From 61f1e833398fb79e9393b6dad9bb6b5f1cfe2f17 Mon Sep 17 00:00:00 2001 From: donbarbos Date: Sat, 9 May 2026 12:53:31 +0400 Subject: [PATCH] [Authlib] Update to 1.7.1 Closes: #15649 Diff: https://github.com/authlib/authlib/compare/v1.6.11...v1.7.1 --- stubs/Authlib/METADATA.toml | 2 +- stubs/Authlib/authlib/deprecate.pyi | 4 +-- .../integrations/base_client/async_openid.pyi | 4 +++ .../integrations/base_client/sync_openid.pyi | 12 ++++++- .../integrations/django_client/apps.pyi | 17 ++++++++++ .../integrations/flask_client/apps.pyi | 9 ++++++ .../integrations/starlette_client/apps.pyi | 19 +++++++++++- stubs/Authlib/authlib/jose/rfc7519/claims.pyi | 8 ++--- stubs/Authlib/authlib/oauth2/claims.pyi | 31 +++++++++++++++++++ .../authlib/oauth2/rfc6749/__init__.pyi | 3 ++ .../oauth2/rfc6749/authorization_server.pyi | 4 ++- .../authlib/oauth2/rfc6749/endpoint.pyi | 20 ++++++++++++ .../authlib/oauth2/rfc6749/requests.pyi | 3 +- .../authlib/oauth2/rfc6749/token_endpoint.pyi | 10 +++--- .../Authlib/authlib/oauth2/rfc6750/errors.pyi | 12 +++++-- .../authlib/oauth2/rfc7523/assertion.pyi | 30 +++++++++++++++--- stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi | 4 +-- .../Authlib/authlib/oauth2/rfc7523/client.pyi | 23 ++++++++------ .../authlib/oauth2/rfc7523/jwt_bearer.pyi | 10 +++--- .../authlib/oauth2/rfc7523/validator.pyi | 11 +++---- .../Authlib/authlib/oauth2/rfc7591/claims.pyi | 4 +-- .../authlib/oauth2/rfc7591/endpoint.pyi | 12 +++---- .../Authlib/authlib/oauth2/rfc8414/models.pyi | 5 +-- .../Authlib/authlib/oauth2/rfc9068/claims.pyi | 19 ++++++------ .../authlib/oauth2/rfc9068/introspection.pyi | 7 +++-- .../Authlib/authlib/oauth2/rfc9068/token.pyi | 2 +- .../oauth2/rfc9068/token_validator.pyi | 10 ++++-- .../oauth2/rfc9101/authorization_server.pyi | 4 ++- .../authlib/oauth2/rfc9101/registration.pyi | 4 ++- .../authlib/oauth2/rfc9207/__init__.pyi | 3 +- .../authlib/oauth2/rfc9207/discovery.pyi | 5 +++ stubs/Authlib/authlib/oidc/core/claims.pyi | 5 +-- .../authlib/oidc/core/grants/_legacy.pyi | 11 +++++++ .../Authlib/authlib/oidc/core/grants/code.pyi | 13 +++++--- .../authlib/oidc/core/grants/implicit.pyi | 8 ++--- stubs/Authlib/authlib/oidc/core/userinfo.pyi | 3 +- .../authlib/oidc/registration/claims.pyi | 4 +-- .../authlib/oidc/rpinitiated/__init__.pyi | 5 +++ .../authlib/oidc/rpinitiated/discovery.pyi | 5 +++ .../authlib/oidc/rpinitiated/end_session.pyi | 27 ++++++++++++++++ .../authlib/oidc/rpinitiated/registration.pyi | 7 +++++ 41 files changed, 309 insertions(+), 90 deletions(-) create mode 100644 stubs/Authlib/authlib/oauth2/claims.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc6749/endpoint.pyi create mode 100644 stubs/Authlib/authlib/oauth2/rfc9207/discovery.pyi create mode 100644 stubs/Authlib/authlib/oidc/core/grants/_legacy.pyi create mode 100644 stubs/Authlib/authlib/oidc/rpinitiated/__init__.pyi create mode 100644 stubs/Authlib/authlib/oidc/rpinitiated/discovery.pyi create mode 100644 stubs/Authlib/authlib/oidc/rpinitiated/end_session.pyi create mode 100644 stubs/Authlib/authlib/oidc/rpinitiated/registration.pyi diff --git a/stubs/Authlib/METADATA.toml b/stubs/Authlib/METADATA.toml index 5c2a9e76e1ed..d1caa2695ab4 100644 --- a/stubs/Authlib/METADATA.toml +++ b/stubs/Authlib/METADATA.toml @@ -1,3 +1,3 @@ -version = "1.6.11" +version = "1.7.1" upstream-repository = "https://github.com/authlib/authlib" dependencies = ["cryptography"] diff --git a/stubs/Authlib/authlib/deprecate.pyi b/stubs/Authlib/authlib/deprecate.pyi index 201ceb6a53b2..cb8b6991a7d8 100644 --- a/stubs/Authlib/authlib/deprecate.pyi +++ b/stubs/Authlib/authlib/deprecate.pyi @@ -1,5 +1,3 @@ class AuthlibDeprecationWarning(DeprecationWarning): ... -def deprecate( - message: str, version: str | None = None, link_uid: str | None = None, link_file: str | None = None, stacklevel: int = 3 -) -> None: ... +def deprecate(message: str, version: str | None = None, stacklevel: int = 3) -> None: ... diff --git a/stubs/Authlib/authlib/integrations/base_client/async_openid.pyi b/stubs/Authlib/authlib/integrations/base_client/async_openid.pyi index 702bed62fba3..3213ac6631b0 100644 --- a/stubs/Authlib/authlib/integrations/base_client/async_openid.pyi +++ b/stubs/Authlib/authlib/integrations/base_client/async_openid.pyi @@ -1,3 +1,4 @@ +from authlib.integrations.base_client.sync_openid import _LogoutData from authlib.oidc.core.claims import UserInfo __all__ = ["AsyncOpenIDMixin"] @@ -6,3 +7,6 @@ class AsyncOpenIDMixin: async def fetch_jwk_set(self, force: bool = False): ... async def userinfo(self, **kwargs) -> UserInfo: ... async def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120) -> UserInfo: ... + async def create_logout_url( + self, post_logout_redirect_uri=None, id_token_hint=None, state=None, *, client_id=None, logout_hint=None, ui_locales=None + ) -> _LogoutData: ... diff --git a/stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi b/stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi index a78b26b4f6fc..5bd8eb1de7da 100644 --- a/stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi +++ b/stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi @@ -1,7 +1,17 @@ +from _typeshed import Incomplete +from typing import TypedDict, type_check_only + from