Authlib 1.6.5__py2.py3-none-any.whl → 1.6.6__py2.py3-none-any.whl

authlib/__init__.py

@@ -1,4 +1,5 @@
-"""authlib.
+"""
+authlib
 ~~~~~~~
 
 The ultimate Python library in building OAuth 1.0, OAuth 2.0 and OpenID

authlib/consts.py

@@ -1,5 +1,5 @@
 name = "Authlib"
-version = "1.6.5"
+version = "1.6.6"
 author = "Hsiaoming Yang <me@lepture.com>"
 homepage = "https://authlib.org"
 default_user_agent = f"{name}/{version} (+{homepage})"

authlib/integrations/base_client/framework_integration.py

@@ -20,11 +20,9 @@ class FrameworkIntegration:
 
     def _clear_session_state(self, session):
         now = time.time()
+        prefix = f"_state_{self.name}"
         for key in dict(session):
-            if "_authlib_" in key:
-                # TODO: remove in future
-                session.pop(key)
-            elif key.startswith("_state_"):
+            if key.startswith(prefix):
                 value = session[key]
                 exp = value.get("exp")
                 if not exp or exp < now:
@@ -32,29 +30,32 @@ class FrameworkIntegration:
 
     def get_state_data(self, session, state):
         key = f"_state_{self.name}_{state}"
+        session_data = session.get(key)
+        if not session_data:
+            return None
         if self.cache:
-            value = self._get_cache_data(key)
+            cached_value = self._get_cache_data(key)
         else:
-            value = session.get(key)
-        if value:
-            return value.get("data")
+            cached_value = session_data
+        if cached_value:
+            return cached_value.get("data")
         return None
 
     def set_state_data(self, session, state, data):
         key = f"_state_{self.name}_{state}"
+        now = time.time()
         if self.cache:
             self.cache.set(key, json.dumps({"data": data}), self.expires_in)
+            session[key] = {"exp": now + self.expires_in}
         else:
-            now = time.time()
             session[key] = {"data": data, "exp": now + self.expires_in}
 
     def clear_state_data(self, session, state):
         key = f"_state_{self.name}_{state}"
         if self.cache:
             self.cache.delete(key)
-        else:
-            session.pop(key, None)
-            self._clear_session_state(session)
+        session.pop(key, None)
+        self._clear_session_state(session)
 
     def update_token(self, token, refresh_token=None, access_token=None):
         raise NotImplementedError()

authlib/oauth1/rfc5849/client_auth.py

@@ -172,6 +172,8 @@ class ClientAuth:
 
         if CONTENT_TYPE_FORM_URLENCODED in content_type:
             headers["Content-Type"] = CONTENT_TYPE_FORM_URLENCODED
+            if isinstance(body, bytes):
+                body = body.decode()
             uri, headers, body = self.sign(method, uri, headers, body)
         elif self.force_include_body:
             # To allow custom clients to work on non form encoded bodies.

authlib/oauth2/rfc6749/wrappers.py

@@ -4,15 +4,26 @@ import time
 class OAuth2Token(dict):
     def __init__(self, params):
         if params.get("expires_at"):
-            params["expires_at"] = int(params["expires_at"])
+            try:
+                params["expires_at"] = int(params["expires_at"])
+            except ValueError:
+                # If expires_at is not parseable, fall back to expires_in if available
+                # Otherwise leave expires_at untouched
+                if params.get("expires_in"):
+                    params["expires_at"] = int(time.time()) + int(params["expires_in"])
+
         elif params.get("expires_in"):
             params["expires_at"] = int(time.time()) + int(params["expires_in"])
+
         super().__init__(params)
 
     def is_expired(self, leeway=60):
         expires_at = self.get("expires_at")
         if not expires_at:
             return None
+        # Only check expiration if expires_at is an integer
+        if not isinstance(expires_at, int):
+            return None
         # small timedelta to consider token as expired before it actually expires
         expiration_threshold = expires_at - leeway
         return expiration_threshold < time.time()

authlib/oidc/core/grants/code.py

@@ -8,6 +8,7 @@ per `Section 3.1`_.
 """
 
 import logging
+import warnings
 
 from authlib.oauth2.rfc6749 import OAuth2Request
 
@@ -20,7 +21,7 @@ log = logging.getLogger(__name__)
 
 
 class OpenIDToken:
-    def get_jwt_config(self, grant):  # pragma: no cover
+    def get_jwt_config(self, grant, client):  # pragma: no cover
         """Get the JWT configuration for OpenIDCode extension. The JWT
         configuration will be used to generate ``id_token``.
