diff --git a/pyrightconfig.stricter.json b/pyrightconfig.stricter.json index be0163441020..fc50701ac54a 100644 --- a/pyrightconfig.stricter.json +++ b/pyrightconfig.stricter.json @@ -30,6 +30,7 @@ "stdlib/xml/sax", "stubs/aiofiles/aiofiles/tempfile/temptypes.pyi", "stubs/antlr4-python3-runtime", + "stubs/Authlib", "stubs/aws-xray-sdk", "stubs/beautifulsoup4", "stubs/bleach/bleach/sanitizer.pyi", diff --git a/stubs/Authlib/@tests/stubtest_allowlist.txt b/stubs/Authlib/@tests/stubtest_allowlist.txt new file mode 100644 index 000000000000..a28af110d1af --- /dev/null +++ b/stubs/Authlib/@tests/stubtest_allowlist.txt @@ -0,0 +1,36 @@ +authlib.jose.ECKey.PRIVATE_KEY_CLS +authlib.jose.ECKey.PUBLIC_KEY_CLS +authlib.jose.RSAKey.PRIVATE_KEY_CLS +authlib.jose.RSAKey.PUBLIC_KEY_CLS +authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.description +authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.name +authlib.jose.drafts._jwe_enc_cryptodome +authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.description +authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.name +authlib.jose.rfc7518.ECDHESAlgorithm.description +authlib.jose.rfc7518.ECDHESAlgorithm.name +authlib.jose.rfc7518.ECKey.PRIVATE_KEY_CLS +authlib.jose.rfc7518.ECKey.PUBLIC_KEY_CLS +authlib.jose.rfc7518.RSAKey.PRIVATE_KEY_CLS +authlib.jose.rfc7518.RSAKey.PUBLIC_KEY_CLS +authlib.jose.rfc7518.ec_key.ECKey.PRIVATE_KEY_CLS +authlib.jose.rfc7518.ec_key.ECKey.PUBLIC_KEY_CLS +authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.description +authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.name +authlib.jose.rfc7518.rsa_key.RSAKey.PRIVATE_KEY_CLS +authlib.jose.rfc7518.rsa_key.RSAKey.PUBLIC_KEY_CLS +authlib.oauth2.OAuth2Client.client_auth_class +authlib.oauth2.OAuth2Client.oauth_error_class +authlib.oauth2.OAuth2Client.token_auth_class +authlib.oauth2.client.OAuth2Client.client_auth_class +authlib.oauth2.client.OAuth2Client.oauth_error_class +authlib.oauth2.client.OAuth2Client.token_auth_class +authlib.oauth2.rfc7521.AssertionClient.oauth_error_class +authlib.oauth2.rfc7521.client.AssertionClient.oauth_error_class +authlib.oauth2.rfc7523.JWTBearerTokenValidator.token_cls +authlib.oauth2.rfc7523.validator.JWTBearerTokenValidator.token_cls +authlib.oauth2.rfc7591.ClientRegistrationEndpoint.claims_class +authlib.oauth2.rfc7591.endpoint.ClientRegistrationEndpoint.claims_class +authlib.oauth2.rfc7592.ClientConfigurationEndpoint.claims_class +authlib.oauth2.rfc7592.endpoint.ClientConfigurationEndpoint.claims_class +authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate diff --git a/stubs/Authlib/METADATA.toml b/stubs/Authlib/METADATA.toml new file mode 100644 index 000000000000..f194722e0083 --- /dev/null +++ b/stubs/Authlib/METADATA.toml @@ -0,0 +1,7 @@ +version = "1.3.*" +upstream_repository = "https://github.com/lepture/authlib" +requires = ["cryptography"] +partial_stub = true + +[tool.stubtest] +ignore_missing_stub = true diff --git a/stubs/Authlib/authlib/__init__.pyi b/stubs/Authlib/authlib/__init__.pyi new file mode 100644 index 000000000000..d1c285f4e6d6 --- /dev/null +++ b/stubs/Authlib/authlib/__init__.pyi @@ -0,0 +1,4 @@ +from .consts import homepage, version + +__version__ = version +__homepage__ = homepage diff --git a/stubs/Authlib/authlib/common/__init__.pyi b/stubs/Authlib/authlib/common/__init__.pyi new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/stubs/Authlib/authlib/common/encoding.pyi b/stubs/Authlib/authlib/common/encoding.pyi new file mode 100644 index 000000000000..e76f84f033e8 --- /dev/null +++ b/stubs/Authlib/authlib/common/encoding.pyi @@ -0,0 +1,10 @@ +def to_bytes(x, charset: str = "utf-8", errors: str = "strict") -> bytes | None: ... +def to_unicode(x, charset: str = "utf-8", errors: str = "strict") -> str | None: ... +def to_native(x, encoding: str = "ascii"): ... +def json_loads(s): ... +def json_dumps(data, ensure_ascii: bool = False): ... +def urlsafe_b64decode(s): ... +def urlsafe_b64encode(s): ... +def base64_to_int(s): ... +def int_to_base64(num): ... +def json_b64encode(text): ... diff --git a/stubs/Authlib/authlib/common/errors.pyi b/stubs/Authlib/authlib/common/errors.pyi new file mode 100644 index 000000000000..89a45b2d9b4a --- /dev/null +++ b/stubs/Authlib/authlib/common/errors.pyi @@ -0,0 +1,26 @@ +from _typeshed import Incomplete + +class AuthlibBaseError(Exception): + error: Incomplete + description: str + uri: Incomplete + def __init__( + self, error: Incomplete | None = None, description: Incomplete | None = None, uri: Incomplete | None = None + ) -> None: ... + +class AuthlibHTTPError(AuthlibBaseError): + status_code: int + def __init__( + self, + error: Incomplete | None = None, + description: Incomplete | None = None, + uri: Incomplete | None = None, + status_code: Incomplete | None = None, + ) -> None: ... + def get_error_description(self): ... + def get_body(self): ... + def get_headers(self): ... + uri: Incomplete + def __call__(self, uri: Incomplete | None = None): ... + +class ContinueIteration(AuthlibBaseError): ... diff --git a/stubs/Authlib/authlib/common/security.pyi b/stubs/Authlib/authlib/common/security.pyi new file mode 100644 index 000000000000..d69563f0e0cb --- /dev/null +++ b/stubs/Authlib/authlib/common/security.pyi @@ -0,0 +1,4 @@ +UNICODE_ASCII_CHARACTER_SET: str + +def generate_token(length: int = 30, chars: str = ...) -> str: ... +def is_secure_transport(uri: str) -> bool: ... diff --git a/stubs/Authlib/authlib/common/urls.pyi b/stubs/Authlib/authlib/common/urls.pyi new file mode 100644 index 000000000000..1d9bffd42459 --- /dev/null +++ b/stubs/Authlib/authlib/common/urls.pyi @@ -0,0 +1,19 @@ +from collections.abc import Collection +from re import Pattern +from typing_extensions import TypeAlias + +always_safe: str +urlencoded: Collection[str] +INVALID_HEX_PATTERN: Pattern[str] + +_ExplodedQueryString: TypeAlias = list[tuple[str, str]] + +def url_encode(params: _ExplodedQueryString) -> str: ... +def url_decode(query: str) -> _ExplodedQueryString: ... +def add_params_to_qs(query: str, params: _ExplodedQueryString) -> str: ... +def add_params_to_uri(uri: str, params: _ExplodedQueryString, fragment: bool = False): ... +def quote(s: str, safe: bytes = b"/") -> str: ... +def unquote(s: str) -> str: ... +def quote_url(s: str) -> str: ... +def extract_params(raw: dict[str, str] | _ExplodedQueryString) -> _ExplodedQueryString: ... +def is_valid_url(url: str) -> bool: ... diff --git a/stubs/Authlib/authlib/consts.pyi b/stubs/Authlib/authlib/consts.pyi new file mode 100644 index 000000000000..ab047d25406a --- /dev/null +++ b/stubs/Authlib/authlib/consts.pyi @@ -0,0 +1,8 @@ +from _typeshed import Incomplete + +name: str +version: str +author: str +homepage: str +default_user_agent: Incomplete +default_json_headers: Incomplete diff --git a/stubs/Authlib/authlib/deprecate.pyi b/stubs/Authlib/authlib/deprecate.pyi new file mode 100644 index 000000000000..c4c5a11b59ce --- /dev/null +++ b/stubs/Authlib/authlib/deprecate.pyi @@ -0,0 +1,7 @@ +from _typeshed import Incomplete + +class AuthlibDeprecationWarning(DeprecationWarning): ... + +def deprecate( + message, version: Incomplete | None = None, link_uid: Incomplete | None = None, link_file: Incomplete | None = None +) -> None: ... diff --git a/stubs/Authlib/authlib/integrations/__init__.pyi b/stubs/Authlib/authlib/integrations/__init__.pyi new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/stubs/Authlib/authlib/integrations/base_client/__init__.pyi b/stubs/Authlib/authlib/integrations/base_client/__init__.pyi new file mode 100644 index 000000000000..424bfdf05f60 --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/__init__.pyi @@ -0,0 +1,29 @@ +from .errors import ( + InvalidTokenError as InvalidTokenError, + MismatchingStateError as MismatchingStateError, + MissingRequestTokenError as MissingRequestTokenError, + MissingTokenError as MissingTokenError, + OAuthError as OAuthError, + TokenExpiredError as TokenExpiredError, + UnsupportedTokenTypeError as UnsupportedTokenTypeError, +) +from .framework_integration import FrameworkIntegration as FrameworkIntegration +from .registry import BaseOAuth as BaseOAuth +from .sync_app import BaseApp as BaseApp, OAuth1Mixin as OAuth1Mixin, OAuth2Mixin as OAuth2Mixin +from .sync_openid import OpenIDMixin as OpenIDMixin + +__all__ = [ + "BaseOAuth", + "BaseApp", + "OAuth1Mixin", + "OAuth2Mixin", + "OpenIDMixin", + "FrameworkIntegration", + "OAuthError", + "MissingRequestTokenError", + "MissingTokenError", + "TokenExpiredError", + "InvalidTokenError", + "UnsupportedTokenTypeError", + "MismatchingStateError", +] diff --git a/stubs/Authlib/authlib/integrations/base_client/async_app.pyi b/stubs/Authlib/authlib/integrations/base_client/async_app.pyi new file mode 100644 index 000000000000..e32e154bc1be --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/async_app.pyi @@ -0,0 +1,16 @@ +from _typeshed import Incomplete + +from authlib.integrations.base_client.sync_app import OAuth1Base, OAuth2Base + +__all__ = ["AsyncOAuth1Mixin", "AsyncOAuth2Mixin"] + +class AsyncOAuth1Mixin(OAuth1Base): + async def request(self, method, url, token: Incomplete | None = None, **kwargs): ... + async def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ... + async def fetch_access_token(self, request_token: Incomplete | None = None, **kwargs): ... + +class AsyncOAuth2Mixin(OAuth2Base): + async def load_server_metadata(self): ... + async def request(self, method, url, token: Incomplete | None = None, **kwargs): ... + async def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ... + async def fetch_access_token(self, redirect_uri: Incomplete | None = None, **kwargs): ... diff --git a/stubs/Authlib/authlib/integrations/base_client/async_openid.pyi b/stubs/Authlib/authlib/integrations/base_client/async_openid.pyi new file mode 100644 index 000000000000..1a18fe689f9d --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/async_openid.pyi @@ -0,0 +1,8 @@ +from _typeshed import Incomplete + +__all__ = ["AsyncOpenIDMixin"] + +class AsyncOpenIDMixin: + async def fetch_jwk_set(self, force: bool = False): ... + async def userinfo(self, **kwargs): ... + async def parse_id_token(self, token, nonce, claims_options: Incomplete | None = None): ... diff --git a/stubs/Authlib/authlib/integrations/base_client/errors.pyi b/stubs/Authlib/authlib/integrations/base_client/errors.pyi new file mode 100644 index 000000000000..0b5cfd7db6d3 --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/errors.pyi @@ -0,0 +1,23 @@ +from authlib.common.errors import AuthlibBaseError + +class OAuthError(AuthlibBaseError): + error: str + +class MissingRequestTokenError(OAuthError): + error: str + +class MissingTokenError(OAuthError): + error: str + +class TokenExpiredError(OAuthError): + error: str + +class InvalidTokenError(OAuthError): + error: str + +class UnsupportedTokenTypeError(OAuthError): + error: str + +class MismatchingStateError(OAuthError): + error: str + description: str diff --git a/stubs/Authlib/authlib/integrations/base_client/framework_integration.pyi b/stubs/Authlib/authlib/integrations/base_client/framework_integration.pyi new file mode 100644 index 000000000000..dbf68a324fda --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/framework_integration.pyi @@ -0,0 +1,13 @@ +from _typeshed import Incomplete + +class FrameworkIntegration: + expires_in: int + name: Incomplete + cache: Incomplete + def __init__(self, name, cache: Incomplete | None = None) -> None: ... + def get_state_data(self, session, state): ... + def set_state_data(self, session, state, data): ... + def clear_state_data(self, session, state): ... + def update_token(self, token, refresh_token: Incomplete | None = None, access_token: Incomplete | None = None) -> None: ... + @staticmethod + def load_config(oauth, name, params) -> None: ... diff --git a/stubs/Authlib/authlib/integrations/base_client/registry.pyi b/stubs/Authlib/authlib/integrations/base_client/registry.pyi new file mode 100644 index 000000000000..b9cd8de7ce6e --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/registry.pyi @@ -0,0 +1,21 @@ +from _typeshed import Incomplete + +from authlib.integrations.base_client import FrameworkIntegration + +__all__ = ["BaseOAuth"] + +class BaseOAuth: + oauth1_client_cls: Incomplete + oauth2_client_cls: Incomplete + framework_integration_cls: type[FrameworkIntegration] = ... + cache: Incomplete + fetch_token: Incomplete + update_token: Incomplete + def __init__( + self, cache: Incomplete | None = None, fetch_token: Incomplete | None = None, update_token: Incomplete | None = None + ) -> None: ... + def create_client(self, name): ... + def register(self, name, overwrite: bool = False, **kwargs): ... + def generate_client_kwargs(self, name, overwrite, **kwargs): ... + def load_config(self, name, params): ... + def __getattr__(self, key): ... diff --git a/stubs/Authlib/authlib/integrations/base_client/sync_app.pyi b/stubs/Authlib/authlib/integrations/base_client/sync_app.pyi new file mode 100644 index 000000000000..2497632afb47 --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/sync_app.pyi @@ -0,0 +1,93 @@ +from _typeshed import Incomplete + +class BaseApp: + client_cls: Incomplete + OAUTH_APP_CONFIG: Incomplete + def request(self, method, url, token: Incomplete | None = None, **kwargs): ... + def get(self, url, **kwargs): ... + def post(self, url, **kwargs): ... + def patch(self, url, **kwargs): ... + def put(self, url, **kwargs): ... + def delete(self, url, **kwargs): ... + +class _RequestMixin: ... + +class OAuth1Base: + client_cls: Incomplete + framework: Incomplete + name: Incomplete + client_id: Incomplete + client_secret: Incomplete + request_token_url: Incomplete + request_token_params: Incomplete + access_token_url: Incomplete + access_token_params: Incomplete + authorize_url: Incomplete + authorize_params: Incomplete + api_base_url: Incomplete + client_kwargs: Incomplete + def __init__( + self, + framework, + name: Incomplete | None = None, + fetch_token: Incomplete | None = None, + client_id: Incomplete | None = None, + client_secret: Incomplete | None = None, + request_token_url: Incomplete | None = None, + request_token_params: Incomplete | None = None, + access_token_url: Incomplete | None = None, + access_token_params: Incomplete | None = None, + authorize_url: Incomplete | None = None, + authorize_params: Incomplete | None = None, + api_base_url: Incomplete | None = None, + client_kwargs: Incomplete | None = None, + user_agent: Incomplete | None = None, + **kwargs, + ) -> None: ... + +class OAuth1Mixin(_RequestMixin, OAuth1Base): + def request(self, method, url, token: Incomplete | None = None, **kwargs): ... + def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ... + def fetch_access_token(self, request_token: Incomplete | None = None, **kwargs): ... + +class OAuth2Base: + client_cls: Incomplete + framework: Incomplete + name: Incomplete + client_id: Incomplete + client_secret: Incomplete + access_token_url: Incomplete + access_token_params: Incomplete + authorize_url: Incomplete + authorize_params: Incomplete + api_base_url: Incomplete + client_kwargs: Incomplete + compliance_fix: Incomplete + client_auth_methods: Incomplete + server_metadata: Incomplete + def __init__( + self, + framework, + name: Incomplete | None = None, + fetch_token: Incomplete | None = None, + update_token: Incomplete | None = None, + client_id: Incomplete | None = None, + client_secret: Incomplete | None = None, + access_token_url: Incomplete | None = None, + access_token_params: Incomplete | None = None, + authorize_url: Incomplete | None = None, + authorize_params: Incomplete | None = None, + api_base_url: Incomplete | None = None, + client_kwargs: Incomplete | None = None, + server_metadata_url: Incomplete | None = None, + compliance_fix: Incomplete | None = None, + client_auth_methods: Incomplete | None = None, + user_agent: Incomplete | None = None, + **kwargs, + ) -> None: ... + +class OAuth2Mixin(_RequestMixin, OAuth2Base): + def request(self, method, url, token: Incomplete | None = None, **kwargs): ... + def load_server_metadata(self): ... + def create_authorization_url(self, redirect_uri: Incomplete | None = None, **kwargs): ... + def fetch_access_token(self, redirect_uri: Incomplete | None = None, **kwargs): ... diff --git a/stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi b/stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi new file mode 100644 index 000000000000..8fa2426a112d --- /dev/null +++ b/stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi @@ -0,0 +1,7 @@ +from _typeshed import Incomplete + +class OpenIDMixin: + def fetch_jwk_set(self, force: bool = False): ... + def userinfo(self, **kwargs): ... + def parse_id_token(self, token, nonce, claims_options: Incomplete | None = None, leeway: int = 120): ... + def create_load_key(self): ... diff --git a/stubs/Authlib/authlib/jose/__init__.pyi b/stubs/Authlib/authlib/jose/__init__.pyi new file mode 100644 index 000000000000..e1c930f3cb2d --- /dev/null +++ b/stubs/Authlib/authlib/jose/__init__.pyi @@ -0,0 +1,44 @@ +from _typeshed import Incomplete + +from .errors import JoseError as JoseError +from .rfc7515 import ( + JsonWebSignature as JsonWebSignature, + JWSAlgorithm as JWSAlgorithm, + JWSHeader as JWSHeader, + JWSObject as JWSObject, +) +from .rfc7516 import ( + JsonWebEncryption as JsonWebEncryption, + JWEAlgorithm as JWEAlgorithm, + JWEEncAlgorithm as JWEEncAlgorithm, + JWEZipAlgorithm