authlib.oidc.core.claims import UserInfo +@type_check_only +class _LogoutData(TypedDict): + url: str + state: Incomplete + class OpenIDMixin: def fetch_jwk_set(self, force: bool = False): ... def userinfo(self, **kwargs) -> UserInfo: ... def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120) -> UserInfo | None: ... - def create_load_key(self): ... + def create_logout_url( + self, post_logout_redirect_uri=None, id_token_hint=None, state=None, *, client_id=None, logout_hint=None, ui_locales=None + ) -> _LogoutData: ... diff --git a/stubs/Authlib/authlib/integrations/django_client/apps.pyi b/stubs/Authlib/authlib/integrations/django_client/apps.pyi index 895db81ec120..1325168c1fc4 100644 --- a/stubs/Authlib/authlib/integrations/django_client/apps.pyi +++ b/stubs/Authlib/authlib/integrations/django_client/apps.pyi @@ -1,6 +1,11 @@ +from _typeshed import Incomplete +from typing import TypeAlias + from ..base_client import BaseApp, OAuth1Mixin, OAuth2Mixin, OpenIDMixin from ..requests_client import OAuth1Session, OAuth2Session +_HttpResponseRedirect: TypeAlias = Incomplete # actual type is django.http.response.HttpResponseRedirect + class DjangoAppMixin: def save_authorize_data(self, request, **kwargs) -> None: ... def authorize_redirect(self, request, redirect_uri=None, **kwargs): ... @@ -11,4 +16,16 @@ class DjangoOAuth1App(DjangoAppMixin, OAuth1Mixin, BaseApp): class DjangoOAuth2App(DjangoAppMixin, OAuth2Mixin, OpenIDMixin, BaseApp): client_cls = OAuth2Session + def logout_redirect( + self, + request, + post_logout_redirect_uri=None, + id_token_hint=None, + *, + state=None, + client_id=None, + logout_hint=None, + ui_locales=None, + ) -> _HttpResponseRedirect: ... + def validate_logout_response(self, request): ... def authorize_access_token(self, request, **kwargs): ... diff --git a/stubs/Authlib/authlib/integrations/flask_client/apps.pyi b/stubs/Authlib/authlib/integrations/flask_client/apps.pyi index b0225ab249aa..d9194680eee3 100644 --- a/stubs/Authlib/authlib/integrations/flask_client/apps.pyi +++ b/stubs/Authlib/authlib/integrations/flask_client/apps.pyi @@ -1,6 +1,11 @@ +from _typeshed import Incomplete +from typing import TypeAlias + from ..base_client import BaseApp, OAuth1Mixin, OAuth2Mixin, OpenIDMixin from ..requests_client import OAuth1Session, OAuth2Session +_Response: TypeAlias = Incomplete # actual type is werkzeug.wrappers.Response + class FlaskAppMixin: @property def token(self): ... @@ -15,4 +20,8 @@ class FlaskOAuth1App(FlaskAppMixin, OAuth1Mixin, BaseApp): class FlaskOAuth2App(FlaskAppMixin, OAuth2Mixin, OpenIDMixin, BaseApp): client_cls = OAuth2Session + def logout_redirect( + self, post_logout_redirect_uri=None, id_token_hint=None, *, state=None, client_id=None, logout_hint=None, ui_locales=None + ) -> _Response: ... + def validate_logout_response(self): ... def authorize_access_token(self, **kwargs): ... diff --git a/stubs/Authlib/authlib/integrations/starlette_client/apps.pyi b/stubs/Authlib/authlib/integrations/starlette_client/apps.pyi index c5118f638285..47b6267c4430 100644 --- a/stubs/Authlib/authlib/integrations/starlette_client/apps.pyi +++ b/stubs/Authlib/authlib/integrations/starlette_client/apps.pyi @@ -1,11 +1,16 @@ +from _typeshed import Incomplete +from typing import TypeAlias + from ..base_client import BaseApp from ..base_client.async_app import AsyncOAuth1Mixin, AsyncOAuth2Mixin from ..base_client.async_openid import AsyncOpenIDMixin from ..httpx_client import AsyncOAuth1Client, AsyncOAuth2Client +_RedirectResponse: TypeAlias = Incomplete # actual type is starlette.responses.RedirectResponse + class StarletteAppMixin: async def save_authorize_data(self, request, **kwargs) -> None: ... - async def authorize_redirect(self, request, redirect_uri=None, **kwargs): ... + async def authorize_redirect(self, request, redirect_uri=None, **kwargs) -> _RedirectResponse: ... class StarletteOAuth1App(StarletteAppMixin, AsyncOAuth1Mixin, BaseApp): client_cls = AsyncOAuth1Client @@ -13,4 +18,16 @@ class StarletteOAuth1App(StarletteAppMixin, AsyncOAuth1Mixin, BaseApp): class StarletteOAuth2App(StarletteAppMixin, AsyncOAuth2Mixin, AsyncOpenIDMixin, BaseApp): client_cls = AsyncOAuth2Client + async def logout_redirect( + self, + request, + post_logout_redirect_uri=None, + id_token_hint=None, + *, + state=None, + client_id=None, + logout_hint=None, + ui_locales=None, + ) -> _RedirectResponse: ... + async def validate_logout_response(self, request): ... async def authorize_access_token(self, request, **kwargs): ... diff --git a/stubs/Authlib/authlib/jose/rfc7519/claims.pyi b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi index 060f627c483c..55ec2dbf9a73 100644 --- a/stubs/Authlib/authlib/jose/rfc7519/claims.pyi +++ b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi @@ -12,11 +12,11 @@ class BaseClaims(dict[str, Any]): # dict values are key-dependent def get_registered_claims(self) -> dict[str, Incomplete]: ... class JWTClaims(BaseClaims): - def validate(self, now=None, leeway: int = 0) -> None: ... + def validate(self, now: int | None = None, leeway: int = 0) -> None: ... def validate_iss(self) -> None: ... def validate_sub(self) -> None: ... def validate_aud(self) -> None: ... - def validate_exp(self, now, leeway) -> None: ... - def