Improve oauthlib.oauth2.rfc6749 (#13965)

stubs/oauthlib/oauthlib/oauth2/rfc6749/clients/base.pyi

@@ -99,8 +99,8 @@ class Client:
     ) -> tuple[str, dict[str, str], str]: ...
     def prepare_token_revocation_request(
         self,
-        revocation_url,
-        token,
+        revocation_url: str,
+        token: str,
         token_type_hint: Literal["access_token", "refresh_token"] | None = "access_token",
         body: str = "",
         callback: Callable[[Incomplete], Incomplete] | None = None,

stubs/oauthlib/oauthlib/oauth2/rfc6749/endpoints/authorization.pyi

@@ -8,11 +8,11 @@ from .base import BaseEndpoint
 log: Logger
 
 class AuthorizationEndpoint(BaseEndpoint):
-    def __init__(self, default_response_type, default_token_type, response_types: dict[str, Incomplete]) -> None: ...
+    def __init__(self, default_response_type: str, default_token_type: str, response_types: dict[str, Incomplete]) -> None: ...
     @property
-    def response_types(self): ...
+    def response_types(self) -> dict[str, Incomplete]: ...
     @property
-    def default_response_type(self): ...
+    def default_response_type(self) -> str: ...
     @property
     def default_response_type_handler(self): ...
     @property

stubs/oauthlib/oauthlib/oauth2/rfc6749/endpoints/introspect.pyi

@@ -1,20 +1,20 @@
-from _typeshed import Incomplete
 from logging import Logger
-from typing import Any
+from typing import Literal
 
 from oauthlib.common import Request, _HTTPMethod
 
+from ..request_validator import RequestValidator
 from .base import BaseEndpoint
 
 log: Logger
 
 class IntrospectEndpoint(BaseEndpoint):
-    valid_token_types: Any
-    valid_request_methods: Any
-    request_validator: Any
-    supported_token_types: Any
-    def __init__(self, request_validator, supported_token_types: Incomplete | None = None) -> None: ...
+    valid_token_types: tuple[Literal["access_token"], Literal["refresh_token"]]
+    valid_request_methods: tuple[Literal["POST"]]
+    request_validator: RequestValidator
+    supported_token_types: tuple[str, ...]
+    def __init__(self, request_validator: RequestValidator, supported_token_types: tuple[str, ...] | None = None) -> None: ...
     def create_introspect_response(
         self, uri: str, http_method: _HTTPMethod = "POST", body: str | None = None, headers: dict[str, str] | None = None
-    ): ...
+    ) -> tuple[dict[str, str], str, int]: ...
     def validate_introspect_request(self, request: Request) -> None: ...

stubs/oauthlib/oauthlib/oauth2/rfc6749/endpoints/metadata.pyi

@@ -1,24 +1,27 @@
+from _typeshed import Incomplete
+from collections.abc import Iterable
 from logging import Logger
-from typing import Any
 
 from .base import BaseEndpoint
 
 log: Logger
 
 class MetadataEndpoint(BaseEndpoint):
-    raise_errors: Any
-    endpoints: Any
-    initial_claims: Any
-    claims: Any
-    def __init__(self, endpoints, claims={}, raise_errors: bool = True) -> None: ...
+    raise_errors: bool
+    endpoints: Iterable[BaseEndpoint]
+    initial_claims: dict[str, Incomplete]
+    claims: dict[str, Incomplete]
+    def __init__(
+        self, endpoints: Iterable[BaseEndpoint], claims: dict[str, Incomplete] = {}, raise_errors: bool = True
+    ) -> None: ...
     def create_metadata_response(
         self, uri: str, http_method: str = "GET", body: str | None = None, headers: dict[str, str] | None = None
-    ): ...
+    ) -> tuple[dict[str, str], str, int]: ...
     def validate_metadata(
         self, array, key, is_required: bool = False, is_list: bool = False, is_url: bool = False, is_issuer: bool = False
     ) -> None: ...
-    def validate_metadata_token(self, claims, endpoint) -> None: ...
-    def validate_metadata_authorization(self, claims, endpoint): ...
-    def validate_metadata_revocation(self, claims, endpoint) -> None: ...
-    def validate_metadata_introspection(self, claims, endpoint) -> None: ...
-    def validate_metadata_server(self): ...
+    def validate_metadata_token(self, claims, endpoint: BaseEndpoint) -> None: ...
+    def validate_metadata_authorization(self, claims, endpoint: BaseEndpoint): ...
+    def validate_metadata_revocation(self, claims, endpoint: BaseEndpoint) -> None: ...
+    def validate_metadata_introspection(self, claims, endpoint: BaseEndpoint) -> None: ...
+    def validate_metadata_server(self) -> dict[str, Incomplete]: ...

