Update authlib to 1.5.* (#13540)

Author: srittau

stubs/Authlib/@tests/stubtest_allowlist.txt

@@ -1,3 +1,4 @@
+# TODO: check these entries
 authlib.jose.ECKey.PRIVATE_KEY_CLS
 authlib.jose.ECKey.PUBLIC_KEY_CLS
 authlib.jose.RSAKey.PRIVATE_KEY_CLS
@@ -29,8 +30,4 @@ authlib.oauth2.rfc7521.AssertionClient.oauth_error_class
 authlib.oauth2.rfc7521.client.AssertionClient.oauth_error_class
 authlib.oauth2.rfc7523.JWTBearerTokenValidator.token_cls
 authlib.oauth2.rfc7523.validator.JWTBearerTokenValidator.token_cls
-authlib.oauth2.rfc7591.ClientRegistrationEndpoint.claims_class
-authlib.oauth2.rfc7591.endpoint.ClientRegistrationEndpoint.claims_class
-authlib.oauth2.rfc7592.ClientConfigurationEndpoint.claims_class
-authlib.oauth2.rfc7592.endpoint.ClientConfigurationEndpoint.claims_class
 authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate

stubs/Authlib/METADATA.toml

@@ -1,4 +1,4 @@
-version = "1.4.*"
+version = "1.5.0"
 upstream_repository = "https://github.com/lepture/authlib"
 requires = ["cryptography"]
 partial_stub = true

stubs/Authlib/authlib/consts.pyi

@@ -1,6 +1,6 @@
 from typing import Final
 
-name: Final[str]
+name: Final = "Authlib"
 version: Final[str]
 author: Final[str]
 homepage: Final[str]

stubs/Authlib/authlib/jose/rfc7519/claims.pyi

@@ -1,16 +1,17 @@
 from _typeshed import Incomplete
+from typing import Any, ClassVar
 
-class BaseClaims(dict[str, object]):
-    REGISTERED_CLAIMS: list[str]
+class BaseClaims(dict[str, Any]):  # dict values are key-dependent
+    REGISTERED_CLAIMS: ClassVar[list[str]]
     header: Incomplete
     options: Incomplete
     params: Incomplete
     def __init__(self, payload, header, options: Incomplete | None = None, params: Incomplete | None = None) -> None: ...
-    def __getattr__(self, key): ...
-    def get_registered_claims(self): ...
+    # TODO: Adds an attribute for each key in REGISTERED_CLAIMS
+    def __getattr__(self, key: str): ...
+    def get_registered_claims(self) -> dict[str, Incomplete]: ...
 
 class JWTClaims(BaseClaims):
-    REGISTERED_CLAIMS: list[str]
     def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ...
     def validate_iss(self) -> None: ...
     def validate_sub(self) -> None: ...

stubs/Authlib/authlib/oauth2/rfc7523/client.pyi

@@ -1,12 +1,13 @@
-from _typeshed import Incomplete
+from typing import Final
 
-ASSERTION_TYPE: str
+ASSERTION_TYPE: Final[str]
 
 class JWTBearerClientAssertion:
-    CLIENT_ASSERTION_TYPE = ASSERTION_TYPE
-    CLIENT_AUTH_METHOD: str
-    token_url: Incomplete
-    def __init__(self, token_url, validate_jti: bool = True) -> None: ...
+    CLIENT_ASSERTION_TYPE: Final[str]
+    CLIENT_AUTH_METHOD: Final[str]
+    token_url: str
+    leeway: int
+    def __init__(self, token_url: str, validate_jti: bool = True, leeway: int = 60) -> None: ...
     def __call__(self, query_client, request): ...
     def create_claims_options(self): ...
     def process_assertion_claims(self, assertion, resolve_key): ...

stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi

@@ -1,9 +1,10 @@
 from _typeshed import Incomplete
+from collections.abc import Mapping
+from typing import Any
 
 from authlib.jose import BaseClaims
 
 class ClientMetadataClaims(BaseClaims):
-    REGISTERED_CLAIMS: Incomplete
     def validate(self) -> None: ...
     def validate_redirect_uris(self) -> None: ...
     def validate_token_endpoint_auth_method(self) -> None: ...
@@ -20,3 +21,5 @@ class ClientMetadataClaims(BaseClaims):
     def validate_jwks(self) -> None: ...
     def validate_software_id(self) -> None: ...
     def validate_software_version(self) -> None: ...
+    @classmethod
+    def get_claims_options(cls, metadata: Mapping[str, Incomplete]) -> dict[str, Any]: ...  # dict values are key-dependent

stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi

@@ -1,18 +1,16 @@
 from _typeshed import Incomplete
-
-from authlib.oauth2.rfc7591 import ClientMetadataClaims
+from typing import Final
 
 class ClientRegistrationEndpoint:
-    ENDPOINT_NAME: str
-    claims_class = ClientMetadataClaims
+    ENDPOINT_NAME: Final = "client_registration"
     software_statement_alg_values_supported: Incomplete
     server: Incomplete
-    def __init__(self, server) -> None: ...
-    def __call__(self, request): ...
+    claims_classes: list[type[Incomplete]]
+    def __init__(self, server: Incomplete | None = None, claims_classes: list[type[Incomplete]] | None = None) -> None: ...
+    def __call__(self, request) -> dict[Incomplete, Incomplete]: ...
     def create_registration_response(self, request): ...
     def extract_client_metadata(self, request): ...
     def extract_software_statement(self, software_statement, request): ...
-    def get_claims_options(self): ...
     def generate_client_info(self): ...
     def generate_client_registration_info(self, client, request) -> None: ...
     def create_endpoint_request(self, request): ...

stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi

@@ -1,20 +1,18 @@
 from _typeshed import Incomplete
-
-from authlib.oauth2.rfc7591 import ClientMetadataClaims
+from typing import Final
 
 class ClientConfigurationEndpoint:
-    ENDPOINT_NAME: str
-    claims_class = ClientMetadataClaims
+    ENDPOINT_NAME: Final = "client_configuration"
     server: Incomplete
-    def __init__(self, server) -> None: ...
+    claims_classes: list[type[Incomplete]]
+    def __init__(self, server: Incomplete | None = None, claims_classes: list[type[Incomplete]] | None = None) -> None: ...
     def __call__(self, request): ...
     def create_configuration_response(self, request): ...
     def create_endpoint_request(self, request): ...
     def create_read_client_response(self, client, request): ...
     def create_delete_client_response(self, client, request): ...
     def create_update_client_response(self, client, request): ...
     def extract_client_metadata(self, request): ...
-    def get_claims_options(self): ...
     def introspect_client(self, client): ...
     def generate_client_registration_info(self, client, request) -> None: ...
     def authenticate_token(self, request) -> None: ...

stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi

@@ -3,7 +3,6 @@ from _typeshed import Incomplete
 from authlib.jose import JWTClaims
 
 class JWTAccessTokenClaims(JWTClaims):
-    REGISTERED_CLAIMS: Incomplete
     def validate(self, now: Incomplete | None = None, leeway: int = 0, **kwargs) -> None: ...
     def validate_typ(self) -> None: ...
     def validate_client_id(self): ...

stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi

@@ -0,0 +1,3 @@
+from .parameter import IssuerParameter as IssuerParameter
+
+__all__ = ["IssuerParameter"]

stubs/Authlib/authlib/oauth2/rfc9207/parameter.pyi

@@ -0,0 +1,4 @@
+class IssuerParameter:
+    def __call__(self, grant) -> None: ...
+    def add_issuer_parameter(self, hook_type: str, response) -> None: ...
+    def get_issuer(self) -> str | None: ...

stubs/Authlib/authlib/oidc/core/claims.pyi

@@ -16,17 +16,14 @@ class IDToken(JWTClaims):
 
 class CodeIDToken(IDToken):
     RESPONSE_TYPES: Incomplete
-    REGISTERED_CLAIMS: Incomplete
 
 class ImplicitIDToken(IDToken):
     RESPONSE_TYPES: Incomplete
     ESSENTIAL_CLAIMS: Incomplete
-    REGISTERED_CLAIMS: Incomplete
     def validate_at_hash(self) -> None: ...
 
 class HybridIDToken(ImplicitIDToken):
     RESPONSE_TYPES: Incomplete
-    REGISTERED_CLAIMS: Incomplete
     def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ...
     def validate_c_hash(self) -> None: ...
 

stubs/Authlib/authlib/oidc/core/grants/util.pyi

@@ -14,5 +14,6 @@ def generate_id_token(
     nonce: str | None = None,
     auth_time: int | None = None,
     code: str | None = None,
+    kid: str | None = None,
 ) -> str: ...
 def create_response_mode_response(redirect_uri, params, response_mode): ...

stubs/Authlib/authlib/oidc/registration/__init__.pyi

@@ -0,0 +1,3 @@
+from .claims import ClientMetadataClaims as ClientMetadataClaims
+
+__all__ = ["ClientMetadataClaims"]

stubs/Authlib/authlib/oidc/registration/claims.pyi

@@ -0,0 +1,29 @@
+from _typeshed import Incomplete
+from collections.abc import Mapping
+
+from authlib.jose import BaseClaims
+
+class ClientMetadataClaims(BaseClaims):
+    def validate(self) -> None: ...
+    # The "cls" argument is called "self" in the actual implementation,
+    # but stubtest will not allow that.
+    @classmethod
+    def get_claims_options(cls, metadata: Mapping[str, Incomplete]) -> dict[str, Incomplete]: ...
+    def validate_token_endpoint_auth_signing_alg(self) -> None: ...
+    def validate_application_type(self) -> None: ...
+    def validate_sector_identifier_uri(self) -> None: ...
+    def validate_subject_type(self) -> None: ...
+    def validate_id_token_signed_response_alg(self) -> None: ...
+    def validate_id_token_encrypted_response_alg(self) -> None: ...
+    def validate_id_token_encrypted_response_enc(self) -> None: ...
+    def validate_userinfo_signed_response_alg(self) -> None: ...
+    def validate_userinfo_encrypted_response_alg(self) -> None: ...
+    def validate_userinfo_encrypted_response_enc(self) -> None: ...
+    def validate_default_max_age(self) -> None: ...
+    def validate_require_auth_time(self) -> None: ...
+    def validate_default_acr_values(self) -> None: ...
+    def validate_initiate_login_uri(self) -> None: ...
+    def validate_request_object_signing_alg(self) -> None: ...
+    def validate_request_object_encryption_alg(self) -> None: ...
+    def validate_request_object_encryption_enc(self) -> None: ...
+    def validate_request_uris(self) -> None: ...