Bump Authlib to ~=1.6.0 (#14364)

Author: donbarbos

stubs/Authlib/@tests/stubtest_allowlist.txt

@@ -37,3 +37,31 @@ authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate
 (authlib.jose.rfc7518.jws_algs.HMACAlgorithm.SHA256)?
 (authlib.jose.rfc7518.jws_algs.HMACAlgorithm.SHA384)?
 (authlib.jose.rfc7518.jws_algs.HMACAlgorithm.SHA512)?
+
+# Methods whose *args and **kwargs arguments are added dynamically due to the @hooked decorator:
+authlib.oauth2.rfc6749.AuthorizationCodeGrant.create_token_response
+authlib.oauth2.rfc6749.AuthorizationCodeGrant.validate_token_request
+authlib.oauth2.rfc6749.AuthorizationEndpointMixin.validate_consent_request
+authlib.oauth2.rfc6749.ClientCredentialsGrant.create_token_response
+authlib.oauth2.rfc6749.ImplicitGrant.validate_authorization_request
+authlib.oauth2.rfc6749.RefreshTokenGrant.create_token_response
+authlib.oauth2.rfc6749.ResourceOwnerPasswordCredentialsGrant.create_token_response
+authlib.oauth2.rfc6749.grants.AuthorizationCodeGrant.create_token_response
+authlib.oauth2.rfc6749.grants.AuthorizationCodeGrant.validate_token_request
+authlib.oauth2.rfc6749.grants.AuthorizationEndpointMixin.validate_consent_request
+authlib.oauth2.rfc6749.grants.ClientCredentialsGrant.create_token_response
+authlib.oauth2.rfc6749.grants.ImplicitGrant.validate_authorization_request
+authlib.oauth2.rfc6749.grants.RefreshTokenGrant.create_token_response
+authlib.oauth2.rfc6749.grants.ResourceOwnerPasswordCredentialsGrant.create_token_response
+authlib.oauth2.rfc6749.grants.authorization_code.AuthorizationCodeGrant.create_token_response
+authlib.oauth2.rfc6749.grants.authorization_code.AuthorizationCodeGrant.validate_token_request
+authlib.oauth2.rfc6749.grants.base.AuthorizationEndpointMixin.validate_consent_request
+authlib.oauth2.rfc6749.grants.client_credentials.ClientCredentialsGrant.create_token_response
+authlib.oauth2.rfc6749.grants.implicit.ImplicitGrant.validate_authorization_request
+authlib.oauth2.rfc6749.grants.refresh_token.RefreshTokenGrant.create_token_response
+authlib.oauth2.rfc6749.grants.resource_owner_password_credentials.ResourceOwnerPasswordCredentialsGrant.create_token_response
+authlib.oauth2.rfc8628.DeviceCodeGrant.create_token_response
+authlib.oauth2.rfc8628.device_code.DeviceCodeGrant.create_token_response
+authlib.oidc.core.OpenIDImplicitGrant.validate_consent_request
+authlib.oidc.core.grants.OpenIDImplicitGrant.validate_consent_request
+authlib.oidc.core.grants.implicit.OpenIDImplicitGrant.validate_consent_request

stubs/Authlib/METADATA.toml

@@ -1,4 +1,4 @@
-version = "~= 1.5.2"
+version = "~= 1.6.0"
 upstream_repository = "https://github.com/lepture/authlib"
 requires = ["cryptography"]
 partial_stub = true

stubs/Authlib/authlib/deprecate.pyi

@@ -1,3 +1,5 @@
 class AuthlibDeprecationWarning(DeprecationWarning): ...
 
-def deprecate(message: str, version: str | None = None, link_uid: str | None = None, link_file: str | None = None) -> None: ...
+def deprecate(
+    message: str, version: str | None = None, link_uid: str | None = None, link_file: str | None = None, stacklevel: int = 3
+) -> None: ...

stubs/Authlib/authlib/jose/rfc7515/models.pyi

@@ -6,8 +6,8 @@ class JWSAlgorithm:
     algorithm_type: str
     algorithm_location: str
     def prepare_key(self, raw_data) -> None: ...
-    def sign(self, msg, key) -> None: ...
-    def verify(self, msg, sig, key) -> None: ...
+    def sign(self, msg, key): ...
+    def verify(self, msg, sig, key) -> bool: ...
 
