Update authlib to 1.5.* (#13540)

2026-05-09 06:46:18 +08:00 · 2025-04-15 23:08:24 +02:00
parent dfea9a6a26
commit ef0ee2087c
15 changed files with 69 additions and 35 deletions
@@ -1,3 +1,4 @@
+# TODO: check these entries
 authlib.jose.ECKey.PRIVATE_KEY_CLS
 authlib.jose.ECKey.PUBLIC_KEY_CLS
 authlib.jose.RSAKey.PRIVATE_KEY_CLS
@@ -29,8 +30,4 @@ authlib.oauth2.rfc7521.AssertionClient.oauth_error_class
 authlib.oauth2.rfc7521.client.AssertionClient.oauth_error_class
 authlib.oauth2.rfc7523.JWTBearerTokenValidator.token_cls
 authlib.oauth2.rfc7523.validator.JWTBearerTokenValidator.token_cls
-authlib.oauth2.rfc7591.ClientRegistrationEndpoint.claims_class
-authlib.oauth2.rfc7591.endpoint.ClientRegistrationEndpoint.claims_class
-authlib.oauth2.rfc7592.ClientConfigurationEndpoint.claims_class
-authlib.oauth2.rfc7592.endpoint.ClientConfigurationEndpoint.claims_class
 authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate
@@ -1,4 +1,4 @@
-version = "1.4.*"
+version = "1.5.0"
 upstream_repository = "https://github.com/lepture/authlib"
 requires = ["cryptography"]
 partial_stub = true
@@ -1,6 +1,6 @@
 from typing import Final

-name: Final[str]
+name: Final = "Authlib"
 version: Final[str]
 author: Final[str]
 homepage: Final[str]
@@ -1,16 +1,17 @@
 from _typeshed import Incomplete
+from typing import Any, ClassVar

-class BaseClaims(dict[str, object]):
-    REGISTERED_CLAIMS: list[str]
+class BaseClaims(dict[str, Any]):  # dict values are key-dependent
+    REGISTERED_CLAIMS: ClassVar[list[str]]
    header: Incomplete
    options: Incomplete
    params: Incomplete
    def __init__(self, payload, header, options: Incomplete | None = None, params: Incomplete | None = None) -> None: ...
-    def __getattr__(self, key): ...
-    def get_registered_claims(self): ...
+    # TODO: Adds an attribute for each key in REGISTERED_CLAIMS
+    def __getattr__(self, key: str): ...
+    def get_registered_claims(self) -> dict[str, Incomplete]: ...

 class JWTClaims(BaseClaims):
-    REGISTERED_CLAIMS: list[str]
    def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ...
    def validate_iss(self) -> None: ...
    def validate_sub(self) -> None: ...
@@ -1,12 +1,13 @@
-from _typeshed import Incomplete
+from typing import Final

-ASSERTION_TYPE: str
+ASSERTION_TYPE: Final[str]

 class JWTBearerClientAssertion:
-    CLIENT_ASSERTION_TYPE = ASSERTION_TYPE
-    CLIENT_AUTH_METHOD: str
-    token_url: Incomplete
-    def __init__(self, token_url, validate_jti: bool = True) -> None: ...
+    CLIENT_ASSERTION_TYPE: Final[str]
+    CLIENT_AUTH_METHOD: Final[str]
+    token_url: str
+    leeway: int
+    def __init__(self, token_url: str, validate_jti: bool = True, leeway: int = 60) -> None: ...
    def __call__(self, query_client, request): ...
    def create_claims_options(self): ...
    def process_assertion_claims(self, assertion, resolve_key): ...
@@ -1,9 +1,10 @@
 from _typeshed import Incomplete
+from collections.abc import Mapping
+from typing import Any

 from authlib.jose import BaseClaims

 class ClientMetadataClaims(BaseClaims):
-    REGISTERED_CLAIMS: Incomplete
    def validate(self) -> None: ...
    def validate_redirect_uris(self) -> None: ...
    def validate_token_endpoint_auth_method(self) -> None: ...
@@ -20,3 +21,5 @@ class ClientMetadataClaims(BaseClaims):
    def validate_jwks(self) -> None: ...
    def validate_software_id(self) -> None: ...
    def validate_software_version(self) -> None: ...
+    @classmethod
+    def get_claims_options(cls, metadata: Mapping[str, Incomplete]) -> dict[str, Any]: ...  # dict values are key-dependent
@@ -1,18 +1,16 @@
 from _typeshed import Incomplete
-
-from authlib.oauth2.rfc7591 import ClientMetadataClaims
+from typing import Final