as JWEZipAlgorithm, +) +from .rfc7517 import JsonWebKey as JsonWebKey, Key as Key, KeySet as KeySet +from .rfc7518 import ECKey as ECKey, OctKey as OctKey, RSAKey as RSAKey +from .rfc7519 import BaseClaims as BaseClaims, JsonWebToken as JsonWebToken, JWTClaims as JWTClaims +from .rfc8037 import OKPKey as OKPKey + +__all__ = [ + "JoseError", + "JsonWebSignature", + "JWSAlgorithm", + "JWSHeader", + "JWSObject", + "JsonWebEncryption", + "JWEAlgorithm", + "JWEEncAlgorithm", + "JWEZipAlgorithm", + "JsonWebKey", + "Key", + "KeySet", + "OctKey", + "RSAKey", + "ECKey", + "OKPKey", + "JsonWebToken", + "BaseClaims", + "JWTClaims", + "jwt", +] + +jwt: Incomplete diff --git a/stubs/Authlib/authlib/jose/drafts/__init__.pyi b/stubs/Authlib/authlib/jose/drafts/__init__.pyi new file mode 100644 index 000000000000..05af39634dfd --- /dev/null +++ b/stubs/Authlib/authlib/jose/drafts/__init__.pyi @@ -0,0 +1,3 @@ +__all__ = ["register_jwe_draft"] + +def register_jwe_draft(cls) -> None: ... diff --git a/stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi b/stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi new file mode 100644 index 000000000000..df0f388935d9 --- /dev/null +++ b/stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi @@ -0,0 +1,27 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7516 import JWEAlgorithmWithTagAwareKeyAgreement + +class ECDH1PUAlgorithm(JWEAlgorithmWithTagAwareKeyAgreement): + EXTRA_HEADERS: Incomplete + ALLOWED_KEY_CLS: Incomplete + name: str + description: str + key_size: Incomplete + aeskw: Incomplete + def __init__(self, key_size: Incomplete | None = None) -> None: ... + def prepare_key(self, raw_data): ... + def generate_preset(self, enc_alg, key): ... + def compute_shared_key(self, shared_key_e, shared_key_s): ... + def compute_fixed_info(self, headers, bit_size, tag): ... + def compute_derived_key(self, shared_key, fixed_info, bit_size): ... + def deliver_at_sender(self, sender_static_key, sender_ephemeral_key, recipient_pubkey, headers, bit_size, tag): ... + def deliver_at_recipient(self, recipient_key, sender_static_pubkey, sender_ephemeral_pubkey, headers, bit_size, tag): ... + def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset: Incomplete | None = None): ... + def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag): ... + def wrap(self, enc_alg, headers, key, sender_key, preset: Incomplete | None = None): ... + def unwrap(self, enc_alg, ek, headers, key, sender_key, tag: Incomplete | None = None): ... + +JWE_DRAFT_ALG_ALGORITHMS: Incomplete + +def register_jwe_alg_draft(cls) -> None: ... diff --git a/stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptodome.pyi b/stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptodome.pyi new file mode 100644 index 000000000000..69fea45b85c7 --- /dev/null +++ b/stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptodome.pyi @@ -0,0 +1,13 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7516 import JWEEncAlgorithm + +class XC20PEncAlgorithm(JWEEncAlgorithm): + IV_SIZE: int + name: str + description: str + key_size: Incomplete + CEK_SIZE: Incomplete + def __init__(self, key_size) -> None: ... + def encrypt(self, msg, aad, iv, key): ... + def decrypt(self, ciphertext, aad, iv, tag, key): ... diff --git a/stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptography.pyi b/stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptography.pyi new file mode 100644 index 000000000000..0acb4ebb770e --- /dev/null +++ b/stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptography.pyi @@ -0,0 +1,13 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7516 import JWEEncAlgorithm + +class C20PEncAlgorithm(JWEEncAlgorithm): + IV_SIZE: int + name: str + description: str + key_size: Incomplete + CEK_SIZE: Incomplete + def __init__(self, key_size) -> None: ... + def encrypt(self, msg, aad, iv, key): ... + def decrypt(self, ciphertext, aad, iv, tag, key): ... diff --git a/stubs/Authlib/authlib/jose/errors.pyi b/stubs/Authlib/authlib/jose/errors.pyi new file mode 100644 index 000000000000..4a44693b4a32 --- /dev/null +++ b/stubs/Authlib/authlib/jose/errors.pyi @@ -0,0 +1,72 @@ +from _typeshed import Incomplete + +from authlib.common.errors import AuthlibBaseError + +class JoseError(AuthlibBaseError): ... + +class DecodeError(JoseError): + error: str + +class MissingAlgorithmError(JoseError): + error: str + +class UnsupportedAlgorithmError(JoseError): + error: str + +class BadSignatureError(JoseError): + error: str + result: Incomplete + def __init__(self, result) -> None: ... + +class InvalidHeaderParameterNameError(JoseError): + error: str + def __init__(self, name) -> None: ... + +class InvalidEncryptionAlgorithmForECDH1PUWithKeyWrappingError(JoseError): + error: str + def __init__(self) -> None: ... + +class InvalidAlgorithmForMultipleRecipientsMode(JoseError): + error: str + def __init__(self, alg) -> None: ... + +class KeyMismatchError(JoseError): + error: str + description: str + +class MissingEncryptionAlgorithmError(JoseError): + error: str + description: str + +class UnsupportedEncryptionAlgorithmError(JoseError): + error: str + description: str + +class UnsupportedCompressionAlgorithmError(JoseError): + error: str + description: str + +class InvalidUseError(JoseError): + error: str + description: str + +class InvalidClaimError(JoseError): + error: str + claim_name: Incomplete + def __init__(self, claim) -> None: ... + +class MissingClaimError(JoseError): + error: str + def __init__(self, claim) -> None: ... + +class InsecureClaimError(JoseError): + error: str + def __init__(self, claim) -> None: ... + +class ExpiredTokenError(JoseError): + error: str + description: str + +class InvalidTokenError(JoseError): + error: str + description: str diff --git a/stubs/Authlib/authlib/jose/jwk.pyi b/stubs/Authlib/authlib/jose/jwk.pyi new file mode 100644 index 000000000000..0ca658ddc97a --- /dev/null +++ b/stubs/Authlib/authlib/jose/jwk.pyi @@ -0,0 +1,4 @@ +from _typeshed import Incomplete + +def loads(obj, kid: Incomplete | None = None): ... +def dumps(key, kty: Incomplete | None = None, **params): ... diff --git a/stubs/Authlib/authlib/jose/rfc7515/__init__.pyi b/stubs/Authlib/authlib/jose/rfc7515/__init__.pyi new file mode 100644 index 000000000000..cac2e167f330 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7515/__init__.pyi @@ -0,0 +1,4 @@ +from .jws import JsonWebSignature as JsonWebSignature +from .models import JWSAlgorithm as JWSAlgorithm, JWSHeader as JWSHeader, JWSObject as JWSObject + +__all__ = ["JsonWebSignature", "JWSAlgorithm", "JWSHeader", "JWSObject"] diff --git a/stubs/Authlib/authlib/jose/rfc7515/jws.pyi b/stubs/Authlib/authlib/jose/rfc7515/jws.pyi new file mode 100644 index 000000000000..2fcd024394a0 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7515/jws.pyi @@ -0,0 +1,14 @@ +from _typeshed import Incomplete + +class JsonWebSignature: + REGISTERED_HEADER_PARAMETER_NAMES: Incomplete + ALGORITHMS_REGISTRY: Incomplete + def __init__(self, algorithms: Incomplete | None = None, private_headers: Incomplete | None = None) -> None: ... + @classmethod + def register_algorithm(cls, algorithm) -> None: ... + def serialize_compact(self, protected, payload, key): ... + def deserialize_compact(self, s, key, decode: Incomplete | None = None): ... + def serialize_json(self, header_obj, payload, key): ... + def deserialize_json(self, obj, key, decode: Incomplete | None = None): ... + def serialize(self, header, payload, key): ... + def deserialize(self, s, key, decode: Incomplete | None = None): ... diff --git a/stubs/Authlib/authlib/jose/rfc7515/models.pyi b/stubs/Authlib/authlib/jose/rfc7515/models.pyi new file mode 100644 index 000000000000..7640c759dbc9 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7515/models.pyi @@ -0,0 +1,25 @@ +from _typeshed import Incomplete + +class JWSAlgorithm: + name: Incomplete + description: Incomplete + algorithm_type: str + algorithm_location: str + def prepare_key(self, raw_data) -> None: ... + def sign(self, msg, key) -> None: ... + def verify(self, msg, sig, key) -> None: ... + +class JWSHeader(dict[str, object]): + protected: Incomplete + header: Incomplete + def __init__(self, protected, header) -> None: ... + @classmethod + def from_dict(cls, obj): ... + +class JWSObject(dict[str, object]): + header: Incomplete + payload: Incomplete + type: Incomplete + def __init__(self, header, payload, type: str = "compact") -> None: ... + @property + def headers(self): ... diff --git a/stubs/Authlib/authlib/jose/rfc7516/__init__.pyi b/stubs/Authlib/authlib/jose/rfc7516/__init__.pyi new file mode 100644 index 000000000000..84393afbd11b --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7516/__init__.pyi @@ -0,0 +1,9 @@ +from .jwe import JsonWebEncryption as JsonWebEncryption +from .models import ( + JWEAlgorithm as JWEAlgorithm, + JWEAlgorithmWithTagAwareKeyAgreement as JWEAlgorithmWithTagAwareKeyAgreement, + JWEEncAlgorithm as JWEEncAlgorithm, + JWEZipAlgorithm as JWEZipAlgorithm, +) + +__all__ = ["JsonWebEncryption", "JWEAlgorithm", "JWEAlgorithmWithTagAwareKeyAgreement", "JWEEncAlgorithm", "JWEZipAlgorithm"] diff --git a/stubs/Authlib/authlib/jose/rfc7516/jwe.pyi b/stubs/Authlib/authlib/jose/rfc7516/jwe.pyi new file mode 100644 index 000000000000..87de596064f1 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7516/jwe.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete + +class JsonWebEncryption: + REGISTERED_HEADER_PARAMETER_NAMES: Incomplete + ALG_REGISTRY: Incomplete + ENC_REGISTRY: Incomplete + ZIP_REGISTRY: Incomplete + def __init__(self, algorithms: Incomplete | None = None, private_headers: Incomplete | None = None) -> None: ... + @classmethod + def register_algorithm(cls, algorithm) -> None: ... + def serialize_compact(self, protected, payload, key, sender_key: Incomplete | None = None): ... + def serialize_json(self, header_obj, payload, keys, sender_key: Incomplete | None = None): ... + def serialize(self, header, payload, key, sender_key: Incomplete | None = None): ... + def deserialize_compact(self, s, key, decode: Incomplete | None = None, sender_key: Incomplete | None = None): ... + def deserialize_json(self, obj, key, decode: Incomplete | None = None, sender_key: Incomplete | None = None): ... + def deserialize(self, obj, key, decode: Incomplete | None = None, sender_key: Incomplete | None = None): ... + @staticmethod + def parse_json(obj): ... + def get_header_alg(self, header): ... + def get_header_enc(self, header): ... + def get_header_zip(self, header): ... + +def prepare_key(alg, header, key): ... diff --git a/stubs/Authlib/authlib/jose/rfc7516/models.pyi b/stubs/Authlib/authlib/jose/rfc7516/models.pyi new file mode 100644 index 000000000000..77879db640b5 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7516/models.pyi @@ -0,0 +1,56 @@ +from _typeshed import Incomplete +from abc import ABCMeta + +class JWEAlgorithmBase(metaclass=ABCMeta): + EXTRA_HEADERS: Incomplete + name: Incomplete + description: Incomplete + algorithm_type: str + algorithm_location: str + def prepare_key(self, raw_data) -> None: ... + def generate_preset(self, enc_alg, key) -> None: ... + +class JWEAlgorithm(JWEAlgorithmBase, metaclass=ABCMeta): + def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None) -> None: ... + def unwrap(self, enc_alg, ek, headers, key) -> None: ... + +class JWEAlgorithmWithTagAwareKeyAgreement(JWEAlgorithmBase, metaclass=ABCMeta): + def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset: Incomplete | None = None) -> None: ... + def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag) -> None: ... + def wrap(self, enc_alg, headers, key, sender_key, preset: Incomplete | None = None) -> None: ... + def unwrap(self, enc_alg, ek, headers, key, sender_key, tag: Incomplete | None = None) -> None: ... + +class JWEEncAlgorithm: + name: Incomplete + description: Incomplete + algorithm_type: str + algorithm_location: str + IV_SIZE: Incomplete + CEK_SIZE: Incomplete + def generate_cek(self): ... + def generate_iv(self): ... + def check_iv(self, iv) -> None: ... + def encrypt(self, msg, aad, iv, key) -> None: ... + def decrypt(self, ciphertext, aad, iv, tag, key) -> None: ... + +class JWEZipAlgorithm: + name: Incomplete + description: Incomplete + algorithm_type: str + algorithm_location: str + def compress(self, s) -> None: ... + def decompress(self, s) -> None: ... + +class JWESharedHeader(dict[str, object]): + protected: Incomplete + unprotected: Incomplete + def __init__(self, protected, unprotected) -> None: ... + def update_protected(self, addition) -> None: ... + @classmethod + def from_dict(cls, obj): ... + +class JWEHeader(dict[str, object]): + protected: Incomplete + unprotected: Incomplete + header: Incomplete + def __init__(self, protected, unprotected, header) -> None: ... diff --git a/stubs/Authlib/authlib/jose/rfc7517/__init__.pyi b/stubs/Authlib/authlib/jose/rfc7517/__init__.pyi new file mode 100644 index 000000000000..7a5ebe6a8eac --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7517/__init__.pyi @@ -0,0 +1,7 @@ +from ._cryptography_key import load_pem_key as load_pem_key +from .asymmetric_key import AsymmetricKey as AsymmetricKey +from .base_key import Key as Key +from .jwk import JsonWebKey as JsonWebKey +from .key_set import KeySet as KeySet + +__all__ = ["Key", "AsymmetricKey", "KeySet", "JsonWebKey", "load_pem_key"] diff --git a/stubs/Authlib/authlib/jose/rfc7517/_cryptography_key.pyi b/stubs/Authlib/authlib/jose/rfc7517/_cryptography_key.pyi new file mode 100644 index 000000000000..efb320af7c3c --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7517/_cryptography_key.pyi @@ -0,0 +1,5 @@ +from _typeshed import Incomplete + +def load_pem_key( + raw, ssh_type: Incomplete | None = None, key_type: Incomplete | None = None, password: Incomplete | None = None +): ... diff --git a/stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi b/stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi new file mode 100644 index 000000000000..ee40b4ee58ec --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi @@ -0,0 +1,39 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7517 import Key + +class AsymmetricKey(Key): + PUBLIC_KEY_FIELDS: Incomplete + PRIVATE_KEY_FIELDS: Incomplete + PRIVATE_KEY_CLS = Incomplete + PUBLIC_KEY_CLS = Incomplete + SSH_PUBLIC_PREFIX: bytes + private_key: Incomplete + public_key: Incomplete + def __init__( + self, private_key: Incomplete | None = None, public_key: Incomplete | None = None, options: Incomplete | None = None + ) -> None: ... + @property + def public_only(self): ... + def get_op_key(self, operation): ... + def get_public_key(self): ... + def get_private_key(self): ... + def load_raw_key(self) -> None: ... + def load_dict_key(self) -> None: ... + def dumps_private_key(self) -> None: ... + def dumps_public_key(self) -> None: ... + def load_private_key(self) -> None: ... + def load_public_key(self) -> None: ... + def as_dict(self, is_private: bool = False, **params): ... + def as_key(self, is_private: bool = False): ... + def as_bytes(self, encoding: Incomplete | None = None, is_private: bool = False, password: Incomplete | None = None): ... + def as_pem(self, is_private: bool = False, password: Incomplete | None = None): ... + def as_der(self, is_private: bool = False, password: Incomplete | None = None): ... + @classmethod + def import_dict_key(cls, raw, options: Incomplete | None = None): ... + @classmethod + def import_key(cls, raw, options: Incomplete | None = None): ... + @classmethod + def validate_raw_key(cls, key): ... + @classmethod + def generate_key(cls, crv_or_size, options: Incomplete | None = None, is_private: bool = False) -> AsymmetricKey: ... diff --git a/stubs/Authlib/authlib/jose/rfc7517/base_key.pyi b/stubs/Authlib/authlib/jose/rfc7517/base_key.pyi new file mode 100644 index 000000000000..001944c64841 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7517/base_key.pyi @@ -0,0 +1,28 @@ +from _typeshed import Incomplete + +class Key: + kty: str + ALLOWED_PARAMS: Incomplete + PRIVATE_KEY_OPS: Incomplete + PUBLIC_KEY_OPS: Incomplete + REQUIRED_JSON_FIELDS: Incomplete + options: Incomplete + def __init__(self, options: Incomplete | None = None) -> None: ... + @property + def tokens(self): ... + @property + def kid(self): ... + def keys(self): ... + def __getitem__(self, item): ... + @property + def public_only(self) -> None: ... + def load_raw_key(self) -> None: ... + def load_dict_key(self) -> None: ... + def check_key_op(self, operation) -> None: ... + def as_dict(self, is_private: bool = False, **params) -> None: ... + def as_json(self, is_private: bool = False, **params): ... + def thumbprint(self): ... + @classmethod + def check_required_fields(cls, data) -> None: ... + @classmethod + def validate_raw_key(cls, key) -> None: ... diff --git a/stubs/Authlib/authlib/jose/rfc7517/jwk.pyi b/stubs/Authlib/authlib/jose/rfc7517/jwk.pyi new file mode 100644 index 000000000000..c386e2d8d856 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7517/jwk.pyi @@ -0,0 +1,13 @@ +from _typeshed import Incomplete +from collections.abc import Collection, Mapping + +from authlib.jose.rfc7517 import Key, KeySet + +class JsonWebKey: + JWK_KEY_CLS: Incomplete + @classmethod + def generate_key(cls, kty, crv_or_size, options: Incomplete | None = None, is_private: bool = False): ... + @classmethod + def import_key(cls, raw: Mapping[str, object], options: Mapping[str, object] | None = None) -> Key: ... + @classmethod + def import_key_set(cls, raw: str | Collection[str] | dict[str, object]) -> KeySet: ... diff --git a/stubs/Authlib/authlib/jose/rfc7517/key_set.pyi b/stubs/Authlib/authlib/jose/rfc7517/key_set.pyi new file mode 100644 index 000000000000..11092ee28933 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7517/key_set.pyi @@ -0,0 +1,10 @@ +from collections.abc import Collection + +from authlib.jose.rfc7517 import Key + +class KeySet: + keys: Collection[Key] + def __init__(self, keys) -> None: ... + def as_dict(self, is_private: bool = False, **params): ... + def as_json(self, is_private: bool = False, **params): ... + def find_by_kid(self, kid): ... diff --git a/stubs/Authlib/authlib/jose/rfc7518/__init__.pyi b/stubs/Authlib/authlib/jose/rfc7518/__init__.pyi new file mode 100644 index 000000000000..362234a1bdd7 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/__init__.pyi @@ -0,0 +1,20 @@ +from .ec_key import ECKey as ECKey +from .jwe_algs import AESAlgorithm as AESAlgorithm, ECDHESAlgorithm as ECDHESAlgorithm, u32be_len_input as u32be_len_input +from .jwe_encs import CBCHS2EncAlgorithm as CBCHS2EncAlgorithm +from .oct_key import OctKey as OctKey +from .rsa_key import RSAKey as RSAKey + +__all__ = [ + "register_jws_rfc7518", + "register_jwe_rfc7518", + "OctKey", + "RSAKey", + "ECKey", + "u32be_len_input", + "AESAlgorithm", + "ECDHESAlgorithm", + "CBCHS2EncAlgorithm", +] + +def register_jws_rfc7518(cls) -> None: ... +def register_jwe_rfc7518(cls) -> None: ... diff --git a/stubs/Authlib/authlib/jose/rfc7518/ec_key.pyi b/stubs/Authlib/authlib/jose/rfc7518/ec_key.pyi new file mode 100644 index 000000000000..dbdf15be2993 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/ec_key.pyi @@ -0,0 +1,24 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7517 import AsymmetricKey +from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKeyWithSerialization, EllipticCurvePublicKey + +class ECKey(AsymmetricKey): + kty: str + DSS_CURVES: Incomplete + CURVES_DSS: Incomplete + REQUIRED_JSON_FIELDS: Incomplete + PUBLIC_KEY_FIELDS = REQUIRED_JSON_FIELDS + PRIVATE_KEY_FIELDS: Incomplete + PUBLIC_KEY_CLS = EllipticCurvePublicKey + PRIVATE_KEY_CLS = EllipticCurvePrivateKeyWithSerialization + SSH_PUBLIC_PREFIX: bytes + def exchange_shared_key(self, pubkey): ... + @property + def curve_key_size(self): ... + def load_private_key(self): ... + def load_public_key(self): ... + def dumps_private_key(self): ... + def dumps_public_key(self): ... + @classmethod + def generate_key(cls, crv: str = "P-256", options: Incomplete | None = None, is_private: bool = False) -> ECKey: ... diff --git a/stubs/Authlib/authlib/jose/rfc7518/jwe_algs.pyi b/stubs/Authlib/authlib/jose/rfc7518/jwe_algs.pyi new file mode 100644 index 000000000000..ff4fb5cb27a3 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/jwe_algs.pyi @@ -0,0 +1,64 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7516 import JWEAlgorithm + +class DirectAlgorithm(JWEAlgorithm): + name: str + description: str + def prepare_key(self, raw_data): ... + def generate_preset(self, enc_alg, key): ... + def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ... + def unwrap(self, enc_alg, ek, headers, key): ... + +class RSAAlgorithm(JWEAlgorithm): + key_size: int + name: Incomplete + description: Incomplete + padding: Incomplete + def __init__(self, name, description, pad_fn) -> None: ... + def prepare_key(self, raw_data): ... + def generate_preset(self, enc_alg, key): ... + def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ... + def unwrap(self, enc_alg, ek, headers, key): ... + +class AESAlgorithm(JWEAlgorithm): + name: Incomplete + description: Incomplete + key_size: Incomplete + def __init__(self, key_size) -> None: ... + def prepare_key(self, raw_data): ... + def generate_preset(self, enc_alg, key): ... + def wrap_cek(self, cek, key): ... + def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ... + def unwrap(self, enc_alg, ek, headers, key): ... + +class AESGCMAlgorithm(JWEAlgorithm): + EXTRA_HEADERS: Incomplete + name: Incomplete + description: Incomplete + key_size: Incomplete + def __init__(self, key_size) -> None: ... + def prepare_key(self, raw_data): ... + def generate_preset(self, enc_alg, key): ... + def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ... + def unwrap(self, enc_alg, ek, headers, key): ... + +class ECDHESAlgorithm(JWEAlgorithm): + EXTRA_HEADERS: Incomplete + ALLOWED_KEY_CLS = Incomplete + name: str + description: str + key_size: Incomplete + aeskw: Incomplete + def __init__(self, key_size: Incomplete | None = None) -> None: ... + def prepare_key(self, raw_data): ... + def generate_preset(self, enc_alg, key): ... + def compute_fixed_info(self, headers, bit_size): ... + def compute_derived_key(self, shared_key, fixed_info, bit_size): ... + def deliver(self, key, pubkey, headers, bit_size): ... + def wrap(self, enc_alg, headers, key, preset: Incomplete | None = None): ... + def unwrap(self, enc_alg, ek, headers, key): ... + +def u32be_len_input(s, base64: bool = False): ... + +JWE_ALG_ALGORITHMS: Incomplete diff --git a/stubs/Authlib/authlib/jose/rfc7518/jwe_encs.pyi b/stubs/Authlib/authlib/jose/rfc7518/jwe_encs.pyi new file mode 100644 index 000000000000..6d1dc2d73cd8 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/jwe_encs.pyi @@ -0,0 +1,27 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7516 import JWEEncAlgorithm + +class CBCHS2EncAlgorithm(JWEEncAlgorithm): + IV_SIZE: int + name: Incomplete + description: Incomplete + key_size: Incomplete + key_len: Incomplete + CEK_SIZE: Incomplete + hash_alg: Incomplete + def __init__(self, key_size, hash_type) -> None: ... + def encrypt(self, msg, aad, iv, key): ... + def decrypt(self, ciphertext, aad, iv, tag, key): ... + +class GCMEncAlgorithm(JWEEncAlgorithm): + IV_SIZE: int + name: Incomplete + description: Incomplete + key_size: Incomplete + CEK_SIZE: Incomplete + def __init__(self, key_size) -> None: ... + def encrypt(self, msg, aad, iv, key): ... + def decrypt(self, ciphertext, aad, iv, tag, key): ... + +JWE_ENC_ALGORITHMS: Incomplete diff --git a/stubs/Authlib/authlib/jose/rfc7518/jwe_zips.pyi b/stubs/Authlib/authlib/jose/rfc7518/jwe_zips.pyi new file mode 100644 index 000000000000..bf456649a113 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/jwe_zips.pyi @@ -0,0 +1,9 @@ +from authlib.jose.rfc7516 import JWEZipAlgorithm + +class DeflateZipAlgorithm(JWEZipAlgorithm): + name: str + description: str + def compress(self, s): ... + def decompress(self, s): ... + +def register_jwe_rfc7518() -> None: ... diff --git a/stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi b/stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi new file mode 100644 index 000000000000..5bcca23de4d0 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi @@ -0,0 +1,63 @@ +import hashlib +from _typeshed import Incomplete + +from authlib.jose.rfc7515 import JWSAlgorithm + +class NoneAlgorithm(JWSAlgorithm): + name: str + description: str + def prepare_key(self, raw_data) -> None: ... + def sign(self, msg, key): ... + def verify(self, msg, sig, key): ... + +class HMACAlgorithm(JWSAlgorithm): + SHA256 = hashlib.sha256 + SHA384 = hashlib.sha384 + SHA512 = hashlib.sha512 + name: Incomplete + description: Incomplete + hash_alg: Incomplete + def __init__(self, sha_type) -> None: ... + def prepare_key(self, raw_data): ... + def sign(self, msg, key): ... + def verify(self, msg, sig, key): ... + +class RSAAlgorithm(JWSAlgorithm): + SHA256: Incomplete + SHA384: Incomplete + SHA512: Incomplete + name: Incomplete + description: Incomplete + hash_alg: Incomplete + padding: Incomplete + def __init__(self, sha_type) -> None: ... + def prepare_key(self, raw_data): ... + def sign(self, msg, key): ... + def verify(self, msg, sig, key): ... + +class ECAlgorithm(JWSAlgorithm): + SHA256: Incomplete + SHA384: Incomplete + SHA512: Incomplete + name: Incomplete + curve: Incomplete + description: Incomplete + hash_alg: Incomplete + def __init__(self, name, curve, sha_type) -> None: ... + def prepare_key(self, raw_data): ... + def sign(self, msg, key): ... + def verify(self, msg, sig, key): ... + +class RSAPSSAlgorithm(JWSAlgorithm): + SHA256: Incomplete + SHA384: Incomplete + SHA512: Incomplete + name: Incomplete + description: Incomplete + hash_alg: Incomplete + def __init__(self, sha_type) -> None: ... + def prepare_key(self, raw_data): ... + def sign(self, msg, key): ... + def verify(self, msg, sig, key): ... + +JWS_ALGORITHMS: Incomplete diff --git a/stubs/Authlib/authlib/jose/rfc7518/oct_key.pyi b/stubs/Authlib/authlib/jose/rfc7518/oct_key.pyi new file mode 100644 index 000000000000..0a7674138585 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/oct_key.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7517 import Key + +POSSIBLE_UNSAFE_KEYS: Incomplete + +class OctKey(Key): + kty: str + REQUIRED_JSON_FIELDS: Incomplete + raw_key: Incomplete + def __init__(self, raw_key: Incomplete | None = None, options: Incomplete | None = None) -> None: ... + @property + def public_only(self): ... + def get_op_key(self, operation): ... + def load_raw_key(self) -> None: ... + def load_dict_key(self) -> None: ... + def as_dict(self, is_private: bool = False, **params): ... + @classmethod + def validate_raw_key(cls, key): ... + @classmethod + def import_key(cls, raw, options: Incomplete | None = None): ... + @classmethod + def generate_key(cls, key_size: int = 256, options: Incomplete | None = None, is_private: bool = True): ... diff --git a/stubs/Authlib/authlib/jose/rfc7518/rsa_key.pyi b/stubs/Authlib/authlib/jose/rfc7518/rsa_key.pyi new file mode 100644 index 000000000000..b2c78670128b --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/rsa_key.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7517 import AsymmetricKey +from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKeyWithSerialization, RSAPublicKey + +class RSAKey(AsymmetricKey): + kty: str + PUBLIC_KEY_CLS = RSAPublicKey + PRIVATE_KEY_CLS = RSAPrivateKeyWithSerialization + PUBLIC_KEY_FIELDS: Incomplete + PRIVATE_KEY_FIELDS: Incomplete + REQUIRED_JSON_FIELDS: Incomplete + SSH_PUBLIC_PREFIX: bytes + def dumps_private_key(self): ... + def dumps_public_key(self): ... + def load_private_key(self): ... + def load_public_key(self): ... + @classmethod + def generate_key(cls, key_size: int = 2048, options: Incomplete | None = None, is_private: bool = False) -> RSAKey: ... + @classmethod + def import_dict_key(cls, raw, options: Incomplete | None = None): ... + +def has_all_prime_factors(obj): ... diff --git a/stubs/Authlib/authlib/jose/rfc7518/util.pyi b/stubs/Authlib/authlib/jose/rfc7518/util.pyi new file mode 100644 index 000000000000..f691a9d274f6 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7518/util.pyi @@ -0,0 +1,2 @@ +def encode_int(num, bits): ... +def decode_int(b): ... diff --git a/stubs/Authlib/authlib/jose/rfc7519/__init__.pyi b/stubs/Authlib/authlib/jose/rfc7519/__init__.pyi new file mode 100644 index 000000000000..bb053f7d5142 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7519/__init__.pyi @@ -0,0 +1,4 @@ +from .claims import BaseClaims as BaseClaims, JWTClaims as JWTClaims +from .jwt import JsonWebToken as JsonWebToken + +__all__ = ["JsonWebToken", "BaseClaims", "JWTClaims"] diff --git a/stubs/Authlib/authlib/jose/rfc7519/claims.pyi b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi new file mode 100644 index 000000000000..e195536a74b4 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7519/claims.pyi @@ -0,0 +1,21 @@ +from _typeshed import Incomplete + +class BaseClaims(dict[str, object]): + REGISTERED_CLAIMS: Incomplete + header: Incomplete + options: Incomplete + params: Incomplete + def __init__(self, payload, header, options: Incomplete | None = None, params: Incomplete | None = None) -> None: ... + def __getattr__(self, key): ... + def get_registered_claims(self): ... + +class JWTClaims(BaseClaims): + REGISTERED_CLAIMS: Incomplete + def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ... + def validate_iss(self) -> None: ... + def validate_sub(self) -> None: ... + def validate_aud(self) -> None: ... + def validate_exp(self, now, leeway) -> None: ... + def validate_nbf(self, now, leeway) -> None: ... + def validate_iat(self, now, leeway) -> None: ... + def validate_jti(self) -> None: ... diff --git a/stubs/Authlib/authlib/jose/rfc7519/jwt.pyi b/stubs/Authlib/authlib/jose/rfc7519/jwt.pyi new file mode 100644 index 000000000000..270722ede34f --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc7519/jwt.pyi @@ -0,0 +1,21 @@ +from _typeshed import Incomplete + +class JsonWebToken: + SENSITIVE_NAMES: Incomplete + SENSITIVE_VALUES: Incomplete + def __init__(self, algorithms, private_headers: Incomplete | None = None) -> None: ... + def check_sensitive_data(self, payload) -> None: ... + def encode(self, header, payload, key, check: bool = True): ... + def decode( + self, + s, + key, + claims_cls: Incomplete | None = None, + claims_options: Incomplete | None = None, + claims_params: Incomplete | None = None, + ): ... + +def decode_payload(bytes_payload): ... +def prepare_raw_key(raw): ... +def find_encode_key(key, header): ... +def create_load_key(key): ... diff --git a/stubs/Authlib/authlib/jose/rfc8037/__init__.pyi b/stubs/Authlib/authlib/jose/rfc8037/__init__.pyi new file mode 100644 index 000000000000..915582d47ac5 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc8037/__init__.pyi @@ -0,0 +1,4 @@ +from .jws_eddsa import register_jws_rfc8037 as register_jws_rfc8037 +from .okp_key import OKPKey as OKPKey + +__all__ = ["register_jws_rfc8037", "OKPKey"] diff --git a/stubs/Authlib/authlib/jose/rfc8037/jws_eddsa.pyi b/stubs/Authlib/authlib/jose/rfc8037/jws_eddsa.pyi new file mode 100644 index 000000000000..c6f1e628a139 --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc8037/jws_eddsa.pyi @@ -0,0 +1,10 @@ +from authlib.jose.rfc7515 import JWSAlgorithm + +class EdDSAAlgorithm(JWSAlgorithm): + name: str + description: str + def prepare_key(self, raw_data): ... + def sign(self, msg, key): ... + def verify(self, msg, sig, key): ... + +def register_jws_rfc8037(cls) -> None: ... diff --git a/stubs/Authlib/authlib/jose/rfc8037/okp_key.pyi b/stubs/Authlib/authlib/jose/rfc8037/okp_key.pyi new file mode 100644 index 000000000000..1b938de4ed8b --- /dev/null +++ b/stubs/Authlib/authlib/jose/rfc8037/okp_key.pyi @@ -0,0 +1,24 @@ +from _typeshed import Incomplete + +from authlib.jose.rfc7517 import AsymmetricKey + +PUBLIC_KEYS_MAP: Incomplete +PRIVATE_KEYS_MAP: Incomplete + +class OKPKey(AsymmetricKey): + kty: str + REQUIRED_JSON_FIELDS: Incomplete + PUBLIC_KEY_FIELDS = REQUIRED_JSON_FIELDS + PRIVATE_KEY_FIELDS: Incomplete + PUBLIC_KEY_CLS: Incomplete + PRIVATE_KEY_CLS: Incomplete + SSH_PUBLIC_PREFIX: bytes + def exchange_shared_key(self, pubkey): ... + @staticmethod + def get_key_curve(key): ... + def load_private_key(self): ... + def load_public_key(self): ... + def dumps_private_key(self): ... + def dumps_public_key(self, public_key: Incomplete | None = None): ... + @classmethod + def generate_key(cls, crv: str = "Ed25519", options: Incomplete | None = None, is_private: bool = False) -> OKPKey: ... diff --git a/stubs/Authlib/authlib/jose/util.pyi b/stubs/Authlib/authlib/jose/util.pyi new file mode 100644 index 000000000000..ef9dc7671b67 --- /dev/null +++ b/stubs/Authlib/authlib/jose/util.pyi @@ -0,0 +1,3 @@ +def extract_header(header_segment, error_cls): ... +def extract_segment(segment, error_cls, name: str = "payload"): ... +def ensure_dict(s, structure_name): ... diff --git a/stubs/Authlib/authlib/oauth1/__init__.pyi b/stubs/Authlib/authlib/oauth1/__init__.pyi new file mode 100644 index 000000000000..053e8f1d2c33 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/__init__.pyi @@ -0,0 +1,33 @@ +from .rfc5849 import ( + SIGNATURE_HMAC_SHA1 as SIGNATURE_HMAC_SHA1, + SIGNATURE_PLAINTEXT as SIGNATURE_PLAINTEXT, + SIGNATURE_RSA_SHA1 as SIGNATURE_RSA_SHA1, + SIGNATURE_TYPE_BODY as SIGNATURE_TYPE_BODY, + SIGNATURE_TYPE_HEADER as SIGNATURE_TYPE_HEADER, + SIGNATURE_TYPE_QUERY as SIGNATURE_TYPE_QUERY, + AuthorizationServer as AuthorizationServer, + ClientAuth as ClientAuth, + ClientMixin as ClientMixin, + OAuth1Request as OAuth1Request, + ResourceProtector as ResourceProtector, + TemporaryCredential as TemporaryCredential, + TemporaryCredentialMixin as TemporaryCredentialMixin, + TokenCredentialMixin as TokenCredentialMixin, +) + +__all__ = [ + "OAuth1Request", + "ClientAuth", + "SIGNATURE_HMAC_SHA1", + "SIGNATURE_RSA_SHA1", + "SIGNATURE_PLAINTEXT", + "SIGNATURE_TYPE_HEADER", + "SIGNATURE_TYPE_QUERY", + "SIGNATURE_TYPE_BODY", + "ClientMixin", + "TemporaryCredentialMixin", + "TokenCredentialMixin", + "TemporaryCredential", + "AuthorizationServer", + "ResourceProtector", +] diff --git a/stubs/Authlib/authlib/oauth1/client.pyi b/stubs/Authlib/authlib/oauth1/client.pyi new file mode 100644 index 000000000000..a7823d5211e9 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/client.pyi @@ -0,0 +1,39 @@ +from _typeshed import Incomplete + +from authlib.oauth1 import ClientAuth + +class OAuth1Client: + auth_class: type[ClientAuth] = ... + session: Incomplete + auth: Incomplete + def __init__( + self, + session, + client_id, + client_secret: Incomplete | None = None, + token: Incomplete | None = None, + token_secret: Incomplete | None = None, + redirect_uri: Incomplete | None = None, + rsa_key: Incomplete | None = None, + verifier: Incomplete | None = None, + signature_method="HMAC-SHA1", + signature_type="HEADER", + force_include_body: bool = False, + realm: Incomplete | None = None, + **kwargs, + ) -> None: ... + @property + def redirect_uri(self): ... + @redirect_uri.setter + def redirect_uri(self, uri) -> None: ... + @property + def token(self): ... + @token.setter + def token(self, token) -> None: ... + def create_authorization_url(self, url, request_token: Incomplete | None = None, **kwargs): ... + def fetch_request_token(self, url, **kwargs): ... + def fetch_access_token(self, url, verifier: Incomplete | None = None, **kwargs): ... + def parse_authorization_response(self, url): ... + def parse_response_token(self, status_code, text): ... + @staticmethod + def handle_error(error_type, error_description) -> None: ... diff --git a/stubs/Authlib/authlib/oauth1/errors.pyi b/stubs/Authlib/authlib/oauth1/errors.pyi new file mode 100644 index 000000000000..21c42b76694a --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/errors.pyi @@ -0,0 +1 @@ +from authlib.oauth1.rfc5849.errors import * diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/__init__.