Authlib (v2) (#13140)

Co-authored-by: Brian Villemarette <brian.villemarette@trucesoftware.com>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>

stubs/Authlib/@tests/stubtest_allowlist.txt

@@ -0,0 +1,36 @@
+authlib.jose.ECKey.PRIVATE_KEY_CLS
+authlib.jose.ECKey.PUBLIC_KEY_CLS
+authlib.jose.RSAKey.PRIVATE_KEY_CLS
+authlib.jose.RSAKey.PUBLIC_KEY_CLS
+authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.description
+authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.name
+authlib.jose.drafts._jwe_enc_cryptodome
+authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.description
+authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.name
+authlib.jose.rfc7518.ECDHESAlgorithm.description
+authlib.jose.rfc7518.ECDHESAlgorithm.name
+authlib.jose.rfc7518.ECKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.ECKey.PUBLIC_KEY_CLS
+authlib.jose.rfc7518.RSAKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.RSAKey.PUBLIC_KEY_CLS
+authlib.jose.rfc7518.ec_key.ECKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.ec_key.ECKey.PUBLIC_KEY_CLS
+authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.description
+authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.name
+authlib.jose.rfc7518.rsa_key.RSAKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.rsa_key.RSAKey.PUBLIC_KEY_CLS
+authlib.oauth2.OAuth2Client.client_auth_class
+authlib.oauth2.OAuth2Client.oauth_error_class
+authlib.oauth2.OAuth2Client.token_auth_class
+authlib.oauth2.client.OAuth2Client.client_auth_class
+authlib.oauth2.client.OAuth2Client.oauth_error_class
+authlib.oauth2.client.OAuth2Client.token_auth_class
+authlib.oauth2.rfc7521.AssertionClient.oauth_error_class
+authlib.oauth2.rfc7521.client.AssertionClient.oauth_error_class
+authlib.oauth2.rfc7523.JWTBearerTokenValidator.token_cls
+authlib.oauth2.rfc7523.validator.JWTBearerTokenValidator.token_cls
+authlib.oauth2.rfc7591.ClientRegistrationEndpoint.claims_class
+authlib.oauth2.rfc7591.endpoint.ClientRegistrationEndpoint.claims_class
+authlib.oauth2.rfc7592.ClientConfigurationEndpoint.claims_class
+authlib.oauth2.rfc7592.endpoint.ClientConfigurationEndpoint.claims_class
+authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate

stubs/Authlib/METADATA.toml

@@ -0,0 +1,7 @@
+version = "1.3.*"
+upstream_repository = "https://github.com/lepture/authlib"
+requires = ["cryptography"]
+partial_stub = true
+
+[tool.stubtest]
+ignore_missing_stub = true

stubs/Authlib/authlib/__init__.pyi

@@ -0,0 +1,4 @@
+from .consts import homepage, version
+
+__version__ = version
+__homepage__ = homepage

stubs/Authlib/authlib/common/encoding.pyi

@@ -0,0 +1,10 @@
+def to_bytes(x, charset: str = "utf-8", errors: str = "strict") -> bytes | None: ...
+def to_unicode(x, charset: str = "utf-8", errors: str = "strict") -> str | None: ...
+def to_native(x, encoding: str = "ascii"): ...
+def json_loads(s): ...
+def json_dumps(data, ensure_ascii: bool = False): ...
+def urlsafe_b64decode(s): ...
+def urlsafe_b64encode(s): ...
+def base64_to_int(s): ...
+def int_to_base64(num): ...
+def json_b64encode(text): ...

stubs/Authlib/authlib/common/errors.pyi

@@ -0,0 +1,26 @@
+from _typeshed import Incomplete
+
+class AuthlibBaseError(Exception):
+    error: Incomplete
+    description: str
+    uri: Incomplete
+    def __init__(
+        self, error: Incomplete | None = None, description: Incomplete | None = None, uri: Incomplete | None = None
+    ) -> None: ...
+
+class AuthlibHTTPError(AuthlibBaseError):
+    status_code: int
+    def __init__(
+        self,
+        error: Incomplete | None = None,
+        description: Incomplete | None = None,
+        uri: Incomplete | None = None,
+        status_code: Incomplete | None = None,
+    ) -> None: ...
+    def get_error_description(self): ...
+    def get_body(self): ...
+    def get_headers(self): ...
+    uri: Incomplete
+    def __call__(self, uri: Incomplete | None = None): ...
+
+class ContinueIteration(AuthlibBaseError): ...

stubs/Authlib/authlib/common/security.pyi

@@ -0,0 +1,4 @@
+UNICODE_ASCII_CHARACTER_SET: str
+
+def generate_token(length: int = 30, chars: str = ...) -> str: ...
+def is_secure_transport(uri: str) -> bool: ...

stubs/Authlib/authlib/common/urls.pyi

@@ -0,0 +1,19 @@
+from collections.abc import Collection
+from re import Pattern
+from typing_extensions import TypeAlias
+
+always_safe: str
+urlencoded: Collection[str]
+INVALID_HEX_PATTERN: Pattern[str]
+
+_ExplodedQueryString: TypeAlias = list[tuple[str, str]]
+
+def url_encode(params: _ExplodedQueryString) -> str: ...
+def url_decode(query: str) -> _ExplodedQueryString: ...
+def add_params_to_qs(query: str, params: _ExplodedQueryString) -> str: ...
+def add_params_to_uri(uri: str, params: _ExplodedQueryString, fragment: bool = False): ...
+def quote(s: str, safe: bytes = b"/") -> str: ...
+def unquote(s: str) -> str: ...
+def quote_url(s: str) -> str: ...
+def extract_params(raw: dict[str, str] | _ExplodedQueryString) -> _ExplodedQueryString: ...
+def is_valid_url(url: str) -> bool: ...

stubs/Authlib/authlib/consts.pyi

@@ -0,0 +1,8 @@
+from _typeshed import Incomplete
+
+name: str
+version: str
+author: str
+homepage: str
+default_user_agent: Incomplete
+default_json_headers: Incomplete

stubs/Authlib/authlib/deprecate.pyi

@@ -0,0 +1,7 @@
+from _typeshed import Incomplete
+
+class AuthlibDeprecationWarning(DeprecationWarning): ...
+
+def deprecate(
+    message, version: Incomplete | None = None, link_uid: Incomplete | None = None, link_file: Incomplete | None = None
+) -> None: ...

stubs/Authlib/authlib/integrations/base_client/__init__.pyi

@@ -0,0 +1,29 @@
+from .errors import (
+    InvalidTokenError as InvalidTokenError,
+    MismatchingStateError as MismatchingStateError,
+    MissingRequestTokenError as MissingRequestTokenError,
+    MissingTokenError as MissingTokenError,
+    OAuthError as OAuthError,
+    TokenExpiredError as TokenExpiredError,
+    UnsupportedTokenTypeError as UnsupportedTokenTypeError,
+)
+from .framework_integration import FrameworkIntegration as FrameworkIntegration
+from .registry import BaseOAuth as BaseOAuth
+from .sync_app import BaseApp as BaseApp, OAuth1Mixin as OAuth1Mixin, OAuth2Mixin as OAuth2Mixin
+from .sync_openid import OpenIDMixin as OpenIDMixin
+
+__all__ = [
+    "BaseOAuth",
+    "BaseApp",
+    "OAuth1Mixin",
+    "OAuth2Mixin",
+    "OpenIDMixin",
+    "FrameworkIntegration",
+    "OAuthError",
+    "MissingRequestTokenError",
+    "MissingTokenError",
+    "TokenExpiredError",
+    "InvalidTokenError",
+    "UnsupportedTokenTypeError",
+    "MismatchingStateError",
+]

stubs/Authlib/authlib/integrations/base_client/async_app.pyi

@@ -0,0 +1,16 @@
+from _typeshed import Incomplete
+
+from authlib.integrations.base_client.sync_app import OAuth1Base, OAuth2Base
+
+__all__ = ["AsyncOAuth1Mixin", "AsyncOAuth2Mixin"]
+
+class AsyncOAuth1Mixin(OAuth1Base):
+    async def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    async def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    async def fetch_access_token(self, request_token: Incomplete | None = None, **kwargs): ...
+
+class AsyncOAuth2Mixin(OAuth2Base):
+    async def load_server_metadata(self): ...
+    async def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    async def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    async def fetch_access_token(self, redirect_uri: Incomplete | None = None, **kwargs): ...

stubs/Authlib/authlib/integrations/base_client/async_openid.pyi

@@ -0,0 +1,8 @@
+from _typeshed import Incomplete
+
+__all__ = ["AsyncOpenIDMixin"]
+
+class AsyncOpenIDMixin:
+    async def fetch_jwk_set(self, force: bool = False): ...
+    async def userinfo(self, **kwargs): ...
+    async def parse_id_token(self, token, nonce, claims_options: Incomplete | None = None): ...

stubs/Authlib/authlib/integrations/base_client/errors.pyi

@@ -0,0 +1,23 @@
+from authlib.common.errors import AuthlibBaseError
+
+class OAuthError(AuthlibBaseError):
+    error: str
+
+class MissingRequestTokenError(OAuthError):
+    error: str
+
+class MissingTokenError(OAuthError):
+    error: str
+
+class TokenExpiredError(OAuthError):
+    error: str
+
+class InvalidTokenError(OAuthError):
+    error: str
+
+class UnsupportedTokenTypeError(OAuthError):
+    error: str
+
+class MismatchingStateError(OAuthError):
+    error: str
+    description: str

stubs/Authlib/authlib/integrations/base_client/framework_integration.pyi

@@ -0,0 +1,13 @@
+from _typeshed import Incomplete
+
+class FrameworkIntegration:
+    expires_in: int
+    name: Incomplete
+    cache: Incomplete
+    def __init__(self, name, cache: Incomplete | None = None) -> None: ...
+    def get_state_data(self, session, state): ...
+    def set_state_data(self, session, state, data): ...
+    def clear_state_data(self, session, state): ...
+    def update_token(self, token, refresh_token: Incomplete | None = None, access_token: Incomplete | None = None) -> None: ...
+    @staticmethod
+    def load_config(oauth, name, params) -> None: ...

stubs/Authlib/authlib/integrations/base_client/registry.pyi

@@ -0,0 +1,21 @@
+from _typeshed import Incomplete
+
+from authlib.integrations.base_client import FrameworkIntegration
+
+__all__ = ["BaseOAuth"]
+
+class BaseOAuth:
+    oauth1_client_cls: Incomplete
+    oauth2_client_cls: Incomplete
+    framework_integration_cls: type[FrameworkIntegration] = ...
+    cache: Incomplete
+    fetch_token: Incomplete
+    update_token: Incomplete
+    def __init__(
+        self, cache: Incomplete | None = None, fetch_token: Incomplete | None = None, update_token: Incomplete | None = None
+    ) -> None: ...
+    def create_client(self, name): ...
+    def register(self, name, overwrite: bool = False, **kwargs): ...
+    def generate_client_kwargs(self, name, overwrite, **kwargs): ...
+    def load_config(self, name, params): ...
+    def __getattr__(self, key): ...

