From a6f05d0c0b72dfd411d405579e2dd6adbf8efa36 Mon Sep 17 00:00:00 2001 From: Semyon Moroz Date: Fri, 4 Jul 2025 11:07:41 +0000 Subject: [PATCH] Bump Authlib to ~=1.6.0 (#14364) --- stubs/Authlib/@tests/stubtest_allowlist.txt | 28 ++++++ stubs/Authlib/METADATA.toml | 2 +- stubs/Authlib/authlib/deprecate.pyi | 4 +- stubs/Authlib/authlib/jose/rfc7515/models.pyi | 4 +- .../Authlib/authlib/jose/rfc7518/jws_algs.pyi | 12 +-- .../authlib/oauth2/rfc6749/__init__.pyi | 9 +- .../oauth2/rfc6749/authorization_server.pyi | 14 ++- .../Authlib/authlib/oauth2/rfc6749/errors.pyi | 12 ++- .../authlib/oauth2/rfc6749/grants/base.pyi | 12 +-- .../Authlib/authlib/oauth2/rfc6749/hooks.pyi | 8 ++ .../Authlib/authlib/oauth2/rfc6749/models.pyi | 2 + .../authlib/oauth2/rfc6749/requests.pyi | 85 +++++++++++++------ .../authlib/oauth2/rfc7636/challenge.pyi | 17 ++-- .../authlib/oauth2/rfc9101/__init__.pyi | 5 ++ .../oauth2/rfc9101/authorization_server.pyi | 15 ++++ .../authlib/oauth2/rfc9101/discovery.pyi | 5 ++ .../Authlib/authlib/oauth2/rfc9101/errors.pyi | 23 +++++ .../authlib/oauth2/rfc9101/registration.pyi | 5 ++ .../authlib/oauth2/rfc9207/parameter.pyi | 4 +- stubs/Authlib/authlib/oidc/core/__init__.pyi | 2 + stubs/Authlib/authlib/oidc/core/claims.pyi | 4 +- .../Authlib/authlib/oidc/core/grants/code.pyi | 4 +- .../authlib/oidc/core/grants/implicit.pyi | 4 +- .../Authlib/authlib/oidc/core/grants/util.pyi | 2 + stubs/Authlib/authlib/oidc/core/models.pyi | 2 + stubs/Authlib/authlib/oidc/core/userinfo.pyi | 18 ++++ 26 files changed, 243 insertions(+), 59 deletions(-) create mode 100644 stubs/Authlib/authlib/oauth2/rfc6749/hooks.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc9101/__init__.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc9101/discovery.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc9101/errors.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi create mode 100644 stubs/Authlib/authlib/oidc/core/userinfo.pyi diff --git a/stubs/Authlib/@tests/stubtest_allowlist.txt b/stubs/Authlib/@tests/stubtest_allowlist.txt index abcbb85a0..954245b03 100644 --- a/stubs/Authlib/@tests/stubtest_allowlist.txt +++ b/stubs/Authlib/@tests/stubtest_allowlist.txt @@ -37,3 +37,31 @@ authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate (authlib.jose.rfc7518.jws_algs.HMACAlgorithm.SHA256)? (authlib.jose.rfc7518.jws_algs.HMACAlgorithm.SHA384)? (authlib.jose.rfc7518.jws_algs.HMACAlgorithm.SHA512)? + +# Methods whose *args and **kwargs arguments are added dynamically due to the @hooked decorator: +authlib.oauth2.rfc6749.AuthorizationCodeGrant.create_token_response +authlib.oauth2.rfc6749.AuthorizationCodeGrant.validate_token_request +authlib.oauth2.rfc6749.AuthorizationEndpointMixin.validate_consent_request +authlib.oauth2.rfc6749.ClientCredentialsGrant.create_token_response +authlib.oauth2.rfc6749.ImplicitGrant.validate_authorization_request +authlib.oauth2.rfc6749.RefreshTokenGrant.create_token_response +authlib.oauth2.rfc6749.ResourceOwnerPasswordCredentialsGrant.create_token_response +authlib.oauth2.rfc6749.grants.AuthorizationCodeGrant.create_token_response +authlib.oauth2.rfc6749.grants.AuthorizationCodeGrant.validate_token_request +authlib.oauth2.rfc6749.grants.AuthorizationEndpointMixin.validate_consent_request +authlib.oauth2.rfc6749.grants.ClientCredentialsGrant.create_token_response +authlib.oauth2.rfc6749.grants.ImplicitGrant.validate_authorization_request +authlib.oauth2.rfc6749.grants.RefreshTokenGrant.create_token_response +authlib.oauth2.rfc6749.grants.ResourceOwnerPasswordCredentialsGrant.create_token_response +authlib.oauth2.rfc6749.grants.authorization_code.AuthorizationCodeGrant.create_token_response +authlib.oauth2.rfc6749.grants.authorization_code.AuthorizationCodeGrant.validate_token_request +authlib.oauth2.rfc6749.grants.base.AuthorizationEndpointMixin.validate_consent_request +authlib.oauth2.rfc6749.grants.client_credentials.ClientCredentialsGrant.create_token_response +authlib.oauth2.rfc6749.grants.implicit.ImplicitGrant.validate_authorization_request +authlib.oauth2.rfc6749.grants.refresh_token.RefreshTokenGrant.create_token_response +authlib.oauth2.rfc6749.grants.resource_owner_password_credentials.ResourceOwnerPasswordCredentialsGrant.create_token_response +authlib.oauth2.rfc8628.DeviceCodeGrant.create_token_response +authlib.oauth2.rfc8628.device_code.DeviceCodeGrant.create_token_response +authlib.oidc.core.OpenIDImplicitGrant.validate_consent_request +authlib.oidc.core.grants.OpenIDImplicitGrant.validate_consent_request +authlib.oidc.core.grants.implicit.OpenIDImplicitGrant.validate_consent_request diff --git a/stubs/Authlib/METADATA.toml b/stubs/Authlib/METADATA.toml index 8fbed7859..e9786969e 100644 --- a/stubs/Authlib/METADATA.toml +++ b/stubs/Authlib/METADATA.toml @@ -1,4 +1,4 @@ -version = "~= 1.5.2" +version = "~= 1.6.0" upstream_repository = "https://github.com/lepture/authlib" requires = ["cryptography"] partial_stub = true diff --git a/stubs/Authlib/authlib/deprecate.pyi b/stubs/Authlib/authlib/deprecate.pyi index 9f7f18218..201ceb6a5 100644 --- a/stubs/Authlib/authlib/deprecate.pyi +++ b/stubs/Authlib/authlib/deprecate.pyi @@ -1,3 +1,5 @@ class AuthlibDeprecationWarning(DeprecationWarning): ... -def deprecate(message: str, version: str | None = None, link_uid: str | None = None, link_file: str | None = None) -> None: ... +def deprecate( + message: str, version: str | None = None, link_uid: str | None = None, link_file: str | None = None, stacklevel: int = 3 +) -> None: ... diff --git a/stubs/Authlib/authlib/jose/rfc7515/models.pyi b/stubs/Authlib/authlib/jose/rfc7515/models.pyi index 7640c759d..07f9a2091 100644 --- a/stubs/Authlib/authlib/jose/rfc7515/models.pyi +++ b/stubs/Authlib/authlib/jose/rfc7515/models.pyi @@ -6,8 +6,8 @@ class JWSAlgorithm: algorithm_type: str algorithm_location: str def prepare_key(self, raw_data) -> None: ... - def sign(self, msg, key) -> None: ... - def verify(self, msg, sig, key) -> None: ... + def sign(self, msg, key): ... + def verify(self, msg, sig, key) -> bool: ... class JWSHeader(dict[str, object]): protected: Incomplete diff --git a/stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi b/stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi index 5bcca23de..47ca3a64e 100644 --- a/stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi +++ b/stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi @@ -8,7 +8,7 @@ class NoneAlgorithm(JWSAlgorithm): description: str def prepare_key(self, raw_data) -> None: ... def sign(self, msg, key): ... - def verify(self, msg, sig, key): ... + def verify(self, msg, sig, key) -> bool: ... class HMACAlgorithm(JWSAlgorithm): SHA256 = hashlib.sha256 @@ -20,7 +20,7 @@ class HMACAlgorithm(JWSAlgorithm): def __init__(self, sha_type) -> None: ... def prepare_key(self, raw_data): ... def sign(self, msg, key): ... - def verify(self, msg, sig, key): ... + def verify(self, msg, sig, key) -> bool: ... class RSAAlgorithm(JWSAlgorithm): SHA256: Incomplete @@ -33,7 +33,7 @@ class RSAAlgorithm(JWSAlgorithm): def __init__(self, sha_type) -> None: ... def prepare_key(self, raw_data): ... def sign(self, msg, key): ... - def verify(self, msg, sig, key): ... + def verify(self, msg, sig, key) -> bool: ... class ECAlgorithm(JWSAlgorithm): SHA256: Incomplete @@ -46,7 +46,7 @@ class ECAlgorithm(JWSAlgorithm): def __init__(self, name, curve, sha_type) -> None: ... def prepare_key(self, raw_data): ... def sign(self, msg, key): ... - def verify(self, msg, sig, key): ... + def verify(self, msg, sig, key) -> bool: ... class RSAPSSAlgorithm(JWSAlgorithm): SHA256: Incomplete @@ -58,6 +58,6 @@ class RSAPSSAlgorithm(JWSAlgorithm): def __init__(self, sha_type) -> None: ... def prepare_key(self, raw_data): ... def sign(self, msg, key): ... - def verify(self, msg, sig, key): ... + def verify(self, msg, sig, key) -> bool: ... -JWS_ALGORITHMS: Incomplete +JWS_ALGORITHMS: list[JWSAlgorithm] diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi index 2e5ddb3a6..360b28566 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi @@ -29,15 +29,22 @@ from .grants import ( TokenEndpointMixin as TokenEndpointMixin, ) from .models import AuthorizationCodeMixin as AuthorizationCodeMixin, ClientMixin as ClientMixin, TokenMixin as