 class JWSHeader(dict[str, object]):
     protected: Incomplete

stubs/Authlib/authlib/jose/rfc7518/jws_algs.pyi

@@ -8,7 +8,7 @@ class NoneAlgorithm(JWSAlgorithm):
     description: str
     def prepare_key(self, raw_data) -> None: ...
     def sign(self, msg, key): ...
-    def verify(self, msg, sig, key): ...
+    def verify(self, msg, sig, key) -> bool: ...
 
 class HMACAlgorithm(JWSAlgorithm):
     SHA256 = hashlib.sha256
@@ -20,7 +20,7 @@ class HMACAlgorithm(JWSAlgorithm):
     def __init__(self, sha_type) -> None: ...
     def prepare_key(self, raw_data): ...
     def sign(self, msg, key): ...
-    def verify(self, msg, sig, key): ...
+    def verify(self, msg, sig, key) -> bool: ...
 
 class RSAAlgorithm(JWSAlgorithm):
     SHA256: Incomplete
@@ -33,7 +33,7 @@ class RSAAlgorithm(JWSAlgorithm):
     def __init__(self, sha_type) -> None: ...
     def prepare_key(self, raw_data): ...
     def sign(self, msg, key): ...
-    def verify(self, msg, sig, key): ...
+    def verify(self, msg, sig, key) -> bool: ...
 
 class ECAlgorithm(JWSAlgorithm):
     SHA256: Incomplete
@@ -46,7 +46,7 @@ class ECAlgorithm(JWSAlgorithm):
     def __init__(self, name, curve, sha_type) -> None: ...
     def prepare_key(self, raw_data): ...
     def sign(self, msg, key): ...
-    def verify(self, msg, sig, key): ...
+    def verify(self, msg, sig, key) -> bool: ...
 
 class RSAPSSAlgorithm(JWSAlgorithm):
     SHA256: Incomplete
@@ -58,6 +58,6 @@ class RSAPSSAlgorithm(JWSAlgorithm):
     def __init__(self, sha_type) -> None: ...
     def prepare_key(self, raw_data): ...
     def sign(self, msg, key): ...
-    def verify(self, msg, sig, key): ...
+    def verify(self, msg, sig, key) -> bool: ...
 
-JWS_ALGORITHMS: Incomplete
+JWS_ALGORITHMS: list[JWSAlgorithm]

stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi

@@ -29,15 +29,22 @@ from .grants import (
     TokenEndpointMixin as TokenEndpointMixin,
 )
 from .models import AuthorizationCodeMixin as AuthorizationCodeMixin, ClientMixin as ClientMixin, TokenMixin as TokenMixin
-from .requests import JsonRequest as JsonRequest, OAuth2Request as OAuth2Request
+from .requests import (
+    JsonPayload as JsonPayload,
+    JsonRequest as JsonRequest,
+    OAuth2Payload as OAuth2Payload,
+    OAuth2Request as OAuth2Request,
+)
 from .resource_protector import ResourceProtector as ResourceProtector, TokenValidator as TokenValidator
 from .token_endpoint import TokenEndpoint as TokenEndpoint
 from .util import list_to_scope as list_to_scope, scope_to_list as scope_to_list
 from .wrappers import OAuth2Token as OAuth2Token
 
 __all__ = [
+    "OAuth2Payload",
     "OAuth2Token",
     "OAuth2Request",
+    "JsonPayload",
     "JsonRequest",
     "OAuth2Error",
     "AccessDeniedError",

stubs/Authlib/authlib/oauth2/rfc6749/authorization_server.pyi

@@ -1,13 +1,16 @@
 from collections.abc import Callable, Collection, Mapping
-from typing_extensions import TypeAlias
+from typing import overload
+from typing_extensions import TypeAlias, deprecated
 
 from authlib.oauth2 import JsonRequest, OAuth2Error, OAuth2Request
 from authlib.oauth2.rfc6749 import BaseGrant, ClientMixin
 from authlib.oauth2.rfc6750 import BearerTokenGenerator
 
+from .hooks import Hookable
+
 _ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]]
 
