo_encrypted_response_alg(self) -> None: ... + def validate_userinfo_encrypted_response_enc(self) -> None: ... + def validate_default_max_age(self) -> None: ... + def validate_require_auth_time(self) -> None: ... + def validate_default_acr_values(self) -> None: ... + def validate_initiate_login_uri(self) -> None: ... + def validate_request_object_signing_alg(self) -> None: ... + def validate_request_object_encryption_alg(self) -> None: ... + def validate_request_object_encryption_enc(self) -> None: ... + def validate_request_uris(self) -> None: ... From 2fd6ac35505960768304a29ea8fb94d52e693052 Mon Sep 17 00:00:00 2001 From: Sebastian Rittau Date: Wed, 26 Feb 2025 12:17:52 +0100 Subject: [PATCH 2/4] Mark some constants as Final --- stubs/Authlib/authlib/consts.pyi | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/stubs/Authlib/authlib/consts.pyi b/stubs/Authlib/authlib/consts.pyi index ab047d25406a..f8ec0e9e5e3b 100644 --- a/stubs/Authlib/authlib/consts.pyi +++ b/stubs/Authlib/authlib/consts.pyi @@ -1,8 +1,8 @@ -from _typeshed import Incomplete +from typing import Final -name: str -version: str -author: str -homepage: str -default_user_agent: Incomplete -default_json_headers: Incomplete +name: Final = "Authlib" +version: Final[str] +author: Final[str] +homepage: Final[str] +default_user_agent: Final[str] +default_json_headers: Final[list[tuple[str, str]]] From 041177d0542bdd407b465e1f7b15645cea52b10d Mon Sep 17 00:00:00 2001 From: Sebastian Rittau Date: Wed, 26 Feb 2025 12:20:24 +0100 Subject: [PATCH 3/4] Change dict[str, object] to dict[str, Any] --- stubs/Authlib/authlib/jose/rfc7519/claims.pyi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stubs/Authlib/authlib/jose/rfc7519/claims.pyi b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi index 5f5315cd1a4f..fc77d9392b4b 100644 --- a/stubs/Authlib/authlib/jose/rfc7519/claims.pyi +++ b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi @@ -1,7 +1,7 @@ from _typeshed import Incomplete -from typing import ClassVar +from typing import Any, ClassVar -class BaseClaims(dict[str, object]): +class BaseClaims(dict[str, Any]): # dict values are key-dependent REGISTERED_CLAIMS: ClassVar[list[str]] header: Incomplete options: Incomplete From d741fef157745fd26f1c5dd310401a607d297998 Mon Sep 17 00:00:00 2001 From: Sebastian Rittau Date: Fri, 11 Apr 2025 14:55:32 +0200 Subject: [PATCH 4/4] Pin exact version for now --- stubs/Authlib/METADATA.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stubs/Authlib/METADATA.toml b/stubs/Authlib/METADATA.toml index 9772f67caeba..006051a0d7d0 100644 --- a/stubs/Authlib/METADATA.toml +++ b/stubs/Authlib/METADATA.toml @@ -1,4 +1,4 @@ -version = "1.5.*" +version = "1.5.0" upstream_repository = "https://github.com/lepture/authlib" requires = ["cryptography"] partial_stub = true