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/__init__.pyi new file mode 100644 index 000000000000..f6cd313f97d5 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/__init__.pyi @@ -0,0 +1,35 @@ +from .authorization_server import AuthorizationServer as AuthorizationServer +from .client_auth import ClientAuth as ClientAuth +from .models import ( + ClientMixin as ClientMixin, + TemporaryCredential as TemporaryCredential, + TemporaryCredentialMixin as TemporaryCredentialMixin, + TokenCredentialMixin as TokenCredentialMixin, +) +from .resource_protector import ResourceProtector as ResourceProtector +from .signature import ( + SIGNATURE_HMAC_SHA1 as SIGNATURE_HMAC_SHA1, + SIGNATURE_PLAINTEXT as SIGNATURE_PLAINTEXT, + SIGNATURE_RSA_SHA1 as SIGNATURE_RSA_SHA1, + SIGNATURE_TYPE_BODY as SIGNATURE_TYPE_BODY, + SIGNATURE_TYPE_HEADER as SIGNATURE_TYPE_HEADER, + SIGNATURE_TYPE_QUERY as SIGNATURE_TYPE_QUERY, +) +from .wrapper import OAuth1Request as OAuth1Request + +__all__ = [ + "OAuth1Request", + "ClientAuth", + "SIGNATURE_HMAC_SHA1", + "SIGNATURE_RSA_SHA1", + "SIGNATURE_PLAINTEXT", + "SIGNATURE_TYPE_HEADER", + "SIGNATURE_TYPE_QUERY", + "SIGNATURE_TYPE_BODY", + "ClientMixin", + "TemporaryCredentialMixin", + "TokenCredentialMixin", + "TemporaryCredential", + "AuthorizationServer", + "ResourceProtector", +] diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/authorization_server.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/authorization_server.pyi new file mode 100644 index 000000000000..62073bb460f4 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/authorization_server.pyi @@ -0,0 +1,21 @@ +from _typeshed import Incomplete + +from authlib.oauth1.rfc5849.base_server import BaseServer + +class AuthorizationServer(BaseServer): + TOKEN_RESPONSE_HEADER: Incomplete + TEMPORARY_CREDENTIALS_METHOD: str + def create_oauth1_request(self, request) -> None: ... + def handle_response(self, status_code, payload, headers) -> None: ... + def handle_error_response(self, error): ... + def validate_temporary_credentials_request(self, request): ... + def create_temporary_credentials_response(self, request: Incomplete | None = None): ... + def validate_authorization_request(self, request): ... + def create_authorization_response(self, request, grant_user: Incomplete | None = None): ... + def validate_token_request(self, request): ... + def create_token_response(self, request): ... + def create_temporary_credential(self, request) -> None: ... + def get_temporary_credential(self, request) -> None: ... + def delete_temporary_credential(self, request) -> None: ... + def create_authorization_verifier(self, request) -> None: ... + def create_token_credential(self, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/base_server.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/base_server.pyi new file mode 100644 index 000000000000..17f8ad953126 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/base_server.pyi @@ -0,0 +1,12 @@ +from _typeshed import Incomplete + +class BaseServer: + SIGNATURE_METHODS: Incomplete + SUPPORTED_SIGNATURE_METHODS: Incomplete + EXPIRY_TIME: int + @classmethod + def register_signature_method(cls, name, verify) -> None: ... + def validate_timestamp_and_nonce(self, request) -> None: ... + def validate_oauth_signature(self, request) -> None: ... + def get_client_by_id(self, client_id) -> None: ... + def exists_nonce(self, nonce, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/client_auth.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/client_auth.pyi new file mode 100644 index 000000000000..05e033dbb42c --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/client_auth.pyi @@ -0,0 +1,41 @@ +from _typeshed import Incomplete + +CONTENT_TYPE_FORM_URLENCODED: str +CONTENT_TYPE_MULTI_PART: str + +class ClientAuth: + SIGNATURE_METHODS: Incomplete + @classmethod + def register_signature_method(cls, name, sign) -> None: ... + client_id: Incomplete + client_secret: Incomplete + token: Incomplete + token_secret: Incomplete + redirect_uri: Incomplete + signature_method: Incomplete + signature_type: Incomplete + rsa_key: Incomplete + verifier: Incomplete + realm: Incomplete + force_include_body: Incomplete + def __init__( + self, + client_id, + client_secret: Incomplete | None = None, + token: Incomplete | None = None, + token_secret: Incomplete | None = None, + redirect_uri: Incomplete | None = None, + rsa_key: Incomplete | None = None, + verifier: Incomplete | None = None, + signature_method="HMAC-SHA1", + signature_type="HEADER", + realm: Incomplete | None = None, + force_include_body: bool = False, + ) -> None: ... + def get_oauth_signature(self, method, uri, headers, body): ... + def get_oauth_params(self, nonce, timestamp): ... + def sign(self, method, uri, headers, body): ... + def prepare(self, method, uri, headers, body): ... + +def generate_nonce(): ... +def generate_timestamp(): ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/errors.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/errors.pyi new file mode 100644 index 000000000000..9c5f35d53b35 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/errors.pyi @@ -0,0 +1,56 @@ +from _typeshed import Incomplete + +from authlib.common.errors import AuthlibHTTPError + +class OAuth1Error(AuthlibHTTPError): + def __init__( + self, description: Incomplete | None = None, uri: Incomplete | None = None, status_code: Incomplete | None = None + ) -> None: ... + def get_headers(self): ... + +class InsecureTransportError(OAuth1Error): + error: str + description: str + @classmethod + def check(cls, uri) -> None: ... + +class InvalidRequestError(OAuth1Error): + error: str + +class UnsupportedParameterError(OAuth1Error): + error: str + +class UnsupportedSignatureMethodError(OAuth1Error): + error: str + +class MissingRequiredParameterError(OAuth1Error): + error: str + def __init__(self, key) -> None: ... + +class DuplicatedOAuthProtocolParameterError(OAuth1Error): + error: str + +class InvalidClientError(OAuth1Error): + error: str + status_code: int + +class InvalidTokenError(OAuth1Error): + error: str + description: str + status_code: int + +class InvalidSignatureError(OAuth1Error): + error: str + status_code: int + +class InvalidNonceError(OAuth1Error): + error: str + status_code: int + +class AccessDeniedError(OAuth1Error): + error: str + description: str + +class MethodNotAllowedError(OAuth1Error): + error: str + status_code: int diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/models.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/models.pyi new file mode 100644 index 000000000000..4deaea6efdfa --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/models.pyi @@ -0,0 +1,21 @@ +class ClientMixin: + def get_default_redirect_uri(self) -> None: ... + def get_client_secret(self) -> None: ... + def get_rsa_public_key(self) -> None: ... + +class TokenCredentialMixin: + def get_oauth_token(self) -> None: ... + def get_oauth_token_secret(self) -> None: ... + +class TemporaryCredentialMixin(TokenCredentialMixin): + def get_client_id(self) -> None: ... + def get_redirect_uri(self) -> None: ... + def check_verifier(self, verifier) -> None: ... + +class TemporaryCredential(dict[str, object], TemporaryCredentialMixin): + def get_client_id(self): ... + def get_user_id(self): ... + def get_redirect_uri(self): ... + def check_verifier(self, verifier): ... + def get_oauth_token(self): ... + def get_oauth_token_secret(self): ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/parameters.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/parameters.pyi new file mode 100644 index 000000000000..98bd2f2ba389 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/parameters.pyi @@ -0,0 +1,5 @@ +from _typeshed import Incomplete + +def prepare_headers(oauth_params, headers: Incomplete | None = None, realm: Incomplete | None = None): ... +def prepare_form_encoded_body(oauth_params, body): ... +def prepare_request_uri_query(oauth_params, uri): ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/resource_protector.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/resource_protector.pyi new file mode 100644 index 000000000000..78c3fbe96cb2 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/resource_protector.pyi @@ -0,0 +1,5 @@ +from authlib.oauth1.rfc5849.base_server import BaseServer + +class ResourceProtector(BaseServer): + def validate_request(self, method, uri, body, headers): ... + def get_token_credential(self, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/rsa.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/rsa.pyi new file mode 100644 index 000000000000..c08bb419df93 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/rsa.pyi @@ -0,0 +1,2 @@ +def sign_sha1(msg, rsa_private_key): ... +def verify_sha1(sig, msg, rsa_public_key): ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/signature.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/signature.pyi new file mode 100644 index 000000000000..8279b465dc09 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/signature.pyi @@ -0,0 +1,22 @@ +from _typeshed import Incomplete + +SIGNATURE_HMAC_SHA1: str +SIGNATURE_RSA_SHA1: str +SIGNATURE_PLAINTEXT: str +SIGNATURE_TYPE_HEADER: str +SIGNATURE_TYPE_QUERY: str +SIGNATURE_TYPE_BODY: str + +def construct_base_string(method, uri, params, host: Incomplete | None = None): ... +def normalize_base_string_uri(uri, host: Incomplete | None = None): ... +def normalize_parameters(params): ... +def generate_signature_base_string(request): ... +def hmac_sha1_signature(base_string, client_secret, token_secret): ... +def rsa_sha1_signature(base_string, rsa_private_key): ... +def plaintext_signature(client_secret, token_secret): ... +def sign_hmac_sha1(client, request): ... +def sign_rsa_sha1(client, request): ... +def sign_plaintext(client, request): ... +def verify_hmac_sha1(request): ... +def verify_rsa_sha1(request): ... +def verify_plaintext(request): ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/util.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/util.pyi new file mode 100644 index 000000000000..7d64aaa66113 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/util.pyi @@ -0,0 +1,2 @@ +def escape(s): ... +def unescape(s): ... diff --git a/stubs/Authlib/authlib/oauth1/rfc5849/wrapper.pyi b/stubs/Authlib/authlib/oauth1/rfc5849/wrapper.pyi new file mode 100644 index 000000000000..21696ccac9b9 --- /dev/null +++ b/stubs/Authlib/authlib/oauth1/rfc5849/wrapper.pyi @@ -0,0 +1,33 @@ +from _typeshed import Incomplete + +class OAuth1Request: + method: Incomplete + uri: Incomplete + body: Incomplete + headers: Incomplete + client: Incomplete + credential: Incomplete + user: Incomplete + query: Incomplete + query_params: Incomplete + body_params: Incomplete + params: Incomplete + def __init__(self, method, uri, body: Incomplete | None = None, headers: Incomplete | None = None) -> None: ... + @property + def client_id(self): ... + @property + def client_secret(self): ... + @property + def rsa_public_key(self): ... + @property + def timestamp(self): ... + @property + def redirect_uri(self): ... + @property + def signature(self): ... + @property + def signature_method(self): ... + @property + def token(self): ... + @property + def token_secret(self): ... diff --git a/stubs/Authlib/authlib/oauth2/__init__.pyi b/stubs/Authlib/authlib/oauth2/__init__.pyi new file mode 100644 index 000000000000..716ca9309f0c --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/__init__.pyi @@ -0,0 +1,22 @@ +from .auth import ClientAuth as ClientAuth, TokenAuth as TokenAuth +from .base import OAuth2Error as OAuth2Error +from .client import OAuth2Client as OAuth2Client +from .rfc6749 import ( + AuthorizationServer as AuthorizationServer, + ClientAuthentication as ClientAuthentication, + JsonRequest as JsonRequest, + OAuth2Request as OAuth2Request, + ResourceProtector as ResourceProtector, +) + +__all__ = [ + "OAuth2Error", + "ClientAuth", + "TokenAuth", + "OAuth2Client", + "OAuth2Request", + "JsonRequest", + "AuthorizationServer", + "ClientAuthentication", + "ResourceProtector", +] diff --git a/stubs/Authlib/authlib/oauth2/auth.pyi b/stubs/Authlib/authlib/oauth2/auth.pyi new file mode 100644 index 000000000000..c06c35cafdbc --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/auth.pyi @@ -0,0 +1,24 @@ +from _typeshed import Incomplete + +def encode_client_secret_basic(client, method, uri, headers, body): ... +def encode_client_secret_post(client, method, uri, headers, body): ... +def encode_none(client, method, uri, headers, body): ... + +class ClientAuth: + DEFAULT_AUTH_METHODS: Incomplete + client_id: Incomplete + client_secret: Incomplete + auth_method: Incomplete + def __init__(self, client_id, client_secret, auth_method: Incomplete | None = None) -> None: ... + def prepare(self, method, uri, headers, body): ... + +class TokenAuth: + DEFAULT_TOKEN_TYPE: str + SIGN_METHODS: Incomplete + token: Incomplete + token_placement: Incomplete + client: Incomplete + hooks: Incomplete + def __init__(self, token, token_placement: str = "header", client: Incomplete | None = None) -> None: ... + def set_token(self, token) -> None: ... + def prepare(self, uri, headers, body): ... diff --git a/stubs/Authlib/authlib/oauth2/base.pyi b/stubs/Authlib/authlib/oauth2/base.pyi new file mode 100644 index 000000000000..4359ffb53120 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/base.pyi @@ -0,0 +1,20 @@ +from _typeshed import Incomplete + +from authlib.common.errors import AuthlibHTTPError + +class OAuth2Error(AuthlibHTTPError): + state: Incomplete + redirect_uri: Incomplete + redirect_fragment: Incomplete + def __init__( + self, + description: Incomplete | None = None, + uri: Incomplete | None = None, + status_code: Incomplete | None = None, + state: Incomplete | None = None, + redirect_uri: Incomplete | None = None, + redirect_fragment: bool = False, + error: Incomplete | None = None, + ) -> None: ... + def get_body(self): ... + def __call__(self, uri: Incomplete | None = None): ... diff --git a/stubs/Authlib/authlib/oauth2/client.pyi b/stubs/Authlib/authlib/oauth2/client.pyi new file mode 100644 index 000000000000..4656ed8f2b28 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/client.pyi @@ -0,0 +1,96 @@ +from _typeshed import Incomplete + +from authlib.oauth2 import ClientAuth, OAuth2Error, TokenAuth + +DEFAULT_HEADERS: Incomplete + +class OAuth2Client: + client_auth_class = ClientAuth + token_auth_class = TokenAuth + oauth_error_class = OAuth2Error + EXTRA_AUTHORIZE_PARAMS: Incomplete + SESSION_REQUEST_PARAMS: Incomplete + session: Incomplete + client_id: Incomplete + client_secret: Incomplete + state: Incomplete + token_endpoint_auth_method: Incomplete + revocation_endpoint_auth_method: Incomplete + scope: Incomplete + redirect_uri: Incomplete + code_challenge_method: Incomplete + token_auth: Incomplete + update_token: Incomplete + metadata: Incomplete + compliance_hook: Incomplete + leeway: Incomplete + def __init__( + self, + session, + client_id: Incomplete | None = None, + client_secret: Incomplete | None = None, + token_endpoint_auth_method: Incomplete | None = None, + revocation_endpoint_auth_method: Incomplete | None = None, + scope: Incomplete | None = None, + state: Incomplete | None = None, + redirect_uri: Incomplete | None = None, + code_challenge_method: Incomplete | None = None, + token: Incomplete | None = None, + token_placement: str = "header", + update_token: Incomplete | None = None, + leeway: int = 60, + **metadata, + ) -> None: ... + def register_client_auth_method(self, auth) -> None: ... + def client_auth(self, auth_method): ... + @property + def token(self): ... + @token.setter + def token(self, token) -> None: ... + def create_authorization_url( + self, url, state: Incomplete | None = None, code_verifier: Incomplete | None = None, **kwargs + ): ... + def fetch_token( + self, + url: Incomplete | None = None, + body: str = "", + method: str = "POST", + headers: Incomplete | None = None, + auth: Incomplete | None = None, + grant_type: Incomplete | None = None, + state: Incomplete | None = None, + **kwargs, + ): ... + def token_from_fragment(self, authorization_response, state: Incomplete | None = None): ... + def refresh_token( + self, + url: Incomplete | None = None, + refresh_token: Incomplete | None = None, + body: str = "", + auth: Incomplete | None = None, + headers: Incomplete | None = None, + **kwargs, + ): ... + def ensure_active_token(self, token: Incomplete | None = None): ... + def revoke_token( + self, + url, + token: Incomplete | None = None, + token_type_hint: Incomplete | None = None, + body: Incomplete | None = None, + auth: Incomplete | None = None, + headers: Incomplete | None = None, + **kwargs, + ): ... + def introspect_token( + self, + url, + token: Incomplete | None = None, + token_type_hint: Incomplete | None = None, + body: Incomplete | None = None, + auth: Incomplete | None = None, + headers: Incomplete | None = None, + **kwargs, + ): ... + def register_compliance_hook(self, hook_type, hook) -> None: ... + def parse_response_token(self, resp): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi new file mode 100644 index 000000000000..2e5ddb3a6130 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi @@ -0,0 +1,76 @@ +from .authenticate_client import ClientAuthentication as ClientAuthentication +from .authorization_server import AuthorizationServer as AuthorizationServer +from .errors import ( + AccessDeniedError as AccessDeniedError, + InsecureTransportError as InsecureTransportError, + InvalidClientError as InvalidClientError, + InvalidGrantError as InvalidGrantError, + InvalidRequestError as InvalidRequestError, + InvalidScopeError as InvalidScopeError, + MismatchingStateException as MismatchingStateException, + MissingAuthorizationError as MissingAuthorizationError, + MissingCodeException as MissingCodeException, + MissingTokenException as MissingTokenException, + MissingTokenTypeException as MissingTokenTypeException, + OAuth2Error as OAuth2Error, + UnauthorizedClientError as UnauthorizedClientError, + UnsupportedGrantTypeError as UnsupportedGrantTypeError, + UnsupportedResponseTypeError as UnsupportedResponseTypeError, + UnsupportedTokenTypeError as UnsupportedTokenTypeError, +) +from .grants import ( + AuthorizationCodeGrant as AuthorizationCodeGrant, + AuthorizationEndpointMixin as AuthorizationEndpointMixin, + BaseGrant as BaseGrant, + ClientCredentialsGrant as ClientCredentialsGrant, + ImplicitGrant as ImplicitGrant, + RefreshTokenGrant as RefreshTokenGrant, + ResourceOwnerPasswordCredentialsGrant as ResourceOwnerPasswordCredentialsGrant, + TokenEndpointMixin as TokenEndpointMixin, +) +from .models import AuthorizationCodeMixin as AuthorizationCodeMixin, ClientMixin as ClientMixin, TokenMixin as TokenMixin +from .requests import JsonRequest as JsonRequest, OAuth2Request as OAuth2Request +from .resource_protector import ResourceProtector as ResourceProtector, TokenValidator as TokenValidator +from .token_endpoint import TokenEndpoint as TokenEndpoint +from .util import list_to_scope as list_to_scope, scope_to_list as scope_to_list +from .wrappers import OAuth2Token as OAuth2Token + +__all__ = [ + "OAuth2Token", + "OAuth2Request", + "JsonRequest", + "OAuth2Error", + "AccessDeniedError", + "MissingAuthorizationError", + "InvalidGrantError", + "InvalidClientError", + "InvalidRequestError", + "InvalidScopeError", + "InsecureTransportError", + "UnauthorizedClientError", + "UnsupportedResponseTypeError", + "UnsupportedGrantTypeError", + "UnsupportedTokenTypeError", + "MissingCodeException", + "MissingTokenException", + "MissingTokenTypeException", + "MismatchingStateException", + "ClientMixin", + "AuthorizationCodeMixin", + "TokenMixin", + "ClientAuthentication", + "AuthorizationServer", + "ResourceProtector", + "TokenValidator", + "TokenEndpoint", + "BaseGrant", + "AuthorizationEndpointMixin", + "TokenEndpointMixin", + "AuthorizationCodeGrant", + "ImplicitGrant", + "ResourceOwnerPasswordCredentialsGrant", + "ClientCredentialsGrant", + "RefreshTokenGrant", + "scope_to_list", + "list_to_scope", +] diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/authenticate_client.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/authenticate_client.pyi new file mode 100644 index 000000000000..01af6828efd2 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/authenticate_client.pyi @@ -0,0 +1,13 @@ +from collections.abc import Callable, Collection + +from authlib.oauth2 import OAuth2Request +from authlib.oauth2.rfc6749 import ClientMixin + +__all__ = ["ClientAuthentication"] + +class ClientAuthentication: + query_client: Callable[[str], ClientMixin] + def __init__(self, query_client: Callable[[str], ClientMixin]) -> None: ... + def register(self, method: str, func: Callable[[Callable[[str], ClientMixin], OAuth2Request], ClientMixin]) -> None: ... + def authenticate(self, request: OAuth2Request, methods: Collection[str], endpoint: str) -> ClientMixin: ... + def __call__(self, request: OAuth2Request, methods: Collection[str], endpoint: str = "token") -> ClientMixin: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi new file mode 100644 index 000000000000..69c1d6ee50dd --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi @@ -0,0 +1,46 @@ +from _typeshed import Incomplete +from collections.abc import Callable, Collection, Mapping +from typing_extensions import TypeAlias + +from authlib.oauth2 import JsonRequest, OAuth2Error, OAuth2Request +from authlib.oauth2.rfc6749 import BaseGrant, ClientMixin +from authlib.oauth2.rfc6750 import BearerTokenGenerator + +_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]] + +class AuthorizationServer: + scopes_supported: Collection[str] | None + def __init__(self, scopes_supported: Collection[str] | None = None) -> None: ... + def query_client(self, client_id: str) -> ClientMixin: ... + def save_token(self, token: dict[str, str | int], request: OAuth2Request) -> None: ... + def generate_token( + self, + grant_type: str, + client: ClientMixin, + user: Incomplete | None = None, + scope: str | None = None, + expires_in: int | None = None, + include_refresh_token: bool = True, + ) -> dict[str, str | int]: ... + def register_token_generator(self, grant_type: str, func: BearerTokenGenerator) -> None: ... + def authenticate_client(self, request: OAuth2Request, methods: Collection[str], endpoint: str = "token") -> ClientMixin: ... + def register_client_auth_method(self, method, func) -> None: ... + def get_error_uri(self, request, error) -> None: ... + def send_signal(self, name, *args: object, **kwargs: object) -> None: ... + def create_oauth2_request(self, request) -> OAuth2Request: ... + def create_json_request(self, request) -> JsonRequest: ... + def handle_response(self, status: int, body: Mapping[str, object], headers: Mapping[str, str]) -> object: ... + def validate_requested_scope(self, scope: str, state: str | None = None) -> None: ... + def register_grant( + self, grant_cls: type[BaseGrant], extensions: Collection[Callable[[BaseGrant], None]] | None = None + ) -> None: ... + def register_endpoint(self, endpoint) -> None: ... + def get_authorization_grant(self, request: OAuth2Request) -> BaseGrant: ... + def get_consent_grant(self, request: Incomplete | None = None, end_user: Incomplete | None = None): ... + def get_token_grant(self, request: OAuth2Request) -> BaseGrant: ... + def create_endpoint_response(self, name, request: Incomplete | None = None): ... + def create_authorization_response( + self, request: Incomplete | None = None, grant_user: Incomplete | None = None + ) -> object: ... + def create_token_response(self, request: Incomplete | None = None) -> _ServerResponse: ... + def handle_error_response(self, request: OAuth2Request, error: OAuth2Error) -> object: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi new file mode 100644 index 000000000000..c5be5e1368dc --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi @@ -0,0 +1,92 @@ +from _typeshed import Incomplete + +from authlib.oauth2 import OAuth2Error as OAuth2Error + +__all__ = [ + "OAuth2Error", + "InsecureTransportError", + "InvalidRequestError", + "InvalidClientError", + "UnauthorizedClientError", + "InvalidGrantError", + "UnsupportedResponseTypeError", + "UnsupportedGrantTypeError", + "InvalidScopeError", + "AccessDeniedError", + "MissingAuthorizationError", + "UnsupportedTokenTypeError", + "MissingCodeException", + "MissingTokenException", + "MissingTokenTypeException", + "MismatchingStateException", +] + +class InsecureTransportError(OAuth2Error): + error: str + description: str + @classmethod + def check(cls, uri) -> None: ... + +class InvalidRequestError(OAuth2Error): + error: str + +class InvalidClientError(OAuth2Error): + error: str + status_code: int + def get_headers(self): ... + +class InvalidGrantError(OAuth2Error): + error: str + +class UnauthorizedClientError(OAuth2Error): + error: str + +class UnsupportedResponseTypeError(OAuth2Error): + error: str + response_type: Incomplete + def __init__(self, response_type) -> None: ... + def get_error_description(self): ... + +class UnsupportedGrantTypeError(OAuth2Error): + error: str + grant_type: Incomplete + def __init__(self, grant_type) -> None: ... + def get_error_description(self): ... + +class InvalidScopeError(OAuth2Error): + error: str + description: str + +class AccessDeniedError(OAuth2Error): + error: str + description: str + +class ForbiddenError(OAuth2Error): + status_code: int + auth_type: Incomplete + realm: Incomplete + def __init__(self, auth_type: Incomplete | None = None, realm: Incomplete | None = None) -> None: ... + def get_headers(self): ... + +class MissingAuthorizationError(ForbiddenError): + error: str + description: str + +class UnsupportedTokenTypeError(ForbiddenError): + error: str + +class MissingCodeException(OAuth2Error): + error: str + description: str + +class MissingTokenException(OAuth2Error): + error: str + description: str + +class MissingTokenTypeException(OAuth2Error): + error: str + description: str + +class MismatchingStateException(OAuth2Error): + error: str + description: str diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/__init__.pyi new file mode 100644 index 000000000000..b0300118a192 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/__init__.pyi @@ -0,0 +1,21 @@ +from .authorization_code import AuthorizationCodeGrant as AuthorizationCodeGrant +from .base import ( + AuthorizationEndpointMixin as AuthorizationEndpointMixin, + BaseGrant as BaseGrant, + TokenEndpointMixin as TokenEndpointMixin, +) +from .client_credentials import ClientCredentialsGrant as ClientCredentialsGrant +from .implicit import ImplicitGrant as ImplicitGrant +from .refresh_token import RefreshTokenGrant as RefreshTokenGrant +from .resource_owner_password_credentials import ResourceOwnerPasswordCredentialsGrant as ResourceOwnerPasswordCredentialsGrant + +__all__ = [ + "BaseGrant", + "AuthorizationEndpointMixin", + "TokenEndpointMixin", + "AuthorizationCodeGrant", + "ImplicitGrant", + "ResourceOwnerPasswordCredentialsGrant", + "ClientCredentialsGrant", + "RefreshTokenGrant", +] diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/authorization_code.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/authorization_code.pyi new file mode 100644 index 000000000000..5db449f98a86 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/authorization_code.pyi @@ -0,0 +1,24 @@ +from collections.abc import Collection +from typing_extensions import TypeAlias + +from authlib.oauth2 import OAuth2Request +from authlib.oauth2.rfc6749 import AuthorizationEndpointMixin, BaseGrant, ClientMixin, TokenEndpointMixin + +_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]] + +class AuthorizationCodeGrant(BaseGrant, AuthorizationEndpointMixin, TokenEndpointMixin): + TOKEN_ENDPOINT_AUTH_METHODS: Collection[str] + AUTHORIZATION_CODE_LENGTH: int + RESPONSE_TYPES: Collection[str] + GRANT_TYPE: str + def validate_authorization_request(self) -> str: ... + def create_authorization_response(self, redirect_uri: str, grant_user) -> _ServerResponse: ... + def validate_token_request(self) -> None: ... + def create_token_response(self) -> _ServerResponse: ... + def generate_authorization_code(self) -> str: ... + def save_authorization_code(self, code: str, request: OAuth2Request) -> None: ... + def query_authorization_code(self, code: str, client: ClientMixin): ... + def delete_authorization_code(self, authorization_code) -> None: ... + def authenticate_user(self, authorization_code): ... + +def validate_code_authorization_request(grant: AuthorizationCodeGrant) -> str: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi new file mode 100644 index 000000000000..5aea41fe8096 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi @@ -0,0 +1,55 @@ +from _typeshed import Incomplete +from collections.abc import Callable, Collection +from typing_extensions import TypeAlias + +from authlib.oauth2 import OAuth2Request +from authlib.oauth2.rfc6749 import ClientMixin + +_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]] + +class BaseGrant: + TOKEN_ENDPOINT_AUTH_METHODS: Collection[str] + GRANT_TYPE: str | None + TOKEN_RESPONSE_HEADER: Collection[tuple[str, str]] + prompt: Incomplete + redirect_uri: Incomplete + request: OAuth2Request + server: Incomplete + def __init__(self, request: OAuth2Request, server) -> None: ... + @property + def client(self): ... + def generate_token( + self, + user: Incomplete | None = None, + scope: str | None = None, + grant_type: str | None = None, + expires_in: int | None = None, + include_refresh_token: bool = True, + ) -> dict[str, str | int]: ... + def authenticate_token_endpoint_client(self) -> ClientMixin: ... + def save_token(self, token): ... + def validate_requested_scope(self) -> None: ... + def register_hook(self, hook_type: str, hook: Callable[..., Incomplete]) -> None: ... + def execute_hook(self, hook_type: str, *args: object, **kwargs: object) -> None: ... + +class TokenEndpointMixin: + TOKEN_ENDPOINT_HTTP_METHODS: Incomplete + GRANT_TYPE: Incomplete + @classmethod + def check_token_endpoint(cls, request: OAuth2Request): ... + def validate_token_request(self) -> None: ... + def create_token_response(self) -> _ServerResponse: ... + +class AuthorizationEndpointMixin: + RESPONSE_TYPES: Collection[str] + ERROR_RESPONSE_FRAGMENT: bool + @classmethod + def check_authorization_endpoint(cls, request: OAuth2Request) -> bool: ... + @staticmethod + def validate_authorization_redirect_uri(request: OAuth2Request, client: ClientMixin) -> str: ... + @staticmethod + def validate_no_multiple_request_parameter(request: OAuth2Request): ... + redirect_uri: Incomplete + def validate_consent_request(self) -> None: ... + def validate_authorization_request(self) -> str: ... + def create_authorization_response(self, redirect_uri: str, grant_user) -> _ServerResponse: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/client_credentials.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/client_credentials.pyi new file mode 100644 index 000000000000..b7f090ef5d63 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/client_credentials.pyi @@ -0,0 +1,6 @@ +from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin + +class ClientCredentialsGrant(BaseGrant, TokenEndpointMixin): + GRANT_TYPE: str + def validate_token_request(self) -> None: ... + def create_token_response(self): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/implicit.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/implicit.pyi new file mode 100644 index 000000000000..b106bf654967 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/implicit.pyi @@ -0,0 +1,12 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc6749 import AuthorizationEndpointMixin, BaseGrant + +class ImplicitGrant(BaseGrant, AuthorizationEndpointMixin): + AUTHORIZATION_ENDPOINT: bool + TOKEN_ENDPOINT_AUTH_METHODS: Incomplete + RESPONSE_TYPES: Incomplete + GRANT_TYPE: str + ERROR_RESPONSE_FRAGMENT: bool + def validate_authorization_request(self): ... + def create_authorization_response(self, redirect_uri, grant_user): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/refresh_token.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/refresh_token.pyi new file mode 100644 index 000000000000..9d23ebed4089 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/refresh_token.pyi @@ -0,0 +1,15 @@ +from typing_extensions import TypeAlias + +from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin, TokenMixin + +_ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]] + +class RefreshTokenGrant(BaseGrant, TokenEndpointMixin): + GRANT_TYPE: str + INCLUDE_NEW_REFRESH_TOKEN: bool + def validate_token_request(self) -> None: ... + def create_token_response(self) -> _ServerResponse: ... + def issue_token(self, user, refresh_token: TokenMixin) -> dict[str, str | int]: ... + def authenticate_refresh_token(self, refresh_token: str) -> TokenMixin: ... + def authenticate_user(self, refresh_token): ... + def revoke_old_credential(self, refresh_token: TokenMixin) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/grants/resource_owner_password_credentials.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/grants/resource_owner_password_credentials.pyi new file mode 100644 index 000000000000..4637a8064e21 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/grants/resource_owner_password_credentials.pyi @@ -0,0 +1,7 @@ +from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin + +class ResourceOwnerPasswordCredentialsGrant(BaseGrant, TokenEndpointMixin): + GRANT_TYPE: str + def validate_token_request(self) -> None: ... + def create_token_response(self): ... + def authenticate_user(self, username, password) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/models.