         If ``alg`` is undefined, the ``id_token_signed_response_alg`` client
@@ -29,15 +30,16 @@ class OpenIDToken:
         will be used.
         Developers MUST implement this method in subclass, e.g.::
 
-            def get_jwt_config(self, grant):
+            def get_jwt_config(self, grant, client):
                 return {
                     "key": read_private_key_file(key_path),
-                    "alg": "RS256",
+                    "alg": client.id_token_signed_response_alg or "RS256",
                     "iss": "issuer-identity",
                     "exp": 3600,
                 }
 
         :param grant: AuthorizationCodeGrant instance
+        :param client: OAuth2 client instance
         :return: dict
         """
         raise NotImplementedError()
@@ -78,7 +80,17 @@ class OpenIDToken:
         request: OAuth2Request = grant.request
         authorization_code = request.authorization_code
 
-        config = self.get_jwt_config(grant)
+        try:
+            config = self.get_jwt_config(grant, request.client)
+        except TypeError:
+            warnings.warn(
+                "get_jwt_config(self, grant) is deprecated and will be removed in version 1.8. "
+                "Use get_jwt_config(self, grant, client) instead.",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            config = self.get_jwt_config(grant)
+
         config["aud"] = self.get_audiences(request)
 
         # Per OpenID Connect Registration 1.0 Section 2:

authlib/oidc/core/grants/implicit.py

@@ -1,4 +1,5 @@
 import logging
+import warnings
 
 from authlib.oauth2.rfc6749 import AccessDeniedError
 from authlib.oauth2.rfc6749 import ImplicitGrant
@@ -36,19 +37,20 @@ class OpenIDImplicitGrant(ImplicitGrant):
         """
         raise NotImplementedError()
 
-    def get_jwt_config(self):
+    def get_jwt_config(self, client):
         """Get the JWT configuration for OpenIDImplicitGrant. The JWT
         configuration will be used to generate ``id_token``. Developers
         MUST implement this method in subclass, e.g.::
 
-            def get_jwt_config(self):
+            def get_jwt_config(self, client):
                 return {
                     "key": read_private_key_file(key_path),
-                    "alg": "RS256",
+                    "alg": client.id_token_signed_response_alg or "RS256",
                     "iss": "issuer-identity",
                     "exp": 3600,
                 }
 
+        :param client: OAuth2 client instance
         :return: dict
         """
         raise NotImplementedError()
@@ -143,7 +145,17 @@ class OpenIDImplicitGrant(ImplicitGrant):
         return params
 
     def process_implicit_token(self, token, code=None):
-        config = self.get_jwt_config()
+        try:
+            config = self.get_jwt_config(self.request.client)
+        except TypeError:
+            warnings.warn(
+                "get_jwt_config(self) is deprecated and will be removed in version 1.8. "
+                "Use get_jwt_config(self, client) instead.",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            config = self.get_jwt_config()
+
         config["aud"] = self.get_audiences(self.request)
         config["nonce"] = self.request.payload.data.get("nonce")
         if code is not None:

{authlib-1.6.5.dist-info → authlib-1.6.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Authlib
-Version: 1.6.5
+Version: 1.6.6
 Summary: The ultimate Python library in building OAuth and OpenID Connect servers and clients.