validate_nbf(self, now, leeway) -> None: ... - def validate_iat(self, now, leeway) -> None: ... + def validate_exp(self, now: int, leeway: int) -> None: ... + def validate_nbf(self, now: int, leeway: int) -> None: ... + def validate_iat(self, now: int, leeway: int) -> None: ... def validate_jti(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/claims.pyi b/stubs/Authlib/authlib/oauth2/claims.pyi new file mode 100644 index 000000000000..855151e20dc3 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/claims.pyi @@ -0,0 +1,31 @@ +from _typeshed import Incomplete +from collections.abc import Callable +from typing import Any, TypedDict + +class ClaimsOption(TypedDict, total=False): + essential: bool + allow_blank: bool | None + value: str | int | bool + values: list[str | int | bool] | list[str] | list[int] | list[bool] + validate: Callable[[BaseClaims, Any], bool] + +class BaseClaims(dict[str, Incomplete]): + registry_cls: Incomplete + REGISTERED_CLAIMS: list[str] + header: dict[str, Any] + options: dict[str, ClaimsOption] + params: dict[str, Any] + def __init__( + self, + claims: dict[str, Any], + header: dict[str, Any], + options: dict[str, ClaimsOption] | None = None, + params: dict[str, Any] | None = None, + ) -> None: ... + def get_registered_claims(self) -> dict[str, Incomplete]: ... + def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ... + +class JWTClaims(BaseClaims): + registry_cls: Incomplete + REGISTERED_CLAIMS: list[str] + def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi index 360b28566411..378c042e688b 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi @@ -1,5 +1,6 @@ from .authenticate_client import ClientAuthentication as ClientAuthentication from .authorization_server import AuthorizationServer as AuthorizationServer +from .endpoint import Endpoint, EndpointRequest from .errors import ( AccessDeniedError as AccessDeniedError, InsecureTransportError as InsecureTransportError, @@ -69,6 +70,8 @@ __all__ = [ "AuthorizationServer", "ResourceProtector", "TokenValidator", + "Endpoint", + "EndpointRequest", "TokenEndpoint", "BaseGrant", "AuthorizationEndpointMixin", diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi index 146fffd4a7e7..45bdb2876764 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi @@ -6,6 +6,7 @@ from authlib.oauth2 import JsonRequest, OAuth2Error, OAuth2Request from authlib.oauth2.rfc6749 import BaseGrant, ClientMixin from authlib.oauth2.rfc6750 import BearerTokenGenerator +from .endpoint import Endpoint, EndpointRequest from .hooks import Hookable _ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]] @@ -37,10 +38,11 @@ class AuthorizationServer(Hookable): def register_grant( self, grant_cls: type[BaseGrant], extensions: Collection[Callable[[BaseGrant], None]] | None = None ) -> None: ... - def register_endpoint(self, endpoint) -> None: ... + def register_endpoint(self, endpoint: type[Endpoint] | Endpoint) -> None: ... def get_authorization_grant(self, request: OAuth2Request) -> BaseGrant: ... def get_consent_grant(self, request=None, end_user=None): ... def get_token_grant(self, request: OAuth2Request) -> BaseGrant: ... + def validate_endpoint_request(self, name, request=None) -> EndpointRequest: ... def create_endpoint_response(self, name, request=None): ... @overload @deprecated("The 'grant' parameter will become mandatory.") diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/endpoint.pyi new file mode 100644 index 000000000000..93d69abc1d52 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/endpoint.pyi @@ -0,0 +1,20 @@ +from _typeshed import Incomplete +from dataclasses import dataclass +from typing import Any + +from .requests import OAuth2Request + +@dataclass +class EndpointRequest: + request: OAuth2Request + client: Any = None + +class Endpoint: + ENDPOINT_NAME: str | None + server: Incomplete + def __init__(self, server=None) -> None: ... + def create_endpoint_request(self, request): ... + def validate_request(self, request: OAuth2Request) -> EndpointRequest: ... + def create_response(self, validated_request: EndpointRequest) -> tuple[int, Any, list[Incomplete]] | None: ... + def create_endpoint_response(self, request: OAuth2Request) -> tuple[int, Any, list[Incomplete]] | None: ... + def __call__(self, request: OAuth2Request) -> tuple[int, Any, list[Incomplete]] | None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi index 40aa69ce3605..db393999a8fc 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi @@ -69,8 +69,9 @@ class OAuth2Request(OAuth2Payload): @deprecated("'request.redirect_uri' is deprecated in favor of 'request.payload.redirect_uri'") def redirect_uri(self) -> str: ... @property - @deprecated("'request.scope' is deprecated in favor of 'request.payload.scope'") def scope(self) -> str: ... + @scope.setter + def scope(self, value: str) -> None: ... @property @deprecated("'request.state' is deprecated in favor of 'request.payload.state'") def state(self) -> str | None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi index 80c20beaf52c..579acec4ab20 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi @@ -1,13 +1,11 @@ from _typeshed import Incomplete -class TokenEndpoint: - ENDPOINT_NAME: Incomplete +from .endpoint import Endpoint + +class TokenEndpoint(Endpoint): + ENDPOINT_NAME: str | None SUPPORTED_TOKEN_TYPES: Incomplete CLIENT_AUTH_METHODS: Incomplete - server: Incomplete - def __init__(self, server) -> None: ... - def __call__(self, request): ... - def create_endpoint_request(self, request): ... def authenticate_endpoint_client(self, request): ... def authenticate_token(self, request, client): ... def create_endpoint_response(self, request): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi b/stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi index 570a94f286f0..4f1576dd0ac4 100644 --- a/stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi @@ -9,8 +9,16 @@ class InvalidTokenError(OAuth2Error): description: str status_code: int realm: Incomplete - extra_attributes: Incomplete - def __init__(self, description=None, uri=None, status_code=None, state=None, realm=None, **extra_attributes) -> None: ... + extra_attributes: dict[str, Incomplete] + def __init__( + self, + description=None, + uri=None, + status_code=None, + state=None, + realm=None, + extra_attributes: dict[str, Incomplete] | None = None, + ) -> None: ... def get_headers(self) -> list[tuple[str, str]]: ... class InsufficientScopeError(OAuth2Error): diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/assertion.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/assertion.pyi index bef3fad2cb8c..e4b5986a41ee 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7523/assertion.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7523/assertion.pyi @@ -1,5 +1,27 @@ def sign_jwt_bearer_assertion( - key, issuer, audience, subject=None, issued_at=None, expires_at=None, claims=None, header=None, **kwargs -) -> bytes: ... -def client_secret_jwt_sign(client_secret, client_id, token_endpoint, alg: str = "HS256", claims=None, **kwargs) -> bytes: ... -def private_key_jwt_sign(private_key, client_id, token_endpoint, alg: str = "RS256", claims=None, **kwargs) -> bytes: ... + key, issuer, audience, subject=None, issued_at=None, expires_at=None, claims=None, header=None, *, alg=None, expires_in=3600 +) -> str: ... +def client_secret_jwt_sign( + client_secret, + client_id, + token_endpoint, + alg: str = "HS256", + claims=None, + *, + issued_at=None, + expires_at=None, + header=None, + expires_in=3600, +) -> str: ... +def private_key_jwt_sign( + private_key, + client_id, + token_endpoint, + alg: str = "RS256", + claims=None, + *, + issued_at=None, + expires_at=None, + header=None, + expires_in=3600, +) -> str: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi index 95e22de2b2de..c6c88e80c984 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi @@ -7,10 +7,10 @@ class ClientSecretJWT: claims: Incomplete headers: Incomplete def __init__(self, token_endpoint=None, claims=None, headers=None, alg=None) -> None: ... - def sign(self, auth, token_endpoint) -> bytes: ... + def sign(self, auth, token_endpoint) -> str: ... def __call__(self, auth, method, uri, headers, body): ... class PrivateKeyJWT(ClientSecretJWT): name: str alg: str - def sign(self, auth, token_endpoint) -> bytes: ... + def sign(self, auth, token_endpoint) -> str: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi index f0c5895f6fc5..fde46ede9a70 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi @@ -1,7 +1,7 @@ +from _typeshed import Incomplete from logging import Logger -from typing import Final - -from authlib.jose.rfc7519.claims import JWTClaims +from typing import Final, overload +from typing_extensions import deprecated ASSERTION_TYPE: Final[str] log: Logger @@ -9,13 +9,18 @@ log: Logger class JWTBearerClientAssertion: CLIENT_ASSERTION_TYPE: Final[str] CLIENT_AUTH_METHOD: Final[str] - token_url: str + token_url: str | None leeway: int - def __init__(self, token_url: str, validate_jti: bool = True, leeway: int = 60) -> None: ... + @overload + @deprecated("The `token_url` parameter is deprecated. Override `get_audiences` instead.") + def __init__(self, token_url: str = ..., validate_jti: bool = True, leeway: int = 60) -> None: ... + @overload + def __init__(self, token_url: None = None, validate_jti: bool = True, leeway: int = 60) -> None: ... def __call__(self, query_client, request): ... - def create_claims_options(self): ... - def process_assertion_claims(self, assertion, resolve_key) -> JWTClaims: ... + def verify_claims(self, claims: dict[str, Incomplete]) -> None: ... + def get_audiences(self) -> list[str]: ... + def process_assertion_claims(self, assertion, resolve_key) -> dict[str, Incomplete]: ... def authenticate_client(self, client): ... - def create_resolve_key_func(self, query_client, request): ... + def extract_assertion(self, assertion: str) -> tuple[dict[str, Incomplete], Incomplete]: ... def validate_jti(self, claims, jti): ... - def resolve_client_public_key(self, client, headers): ... + def resolve_client_public_key(self, client): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/jwt_bearer.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/jwt_bearer.pyi index ea9209205c03..d50561b210a4 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7523/jwt_bearer.