Authlib (v2) (#13140)

Co-authored-by: Brian Villemarette <[email protected]>
Co-authored-by: Jelle Zijlstra <[email protected]>

pyrightconfig.stricter.json

@@ -30,6 +30,7 @@
         "stdlib/xml/sax",
         "stubs/aiofiles/aiofiles/tempfile/temptypes.pyi",
         "stubs/antlr4-python3-runtime",
+        "stubs/Authlib",
         "stubs/aws-xray-sdk",
         "stubs/beautifulsoup4",
         "stubs/bleach/bleach/sanitizer.pyi",

stubs/Authlib/@tests/stubtest_allowlist.txt

@@ -0,0 +1,36 @@
+authlib.jose.ECKey.PRIVATE_KEY_CLS
+authlib.jose.ECKey.PUBLIC_KEY_CLS
+authlib.jose.RSAKey.PRIVATE_KEY_CLS
+authlib.jose.RSAKey.PUBLIC_KEY_CLS
+authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.description
+authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.name
+authlib.jose.drafts._jwe_enc_cryptodome
+authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.description
+authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.name
+authlib.jose.rfc7518.ECDHESAlgorithm.description
+authlib.jose.rfc7518.ECDHESAlgorithm.name
+authlib.jose.rfc7518.ECKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.ECKey.PUBLIC_KEY_CLS
+authlib.jose.rfc7518.RSAKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.RSAKey.PUBLIC_KEY_CLS
+authlib.jose.rfc7518.ec_key.ECKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.ec_key.ECKey.PUBLIC_KEY_CLS
+authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.description
+authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.name
+authlib.jose.rfc7518.rsa_key.RSAKey.PRIVATE_KEY_CLS
+authlib.jose.rfc7518.rsa_key.RSAKey.PUBLIC_KEY_CLS
+authlib.oauth2.OAuth2Client.client_auth_class
+authlib.oauth2.OAuth2Client.oauth_error_class
+authlib.oauth2.OAuth2Client.token_auth_class
+authlib.oauth2.client.OAuth2Client.client_auth_class
+authlib.oauth2.client.OAuth2Client.oauth_error_class
+authlib.oauth2.client.OAuth2Client.token_auth_class
+authlib.oauth2.rfc7521.AssertionClient.oauth_error_class
+authlib.oauth2.rfc7521.client.AssertionClient.oauth_error_class
+authlib.oauth2.rfc7523.JWTBearerTokenValidator.token_cls
+authlib.oauth2.rfc7523.validator.JWTBearerTokenValidator.token_cls
+authlib.oauth2.rfc7591.ClientRegistrationEndpoint.claims_class
+authlib.oauth2.rfc7591.endpoint.ClientRegistrationEndpoint.claims_class
+authlib.oauth2.rfc7592.ClientConfigurationEndpoint.claims_class
+authlib.oauth2.rfc7592.endpoint.ClientConfigurationEndpoint.claims_class
+authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate

stubs/Authlib/METADATA.toml

@@ -0,0 +1,7 @@
+version = "1.3.*"
+upstream_repository = "https://github.com/lepture/authlib"
+requires = ["cryptography"]
+partial_stub = true
+
+[tool.stubtest]
+ignore_missing_stub = true

stubs/Authlib/authlib/__init__.pyi

@@ -0,0 +1,4 @@
+from .consts import homepage, version
+
+__version__ = version
+__homepage__ = homepage

stubs/Authlib/authlib/common/encoding.pyi

@@ -0,0 +1,10 @@
+def to_bytes(x, charset: str = "utf-8", errors: str = "strict") -> bytes | None: ...
+def to_unicode(x, charset: str = "utf-8", errors: str = "strict") -> str | None: ...
+def to_native(x, encoding: str = "ascii"): ...
+def json_loads(s): ...
+def json_dumps(data, ensure_ascii: bool = False): ...
+def urlsafe_b64decode(s): ...
+def urlsafe_b64encode(s): ...
+def base64_to_int(s): ...
+def int_to_base64(num): ...
+def json_b64encode(text): ...