 Author-email: Hsiaoming Yang <me@lepture.com>
 License: BSD-3-Clause

{authlib-1.6.5.dist-info → authlib-1.6.6.dist-info}/RECORD

@@ -1,5 +1,5 @@
-authlib/__init__.py,sha256=9F2r7k-nrTBFVDVWk0oghhIpLioCwQtt-35ppwRNfGU,487
-authlib/consts.py,sha256=9cqeotlkDe69rVuzp_CwFO01qxVvyzzzbB2UpHWEvDg,299
+authlib/__init__.py,sha256=2k6VBNbFu1ErBoHhp9Rcv9sDYrC1jWLWvfSkyq-N2AY,487
+authlib/consts.py,sha256=im8FcZYwqc9z8PZ0Car86-7IYmzKzBqPpEgqOa8JV1A,299
 authlib/deprecate.py,sha256=BaH7IdSK0WEmanyJAl7-Rpmvm6NJcez-Z03k0OYPXl0,506
 authlib/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 authlib/common/encoding.py,sha256=S80EkhVVJABStdEuZvQV1c47gQnu359fgLAFDmqLaP0,1544
@@ -11,7 +11,7 @@ authlib/integrations/base_client/__init__.py,sha256=0nRNGKgwojLqaTwnbDfXqLiEjNY9
 authlib/integrations/base_client/async_app.py,sha256=Pw3KIzxFtBG1ZXHg4hfV-D-hX0ubNU34s8bF9IHRm-g,5978
 authlib/integrations/base_client/async_openid.py,sha256=imBoGouxPu4hMwjmxCu8JMgDADZOMdpCbc_B-LSULl4,2982
 authlib/integrations/base_client/errors.py,sha256=Iniwp6d3XJ0Q3bYQcOB1tnCQhMKcYv8wLH7BAFHICAA,632
-authlib/integrations/base_client/framework_integration.py,sha256=LQFGmr0RyebVWAw1rU7cEwIYK_WiWKA00IVMxn_H5PQ,1871
+authlib/integrations/base_client/framework_integration.py,sha256=jZ9rcYLUwRANorQoJNzi7CC0NoceujnKrKSicGsiptI,1945
 authlib/integrations/base_client/registry.py,sha256=GV0IJqZzPtsJHb-tl4t38K_Yvv3q4NPvp851V_UzDxY,4313
 authlib/integrations/base_client/sync_app.py,sha256=3dWAUHefD1-3qoaWUr9w-rOwVsnJ2jB8GiKLMoYTDp4,12791
 authlib/integrations/base_client/sync_openid.py,sha256=qtUXnzSqHZZATr3BejSBdTy51QkHg_r_i7GwWilvCHo,3165
@@ -99,7 +99,7 @@ authlib/oauth1/errors.py,sha256=pg0NaUgENjfTN_ba50_yQB9aSNe5Mte5MDlikFuypBY,46
 authlib/oauth1/rfc5849/__init__.py,sha256=Ta7spUuDIW4nBxQoDOZHUZYj42hjyl2h-T7lLq2xDeM,1136
 authlib/oauth1/rfc5849/authorization_server.py,sha256=y-vDQ79-CFjCl05V9kYqTDhFdCGCMZ9wY9S66mMjmBc,13924
 authlib/oauth1/rfc5849/base_server.py,sha256=BtBnisyOWP1epfzyp9A5zvMZu3rmCJazyHk9XEtpg8w,3972
-authlib/oauth1/rfc5849/client_auth.py,sha256=ovx0Hx5LfSX6hCezFPsHupIsiP0Lc0pfy80cPuwS-0k,7079
+authlib/oauth1/rfc5849/client_auth.py,sha256=Bx0iNj4zDJ6731o6Mfpt5KX5sNhg218N_9PoTbzuAWA,7156
 authlib/oauth1/rfc5849/errors.py,sha256=iHVEoxrP0ieSjTJO2I9ThG2TvLs3XtRDssuCvu53OsY,2285
 authlib/oauth1/rfc5849/models.py,sha256=Pvh-7iKXU3zkMYq1nYbdAaxL3Vdg95cxmdaC5-KWxxg,3418
 authlib/oauth1/rfc5849/parameters.py,sha256=XpAcRz9MZjIUIs6IbthBK_fWzcL2Iy9jHUnFn3-W7zk,3532
@@ -123,7 +123,7 @@ authlib/oauth2/rfc6749/requests.py,sha256=8m2bVR9KrUGzqFRBI8aXp7h-Y3a8H6wLY5hLaj
 authlib/oauth2/rfc6749/resource_protector.py,sha256=OKXtwUVn0kgK55mIzc9mGNbfUpwoOWTxb105Td5iVPE,5404
 authlib/oauth2/rfc6749/token_endpoint.py,sha256=kxjK39EHBgeD7uvJLyoLF5DAr1ef4l31jpCt6C4gYJ0,1103
