Complete python-jose typing (#8258)

stubs/python-jose/@tests/stubtest_allowlist.txt

@@ -4,6 +4,3 @@ jose.backends.CryptographyECKey
 jose.backends.CryptographyHMACKey
 jose.backends.CryptographyRSAKey
 jose.backends.ECDSAECKey
-jose.backends.ECKey
-jose.backends.HMACKey
-jose.backends.RSAKey

stubs/python-jose/METADATA.toml

@@ -1,2 +1,5 @@
 version = "3.3.*"
-requires = [] # excluding pyasn1 until typing is available
+requires = [] # excluding pyasn1 until typing is available
+
+[tool.stubtest]
+ignore_missing_stub = false

stubs/python-jose/jose/__init__.pyi

@@ -5,5 +5,7 @@ from .exceptions import (
     JWTError as JWTError,
 )
 
-__license__: str
 __version__: str
+__author__: str
+__license__: str
+__copyright__: str

stubs/python-jose/jose/backends/__init__.pyi

@@ -14,8 +14,8 @@ from .rsa_backend import RSAKey as BackendRSAKey
 # python-jose relies on importing from cryptography_backend
 # then falling back on other imports
 # these are all the potential options
-AESKey: CryptographyAESKey | None
-HMACKey: CryptographyHMACKey | NativeHMACKey
-RSAKey: CryptographyRSAKey | BackendRSAKey | None
-ECKey: CryptographyECKey | ECDSAECKey
+AESKey: type[CryptographyAESKey] | None
+HMACKey: type[CryptographyHMACKey] | type[NativeHMACKey]
+RSAKey: type[CryptographyRSAKey] | type[BackendRSAKey] | None
+ECKey: type[CryptographyECKey] | type[ECDSAECKey]
 get_random_bytes: Callable[[int], bytes]

stubs/python-jose/jose/constants.pyi

@@ -1,4 +1,7 @@
-from typing import Any
+from collections.abc import Callable, Mapping
+from hashlib import _Hash
+
+from .backends.base import Key
 
 class Algorithms:
     NONE: str
@@ -56,14 +59,14 @@ class Algorithms:
     GCM: set[str]
     SUPPORTED: set[str]
     ALL: set[str]
-    HASHES: Any
-    KEYS: Any
+    HASHES: Mapping[str, Callable[[bytes], _Hash]]
+    KEYS: Mapping[str, type[Key]]
 
-ALGORITHMS: Any
+ALGORITHMS: Algorithms
 
 class Zips:
     DEF: str
-    NONE: Any
-    SUPPORTED: Any
+    NONE: None
+    SUPPORTED: set[str | None]
 
-ZIPS: Any
+ZIPS: Zips

stubs/python-jose/jose/jwe.pyi

@@ -1,13 +1,22 @@
 from typing import Any
 
+from .backends.base import Key
+
 def encrypt(
-    plaintext: Any,
-    key: dict[str, str],
-    encryption=...,
-    algorithm=...,
-    zip: Any | None = ...,
-    cty: Any | None = ...,
-    kid: Any | None = ...,
-): ...
-def decrypt(jwe_str: str, key: str | dict[str, str]): ...
-def get_unverified_header(jwe_str: str): ...
+    plaintext: str | bytes,
+    # Internally it's passed down to jwk.construct(), which explicitly checks for
+    # key as dict instance, instead of a Mapping
+    key: str | bytes | dict[str, Any] | Key,
+    encryption: str = ...,
+    algorithm: str = ...,
+    zip: str | None = ...,
+    cty: str | None = ...,
+    kid: str | None = ...,
+) -> bytes: ...
+def decrypt(
+    jwe_str: str | bytes,
+    # Internally it's passed down to jwk.construct(), which explicitly checks for
+    # key as dict instance, instead of a Mapping
+    key: str | bytes | dict[str, Any] | Key,
+) -> bytes | None: ...
+def get_unverified_header(jwe_str: str | bytes | None) -> dict[str, Any]: ...

