Authlib 1.6.5__py2.py3-none-any.whl → 1.6.7__py2.py3-none-any.whl

authlib/__init__.py

@@ -1,4 +1,5 @@
-"""authlib.
+"""
+authlib
 ~~~~~~~
 
 The ultimate Python library in building OAuth 1.0, OAuth 2.0 and OpenID

authlib/consts.py

@@ -1,5 +1,5 @@
 name = "Authlib"
-version = "1.6.5"
+version = "1.6.7"
 author = "Hsiaoming Yang <me@lepture.com>"
 homepage = "https://authlib.org"
 default_user_agent = f"{name}/{version} (+{homepage})"

authlib/integrations/base_client/framework_integration.py

@@ -20,11 +20,9 @@ class FrameworkIntegration:
 
     def _clear_session_state(self, session):
         now = time.time()
+        prefix = f"_state_{self.name}"
         for key in dict(session):
-            if "_authlib_" in key:
-                # TODO: remove in future
-                session.pop(key)
-            elif key.startswith("_state_"):
+            if key.startswith(prefix):
                 value = session[key]
                 exp = value.get("exp")
                 if not exp or exp < now:
@@ -32,29 +30,32 @@ class FrameworkIntegration:
 
     def get_state_data(self, session, state):
         key = f"_state_{self.name}_{state}"
+        session_data = session.get(key)
+        if not session_data:
+            return None
         if self.cache:
-            value = self._get_cache_data(key)
+            cached_value = self._get_cache_data(key)
         else:
-            value = session.get(key)
-        if value:
-            return value.get("data")
+            cached_value = session_data
+        if cached_value:
+            return cached_value.get("data")
         return None
 
     def set_state_data(self, session, state, data):
         key = f"_state_{self.name}_{state}"
+        now = time.time()
         if self.cache:
             self.cache.set(key, json.dumps({"data": data}), self.expires_in)
+            session[key] = {"exp": now + self.expires_in}
         else:
-            now = time.time()
             session[key] = {"data": data, "exp": now + self.expires_in}
 
     def clear_state_data(self, session, state):
         key = f"_state_{self.name}_{state}"
         if self.cache:
             self.cache.delete(key)
-        else:
-            session.pop(key, None)
-            self._clear_session_state(session)
+        session.pop(key, None)
+        self._clear_session_state(session)
 
     def update_token(self, token, refresh_token=None, access_token=None):
         raise NotImplementedError()

authlib/jose/__init__.py

@@ -46,7 +46,22 @@ JsonWebKey.JWK_KEY_CLS = {
     OKPKey.kty: OKPKey,
 }
 
-jwt = JsonWebToken(list(JsonWebSignature.ALGORITHMS_REGISTRY.keys()))
+jwt = JsonWebToken(
+    [
+        "HS256",
+        "HS384",
+        "HS512",
+        "RS256",
+        "RS384",
+        "RS512",
+        "ES256",
+        "ES384",
+        "ES512",
+        "PS256",
+        "PS384",
+        "PS512",
+    ]
+)
 
 
 __all__ = [

authlib/oauth1/rfc5849/client_auth.py

@@ -172,6 +172,8 @@ class ClientAuth:
 
         if CONTENT_TYPE_FORM_URLENCODED in content_type:
             headers["Content-Type"] = CONTENT_TYPE_FORM_URLENCODED
+            if isinstance(body, bytes):
+                body = body.decode()
             uri, headers, body = self.sign(method, uri, headers, body)
         elif self.force_include_body:
             # To allow custom clients to work on non form encoded bodies.

authlib/oauth2/rfc6749/wrappers.py

@@ -4,15 +4,26 @@ import time
 class OAuth2Token(dict):
     def __init__(self, params):
         if params.get("expires_at"):
-            params["expires_at"] = int(params["expires_at"])
+            try:
+                params["expires_at"] = int(params["expires_at"])
+            except ValueError:
+                # If expires_at is not parseable, fall back to expires_in if available
+                # Otherwise leave expires_at untouched
+                if params.get("expires_in"):
+                    params["expires_at"] = int(time.time()) + int(params["expires_in"])
+
         elif params.get("expires_in"):
             params["expires_at"] = int(time.time()) + int(params["expires_in"])
+
         super().__init__(params)
 
     def is_expired(self, leeway=60):
         expires_at = self.get("expires_at")
         if not expires_at:
             return None
+        # Only check expiration if expires_at is an integer
+        if not isinstance(expires_at, int):
+            return None
         # small timedelta to consider token as expired before it actually expires
         expiration_threshold = expires_at - leeway
         return expiration_threshold < time.time()

authlib/oauth2/rfc9101/authorization_server.py

@@ -1,4 +1,5 @@
-from authlib.jose import jwt
+from authlib.jose import JsonWebSignature
+from authlib.jose import JsonWebToken
 from authlib.jose.errors import JoseError
 
 from ..rfc6749 import AuthorizationServer
@@ -135,8 +136,8 @@ class JWTAuthenticationRequest:
         self, request, client: ClientMixin, raw_request_object: str
     ):
         jwks = self.resolve_client_public_key(client)
-
         try:
+            jwt = JsonWebToken(list(JsonWebSignature.ALGORITHMS_REGISTRY.keys()))
             request_object = jwt.decode(raw_request_object, jwks)
             request_object.validate()
 

authlib/oidc/core/grants/code.py

@@ -8,6 +8,7 @@ per `Section 3.1`_.
 """
 
 import logging
+import warnings
 
 from authlib.oauth2.rfc6749 import OAuth2Request
 
@@ -20,7 +21,7 @@ log = logging.getLogger(__name__)
 
 
 class OpenIDToken:
-    def get_jwt_config(self, grant):  # pragma: no cover
+    def get_jwt_config(self, grant, client):  # pragma: no cover
         """Get the JWT configuration for OpenIDCode extension. The JWT
         configuration will be used to generate ``id_token``.
         If ``alg`` is undefined, the ``id_token_signed_response_alg`` client
@@ -29,15 +30,16 @@ class OpenIDToken:
         will be used.
         Developers MUST implement this method in subclass, e.g.::
 
-            def get_jwt_config(self, grant):
+            def get_jwt_config(self, grant, client):
                 return {
                     "key": read_private_key_file(key_path),
-                    "alg": "RS256",
+                    "alg": client.id_token_signed_response_alg or "RS256",
                     "iss": "issuer-identity",
                     "exp": 3600,
                 }
 