 authlib/oauth2/rfc6749/util.py,sha256=--0YfF2ZVHTVMPGKD10iPqj02WeiDhXuYttX4tRleVM,1174
-authlib/oauth2/rfc6749/wrappers.py,sha256=g59stDpzoJjE6koXlwBNdGZDMgi25SxBNeJtAmtyb4I,805
+authlib/oauth2/rfc6749/wrappers.py,sha256=DEtFYwlpabfGYbkDW6iZfeXXgua_7EGMKBlRh47idNA,1262
 authlib/oauth2/rfc6749/grants/__init__.py,sha256=7WmResYhXjt0RfzHvrh5sHOQqZURr3FphSO-dmZc9FI,1292
 authlib/oauth2/rfc6749/grants/authorization_code.py,sha256=CXp1RTezTAYI2yxMUtyW22HeuZb4Q_E1X_c6SRKc3ag,15604
 authlib/oauth2/rfc6749/grants/base.py,sha256=59YgBIEvYDoUUbGkk0A7lgLXeRnqCir1imvUV_YZqWc,5283
@@ -190,17 +190,17 @@ authlib/oidc/core/models.py,sha256=KjBcQnNJkVYnLWYeQuwb-K_DWDst78MZRLJXjqhtMtw,1
 authlib/oidc/core/userinfo.py,sha256=8r3WBd6H1JM_5IDW4l1zOkxqrWg_YTyGqDijShKxeLE,4354
 authlib/oidc/core/util.py,sha256=ihuKYlhQAVmK5SIhwxn5k_PqVB1q0Lmwl1tuwRTQuf4,502
 authlib/oidc/core/grants/__init__.py,sha256=-SjelrkrD35bnb5rIZiBpbiLxgiJtwMXHJXHr8ovQyo,243
-authlib/oidc/core/grants/code.py,sha256=GelmhPA0jj4zK-ucXL7fAwIPfnn5Znol6wJlsJeVx1A,5681
+authlib/oidc/core/grants/code.py,sha256=wnB-8XigZIpv-pgnLe2SL4R2U9XrZ3x99JIRNYOmVgI,6178
 authlib/oidc/core/grants/hybrid.py,sha256=pIWRAGFbT9d9o4OHcPE-RtjJqOuTGbaFU0lsBG5kgAw,3430
-authlib/oidc/core/grants/implicit.py,sha256=rSG0S2jrFzK1rE247DiRyabnpbGq4UE0S6nqJKrMzZo,6619
+authlib/oidc/core/grants/implicit.py,sha256=soG8ohEJ5N9qcOAsivQ89wUgVCyOo8ssgPVJ9kc9cvM,7100
 authlib/oidc/core/grants/util.py,sha256=prMt5LqyPLbsI6MQACkxOgmMK_WlS_C0I73jhJWETj4,4539
 authlib/oidc/discovery/__init__.py,sha256=rapkktd4XN0t6LeHOWFPeeKEzlF6gBHvWsTK9JPLPY0,305
 authlib/oidc/discovery/models.py,sha256=yzdWYQn-VfC48gywoxswge4tgnKb8uQ-UkjhVTClk1E,12442
 authlib/oidc/discovery/well_known.py,sha256=ry1VHxCmwvjmlMxOFEbSC6FsE_ttijyRcn2xUpv2CaU,574
 authlib/oidc/registration/__init__.py,sha256=lV_Og-DMFKzWWYsdK04oF83xKUGTE2gQhikPPsOdW84,77
 authlib/oidc/registration/claims.py,sha256=K7Ft8GDXkVrjJrc53Ihkhn2SVN4pvEf3qiHOkzVOJ7g,17264
-authlib-1.6.5.dist-info/licenses/LICENSE,sha256=jhtIUY3pxs0Ay0jH_luAI_2Q1VUsoS6-c2Kg3zDdvkU,1514
-authlib-1.6.5.dist-info/METADATA,sha256=JSpi4anvkVQ9zL3GuZR4mvuto9yjFI39uhUnGfKGwdY,9845
-authlib-1.6.5.dist-info/WHEEL,sha256=JNWh1Fm1UdwIQV075glCn4MVuCRs0sotJIq-J6rbxCU,109
-authlib-1.6.5.dist-info/top_level.txt,sha256=Rj3mJn0jhRuCs6x7ysI6hYE2PePbuxey6y6jswadAEY,8
-authlib-1.6.5.dist-info/RECORD,,
+authlib-1.6.6.dist-info/licenses/LICENSE,sha256=jhtIUY3pxs0Ay0jH_luAI_2Q1VUsoS6-c2Kg3zDdvkU,1514
+authlib-1.6.6.dist-info/METADATA,sha256=BowJdc0kfuglE5GugcqnpLRBGd5zG36dgPQgMaxh8yw,9845
+authlib-1.6.6.dist-info/WHEEL,sha256=JNWh1Fm1UdwIQV075glCn4MVuCRs0sotJIq-J6rbxCU,109
+authlib-1.6.6.dist-info/top_level.txt,sha256=Rj3mJn0jhRuCs6x7ysI6hYE2PePbuxey6y6jswadAEY,8
+authlib-1.6.6.dist-info/RECORD,,