stubs/python-jose/jose/jwk.pyi

@@ -1,7 +1,13 @@
 from typing import Any
+from typing_extensions import Literal
 
-from .backends.base import Key as Key
+from .backends import AESKey as AESKey, ECKey as ECKey, HMACKey as HMACKey, RSAKey as RSAKey
+from .backends.base import DIRKey as DIRKey, Key
 
-def get_key(algorithm): ...
-def register_key(algorithm, key_class: Key): ...
-def construct(key_data, algorithm: Any | None = ...): ...
+def get_key(algorithm: str) -> type[Key] | None: ...
+def register_key(algorithm: str, key_class: type[Key]) -> Literal[True]: ...
+def construct(
+    # explicitly checks for key_data as dict instance, instead of a Mapping
+    key_data: str | bytes | dict[str, Any] | Key,
+    algorithm: str | None = ...,
+) -> Key: ...

stubs/python-jose/jose/jws.pyi

@@ -4,21 +4,21 @@ from typing import Any
 from .backends.base import Key
 
 def sign(
-    payload: str | Mapping[str, Any],
+    payload: bytes | Mapping[str, Any],
     # Internally it's passed down to jwk.construct(), which explicitly checks for
     # key as dict instance, instead of a Mapping
-    key: str | dict[str, Any] | Key,
+    key: str | bytes | dict[str, Any] | Key,
     headers: Mapping[str, Any] | None = ...,
     algorithm: str = ...,
 ) -> str: ...
 def verify(
-    token: str,
-    key: str | Mapping[str, Any] | Key,
+    token: str | bytes,
+    key: str | bytes | Mapping[str, Any] | Key,
     # Callers of this function, like jwt.decode(), and functions called internally,
     # like jws._verify_signature(), use and accept algorithms=None
     algorithms: str | Container[str] | None,
     verify: bool = ...,
-) -> str: ...
+) -> bytes: ...
 def get_unverified_header(token: str) -> dict[str, Any]: ...
 def get_unverified_headers(token: str) -> dict[str, Any]: ...
 def get_unverified_claims(token: str) -> str: ...

stubs/python-jose/jose/jwt.pyi

@@ -6,14 +6,14 @@ from .backends.base import Key
 def encode(
     claims: MutableMapping[str, Any],
     # Internally it calls jws.sign() that expects a key dict instance instead of Mapping
-    key: str | dict[str, Any] | Key,
+    key: str | bytes | dict[str, Any] | Key,
     algorithm: str = ...,
     headers: Mapping[str, Any] | None = ...,
     access_token: str | None = ...,
 ) -> str: ...
 def decode(
-    token: str,
-    key: str | Mapping[str, Any] | Key,
+    token: str | bytes,
+    key: str | bytes | Mapping[str, Any] | Key,
     algorithms: str | Container[str] | None = ...,
     options: Mapping[str, Any] | None = ...,
     audience: str | None = ...,

stubs/python-jose/jose/utils.pyi

@@ -1,9 +1,14 @@
-def long_to_bytes(n, blocksize: int = ...): ...
-def long_to_base64(data, size: int = ...): ...
-def int_arr_to_long(arr): ...
-def base64_to_long(data): ...
-def calculate_at_hash(access_token, hash_alg): ...
-def base64url_decode(input): ...
-def base64url_encode(input): ...
-def timedelta_total_seconds(delta): ...
-def ensure_binary(s): ...
+from collections.abc import Callable, Iterable
+from datetime import timedelta
+from hashlib import _Hash
+from typing import Any
+
+def long_to_bytes(n: int, blocksize: int | None = ...) -> bytes: ...
+def long_to_base64(data: int, size: int | None = ...) -> bytes: ...
+def int_arr_to_long(arr: Iterable[Any]) -> int: ...
+def base64_to_long(data: str | bytes) -> int: ...
+def calculate_at_hash(access_token: str, hash_alg: Callable[[bytes], _Hash]) -> str: ...
+def base64url_decode(input: bytes) -> bytes: ...
+def base64url_encode(input: bytes) -> bytes: ...
+def timedelta_total_seconds(delta: timedelta) -> int: ...
+def ensure_binary(s: str | bytes) -> bytes: ...