 class ClientRegistrationEndpoint:
-    ENDPOINT_NAME: str
-    claims_class = ClientMetadataClaims
+    ENDPOINT_NAME: Final = "client_registration"
    software_statement_alg_values_supported: Incomplete
    server: Incomplete
-    def __init__(self, server) -> None: ...
-    def __call__(self, request): ...
+    claims_classes: list[type[Incomplete]]
+    def __init__(self, server: Incomplete | None = None, claims_classes: list[type[Incomplete]] | None = None) -> None: ...
+    def __call__(self, request) -> dict[Incomplete, Incomplete]: ...
    def create_registration_response(self, request): ...
    def extract_client_metadata(self, request): ...
    def extract_software_statement(self, software_statement, request): ...
-    def get_claims_options(self): ...
    def generate_client_info(self): ...
    def generate_client_registration_info(self, client, request) -> None: ...
    def create_endpoint_request(self, request): ...
@@ -1,12 +1,11 @@
 from _typeshed import Incomplete
-
-from authlib.oauth2.rfc7591 import ClientMetadataClaims
+from typing import Final

 class ClientConfigurationEndpoint:
-    ENDPOINT_NAME: str
-    claims_class = ClientMetadataClaims
+    ENDPOINT_NAME: Final = "client_configuration"
    server: Incomplete
-    def __init__(self, server) -> None: ...
+    claims_classes: list[type[Incomplete]]
+    def __init__(self, server: Incomplete | None = None, claims_classes: list[type[Incomplete]] | None = None) -> None: ...
    def __call__(self, request): ...
    def create_configuration_response(self, request): ...
    def create_endpoint_request(self, request): ...
@@ -14,7 +13,6 @@ class ClientConfigurationEndpoint:
    def create_delete_client_response(self, client, request): ...
    def create_update_client_response(self, client, request): ...
    def extract_client_metadata(self, request): ...
-    def get_claims_options(self): ...
    def introspect_client(self, client): ...
    def generate_client_registration_info(self, client, request) -> None: ...
    def authenticate_token(self, request) -> None: ...
@@ -3,7 +3,6 @@ from _typeshed import Incomplete
 from authlib.jose import JWTClaims

 class JWTAccessTokenClaims(JWTClaims):
-    REGISTERED_CLAIMS: Incomplete
    def validate(self, now: Incomplete | None = None, leeway: int = 0, **kwargs) -> None: ...
    def validate_typ(self) -> None: ...
    def validate_client_id(self): ...
@@ -0,0 +1,3 @@
+from .parameter import IssuerParameter as IssuerParameter
+
+__all__ = ["IssuerParameter"]
@@ -0,0 +1,4 @@
+class IssuerParameter:
+    def __call__(self, grant) -> None: ...
+    def add_issuer_parameter(self, hook_type: str, response) -> None: ...
+    def get_issuer(self) -> str | None: ...
@@ -16,17 +16,14 @@ class IDToken(JWTClaims):

 class CodeIDToken(IDToken):
    RESPONSE_TYPES: Incomplete
-    REGISTERED_CLAIMS: Incomplete

 class ImplicitIDToken(IDToken):
    RESPONSE_TYPES: Incomplete
    ESSENTIAL_CLAIMS: Incomplete
-    REGISTERED_CLAIMS: Incomplete
    def validate_at_hash(self) -> None: ...

 class HybridIDToken(ImplicitIDToken):
    RESPONSE_TYPES: Incomplete
-    REGISTERED_CLAIMS: Incomplete
    def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ...
    def validate_c_hash(self) -> None: ...

@@ -14,5 +14,6 @@ def generate_id_token(
    nonce: str | None = None,
    auth_time: int | None = None,
    code: str | None = None,
+    kid: str | None = None,
 ) -> str: ...
 def create_response_mode_response(redirect_uri, params, response_mode): ...
@@ -0,0 +1,3 @@
+from .claims import ClientMetadataClaims as ClientMetadataClaims
+
+__all__ = ["ClientMetadataClaims"]
@@ -0,0 +1,29 @@
+from _typeshed import Incomplete
+from collections.abc import Mapping
+
+from authlib.jose import BaseClaims
+
+class ClientMetadataClaims(BaseClaims):
+    def validate(self) -> None: ...
+    # The "cls" argument is called "self" in the actual implementation,
+    # but stubtest will not allow that.
+    @classmethod
+    def get_claims_options(cls, metadata: Mapping[str, Incomplete]) -> dict[str, Incomplete]: ...
+    def validate_token_endpoint_auth_signing_alg(self) -> None: ...
+    def validate_application_type(self) -> None: ...
+    def validate_sector_identifier_uri(self) -> None: ...
+    def validate_subject_type(self) -> None: ...
+    def validate_id_token_signed_response_alg(self) -> None: ...
+    def validate_id_token_encrypted_response_alg(self) -> None: ...
+    def validate_id_token_encrypted_response_enc(self) -> None: ...
+    def validate_userinfo_signed_response_alg(self) -> None: ...
+    def validate_userinfo_encrypted_response_alg(self) -> None: ...
+    def validate_userinfo_encrypted_response_enc(self) -> None: ...
+    def validate_default_max_age(self) -> None: ...
+    def validate_require_auth_time(self) -> None: ...
+    def validate_default_acr_values(self) -> None: ...
+    def validate_initiate_login_uri(self) -> None: ...
+    def validate_request_object_signing_alg(self) -> None: ...
+    def validate_request_object_encryption_alg(self) -> None: ...
+    def validate_request_object_encryption_enc(self) -> None: ...
+    def validate_request_uris(self) -> None: ...