stubs/Authlib/authlib/integrations/base_client/sync_app.pyi

@@ -0,0 +1,93 @@
+from _typeshed import Incomplete
+
+class BaseApp:
+    client_cls: Incomplete
+    OAUTH_APP_CONFIG: Incomplete
+    def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    def get(self, url, **kwargs): ...
+    def post(self, url, **kwargs): ...
+    def patch(self, url, **kwargs): ...
+    def put(self, url, **kwargs): ...
+    def delete(self, url, **kwargs): ...
+
+class _RequestMixin: ...
+
+class OAuth1Base:
+    client_cls: Incomplete
+    framework: Incomplete
+    name: Incomplete
+    client_id: Incomplete
+    client_secret: Incomplete
+    request_token_url: Incomplete
+    request_token_params: Incomplete
+    access_token_url: Incomplete
+    access_token_params: Incomplete
+    authorize_url: Incomplete
+    authorize_params: Incomplete
+    api_base_url: Incomplete
+    client_kwargs: Incomplete
+    def __init__(
+        self,
+        framework,
+        name: Incomplete | None = None,
+        fetch_token: Incomplete | None = None,
+        client_id: Incomplete | None = None,
+        client_secret: Incomplete | None = None,
+        request_token_url: Incomplete | None = None,
+        request_token_params: Incomplete | None = None,
+        access_token_url: Incomplete | None = None,
+        access_token_params: Incomplete | None = None,
+        authorize_url: Incomplete | None = None,
+        authorize_params: Incomplete | None = None,
+        api_base_url: Incomplete | None = None,
+        client_kwargs: Incomplete | None = None,
+        user_agent: Incomplete | None = None,
+        **kwargs,
+    ) -> None: ...
+
+class OAuth1Mixin(_RequestMixin, OAuth1Base):
+    def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    def fetch_access_token(self, request_token: Incomplete | None = None, **kwargs): ...
+
+class OAuth2Base:
+    client_cls: Incomplete
+    framework: Incomplete
+    name: Incomplete
+    client_id: Incomplete
+    client_secret: Incomplete
+    access_token_url: Incomplete
+    access_token_params: Incomplete
+    authorize_url: Incomplete
+    authorize_params: Incomplete
+    api_base_url: Incomplete
+    client_kwargs: Incomplete
+    compliance_fix: Incomplete
+    client_auth_methods: Incomplete
+    server_metadata: Incomplete
+    def __init__(
+        self,
+        framework,
+        name: Incomplete | None = None,
+        fetch_token: Incomplete | None = None,
+        update_token: Incomplete | None = None,
+        client_id: Incomplete | None = None,
+        client_secret: Incomplete | None = None,
+        access_token_url: Incomplete | None = None,
+        access_token_params: Incomplete | None = None,
+        authorize_url: Incomplete | None = None,
+        authorize_params: Incomplete | None = None,
+        api_base_url: Incomplete | None = None,
+        client_kwargs: Incomplete | None = None,
+        server_metadata_url: Incomplete | None = None,
+        compliance_fix: Incomplete | None = None,
+        client_auth_methods: Incomplete | None = None,
+        user_agent: Incomplete | None = None,
+        **kwargs,
+    ) -> None: ...
+
+class OAuth2Mixin(_RequestMixin, OAuth2Base):
+    def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    def load_server_metadata(self): ...
+    def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    def fetch_access_token(self, redirect_uri: Incomplete | None = None, **kwargs): ...

stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi

@@ -0,0 +1,7 @@
+from _typeshed import Incomplete
+
+class OpenIDMixin:
+    def fetch_jwk_set(self, force: bool = False): ...
+    def userinfo(self, **kwargs): ...
+    def parse_id_token(self, token, nonce, claims_options: Incomplete | None = None, leeway: int = 120): ...
+    def create_load_key(self): ...

stubs/Authlib/authlib/jose/__init__.pyi

@@ -0,0 +1,44 @@
+from _typeshed import Incomplete
+
+from .errors import JoseError as JoseError
+from .rfc7515 import (
+    JsonWebSignature as JsonWebSignature,
+    JWSAlgorithm as JWSAlgorithm,
+    JWSHeader as JWSHeader,
+    JWSObject as JWSObject,
+)
+from .rfc7516 import (
+    JsonWebEncryption as JsonWebEncryption,
+    JWEAlgorithm as JWEAlgorithm,
+    JWEEncAlgorithm as JWEEncAlgorithm,
+    JWEZipAlgorithm as JWEZipAlgorithm,
+)
+from .rfc7517 import JsonWebKey as JsonWebKey, Key as Key, KeySet as KeySet
+from .rfc7518 import ECKey as ECKey, OctKey as OctKey, RSAKey as RSAKey
+from .rfc7519 import BaseClaims as BaseClaims, JsonWebToken as JsonWebToken, JWTClaims as JWTClaims
+from .rfc8037 import OKPKey as OKPKey
+
+__all__ = [
+    "JoseError",
+    "JsonWebSignature",
+    "JWSAlgorithm",
+    "JWSHeader",
+    "JWSObject",
+    "JsonWebEncryption",
+    "JWEAlgorithm",
+    "JWEEncAlgorithm",
+    "JWEZipAlgorithm",
+    "JsonWebKey",
+    "Key",
+    "KeySet",
+    "OctKey",
+    "RSAKey",
+    "ECKey",
+    "OKPKey",
+    "JsonWebToken",
+    "BaseClaims",
+    "JWTClaims",
+    "jwt",
+]
+
+jwt: Incomplete

stubs/Authlib/authlib/jose/drafts/__init__.pyi

@@ -0,0 +1,3 @@
+__all__ = ["register_jwe_draft"]
+
+def register_jwe_draft(cls) -> None: ...

stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi

@@ -0,0 +1,27 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7516 import JWEAlgorithmWithTagAwareKeyAgreement
+
+class ECDH1PUAlgorithm(JWEAlgorithmWithTagAwareKeyAgreement):
+    EXTRA_HEADERS: Incomplete
+    ALLOWED_KEY_CLS: Incomplete
+    name: str
+    description: str
+    key_size: Incomplete
+    aeskw: Incomplete
+    def __init__(self, key_size: Incomplete | None = None) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def generate_preset(self, enc_alg, key): ...
+    def compute_shared_key(self, shared_key_e, shared_key_s): ...
+    def compute_fixed_info(self, headers, bit_size, tag): ...
+    def compute_derived_key(self, shared_key, fixed_info, bit_size): ...
+    def deliver_at_sender(self, sender_static_key, sender_ephemeral_key, recipient_pubkey, headers, bit_size, tag): ...
+    def deliver_at_recipient(self, recipient_key, sender_static_pubkey, sender_ephemeral_pubkey, headers, bit_size, tag): ...
+    def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset: Incomplete | None = None): ...
+    def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag): ...
+    def wrap(self, enc_alg, headers, key, sender_key, preset: Incomplete | None = None): ...
+    def unwrap(self, enc_alg, ek, headers, key, sender_key, tag: Incomplete | None = None): ...
+
+JWE_DRAFT_ALG_ALGORITHMS: Incomplete
+
+def register_jwe_alg_draft(cls) -> None: ...

stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptodome.pyi

@@ -0,0 +1,13 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7516 import JWEEncAlgorithm
+
+class XC20PEncAlgorithm(JWEEncAlgorithm):
+    IV_SIZE: int
+    name: str
+    description: str
+    key_size: Incomplete
+    CEK_SIZE: Incomplete
+    def __init__(self, key_size) -> None: ...
+    def encrypt(self, msg, aad, iv, key): ...
+    def decrypt(self, ciphertext, aad, iv, tag, key): ...

stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptography.pyi

@@ -0,0 +1,13 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7516 import JWEEncAlgorithm
+
+class C20PEncAlgorithm(JWEEncAlgorithm):
+    IV_SIZE: int
+    name: str
+    description: str
+    key_size: Incomplete
+    CEK_SIZE: Incomplete
+    def __init__(self, key_size) -> None: ...
+    def encrypt(self, msg, aad, iv, key): ...
+    def decrypt(self, ciphertext, aad, iv, tag, key): ...

stubs/Authlib/authlib/jose/errors.pyi

@@ -0,0 +1,72 @@
+from _typeshed import Incomplete
+
+from authlib.common.errors import AuthlibBaseError
+
+class JoseError(AuthlibBaseError): ...
+
+class DecodeError(JoseError):
+    error: str
+
+class MissingAlgorithmError(JoseError):
+    error: str
+
+class UnsupportedAlgorithmError(JoseError):
+    error: str
+
+class BadSignatureError(JoseError):
+    error: str
+    result: Incomplete
+    def __init__(self, result) -> None: ...
+
+class InvalidHeaderParameterNameError(JoseError):
+    error: str
+    def __init__(self, name) -> None: ...
+
+class InvalidEncryptionAlgorithmForECDH1PUWithKeyWrappingError(JoseError):
+    error: str
+    def __init__(self) -> None: ...
+
+class InvalidAlgorithmForMultipleRecipientsMode(JoseError):
+    error: str
+    def __init__(self, alg) -> None: ...
+
+class KeyMismatchError(JoseError):
+    error: str
+    description: str
+
+class MissingEncryptionAlgorithmError(JoseError):
+    error: str
+    description: str
+
+class UnsupportedEncryptionAlgorithmError(JoseError):
+    error: str
+    description: str
+
+class UnsupportedCompressionAlgorithmError(JoseError):
+    error: str
+    description: str
+
+class InvalidUseError(JoseError):
+    error: str
+    description: str
+
+class InvalidClaimError(JoseError):
+    error: str
+    claim_name: Incomplete
+    def __init__(self, claim) -> None: ...
+
+class MissingClaimError(JoseError):
+    error: str
+    def __init__(self, claim) -> None: ...
+
+class InsecureClaimError(JoseError):
+    error: str
+    def __init__(self, claim) -> None: ...
+
+class ExpiredTokenError(JoseError):
+    error: str
+    description: str
+
+class InvalidTokenError(JoseError):
+    error: str
+    description: str

stubs/Authlib/authlib/jose/jwk.pyi

@@ -0,0 +1,4 @@
+from _typeshed import Incomplete
+
+def loads(obj, kid: Incomplete | None = None): ...
+def dumps(key, kty: Incomplete | None = None, **params): ...

stubs/Authlib/authlib/jose/rfc7515/__init__.pyi

@@ -0,0 +1,4 @@
+from .jws import JsonWebSignature as JsonWebSignature
+from .models import JWSAlgorithm as JWSAlgorithm, JWSHeader as JWSHeader, JWSObject as JWSObject
+
+__all__ = ["JsonWebSignature", "JWSAlgorithm", "JWSHeader", "JWSObject"]

stubs/Authlib/authlib/jose/rfc7515/jws.pyi

@@ -0,0 +1,14 @@
+from _typeshed import Incomplete
+
+class JsonWebSignature:
+    REGISTERED_HEADER_PARAMETER_NAMES: Incomplete
+    ALGORITHMS_REGISTRY: Incomplete
+    def __init__(self, algorithms: Incomplete | None = None, private_headers: Incomplete | None = None) -> None: ...
+    @classmethod
+    def register_algorithm(cls, algorithm) -> None: ...
+    def serialize_compact(self, protected, payload, key): ...
+    def deserialize_compact(self, s, key, decode: Incomplete | None = None): ...
+    def serialize_json(self, header_obj, payload, key): ...
+    def deserialize_json(self, obj, key, decode: Incomplete | None = None): ...
+    def serialize(self, header, payload, key): ...
+    def deserialize(self, s, key, decode: Incomplete | None = None): ...

stubs/Authlib/authlib/jose/rfc7515/models.pyi

@@ -0,0 +1,25 @@
+from _typeshed import Incomplete
+
+class JWSAlgorithm:
+    name: Incomplete
+    description: Incomplete
+    algorithm_type: str
+    algorithm_location: str
+    def prepare_key(self, raw_data) -> None: ...
+    def sign(self, msg, key) -> None: ...
+    def verify(self, msg, sig, key) -> None: ...
+
+class JWSHeader(dict[str, object]):
+    protected: Incomplete
+    header: Incomplete
+    def __init__(self, protected, header) -> None: ...
+    @classmethod
+    def from_dict(cls, obj): ...
+
+class JWSObject(dict[str, object]):
+    header: Incomplete
+    payload: Incomplete
+    type: Incomplete
+    def __init__(self, header, payload, type: str = "compact") -> None: ...
+    @property
+    def headers(self): ...