TokenMixin -from .requests import JsonRequest as JsonRequest, OAuth2Request as OAuth2Request +from .requests import ( + JsonPayload as JsonPayload, + JsonRequest as JsonRequest, + OAuth2Payload as OAuth2Payload, + OAuth2Request as OAuth2Request, +) from .resource_protector import ResourceProtector as ResourceProtector, TokenValidator as TokenValidator from .token_endpoint import TokenEndpoint as TokenEndpoint from .util import list_to_scope as list_to_scope, scope_to_list as scope_to_list from .wrappers import OAuth2Token as OAuth2Token __all__ = [ + "OAuth2Payload", "OAuth2Token", "OAuth2Request", + "JsonPayload", "JsonRequest", "OAuth2Error", "AccessDeniedError", diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi index 396cb7e89..49d3afce8 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi @@ -1,13 +1,16 @@ from collections.abc import Callable, Collection, Mapping -from typing_extensions import TypeAlias +from typing import overload +from typing_extensions import TypeAlias, deprecated from authlib.oauth2 import JsonRequest, OAuth2Error, OAuth2Request from authlib.oauth2.rfc6749 import BaseGrant, ClientMixin from authlib.oauth2.rfc6750 import BearerTokenGenerator +from .hooks import Hookable + _ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]] -class AuthorizationServer: +class AuthorizationServer(Hookable): scopes_supported: Collection[str] | None def __init__(self, scopes_supported: Collection[str] | None = None) -> None: ... def query_client(self, client_id: str) -> ClientMixin: ... @@ -24,12 +27,13 @@ class AuthorizationServer: def register_token_generator(self, grant_type: str, func: BearerTokenGenerator) -> None: ... def authenticate_client(self, request: OAuth2Request, methods: Collection[str], endpoint: str = "token") -> ClientMixin: ... def register_client_auth_method(self, method, func) -> None: ... + def register_extension(self, extension) -> None: ... def get_error_uri(self, request, error) -> None: ... def send_signal(self, name, *args: object, **kwargs: object) -> None: ... def create_oauth2_request(self, request) -> OAuth2Request: ... def create_json_request(self, request) -> JsonRequest: ... def handle_response(self, status: int, body: Mapping[str, object], headers: Mapping[str, str]) -> object: ... - def validate_requested_scope(self, scope: str, state: str | None = None) -> None: ... + def validate_requested_scope(self, scope: str) -> None: ... def register_grant( self, grant_cls: type[BaseGrant], extensions: Collection[Callable[[BaseGrant], None]] | None = None ) -> None: ... @@ -38,6 +42,10 @@ class AuthorizationServer: def get_consent_grant(self, request=None, end_user=None): ... def get_token_grant(self, request: OAuth2Request) -> BaseGrant: ... def create_endpoint_response(self, name, request=None): ... + @overload + @deprecated("The 'grant' parameter will become mandatory.") def create_authorization_response(self, request=None, grant_user=None) -> object: ... + @overload + def create_authorization_response(self, request=None, grant_user=None, grant=None) -> object: ... def create_token_response(self, request=None) -> _ServerResponse: ... def handle_error_response(self, request: OAuth2Request, error: OAuth2Error) -> object: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi index 524478049..8436b28f2 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi @@ -44,7 +44,17 @@ class UnauthorizedClientError(OAuth2Error): class UnsupportedResponseTypeError(OAuth2Error): error: str response_type: Incomplete - def __init__(self, response_type) -> None: ... + def __init__( + self, + response_type, + description=None, + uri=None, + status_code=None, + state=None, + redirect_uri=None, + redirect_fragment: bool = False, + error=None, + ) -> None: ... def get_error_description(self): ... class UnsupportedGrantTypeError(OAuth2Error): diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi index 65f2dcc92..88b977959 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi @@ -1,13 +1,15 @@ from _typeshed import Incomplete -from collections.abc import Callable, Collection +from collections.abc import Collection from