stubs/oauthlib/oauthlib/oauth2/rfc6749/endpoints/pre_configured.pyi

@@ -1,6 +1,17 @@
-from _typeshed import Incomplete
-from typing import Any
+from _typeshed import Unused
+from collections.abc import Callable
 
+from oauthlib.common import Request
+
+from ..grant_types import (
+    AuthorizationCodeGrant,
+    ClientCredentialsGrant,
+    ImplicitGrant,
+    RefreshTokenGrant,
+    ResourceOwnerPasswordCredentialsGrant,
+)
+from ..request_validator import RequestValidator
+from ..tokens import BearerToken
 from .authorization import AuthorizationEndpoint
 from .introspect import IntrospectEndpoint
 from .resource import ResourceEndpoint
@@ -8,68 +19,63 @@ from .revocation import RevocationEndpoint
 from .token import TokenEndpoint
 
 class Server(AuthorizationEndpoint, IntrospectEndpoint, TokenEndpoint, ResourceEndpoint, RevocationEndpoint):
-    auth_grant: Any
-    implicit_grant: Any
-    password_grant: Any
-    credentials_grant: Any
-    refresh_grant: Any
-    bearer: Any
+    auth_grant: AuthorizationCodeGrant
+    implicit_grant: ImplicitGrant
+    password_grant: ResourceOwnerPasswordCredentialsGrant
+    credentials_grant: ClientCredentialsGrant
+    refresh_grant: RefreshTokenGrant
+    bearer: BearerToken
     def __init__(
         self,
-        request_validator,
-        token_expires_in: Incomplete | None = None,
-        token_generator: Incomplete | None = None,
-        refresh_token_generator: Incomplete | None = None,
-        *args,
-        **kwargs,
+        request_validator: RequestValidator,
+        token_expires_in: int | Callable[[Request], int] | None = None,
+        token_generator: Callable[[Request], str] | None = None,
+        refresh_token_generator: Callable[[Request], str] | None = None,
+        *args: Unused,
     ) -> None: ...
 
 class WebApplicationServer(AuthorizationEndpoint, IntrospectEndpoint, TokenEndpoint, ResourceEndpoint, RevocationEndpoint):
-    auth_grant: Any
-    refresh_grant: Any
-    bearer: Any
+    auth_grant: AuthorizationCodeGrant
+    refresh_grant: RefreshTokenGrant
+    bearer: BearerToken
     def __init__(
         self,
-        request_validator,
-        token_generator: Incomplete | None = None,
-        token_expires_in: Incomplete | None = None,
-        refresh_token_generator: Incomplete | None = None,
-        **kwargs,
+        request_validator: RequestValidator,
+        token_generator: Callable[[Request], str] | None = None,
+        token_expires_in: int | Callable[[Request], int] | None = None,
+        refresh_token_generator: Callable[[Request], str] | None = None,
     ) -> None: ...
 
 class MobileApplicationServer(AuthorizationEndpoint, IntrospectEndpoint, ResourceEndpoint, RevocationEndpoint):
-    implicit_grant: Any
-    bearer: Any
+    implicit_grant: ImplicitGrant
+    bearer: BearerToken
     def __init__(
         self,
-        request_validator,
-        token_generator: Incomplete | None = None,
-        token_expires_in: Incomplete | None = None,
-        refresh_token_generator: Incomplete | None = None,
-        **kwargs,
+        request_validator: RequestValidator,
+        token_generator: Callable[[Request], str] | None = None,
+        token_expires_in: int | Callable[[Request], int] | None = None,
+        refresh_token_generator: Callable[[Request], str] | None = None,
     ) -> None: ...
 