stubs/Authlib/authlib/jose/rfc7516/__init__.pyi

@@ -0,0 +1,9 @@
+from .jwe import JsonWebEncryption as JsonWebEncryption
+from .models import (
+    JWEAlgorithm as JWEAlgorithm,
+    JWEAlgorithmWithTagAwareKeyAgreement as JWEAlgorithmWithTagAwareKeyAgreement,
+    JWEEncAlgorithm as JWEEncAlgorithm,
+    JWEZipAlgorithm as JWEZipAlgorithm,
+)
+
+__all__ = ["JsonWebEncryption", "JWEAlgorithm", "JWEAlgorithmWithTagAwareKeyAgreement", "JWEEncAlgorithm", "JWEZipAlgorithm"]

stubs/Authlib/authlib/jose/rfc7516/jwe.pyi

@@ -0,0 +1,23 @@
+from _typeshed import Incomplete
+
+class JsonWebEncryption:
+    REGISTERED_HEADER_PARAMETER_NAMES: Incomplete
+    ALG_REGISTRY: Incomplete
+    ENC_REGISTRY: Incomplete
+    ZIP_REGISTRY: Incomplete
+    def __init__(self, algorithms: Incomplete | None = None, private_headers: Incomplete | None = None) -> None: ...
+    @classmethod
+    def register_algorithm(cls, algorithm) -> None: ...
+    def serialize_compact(self, protected, payload, key, sender_key: Incomplete | None = None): ...
+    def serialize_json(self, header_obj, payload, keys, sender_key: Incomplete | None = None): ...
+    def serialize(self, header, payload, key, sender_key: Incomplete | None = None): ...
+    def deserialize_compact(self, s, key, decode: Incomplete | None = None, sender_key: Incomplete | None = None): ...
+    def deserialize_json(self, obj, key, decode: Incomplete | None = None, sender_key: Incomplete | None = None): ...
+    def deserialize(self, obj, key, decode: Incomplete | None = None, sender_key: Incomplete | None = None): ...
+    @staticmethod
+    def parse_json(obj): ...
+    def get_header_alg(self, header): ...
+    def get_header_enc(self, header): ...
+    def get_header_zip(self, header): ...
+
+def prepare_key(alg, header, key): ...

stubs/Authlib/authlib/jose/rfc7516/models.pyi

@@ -0,0 +1,56 @@
+from _typeshed import Incomplete
+from abc import ABCMeta
+
+class JWEAlgorithmBase(metaclass=ABCMeta):
+    EXTRA_HEADERS: Incomplete
+    name: Incomplete
+    description: Incomplete
+    algorithm_type: str
+    algorithm_location: str
+    def prepare_key(self, raw_data) -> None: ...
+    def generate_preset(self, enc_alg, key) -> None: ...
+
+class JWEAlgorithm(JWEAlgorithmBase, metaclass=ABCMeta):
+    def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None) -> None: ...
+    def unwrap(self, enc_alg, ek, headers, key) -> None: ...
+
+class JWEAlgorithmWithTagAwareKeyAgreement(JWEAlgorithmBase, metaclass=ABCMeta):
+    def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset: Incomplete | None = None) -> None: ...
+    def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag) -> None: ...
+    def wrap(self, enc_alg, headers, key, sender_key, preset: Incomplete | None = None) -> None: ...
+    def unwrap(self, enc_alg, ek, headers, key, sender_key, tag: Incomplete | None = None) -> None: ...
+
+class JWEEncAlgorithm:
+    name: Incomplete
+    description: Incomplete
+    algorithm_type: str
+    algorithm_location: str
+    IV_SIZE: Incomplete
+    CEK_SIZE: Incomplete
+    def generate_cek(self): ...
+    def generate_iv(self): ...
+    def check_iv(self, iv) -> None: ...
+    def encrypt(self, msg, aad, iv, key) -> None: ...
+    def decrypt(self, ciphertext, aad, iv, tag, key) -> None: ...
+
+class JWEZipAlgorithm:
+    name: Incomplete
+    description: Incomplete
+    algorithm_type: str
+    algorithm_location: str
+    def compress(self, s) -> None: ...
+    def decompress(self, s) -> None: ...
+
+class JWESharedHeader(dict[str, object]):
+    protected: Incomplete
+    unprotected: Incomplete
+    def __init__(self, protected, unprotected) -> None: ...
+    def update_protected(self, addition) -> None: ...
+    @classmethod
+    def from_dict(cls, obj): ...
+
+class JWEHeader(dict[str, object]):
+    protected: Incomplete
+    unprotected: Incomplete
+    header: Incomplete
+    def __init__(self, protected, unprotected, header) -> None: ...

stubs/Authlib/authlib/jose/rfc7517/__init__.pyi

@@ -0,0 +1,7 @@
+from ._cryptography_key import load_pem_key as load_pem_key
+from .asymmetric_key import AsymmetricKey as AsymmetricKey
+from .base_key import Key as Key
+from .jwk import JsonWebKey as JsonWebKey
+from .key_set import KeySet as KeySet
+
+__all__ = ["Key", "AsymmetricKey", "KeySet", "JsonWebKey", "load_pem_key"]

stubs/Authlib/authlib/jose/rfc7517/_cryptography_key.pyi

@@ -0,0 +1,5 @@
+from _typeshed import Incomplete
+
+def load_pem_key(
+    raw, ssh_type: Incomplete | None = None, key_type: Incomplete | None = None, password: Incomplete | None = None
+): ...

stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi

@@ -0,0 +1,39 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7517 import Key
+
+class AsymmetricKey(Key):
+    PUBLIC_KEY_FIELDS: Incomplete
+    PRIVATE_KEY_FIELDS: Incomplete
+    PRIVATE_KEY_CLS = Incomplete
+    PUBLIC_KEY_CLS = Incomplete
+    SSH_PUBLIC_PREFIX: bytes
+    private_key: Incomplete
+    public_key: Incomplete
+    def __init__(
+        self, private_key: Incomplete | None = None, public_key: Incomplete | None = None, options: Incomplete | None = None
+    ) -> None: ...
+    @property
+    def public_only(self): ...
+    def get_op_key(self, operation): ...
+    def get_public_key(self): ...
+    def get_private_key(self): ...
+    def load_raw_key(self) -> None: ...
+    def load_dict_key(self) -> None: ...
+    def dumps_private_key(self) -> None: ...
+    def dumps_public_key(self) -> None: ...
+    def load_private_key(self) -> None: ...
+    def load_public_key(self) -> None: ...
+    def as_dict(self, is_private: bool = False, **params): ...
+    def as_key(self, is_private: bool = False): ...
+    def as_bytes(self, encoding: Incomplete | None = None, is_private: bool = False, password: Incomplete | None = None): ...
+    def as_pem(self, is_private: bool = False, password: Incomplete | None = None): ...
+    def as_der(self, is_private: bool = False, password: Incomplete | None = None): ...
+    @classmethod
+    def import_dict_key(cls, raw, options: Incomplete | None = None): ...
+    @classmethod
+    def import_key(cls, raw, options: Incomplete | None = None): ...
+    @classmethod
+    def validate_raw_key(cls, key): ...
+    @classmethod
+    def generate_key(cls, crv_or_size, options: Incomplete | None = None, is_private: bool = False) -> AsymmetricKey: ...

stubs/Authlib/authlib/jose/rfc7517/base_key.pyi

@@ -0,0 +1,28 @@
+from _typeshed import Incomplete
+
+class Key:
+    kty: str
+    ALLOWED_PARAMS: Incomplete
+    PRIVATE_KEY_OPS: Incomplete
+    PUBLIC_KEY_OPS: Incomplete
+    REQUIRED_JSON_FIELDS: Incomplete
+    options: Incomplete
+    def __init__(self, options: Incomplete | None = None) -> None: ...
+    @property
+    def tokens(self): ...
+    @property
+    def kid(self): ...
+    def keys(self): ...
+    def __getitem__(self, item): ...
+    @property
+    def public_only(self) -> None: ...
+    def load_raw_key(self) -> None: ...
+    def load_dict_key(self) -> None: ...
+    def check_key_op(self, operation) -> None: ...
+    def as_dict(self, is_private: bool = False, **params) -> None: ...
+    def as_json(self, is_private: bool = False, **params): ...
+    def thumbprint(self): ...
+    @classmethod
+    def check_required_fields(cls, data) -> None: ...
+    @classmethod
+    def validate_raw_key(cls, key) -> None: ...

stubs/Authlib/authlib/jose/rfc7517/jwk.pyi

@@ -0,0 +1,13 @@
+from _typeshed import Incomplete
+from collections.abc import Collection, Mapping
+
+from authlib.jose.rfc7517 import Key, KeySet
+
+class JsonWebKey:
+    JWK_KEY_CLS: Incomplete
+    @classmethod
+    def generate_key(cls, kty, crv_or_size, options: Incomplete | None = None, is_private: bool = False): ...
+    @classmethod
+    def import_key(cls, raw: Mapping[str, object], options: Mapping[str, object] | None = None) -> Key: ...
+    @classmethod
+    def import_key_set(cls, raw: str | Collection[str] | dict[str, object]) -> KeySet: ...

stubs/Authlib/authlib/jose/rfc7517/key_set.pyi

@@ -0,0 +1,10 @@
+from collections.abc import Collection
+
+from authlib.jose.rfc7517 import Key
+
+class KeySet:
+    keys: Collection[Key]
+    def __init__(self, keys) -> None: ...
+    def as_dict(self, is_private: bool = False, **params): ...
+    def as_json(self, is_private: bool = False, **params): ...
+    def find_by_kid(self, kid): ...

stubs/Authlib/authlib/jose/rfc7518/__init__.pyi

@@ -0,0 +1,20 @@
+from .ec_key import ECKey as ECKey
+from .jwe_algs import AESAlgorithm as AESAlgorithm, ECDHESAlgorithm as ECDHESAlgorithm, u32be_len_input as u32be_len_input
+from .jwe_encs import CBCHS2EncAlgorithm as CBCHS2EncAlgorithm
+from .oct_key import OctKey as OctKey
+from .rsa_key import RSAKey as RSAKey
+
+__all__ = [
+    "register_jws_rfc7518",
+    "register_jwe_rfc7518",
+    "OctKey",
+    "RSAKey",
+    "ECKey",
+    "u32be_len_input",
+    "AESAlgorithm",
+    "ECDHESAlgorithm",
+    "CBCHS2EncAlgorithm",
+]
+
+def register_jws_rfc7518(cls) -> None: ...
+def register_jwe_rfc7518(cls) -> None: ...

stubs/Authlib/authlib/jose/rfc7518/ec_key.pyi

@@ -0,0 +1,24 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7517 import AsymmetricKey
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKeyWithSerialization, EllipticCurvePublicKey
+
+class ECKey(AsymmetricKey):
+    kty: str
+    DSS_CURVES: Incomplete
+    CURVES_DSS: Incomplete
+    REQUIRED_JSON_FIELDS: Incomplete
+    PUBLIC_KEY_FIELDS = REQUIRED_JSON_FIELDS
+    PRIVATE_KEY_FIELDS: Incomplete
+    PUBLIC_KEY_CLS = EllipticCurvePublicKey
+    PRIVATE_KEY_CLS = EllipticCurvePrivateKeyWithSerialization
+    SSH_PUBLIC_PREFIX: bytes
+    def exchange_shared_key(self, pubkey): ...
+    @property
+    def curve_key_size(self): ...
+    def load_private_key(self): ...
+    def load_public_key(self): ...
+    def dumps_private_key(self): ...
+    def dumps_public_key(self): ...
+    @classmethod
+    def generate_key(cls, crv: str = "P-256", options: Incomplete | None = None, is_private: bool = False) -> ECKey: ...