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7523/jwt_bearer.pyi @@ -1,7 +1,7 @@ +from _typeshed import Incomplete from logging import Logger from typing import ClassVar, Final -from authlib.jose.rfc7519.claims import JWTClaims from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin log: Logger @@ -13,11 +13,13 @@ class JWTBearerGrant(BaseGrant, TokenEndpointMixin): LEEWAY: ClassVar[int] @staticmethod def sign(key, issuer, audience, subject=None, issued_at=None, expires_at=None, claims=None, **kwargs): ... - def process_assertion_claims(self, assertion) -> JWTClaims: ... - def resolve_public_key(self, headers, payload): ... + def verify_claims(self, claims: dict[str, Incomplete]) -> None: ... + def process_assertion_claims(self, assertion) -> dict[str, Incomplete]: ... + def extract_assertion(self, assertion: str) -> tuple[dict[str, Incomplete], Incomplete]: ... def validate_token_request(self) -> None: ... def create_token_response(self): ... def resolve_issuer_client(self, issuer): ... - def resolve_client_key(self, client, headers, payload): ... + def resolve_client_public_key(self, client): ... def authenticate_user(self, subject): ... + def get_audiences(self) -> list[str]: ... def has_granted_permission(self, client, user) -> bool: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/validator.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/validator.pyi index e9f1d0c7f535..068756c77c80 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7523/validator.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7523/validator.pyi @@ -1,17 +1,16 @@ from _typeshed import Incomplete -from authlib.jose import JWTClaims from authlib.oauth2.rfc6749 import TokenMixin from authlib.oauth2.rfc6750 import BearerTokenValidator logger: Incomplete -class JWTBearerToken(TokenMixin, JWTClaims): - def check_client(self, client): ... +class JWTBearerToken(TokenMixin, dict[str, Incomplete]): + def check_client(self, client) -> bool: ... def get_scope(self): ... def get_expires_in(self): ... - def is_expired(self): ... - def is_revoked(self): ... + def is_expired(self) -> bool: ... + def is_revoked(self) -> bool: ... class JWTBearerTokenValidator(BearerTokenValidator): TOKEN_TYPE: str @@ -19,4 +18,4 @@ class JWTBearerTokenValidator(BearerTokenValidator): public_key: Incomplete claims_options: Incomplete def __init__(self, public_key, issuer=None, realm=None, **extra_attributes) -> None: ... - def authenticate_token(self, token_string): ... + def authenticate_token(self, token_string: str) -> JWTBearerToken | None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi index e79d2fddca8f..15179250147a 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi @@ -1,11 +1,11 @@ from _typeshed import Incomplete -from collections.abc import Mapping +from collections.abc import Callable, Mapping from typing import Any from authlib.jose import BaseClaims class ClientMetadataClaims(BaseClaims): - def validate(self) -> None: ... + def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ... def validate_redirect_uris(self) -> None: ... def validate_token_endpoint_auth_method(self) -> None: ... def validate_grant_types(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi index d3d94d4427c8..21dde441cee9 100644 --- a/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi @@ -1,20 +1,18 @@ from _typeshed import Incomplete from typing import Final -from authlib.jose import JWTClaims - class ClientRegistrationEndpoint: ENDPOINT_NAME: Final = "client_registration" software_statement_alg_values_supported: Incomplete server: Incomplete claims_classes: list[type[Incomplete]] def __init__(self, server=None, claims_classes: list[type[Incomplete]] | None = None) -> None: ... - def __call__(self, request) -> dict[Incomplete, Incomplete]: ... - def create_registration_response(self, request): ... - def extract_client_metadata(self, request): ... - def extract_software_statement(self, software_statement, request) -> JWTClaims: ... + def __call__(self, request) -> tuple[int, dict[Incomplete, Incomplete], list[tuple[str, str]]]: ... + def create_registration_response(self, request) -> tuple[int, dict[Incomplete, Incomplete], list[tuple[str, str]]]: ... + def extract_client_metadata(self, request) -> dict[Incomplete, Incomplete]: ... + def extract_software_statement(self, software_statement, request) -> dict[str, Incomplete]: ... def generate_client_info(self, request) -> dict[str, Incomplete]: ... - def generate_client_registration_info(self, client, request) -> None: ... + def generate_client_registration_info(self, client, request) -> Incomplete | None: ... def create_endpoint_request(self, request): ... def generate_client_id(self, request) -> str: ... def generate_client_secret(self, request) -> str: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc8414/models.pyi b/stubs/Authlib/authlib/oauth2/rfc8414/models.pyi index 2c3b593ae2ca..117f9c23b848 100644 --- a/stubs/Authlib/authlib/oauth2/rfc8414/models.