         :param grant: AuthorizationCodeGrant instance
+        :param client: OAuth2 client instance
         :return: dict
         """
         raise NotImplementedError()
@@ -78,7 +80,17 @@ class OpenIDToken:
         request: OAuth2Request = grant.request
         authorization_code = request.authorization_code
 
-        config = self.get_jwt_config(grant)
+        try:
+            config = self.get_jwt_config(grant, request.client)
+        except TypeError:
+            warnings.warn(
+                "get_jwt_config(self, grant) is deprecated and will be removed in version 1.8. "
+                "Use get_jwt_config(self, grant, client) instead.",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            config = self.get_jwt_config(grant)
+
         config["aud"] = self.get_audiences(request)
 
         # Per OpenID Connect Registration 1.0 Section 2:

authlib/oidc/core/grants/implicit.py

@@ -1,4 +1,5 @@
 import logging
+import warnings
 
 from authlib.oauth2.rfc6749 import AccessDeniedError
 from authlib.oauth2.rfc6749 import ImplicitGrant
@@ -36,19 +37,20 @@ class OpenIDImplicitGrant(ImplicitGrant):
         """
         raise NotImplementedError()
 
-    def get_jwt_config(self):
+    def get_jwt_config(self, client):
         """Get the JWT configuration for OpenIDImplicitGrant. The JWT
         configuration will be used to generate ``id_token``. Developers
         MUST implement this method in subclass, e.g.::
 
-            def get_jwt_config(self):
+            def get_jwt_config(self, client):
                 return {
                     "key": read_private_key_file(key_path),
-                    "alg": "RS256",
+                    "alg": client.id_token_signed_response_alg or "RS256",
                     "iss": "issuer-identity",
                     "exp": 3600,
                 }
 
+        :param client: OAuth2 client instance
         :return: dict
         """
         raise NotImplementedError()
@@ -143,7 +145,17 @@ class OpenIDImplicitGrant(ImplicitGrant):
         return params
 
     def process_implicit_token(self, token, code=None):
-        config = self.get_jwt_config()
+        try:
+            config = self.get_jwt_config(self.request.client)
+        except TypeError:
+            warnings.warn(
+                "get_jwt_config(self) is deprecated and will be removed in version 1.8. "
+                "Use get_jwt_config(self, client) instead.",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            config = self.get_jwt_config()
+
         config["aud"] = self.get_audiences(self.request)
         config["nonce"] = self.request.payload.data.get("nonce")
         if code is not None:

authlib/oidc/core/grants/util.py

@@ -3,7 +3,7 @@ import time
 from authlib.common.encoding import to_native
 from authlib.common.urls import add_params_to_uri
 from authlib.common.urls import quote_url
-from authlib.jose import jwt
+from authlib.jose import JsonWebToken
 from authlib.oauth2.rfc6749 import InvalidRequestError
 from authlib.oauth2.rfc6749 import scope_to_list
 
@@ -111,7 +111,7 @@ def generate_id_token(
