PyPI - auth0-python - Versions diffs - 4.2.0__tar.gz → 4.3.0__tar.gz - Mend

auth0-python 4.2.0tar.gz → 4.3.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

{auth0-python-4.2.0 → auth0-python-4.3.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: auth0-python
-Version: 4.2.0
+Version: 4.3.0
 Summary: Auth0 Python SDK
 Home-page: https://github.com/auth0/auth0-python
 Author: Auth0

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/__init__.py RENAMED Viewed

@@ -1,4 +1,4 @@
-__version__ = "4.2.0"
+__version__ = "4.3.0"
 from auth0.exceptions import Auth0Error, RateLimitError, TokenValidationError

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/asyncify.py RENAMED Viewed

@@ -1,5 +1,7 @@
 import aiohttp
+from auth0.authentication.base import AuthenticationBase
+from auth0.rest import RestClientOptions
 from auth0.rest_async import AsyncRestClient
@@ -19,7 +21,7 @@ def asyncify(cls):
         if callable(getattr(cls, func)) and not func.startswith("_")
     ]
-    class AsyncClient(cls):
+    class AsyncManagementClient(cls):
         def __init__(
             self,
             domain,
@@ -29,40 +31,47 @@ def asyncify(cls):
             protocol="https",
             rest_options=None,
         ):
-            if token is None:
-                # Wrap the auth client
-                super().__init__(domain, telemetry, timeout, protocol)
-            else:
-                # Wrap the mngtmt client
-                super().__init__(
-                    domain, token, telemetry, timeout, protocol, rest_options
-                )
+            super().__init__(domain, token, telemetry, timeout, protocol, rest_options)
             self.client = AsyncRestClient(
                 jwt=token, telemetry=telemetry, timeout=timeout, options=rest_options
             )
-    class Wrapper(cls):
+    class AsyncAuthenticationClient(cls):
         def __init__(
             self,
             domain,
-            token=None,
+            client_id,
+            client_secret=None,
+            client_assertion_signing_key=None,
+            client_assertion_signing_alg=None,
             telemetry=True,
             timeout=5.0,
             protocol="https",
-            rest_options=None,
         ):
-            if token is None:
-                # Wrap the auth client
-                super().__init__(domain, telemetry, timeout, protocol)
-            else:
-                # Wrap the mngtmt client
-                super().__init__(
-                    domain, token, telemetry, timeout, protocol, rest_options
-                )
-            self._async_client = AsyncClient(
-                domain, token, telemetry, timeout, protocol, rest_options
+            super().__init__(
+                domain,
+                client_id,
+                client_secret,
+                client_assertion_signing_key,
+                client_assertion_signing_alg,
+                telemetry,
+                timeout,
+                protocol,
+            )
+            self.client = AsyncRestClient(
+                None,
+                options=RestClientOptions(
+                    telemetry=telemetry, timeout=timeout, retries=0
+                ),
             )
+    class Wrapper(cls):
+        def __init__(self, *args, **kwargs):
+            super().__init__(*args, **kwargs)
+            if AuthenticationBase in cls.__bases__:
+                self._async_client = AsyncAuthenticationClient(*args, **kwargs)
+            else:
+                self._async_client = AsyncManagementClient(*args, **kwargs)
             for method in methods:
                 setattr(
                     self,

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/async_token_verifier.py RENAMED Viewed