stubs/Authlib/authlib/common/errors.pyi

@@ -0,0 +1,26 @@
+from _typeshed import Incomplete
+
+class AuthlibBaseError(Exception):
+    error: Incomplete
+    description: str
+    uri: Incomplete
+    def __init__(
+        self, error: Incomplete | None = None, description: Incomplete | None = None, uri: Incomplete | None = None
+    ) -> None: ...
+
+class AuthlibHTTPError(AuthlibBaseError):
+    status_code: int
+    def __init__(
+        self,
+        error: Incomplete | None = None,
+        description: Incomplete | None = None,
+        uri: Incomplete | None = None,
+        status_code: Incomplete | None = None,
+    ) -> None: ...
+    def get_error_description(self): ...
+    def get_body(self): ...
+    def get_headers(self): ...
+    uri: Incomplete
+    def __call__(self, uri: Incomplete | None = None): ...
+
+class ContinueIteration(AuthlibBaseError): ...

stubs/Authlib/authlib/common/security.pyi

@@ -0,0 +1,4 @@
+UNICODE_ASCII_CHARACTER_SET: str
+
+def generate_token(length: int = 30, chars: str = ...) -> str: ...
+def is_secure_transport(uri: str) -> bool: ...

stubs/Authlib/authlib/common/urls.pyi

@@ -0,0 +1,19 @@
+from collections.abc import Collection
+from re import Pattern
+from typing_extensions import TypeAlias
+
+always_safe: str
+urlencoded: Collection[str]
+INVALID_HEX_PATTERN: Pattern[str]
+
+_ExplodedQueryString: TypeAlias = list[tuple[str, str]]
+
+def url_encode(params: _ExplodedQueryString) -> str: ...
+def url_decode(query: str) -> _ExplodedQueryString: ...
+def add_params_to_qs(query: str, params: _ExplodedQueryString) -> str: ...
+def add_params_to_uri(uri: str, params: _ExplodedQueryString, fragment: bool = False): ...
+def quote(s: str, safe: bytes = b"/") -> str: ...
+def unquote(s: str) -> str: ...
+def quote_url(s: str) -> str: ...
+def extract_params(raw: dict[str, str] | _ExplodedQueryString) -> _ExplodedQueryString: ...
+def is_valid_url(url: str) -> bool: ...

stubs/Authlib/authlib/consts.pyi

@@ -0,0 +1,8 @@
+from _typeshed import Incomplete
+
+name: str
+version: str
+author: str
+homepage: str
+default_user_agent: Incomplete
+default_json_headers: Incomplete

stubs/Authlib/authlib/deprecate.pyi

@@ -0,0 +1,7 @@
+from _typeshed import Incomplete
+
+class AuthlibDeprecationWarning(DeprecationWarning): ...
+
+def deprecate(
+    message, version: Incomplete | None = None, link_uid: Incomplete | None = None, link_file: Incomplete | None = None
+) -> None: ...

stubs/Authlib/authlib/integrations/base_client/__init__.pyi

@@ -0,0 +1,29 @@
+from .errors import (
+    InvalidTokenError as InvalidTokenError,
+    MismatchingStateError as MismatchingStateError,
+    MissingRequestTokenError as MissingRequestTokenError,
+    MissingTokenError as MissingTokenError,
+    OAuthError as OAuthError,
+    TokenExpiredError as TokenExpiredError,
+    UnsupportedTokenTypeError as UnsupportedTokenTypeError,
+)
+from .framework_integration import FrameworkIntegration as FrameworkIntegration
+from .registry import BaseOAuth as BaseOAuth
+from .sync_app import BaseApp as BaseApp, OAuth1Mixin as OAuth1Mixin, OAuth2Mixin as OAuth2Mixin
+from .sync_openid import OpenIDMixin as OpenIDMixin
+
+__all__ = [
+    "BaseOAuth",
+    "BaseApp",
+    "OAuth1Mixin",
+    "OAuth2Mixin",
+    "OpenIDMixin",
+    "FrameworkIntegration",
+    "OAuthError",
+    "MissingRequestTokenError",
+    "MissingTokenError",
+    "TokenExpiredError",
+    "InvalidTokenError",
+    "UnsupportedTokenTypeError",
+    "MismatchingStateError",
+]