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/models.pyi new file mode 100644 index 000000000000..87649d102cef --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/models.pyi @@ -0,0 +1,22 @@ +from collections.abc import Collection + +class ClientMixin: + def get_client_id(self) -> str: ... + def get_default_redirect_uri(self) -> str: ... + def get_allowed_scope(self, scope: Collection[str] | str) -> str: ... + def check_redirect_uri(self, redirect_uri: str) -> bool: ... + def check_client_secret(self, client_secret: str) -> bool: ... + def check_endpoint_auth_method(self, method: str, endpoint: str) -> bool: ... + def check_response_type(self, response_type: str) -> bool: ... + def check_grant_type(self, grant_type: str) -> bool: ... + +class AuthorizationCodeMixin: + def get_redirect_uri(self) -> str: ... + def get_scope(self) -> str: ... + +class TokenMixin: + def check_client(self, client) -> bool: ... + def get_scope(self) -> str: ... + def get_expires_in(self) -> int: ... + def is_expired(self) -> bool: ... + def is_revoked(self) -> bool: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/parameters.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/parameters.pyi new file mode 100644 index 000000000000..2ee2fd5361ea --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/parameters.pyi @@ -0,0 +1,14 @@ +from _typeshed import Incomplete + +def prepare_grant_uri( + uri, + client_id, + response_type, + redirect_uri: Incomplete | None = None, + scope: Incomplete | None = None, + state: Incomplete | None = None, + **kwargs, +): ... +def prepare_token_request(grant_type, body: str = "", redirect_uri: Incomplete | None = None, **kwargs): ... +def parse_authorization_code_response(uri, state: Incomplete | None = None): ... +def parse_implicit_response(uri, state: Incomplete | None = None): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi new file mode 100644 index 000000000000..505c61e06802 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/requests.pyi @@ -0,0 +1,48 @@ +from _typeshed import Incomplete +from collections.abc import Mapping + +from authlib.oauth2.rfc6749 import ClientMixin + +class OAuth2Request: + method: str + uri: str + body: Mapping[str, str] | None + headers: Mapping[str, str] | None + client: ClientMixin | None + auth_method: str | None + user: Incomplete | None + authorization_code: Incomplete | None + refresh_token: Incomplete | None + credential: Incomplete | None + def __init__( + self, method: str, uri: str, body: Mapping[str, str] | None = None, headers: Mapping[str, str] | None = None + ) -> None: ... + @property + def args(self) -> dict[str, str | None]: ... + @property + def form(self) -> dict[str, str]: ... + @property + def data(self) -> dict[str, str]: ... + @property + def datalist(self) -> dict[str, list[Incomplete]]: ... + @property + def client_id(self) -> str: ... + @property + def response_type(self) -> str: ... + @property + def grant_type(self) -> str: ... + @property + def redirect_uri(self) -> str: ... + @property + def scope(self) -> str: ... + @property + def state(self) -> str | None: ... + +class JsonRequest: + method: Incomplete + uri: Incomplete + body: Incomplete + headers: Incomplete + def __init__(self, method, uri, body: Incomplete | None = None, headers: Incomplete | None = None) -> None: ... + @property + def data(self): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/resource_protector.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/resource_protector.pyi new file mode 100644 index 000000000000..27ab2765730a --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/resource_protector.pyi @@ -0,0 +1,19 @@ +from _typeshed import Incomplete + +class TokenValidator: + TOKEN_TYPE: str + realm: Incomplete + extra_attributes: Incomplete + def __init__(self, realm: Incomplete | None = None, **extra_attributes) -> None: ... + @staticmethod + def scope_insufficient(token_scopes, required_scopes): ... + def authenticate_token(self, token_string) -> None: ... + def validate_request(self, request) -> None: ... + def validate_token(self, token, scopes, request) -> None: ... + +class ResourceProtector: + def __init__(self) -> None: ... + def register_token_validator(self, validator: TokenValidator): ... + def get_token_validator(self, token_type): ... + def parse_request_authorization(self, request): ... + def validate_request(self, scopes, request, **kwargs): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi new file mode 100644 index 000000000000..72fcae8f9f73 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/token_endpoint.pyi @@ -0,0 +1,13 @@ +from _typeshed import Incomplete + +class TokenEndpoint: + ENDPOINT_NAME: Incomplete + SUPPORTED_TOKEN_TYPES: Incomplete + CLIENT_AUTH_METHODS: Incomplete + server: Incomplete + def __init__(self, server) -> None: ... + def __call__(self, request): ... + def create_endpoint_request(self, request): ... + def authenticate_endpoint_client(self, request): ... + def authenticate_token(self, request, client) -> None: ... + def create_endpoint_response(self, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/util.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/util.pyi new file mode 100644 index 000000000000..89ba8a33c9b1 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/util.pyi @@ -0,0 +1,5 @@ +from collections.abc import Collection + +def list_to_scope(scope: Collection[str] | str | None) -> str: ... +def scope_to_list(scope: Collection[str] | str | None) -> list[str]: ... +def extract_basic_authorization(headers: dict[str, str]) -> tuple[str, str]: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6749/wrappers.pyi b/stubs/Authlib/authlib/oauth2/rfc6749/wrappers.pyi new file mode 100644 index 000000000000..54a40f05a1f7 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6749/wrappers.pyi @@ -0,0 +1,5 @@ +class OAuth2Token(dict[str, object]): + def __init__(self, params) -> None: ... + def is_expired(self, leeway: int = 60): ... + @classmethod + def from_dict(cls, token): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6750/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc6750/__init__.pyi new file mode 100644 index 000000000000..5c9b3d97670c --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6750/__init__.pyi @@ -0,0 +1,15 @@ +from .errors import InsufficientScopeError as InsufficientScopeError, InvalidTokenError as InvalidTokenError +from .parameters import add_bearer_token as add_bearer_token +from .token import BearerTokenGenerator as BearerTokenGenerator +from .validator import BearerTokenValidator as BearerTokenValidator + +__all__ = [ + "InvalidTokenError", + "InsufficientScopeError", + "add_bearer_token", + "BearerToken", + "BearerTokenGenerator", + "BearerTokenValidator", +] + +BearerToken = BearerTokenGenerator diff --git a/stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi b/stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi new file mode 100644 index 000000000000..2c4fdca5115a --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6750/errors.pyi @@ -0,0 +1,27 @@ +from _typeshed import Incomplete + +from authlib.oauth2 import OAuth2Error + +__all__ = ["InvalidTokenError", "InsufficientScopeError"] + +class InvalidTokenError(OAuth2Error): + error: str + description: str + status_code: int + realm: Incomplete + extra_attributes: Incomplete + def __init__( + self, + description: Incomplete | None = None, + uri: Incomplete | None = None, + status_code: Incomplete | None = None, + state: Incomplete | None = None, + realm: Incomplete | None = None, + **extra_attributes, + ) -> None: ... + def get_headers(self): ... + +class InsufficientScopeError(OAuth2Error): + error: str + description: str + status_code: int diff --git a/stubs/Authlib/authlib/oauth2/rfc6750/parameters.pyi b/stubs/Authlib/authlib/oauth2/rfc6750/parameters.pyi new file mode 100644 index 000000000000..de547a8a9797 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6750/parameters.pyi @@ -0,0 +1,6 @@ +from _typeshed import Incomplete + +def add_to_uri(token, uri): ... +def add_to_headers(token, headers: Incomplete | None = None): ... +def add_to_body(token, body: Incomplete | None = None): ... +def add_bearer_token(token, uri, headers, body, placement: str = "header"): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6750/token.pyi b/stubs/Authlib/authlib/oauth2/rfc6750/token.pyi new file mode 100644 index 000000000000..44955fba002a --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6750/token.pyi @@ -0,0 +1,41 @@ +from _typeshed import Incomplete +from collections.abc import Callable +from typing import Protocol + +from authlib.oauth2.rfc6749 import ClientMixin + +class _TokenGenerator(Protocol): + def __call__(self, *, client: ClientMixin, grant_type: str, user, scope: str) -> str: ... + +class BearerTokenGenerator: + DEFAULT_EXPIRES_IN: int + GRANT_TYPES_EXPIRES_IN: dict[str, int] + access_token_generator: _TokenGenerator + refresh_token_generator: _TokenGenerator + expires_generator: Callable[[ClientMixin, str], int] + def __init__( + self, + access_token_generator: _TokenGenerator, + refresh_token_generator: _TokenGenerator | None = None, + expires_generator: Callable[[ClientMixin, str], int] | None = None, + ) -> None: ... + @staticmethod + def get_allowed_scope(client: ClientMixin, scope: str) -> str: ... + def generate( + self, + grant_type: str, + client: ClientMixin, + user: Incomplete | None = None, + scope: str | None = None, + expires_in: int | None = None, + include_refresh_token: bool = True, + ) -> dict[str, str | int]: ... + def __call__( + self, + grant_type: str, + client: ClientMixin, + user: Incomplete | None = None, + scope: str | None = None, + expires_in: int | None = None, + include_refresh_token: bool = True, + ) -> dict[str, str | int]: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc6750/validator.pyi b/stubs/Authlib/authlib/oauth2/rfc6750/validator.pyi new file mode 100644 index 000000000000..19686a94113d --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc6750/validator.pyi @@ -0,0 +1,6 @@ +from authlib.oauth2.rfc6749 import TokenValidator + +class BearerTokenValidator(TokenValidator): + TOKEN_TYPE: str + def authenticate_token(self, token_string) -> None: ... + def validate_token(self, token, scopes, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7009/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc7009/__init__.pyi new file mode 100644 index 000000000000..845277693e1f --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7009/__init__.pyi @@ -0,0 +1,4 @@ +from .parameters import prepare_revoke_token_request as prepare_revoke_token_request +from .revocation import RevocationEndpoint as RevocationEndpoint + +__all__ = ["prepare_revoke_token_request", "RevocationEndpoint"] diff --git a/stubs/Authlib/authlib/oauth2/rfc7009/parameters.pyi b/stubs/Authlib/authlib/oauth2/rfc7009/parameters.pyi new file mode 100644 index 000000000000..75b11c378ffa --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7009/parameters.pyi @@ -0,0 +1,5 @@ +from _typeshed import Incomplete + +def prepare_revoke_token_request( + token, token_type_hint: Incomplete | None = None, body: Incomplete | None = None, headers: Incomplete | None = None +): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7009/revocation.pyi b/stubs/Authlib/authlib/oauth2/rfc7009/revocation.pyi new file mode 100644 index 000000000000..93e53aedc7f8 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7009/revocation.pyi @@ -0,0 +1,9 @@ +from authlib.oauth2.rfc6749 import TokenEndpoint + +class RevocationEndpoint(TokenEndpoint): + ENDPOINT_NAME: str + def authenticate_token(self, request, client): ... + def check_params(self, request, client) -> None: ... + def create_endpoint_response(self, request): ... + def query_token(self, token_string, token_type_hint) -> None: ... + def revoke_token(self, token, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7521/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc7521/__init__.pyi new file mode 100644 index 000000000000..5c15a9779df8 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7521/__init__.pyi @@ -0,0 +1,3 @@ +from .client import AssertionClient as AssertionClient + +__all__ = ["AssertionClient"] diff --git a/stubs/Authlib/authlib/oauth2/rfc7521/client.pyi b/stubs/Authlib/authlib/oauth2/rfc7521/client.pyi new file mode 100644 index 000000000000..e2be7fece77f --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7521/client.pyi @@ -0,0 +1,39 @@ +from _typeshed import Incomplete + +from authlib.oauth2 import OAuth2Error + +class AssertionClient: + DEFAULT_GRANT_TYPE: Incomplete + ASSERTION_METHODS: Incomplete + token_auth_class: Incomplete + oauth_error_class = OAuth2Error + session: Incomplete + token_endpoint: Incomplete + grant_type: Incomplete + issuer: Incomplete + subject: Incomplete + audience: Incomplete + claims: Incomplete + scope: Incomplete + token_auth: Incomplete + leeway: Incomplete + def __init__( + self, + session, + token_endpoint, + issuer, + subject, + audience: Incomplete | None = None, + grant_type: Incomplete | None = None, + claims: Incomplete | None = None, + token_placement: str = "header", + scope: Incomplete | None = None, + leeway: int = 60, + **kwargs, + ) -> None: ... + @property + def token(self): ... + @token.setter + def token(self, token) -> None: ... + def refresh_token(self): ... + def parse_response_token(self, resp): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/__init__.pyi new file mode 100644 index 000000000000..693cfd64285d --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7523/__init__.pyi @@ -0,0 +1,18 @@ +from .assertion import client_secret_jwt_sign as client_secret_jwt_sign, private_key_jwt_sign as private_key_jwt_sign +from .auth import ClientSecretJWT as ClientSecretJWT, PrivateKeyJWT as PrivateKeyJWT +from .client import JWTBearerClientAssertion as JWTBearerClientAssertion +from .jwt_bearer import JWTBearerGrant as JWTBearerGrant +from .token import JWTBearerTokenGenerator as JWTBearerTokenGenerator +from .validator import JWTBearerToken as JWTBearerToken, JWTBearerTokenValidator as JWTBearerTokenValidator + +__all__ = [ + "JWTBearerGrant", + "JWTBearerClientAssertion", + "client_secret_jwt_sign", + "private_key_jwt_sign", + "ClientSecretJWT", + "PrivateKeyJWT", + "JWTBearerToken", + "JWTBearerTokenGenerator", + "JWTBearerTokenValidator", +] diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/assertion.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/assertion.pyi new file mode 100644 index 000000000000..059422d8da34 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7523/assertion.pyi @@ -0,0 +1,19 @@ +from _typeshed import Incomplete + +def sign_jwt_bearer_assertion( + key, + issuer, + audience, + subject: Incomplete | None = None, + issued_at: Incomplete | None = None, + expires_at: Incomplete | None = None, + claims: Incomplete | None = None, + header: Incomplete | None = None, + **kwargs, +): ... +def client_secret_jwt_sign( + client_secret, client_id, token_endpoint, alg: str = "HS256", claims: Incomplete | None = None, **kwargs +): ... +def private_key_jwt_sign( + private_key, client_id, token_endpoint, alg: str = "RS256", claims: Incomplete | None = None, **kwargs +): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi new file mode 100644 index 000000000000..d346c96f2210 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7523/auth.pyi @@ -0,0 +1,22 @@ +from _typeshed import Incomplete + +class ClientSecretJWT: + name: str + alg: str + token_endpoint: Incomplete + claims: Incomplete + headers: Incomplete + def __init__( + self, + token_endpoint: Incomplete | None = None, + claims: Incomplete | None = None, + headers: Incomplete | None = None, + alg: Incomplete | None = None, + ) -> None: ... + def sign(self, auth, token_endpoint): ... + def __call__(self, auth, method, uri, headers, body): ... + +class PrivateKeyJWT(ClientSecretJWT): + name: str + alg: str + def sign(self, auth, token_endpoint): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi new file mode 100644 index 000000000000..7e5d18b6c823 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7523/client.pyi @@ -0,0 +1,16 @@ +from _typeshed import Incomplete + +ASSERTION_TYPE: str + +class JWTBearerClientAssertion: + CLIENT_ASSERTION_TYPE = ASSERTION_TYPE + CLIENT_AUTH_METHOD: str + token_url: Incomplete + def __init__(self, token_url, validate_jti: bool = True) -> None: ... + def __call__(self, query_client, request): ... + def create_claims_options(self): ... + def process_assertion_claims(self, assertion, resolve_key): ... + def authenticate_client(self, client): ... + def create_resolve_key_func(self, query_client, request): ... + def validate_jti(self, claims, jti) -> None: ... + def resolve_client_public_key(self, client, headers) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/jwt_bearer.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/jwt_bearer.pyi new file mode 100644 index 000000000000..b78a2f639904 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7523/jwt_bearer.pyi @@ -0,0 +1,28 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin + +JWT_BEARER_GRANT_TYPE: str + +class JWTBearerGrant(BaseGrant, TokenEndpointMixin): + GRANT_TYPE = JWT_BEARER_GRANT_TYPE + CLAIMS_OPTIONS: Incomplete + @staticmethod + def sign( + key, + issuer, + audience, + subject: Incomplete | None = None, + issued_at: Incomplete | None = None, + expires_at: Incomplete | None = None, + claims: Incomplete | None = None, + **kwargs, + ): ... + def process_assertion_claims(self, assertion): ... + def resolve_public_key(self, headers, payload): ... + def validate_token_request(self) -> None: ... + def create_token_response(self): ... + def resolve_issuer_client(self, issuer) -> None: ... + def resolve_client_key(self, client, headers, payload) -> None: ... + def authenticate_user(self, subject) -> None: ... + def has_granted_permission(self, client, user) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/token.