typing_extensions import TypeAlias from authlib.oauth2 import OAuth2Request from authlib.oauth2.rfc6749 import ClientMixin +from ..hooks import Hookable + _ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]] -class BaseGrant: +class BaseGrant(Hookable): TOKEN_ENDPOINT_AUTH_METHODS: Collection[str] GRANT_TYPE: str | None TOKEN_RESPONSE_HEADER: Collection[tuple[str, str]] @@ -29,8 +31,6 @@ class BaseGrant: def authenticate_token_endpoint_client(self) -> ClientMixin: ... def save_token(self, token): ... def validate_requested_scope(self) -> None: ... - def register_hook(self, hook_type: str, hook: Callable[..., Incomplete]) -> None: ... - def execute_hook(self, hook_type: str, *args: object, **kwargs: object) -> None: ... class TokenEndpointMixin: TOKEN_ENDPOINT_HTTP_METHODS: Incomplete @@ -49,7 +49,7 @@ class AuthorizationEndpointMixin: def validate_authorization_redirect_uri(request: OAuth2Request, client: ClientMixin) -> str: ... @staticmethod def validate_no_multiple_request_parameter(request: OAuth2Request): ... - redirect_uri: Incomplete - def validate_consent_request(self) -> None: ... + redirect_uri: str + def validate_consent_request(self) -> str: ... def validate_authorization_request(self) -> str: ... def create_authorization_response(self, redirect_uri: str, grant_user) -> _ServerResponse: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/hooks.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/hooks.pyi new file mode 100644 index 000000000..78aa94a7a --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/hooks.pyi @@ -0,0 +1,8 @@ +from collections.abc import Callable + +class Hookable: + def __init__(self) -> None: ... + def register_hook(self, hook_type: str, hook: Callable[..., None]) -> None: ... + def execute_hook(self, hook_type: str, *args, **kwargs) -> None: ... + +def hooked(func=None, before: str | None = None, after: str | None = None): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/models.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/models.pyi index 87649d102..47c8ed0eb 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/models.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/models.pyi @@ -20,3 +20,5 @@ class TokenMixin: def get_expires_in(self) -> int: ... def is_expired(self) -> bool: ... def is_revoked(self) -> bool: ... + def get_user(self): ... + def get_client(self) -> ClientMixin: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi index 6b9056ef2..a1e18c2db 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi @@ -1,26 +1,10 @@ from _typeshed import Incomplete from collections.abc import Mapping +from typing_extensions import deprecated from authlib.oauth2.rfc6749 import ClientMixin -class OAuth2Request: - method: str - uri: str - body: Mapping[str, str] | None - headers: Mapping[str, str] | None - client: ClientMixin | None - auth_method: str | None - user: Incomplete | None - authorization_code: Incomplete | None - refresh_token: Incomplete | None - credential: Incomplete | None - def __init__( - self, method: str, uri: str, body: Mapping[str, str] | None = None, headers: Mapping[str, str] | None = None - ) -> None: ... - @property - def args(self) -> dict[str, str | None]: ... - @property - def form(self) -> dict[str, str]: ... +class OAuth2Payload: @property def data(self) -> dict[str, str]: ... @property @@ -38,11 +22,64 @@ class OAuth2Request: @property def state(self) -> str | None: ... -class JsonRequest: - method: Incomplete - uri: Incomplete - body: Incomplete - headers: Incomplete - def __init__(self, method, uri, body=None, headers=None) -> None: ... +class BasicOAuth2Payload(OAuth2Payload): + def __init__(self, payload: dict[str, str]) -> None: ... + @property + def data(self) -> dict[str, str]: ... + @property + def datalist(self) -> dict[str, list[Incomplete]]: ... + +class OAuth2Request(OAuth2Payload): + method: str + uri: str + headers: Mapping[str, str] | None + payload: OAuth2Payload | None + client: ClientMixin | None + auth_method: str | None + user: Incomplete | None + authorization_code: Incomplete | None + refresh_token: Incomplete | None + credential: Incomplete | None + def __init__(self, method: str, uri: str, headers: Mapping[str, str] | None = None) -> None: ... + @property + def args(self) -> dict[str, str | None]: ... + @property + def form(self) -> dict[str, str]: ... + @property + @deprecated("'request.data' is deprecated in favor of 'request.payload.data'") + def data(self) -> dict[str, str]: ... + @property + @deprecated("'request.datalist' is deprecated in favor of 'request.payload.datalist'") + def datalist(self) -> dict[str, list[Incomplete]]: ... + @property + @deprecated("'request.client_id' is deprecated in favor of 'request.payload.client_id'") + def client_id(self) -> str: ... + @property + @deprecated("'request.response_type' is deprecated in favor of 'request.payload.response_type'") + def response_type(self) -> str: ... + @property + @deprecated("'request.grant_type' is deprecated in favor of 'request.payload.grant_type'") + def grant_type(self) -> str: ... + @property + @deprecated("'request.redirect_uri' is deprecated in favor of 'request.payload.redirect_uri'") + def redirect_uri(self) -> str: ... + @property + @deprecated("'request.scope' is deprecated in favor of 'request.payload.scope'") + def scope(self) -> str: ... + @property + @deprecated("'request.state' is deprecated in favor of 'request.payload.state'") + def state(self) -> str | None: ... + +class JsonPayload: @property def data(self): ... + +class JsonRequest: + method: str + uri: str + payload: JsonPayload | None + headers: Mapping[str, str] + def __init__(self, method: str, uri: str, headers: Mapping[str, str] | None = None) -> None: ... + @property + @deprecated("'request.data' is deprecated in favor of 'request.payload.data'") + def data(self): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7636/challenge.pyi b/stubs/Authlib/authlib/oauth2/rfc7636/challenge.pyi index 71b92213b..e3d07e846 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7636/challenge.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7636/challenge.pyi @@ -1,7 +1,10 @@ +import re from _typeshed import Incomplete +from collections.abc import Callable +from typing import Final -CODE_VERIFIER_PATTERN: Incomplete -CODE_CHALLENGE_PATTERN: Incomplete +CODE_VERIFIER_PATTERN: Final[re.Pattern[str]] +CODE_CHALLENGE_PATTERN: Final[re.Pattern[str]] def create_s256_code_challenge(code_verifier): ... def compare_plain_code_challenge(code_verifier, code_challenge): ... @@ -9,12 +12,12 @@ def compare_s256_code_challenge(code_verifier, code_challenge): ... class CodeChallenge: DEFAULT_CODE_CHALLENGE_METHOD: str - SUPPORTED_CODE_CHALLENGE_METHOD: Incomplete - CODE_CHALLENGE_METHODS: Incomplete - required: Incomplete + SUPPORTED_CODE_CHALLENGE_METHOD: list[str] + CODE_CHALLENGE_METHODS: dict[str, Callable[[Incomplete, Incomplete], Incomplete]] + required: bool def __init__(self, required: bool = True) -> None: ... def __call__(self, grant) -> None: ... - def validate_code_challenge(self, grant) -> None: ... - def validate_code_verifier(self, grant) -> None: ... + def validate_code_challenge(self, grant, redirect_uri) -> None: ... + def validate_code_verifier(self, grant, result) -> None: ... def get_authorization_code_challenge(self, authorization_code): ... def get_authorization_code_challenge_method(self, authorization_code): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9101/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc9101/__init__.pyi new file mode 100644 index 000000000..8a6295782 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9101/__init__.pyi @@ -0,0 +1,5 @@ +from .authorization_server import JWTAuthenticationRequest as JWTAuthenticationRequest +from .discovery import AuthorizationServerMetadata as AuthorizationServerMetadata +from .registration import ClientMetadataClaims as ClientMetadataClaims + +__all__ = ["AuthorizationServerMetadata", "JWTAuthenticationRequest", "ClientMetadataClaims"] diff --git a/stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi b/stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi new file mode 100644 index 000000000..c889ee7b2 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi @@ -0,0 +1,15 @@ +from _typeshed import Incomplete + +from ..rfc6749 import AuthorizationServer, ClientMixin +from ..rfc6749.requests import OAuth2Request + +class JWTAuthenticationRequest: + support_request: bool + support_request_uri: bool + def __init__(self, support_request: bool = True, support_request_uri: bool = True) -> None: ... + def __call__(self, authorization_server: AuthorizationServer) -> None: ... + def parse_authorization_request(self, authorization_server: AuthorizationServer, request: OAuth2Request) -> None: ... + def get_request_object(self, request_uri: str): ... + def resolve_client_public_keys(self, client: ClientMixin): ... + def get_server_metadata(self) -> dict[str, Incomplete]: ... + def get_client_require_signed_request_object(self, client: ClientMixin) -> bool: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9101/discovery.pyi b/stubs/Authlib/authlib/oauth2/rfc9101/discovery.pyi new file mode 100644 index 000000000..82d106bba --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9101/discovery.pyi @@ -0,0 +1,5 @@ +from _typeshed import Incomplete + +class AuthorizationServerMetadata(dict[str, object]): + REGISTRY_KEYS: Incomplete + def validate_require_signed_request_object(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9101/errors.pyi b/stubs/Authlib/authlib/oauth2/rfc9101/errors.pyi new file mode 100644 index 000000000..a0bcd96e1 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9101/errors.pyi @@ -0,0 +1,23 @@ +from ..base import OAuth2Error + +__all__ = ["InvalidRequestUriError", "InvalidRequestObjectError", "RequestNotSupportedError", "RequestUriNotSupportedError"] + +class InvalidRequestUriError(OAuth2Error): + error: str + description: str + status_code: int + +class InvalidRequestObjectError(OAuth2Error): + error: str + description: str + status_code: int + +class RequestNotSupportedError(OAuth2Error): + error: str + description: str + status_code: int + +class RequestUriNotSupportedError(OAuth2Error): + error: str + description: str + status_code: int diff --git a/stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi b/stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi new file mode 100644 index 000000000..f4c742554 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi @@ -0,0 +1,5 @@ +from authlib.jose import BaseClaims + +class ClientMetadataClaims(BaseClaims): + def validate(self) -> None: ... + def validate_require_signed_request_object(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi b/stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi index 8e06d4bb7..70e2ee20b 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi @@ -1,4 +1,4 @@ class IssuerParameter: - def __call__(self, grant) -> None: ... - def add_issuer_parameter(self, hook_type: str, response) -> None: ... + def __call__(self, authorization_server) -> None: ... + def add_issuer_parameter(self, authorization_server, response) -> None: ... def get_issuer(self) -> str | None: ... diff --git a/stubs/Authlib/authlib/oidc/core/__init__.pyi b/stubs/Authlib/authlib/oidc/core/__init__.pyi index 00a6e700d..0763373dc 100644 --- a/stubs/Authlib/authlib/oidc/core/__init__.pyi +++ b/stubs/Authlib/authlib/oidc/core/__init__.pyi @@ -13,6 +13,7 @@ from .grants import ( OpenIDToken as OpenIDToken, ) from .models import AuthorizationCodeMixin as AuthorizationCodeMixin +from .userinfo import UserInfoEndpoint as UserInfoEndpoint __all__ = [ "AuthorizationCodeMixin", @@ -21,6 +22,7 @@ __all__ = [ "ImplicitIDToken", "HybridIDToken", "UserInfo", + "UserInfoEndpoint", "get_claim_cls_by_response_type", "OpenIDToken", "OpenIDCode", diff --git a/stubs/Authlib/authlib/oidc/core/claims.pyi b/stubs/Authlib/authlib/oidc/core/claims.pyi index 1fbd121dd..d58ac3670 100644 --- a/stubs/Authlib/authlib/oidc/core/claims.pyi +++ b/stubs/Authlib/authlib/oidc/core/claims.pyi @@ -28,7 +28,9 @@ class HybridIDToken(ImplicitIDToken): def validate_c_hash(self) -> None: ... class UserInfo(dict[str, object]): - REGISTERED_CLAIMS: Incomplete + REGISTERED_CLAIMS: list[str] + SCOPES_CLAIMS_MAPPING: dict[str, list[str]] + def filter(self, scope: str) -> UserInfo: ... def __getattr__(self, key): ... def get_claim_cls_by_response_type(response_type): ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/code.pyi b/stubs/Authlib/authlib/oidc/core/grants/code.pyi index 3ad0e20e3..a4544c27c 100644 --- a/stubs/Authlib/authlib/oidc/core/grants/code.pyi +++ b/stubs/Authlib/authlib/oidc/core/grants/code.pyi @@ -6,12 +6,12 @@ class OpenIDToken: def get_jwt_config(self, grant: BaseGrant) -> dict[str, str | int]: ... def generate_user_info(self, user, scope: str) -> UserInfo: ... def get_audiences(self, request: OAuth2Request) -> list[str]: ... - def process_token(self, grant: BaseGrant, token: dict[str, str | int]) -> dict[str, str | int]: ... + def process_token(self, grant: BaseGrant, response) -> dict[str, str | int]: ... def __call__(self, grant: BaseGrant) -> None: ... class OpenIDCode(OpenIDToken): require_nonce: bool def __init__(self, require_nonce: bool = False) -> None: ... def exists_nonce(self, nonce: str, request: OAuth2Request) -> bool: ... - def validate_openid_authorization_request(self, grant: BaseGrant) -> None: ... + def validate_openid_authorization_request(self, grant: BaseGrant, redirect_uri) -> None: ... def __call__(self, grant: BaseGrant) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi b/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi index e487fc127..7b90d4d9e 100644 --- a/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi +++ b/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi @@ -9,8 +9,8 @@ class OpenIDImplicitGrant(ImplicitGrant): def get_jwt_config(self) -> None: ... def generate_user_info(self, user, scope) -> None: ... def get_audiences(self, request): ... - def validate_authorization_request(self): ... - def validate_consent_request(self) -> None: ... + def validate_authorization_request(self) -> str: ... + def validate_consent_request(self) -> str: ... def create_authorization_response(self, redirect_uri, grant_user): ... def create_granted_params(self, grant_user): ... def process_implicit_token(self, token, code=None): ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/util.pyi b/stubs/Authlib/authlib/oidc/core/grants/util.pyi index 9800380f4..772103c30 100644 --- a/stubs/Authlib/authlib/oidc/core/grants/util.pyi +++ b/stubs/Authlib/authlib/oidc/core/grants/util.pyi @@ -13,6 +13,8 @@ def generate_id_token( exp: int = 3600, nonce: str | None = None, auth_time: int | None = None, + acr: str | None = None, + amr: list[str] | None = None, code: str | None = None, kid: str | None = None, ) -> str: ... diff --git a/stubs/Authlib/authlib/oidc/core/models.pyi b/stubs/Authlib/authlib/oidc/core/models.pyi index f081a20b9..d204f91d0 100644 --- a/stubs/Authlib/authlib/oidc/core/models.pyi +++ b/stubs/Authlib/authlib/oidc/core/models.pyi @@ -3,3 +3,5 @@ from authlib.oauth2.rfc6749 import AuthorizationCodeMixin as _AuthorizationCodeM class AuthorizationCodeMixin(_AuthorizationCodeMixin): def get_nonce(self) -> str | None: ... def get_auth_time(self) -> int | None: ... + def get_acr(self) -> str: ... + def get_amr(self) -> list[str]: ... diff --git a/stubs/Authlib/authlib/oidc/core/userinfo.pyi b/stubs/Authlib/authlib/oidc/core/userinfo.pyi new file mode 100644 index 000000000..0c612351b --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/userinfo.pyi @@ -0,0 +1,18 @@ +from authlib.oauth2.rfc6749.authorization_server import AuthorizationServer +from authlib.oauth2.rfc6749.requests import OAuth2Request +from authlib.oauth2.rfc6749.resource_protector import ResourceProtector + +from .claims import UserInfo + +class UserInfoEndpoint: + ENDPOINT_NAME: str + server: AuthorizationServer | None + resource_protector: ResourceProtector | None + def __init__( + self, server: AuthorizationServer | None = None, resource_protector: ResourceProtector | None = None + ) -> None: ... + def create_endpoint_request(self, request: OAuth2Request): ... + def __call__(self, request: OAuth2Request) -> tuple[int, dict[str, str | None], list[tuple[str, str]]]: ... + def generate_user_info(self, user, scope: str) -> UserInfo: ... + def get_issuer(self) -> str: ... + def resolve_private_key(self): ...