 class LegacyApplicationServer(TokenEndpoint, IntrospectEndpoint, ResourceEndpoint, RevocationEndpoint):
-    password_grant: Any
-    refresh_grant: Any
-    bearer: Any
+    password_grant: ResourceOwnerPasswordCredentialsGrant
+    refresh_grant: RefreshTokenGrant
+    bearer: BearerToken
     def __init__(
         self,
-        request_validator,
-        token_generator: Incomplete | None = None,
-        token_expires_in: Incomplete | None = None,
-        refresh_token_generator: Incomplete | None = None,
-        **kwargs,
+        request_validator: RequestValidator,
+        token_generator: Callable[[Request], str] | None = None,
+        token_expires_in: int | Callable[[Request], int] | None = None,
+        refresh_token_generator: Callable[[Request], str] | None = None,
     ) -> None: ...
 
 class BackendApplicationServer(TokenEndpoint, IntrospectEndpoint, ResourceEndpoint, RevocationEndpoint):
-    credentials_grant: Any
-    bearer: Any
+    credentials_grant: ClientCredentialsGrant
+    bearer: BearerToken
     def __init__(
         self,
-        request_validator,
-        token_generator: Incomplete | None = None,
-        token_expires_in: Incomplete | None = None,
-        refresh_token_generator: Incomplete | None = None,
-        **kwargs,
+        request_validator: RequestValidator,
+        token_generator: Callable[[Request], str] | None = None,
+        token_expires_in: int | Callable[[Request], int] | None = None,
+        refresh_token_generator: Callable[[Request], str] | None = None,
     ) -> None: ...

stubs/oauthlib/oauthlib/oauth2/rfc6749/endpoints/resource.pyi

@@ -8,19 +8,19 @@ from .base import BaseEndpoint
 log: Logger
 
 class ResourceEndpoint(BaseEndpoint):
-    def __init__(self, default_token, token_types) -> None: ...
+    def __init__(self, default_token: str, token_types: dict[str, Incomplete]) -> None: ...
     @property
-    def default_token(self): ...
+    def default_token(self) -> str: ...
     @property
     def default_token_type_handler(self): ...
     @property
-    def tokens(self): ...
+    def tokens(self) -> dict[str, Incomplete]: ...
     def verify_request(
         self,
-        uri,
+        uri: str,
         http_method: _HTTPMethod = "GET",
         body: str | None = None,
         headers: dict[str, str] | None = None,
         scopes: Incomplete | None = None,
-    ): ...
+    ) -> tuple[bool, Request]: ...
     def find_token_type(self, request: Request): ...

stubs/oauthlib/oauthlib/oauth2/rfc6749/endpoints/revocation.pyi

@@ -1,23 +1,26 @@
-from _typeshed import Incomplete
 from logging import Logger
-from typing import Any
+from typing import Literal
 
 from oauthlib.common import Request, _HTTPMethod
 
+from ..request_validator import RequestValidator
 from .base import BaseEndpoint
 
 log: Logger
 
 class RevocationEndpoint(BaseEndpoint):
-    valid_token_types: Any
-    valid_request_methods: Any
-    request_validator: Any
-    supported_token_types: Any
-    enable_jsonp: Any
+    valid_token_types: tuple[Literal["access_token"], Literal["refresh_token"]]
+    valid_request_methods: tuple[Literal["POST"]]
+    request_validator: RequestValidator
+    supported_token_types: tuple[str, ...]
+    enable_jsonp: bool
     def __init__(
-        self, request_validator, supported_token_types: Incomplete | None = None, enable_jsonp: bool = False
+        self,
+        request_validator: RequestValidator,
+        supported_token_types: tuple[str, ...] | None = None,
+        enable_jsonp: bool = False,
     ) -> None: ...
     def create_revocation_response(
         self, uri: str, http_method: _HTTPMethod = "POST", body: str | None = None, headers: dict[str, str] | None = None
-    ): ...
+    ) -> tuple[dict[str, str], str, int]: ...
     def validate_revocation_request(self, request: Request) -> None: ...