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/token.pyi new file mode 100644 index 000000000000..d505d608fb82 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7523/token.pyi @@ -0,0 +1,30 @@ +from _typeshed import Incomplete + +class JWTBearerTokenGenerator: + DEFAULT_EXPIRES_IN: int + secret_key: Incomplete + issuer: Incomplete + alg: Incomplete + def __init__(self, secret_key, issuer: Incomplete | None = None, alg: str = "RS256") -> None: ... + @staticmethod + def get_allowed_scope(client, scope): ... + @staticmethod + def get_sub_value(user): ... + def get_token_data(self, grant_type, client, expires_in, user: Incomplete | None = None, scope: Incomplete | None = None): ... + def generate( + self, + grant_type, + client, + user: Incomplete | None = None, + scope: Incomplete | None = None, + expires_in: Incomplete | None = None, + ): ... + def __call__( + self, + grant_type, + client, + user: Incomplete | None = None, + scope: Incomplete | None = None, + expires_in: Incomplete | None = None, + include_refresh_token: bool = True, + ): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7523/validator.pyi b/stubs/Authlib/authlib/oauth2/rfc7523/validator.pyi new file mode 100644 index 000000000000..561b7219b59e --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7523/validator.pyi @@ -0,0 +1,24 @@ +from _typeshed import Incomplete + +from authlib.jose import JWTClaims +from authlib.oauth2.rfc6749 import TokenMixin +from authlib.oauth2.rfc6750 import BearerTokenValidator + +logger: Incomplete + +class JWTBearerToken(TokenMixin, JWTClaims): + def check_client(self, client): ... + def get_scope(self): ... + def get_expires_in(self): ... + def is_expired(self): ... + def is_revoked(self): ... + +class JWTBearerTokenValidator(BearerTokenValidator): + TOKEN_TYPE: str + token_cls = JWTBearerToken + public_key: Incomplete + claims_options: Incomplete + def __init__( + self, public_key, issuer: Incomplete | None = None, realm: Incomplete | None = None, **extra_attributes + ) -> None: ... + def authenticate_token(self, token_string): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/__init__.pyi new file mode 100644 index 000000000000..5cd9f6b3ac5a --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7591/__init__.pyi @@ -0,0 +1,17 @@ +from .claims import ClientMetadataClaims as ClientMetadataClaims +from .endpoint import ClientRegistrationEndpoint as ClientRegistrationEndpoint +from .errors import ( + InvalidClientMetadataError as InvalidClientMetadataError, + InvalidRedirectURIError as InvalidRedirectURIError, + InvalidSoftwareStatementError as InvalidSoftwareStatementError, + UnapprovedSoftwareStatementError as UnapprovedSoftwareStatementError, +) + +__all__ = [ + "ClientMetadataClaims", + "ClientRegistrationEndpoint", + "InvalidRedirectURIError", + "InvalidClientMetadataError", + "InvalidSoftwareStatementError", + "UnapprovedSoftwareStatementError", +] diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi new file mode 100644 index 000000000000..8145438834dd --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7591/claims.pyi @@ -0,0 +1,22 @@ +from _typeshed import Incomplete + +from authlib.jose import BaseClaims + +class ClientMetadataClaims(BaseClaims): + REGISTERED_CLAIMS: Incomplete + def validate(self) -> None: ... + def validate_redirect_uris(self) -> None: ... + def validate_token_endpoint_auth_method(self) -> None: ... + def validate_grant_types(self) -> None: ... + def validate_response_types(self) -> None: ... + def validate_client_name(self) -> None: ... + def validate_client_uri(self) -> None: ... + def validate_logo_uri(self) -> None: ... + def validate_scope(self) -> None: ... + def validate_contacts(self) -> None: ... + def validate_tos_uri(self) -> None: ... + def validate_policy_uri(self) -> None: ... + def validate_jwks_uri(self) -> None: ... + def validate_jwks(self) -> None: ... + def validate_software_id(self) -> None: ... + def validate_software_version(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi new file mode 100644 index 000000000000..36e0bf6a2c70 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7591/endpoint.pyi @@ -0,0 +1,24 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc7591 import ClientMetadataClaims + +class ClientRegistrationEndpoint: + ENDPOINT_NAME: str + claims_class = ClientMetadataClaims + software_statement_alg_values_supported: Incomplete + server: Incomplete + def __init__(self, server) -> None: ... + def __call__(self, request): ... + def create_registration_response(self, request): ... + def extract_client_metadata(self, request): ... + def extract_software_statement(self, software_statement, request): ... + def get_claims_options(self): ... + def generate_client_info(self): ... + def generate_client_registration_info(self, client, request) -> None: ... + def create_endpoint_request(self, request): ... + def generate_client_id(self): ... + def generate_client_secret(self): ... + def get_server_metadata(self) -> None: ... + def authenticate_token(self, request) -> None: ... + def resolve_public_key(self, request) -> None: ... + def save_client(self, client_info, client_metadata, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7591/errors.pyi b/stubs/Authlib/authlib/oauth2/rfc7591/errors.pyi new file mode 100644 index 000000000000..7229ef4e6ede --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7591/errors.pyi @@ -0,0 +1,13 @@ +from authlib.oauth2 import OAuth2Error + +class InvalidRedirectURIError(OAuth2Error): + error: str + +class InvalidClientMetadataError(OAuth2Error): + error: str + +class InvalidSoftwareStatementError(OAuth2Error): + error: str + +class UnapprovedSoftwareStatementError(OAuth2Error): + error: str diff --git a/stubs/Authlib/authlib/oauth2/rfc7592/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc7592/__init__.pyi new file mode 100644 index 000000000000..e4ff814ea64e --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7592/__init__.pyi @@ -0,0 +1,3 @@ +from .endpoint import ClientConfigurationEndpoint as ClientConfigurationEndpoint + +__all__ = ["ClientConfigurationEndpoint"] diff --git a/stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi new file mode 100644 index 000000000000..e5cf2ac32311 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7592/endpoint.pyi @@ -0,0 +1,26 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc7591 import ClientMetadataClaims + +class ClientConfigurationEndpoint: + ENDPOINT_NAME: str + claims_class = ClientMetadataClaims + server: Incomplete + def __init__(self, server) -> None: ... + def __call__(self, request): ... + def create_configuration_response(self, request): ... + def create_endpoint_request(self, request): ... + def create_read_client_response(self, client, request): ... + def create_delete_client_response(self, client, request): ... + def create_update_client_response(self, client, request): ... + def extract_client_metadata(self, request): ... + def get_claims_options(self): ... + def introspect_client(self, client): ... + def generate_client_registration_info(self, client, request) -> None: ... + def authenticate_token(self, request) -> None: ... + def authenticate_client(self, request) -> None: ... + def revoke_access_token(self, token, request) -> None: ... + def check_permission(self, client, request) -> None: ... + def delete_client(self, client, request) -> None: ... + def update_client(self, client, client_metadata, request) -> None: ... + def get_server_metadata(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7636/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc7636/__init__.pyi new file mode 100644 index 000000000000..18a2be1b0e43 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7636/__init__.pyi @@ -0,0 +1,3 @@ +from .challenge import CodeChallenge as CodeChallenge, create_s256_code_challenge as create_s256_code_challenge + +__all__ = ["CodeChallenge", "create_s256_code_challenge"] diff --git a/stubs/Authlib/authlib/oauth2/rfc7636/challenge.pyi b/stubs/Authlib/authlib/oauth2/rfc7636/challenge.pyi new file mode 100644 index 000000000000..71b92213b6a2 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7636/challenge.pyi @@ -0,0 +1,20 @@ +from _typeshed import Incomplete + +CODE_VERIFIER_PATTERN: Incomplete +CODE_CHALLENGE_PATTERN: Incomplete + +def create_s256_code_challenge(code_verifier): ... +def compare_plain_code_challenge(code_verifier, code_challenge): ... +def compare_s256_code_challenge(code_verifier, code_challenge): ... + +class CodeChallenge: + DEFAULT_CODE_CHALLENGE_METHOD: str + SUPPORTED_CODE_CHALLENGE_METHOD: Incomplete + CODE_CHALLENGE_METHODS: Incomplete + required: Incomplete + def __init__(self, required: bool = True) -> None: ... + def __call__(self, grant) -> None: ... + def validate_code_challenge(self, grant) -> None: ... + def validate_code_verifier(self, grant) -> None: ... + def get_authorization_code_challenge(self, authorization_code): ... + def get_authorization_code_challenge_method(self, authorization_code): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7662/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc7662/__init__.pyi new file mode 100644 index 000000000000..8b48b0ce9476 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7662/__init__.pyi @@ -0,0 +1,5 @@ +from .introspection import IntrospectionEndpoint as IntrospectionEndpoint +from .models import IntrospectionToken as IntrospectionToken +from .token_validator import IntrospectTokenValidator as IntrospectTokenValidator + +__all__ = ["IntrospectionEndpoint", "IntrospectionToken", "IntrospectTokenValidator"] diff --git a/stubs/Authlib/authlib/oauth2/rfc7662/introspection.pyi b/stubs/Authlib/authlib/oauth2/rfc7662/introspection.pyi new file mode 100644 index 000000000000..56766e27be11 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7662/introspection.pyi @@ -0,0 +1,11 @@ +from authlib.oauth2.rfc6749 import TokenEndpoint + +class IntrospectionEndpoint(TokenEndpoint): + ENDPOINT_NAME: str + def authenticate_token(self, request, client): ... + def check_params(self, request, client) -> None: ... + def create_endpoint_response(self, request): ... + def create_introspection_payload(self, token): ... + def check_permission(self, token, client, request) -> None: ... + def query_token(self, token_string, token_type_hint) -> None: ... + def introspect_token(self, token) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7662/models.pyi b/stubs/Authlib/authlib/oauth2/rfc7662/models.pyi new file mode 100644 index 000000000000..bb583baaa4f4 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7662/models.pyi @@ -0,0 +1,8 @@ +from authlib.oauth2.rfc6749 import TokenMixin + +class IntrospectionToken(dict[str, object], TokenMixin): + def get_client_id(self): ... + def get_scope(self): ... + def get_expires_in(self): ... + def get_expires_at(self): ... + def __getattr__(self, key): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc7662/token_validator.pyi b/stubs/Authlib/authlib/oauth2/rfc7662/token_validator.pyi new file mode 100644 index 000000000000..897e7ec54881 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc7662/token_validator.pyi @@ -0,0 +1,7 @@ +from authlib.oauth2.rfc6749 import TokenValidator + +class IntrospectTokenValidator(TokenValidator): + TOKEN_TYPE: str + def introspect_token(self, token_string) -> None: ... + def authenticate_token(self, token_string): ... + def validate_token(self, token, scopes, request) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc8414/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc8414/__init__.pyi new file mode 100644 index 000000000000..b7b5b3a03967 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8414/__init__.pyi @@ -0,0 +1,4 @@ +from .models import AuthorizationServerMetadata as AuthorizationServerMetadata +from .well_known import get_well_known_url as get_well_known_url + +__all__ = ["AuthorizationServerMetadata", "get_well_known_url"] diff --git a/stubs/Authlib/authlib/oauth2/rfc8414/models.pyi b/stubs/Authlib/authlib/oauth2/rfc8414/models.pyi new file mode 100644 index 000000000000..2c3b593ae2ca --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8414/models.pyi @@ -0,0 +1,40 @@ +from _typeshed import Incomplete + +class AuthorizationServerMetadata(dict[str, object]): + REGISTRY_KEYS: Incomplete + def validate_issuer(self) -> None: ... + def validate_authorization_endpoint(self) -> None: ... + def validate_token_endpoint(self) -> None: ... + def validate_jwks_uri(self) -> None: ... + def validate_registration_endpoint(self) -> None: ... + def validate_scopes_supported(self) -> None: ... + def validate_response_types_supported(self) -> None: ... + def validate_response_modes_supported(self) -> None: ... + def validate_grant_types_supported(self) -> None: ... + def validate_token_endpoint_auth_methods_supported(self) -> None: ... + def validate_token_endpoint_auth_signing_alg_values_supported(self) -> None: ... + def validate_service_documentation(self) -> None: ... + def validate_ui_locales_supported(self) -> None: ... + def validate_op_policy_uri(self) -> None: ... + def validate_op_tos_uri(self) -> None: ... + def validate_revocation_endpoint(self) -> None: ... + def validate_revocation_endpoint_auth_methods_supported(self) -> None: ... + def validate_revocation_endpoint_auth_signing_alg_values_supported(self) -> None: ... + def validate_introspection_endpoint(self) -> None: ... + def validate_introspection_endpoint_auth_methods_supported(self) -> None: ... + def validate_introspection_endpoint_auth_signing_alg_values_supported(self) -> None: ... + def validate_code_challenge_methods_supported(self) -> None: ... + @property + def response_modes_supported(self): ... + @property + def grant_types_supported(self): ... + @property + def token_endpoint_auth_methods_supported(self): ... + @property + def revocation_endpoint_auth_methods_supported(self): ... + @property + def introspection_endpoint_auth_methods_supported(self): ... + def validate(self) -> None: ... + def __getattr__(self, key): ... + +def validate_array_value(metadata, key) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc8414/well_known.pyi b/stubs/Authlib/authlib/oauth2/rfc8414/well_known.pyi new file mode 100644 index 000000000000..9289f0d478bf --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8414/well_known.pyi @@ -0,0 +1 @@ +def get_well_known_url(issuer, external: bool = False, suffix: str = "oauth-authorization-server"): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc8628/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc8628/__init__.pyi new file mode 100644 index 000000000000..669437e26bb9 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8628/__init__.pyi @@ -0,0 +1,19 @@ +from .device_code import DEVICE_CODE_GRANT_TYPE as DEVICE_CODE_GRANT_TYPE, DeviceCodeGrant as DeviceCodeGrant +from .endpoint import DeviceAuthorizationEndpoint as DeviceAuthorizationEndpoint +from .errors import ( + AuthorizationPendingError as AuthorizationPendingError, + ExpiredTokenError as ExpiredTokenError, + SlowDownError as SlowDownError, +) +from .models import DeviceCredentialDict as DeviceCredentialDict, DeviceCredentialMixin as DeviceCredentialMixin + +__all__ = [ + "DeviceAuthorizationEndpoint", + "DeviceCodeGrant", + "DEVICE_CODE_GRANT_TYPE", + "DeviceCredentialMixin", + "DeviceCredentialDict", + "AuthorizationPendingError", + "SlowDownError", + "ExpiredTokenError", +] diff --git a/stubs/Authlib/authlib/oauth2/rfc8628/device_code.pyi b/stubs/Authlib/authlib/oauth2/rfc8628/device_code.pyi new file mode 100644 index 000000000000..931b40dd3f1f --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8628/device_code.pyi @@ -0,0 +1,15 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc6749 import BaseGrant, TokenEndpointMixin + +DEVICE_CODE_GRANT_TYPE: str + +class DeviceCodeGrant(BaseGrant, TokenEndpointMixin): + GRANT_TYPE = DEVICE_CODE_GRANT_TYPE + TOKEN_ENDPOINT_AUTH_METHODS: Incomplete + def validate_token_request(self) -> None: ... + def create_token_response(self): ... + def validate_device_credential(self, credential): ... + def query_device_credential(self, device_code) -> None: ... + def query_user_grant(self, user_code) -> None: ... + def should_slow_down(self, credential) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc8628/endpoint.pyi b/stubs/Authlib/authlib/oauth2/rfc8628/endpoint.pyi new file mode 100644 index 000000000000..5d0718e54846 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8628/endpoint.pyi @@ -0,0 +1,21 @@ +from _typeshed import Incomplete + +class DeviceAuthorizationEndpoint: + ENDPOINT_NAME: str + CLIENT_AUTH_METHODS: Incomplete + USER_CODE_TYPE: str + EXPIRES_IN: int + INTERVAL: int + server: Incomplete + def __init__(self, server) -> None: ... + def __call__(self, request): ... + def create_endpoint_request(self, request): ... + def authenticate_client(self, request): ... + def create_endpoint_response(self, request): ... + def generate_user_code(self): ... + def generate_device_code(self): ... + def get_verification_uri(self) -> None: ... + def save_device_credential(self, client_id, scope, data) -> None: ... + +def create_string_user_code(): ... +def create_digital_user_code(): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc8628/errors.pyi b/stubs/Authlib/authlib/oauth2/rfc8628/errors.pyi new file mode 100644 index 000000000000..dc3803877039 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8628/errors.pyi @@ -0,0 +1,10 @@ +from authlib.oauth2 import OAuth2Error + +class AuthorizationPendingError(OAuth2Error): + error: str + +class SlowDownError(OAuth2Error): + error: str + +class ExpiredTokenError(OAuth2Error): + error: str diff --git a/stubs/Authlib/authlib/oauth2/rfc8628/models.pyi b/stubs/Authlib/authlib/oauth2/rfc8628/models.pyi new file mode 100644 index 000000000000..7da0cca1e106 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc8628/models.pyi @@ -0,0 +1,13 @@ +class DeviceCredentialMixin: + def get_client_id(self) -> None: ... + def get_scope(self) -> None: ... + def get_user_code(self) -> None: ... + def is_expired(self) -> None: ... + +class DeviceCredentialDict(dict[str, object], DeviceCredentialMixin): + def get_client_id(self): ... + def get_scope(self): ... + def get_user_code(self): ... + def get_nonce(self): ... + def get_auth_time(self): ... + def is_expired(self): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc8693/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc8693/__init__.pyi new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/__init__.