@@ -1,8 +1,16 @@
 """Token Verifier module"""
+from __future__ import annotations
+from typing import TYPE_CHECKING, Any
 from .. import TokenValidationError
 from ..rest_async import AsyncRestClient
 from .token_verifier import AsymmetricSignatureVerifier, JwksFetcher, TokenVerifier
+if TYPE_CHECKING:
+    from aiohttp import ClientSession
+    from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
 class AsyncAsymmetricSignatureVerifier(AsymmetricSignatureVerifier):
     """Async verifier for RSA signatures, which rely on public key certificates.
@@ -12,11 +20,11 @@ class AsyncAsymmetricSignatureVerifier(AsymmetricSignatureVerifier):
         algorithm (str, optional): The expected signing algorithm. Defaults to "RS256".
     """
-    def __init__(self, jwks_url, algorithm="RS256"):
+    def __init__(self, jwks_url: str, algorithm: str = "RS256") -> None:
         super().__init__(jwks_url, algorithm)
         self._fetcher = AsyncJwksFetcher(jwks_url)
-    def set_session(self, session):
+    def set_session(self, session: ClientSession) -> None:
         """Set Client Session to improve performance by reusing session.
         Args:
@@ -32,7 +40,7 @@ class AsyncAsymmetricSignatureVerifier(AsymmetricSignatureVerifier):
         key_id (str): The key's key id."""
         return await self._fetcher.get_key(key_id)
-    async def verify_signature(self, token):
+    async def verify_signature(self, token) -> dict[str, Any]:
         """Verifies the signature of the given JSON web token.
         Args:
@@ -57,11 +65,11 @@ class AsyncJwksFetcher(JwksFetcher):
         cache_ttl (str, optional): The lifetime of the JWK set cache in seconds. Defaults to 600 seconds.
     """
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
         super().__init__(*args, **kwargs)
         self._async_client = AsyncRestClient(None)
-    def set_session(self, session):
+    def set_session(self, session: ClientSession) -> None:
         """Set Client Session to improve performance by reusing session.
         Args:
@@ -70,7 +78,7 @@ class AsyncJwksFetcher(JwksFetcher):
         """
         self._async_client.set_session(session)
-    async def _fetch_jwks(self, force=False):
+    async def _fetch_jwks(self, force: bool = False) -> dict[str, RSAPublicKey]:
         """Attempts to obtain the JWK set from the cache, as long as it's still valid.
         When not, it will perform a network request to the jwks_url to obtain a fresh result
         and update the cache value with it.
@@ -90,7 +98,7 @@ class AsyncJwksFetcher(JwksFetcher):
         self._cache_is_fresh = False
         return self._cache_value
-    async def get_key(self, key_id):
+    async def get_key(self, key_id: str) -> RSAPublicKey:
         """Obtains the JWK associated with the given key id.
         Args:
@@ -126,7 +134,13 @@ class AsyncTokenVerifier(TokenVerifier):
         Defaults to 60 seconds.
     """
-    def __init__(self, signature_verifier, issuer, audience, leeway=0):
+    def __init__(
+        self,
+        signature_verifier: AsyncAsymmetricSignatureVerifier,
+        issuer: str,
+        audience: str,
+        leeway: int = 0,
+    ) -> None:
         if not signature_verifier or not isinstance(
             signature_verifier, AsyncAsymmetricSignatureVerifier
         ):
@@ -140,7 +154,7 @@ class AsyncTokenVerifier(TokenVerifier):
         self._sv = signature_verifier
         self._clock = None  # legacy testing requirement
-    def set_session(self, session):
+    def set_session(self, session: ClientSession) -> None:
         """Set Client Session to improve performance by reusing session.
         Args:
@@ -149,7 +163,13 @@ class AsyncTokenVerifier(TokenVerifier):
         """
         self._sv.set_session(session)
-    async def verify(self, token, nonce=None, max_age=None, organization=None):
+    async def verify(
+        self,
+        token: str,
+        nonce: str | None = None,
+        max_age: int | None = None,
+        organization: str | None = None,
+    ) -> dict[str, Any]:
         """Attempts to verify the given ID token, following the steps defined in the OpenID Connect spec.
         Args:

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/base.py RENAMED Viewed

@@ -1,4 +1,9 @@
+from __future__ import annotations
+from typing import Any
 from auth0.rest import RestClient, RestClientOptions
+from auth0.types import RequestData, TimeoutType
 from .client_authentication import add_client_authentication
@@ -21,15 +26,15 @@ class AuthenticationBase:
     def __init__(
         self,
-        domain,
-        client_id,
-        client_secret=None,
-        client_assertion_signing_key=None,
-        client_assertion_signing_alg=None,
-        telemetry=True,
-        timeout=5.0,
-        protocol="https",
-    ):
+        domain: str,
+        client_id: str,
+        client_secret: str | None = None,
+        client_assertion_signing_key: str | None = None,
+        client_assertion_signing_alg: str | None = None,
+        telemetry: bool = True,
+        timeout: TimeoutType = 5.0,
+        protocol: str = "https",
+    ) -> None:
         self.domain = domain
         self.client_id = client_id
         self.client_secret = client_secret
@@ -41,7 +46,7 @@ class AuthenticationBase:
             options=RestClientOptions(telemetry=telemetry, timeout=timeout, retries=0),
         )
-    def _add_client_authentication(self, payload):
+    def _add_client_authentication(self, payload: dict[str, Any]) -> dict[str, Any]:
         return add_client_authentication(
             payload,
             self.domain,
@@ -51,13 +56,28 @@ class AuthenticationBase:
             self.client_assertion_signing_alg,
         )
-    def post(self, url, data=None, headers=None):
+    def post(
+        self,
+        url: str,
+        data: RequestData | None = None,
+        headers: dict[str, str] | None = None,
+    ) -> Any:
         return self.client.post(url, data=data, headers=headers)
-    def authenticated_post(self, url, data=None, headers=None):
+    def authenticated_post(
+        self,
+        url: str,
+        data: dict[str, Any],
+        headers: dict[str, str] | None = None,
+    ) -> Any:
         return self.client.post(
             url, data=self._add_client_authentication(data), headers=headers
         )
-    def get(self, url, params=None, headers=None):
+    def get(
+        self,
+        url: str,
+        params: dict[str, Any] | None = None,
+        headers: dict[str, str] | None = None,
+    ) -> Any:
         return self.client.get(url, params, headers)

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/client_authentication.py RENAMED Viewed

@@ -1,18 +1,24 @@
+from __future__ import annotations
 import datetime
 import uuid
+from typing import Any
 import jwt
 def create_client_assertion_jwt(
-    domain, client_id, client_assertion_signing_key, client_assertion_signing_alg
-):
+    domain: str,
+    client_id: str,
+    client_assertion_signing_key: str,
+    client_assertion_signing_alg: str | None,
+) -> str:
     """Creates a JWT for the client_assertion field.
     Args:
         domain (str): The domain of your Auth0 tenant
         client_id (str): Your application's client ID
-        client_assertion_signing_key (str, optional): Private key used to sign the client assertion JWT
+        client_assertion_signing_key (str): Private key used to sign the client assertion JWT
         client_assertion_signing_alg (str, optional): Algorithm used to sign the client assertion JWT (defaults to 'RS256')
     Returns:
@@ -35,20 +41,20 @@ def create_client_assertion_jwt(
 def add_client_authentication(
-    payload,
-    domain,
-    client_id,
-    client_secret,
-    client_assertion_signing_key,
-    client_assertion_signing_alg,
-):
+    payload: dict[str, Any],
+    domain: str,
+    client_id: str,
+    client_secret: str | None,
+    client_assertion_signing_key: str | None,
+    client_assertion_signing_alg: str | None,
+) -> dict[str, Any]:
     """Adds the client_assertion or client_secret fields to authenticate a payload.
     Args:
         payload (dict): The POST payload that needs additional fields to be authenticated.
         domain (str): The domain of your Auth0 tenant
         client_id (str): Your application's client ID
-        client_secret (str): Your application's client secret
+        client_secret (str, optional): Your application's client secret
         client_assertion_signing_key (str, optional): Private key used to sign the client assertion JWT
         client_assertion_signing_alg (str, optional): Algorithm used to sign the client assertion JWT (defaults to 'RS256')

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/database.py RENAMED Viewed

@@ -1,4 +1,6 @@
-import warnings
+from __future__ import annotations
+from typing import Any
 from .base import AuthenticationBase
@@ -12,17 +14,17 @@ class Database(AuthenticationBase):
     def signup(
         self,
-        email,
-        password,
-        connection,
-        username=None,
-        user_metadata=None,
-        given_name=None,
-        family_name=None,
-        name=None,
-        nickname=None,
-        picture=None,
-    ):
+        email: str,
+        password: str,
+        connection: str,
+        username: str | None = None,
+        user_metadata: dict[str, Any] | None = None,
+        given_name: str | None = None,
+        family_name: str | None = None,
+        name: str | None = None,
+        nickname: str | None = None,
+        picture: str | None = None,
+    ) -> dict[str, Any]:
         """Signup using email and password.
         Args:
@@ -50,7 +52,7 @@ class Database(AuthenticationBase):
         See: https://auth0.com/docs/api/authentication#signup
         """
-        body = {
+        body: dict[str, Any] = {
             "client_id": self.client_id,
             "email": email,
             "password": password,
@@ -71,11 +73,14 @@ class Database(AuthenticationBase):
         if picture:
             body.update({"picture": picture})
-        return self.post(
+        data: dict[str, Any] = self.post(
             f"{self.protocol}://{self.domain}/dbconnections/signup", data=body
         )
+        return data
-    def change_password(self, email, connection, password=None):
+    def change_password(
+        self, email: str, connection: str, password: str | None = None
+    ) -> str:
         """Asks to change a password for a given user.
         email (str): The user's email address.
@@ -88,7 +93,8 @@ class Database(AuthenticationBase):
             "connection": connection,
         }
-        return self.post(
+        data: str = self.post(
             f"{self.protocol}://{self.domain}/dbconnections/change_password",
             data=body,
         )
+        return data