stubs/Authlib/authlib/jose/rfc7518/jwe_algs.pyi

@@ -0,0 +1,64 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7516 import JWEAlgorithm
+
+class DirectAlgorithm(JWEAlgorithm):
+    name: str
+    description: str
+    def prepare_key(self, raw_data): ...
+    def generate_preset(self, enc_alg, key): ...
+    def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ...
+    def unwrap(self, enc_alg, ek, headers, key): ...
+
+class RSAAlgorithm(JWEAlgorithm):
+    key_size: int
+    name: Incomplete
+    description: Incomplete
+    padding: Incomplete
+    def __init__(self, name, description, pad_fn) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def generate_preset(self, enc_alg, key): ...
+    def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ...
+    def unwrap(self, enc_alg, ek, headers, key): ...
+
+class AESAlgorithm(JWEAlgorithm):
+    name: Incomplete
+    description: Incomplete
+    key_size: Incomplete
+    def __init__(self, key_size) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def generate_preset(self, enc_alg, key): ...
+    def wrap_cek(self, cek, key): ...
+    def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ...
+    def unwrap(self, enc_alg, ek, headers, key): ...
+
+class AESGCMAlgorithm(JWEAlgorithm):
+    EXTRA_HEADERS: Incomplete
+    name: Incomplete
+    description: Incomplete
+    key_size: Incomplete
+    def __init__(self, key_size) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def generate_preset(self, enc_alg, key): ...
+    def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ...
+    def unwrap(self, enc_alg, ek, headers, key): ...
+
+class ECDHESAlgorithm(JWEAlgorithm):
+    EXTRA_HEADERS: Incomplete
+    ALLOWED_KEY_CLS = Incomplete
+    name: str
+    description: str
+    key_size: Incomplete
+    aeskw: Incomplete
+    def __init__(self, key_size: Incomplete | None = None) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def generate_preset(self, enc_alg, key): ...
+    def compute_fixed_info(self, headers, bit_size): ...
+    def compute_derived_key(self, shared_key, fixed_info, bit_size): ...
+    def deliver(self, key, pubkey, headers, bit_size): ...
+    def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ...
+    def unwrap(self, enc_alg, ek, headers, key): ...
+
+def u32be_len_input(s, base64: bool = False): ...
+
+JWE_ALG_ALGORITHMS: Incomplete

stubs/Authlib/authlib/jose/rfc7518/jwe_encs.pyi

@@ -0,0 +1,27 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7516 import JWEEncAlgorithm
+
+class CBCHS2EncAlgorithm(JWEEncAlgorithm):
+    IV_SIZE: int
+    name: Incomplete
+    description: Incomplete
+    key_size: Incomplete
+    key_len: Incomplete
+    CEK_SIZE: Incomplete
+    hash_alg: Incomplete
+    def __init__(self, key_size, hash_type) -> None: ...
+    def encrypt(self, msg, aad, iv, key): ...
+    def decrypt(self, ciphertext, aad, iv, tag, key): ...
+
+class GCMEncAlgorithm(JWEEncAlgorithm):
+    IV_SIZE: int
+    name: Incomplete
+    description: Incomplete
+    key_size: Incomplete
+    CEK_SIZE: Incomplete
+    def __init__(self, key_size) -> None: ...
+    def encrypt(self, msg, aad, iv, key): ...
+    def decrypt(self, ciphertext, aad, iv, tag, key): ...
+
+JWE_ENC_ALGORITHMS: Incomplete

stubs/Authlib/authlib/jose/rfc7518/jwe_zips.pyi

@@ -0,0 +1,9 @@
+from authlib.jose.rfc7516 import JWEZipAlgorithm
+
+class DeflateZipAlgorithm(JWEZipAlgorithm):
+    name: str
+    description: str
+    def compress(self, s): ...
+    def decompress(self, s): ...
+
+def register_jwe_rfc7518() -> None: ...

stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi

@@ -0,0 +1,63 @@
+import hashlib
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7515 import JWSAlgorithm
+
+class NoneAlgorithm(JWSAlgorithm):
+    name: str
+    description: str
+    def prepare_key(self, raw_data) -> None: ...
+    def sign(self, msg, key): ...
+    def verify(self, msg, sig, key): ...
+
+class HMACAlgorithm(JWSAlgorithm):
+    SHA256 = hashlib.sha256
+    SHA384 = hashlib.sha384
+    SHA512 = hashlib.sha512
+    name: Incomplete
+    description: Incomplete
+    hash_alg: Incomplete
+    def __init__(self, sha_type) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def sign(self, msg, key): ...
+    def verify(self, msg, sig, key): ...
+
+class RSAAlgorithm(JWSAlgorithm):
+    SHA256: Incomplete
+    SHA384: Incomplete
+    SHA512: Incomplete
+    name: Incomplete
+    description: Incomplete
+    hash_alg: Incomplete
+    padding: Incomplete
+    def __init__(self, sha_type) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def sign(self, msg, key): ...
+    def verify(self, msg, sig, key): ...
+
+class ECAlgorithm(JWSAlgorithm):
+    SHA256: Incomplete
+    SHA384: Incomplete
+    SHA512: Incomplete
+    name: Incomplete
+    curve: Incomplete
+    description: Incomplete
+    hash_alg: Incomplete
+    def __init__(self, name, curve, sha_type) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def sign(self, msg, key): ...
+    def verify(self, msg, sig, key): ...
+
+class RSAPSSAlgorithm(JWSAlgorithm):
+    SHA256: Incomplete
+    SHA384: Incomplete
+    SHA512: Incomplete
+    name: Incomplete
+    description: Incomplete
+    hash_alg: Incomplete
+    def __init__(self, sha_type) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def sign(self, msg, key): ...
+    def verify(self, msg, sig, key): ...
+
+JWS_ALGORITHMS: Incomplete

stubs/Authlib/authlib/jose/rfc7518/oct_key.pyi

@@ -0,0 +1,23 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7517 import Key
+
+POSSIBLE_UNSAFE_KEYS: Incomplete
+
+class OctKey(Key):
+    kty: str
+    REQUIRED_JSON_FIELDS: Incomplete
+    raw_key: Incomplete
+    def __init__(self, raw_key: Incomplete | None = None, options: Incomplete | None = None) -> None: ...
+    @property
+    def public_only(self): ...
+    def get_op_key(self, operation): ...
+    def load_raw_key(self) -> None: ...
+    def load_dict_key(self) -> None: ...
+    def as_dict(self, is_private: bool = False, **params): ...
+    @classmethod
+    def validate_raw_key(cls, key): ...
+    @classmethod
+    def import_key(cls, raw, options: Incomplete | None = None): ...
+    @classmethod
+    def generate_key(cls, key_size: int = 256, options: Incomplete | None = None, is_private: bool = True): ...

stubs/Authlib/authlib/jose/rfc7518/rsa_key.pyi

@@ -0,0 +1,23 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7517 import AsymmetricKey
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKeyWithSerialization, RSAPublicKey
+
+class RSAKey(AsymmetricKey):
+    kty: str
+    PUBLIC_KEY_CLS = RSAPublicKey
+    PRIVATE_KEY_CLS = RSAPrivateKeyWithSerialization
+    PUBLIC_KEY_FIELDS: Incomplete
+    PRIVATE_KEY_FIELDS: Incomplete
+    REQUIRED_JSON_FIELDS: Incomplete
+    SSH_PUBLIC_PREFIX: bytes
+    def dumps_private_key(self): ...
+    def dumps_public_key(self): ...
+    def load_private_key(self): ...
+    def load_public_key(self): ...
+    @classmethod
+    def generate_key(cls, key_size: int = 2048, options: Incomplete | None = None, is_private: bool = False) -> RSAKey: ...
+    @classmethod
+    def import_dict_key(cls, raw, options: Incomplete | None = None): ...
+
+def has_all_prime_factors(obj): ...

stubs/Authlib/authlib/jose/rfc7518/util.pyi

@@ -0,0 +1,2 @@
+def encode_int(num, bits): ...
+def decode_int(b): ...

stubs/Authlib/authlib/jose/rfc7519/__init__.pyi

@@ -0,0 +1,4 @@
+from .claims import BaseClaims as BaseClaims, JWTClaims as JWTClaims
+from .jwt import JsonWebToken as JsonWebToken
+
+__all__ = ["JsonWebToken", "BaseClaims", "JWTClaims"]

stubs/Authlib/authlib/jose/rfc7519/claims.pyi

@@ -0,0 +1,21 @@
+from _typeshed import Incomplete
+
+class BaseClaims(dict[str, object]):
+    REGISTERED_CLAIMS: Incomplete
+    header: Incomplete
+    options: Incomplete
+    params: Incomplete
+    def __init__(self, payload, header, options: Incomplete | None = None, params: Incomplete | None = None) -> None: ...
+    def __getattr__(self, key): ...
+    def get_registered_claims(self): ...
+
+class JWTClaims(BaseClaims):
+    REGISTERED_CLAIMS: Incomplete
+    def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ...
+    def validate_iss(self) -> None: ...
+    def validate_sub(self) -> None: ...
+    def validate_aud(self) -> None: ...
+    def validate_exp(self, now, leeway) -> None: ...
+    def validate_nbf(self, now, leeway) -> None: ...
+    def validate_iat(self, now, leeway) -> None: ...
+    def validate_jti(self) -> None: ...

stubs/Authlib/authlib/jose/rfc7519/jwt.pyi

@@ -0,0 +1,21 @@
+from _typeshed import Incomplete
+
+class JsonWebToken:
+    SENSITIVE_NAMES: Incomplete
+    SENSITIVE_VALUES: Incomplete
+    def __init__(self, algorithms, private_headers: Incomplete | None = None) -> None: ...
+    def check_sensitive_data(self, payload) -> None: ...
+    def encode(self, header, payload, key, check: bool = True): ...
+    def decode(
+        self,
+        s,
+        key,
+        claims_cls: Incomplete | None = None,
+        claims_options: Incomplete | None = None,
+        claims_params: Incomplete | None = None,
+    ): ...
+
+def decode_payload(bytes_payload): ...
+def prepare_raw_key(raw): ...
+def find_encode_key(key, header): ...
+def create_load_key(key): ...

stubs/Authlib/authlib/jose/rfc8037/__init__.pyi

@@ -0,0 +1,4 @@
+from .jws_eddsa import register_jws_rfc8037 as register_jws_rfc8037
+from .okp_key import OKPKey as OKPKey
+
+__all__ = ["register_jws_rfc8037", "OKPKey"]

stubs/Authlib/authlib/jose/rfc8037/jws_eddsa.pyi

@@ -0,0 +1,10 @@
+from authlib.jose.rfc7515 import JWSAlgorithm
+
+class EdDSAAlgorithm(JWSAlgorithm):
+    name: str
+    description: str
+    def prepare_key(self, raw_data): ...
+    def sign(self, msg, key): ...
+    def verify(self, msg, sig, key): ...
+
+def register_jws_rfc8037(cls) -> None: ...

stubs/Authlib/authlib/jose/rfc8037/okp_key.pyi

@@ -0,0 +1,24 @@
+from _typeshed import Incomplete
+
+from authlib.jose.rfc7517 import AsymmetricKey
+
+PUBLIC_KEYS_MAP: Incomplete
+PRIVATE_KEYS_MAP: Incomplete
+
+class OKPKey(AsymmetricKey):
+    kty: str
+    REQUIRED_JSON_FIELDS: Incomplete
+    PUBLIC_KEY_FIELDS = REQUIRED_JSON_FIELDS
+    PRIVATE_KEY_FIELDS: Incomplete
+    PUBLIC_KEY_CLS: Incomplete
+    PRIVATE_KEY_CLS: Incomplete
+    SSH_PUBLIC_PREFIX: bytes
+    def exchange_shared_key(self, pubkey): ...
+    @staticmethod
+    def get_key_curve(key): ...
+    def load_private_key(self): ...
+    def load_public_key(self): ...
+    def dumps_private_key(self): ...
+    def dumps_public_key(self, public_key: Incomplete | None = None): ...
+    @classmethod
+    def generate_key(cls, crv: str = "Ed25519", options: Incomplete | None = None, is_private: bool = False) -> OKPKey: ...

stubs/Authlib/authlib/jose/util.pyi

@@ -0,0 +1,3 @@
+def extract_header(header_segment, error_cls): ...
+def extract_segment(segment, error_cls, name: str = "payload"): ...
+def ensure_dict(s, structure_name): ...