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/__init__.pyi new file mode 100644 index 000000000000..f8a3418f836d --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9068/__init__.pyi @@ -0,0 +1,6 @@ +from .introspection import JWTIntrospectionEndpoint as JWTIntrospectionEndpoint +from .revocation import JWTRevocationEndpoint as JWTRevocationEndpoint +from .token import JWTBearerTokenGenerator as JWTBearerTokenGenerator +from .token_validator import JWTBearerTokenValidator as JWTBearerTokenValidator + +__all__ = ["JWTBearerTokenGenerator", "JWTBearerTokenValidator", "JWTIntrospectionEndpoint", "JWTRevocationEndpoint"] diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi new file mode 100644 index 000000000000..405ba4c103e9 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9068/claims.pyi @@ -0,0 +1,16 @@ +from _typeshed import Incomplete + +from authlib.jose import JWTClaims + +class JWTAccessTokenClaims(JWTClaims): + REGISTERED_CLAIMS: Incomplete + def validate(self, now: Incomplete | None = None, leeway: int = 0, **kwargs) -> None: ... + def validate_typ(self) -> None: ... + def validate_client_id(self): ... + def validate_auth_time(self) -> None: ... + def validate_acr(self): ... + def validate_amr(self) -> None: ... + def validate_scope(self): ... + def validate_groups(self): ... + def validate_roles(self): ... + def validate_entitlements(self): ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/introspection.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/introspection.pyi new file mode 100644 index 000000000000..01b9140d6a18 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9068/introspection.pyi @@ -0,0 +1,13 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc7662 import IntrospectionEndpoint + +class JWTIntrospectionEndpoint(IntrospectionEndpoint): + ENDPOINT_NAME: str + issuer: Incomplete + def __init__(self, issuer, server: Incomplete | None = None, *args, **kwargs) -> None: ... + def create_endpoint_response(self, request): ... + def authenticate_token(self, request, client): ... + def create_introspection_payload(self, token): ... + def get_jwks(self) -> None: ... + def get_username(self, user_id: str) -> str: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/revocation.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/revocation.pyi new file mode 100644 index 000000000000..263a06c72d2e --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9068/revocation.pyi @@ -0,0 +1,9 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc7009 import RevocationEndpoint + +class JWTRevocationEndpoint(RevocationEndpoint): + issuer: Incomplete + def __init__(self, issuer, server: Incomplete | None = None, *args, **kwargs) -> None: ... + def authenticate_token(self, request, client) -> None: ... + def get_jwks(self) -> None: ... diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/token.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/token.pyi new file mode 100644 index 000000000000..84e438df0b66 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9068/token.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc6750 import BearerTokenGenerator + +class JWTBearerTokenGenerator(BearerTokenGenerator): + issuer: Incomplete + alg: Incomplete + def __init__( + self, + issuer, + alg: str = "RS256", + refresh_token_generator: Incomplete | None = None, + expires_generator: Incomplete | None = None, + ) -> None: ... + def get_jwks(self) -> None: ... + def get_extra_claims(self, client, grant_type, user, scope): ... + def get_audiences(self, client, user, scope) -> str | list[str]: ... + def get_acr(self, user) -> str | None: ... + def get_auth_time(self, user) -> int | None: ... + def get_amr(self, user) -> list[str] | None: ... + def get_jti(self, client, grant_type, user, scope) -> str: ... + # Override seems safe, but mypy doesn't like that it's a callabe protocol in the base + def access_token_generator(self, client, grant_type, user, scope): ... # type: ignore[override] diff --git a/stubs/Authlib/authlib/oauth2/rfc9068/token_validator.pyi b/stubs/Authlib/authlib/oauth2/rfc9068/token_validator.pyi new file mode 100644 index 000000000000..6b5a58f9ca81 --- /dev/null +++ b/stubs/Authlib/authlib/oauth2/rfc9068/token_validator.pyi @@ -0,0 +1,20 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc6750 import BearerTokenValidator + +class JWTBearerTokenValidator(BearerTokenValidator): + issuer: Incomplete + resource_server: Incomplete + def __init__(self, issuer, resource_server, *args, **kwargs) -> None: ... + def get_jwks(self) -> None: ... + def validate_iss(self, claims, iss: str) -> bool: ... + def authenticate_token(self, token_string): ... + def validate_token( + self, + token, + scopes, + request, + groups: Incomplete | None = None, + roles: Incomplete | None = None, + entitlements: Incomplete | None = None, + ) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/__init__.pyi b/stubs/Authlib/authlib/oidc/__init__.pyi new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/stubs/Authlib/authlib/oidc/core/__init__.pyi b/stubs/Authlib/authlib/oidc/core/__init__.pyi new file mode 100644 index 000000000000..00a6e700d31d --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/__init__.pyi @@ -0,0 +1,29 @@ +from .claims import ( + CodeIDToken as CodeIDToken, + HybridIDToken as HybridIDToken, + IDToken as IDToken, + ImplicitIDToken as ImplicitIDToken, + UserInfo as UserInfo, + get_claim_cls_by_response_type as get_claim_cls_by_response_type, +) +from .grants import ( + OpenIDCode as OpenIDCode, + OpenIDHybridGrant as OpenIDHybridGrant, + OpenIDImplicitGrant as OpenIDImplicitGrant, + OpenIDToken as OpenIDToken, +) +from .models import AuthorizationCodeMixin as AuthorizationCodeMixin + +__all__ = [ + "AuthorizationCodeMixin", + "IDToken", + "CodeIDToken", + "ImplicitIDToken", + "HybridIDToken", + "UserInfo", + "get_claim_cls_by_response_type", + "OpenIDToken", + "OpenIDCode", + "OpenIDHybridGrant", + "OpenIDImplicitGrant", +] diff --git a/stubs/Authlib/authlib/oidc/core/claims.pyi b/stubs/Authlib/authlib/oidc/core/claims.pyi new file mode 100644 index 000000000000..b4452f6d636d --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/claims.pyi @@ -0,0 +1,37 @@ +from _typeshed import Incomplete + +from authlib.jose import JWTClaims + +__all__ = ["IDToken", "CodeIDToken", "ImplicitIDToken", "HybridIDToken", "UserInfo", "get_claim_cls_by_response_type"] + +class IDToken(JWTClaims): + ESSENTIAL_CLAIMS: Incomplete + def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ... + def validate_auth_time(self) -> None: ... + def validate_nonce(self) -> None: ... + def validate_acr(self): ... + def validate_amr(self) -> None: ... + def validate_azp(self) -> None: ... + def validate_at_hash(self) -> None: ... + +class CodeIDToken(IDToken): + RESPONSE_TYPES: Incomplete + REGISTERED_CLAIMS: Incomplete + +class ImplicitIDToken(IDToken): + RESPONSE_TYPES: Incomplete + ESSENTIAL_CLAIMS: Incomplete + REGISTERED_CLAIMS: Incomplete + def validate_at_hash(self) -> None: ... + +class HybridIDToken(ImplicitIDToken): + RESPONSE_TYPES: Incomplete + REGISTERED_CLAIMS: Incomplete + def validate(self, now: Incomplete | None = None, leeway: int = 0) -> None: ... + def validate_c_hash(self) -> None: ... + +class UserInfo(dict[str, object]): + REGISTERED_CLAIMS: Incomplete + def __getattr__(self, key): ... + +def get_claim_cls_by_response_type(response_type): ... diff --git a/stubs/Authlib/authlib/oidc/core/errors.pyi b/stubs/Authlib/authlib/oidc/core/errors.pyi new file mode 100644 index 000000000000..a7132d25fd7a --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/errors.pyi @@ -0,0 +1,28 @@ +from authlib.oauth2 import OAuth2Error + +class InteractionRequiredError(OAuth2Error): + error: str + +class LoginRequiredError(OAuth2Error): + error: str + +class AccountSelectionRequiredError(OAuth2Error): + error: str + +class ConsentRequiredError(OAuth2Error): + error: str + +class InvalidRequestURIError(OAuth2Error): + error: str + +class InvalidRequestObjectError(OAuth2Error): + error: str + +class RequestNotSupportedError(OAuth2Error): + error: str + +class RequestURINotSupportedError(OAuth2Error): + error: str + +class RegistrationNotSupportedError(OAuth2Error): + error: str diff --git a/stubs/Authlib/authlib/oidc/core/grants/__init__.pyi b/stubs/Authlib/authlib/oidc/core/grants/__init__.pyi new file mode 100644 index 000000000000..d4bc9d9b42e7 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/grants/__init__.pyi @@ -0,0 +1,5 @@ +from .code import OpenIDCode as OpenIDCode, OpenIDToken as OpenIDToken +from .hybrid import OpenIDHybridGrant as OpenIDHybridGrant +from .implicit import OpenIDImplicitGrant as OpenIDImplicitGrant + +__all__ = ["OpenIDToken", "OpenIDCode", "OpenIDImplicitGrant", "OpenIDHybridGrant"] diff --git a/stubs/Authlib/authlib/oidc/core/grants/code.pyi b/stubs/Authlib/authlib/oidc/core/grants/code.pyi new file mode 100644 index 000000000000..3ad0e20e3b80 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/grants/code.pyi @@ -0,0 +1,17 @@ +from authlib.oauth2 import OAuth2Request +from authlib.oauth2.rfc6749 import BaseGrant +from authlib.oidc.core import UserInfo + +class OpenIDToken: + def get_jwt_config(self, grant: BaseGrant) -> dict[str, str | int]: ... + def generate_user_info(self, user, scope: str) -> UserInfo: ... + def get_audiences(self, request: OAuth2Request) -> list[str]: ... + def process_token(self, grant: BaseGrant, token: dict[str, str | int]) -> dict[str, str | int]: ... + def __call__(self, grant: BaseGrant) -> None: ... + +class OpenIDCode(OpenIDToken): + require_nonce: bool + def __init__(self, require_nonce: bool = False) -> None: ... + def exists_nonce(self, nonce: str, request: OAuth2Request) -> bool: ... + def validate_openid_authorization_request(self, grant: BaseGrant) -> None: ... + def __call__(self, grant: BaseGrant) -> None: ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/hybrid.pyi b/stubs/Authlib/authlib/oidc/core/grants/hybrid.pyi new file mode 100644 index 000000000000..c3a3a7b03def --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/grants/hybrid.pyi @@ -0,0 +1,13 @@ +from _typeshed import Incomplete + +from authlib.oidc.core import OpenIDImplicitGrant + +class OpenIDHybridGrant(OpenIDImplicitGrant): + AUTHORIZATION_CODE_LENGTH: int + RESPONSE_TYPES: Incomplete + GRANT_TYPE: str + DEFAULT_RESPONSE_MODE: str + def generate_authorization_code(self): ... + def save_authorization_code(self, code, request) -> None: ... + def validate_authorization_request(self): ... + def create_granted_params(self, grant_user): ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi b/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi new file mode 100644 index 000000000000..cc0e4dec23d4 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/grants/implicit.pyi @@ -0,0 +1,16 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc6749 import ImplicitGrant + +class OpenIDImplicitGrant(ImplicitGrant): + RESPONSE_TYPES: Incomplete + DEFAULT_RESPONSE_MODE: str + def exists_nonce(self, nonce, request) -> None: ... + def get_jwt_config(self) -> None: ... + def generate_user_info(self, user, scope) -> None: ... + def get_audiences(self, request): ... + def validate_authorization_request(self): ... + def validate_consent_request(self) -> None: ... + def create_authorization_response(self, redirect_uri, grant_user): ... + def create_granted_params(self, grant_user): ... + def process_implicit_token(self, token, code: Incomplete | None = None): ... diff --git a/stubs/Authlib/authlib/oidc/core/grants/util.pyi b/stubs/Authlib/authlib/oidc/core/grants/util.pyi new file mode 100644 index 000000000000..d93f15590e43 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/grants/util.pyi @@ -0,0 +1,18 @@ +from authlib.oidc.core import UserInfo + +def is_openid_scope(scope: str | None) -> bool: ... +def validate_request_prompt(grant, redirect_uri, redirect_fragment: bool = False): ... +def validate_nonce(request, exists_nonce, required: bool = False): ... +def generate_id_token( + token: dict[str, str | int], + user_info: UserInfo, + key: str, + iss: str, + aud: list[str], + alg: str = "RS256", + exp: int = 3600, + nonce: str | None = None, + auth_time: int | None = None, + code: str | None = None, +) -> str: ... +def create_response_mode_response(redirect_uri, params, response_mode): ... diff --git a/stubs/Authlib/authlib/oidc/core/models.pyi b/stubs/Authlib/authlib/oidc/core/models.pyi new file mode 100644 index 000000000000..f081a20b9e44 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/models.pyi @@ -0,0 +1,5 @@ +from authlib.oauth2.rfc6749 import AuthorizationCodeMixin as _AuthorizationCodeMixin + +class AuthorizationCodeMixin(_AuthorizationCodeMixin): + def get_nonce(self) -> str | None: ... + def get_auth_time(self) -> int | None: ... diff --git a/stubs/Authlib/authlib/oidc/core/util.pyi b/stubs/Authlib/authlib/oidc/core/util.pyi new file mode 100644 index 000000000000..542c8c7a316b --- /dev/null +++ b/stubs/Authlib/authlib/oidc/core/util.pyi @@ -0,0 +1 @@ +def create_half_hash(s: str, alg: str) -> str: ... diff --git a/stubs/Authlib/authlib/oidc/discovery/__init__.pyi b/stubs/Authlib/authlib/oidc/discovery/__init__.pyi new file mode 100644 index 000000000000..84d76b371134 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/discovery/__init__.pyi @@ -0,0 +1,4 @@ +from .models import OpenIDProviderMetadata as OpenIDProviderMetadata +from .well_known import get_well_known_url as get_well_known_url + +__all__ = ["OpenIDProviderMetadata", "get_well_known_url"] diff --git a/stubs/Authlib/authlib/oidc/discovery/models.pyi b/stubs/Authlib/authlib/oidc/discovery/models.pyi new file mode 100644 index 000000000000..5891822ec366 --- /dev/null +++ b/stubs/Authlib/authlib/oidc/discovery/models.pyi @@ -0,0 +1,36 @@ +from _typeshed import Incomplete + +from authlib.oauth2.rfc8414 import AuthorizationServerMetadata + +class OpenIDProviderMetadata(AuthorizationServerMetadata): + REGISTRY_KEYS: Incomplete + def validate_jwks_uri(self): ... + def validate_acr_values_supported(self) -> None: ... + def validate_subject_types_supported(self) -> None: ... + def validate_id_token_signing_alg_values_supported(self) -> None: ... + def validate_id_token_encryption_alg_values_supported(self) -> None: ... + def validate_id_token_encryption_enc_values_supported(self) -> None: ... + def validate_userinfo_signing_alg_values_supported(self) -> None: ... + def validate_userinfo_encryption_alg_values_supported(self) -> None: ... + def validate_userinfo_encryption_enc_values_supported(self) -> None: ... + def validate_request_object_signing_alg_values_supported(self) -> None: ... + def validate_request_object_encryption_alg_values_supported(self) -> None: ... + def validate_request_object_encryption_enc_values_supported(self) -> None: ... + def validate_display_values_supported(self) -> None: ... + def validate_claim_types_supported(self) -> None: ... + def validate_claims_supported(self) -> None: ... + def validate_claims_locales_supported(self) -> None: ... + def validate_claims_parameter_supported(self) -> None: ... + def validate_request_parameter_supported(self) -> None: ... + def validate_request_uri_parameter_supported(self) -> None: ... + def validate_require_request_uri_registration(self) -> None: ... + @property + def claim_types_supported(self): ... + @property + def claims_parameter_supported(self): ... + @property + def request_parameter_supported(self): ... + @property + def request_uri_parameter_supported(self): ... + @property + def require_request_uri_registration(self): ... diff --git a/stubs/Authlib/authlib/oidc/discovery/well_known.pyi b/stubs/Authlib/authlib/oidc/discovery/well_known.pyi new file mode 100644 index 000000000000..3a294ec4314f --- /dev/null +++ b/stubs/Authlib/authlib/oidc/discovery/well_known.pyi @@ -0,0 +1 @@ +def get_well_known_url(issuer, external: bool = False): ...