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/delegated.py RENAMED Viewed

@@ -1,3 +1,7 @@
+from __future__ import annotations
+from typing import Any
 from .base import AuthenticationBase
@@ -10,13 +14,13 @@ class Delegated(AuthenticationBase):
     def get_token(
         self,
-        target,
-        api_type,
-        grant_type,
-        id_token=None,
-        refresh_token=None,
-        scope="openid",
-    ):
+        target: str,
+        api_type: str,
+        grant_type: str,
+        id_token: str | None = None,
+        refresh_token: str | None = None,
+        scope: str = "openid",
+    ) -> Any:
         """Obtain a delegation token."""
         if id_token and refresh_token:

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/enterprise.py RENAMED Viewed

@@ -1,3 +1,5 @@
+from typing import Any
 from .base import AuthenticationBase
@@ -9,7 +11,7 @@ class Enterprise(AuthenticationBase):
         domain (str): Your auth0 domain (e.g: my-domain.us.auth0.com)
     """
-    def saml_metadata(self):
+    def saml_metadata(self) -> Any:
         """Get SAML2.0 Metadata."""
         return self.get(
@@ -18,7 +20,7 @@ class Enterprise(AuthenticationBase):
             )
         )
-    def wsfed_metadata(self):
+    def wsfed_metadata(self) -> Any:
         """Returns the WS-Federation Metadata."""
         url = "{}://{}/wsfed/FederationMetadata/2007-06/FederationMetadata.xml"

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/get_token.py RENAMED Viewed

@@ -1,5 +1,8 @@
+from __future__ import annotations
+from typing import Any
 from .base import AuthenticationBase
-from .client_authentication import add_client_authentication
 class GetToken(AuthenticationBase):
@@ -12,10 +15,10 @@ class GetToken(AuthenticationBase):
     def authorization_code(
         self,
-        code,
-        redirect_uri,
-        grant_type="authorization_code",
-    ):
+        code: str,
+        redirect_uri: str | None,
+        grant_type: str = "authorization_code",
+    ) -> Any:
         """Authorization code grant
         This is the OAuth 2.0 grant that regular web apps utilize in order
@@ -47,11 +50,11 @@ class GetToken(AuthenticationBase):
     def authorization_code_pkce(
         self,
-        code_verifier,
-        code,
-        redirect_uri,
-        grant_type="authorization_code",
-    ):
+        code_verifier: str,
+        code: str,
+        redirect_uri: str | None,
+        grant_type: str = "authorization_code",
+    ) -> Any:
         """Authorization code pkce grant
         This is the OAuth 2.0 grant that mobile apps utilize in order to access an API.
@@ -86,9 +89,9 @@ class GetToken(AuthenticationBase):
     def client_credentials(
         self,
-        audience,
-        grant_type="client_credentials",
-    ):
+        audience: str,
+        grant_type: str = "client_credentials",
+    ) -> Any:
         """Client credentials grant
         This is the OAuth 2.0 grant that server processes utilize in
@@ -116,13 +119,14 @@ class GetToken(AuthenticationBase):
     def login(
         self,
-        username,
-        password,
-        scope=None,
-        realm=None,
-        audience=None,
-        grant_type="http://auth0.com/oauth/grant-type/password-realm",
-    ):
+        username: str,
+        password: str,
+        scope: str | None = None,
+        realm: str | None = None,
+        audience: str | None = None,
+        grant_type: str = "http://auth0.com/oauth/grant-type/password-realm",
+        forwarded_for: str | None = None,
+    ) -> Any:
         """Calls /oauth/token endpoint with password-realm grant type
@@ -149,9 +153,16 @@ class GetToken(AuthenticationBase):
             grant_type (str, optional): Denotes the flow you're using. For password realm
             use http://auth0.com/oauth/grant-type/password-realm
+            forwarded_for (str, optional): End-user IP as a string value. Set this if you want
+            brute-force protection to work in server-side scenarios.
+            See https://auth0.com/docs/get-started/authentication-and-authorization-flow/avoid-common-issues-with-resource-owner-password-flow-and-attack-protection
         Returns:
             access_token, id_token
         """
+        headers = None
+        if forwarded_for:
+            headers = {"auth0-forwarded-for": forwarded_for}
         return self.authenticated_post(
             f"{self.protocol}://{self.domain}/oauth/token",
@@ -164,14 +175,15 @@ class GetToken(AuthenticationBase):
                 "audience": audience,
                 "grant_type": grant_type,
             },
+            headers=headers,
         )
     def refresh_token(
         self,
-        refresh_token,
-        scope="",
-        grant_type="refresh_token",
-    ):
+        refresh_token: str,
+        scope: str = "",
+        grant_type: str = "refresh_token",
+    ) -> Any:
         """Calls /oauth/token endpoint with refresh token grant type
         Use this endpoint to refresh an access token, using the refresh token you got during authorization.
@@ -199,7 +211,9 @@ class GetToken(AuthenticationBase):
             },
         )
-    def passwordless_login(self, username, otp, realm, scope, audience):
+    def passwordless_login(
+        self, username: str, otp: str, realm: str, scope: str, audience: str
+    ) -> Any:
         """Calls /oauth/token endpoint with http://auth0.com/oauth/grant-type/passwordless/otp grant type
         Once the verification code was received, login the user using this endpoint with their