stubs/Authlib/authlib/oauth1/__init__.pyi

@@ -0,0 +1,33 @@
+from .rfc5849 import (
+    SIGNATURE_HMAC_SHA1 as SIGNATURE_HMAC_SHA1,
+    SIGNATURE_PLAINTEXT as SIGNATURE_PLAINTEXT,
+    SIGNATURE_RSA_SHA1 as SIGNATURE_RSA_SHA1,
+    SIGNATURE_TYPE_BODY as SIGNATURE_TYPE_BODY,
+    SIGNATURE_TYPE_HEADER as SIGNATURE_TYPE_HEADER,
+    SIGNATURE_TYPE_QUERY as SIGNATURE_TYPE_QUERY,
+    AuthorizationServer as AuthorizationServer,
+    ClientAuth as ClientAuth,
+    ClientMixin as ClientMixin,
+    OAuth1Request as OAuth1Request,
+    ResourceProtector as ResourceProtector,
+    TemporaryCredential as TemporaryCredential,
+    TemporaryCredentialMixin as TemporaryCredentialMixin,
+    TokenCredentialMixin as TokenCredentialMixin,
+)
+
+__all__ = [
+    "OAuth1Request",
+    "ClientAuth",
+    "SIGNATURE_HMAC_SHA1",
+    "SIGNATURE_RSA_SHA1",
+    "SIGNATURE_PLAINTEXT",
+    "SIGNATURE_TYPE_HEADER",
+    "SIGNATURE_TYPE_QUERY",
+    "SIGNATURE_TYPE_BODY",
+    "ClientMixin",
+    "TemporaryCredentialMixin",
+    "TokenCredentialMixin",
+    "TemporaryCredential",
+    "AuthorizationServer",
+    "ResourceProtector",
+]

stubs/Authlib/authlib/oauth1/client.pyi

@@ -0,0 +1,39 @@
+from _typeshed import Incomplete
+
+from authlib.oauth1 import ClientAuth
+
+class OAuth1Client:
+    auth_class: type[ClientAuth] = ...
+    session: Incomplete
+    auth: Incomplete
+    def __init__(
+        self,
+        session,
+        client_id,
+        client_secret: Incomplete | None = None,
+        token: Incomplete | None = None,
+        token_secret: Incomplete | None = None,
+        redirect_uri: Incomplete | None = None,
+        rsa_key: Incomplete | None = None,
+        verifier: Incomplete | None = None,
+        signature_method="HMAC-SHA1",
+        signature_type="HEADER",
+        force_include_body: bool = False,
+        realm: Incomplete | None = None,
+        **kwargs,
+    ) -> None: ...
+    @property
+    def redirect_uri(self): ...
+    @redirect_uri.setter
+    def redirect_uri(self, uri) -> None: ...
+    @property
+    def token(self): ...
+    @token.setter
+    def token(self, token) -> None: ...
+    def create_authorization_url(self, url, request_token: Incomplete | None = None, **kwargs): ...
+    def fetch_request_token(self, url, **kwargs): ...
+    def fetch_access_token(self, url, verifier: Incomplete | None = None, **kwargs): ...
+    def parse_authorization_response(self, url): ...
+    def parse_response_token(self, status_code, text): ...
+    @staticmethod
+    def handle_error(error_type, error_description) -> None: ...

stubs/Authlib/authlib/oauth1/errors.pyi

@@ -0,0 +1 @@
+from authlib.oauth1.rfc5849.errors import *

stubs/Authlib/authlib/oauth1/rfc5849/__init__.pyi

@@ -0,0 +1,35 @@
+from .authorization_server import AuthorizationServer as AuthorizationServer
+from .client_auth import ClientAuth as ClientAuth
+from .models import (
+    ClientMixin as ClientMixin,
+    TemporaryCredential as TemporaryCredential,
+    TemporaryCredentialMixin as TemporaryCredentialMixin,
+    TokenCredentialMixin as TokenCredentialMixin,
+)
+from .resource_protector import ResourceProtector as ResourceProtector
+from .signature import (
+    SIGNATURE_HMAC_SHA1 as SIGNATURE_HMAC_SHA1,
+    SIGNATURE_PLAINTEXT as SIGNATURE_PLAINTEXT,
+    SIGNATURE_RSA_SHA1 as SIGNATURE_RSA_SHA1,
+    SIGNATURE_TYPE_BODY as SIGNATURE_TYPE_BODY,
+    SIGNATURE_TYPE_HEADER as SIGNATURE_TYPE_HEADER,
+    SIGNATURE_TYPE_QUERY as SIGNATURE_TYPE_QUERY,
+)
+from .wrapper import OAuth1Request as OAuth1Request
+
+__all__ = [
+    "OAuth1Request",
+    "ClientAuth",
+    "SIGNATURE_HMAC_SHA1",
+    "SIGNATURE_RSA_SHA1",
+    "SIGNATURE_PLAINTEXT",
+    "SIGNATURE_TYPE_HEADER",
+    "SIGNATURE_TYPE_QUERY",
+    "SIGNATURE_TYPE_BODY",
+    "ClientMixin",
+    "TemporaryCredentialMixin",
+    "TokenCredentialMixin",
+    "TemporaryCredential",
+    "AuthorizationServer",
+    "ResourceProtector",
+]

stubs/Authlib/authlib/oauth1/rfc5849/authorization_server.pyi

@@ -0,0 +1,21 @@
+from _typeshed import Incomplete
+
+from authlib.oauth1.rfc5849.base_server import BaseServer
+
+class AuthorizationServer(BaseServer):
+    TOKEN_RESPONSE_HEADER: Incomplete
+    TEMPORARY_CREDENTIALS_METHOD: str
+    def create_oauth1_request(self, request) -> None: ...
+    def handle_response(self, status_code, payload, headers) -> None: ...
+    def handle_error_response(self, error): ...
+    def validate_temporary_credentials_request(self, request): ...
+    def create_temporary_credentials_response(self, request: Incomplete | None = None): ...
+    def validate_authorization_request(self, request): ...
+    def create_authorization_response(self, request, grant_user: Incomplete | None = None): ...
+    def validate_token_request(self, request): ...
+    def create_token_response(self, request): ...
+    def create_temporary_credential(self, request) -> None: ...
+    def get_temporary_credential(self, request) -> None: ...
+    def delete_temporary_credential(self, request) -> None: ...
+    def create_authorization_verifier(self, request) -> None: ...
+    def create_token_credential(self, request) -> None: ...

stubs/Authlib/authlib/oauth1/rfc5849/base_server.pyi

@@ -0,0 +1,12 @@
+from _typeshed import Incomplete
+
+class BaseServer:
+    SIGNATURE_METHODS: Incomplete
+    SUPPORTED_SIGNATURE_METHODS: Incomplete
+    EXPIRY_TIME: int
+    @classmethod
+    def register_signature_method(cls, name, verify) -> None: ...
+    def validate_timestamp_and_nonce(self, request) -> None: ...
+    def validate_oauth_signature(self, request) -> None: ...
+    def get_client_by_id(self, client_id) -> None: ...
+    def exists_nonce(self, nonce, request) -> None: ...

stubs/Authlib/authlib/oauth1/rfc5849/client_auth.pyi

@@ -0,0 +1,41 @@
+from _typeshed import Incomplete
+
+CONTENT_TYPE_FORM_URLENCODED: str
+CONTENT_TYPE_MULTI_PART: str
+
+class ClientAuth:
+    SIGNATURE_METHODS: Incomplete
+    @classmethod
+    def register_signature_method(cls, name, sign) -> None: ...
+    client_id: Incomplete
+    client_secret: Incomplete
+    token: Incomplete
+    token_secret: Incomplete
+    redirect_uri: Incomplete
+    signature_method: Incomplete
+    signature_type: Incomplete
+    rsa_key: Incomplete
+    verifier: Incomplete
+    realm: Incomplete
+    force_include_body: Incomplete
+    def __init__(
+        self,
+        client_id,
+        client_secret: Incomplete | None = None,
+        token: Incomplete | None = None,
+        token_secret: Incomplete | None = None,
+        redirect_uri: Incomplete | None = None,
+        rsa_key: Incomplete | None = None,
+        verifier: Incomplete | None = None,
+        signature_method="HMAC-SHA1",
+        signature_type="HEADER",
+        realm: Incomplete | None = None,
+        force_include_body: bool = False,
+    ) -> None: ...
+    def get_oauth_signature(self, method, uri, headers, body): ...
+    def get_oauth_params(self, nonce, timestamp): ...
+    def sign(self, method, uri, headers, body): ...
+    def prepare(self, method, uri, headers, body): ...
+
+def generate_nonce(): ...
+def generate_timestamp(): ...

stubs/Authlib/authlib/oauth1/rfc5849/errors.pyi

@@ -0,0 +1,56 @@
+from _typeshed import Incomplete
+
+from authlib.common.errors import AuthlibHTTPError
+
+class OAuth1Error(AuthlibHTTPError):
+    def __init__(
+        self, description: Incomplete | None = None, uri: Incomplete | None = None, status_code: Incomplete | None = None
+    ) -> None: ...
+    def get_headers(self): ...
+
+class InsecureTransportError(OAuth1Error):
+    error: str
+    description: str
+    @classmethod
+    def check(cls, uri) -> None: ...
+
+class InvalidRequestError(OAuth1Error):
+    error: str
+
+class UnsupportedParameterError(OAuth1Error):
+    error: str
+
+class UnsupportedSignatureMethodError(OAuth1Error):
+    error: str
+
+class MissingRequiredParameterError(OAuth1Error):
+    error: str
+    def __init__(self, key) -> None: ...
+
+class DuplicatedOAuthProtocolParameterError(OAuth1Error):
+    error: str
+
+class InvalidClientError(OAuth1Error):
+    error: str
+    status_code: int
+
+class InvalidTokenError(OAuth1Error):
+    error: str
+    description: str
+    status_code: int
+
+class InvalidSignatureError(OAuth1Error):
+    error: str
+    status_code: int
+
+class InvalidNonceError(OAuth1Error):
+    error: str
+    status_code: int
+
+class AccessDeniedError(OAuth1Error):
+    error: str
+    description: str
+
+class MethodNotAllowedError(OAuth1Error):
+    error: str
+    status_code: int

stubs/Authlib/authlib/oauth1/rfc5849/models.pyi

@@ -0,0 +1,21 @@
+class ClientMixin:
+    def get_default_redirect_uri(self) -> None: ...
+    def get_client_secret(self) -> None: ...
+    def get_rsa_public_key(self) -> None: ...
+
+class TokenCredentialMixin:
+    def get_oauth_token(self) -> None: ...
+    def get_oauth_token_secret(self) -> None: ...
+
+class TemporaryCredentialMixin(TokenCredentialMixin):
+    def get_client_id(self) -> None: ...
+    def get_redirect_uri(self) -> None: ...
+    def check_verifier(self, verifier) -> None: ...
+
+class TemporaryCredential(dict[str, object], TemporaryCredentialMixin):
+    def get_client_id(self): ...
+    def get_user_id(self): ...
+    def get_redirect_uri(self): ...
+    def check_verifier(self, verifier): ...
+    def get_oauth_token(self): ...
+    def get_oauth_token_secret(self): ...

stubs/Authlib/authlib/oauth1/rfc5849/parameters.pyi

@@ -0,0 +1,5 @@
+from _typeshed import Incomplete
+
+def prepare_headers(oauth_params, headers: Incomplete | None = None, realm: Incomplete | None = None): ...
+def prepare_form_encoded_body(oauth_params, body): ...
+def prepare_request_uri_query(oauth_params, uri): ...

stubs/Authlib/authlib/oauth1/rfc5849/resource_protector.pyi

@@ -0,0 +1,5 @@
+from authlib.oauth1.rfc5849.base_server import BaseServer
+
+class ResourceProtector(BaseServer):
+    def validate_request(self, method, uri, body, headers): ...
+    def get_token_credential(self, request) -> None: ...

stubs/Authlib/authlib/oauth1/rfc5849/rsa.pyi

@@ -0,0 +1,2 @@
+def sign_sha1(msg, rsa_private_key): ...
+def verify_sha1(sig, msg, rsa_public_key): ...