stubs/Authlib/authlib/integrations/base_client/async_app.pyi

@@ -0,0 +1,16 @@
+from _typeshed import Incomplete
+
+from authlib.integrations.base_client.sync_app import OAuth1Base, OAuth2Base
+
+__all__ = ["AsyncOAuth1Mixin", "AsyncOAuth2Mixin"]
+
+class AsyncOAuth1Mixin(OAuth1Base):
+    async def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    async def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    async def fetch_access_token(self, request_token: Incomplete | None = None, **kwargs): ...
+
+class AsyncOAuth2Mixin(OAuth2Base):
+    async def load_server_metadata(self): ...
+    async def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    async def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    async def fetch_access_token(self, redirect_uri: Incomplete | None = None, **kwargs): ...

stubs/Authlib/authlib/integrations/base_client/async_openid.pyi

@@ -0,0 +1,8 @@
+from _typeshed import Incomplete
+
+__all__ = ["AsyncOpenIDMixin"]
+
+class AsyncOpenIDMixin:
+    async def fetch_jwk_set(self, force: bool = False): ...
+    async def userinfo(self, **kwargs): ...
+    async def parse_id_token(self, token, nonce, claims_options: Incomplete | None = None): ...

stubs/Authlib/authlib/integrations/base_client/errors.pyi

@@ -0,0 +1,23 @@
+from authlib.common.errors import AuthlibBaseError
+
+class OAuthError(AuthlibBaseError):
+    error: str
+
+class MissingRequestTokenError(OAuthError):
+    error: str
+
+class MissingTokenError(OAuthError):
+    error: str
+
+class TokenExpiredError(OAuthError):
+    error: str
+
+class InvalidTokenError(OAuthError):
+    error: str
+
+class UnsupportedTokenTypeError(OAuthError):
+    error: str
+
+class MismatchingStateError(OAuthError):
+    error: str
+    description: str

stubs/Authlib/authlib/integrations/base_client/framework_integration.pyi

@@ -0,0 +1,13 @@
+from _typeshed import Incomplete
+
+class FrameworkIntegration:
+    expires_in: int
+    name: Incomplete
+    cache: Incomplete
+    def __init__(self, name, cache: Incomplete | None = None) -> None: ...
+    def get_state_data(self, session, state): ...
+    def set_state_data(self, session, state, data): ...
+    def clear_state_data(self, session, state): ...
+    def update_token(self, token, refresh_token: Incomplete | None = None, access_token: Incomplete | None = None) -> None: ...
+    @staticmethod
+    def load_config(oauth, name, params) -> None: ...

stubs/Authlib/authlib/integrations/base_client/registry.pyi

@@ -0,0 +1,21 @@
+from _typeshed import Incomplete
+
+from authlib.integrations.base_client import FrameworkIntegration
+
+__all__ = ["BaseOAuth"]
+
+class BaseOAuth:
+    oauth1_client_cls: Incomplete
+    oauth2_client_cls: Incomplete
+    framework_integration_cls: type[FrameworkIntegration] = ...
+    cache: Incomplete
+    fetch_token: Incomplete
+    update_token: Incomplete
+    def __init__(
+        self, cache: Incomplete | None = None, fetch_token: Incomplete | None = None, update_token: Incomplete | None = None
+    ) -> None: ...
+    def create_client(self, name): ...
+    def register(self, name, overwrite: bool = False, **kwargs): ...
+    def generate_client_kwargs(self, name, overwrite, **kwargs): ...
+    def load_config(self, name, params): ...
+    def __getattr__(self, key): ...