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc8414/models.pyi @@ -1,7 +1,7 @@ from _typeshed import Incomplete class AuthorizationServerMetadata(dict[str, object]): - REGISTRY_KEYS: Incomplete + REGISTRY_KEYS: list[str] def validate_issuer(self) -> None: ... def validate_authorization_endpoint(self) -> None: ... def validate_token_endpoint(self) -> None: ... @@ -34,7 +34,8 @@ class AuthorizationServerMetadata(dict[str, object]): def revocation_endpoint_auth_methods_supported(self): ... @property def introspection_endpoint_auth_methods_supported(self): ... - def validate(self) -> None: ... + def validate(self, metadata_classes: list[type[Incomplete]] | None = None) -> None: ... def __getattr__(self, key): ... def validate_array_value(metadata, key) -> None: ... +def validate_boolean_value(metadata, key) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi index e68d1ba20a90..d91f4321a212 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi @@ -1,13 +1,12 @@ +from collections.abc import Callable + from authlib.jose import JWTClaims +# Inherits from joserfc.jwt.JWTClaimsRegistry +class JWTAccessTokenClaimsValidator: + def validate_auth_time(self, auth_time) -> None: ... + def validate_amr(self, amr) -> None: ... + class JWTAccessTokenClaims(JWTClaims): - def validate(self, *, now=None, leeway: int = 0) -> None: ... # type: ignore[override] - def validate_typ(self) -> None: ... - def validate_client_id(self): ... - def validate_auth_time(self) -> None: ... - def validate_acr(self): ... - def validate_amr(self) -> None: ... - def validate_scope(self): ... - def validate_groups(self): ... - def validate_roles(self): ... - def validate_entitlements(self): ... + registry_cls = JWTAccessTokenClaimsValidator + def validate(self, *, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ... # type: ignore[override] diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/introspection.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/introspection.pyi index 2187442f8f87..c54599bf0a83 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9068/introspection.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9068/introspection.pyi @@ -1,13 +1,14 @@ from _typeshed import Incomplete -from authlib.oauth2.rfc7662 import IntrospectionEndpoint +from ..rfc7662 import IntrospectionEndpoint +from .claims import JWTAccessTokenClaims class JWTIntrospectionEndpoint(IntrospectionEndpoint): ENDPOINT_NAME: str issuer: Incomplete def __init__(self, issuer, server=None, *args, **kwargs) -> None: ... def create_endpoint_response(self, request): ... - def authenticate_token(self, request, client): ... - def create_introspection_payload(self, token): ... + def authenticate_token(self, request, client) -> JWTAccessTokenClaims | None: ... + def create_introspection_payload(self, token: JWTAccessTokenClaims) -> dict[str, Incomplete]: ... def get_jwks(self): ... def get_username(self, user_id: str) -> str: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/token.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/token.pyi index 9f6f310ea3d8..6ef3b9c2d46d 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9068/token.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9068/token.pyi @@ -14,4 +14,4 @@ class JWTBearerTokenGenerator(BearerTokenGenerator): def get_amr(self, user) -> list[str] | None: ... def get_jti(self, client, grant_type, user, scope) -> str: ... # Override seems safe, but mypy doesn't like that it's a callabe protocol in the base - def access_token_generator(self, client, grant_type, user, scope): ... # type: ignore[override] + def access_token_generator(self, client, grant_type, user, scope) -> str: ... # type: ignore[override] diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/token_validator.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/token_validator.pyi index fe6d9f9edfb8..c893ec9349f1 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9068/token_validator.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9068/token_validator.pyi @@ -1,6 +1,8 @@ from _typeshed import Incomplete -from authlib.oauth2.rfc6750 import BearerTokenValidator +from authlib.oauth2.rfc6750.validator import BearerTokenValidator + +from .claims import JWTAccessTokenClaims class JWTBearerTokenValidator(BearerTokenValidator): issuer: Incomplete @@ -8,5 +10,7 @@ class JWTBearerTokenValidator(BearerTokenValidator): def __init__(self, issuer, resource_server, *args, **kwargs) -> None: ... def get_jwks(self): ... def validate_iss(self, claims, iss: str) -> bool: ... - def authenticate_token(self, token_string): ... - def validate_token(self, token, scopes, request, groups=None, roles=None, entitlements=None) -> None: ... + def authenticate_token(self, token_string) -> JWTAccessTokenClaims: ... + def validate_token( + self, token: JWTAccessTokenClaims, scopes, request, groups=None, roles=None, entitlements=None + ) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi b/stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi index c889ee7b2f93..5461a00b654c 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9101/authorization_server.pyi @@ -4,12 +4,14 @@ from ..rfc6749 import AuthorizationServer, ClientMixin from ..rfc6749.requests import OAuth2Request class JWTAuthenticationRequest: + claims_validator: Incomplete support_request: bool support_request_uri: bool def __init__(self, support_request: bool = True, support_request_uri: bool = True) -> None: ... def __call__(self, authorization_server: AuthorizationServer) -> None: ... + def get_request_object_signing_algorithms(self, client) -> list[str]: ... def parse_authorization_request(self, authorization_server: AuthorizationServer, request: OAuth2Request) -> None: ... def get_request_object(self, request_uri: str): ... - def resolve_client_public_keys(self, client: ClientMixin): ... + def resolve_client_public_key(self, client: ClientMixin): ... def get_server_metadata(self) -> dict[str, Incomplete]: ... def get_client_require_signed_request_object(self, client: ClientMixin) -> bool: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi b/stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi index f4c742554cb5..66af83e065b4 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9101/registration.pyi @@ -1,5 +1,7 @@ +from collections.abc import Callable + from authlib.jose import BaseClaims class ClientMetadataClaims(BaseClaims): - def validate(self) -> None: ... + def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ... def validate_require_signed_request_object(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi index f0d14fa1c1f4..559a1c9263f4 100644 --- a/stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi +++ b/stubs/Authlib/authlib/oauth2/rfc9207/__init__.pyi @@ -1,3 +1,4 @@ +from .discovery import AuthorizationServerMetadata as AuthorizationServerMetadata from .parameter import IssuerParameter as IssuerParameter -__all__ = ["IssuerParameter"] +__all__ = ["AuthorizationServerMetadata", "IssuerParameter"] diff --git a/stubs/Authlib/authlib/oauth2/rfc9207/discovery.pyi b/stubs/Authlib/authlib/oauth2/rfc9207/discovery.pyi new file mode 100644 index 000000000000..654d2d31e28a --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9207/discovery.pyi @@ -0,0 +1,5 @@ +from _typeshed import Incomplete + +class AuthorizationServerMetadata(dict[str, Incomplete]): + REGISTRY_KEYS: list[str] + def validate_authorization_response_iss_parameter_supported(self) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/core/claims.pyi b/stubs/Authlib/authlib/oidc/core/claims.pyi index 2a2f9f47abc3..af8116ecefc3 100644 --- a/stubs/Authlib/authlib/oidc/core/claims.pyi +++ b/stubs/Authlib/authlib/oidc/core/claims.pyi @@ -1,13 +1,14 @@ +from collections.abc import Callable + from authlib.jose import JWTClaims __all__ = ["IDToken", "CodeIDToken", "ImplicitIDToken", "HybridIDToken", "UserInfo", "get_claim_cls_by_response_type"] class IDToken(JWTClaims): ESSENTIAL_CLAIMS: list[str] - def validate(self, now=None, leeway: int = 0) -> None: ... + def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ... def validate_auth_time(self) -> None: ... def validate_nonce(self) -> None: ... - def validate_acr(self): ... def validate_amr(self) -> None: ... def validate_azp(self) -> None: ... def validate_at_hash(self) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/_legacy.pyi b/stubs/Authlib/authlib/oidc/core/grants/_legacy.pyi new file mode 100644 index 000000000000..ba67813c9836 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/grants/_legacy.pyi @@ -0,0 +1,11 @@ +from _typeshed import Incomplete + +from authlib.oauth2 import OAuth2Request + +class LegacyMixin: + DEFAULT_EXPIRES_IN: int + def resolve_client_private_key(self, client): ... + def get_client_algorithm(self, client): ... + def get_client_claims(self, client) -> dict[str, Incomplete]: ... + def get_encode_header(self, client) -> dict[str, Incomplete]: ... + def get_compatible_claims(self, request: OAuth2Request) -> dict[str, Incomplete]: ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/code.pyi b/stubs/Authlib/authlib/oidc/core/grants/code.pyi index 69b48d93c5fe..6c29a87897f2 100644 --- a/stubs/Authlib/authlib/oidc/core/grants/code.pyi +++ b/stubs/Authlib/authlib/oidc/core/grants/code.pyi @@ -1,17 +1,20 @@ +from _typeshed import Incomplete from logging import Logger from authlib.oauth2 import OAuth2Request -from authlib.oauth2.client import OAuth2Client from authlib.oauth2.rfc6749 import BaseGrant from authlib.oidc.core import UserInfo +from ..models import AuthorizationCodeMixin +from ._legacy import LegacyMixin + log: Logger -class OpenIDToken: - def get_jwt_config(self, grant: BaseGrant, client: OAuth2Client) -> dict[str, str | int]: ... +class OpenIDToken(LegacyMixin): + def get_authorization_code_claims(self, authorization_code: AuthorizationCodeMixin) -> dict[str, Incomplete]: ... def generate_user_info(self, user, scope: str) -> UserInfo: ... - def get_audiences(self, request: OAuth2Request) -> list[str]: ... - def process_token(self, grant: BaseGrant, response) -> dict[str, str | int]: ... + def encode_id_token(self, token, request: OAuth2Request) -> str: ... + def process_token(self, grant: BaseGrant, response) -> dict[str, Incomplete]: ... def __call__(self, grant: BaseGrant) -> None: ... class OpenIDCode(OpenIDToken): diff --git a/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi b/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi index 73be6e936141..959a688b0e35 100644 --- a/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi +++ b/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi @@ -1,21 +1,21 @@ from _typeshed import Incomplete from logging import Logger -from authlib.oauth2.client import OAuth2Client from authlib.oauth2.rfc6749 import ImplicitGrant from authlib.oidc.core import UserInfo +from ._legacy import LegacyMixin + log: Logger -class OpenIDImplicitGrant(ImplicitGrant): +class OpenIDImplicitGrant(LegacyMixin, ImplicitGrant): RESPONSE_TYPES: Incomplete