stubs/Authlib/authlib/oauth1/rfc5849/signature.pyi

@@ -0,0 +1,22 @@
+from _typeshed import Incomplete
+
+SIGNATURE_HMAC_SHA1: str
+SIGNATURE_RSA_SHA1: str
+SIGNATURE_PLAINTEXT: str
+SIGNATURE_TYPE_HEADER: str
+SIGNATURE_TYPE_QUERY: str
+SIGNATURE_TYPE_BODY: str
+
+def construct_base_string(method, uri, params, host: Incomplete | None = None): ...
+def normalize_base_string_uri(uri, host: Incomplete | None = None): ...
+def normalize_parameters(params): ...
+def generate_signature_base_string(request): ...
+def hmac_sha1_signature(base_string, client_secret, token_secret): ...
+def rsa_sha1_signature(base_string, rsa_private_key): ...
+def plaintext_signature(client_secret, token_secret): ...
+def sign_hmac_sha1(client, request): ...
+def sign_rsa_sha1(client, request): ...
+def sign_plaintext(client, request): ...
+def verify_hmac_sha1(request): ...
+def verify_rsa_sha1(request): ...
+def verify_plaintext(request): ...

stubs/Authlib/authlib/oauth1/rfc5849/util.pyi

@@ -0,0 +1,2 @@
+def escape(s): ...
+def unescape(s): ...

stubs/Authlib/authlib/oauth1/rfc5849/wrapper.pyi

@@ -0,0 +1,33 @@
+from _typeshed import Incomplete
+
+class OAuth1Request:
+    method: Incomplete
+    uri: Incomplete
+    body: Incomplete
+    headers: Incomplete
+    client: Incomplete
+    credential: Incomplete
+    user: Incomplete
+    query: Incomplete
+    query_params: Incomplete
+    body_params: Incomplete
+    params: Incomplete
+    def __init__(self, method, uri, body: Incomplete | None = None, headers: Incomplete | None = None) -> None: ...
+    @property
+    def client_id(self): ...
+    @property
+    def client_secret(self): ...
+    @property
+    def rsa_public_key(self): ...
+    @property
+    def timestamp(self): ...
+    @property
+    def redirect_uri(self): ...
+    @property
+    def signature(self): ...
+    @property
+    def signature_method(self): ...
+    @property
+    def token(self): ...
+    @property
+    def token_secret(self): ...

stubs/Authlib/authlib/oauth2/__init__.pyi

@@ -0,0 +1,22 @@
+from .auth import ClientAuth as ClientAuth, TokenAuth as TokenAuth
+from .base import OAuth2Error as OAuth2Error
+from .client import OAuth2Client as OAuth2Client
+from .rfc6749 import (
+    AuthorizationServer as AuthorizationServer,
+    ClientAuthentication as ClientAuthentication,
+    JsonRequest as JsonRequest,
+    OAuth2Request as OAuth2Request,
+    ResourceProtector as ResourceProtector,
+)
+
+__all__ = [
+    "OAuth2Error",
+    "ClientAuth",
+    "TokenAuth",
+    "OAuth2Client",
+    "OAuth2Request",
+    "JsonRequest",
+    "AuthorizationServer",
+    "ClientAuthentication",
+    "ResourceProtector",
+]

stubs/Authlib/authlib/oauth2/auth.pyi

@@ -0,0 +1,24 @@
+from _typeshed import Incomplete
+
+def encode_client_secret_basic(client, method, uri, headers, body): ...
+def encode_client_secret_post(client, method, uri, headers, body): ...
+def encode_none(client, method, uri, headers, body): ...
+
+class ClientAuth:
+    DEFAULT_AUTH_METHODS: Incomplete
+    client_id: Incomplete
+    client_secret: Incomplete
+    auth_method: Incomplete
+    def __init__(self, client_id, client_secret, auth_method: Incomplete | None = None) -> None: ...
+    def prepare(self, method, uri, headers, body): ...
+
+class TokenAuth:
+    DEFAULT_TOKEN_TYPE: str
+    SIGN_METHODS: Incomplete
+    token: Incomplete
+    token_placement: Incomplete
+    client: Incomplete
+    hooks: Incomplete
+    def __init__(self, token, token_placement: str = "header", client: Incomplete | None = None) -> None: ...
+    def set_token(self, token) -> None: ...
+    def prepare(self, uri, headers, body): ...

stubs/Authlib/authlib/oauth2/base.pyi

@@ -0,0 +1,20 @@
+from _typeshed import Incomplete
+
+from authlib.common.errors import AuthlibHTTPError
+
+class OAuth2Error(AuthlibHTTPError):
+    state: Incomplete
+    redirect_uri: Incomplete
+    redirect_fragment: Incomplete
+    def __init__(
+        self,
+        description: Incomplete | None = None,
+        uri: Incomplete | None = None,
+        status_code: Incomplete | None = None,
+        state: Incomplete | None = None,
+        redirect_uri: Incomplete | None = None,
+        redirect_fragment: bool = False,
+        error: Incomplete | None = None,
+    ) -> None: ...
+    def get_body(self): ...
+    def __call__(self, uri: Incomplete | None = None): ...

stubs/Authlib/authlib/oauth2/client.pyi

@@ -0,0 +1,96 @@
+from _typeshed import Incomplete
+
+from authlib.oauth2 import ClientAuth, OAuth2Error, TokenAuth
+
+DEFAULT_HEADERS: Incomplete
+
+class OAuth2Client:
+    client_auth_class = ClientAuth
+    token_auth_class = TokenAuth
+    oauth_error_class = OAuth2Error
+    EXTRA_AUTHORIZE_PARAMS: Incomplete
+    SESSION_REQUEST_PARAMS: Incomplete
+    session: Incomplete
+    client_id: Incomplete
+    client_secret: Incomplete
+    state: Incomplete
+    token_endpoint_auth_method: Incomplete
+    revocation_endpoint_auth_method: Incomplete
+    scope: Incomplete
+    redirect_uri: Incomplete
+    code_challenge_method: Incomplete
+    token_auth: Incomplete
+    update_token: Incomplete
+    metadata: Incomplete
+    compliance_hook: Incomplete
+    leeway: Incomplete
+    def __init__(
+        self,
+        session,
+        client_id: Incomplete | None = None,
+        client_secret: Incomplete | None = None,
+        token_endpoint_auth_method: Incomplete | None = None,
+        revocation_endpoint_auth_method: Incomplete | None = None,
+        scope: Incomplete | None = None,
+        state: Incomplete | None = None,
+        redirect_uri: Incomplete | None = None,
+        code_challenge_method: Incomplete | None = None,
+        token: Incomplete | None = None,
+        token_placement: str = "header",
+        update_token: Incomplete | None = None,
+        leeway: int = 60,
+        **metadata,
+    ) -> None: ...
+    def register_client_auth_method(self, auth) -> None: ...
+    def client_auth(self, auth_method): ...
+    @property
+    def token(self): ...
+    @token.setter
+    def token(self, token) -> None: ...
+    def create_authorization_url(
+        self, url, state: Incomplete | None = None, code_verifier: Incomplete | None = None, **kwargs
+    ): ...
+    def fetch_token(
+        self,
+        url: Incomplete | None = None,
+        body: str = "",
+        method: str = "POST",
+        headers: Incomplete | None = None,
+        auth: Incomplete | None = None,
+        grant_type: Incomplete | None = None,
+        state: Incomplete | None = None,
+        **kwargs,
+    ): ...
+    def token_from_fragment(self, authorization_response, state: Incomplete | None = None): ...
+    def refresh_token(
+        self,
+        url: Incomplete | None = None,
+        refresh_token: Incomplete | None = None,
+        body: str = "",
+        auth: Incomplete | None = None,
+        headers: Incomplete | None = None,
+        **kwargs,
+    ): ...
+    def ensure_active_token(self, token: Incomplete | None = None): ...
+    def revoke_token(
+        self,
+        url,
+        token: Incomplete | None = None,
+        token_type_hint: Incomplete | None = None,
+        body: Incomplete | None = None,
+        auth: Incomplete | None = None,
+        headers: Incomplete | None = None,
+        **kwargs,
+    ): ...
+    def introspect_token(
+        self,
+        url,
+        token: Incomplete | None = None,
+        token_type_hint: Incomplete | None = None,
+        body: Incomplete | None = None,
+        auth: Incomplete | None = None,
+        headers: Incomplete | None = None,
+        **kwargs,
+    ): ...
+    def register_compliance_hook(self, hook_type, hook) -> None: ...
+    def parse_response_token(self, resp): ...

stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi

@@ -0,0 +1,76 @@
+from .authenticate_client import ClientAuthentication as ClientAuthentication
+from .authorization_server import AuthorizationServer as AuthorizationServer
+from .errors import (
+    AccessDeniedError as AccessDeniedError,
+    InsecureTransportError as InsecureTransportError,
+    InvalidClientError as InvalidClientError,
+    InvalidGrantError as InvalidGrantError,
+    InvalidRequestError as InvalidRequestError,
+    InvalidScopeError as InvalidScopeError,
+    MismatchingStateException as MismatchingStateException,
+    MissingAuthorizationError as MissingAuthorizationError,
+    MissingCodeException as MissingCodeException,
+    MissingTokenException as MissingTokenException,
+    MissingTokenTypeException as MissingTokenTypeException,
+    OAuth2Error as OAuth2Error,
+    UnauthorizedClientError as UnauthorizedClientError,
+    UnsupportedGrantTypeError as UnsupportedGrantTypeError,
+    UnsupportedResponseTypeError as UnsupportedResponseTypeError,
+    UnsupportedTokenTypeError as UnsupportedTokenTypeError,
+)
+from .grants import (
+    AuthorizationCodeGrant as AuthorizationCodeGrant,
+    AuthorizationEndpointMixin as AuthorizationEndpointMixin,
+    BaseGrant as BaseGrant,
+    ClientCredentialsGrant as ClientCredentialsGrant,
+    ImplicitGrant as ImplicitGrant,
+    RefreshTokenGrant as RefreshTokenGrant,
+    ResourceOwnerPasswordCredentialsGrant as ResourceOwnerPasswordCredentialsGrant,
+    TokenEndpointMixin as TokenEndpointMixin,
+)
+from .models import AuthorizationCodeMixin as AuthorizationCodeMixin, ClientMixin as ClientMixin, TokenMixin as TokenMixin
+from .requests import JsonRequest as JsonRequest, OAuth2Request as OAuth2Request
+from .resource_protector import ResourceProtector as ResourceProtector, TokenValidator as TokenValidator
+from .token_endpoint import TokenEndpoint as TokenEndpoint
+from .util import list_to_scope as list_to_scope, scope_to_list as scope_to_list
+from .wrappers import OAuth2Token as OAuth2Token
+
+__all__ = [
+    "OAuth2Token",
+    "OAuth2Request",
+    "JsonRequest",
+    "OAuth2Error",
+    "AccessDeniedError",
+    "MissingAuthorizationError",
+    "InvalidGrantError",
+    "InvalidClientError",
+    "InvalidRequestError",
+    "InvalidScopeError",
+    "InsecureTransportError",
+    "UnauthorizedClientError",
+    "UnsupportedResponseTypeError",
+    "UnsupportedGrantTypeError",
+    "UnsupportedTokenTypeError",
+    "MissingCodeException",
+    "MissingTokenException",
+    "MissingTokenTypeException",
+    "MismatchingStateException",
+    "ClientMixin",
+    "AuthorizationCodeMixin",
+    "TokenMixin",
+    "ClientAuthentication",
+    "AuthorizationServer",
+    "ResourceProtector",
+    "TokenValidator",
+    "TokenEndpoint",
+    "BaseGrant",
+    "AuthorizationEndpointMixin",
+    "TokenEndpointMixin",
+    "AuthorizationCodeGrant",
+    "ImplicitGrant",
+    "ResourceOwnerPasswordCredentialsGrant",
+    "ClientCredentialsGrant",
+    "RefreshTokenGrant",
+    "scope_to_list",
+    "list_to_scope",
+]

stubs/Authlib/authlib/oauth2/rfc6749/authenticate_client.pyi

@@ -0,0 +1,13 @@
+from collections.abc import Callable, Collection
+
+from authlib.oauth2 import OAuth2Request
+from authlib.oauth2.rfc6749 import ClientMixin
+
+__all__ = ["ClientAuthentication"]
+
+class ClientAuthentication:
+    query_client: Callable[[str], ClientMixin]
+    def __init__(self, query_client: Callable[[str], ClientMixin]) -> None: ...
+    def register(self, method: str, func: Callable[[Callable[[str], ClientMixin], OAuth2Request], ClientMixin]) -> None: ...
+    def authenticate(self, request: OAuth2Request, methods: Collection[str], endpoint: str) -> ClientMixin: ...
+    def __call__(self, request: OAuth2Request, methods: Collection[str], endpoint: str = "token") -> ClientMixin: ...

stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi

@@ -0,0 +1,46 @@
+from _typeshed import Incomplete
+from collections.abc import Callable, Collection, Mapping
+from typing_extensions import TypeAlias
+
+from authlib.oauth2 import JsonRequest, OAuth2Error, OAuth2Request
+from authlib.oauth2.rfc6749 import BaseGrant, ClientMixin
+from authlib.oauth2.rfc6750 import BearerTokenGenerator
+
+_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]]
+
+class AuthorizationServer:
+    scopes_supported: Collection[str] | None
+    def __init__(self, scopes_supported: Collection[str] | None = None) -> None: ...
+    def query_client(self, client_id: str) -> ClientMixin: ...
+    def save_token(self, token: dict[str, str | int], request: OAuth2Request) -> None: ...
+    def generate_token(
+        self,
+        grant_type: str,
+        client: ClientMixin,
+        user: Incomplete | None = None,
+        scope: str | None = None,
+        expires_in: int | None = None,
+        include_refresh_token: bool = True,
+    ) -> dict[str, str | int]: ...
+    def register_token_generator(self, grant_type: str, func: BearerTokenGenerator) -> None: ...
+    def authenticate_client(self, request: OAuth2Request, methods: Collection[str], endpoint: str = "token") -> ClientMixin: ...
+    def register_client_auth_method(self, method, func) -> None: ...
+    def get_error_uri(self, request, error) -> None: ...
+    def send_signal(self, name, *args: object, **kwargs: object) -> None: ...
+    def create_oauth2_request(self, request) -> OAuth2Request: ...
+    def create_json_request(self, request) -> JsonRequest: ...
+    def handle_response(self, status: int, body: Mapping[str, object], headers: Mapping[str, str]) -> object: ...
+    def validate_requested_scope(self, scope: str, state: str | None = None) -> None: ...
+    def register_grant(
+        self, grant_cls: type[BaseGrant], extensions: Collection[Callable[[BaseGrant], None]] | None = None
+    ) -> None: ...
+    def register_endpoint(self, endpoint) -> None: ...
+    def get_authorization_grant(self, request: OAuth2Request) -> BaseGrant: ...
+    def get_consent_grant(self, request: Incomplete | None = None, end_user: Incomplete | None = None): ...
+    def get_token_grant(self, request: OAuth2Request) -> BaseGrant: ...
+    def create_endpoint_response(self, name, request: Incomplete | None = None): ...
+    def create_authorization_response(
+        self, request: Incomplete | None = None, grant_user: Incomplete | None = None
+    ) -> object: ...
+    def create_token_response(self, request: Incomplete | None = None) -> _ServerResponse: ...
+    def handle_error_response(self, request: OAuth2Request, error: OAuth2Error) -> object: ...

stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi

@@ -0,0 +1,92 @@
+from _typeshed import Incomplete
+
+from authlib.oauth2 import OAuth2Error as OAuth2Error
+
+__all__ = [
+    "OAuth2Error",
+    "InsecureTransportError",
+    "InvalidRequestError",
+    "InvalidClientError",
+    "UnauthorizedClientError",
+    "InvalidGrantError",
+    "UnsupportedResponseTypeError",
+    "UnsupportedGrantTypeError",
+    "InvalidScopeError",
+    "AccessDeniedError",
+    "MissingAuthorizationError",
+    "UnsupportedTokenTypeError",
+    "MissingCodeException",
+    "MissingTokenException",
+    "MissingTokenTypeException",
+    "MismatchingStateException",
+]
+
+class InsecureTransportError(OAuth2Error):
+    error: str
+    description: str
+    @classmethod
+    def check(cls, uri) -> None: ...
+
+class InvalidRequestError(OAuth2Error):
+    error: str
+
+class InvalidClientError(OAuth2Error):
+    error: str
+    status_code: int
+    def get_headers(self): ...
+
+class InvalidGrantError(OAuth2Error):
+    error: str
+
+class UnauthorizedClientError(OAuth2Error):
+    error: str
+
+class UnsupportedResponseTypeError(OAuth2Error):
+    error: str
+    response_type: Incomplete
+    def __init__(self, response_type) -> None: ...
+    def get_error_description(self): ...
+
+class UnsupportedGrantTypeError(OAuth2Error):
+    error: str
+    grant_type: Incomplete
+    def __init__(self, grant_type) -> None: ...
+    def get_error_description(self): ...
+
+class InvalidScopeError(OAuth2Error):
+    error: str
+    description: str
+
+class AccessDeniedError(OAuth2Error):
+    error: str
+    description: str
+
+class ForbiddenError(OAuth2Error):
+    status_code: int
+    auth_type: Incomplete
+    realm: Incomplete
+    def __init__(self, auth_type: Incomplete | None = None, realm: Incomplete | None = None) -> None: ...
+    def get_headers(self): ...
+
+class MissingAuthorizationError(ForbiddenError):
+    error: str
+    description: str
+
+class UnsupportedTokenTypeError(ForbiddenError):
+    error: str
+
+class MissingCodeException(OAuth2Error):
+    error: str
+    description: str
+
+class MissingTokenException(OAuth2Error):
+    error: str
+    description: str
+
+class MissingTokenTypeException(OAuth2Error):
+    error: str
+    description: str
+
+class MismatchingStateException(OAuth2Error):
+    error: str
+    description: str

stubs/Authlib/authlib/oauth2/rfc6749/grants/__init__.pyi

@@ -0,0 +1,21 @@
+from .authorization_code import AuthorizationCodeGrant as AuthorizationCodeGrant
+from .base import (
+    AuthorizationEndpointMixin as AuthorizationEndpointMixin,
+    BaseGrant as BaseGrant,
+    TokenEndpointMixin as TokenEndpointMixin,
+)
+from .client_credentials import ClientCredentialsGrant as ClientCredentialsGrant
+from .implicit import ImplicitGrant as ImplicitGrant
+from .refresh_token import RefreshTokenGrant as RefreshTokenGrant
+from .resource_owner_password_credentials import ResourceOwnerPasswordCredentialsGrant as ResourceOwnerPasswordCredentialsGrant
+
+__all__ = [
+    "BaseGrant",
+    "AuthorizationEndpointMixin",
+    "TokenEndpointMixin",
+    "AuthorizationCodeGrant",
+    "ImplicitGrant",
+    "ResourceOwnerPasswordCredentialsGrant",
+    "ClientCredentialsGrant",
+    "RefreshTokenGrant",
+]

stubs/Authlib/authlib/oauth2/rfc6749/grants/authorization_code.pyi

@@ -0,0 +1,24 @@
+from collections.abc import Collection
+from typing_extensions import TypeAlias
+
+from authlib.oauth2 import OAuth2Request
+from authlib.oauth2.rfc6749 import AuthorizationEndpointMixin, BaseGrant, ClientMixin, TokenEndpointMixin
+
+_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]]
+
+class AuthorizationCodeGrant(BaseGrant, AuthorizationEndpointMixin, TokenEndpointMixin):
+    TOKEN_ENDPOINT_AUTH_METHODS: Collection[str]
+    AUTHORIZATION_CODE_LENGTH: int
+    RESPONSE_TYPES: Collection[str]
+    GRANT_TYPE: str
+    def validate_authorization_request(self) -> str: ...
+    def create_authorization_response(self, redirect_uri: str, grant_user) -> _ServerResponse: ...
+    def validate_token_request(self) -> None: ...
+    def create_token_response(self) -> _ServerResponse: ...
+    def generate_authorization_code(self) -> str: ...
+    def save_authorization_code(self, code: str, request: OAuth2Request) -> None: ...
+    def query_authorization_code(self, code: str, client: ClientMixin): ...
+    def delete_authorization_code(self, authorization_code) -> None: ...
+    def authenticate_user(self, authorization_code): ...
+
+def validate_code_authorization_request(grant: AuthorizationCodeGrant) -> str: ...

stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi

@@ -0,0 +1,55 @@
+from _typeshed import Incomplete
+from collections.abc import Callable, Collection
+from typing_extensions import TypeAlias
+
+from authlib.oauth2 import OAuth2Request
+from authlib.oauth2.rfc6749 import ClientMixin
+
+_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]]
+
+class BaseGrant:
+    TOKEN_ENDPOINT_AUTH_METHODS: Collection[str]
+    GRANT_TYPE: str | None
+    TOKEN_RESPONSE_HEADER: Collection[tuple[str, str]]
+    prompt: Incomplete
+    redirect_uri: Incomplete
+    request: OAuth2Request
+    server: Incomplete
+    def __init__(self, request: OAuth2Request, server) -> None: ...
+    @property
+    def client(self): ...
+    def generate_token(
+        self,
+        user: Incomplete | None = None,
+        scope: str | None = None,
+        grant_type: str | None = None,
+        expires_in: int | None = None,
+        include_refresh_token: bool = True,
+    ) -> dict[str, str | int]: ...
+    def authenticate_token_endpoint_client(self) -> ClientMixin: ...
+    def save_token(self, token): ...
+    def validate_requested_scope(self) -> None: ...
+    def register_hook(self, hook_type: str, hook: Callable[..., Incomplete]) -> None: ...
+    def execute_hook(self, hook_type: str, *args: object, **kwargs: object) -> None: ...
+
+class TokenEndpointMixin:
+    TOKEN_ENDPOINT_HTTP_METHODS: Incomplete
+    GRANT_TYPE: Incomplete
+    @classmethod
+    def check_token_endpoint(cls, request: OAuth2Request): ...
+    def validate_token_request(self) -> None: ...
+    def create_token_response(self) -> _ServerResponse: ...
+
+class AuthorizationEndpointMixin:
+    RESPONSE_TYPES: Collection[str]
+    ERROR_RESPONSE_FRAGMENT: bool
+    @classmethod
+    def check_authorization_endpoint(cls, request: OAuth2Request) -> bool: ...
+    @staticmethod
+    def validate_authorization_redirect_uri(request: OAuth2Request, client: ClientMixin) -> str: ...
+    @staticmethod
+    def validate_no_multiple_request_parameter(request: OAuth2Request): ...
+    redirect_uri: Incomplete
+    def validate_consent_request(self) -> None: ...
+    def validate_authorization_request(self) -> str: ...
+    def create_authorization_response(self, redirect_uri: str, grant_user) -> _ServerResponse: ...

stubs/Authlib/authlib/oauth2/rfc6749/grants/client_credentials.pyi

@@ -0,0 +1,6 @@
+from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin
+
+class ClientCredentialsGrant(BaseGrant, TokenEndpointMixin):
+    GRANT_TYPE: str
+    def validate_token_request(self) -> None: ...
+    def create_token_response(self): ...

stubs/Authlib/authlib/oauth2/rfc6749/grants/implicit.pyi

@@ -0,0 +1,12 @@
+from _typeshed import Incomplete
+
+from authlib.oauth2.rfc6749 import AuthorizationEndpointMixin, BaseGrant
+
+class ImplicitGrant(BaseGrant, AuthorizationEndpointMixin):
+    AUTHORIZATION_ENDPOINT: bool
+    TOKEN_ENDPOINT_AUTH_METHODS: Incomplete
+    RESPONSE_TYPES: Incomplete
+    GRANT_TYPE: str
+    ERROR_RESPONSE_FRAGMENT: bool
+    def validate_authorization_request(self): ...
+    def create_authorization_response(self, redirect_uri, grant_user): ...