             payload["at_hash"] = to_native(at_hash)
 
     payload.update(user_info)
-    return to_native(jwt.encode(header, payload, key))
+    return to_native(JsonWebToken([alg]).encode(header, payload, key))
 
 
 def create_response_mode_response(redirect_uri, params, response_mode):

authlib/oidc/core/userinfo.py

@@ -1,7 +1,7 @@
 from typing import Optional
 
 from authlib.consts import default_json_headers
-from authlib.jose import jwt
+from authlib.jose import JsonWebToken
 from authlib.oauth2.rfc6749.authorization_server import AuthorizationServer
 from authlib.oauth2.rfc6749.authorization_server import OAuth2Request
 from authlib.oauth2.rfc6749.resource_protector import ResourceProtector
@@ -74,7 +74,9 @@ class UserInfoEndpoint:
             user_info["iss"] = self.get_issuer()
             user_info["aud"] = client.client_id
 
-            data = jwt.encode({"alg": alg}, user_info, self.resolve_private_key())
+            data = JsonWebToken([alg]).encode(
+                {"alg": alg}, user_info, self.resolve_private_key()
+            )
             return 200, data, [("Content-Type", "application/jwt")]
 
         return 200, user_info, default_json_headers

{authlib-1.6.5.dist-info → authlib-1.6.7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Authlib
-Version: 1.6.5
+Version: 1.6.7
 Summary: The ultimate Python library in building OAuth and OpenID Connect servers and clients.
 Author-email: Hsiaoming Yang <me@lepture.com>
 License: BSD-3-Clause

{authlib-1.6.5.dist-info → authlib-1.6.7.dist-info}/RECORD

@@ -1,5 +1,5 @@
-authlib/__init__.py,sha256=9F2r7k-nrTBFVDVWk0oghhIpLioCwQtt-35ppwRNfGU,487
-authlib/consts.py,sha256=9cqeotlkDe69rVuzp_CwFO01qxVvyzzzbB2UpHWEvDg,299
+authlib/__init__.py,sha256=2k6VBNbFu1ErBoHhp9Rcv9sDYrC1jWLWvfSkyq-N2AY,487
+authlib/consts.py,sha256=hNW101UrECxArFpZrw8ZSfGO1brEbMtQ6kklnGdNOwQ,299
 authlib/deprecate.py,sha256=BaH7IdSK0WEmanyJAl7-Rpmvm6NJcez-Z03k0OYPXl0,506
 authlib/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 authlib/common/encoding.py,sha256=S80EkhVVJABStdEuZvQV1c47gQnu359fgLAFDmqLaP0,1544
@@ -11,7 +11,7 @@ authlib/integrations/base_client/__init__.py,sha256=0nRNGKgwojLqaTwnbDfXqLiEjNY9
 authlib/integrations/base_client/async_app.py,sha256=Pw3KIzxFtBG1ZXHg4hfV-D-hX0ubNU34s8bF9IHRm-g,5978
 authlib/integrations/base_client/async_openid.py,sha256=imBoGouxPu4hMwjmxCu8JMgDADZOMdpCbc_B-LSULl4,2982
 authlib/integrations/base_client/errors.py,sha256=Iniwp6d3XJ0Q3bYQcOB1tnCQhMKcYv8wLH7BAFHICAA,632
-authlib/integrations/base_client/framework_integration.py,sha256=LQFGmr0RyebVWAw1rU7cEwIYK_WiWKA00IVMxn_H5PQ,1871
+authlib/integrations/base_client/framework_integration.py,sha256=jZ9rcYLUwRANorQoJNzi7CC0NoceujnKrKSicGsiptI,1945
 authlib/integrations/base_client/registry.py,sha256=GV0IJqZzPtsJHb-tl4t38K_Yvv3q4NPvp851V_UzDxY,4313
 authlib/integrations/base_client/sync_app.py,sha256=3dWAUHefD1-3qoaWUr9w-rOwVsnJ2jB8GiKLMoYTDp4,12791
 authlib/integrations/base_client/sync_openid.py,sha256=qtUXnzSqHZZATr3BejSBdTy51QkHg_r_i7GwWilvCHo,3165