stubs/oauthlib/oauthlib/oauth2/rfc6749/endpoints/token.pyi

@@ -1,5 +1,6 @@
 from _typeshed import Incomplete
 from logging import Logger
+from typing import Literal
 
 from oauthlib.common import Request, _HTTPMethod
 
@@ -8,16 +9,16 @@ from .base import BaseEndpoint
 log: Logger
 
 class TokenEndpoint(BaseEndpoint):
-    valid_request_methods: tuple[str]
-    def __init__(self, default_grant_type, default_token_type, grant_types) -> None: ...
+    valid_request_methods: tuple[Literal["POST"]]
+    def __init__(self, default_grant_type: str, default_token_type: str, grant_types: dict[str, Incomplete]) -> None: ...
     @property
-    def grant_types(self): ...
+    def grant_types(self) -> dict[str, Incomplete]: ...
     @property
-    def default_grant_type(self): ...
+    def default_grant_type(self) -> str: ...
     @property
     def default_grant_type_handler(self): ...
     @property
-    def default_token_type(self): ...
+    def default_token_type(self) -> str: ...
     def create_token_response(
         self,
         uri: str,

stubs/oauthlib/oauthlib/oauth2/rfc6749/errors.pyi

@@ -8,24 +8,24 @@ class OAuth2Error(Exception):
     status_code: int
     description: str
     uri: str | None
-    state: Any
-    redirect_uri: Any
-    client_id: Any
+    state: str | None
+    redirect_uri: str | None
+    client_id: str | None
     scopes: Any
-    response_type: Any
-    response_mode: Any
-    grant_type: Any
+    response_type: str | None
+    response_mode: str | None
+    grant_type: str | None
     def __init__(
         self,
         description: str | None = None,
         uri: str | None = None,
-        state: Incomplete | None = None,
+        state: str | None = None,
         status_code: int | None = None,
         request: Request | None = None,
     ) -> None: ...
     def in_uri(self, uri: str) -> str: ...
     @property
-    def twotuples(self) -> list[tuple[str, Incomplete | str | None]]: ...
+    def twotuples(self) -> list[tuple[str, str | None]]: ...
     @property
     def urlencoded(self) -> str: ...
     @property
@@ -142,7 +142,7 @@ class CustomOAuth2Error(OAuth2Error):
         error: str,
         description: str | None = None,
         uri: str | None = None,
-        state: Incomplete | None = None,
+        state: str | None = None,
         status_code: int | None = None,
         request: Request | None = None,
     ) -> None: ...

stubs/oauthlib/oauthlib/oauth2/rfc6749/tokens.pyi

@@ -54,12 +54,12 @@ class BearerToken(TokenBase):
     request_validator: RequestValidator | None
     token_generator: Callable[[Request], str]
     refresh_token_generator: Callable[[Request], str]
-    expires_in: int
+    expires_in: int | Callable[[Request], int]
     def __init__(
         self,
         request_validator: RequestValidator | None = None,
         token_generator: Callable[[Request], str] | None = None,
-        expires_in: int | None = None,
+        expires_in: int | Callable[[Request], int] | None = None,
         refresh_token_generator: Callable[[Request], str] | None = None,
     ) -> None: ...
     def create_token(self, request: Request, refresh_token: bool = False, **kwargs) -> OAuth2Token: ...

stubs/oauthlib/oauthlib/openid/connect/core/endpoints/pre_configured.pyi

@@ -1,5 +1,5 @@
+from _typeshed import Unused
 from collections.abc import Callable
-from typing import Any
 
 from oauthlib.common import Request
 from oauthlib.oauth2.rfc6749.endpoints import (
@@ -48,6 +48,5 @@ class Server(AuthorizationEndpoint, IntrospectEndpoint, TokenEndpoint, ResourceE
         token_expires_in: int | Callable[[Request], int] | None = None,
         token_generator: Callable[[Request], str] | None = None,
         refresh_token_generator: Callable[[Request], str] | None = None,
-        *args: Any,  # actually, these are not used
-        **kwargs: Any,  # actually, these are not used
+        *args: Unused,
     ) -> None: ...