stubs/Authlib/authlib/oauth2/rfc6749/grants/refresh_token.pyi

@@ -0,0 +1,15 @@
+from typing_extensions import TypeAlias
+
+from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin, TokenMixin
+
+_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]]
+
+class RefreshTokenGrant(BaseGrant, TokenEndpointMixin):
+    GRANT_TYPE: str
+    INCLUDE_NEW_REFRESH_TOKEN: bool
+    def validate_token_request(self) -> None: ...
+    def create_token_response(self) -> _ServerResponse: ...
+    def issue_token(self, user, refresh_token: TokenMixin) -> dict[str, str | int]: ...
+    def authenticate_refresh_token(self, refresh_token: str) -> TokenMixin: ...
+    def authenticate_user(self, refresh_token): ...
+    def revoke_old_credential(self, refresh_token: TokenMixin) -> None: ...

stubs/Authlib/authlib/oauth2/rfc6749/grants/resource_owner_password_credentials.pyi

@@ -0,0 +1,7 @@
+from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin
+
+class ResourceOwnerPasswordCredentialsGrant(BaseGrant, TokenEndpointMixin):
+    GRANT_TYPE: str
+    def validate_token_request(self) -> None: ...
+    def create_token_response(self): ...
+    def authenticate_user(self, username, password) -> None: ...

stubs/Authlib/authlib/oauth2/rfc6749/models.pyi

@@ -0,0 +1,22 @@
+from collections.abc import Collection
+
+class ClientMixin:
+    def get_client_id(self) -> str: ...
+    def get_default_redirect_uri(self) -> str: ...
+    def get_allowed_scope(self, scope: Collection[str] | str) -> str: ...
+    def check_redirect_uri(self, redirect_uri: str) -> bool: ...
+    def check_client_secret(self, client_secret: str) -> bool: ...
+    def check_endpoint_auth_method(self, method: str, endpoint: str) -> bool: ...
+    def check_response_type(self, response_type: str) -> bool: ...
+    def check_grant_type(self, grant_type: str) -> bool: ...
+
+class AuthorizationCodeMixin:
+    def get_redirect_uri(self) -> str: ...
+    def get_scope(self) -> str: ...
+
+class TokenMixin:
+    def check_client(self, client) -> bool: ...
+    def get_scope(self) -> str: ...
+    def get_expires_in(self) -> int: ...
+    def is_expired(self) -> bool: ...
+    def is_revoked(self) -> bool: ...

stubs/Authlib/authlib/oauth2/rfc6749/parameters.pyi

@@ -0,0 +1,14 @@
+from _typeshed import Incomplete
+
+def prepare_grant_uri(
+    uri,
+    client_id,
+    response_type,
+    redirect_uri: Incomplete | None = None,
+    scope: Incomplete | None = None,
+    state: Incomplete | None = None,
+    **kwargs,
+): ...
+def prepare_token_request(grant_type, body: str = "", redirect_uri: Incomplete | None = None, **kwargs): ...
+def parse_authorization_code_response(uri, state: Incomplete | None = None): ...
+def parse_implicit_response(uri, state: Incomplete | None = None): ...

stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi

@@ -0,0 +1,48 @@
+from _typeshed import Incomplete
+from collections.abc import Mapping
+
+from authlib.oauth2.rfc6749 import ClientMixin
+
+class OAuth2Request:
+    method: str
+    uri: str
+    body: Mapping[str, str] | None
+    headers: Mapping[str, str] | None
+    client: ClientMixin | None
+    auth_method: str | None
+    user: Incomplete | None
+    authorization_code: Incomplete | None
+    refresh_token: Incomplete | None
+    credential: Incomplete | None
+    def __init__(
+        self, method: str, uri: str, body: Mapping[str, str] | None = None, headers: Mapping[str, str] | None = None
+    ) -> None: ...
+    @property
+    def args(self) -> dict[str, str | None]: ...
+    @property
+    def form(self) -> dict[str, str]: ...
+    @property
+    def data(self) -> dict[str, str]: ...
+    @property
+    def datalist(self) -> dict[str, list[Incomplete]]: ...
+    @property
+    def client_id(self) -> str: ...
+    @property
+    def response_type(self) -> str: ...
+    @property
+    def grant_type(self) -> str: ...
+    @property
+    def redirect_uri(self) -> str: ...
+    @property
+    def scope(self) -> str: ...
+    @property
+    def state(self) -> str | None: ...
+
+class JsonRequest:
+    method: Incomplete
+    uri: Incomplete
+    body: Incomplete
+    headers: Incomplete
+    def __init__(self, method, uri, body: Incomplete | None = None, headers: Incomplete | None = None) -> None: ...
+    @property
+    def data(self): ...

stubs/Authlib/authlib/oauth2/rfc6749/resource_protector.pyi

@@ -0,0 +1,19 @@
+from _typeshed import Incomplete
+
+class TokenValidator:
+    TOKEN_TYPE: str
+    realm: Incomplete
+    extra_attributes: Incomplete
+    def __init__(self, realm: Incomplete | None = None, **extra_attributes) -> None: ...
+    @staticmethod
+    def scope_insufficient(token_scopes, required_scopes): ...
+    def authenticate_token(self, token_string) -> None: ...
+    def validate_request(self, request) -> None: ...
+    def validate_token(self, token, scopes, request) -> None: ...
+
+class ResourceProtector:
+    def __init__(self) -> None: ...
+    def register_token_validator(self, validator: TokenValidator): ...
+    def get_token_validator(self, token_type): ...
+    def parse_request_authorization(self, request): ...
+    def validate_request(self, scopes, request, **kwargs): ...

stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi

@@ -0,0 +1,13 @@
+from _typeshed import Incomplete
+
+class TokenEndpoint:
+    ENDPOINT_NAME: Incomplete
+    SUPPORTED_TOKEN_TYPES: Incomplete
+    CLIENT_AUTH_METHODS: Incomplete
+    server: Incomplete
+    def __init__(self, server) -> None: ...
+    def __call__(self, request): ...
+    def create_endpoint_request(self, request): ...
+    def authenticate_endpoint_client(self, request): ...
+    def authenticate_token(self, request, client) -> None: ...
+    def create_endpoint_response(self, request) -> None: ...

stubs/Authlib/authlib/oauth2/rfc6749/util.pyi

@@ -0,0 +1,5 @@
+from collections.abc import Collection
+
+def list_to_scope(scope: Collection[str] | str | None) -> str: ...
+def scope_to_list(scope: Collection[str] | str | None) -> list[str]: ...
+def extract_basic_authorization(headers: dict[str, str]) -> tuple[str, str]: ...

stubs/Authlib/authlib/oauth2/rfc6749/wrappers.pyi

@@ -0,0 +1,5 @@
+class OAuth2Token(dict[str, object]):
+    def __init__(self, params) -> None: ...
+    def is_expired(self, leeway: int = 60): ...
+    @classmethod
+    def from_dict(cls, token): ...

stubs/Authlib/authlib/oauth2/rfc6750/__init__.pyi

@@ -0,0 +1,15 @@
+from .errors import InsufficientScopeError as InsufficientScopeError, InvalidTokenError as InvalidTokenError
+from .parameters import add_bearer_token as add_bearer_token
+from .token import BearerTokenGenerator as BearerTokenGenerator
+from .validator import BearerTokenValidator as BearerTokenValidator
+
+__all__ = [
+    "InvalidTokenError",
+    "InsufficientScopeError",
+    "add_bearer_token",
+    "BearerToken",
+    "BearerTokenGenerator",
+    "BearerTokenValidator",
+]
+
+BearerToken = BearerTokenGenerator

stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi

@@ -0,0 +1,27 @@
+from _typeshed import Incomplete
+
+from authlib.oauth2 import OAuth2Error
+
+__all__ = ["InvalidTokenError", "InsufficientScopeError"]
+
+class InvalidTokenError(OAuth2Error):
+    error: str
+    description: str
+    status_code: int
+    realm: Incomplete
+    extra_attributes: Incomplete
+    def __init__(
+        self,
+        description: Incomplete | None = None,
+        uri: Incomplete | None = None,
+        status_code: Incomplete | None = None,
+        state: Incomplete | None = None,
+        realm: Incomplete | None = None,
+        **extra_attributes,
+    ) -> None: ...
+    def get_headers(self): ...
+
+class InsufficientScopeError(OAuth2Error):
+    error: str
+    description: str
+    status_code: int

stubs/Authlib/authlib/oauth2/rfc6750/parameters.pyi

@@ -0,0 +1,6 @@
+from _typeshed import Incomplete
+
+def add_to_uri(token, uri): ...
+def add_to_headers(token, headers: Incomplete | None = None): ...
+def add_to_body(token, body: Incomplete | None = None): ...
+def add_bearer_token(token, uri, headers, body, placement: str = "header"): ...

stubs/Authlib/authlib/oauth2/rfc6750/token.pyi

@@ -0,0 +1,41 @@
+from _typeshed import Incomplete
+from collections.abc import Callable
+from typing import Protocol
+
+from authlib.oauth2.rfc6749 import ClientMixin
+
+class _TokenGenerator(Protocol):
+    def __call__(self, *, client: ClientMixin, grant_type: str, user, scope: str) -> str: ...
+
+class BearerTokenGenerator:
+    DEFAULT_EXPIRES_IN: int
+    GRANT_TYPES_EXPIRES_IN: dict[str, int]
+    access_token_generator: _TokenGenerator
+    refresh_token_generator: _TokenGenerator
+    expires_generator: Callable[[ClientMixin, str], int]
+    def __init__(
+        self,
+        access_token_generator: _TokenGenerator,
+        refresh_token_generator: _TokenGenerator | None = None,
+        expires_generator: Callable[[ClientMixin, str], int] | None = None,
+    ) -> None: ...
+    @staticmethod
+    def get_allowed_scope(client: ClientMixin, scope: str) -> str: ...
+    def generate(
+        self,
+        grant_type: str,
+        client: ClientMixin,
+        user: Incomplete | None = None,
+        scope: str | None = None,
+        expires_in: int | None = None,
+        include_refresh_token: bool = True,
+    ) -> dict[str, str | int]: ...
+    def __call__(
+        self,
+        grant_type: str,
+        client: ClientMixin,
+        user: Incomplete | None = None,
+        scope: str | None = None,
+        expires_in: int | None = None,
+        include_refresh_token: bool = True,
+    ) -> dict[str, str | int]: ...

stubs/Authlib/authlib/oauth2/rfc6750/validator.pyi

@@ -0,0 +1,6 @@
+from authlib.oauth2.rfc6749 import TokenValidator
+
+class BearerTokenValidator(TokenValidator):
+    TOKEN_TYPE: str
+    def authenticate_token(self, token_string) -> None: ...
+    def validate_token(self, token, scopes, request) -> None: ...

stubs/Authlib/authlib/oauth2/rfc7009/__init__.pyi

@@ -0,0 +1,4 @@
+from .parameters import prepare_revoke_token_request as prepare_revoke_token_request
+from .revocation import RevocationEndpoint as RevocationEndpoint
+
+__all__ = ["prepare_revoke_token_request", "RevocationEndpoint"]

stubs/Authlib/authlib/oauth2/rfc7009/parameters.pyi

@@ -0,0 +1,5 @@
+from _typeshed import Incomplete
+
+def prepare_revoke_token_request(
+    token, token_type_hint: Incomplete | None = None, body: Incomplete | None = None, headers: Incomplete | None = None
+): ...

stubs/Authlib/authlib/oauth2/rfc7009/revocation.pyi

@@ -0,0 +1,9 @@
+from authlib.oauth2.rfc6749 import TokenEndpoint
+
+class RevocationEndpoint(TokenEndpoint):
+    ENDPOINT_NAME: str
+    def authenticate_token(self, request, client): ...
+    def check_params(self, request, client) -> None: ...
+    def create_endpoint_response(self, request): ...
+    def query_token(self, token_string, token_type_hint) -> None: ...
+    def revoke_token(self, token, request) -> None: ...

stubs/Authlib/authlib/oauth2/rfc7521/__init__.pyi

@@ -0,0 +1,3 @@
+from .client import AssertionClient as AssertionClient
+
+__all__ = ["AssertionClient"]