@@ -58,7 +58,7 @@ authlib/integrations/sqla_oauth2/tokens_mixins.py,sha256=B62cFI-jZhtIU79of6l6Lxz
 authlib/integrations/starlette_client/__init__.py,sha256=qIPzeCFSCJ1AnCJ_I9tvmL2qDOJtaPUwgG7Mb4wz3VI,713
 authlib/integrations/starlette_client/apps.py,sha256=3rIzMYCzdu4ajfyaHlBeFIJb6gI8lBjNl_Ry7VTT_go,4140
 authlib/integrations/starlette_client/integration.py,sha256=Dlu7w36dPrBz_-ybcwmOasGrZprQiCQ9IQqd47VeDQk,2253
-authlib/jose/__init__.py,sha256=wtdmtHrQV3a3-us9K6nVVGHrC82zSJ27FX106uUxeLI,1703
+authlib/jose/__init__.py,sha256=oe8YOFZ1Wg0SBHbQVR1DlNeHnoXoem44eaYVJdvFh0s,1871
 authlib/jose/errors.py,sha256=NK3sAewwLTZ6eaNS4QVcpndf3oL2CySrwsF9xiTWDqs,3199
 authlib/jose/jwk.py,sha256=LqCE7K1WozgSR_UHwXEajwVJjjBwXkIKebT1Z_AzFE0,491
 authlib/jose/util.py,sha256=24oOQ3Vnm9gUa0rDyEau9-l-F7ovzsDV6VbzxTscCiU,1357
@@ -99,7 +99,7 @@ authlib/oauth1/errors.py,sha256=pg0NaUgENjfTN_ba50_yQB9aSNe5Mte5MDlikFuypBY,46
 authlib/oauth1/rfc5849/__init__.py,sha256=Ta7spUuDIW4nBxQoDOZHUZYj42hjyl2h-T7lLq2xDeM,1136
 authlib/oauth1/rfc5849/authorization_server.py,sha256=y-vDQ79-CFjCl05V9kYqTDhFdCGCMZ9wY9S66mMjmBc,13924
 authlib/oauth1/rfc5849/base_server.py,sha256=BtBnisyOWP1epfzyp9A5zvMZu3rmCJazyHk9XEtpg8w,3972
-authlib/oauth1/rfc5849/client_auth.py,sha256=ovx0Hx5LfSX6hCezFPsHupIsiP0Lc0pfy80cPuwS-0k,7079
+authlib/oauth1/rfc5849/client_auth.py,sha256=Bx0iNj4zDJ6731o6Mfpt5KX5sNhg218N_9PoTbzuAWA,7156
 authlib/oauth1/rfc5849/errors.py,sha256=iHVEoxrP0ieSjTJO2I9ThG2TvLs3XtRDssuCvu53OsY,2285
 authlib/oauth1/rfc5849/models.py,sha256=Pvh-7iKXU3zkMYq1nYbdAaxL3Vdg95cxmdaC5-KWxxg,3418
 authlib/oauth1/rfc5849/parameters.py,sha256=XpAcRz9MZjIUIs6IbthBK_fWzcL2Iy9jHUnFn3-W7zk,3532
@@ -123,7 +123,7 @@ authlib/oauth2/rfc6749/requests.py,sha256=8m2bVR9KrUGzqFRBI8aXp7h-Y3a8H6wLY5hLaj
 authlib/oauth2/rfc6749/resource_protector.py,sha256=OKXtwUVn0kgK55mIzc9mGNbfUpwoOWTxb105Td5iVPE,5404
 authlib/oauth2/rfc6749/token_endpoint.py,sha256=kxjK39EHBgeD7uvJLyoLF5DAr1ef4l31jpCt6C4gYJ0,1103
 authlib/oauth2/rfc6749/util.py,sha256=--0YfF2ZVHTVMPGKD10iPqj02WeiDhXuYttX4tRleVM,1174
-authlib/oauth2/rfc6749/wrappers.py,sha256=g59stDpzoJjE6koXlwBNdGZDMgi25SxBNeJtAmtyb4I,805
+authlib/oauth2/rfc6749/wrappers.py,sha256=DEtFYwlpabfGYbkDW6iZfeXXgua_7EGMKBlRh47idNA,1262
 authlib/oauth2/rfc6749/grants/__init__.py,sha256=7WmResYhXjt0RfzHvrh5sHOQqZURr3FphSO-dmZc9FI,1292
 authlib/oauth2/rfc6749/grants/authorization_code.py,sha256=CXp1RTezTAYI2yxMUtyW22HeuZb4Q_E1X_c6SRKc3ag,15604
 authlib/oauth2/rfc6749/grants/base.py,sha256=59YgBIEvYDoUUbGkk0A7lgLXeRnqCir1imvUV_YZqWc,5283
@@ -176,7 +176,7 @@ authlib/oauth2/rfc9068/revocation.py,sha256=txYDfyq3sQ7wNAGM3HmfscgE4vdlWkwY4FFG
 authlib/oauth2/rfc9068/token.py,sha256=JBH4iuCDclDv62a9F0qdh1ysg3tBEVMadmn2nA733KI,8613
 authlib/oauth2/rfc9068/token_validator.py,sha256=DLH91dL5Ocm_stf2yoCEKE-mEIN01zfrf6Suse3nYuI,6865
 authlib/oauth2/rfc9101/__init__.py,sha256=OV66ZJbs2h_iJ0iPH3UvWg_kUpCxDI2l82ul1hCUfdI,267
-authlib/oauth2/rfc9101/authorization_server.py,sha256=E-zLhrLzLD8Wgz7Q0Tf-gxBsISIKmoTmYk66koxM6M0,10624
+authlib/oauth2/rfc9101/authorization_server.py,sha256=Sz2IVmYTgPkv0gYJdg_vfaMguIga2vzis4AY86ByHew,10756
 authlib/oauth2/rfc9101/discovery.py,sha256=0Y3LnMCVzBBq5brWsru_A1fOJmdkNH6lUJ9mL8_yd18,443
 authlib/oauth2/rfc9101/errors.py,sha256=aZLygyagATIo1UZ2iAF3DoBYtJGB0n03hqqoKQpKpvE,999
 authlib/oauth2/rfc9101/registration.py,sha256=fkfN0Ymc7WCUTpcu4bF6WXDlKCmbioR9fElSD20VODs,1299
@@ -187,20 +187,20 @@ authlib/oidc/core/__init__.py,sha256=VSzzSDb5HIrFHnjpLQ8qwxgxLHnOqaCbHsLLnldbnO4
 authlib/oidc/core/claims.py,sha256=ZN7ortm_FytflhhSNIW9LtUhbrwcnd1su_BZv691q54,11521
 authlib/oidc/core/errors.py,sha256=f-71kRG2Nf2cN95f7PCKucgCcPphITtGBhcsjcjhE6U,2892
 authlib/oidc/core/models.py,sha256=KjBcQnNJkVYnLWYeQuwb-K_DWDst78MZRLJXjqhtMtw,1464
-authlib/oidc/core/userinfo.py,sha256=8r3WBd6H1JM_5IDW4l1zOkxqrWg_YTyGqDijShKxeLE,4354
+authlib/oidc/core/userinfo.py,sha256=J5hPi4CTW5NAp43AVDIx2n3_owJjicINuHMTWEXCreM,4409
 authlib/oidc/core/util.py,sha256=ihuKYlhQAVmK5SIhwxn5k_PqVB1q0Lmwl1tuwRTQuf4,502
 authlib/oidc/core/grants/__init__.py,sha256=-SjelrkrD35bnb5rIZiBpbiLxgiJtwMXHJXHr8ovQyo,243
-authlib/oidc/core/grants/code.py,sha256=GelmhPA0jj4zK-ucXL7fAwIPfnn5Znol6wJlsJeVx1A,5681
+authlib/oidc/core/grants/code.py,sha256=wnB-8XigZIpv-pgnLe2SL4R2U9XrZ3x99JIRNYOmVgI,6178
 authlib/oidc/core/grants/hybrid.py,sha256=pIWRAGFbT9d9o4OHcPE-RtjJqOuTGbaFU0lsBG5kgAw,3430
-authlib/oidc/core/grants/implicit.py,sha256=rSG0S2jrFzK1rE247DiRyabnpbGq4UE0S6nqJKrMzZo,6619
-authlib/oidc/core/grants/util.py,sha256=prMt5LqyPLbsI6MQACkxOgmMK_WlS_C0I73jhJWETj4,4539
+authlib/oidc/core/grants/implicit.py,sha256=soG8ohEJ5N9qcOAsivQ89wUgVCyOo8ssgPVJ9kc9cvM,7100
+authlib/oidc/core/grants/util.py,sha256=MTA7MZnIFNk2iVWkQ-kJuYlbc7KulAo4duW2WTL0sNE,4564
 authlib/oidc/discovery/__init__.py,sha256=rapkktd4XN0t6LeHOWFPeeKEzlF6gBHvWsTK9JPLPY0,305
 authlib/oidc/discovery/models.py,sha256=yzdWYQn-VfC48gywoxswge4tgnKb8uQ-UkjhVTClk1E,12442
 authlib/oidc/discovery/well_known.py,sha256=ry1VHxCmwvjmlMxOFEbSC6FsE_ttijyRcn2xUpv2CaU,574
 authlib/oidc/registration/__init__.py,sha256=lV_Og-DMFKzWWYsdK04oF83xKUGTE2gQhikPPsOdW84,77
 authlib/oidc/registration/claims.py,sha256=K7Ft8GDXkVrjJrc53Ihkhn2SVN4pvEf3qiHOkzVOJ7g,17264
-authlib-1.6.5.dist-info/licenses/LICENSE,sha256=jhtIUY3pxs0Ay0jH_luAI_2Q1VUsoS6-c2Kg3zDdvkU,1514
-authlib-1.6.5.dist-info/METADATA,sha256=JSpi4anvkVQ9zL3GuZR4mvuto9yjFI39uhUnGfKGwdY,9845
-authlib-1.6.5.dist-info/WHEEL,sha256=JNWh1Fm1UdwIQV075glCn4MVuCRs0sotJIq-J6rbxCU,109
-authlib-1.6.5.dist-info/top_level.txt,sha256=Rj3mJn0jhRuCs6x7ysI6hYE2PePbuxey6y6jswadAEY,8
-authlib-1.6.5.dist-info/RECORD,,
+authlib-1.6.7.dist-info/licenses/LICENSE,sha256=jhtIUY3pxs0Ay0jH_luAI_2Q1VUsoS6-c2Kg3zDdvkU,1514
+authlib-1.6.7.dist-info/METADATA,sha256=ER8Xa_dNHQa3CsQD9WeyPEyldyXAKpZp7TITcmKEMeI,9845
+authlib-1.6.7.dist-info/WHEEL,sha256=Mk1ST5gDzEO5il5kYREiBnzzM469m5sI8ESPl7TRhJY,110
+authlib-1.6.7.dist-info/top_level.txt,sha256=Rj3mJn0jhRuCs6x7ysI6hYE2PePbuxey6y6jswadAEY,8
+authlib-1.6.7.dist-info/RECORD,,

{authlib-1.6.5.dist-info → authlib-1.6.7.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.9.0)
+Generator: setuptools (80.10.2)
 Root-Is-Purelib: true
 Tag: py2-none-any
 Tag: py3-none-any