-class AuthorizationServer:
+class AuthorizationServer(Hookable):
     scopes_supported: Collection[str] | None
     def __init__(self, scopes_supported: Collection[str] | None = None) -> None: ...
     def query_client(self, client_id: str) -> ClientMixin: ...
@@ -24,12 +27,13 @@ class AuthorizationServer:
     def register_token_generator(self, grant_type: str, func: BearerTokenGenerator) -> None: ...
     def authenticate_client(self, request: OAuth2Request, methods: Collection[str], endpoint: str = "token") -> ClientMixin: ...
     def register_client_auth_method(self, method, func) -> None: ...
+    def register_extension(self, extension) -> None: ...
     def get_error_uri(self, request, error) -> None: ...
     def send_signal(self, name, *args: object, **kwargs: object) -> None: ...
     def create_oauth2_request(self, request) -> OAuth2Request: ...
     def create_json_request(self, request) -> JsonRequest: ...
     def handle_response(self, status: int, body: Mapping[str, object], headers: Mapping[str, str]) -> object: ...
-    def validate_requested_scope(self, scope: str, state: str | None = None) -> None: ...
+    def validate_requested_scope(self, scope: str) -> None: ...
     def register_grant(
         self, grant_cls: type[BaseGrant], extensions: Collection[Callable[[BaseGrant], None]] | None = None
     ) -> None: ...
@@ -38,6 +42,10 @@ class AuthorizationServer:
     def get_consent_grant(self, request=None, end_user=None): ...
     def get_token_grant(self, request: OAuth2Request) -> BaseGrant: ...
     def create_endpoint_response(self, name, request=None): ...
+    @overload
+    @deprecated("The 'grant' parameter will become mandatory.")
     def create_authorization_response(self, request=None, grant_user=None) -> object: ...
+    @overload
+    def create_authorization_response(self, request=None, grant_user=None, grant=None) -> object: ...
     def create_token_response(self, request=None) -> _ServerResponse: ...
     def handle_error_response(self, request: OAuth2Request, error: OAuth2Error) -> object: ...

stubs/Authlib/authlib/oauth2/rfc6749/errors.pyi

@@ -44,7 +44,17 @@ class UnauthorizedClientError(OAuth2Error):
 class UnsupportedResponseTypeError(OAuth2Error):
     error: str
     response_type: Incomplete
-    def __init__(self, response_type) -> None: ...
+    def __init__(
+        self,
+        response_type,
+        description=None,
+        uri=None,
+        status_code=None,
+        state=None,
+        redirect_uri=None,
+        redirect_fragment: bool = False,
+        error=None,
+    ) -> None: ...
     def get_error_description(self): ...
 
 class UnsupportedGrantTypeError(OAuth2Error):

stubs/Authlib/authlib/oauth2/rfc6749/grants/base.pyi

@@ -1,13 +1,15 @@
 from _typeshed import Incomplete
-from collections.abc import Callable, Collection
+from collections.abc import Collection
 from typing_extensions import TypeAlias
 
 from authlib.oauth2 import OAuth2Request
 from authlib.oauth2.rfc6749 import ClientMixin
 
+from ..hooks import Hookable
+
 _ServerResponse: TypeAlias = tuple[int, str, list[tuple[str, str]]]
 
-class BaseGrant:
+class BaseGrant(Hookable):
     TOKEN_ENDPOINT_AUTH_METHODS: Collection[str]
     GRANT_TYPE: str | None
     TOKEN_RESPONSE_HEADER: Collection[tuple[str, str]]
@@ -29,8 +31,6 @@ class BaseGrant:
     def authenticate_token_endpoint_client(self) -> ClientMixin: ...
     def save_token(self, token): ...
     def validate_requested_scope(self) -> None: ...
-    def register_hook(self, hook_type: str, hook: Callable[..., Incomplete]) -> None: ...
-    def execute_hook(self, hook_type: str, *args: object, **kwargs: object) -> None: ...
 
 class TokenEndpointMixin:
     TOKEN_ENDPOINT_HTTP_METHODS: Incomplete
@@ -49,7 +49,7 @@ class AuthorizationEndpointMixin:
     def validate_authorization_redirect_uri(request: OAuth2Request, client: ClientMixin) -> str: ...
     @staticmethod
     def validate_no_multiple_request_parameter(request: OAuth2Request): ...
-    redirect_uri: Incomplete
-    def validate_consent_request(self) -> None: ...
+    redirect_uri: str
+    def validate_consent_request(self) -> str: ...
     def validate_authorization_request(self) -> str: ...
     def create_authorization_response(self, redirect_uri: str, grant_user) -> _ServerResponse: ...

stubs/Authlib/authlib/oauth2/rfc6749/hooks.pyi

@@ -0,0 +1,8 @@
+from collections.abc import Callable
+
+class Hookable:
+    def __init__(self) -> None: ...
+    def register_hook(self, hook_type: str, hook: Callable[..., None]) -> None: ...
+    def execute_hook(self, hook_type: str, *args, **kwargs) -> None: ...
+
+def hooked(func=None, before: str | None = None, after: str | None = None): ...