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/passwordless.py RENAMED Viewed

@@ -1,4 +1,6 @@
-import warnings
+from __future__ import annotations
+from typing import Any
 from .base import AuthenticationBase
@@ -11,7 +13,9 @@ class Passwordless(AuthenticationBase):
         domain (str): Your auth0 domain (e.g: my-domain.us.auth0.com)
     """
-    def email(self, email, send="link", auth_params=None):
+    def email(
+        self, email: str, send: str = "link", auth_params: dict[str, str] | None = None
+    ) -> Any:
         """Start flow sending an email.
         Given the user email address, it will send an email with:
@@ -35,7 +39,7 @@ class Passwordless(AuthenticationBase):
             auth_params (dict, optional): Parameters to append or override.
         """
-        data = {
+        data: dict[str, Any] = {
             "client_id": self.client_id,
             "connection": "email",
             "email": email,
@@ -48,7 +52,7 @@ class Passwordless(AuthenticationBase):
             f"{self.protocol}://{self.domain}/passwordless/start", data=data
         )
-    def sms(self, phone_number):
+    def sms(self, phone_number: str) -> Any:
         """Start flow sending an SMS message.
         Given the user phone number, it will send an SMS with

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/revoke_token.py RENAMED Viewed

@@ -1,3 +1,5 @@
+from typing import Any
 from .base import AuthenticationBase
@@ -8,7 +10,7 @@ class RevokeToken(AuthenticationBase):
         domain (str): Your auth0 domain (e.g: my-domain.us.auth0.com)
     """
-    def revoke_refresh_token(self, token):
+    def revoke_refresh_token(self, token: str) -> Any:
         """Revokes a Refresh Token if it has been compromised
         Each revocation request invalidates not only the specific token, but all other tokens

{auth0-python-4.2.0 → auth0-python-4.3.0}/auth0/authentication/social.py RENAMED Viewed

@@ -1,3 +1,5 @@
+from typing import Any
 from .base import AuthenticationBase
@@ -9,7 +11,7 @@ class Social(AuthenticationBase):
         domain (str): Your auth0 domain (e.g: my-domain.us.auth0.com)
     """
-    def login(self, access_token, connection, scope="openid"):
+    def login(self, access_token: str, connection: str, scope: str = "openid") -> Any:
         """Login using a social provider's access token
         Given the social provider's access_token and the connection specified,

auth0-python 4.2.0__tar.gz → 4.3.0__tar.gz

auth0-python 4.2.0tar.gz → 4.3.0tar.gz