stubs/Authlib/authlib/integrations/base_client/sync_app.pyi

@@ -0,0 +1,93 @@
+from _typeshed import Incomplete
+
+class BaseApp:
+    client_cls: Incomplete
+    OAUTH_APP_CONFIG: Incomplete
+    def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    def get(self, url, **kwargs): ...
+    def post(self, url, **kwargs): ...
+    def patch(self, url, **kwargs): ...
+    def put(self, url, **kwargs): ...
+    def delete(self, url, **kwargs): ...
+
+class _RequestMixin: ...
+
+class OAuth1Base:
+    client_cls: Incomplete
+    framework: Incomplete
+    name: Incomplete
+    client_id: Incomplete
+    client_secret: Incomplete
+    request_token_url: Incomplete
+    request_token_params: Incomplete
+    access_token_url: Incomplete
+    access_token_params: Incomplete
+    authorize_url: Incomplete
+    authorize_params: Incomplete
+    api_base_url: Incomplete
+    client_kwargs: Incomplete
+    def __init__(
+        self,
+        framework,
+        name: Incomplete | None = None,
+        fetch_token: Incomplete | None = None,
+        client_id: Incomplete | None = None,
+        client_secret: Incomplete | None = None,
+        request_token_url: Incomplete | None = None,
+        request_token_params: Incomplete | None = None,
+        access_token_url: Incomplete | None = None,
+        access_token_params: Incomplete | None = None,
+        authorize_url: Incomplete | None = None,
+        authorize_params: Incomplete | None = None,
+        api_base_url: Incomplete | None = None,
+        client_kwargs: Incomplete | None = None,
+        user_agent: Incomplete | None = None,
+        **kwargs,
+    ) -> None: ...
+
+class OAuth1Mixin(_RequestMixin, OAuth1Base):
+    def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    def fetch_access_token(self, request_token: Incomplete | None = None, **kwargs): ...
+
+class OAuth2Base:
+    client_cls: Incomplete
+    framework: Incomplete
+    name: Incomplete
+    client_id: Incomplete
+    client_secret: Incomplete
+    access_token_url: Incomplete
+    access_token_params: Incomplete
+    authorize_url: Incomplete
+    authorize_params: Incomplete
+    api_base_url: Incomplete
+    client_kwargs: Incomplete
+    compliance_fix: Incomplete
+    client_auth_methods: Incomplete
+    server_metadata: Incomplete
+    def __init__(
+        self,
+        framework,
+        name: Incomplete | None = None,
+        fetch_token: Incomplete | None = None,
+        update_token: Incomplete | None = None,
+        client_id: Incomplete | None = None,
+        client_secret: Incomplete | None = None,
+        access_token_url: Incomplete | None = None,
+        access_token_params: Incomplete | None = None,
+        authorize_url: Incomplete | None = None,
+        authorize_params: Incomplete | None = None,
+        api_base_url: Incomplete | None = None,
+        client_kwargs: Incomplete | None = None,
+        server_metadata_url: Incomplete | None = None,
+        compliance_fix: Incomplete | None = None,
+        client_auth_methods: Incomplete | None = None,
+        user_agent: Incomplete | None = None,
+        **kwargs,
+    ) -> None: ...
+
+class OAuth2Mixin(_RequestMixin, OAuth2Base):
+    def request(self, method, url, token: Incomplete | None = None, **kwargs): ...
+    def load_server_metadata(self): ...
+    def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ...
+    def fetch_access_token(self, redirect_uri: Incomplete | None = None, **kwargs): ...

stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi

@@ -0,0 +1,7 @@
+from _typeshed import Incomplete
+
+class OpenIDMixin:
+    def fetch_jwk_set(self, force: bool = False): ...
+    def userinfo(self, **kwargs): ...
+    def parse_id_token(self, token, nonce, claims_options: Incomplete | None = None, leeway: int = 120): ...
+    def create_load_key(self): ...