DEFAULT_RESPONSE_MODE: str def exists_nonce(self, nonce, request) -> bool: ... - def get_jwt_config(self, client: OAuth2Client) -> dict[str, Incomplete]: ... def generate_user_info(self, user, scope) -> UserInfo: ... def get_audiences(self, request) -> list[Incomplete]: ... def validate_authorization_request(self) -> str: ... def validate_consent_request(self) -> str: ... def create_authorization_response(self, redirect_uri, grant_user): ... - def create_granted_params(self, grant_user): ... + def create_granted_params(self, grant_user) -> list[tuple[str, Incomplete]]: ... def process_implicit_token(self, token, code=None): ... diff --git a/stubs/Authlib/authlib/oidc/core/userinfo.pyi b/stubs/Authlib/authlib/oidc/core/userinfo.pyi index 0bec9bda3dd9..cf3bf956cba3 100644 --- a/stubs/Authlib/authlib/oidc/core/userinfo.pyi +++ b/stubs/Authlib/authlib/oidc/core/userinfo.pyi @@ -12,7 +12,8 @@ class UserInfoEndpoint: self, server: AuthorizationServer | None = None, resource_protector: ResourceProtector | None = None ) -> None: ... def create_endpoint_request(self, request: OAuth2Request) -> OAuth2Request: ... - def __call__(self, request: OAuth2Request) -> tuple[int, dict[str, str | None], list[tuple[str, str]]]: ... + def __call__(self, request: OAuth2Request) -> tuple[int, str | UserInfo, list[tuple[str, str]]]: ... + def get_supported_algorithms(self) -> list[str]: ... def generate_user_info(self, user, scope: str) -> UserInfo: ... def get_issuer(self) -> str: ... def resolve_private_key(self): ... diff --git a/stubs/Authlib/authlib/oidc/registration/claims.pyi b/stubs/Authlib/authlib/oidc/registration/claims.pyi index f2dd67de8278..5327d0704d7e 100644 --- a/stubs/Authlib/authlib/oidc/registration/claims.pyi +++ b/stubs/Authlib/authlib/oidc/registration/claims.pyi @@ -1,10 +1,10 @@ from _typeshed import Incomplete -from collections.abc import Mapping +from collections.abc import Callable, Mapping from authlib.jose import BaseClaims class ClientMetadataClaims(BaseClaims): - def validate(self) -> None: ... + def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ... # The "cls" argument is called "self" in the actual implementation, # but stubtest will not allow that. @classmethod diff --git a/stubs/Authlib/authlib/oidc/rpinitiated/__init__.pyi b/stubs/Authlib/authlib/oidc/rpinitiated/__init__.pyi new file mode 100644 index 000000000000..1da8effafddf --- /dev/null +++ b/stubs/Authlib/authlib/oidc/rpinitiated/__init__.pyi @@ -0,0 +1,5 @@ +from .discovery import OpenIDProviderMetadata as OpenIDProviderMetadata +from .end_session import EndSessionEndpoint as EndSessionEndpoint, EndSessionRequest as EndSessionRequest +from .registration import ClientMetadataClaims as ClientMetadataClaims + +__all__ = ["EndSessionEndpoint", "EndSessionRequest", "ClientMetadataClaims", "OpenIDProviderMetadata"] diff --git a/stubs/Authlib/authlib/oidc/rpinitiated/discovery.pyi b/stubs/Authlib/authlib/oidc/rpinitiated/discovery.pyi new file mode 100644 index 000000000000..b492c7e6654a --- /dev/null +++ b/stubs/Authlib/authlib/oidc/rpinitiated/discovery.pyi @@ -0,0 +1,5 @@ +from _typeshed import Incomplete + +class OpenIDProviderMetadata(dict[str, Incomplete]): + REGISTRY_KEYS: list[str] + def validate_end_session_endpoint(self) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/rpinitiated/end_session.pyi b/stubs/Authlib/authlib/oidc/rpinitiated/end_session.pyi new file mode 100644 index 000000000000..275c5cb119b0 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/rpinitiated/end_session.pyi @@ -0,0 +1,27 @@ +from _typeshed import Incomplete +from dataclasses import dataclass +from typing import Any + +from authlib.oauth2.rfc6749.endpoint import Endpoint, EndpointRequest +from authlib.oauth2.rfc6749.requests import OAuth2Request + +@dataclass +class EndSessionRequest(EndpointRequest): + id_token_claims: dict[Incomplete, Incomplete] | None = None + redirect_uri: str | None = None + logout_hint: str | None = None + ui_locales: str | None = None + @property + def needs_confirmation(self) -> bool: ... + +class EndSessionEndpoint(Endpoint): + ENDPOINT_NAME: str + def validate_request(self, request: OAuth2Request) -> EndSessionRequest: ... + def create_response(self, validated_request: EndSessionRequest) -> tuple[int, Any, list[tuple[str, str]]] | None: ... # type: ignore[override] + def resolve_client_from_id_token_claims(self, id_token_claims: dict[Incomplete, Incomplete]) -> Any | None: ... + def is_post_logout_redirect_uri_legitimate( + self, request: OAuth2Request, post_logout_redirect_uri: str, client, logout_hint: str | None + ) -> bool: ... + def get_server_jwks(self): ... + def get_algorithms(self) -> list[str]: ... + def end_session(self, end_session_request: EndSessionRequest) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/rpinitiated/registration.pyi b/stubs/Authlib/authlib/oidc/rpinitiated/registration.pyi new file mode 100644 index 000000000000..6fe844ac1df3 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/rpinitiated/registration.pyi @@ -0,0 +1,7 @@ +from collections.abc import Callable + +from authlib.oauth2.claims import BaseClaims + +class ClientMetadataClaims(BaseClaims): + REGISTERED_CLAIMS: list[str] + def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ...