fastapi-sso 0.14.2__tar.gz → 0.15.0__tar.gz

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fastapi-sso
-Version: 0.14.2
+Version: 0.15.0
 Summary: FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)
 Home-page: https://tomasvotava.github.io/fastapi-sso/
 License: MIT
@@ -28,7 +28,7 @@ Description-Content-Type: text/markdown
 ![Supported Python Versions](https://img.shields.io/pypi/pyversions/fastapi-sso)
 [![Test coverage](https://codecov.io/gh/tomasvotava/fastapi-sso/graph/badge.svg?token=SIFCTVSSOS)](https://codecov.io/gh/tomasvotava/fastapi-sso)
 ![Tests Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/test.yml?label=tests)
-![Pylint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=pylint)
+![Lint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=ruff)
 ![Mypy Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=mypy)
 ![Black Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=black)
 ![CodeQL Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/codeql-analysis.yml?label=CodeQL)
@@ -46,6 +46,21 @@ backend very easily.
 
 **Source Code**: [https://github.com/tomasvotava/fastapi-sso](https://github.com/tomasvotava/fastapi-sso/)
 
+## Demo site
+
+An awesome demo site was created and is maintained by even awesomer
+[Chris Karvouniaris (@chrisK824)](https://github.com/chrisK824). Chris has also posted multiple
+Medium articles about FastAPI and FastAPI SSO.
+
+Be sure to see his tutorials, follow him and show him some appreciation!
+
+Please see his [announcement](https://github.com/tomasvotava/fastapi-sso/discussions/150) with all the links.
+
+Quick links for the eager ones:
+
+- [Demo site](https://fastapi-sso-example.vercel.app/)
+- [Medium articles](https://medium.com/@christos.karvouniaris247)
+
 ## Security warning
 
 Please note that versions preceding `0.7.0` had a security vulnerability.

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/README.md

@@ -3,7 +3,7 @@
 ![Supported Python Versions](https://img.shields.io/pypi/pyversions/fastapi-sso)
 [![Test coverage](https://codecov.io/gh/tomasvotava/fastapi-sso/graph/badge.svg?token=SIFCTVSSOS)](https://codecov.io/gh/tomasvotava/fastapi-sso)
 ![Tests Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/test.yml?label=tests)
-![Pylint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=pylint)
+![Lint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=ruff)
 ![Mypy Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=mypy)
 ![Black Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=black)
 ![CodeQL Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/codeql-analysis.yml?label=CodeQL)
@@ -21,6 +21,21 @@ backend very easily.
 
 **Source Code**: [https://github.com/tomasvotava/fastapi-sso](https://github.com/tomasvotava/fastapi-sso/)
 
+## Demo site
+
+An awesome demo site was created and is maintained by even awesomer
+[Chris Karvouniaris (@chrisK824)](https://github.com/chrisK824). Chris has also posted multiple
+Medium articles about FastAPI and FastAPI SSO.
+
+Be sure to see his tutorials, follow him and show him some appreciation!
+
+Please see his [announcement](https://github.com/tomasvotava/fastapi-sso/discussions/150) with all the links.
+
+Quick links for the eager ones:
+
+- [Demo site](https://fastapi-sso-example.vercel.app/)
+- [Medium articles](https://medium.com/@christos.karvouniaris247)
+
 ## Security warning
 
 Please note that versions preceding `0.7.0` had a security vulnerability.

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/__init__.py

@@ -1,4 +1,5 @@
-"""FastAPI plugin to enable SSO to most common providers
+"""FastAPI plugin to enable SSO to most common providers.
+
 (such as Facebook login, Google login and login via Microsoft Office 365 account)
 """
 
@@ -17,3 +18,23 @@ from .sso.naver import NaverSSO
 from .sso.notion import NotionSSO
 from .sso.spotify import SpotifySSO
 from .sso.twitter import TwitterSSO
+
+__all__ = [
+    "OpenID",
+    "SSOBase",
+    "SSOLoginError",
+    "FacebookSSO",
+    "FitbitSSO",
+    "create_provider",
+    "GithubSSO",
+    "GitlabSSO",
+    "GoogleSSO",
+    "KakaoSSO",
+    "LineSSO",
+    "LinkedInSSO",
+    "MicrosoftSSO",
+    "NaverSSO",
+    "NotionSSO",
+    "SpotifySSO",
+    "TwitterSSO",
+]

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/pkce.py

@@ -1,4 +1,4 @@
-"""PKCE-related helper functions"""
+"""PKCE-related helper functions."""
 
 import base64
 import hashlib
@@ -7,7 +7,7 @@ from typing import Tuple
 
 
 def get_code_verifier(length: int = 96) -> str:
-    """Get code verifier for PKCE challenge"""
+    """Get code verifier for PKCE challenge."""
     length = max(43, min(length, 128))
     bytes_length = int(length * 3 / 4)
     return base64.urlsafe_b64encode(os.urandom(bytes_length)).decode("utf-8").replace("=", "")[:length]

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/base.py

@@ -1,14 +1,11 @@
-"""SSO login base dependency
-"""
-
-# pylint: disable=too-few-public-methods
+"""SSO login base dependency."""
 
 import json
+import logging
 import os
-import sys
 import warnings
 from types import TracebackType
-from typing import Any, Dict, List, Literal, Optional, Type, Union, overload
+from typing import Any, ClassVar, Dict, List, Literal, Optional, Type, TypedDict, Union, overload
 
 import httpx
 import pydantic
@@ -20,31 +17,33 @@ from starlette.responses import RedirectResponse
 from fastapi_sso.pkce import get_pkce_challenge_pair
 from fastapi_sso.state import generate_random_state
 
-if sys.version_info >= (3, 8):
-    from typing import TypedDict
-else:
-    from typing_extensions import TypedDict  # pragma: no cover
+logger = logging.getLogger(__name__)
+
 
-DiscoveryDocument = TypedDict(
-    "DiscoveryDocument", {"authorization_endpoint": str, "token_endpoint": str, "userinfo_endpoint": str}
-)
+class DiscoveryDocument(TypedDict):
+    """Discovery document."""
+
+    authorization_endpoint: str
+    token_endpoint: str
+    userinfo_endpoint: str
 
 
 class UnsetStateWarning(UserWarning):
-    """Warning about unset state parameter"""
+    """Warning about unset state parameter."""
 
 
 class ReusedOauthClientWarning(UserWarning):
-    """Warning about reused oauth client instance"""
+    """Warning about reused oauth client instance."""
 
 
 class SSOLoginError(HTTPException):
-    """Raised when any login-related error ocurrs
-    (such as when user is not verified or if there was an attempt for fake login)
+    """Raised when any login-related error ocurrs.
+
+    Such as when user is not verified or if there was an attempt for fake login.
     """
 
 
-class OpenID(pydantic.BaseModel):  # pylint: disable=no-member
+class OpenID(pydantic.BaseModel):
     """Class (schema) to represent information got from sso provider in a common form."""
 
     id: Optional[str] = None
@@ -56,16 +55,15 @@ class OpenID(pydantic.BaseModel):  # pylint: disable=no-member
     provider: Optional[str] = None
 
 
-# pylint: disable=too-many-instance-attributes
 class SSOBase:
-    """Base class (mixin) for all SSO providers"""
+    """Base class for all SSO providers."""
 
     provider: str = NotImplemented
     client_id: str = NotImplemented
     client_secret: str = NotImplemented
     redirect_uri: Optional[Union[pydantic.AnyHttpUrl, str]] = NotImplemented
-    scope: List[str] = NotImplemented
-    additional_headers: Optional[Dict[str, Any]] = None
+    scope: ClassVar[List[str]] = []
+    additional_headers: ClassVar[Optional[Dict[str, Any]]] = None
     uses_pkce: bool = False
     requires_state: bool = False
 
@@ -80,7 +78,7 @@ class SSOBase:
         use_state: bool = False,
         scope: Optional[List[str]] = None,
     ):
-        # pylint: disable=too-many-arguments
+        """Base class (mixin) for all SSO providers."""
         self.client_id: str = client_id
         self.client_secret: str = client_secret
         self.redirect_uri: Optional[Union[pydantic.AnyHttpUrl, str]] = redirect_uri
@@ -89,6 +87,7 @@ class SSOBase:
         self._generated_state: Optional[str] = None
 
         if self.allow_insecure_http:
+            logger.debug("Initializing %s with allow_insecure_http=True", self.__class__.__name__)
             os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
 
         # TODO: Remove use_state argument and attribute
@@ -100,7 +99,7 @@ class SSOBase:
                 ),
                 DeprecationWarning,
             )
-        self.scope = scope or self.scope
+        self._scope = scope or self.scope
         self._refresh_token: Optional[str] = None
         self._id_token: Optional[str] = None
         self._state: Optional[str] = None
@@ -110,8 +109,7 @@ class SSOBase:
 
     @property
     def state(self) -> Optional[str]:
-        """
-        Retrieves the state as it was returned from the server.
+        """Retrieves the state as it was returned from the server.
 
         Warning:
             This will emit a warning if the state is unset, implying either that
@@ -131,8 +129,7 @@ class SSOBase:
 
     @property
     def oauth_client(self) -> WebApplicationClient:
-        """
-        Retrieves the OAuth Client to aid in generating requests and parsing responses.
+        """Retrieves the OAuth Client to aid in generating requests and parsing responses.
 
         Raises:
             NotImplementedError: If the provider is not supported or `client_id` is not set.
@@ -148,8 +145,7 @@ class SSOBase:
 
     @property
     def access_token(self) -> Optional[str]:
-        """
-        Retrieves the access token from token endpoint.
+        """Retrieves the access token from token endpoint.
 
         Returns:
             Optional[str]: The access token if available.
@@ -158,8 +154,7 @@ class SSOBase:
 
     @property
     def refresh_token(self) -> Optional[str]:
-        """
-        Retrieves the refresh token if returned from provider.
+        """Retrieves the refresh token if returned from provider.
 
         Returns:
             Optional[str]: The refresh token if available.
@@ -168,8 +163,7 @@ class SSOBase:
 
     @property
     def id_token(self) -> Optional[str]:
-        """
-        Retrieves the id token if returned from provider.
+        """Retrieves the id token if returned from provider.
 
         Returns:
             Optional[str]: The id token if available.
@@ -177,8 +171,7 @@ class SSOBase:
         return self._id_token
 
     async def openid_from_response(self, response: dict, session: Optional[httpx.AsyncClient] = None) -> OpenID:
-        """
-        Converts a response from the provider's user info endpoint to an OpenID object.
+        """Converts a response from the provider's user info endpoint to an OpenID object.
 
         Args:
             response (dict): The response from the user info endpoint.
@@ -193,8 +186,7 @@ class SSOBase:
         raise NotImplementedError(f"Provider {self.provider} not supported")
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """
-        Retrieves the discovery document containing useful URLs.
+        """Retrieves the discovery document containing useful URLs.
 
         Raises:
             NotImplementedError: If the provider is not supported.
@@ -206,19 +198,19 @@ class SSOBase:
 
     @property
     async def authorization_endpoint(self) -> Optional[str]:
-        """Return `authorization_endpoint` from discovery document"""
+        """Return `authorization_endpoint` from discovery document."""
         discovery = await self.get_discovery_document()
         return discovery.get("authorization_endpoint")
 
     @property
     async def token_endpoint(self) -> Optional[str]:
-        """Return `token_endpoint` from discovery document"""
+        """Return `token_endpoint` from discovery document."""
         discovery = await self.get_discovery_document()
         return discovery.get("token_endpoint")
 
     @property
     async def userinfo_endpoint(self) -> Optional[str]:
-        """Return `userinfo_endpoint` from discovery document"""
+        """Return `userinfo_endpoint` from discovery document."""
         discovery = await self.get_discovery_document()
         return discovery.get("userinfo_endpoint")
 
@@ -229,8 +221,7 @@ class SSOBase:
         params: Optional[Dict[str, Any]] = None,
         state: Optional[str] = None,
     ) -> str:
-        """
-        Generates and returns the prepared login URL.
+        """Generates and returns the prepared login URL.
 
         Args:
             redirect_uri (Optional[str]): Overrides the `redirect_uri` specified on this instance.
@@ -263,7 +254,7 @@ class SSOBase:
             await self.authorization_endpoint,
             redirect_uri=redirect_uri,
             state=state,
-            scope=self.scope,
+            scope=self._scope,
             code_challenge=self._pkce_code_challenge,
             code_challenge_method=self._pkce_challenge_method,
             **params,
@@ -277,8 +268,7 @@ class SSOBase:
         params: Optional[Dict[str, Any]] = None,
         state: Optional[str] = None,
     ) -> RedirectResponse:
-        """
-        Constructs and returns a redirect response to the login page of OAuth SSO provider.
+        """Constructs and returns a redirect response to the login page of OAuth SSO provider.
 
         Args:
             redirect_uri (Optional[str]): Overrides the `redirect_uri` specified on this instance.
@@ -327,8 +317,7 @@ class SSOBase:
         redirect_uri: Optional[str] = None,
         convert_response: Union[Literal[True], Literal[False]] = True,
     ) -> Union[Optional[OpenID], Optional[Dict[str, Any]]]:
-        """
-        Processes the login given a FastAPI (Starlette) Request object. This should be used for the /callback path.
+        """Processes the login given a FastAPI (Starlette) Request object. This should be used for the /callback path.
 
         Args:
             request (Request): FastAPI or Starlette request object.
@@ -347,6 +336,12 @@ class SSOBase:
         headers = headers or {}
         code = request.query_params.get("code")
         if code is None:
+            logger.debug(
+                "Callback request:\n\tURI: %s\n\tHeaders: %s\n\tQuery params: %s",
+                request.url,
+                request.headers,
+                request.query_params,
+            )
             raise SSOLoginError(400, "'code' parameter was not found in callback request")
         self._state = request.query_params.get("state")
         pkce_code_verifier: Optional[str] = None
@@ -426,8 +421,7 @@ class SSOBase:
         pkce_code_verifier: Optional[str] = None,
         convert_response: Union[Literal[True], Literal[False]] = True,
     ) -> Union[Optional[OpenID], Optional[Dict[str, Any]]]:
-        """
-        Processes login from the callback endpoint to verify the user and request user info endpoint.
+        """Processes login from the callback endpoint to verify the user and request user info endpoint.
         It's a lower-level method, typically, you should use `verify_and_process` instead.
 
         Args:
@@ -446,7 +440,6 @@ class SSOBase:
             Optional[OpenID]: User information in OpenID format if the login was successful (convert_response == True).
             Optional[Dict[str, Any]]: Original userinfo API endpoint response.
         """
-        # pylint: disable=too-many-locals
         if self._oauth_client is not None:  # pragma: no cover
             self._oauth_client = None
             self._refresh_token = None

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/facebook.py

@@ -1,7 +1,6 @@
-"""Facebook SSO Login Helper
-"""
+"""Facebook SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -10,14 +9,14 @@ if TYPE_CHECKING:
 
 
 class FacebookSSO(SSOBase):
-    """Class providing login via Facebook OAuth"""
+    """Class providing login via Facebook OAuth."""
 
     provider = "facebook"
-    base_url = "https://graph.facebook.com/v9.0"
-    scope = ["email"]
+    base_url = "https://graph.facebook.com/v19.0"
+    scope: ClassVar = ["email"]
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://www.facebook.com/v9.0/dialog/oauth",
             "token_endpoint": f"{self.base_url}/oauth/access_token",
@@ -25,9 +24,10 @@ class FacebookSSO(SSOBase):
         }
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Facebook"""
+        """Return OpenID from user information provided by Facebook."""
+
         return OpenID(
-            email=response.get("email", ""),
+            email=response.get("email"),
             first_name=response.get("first_name"),
             last_name=response.get("last_name"),
             display_name=response.get("name"),

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/fitbit.py

@@ -1,7 +1,6 @@
-"""Fitbit OAuth Login Helper
-"""
+"""Fitbit OAuth Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase, SSOLoginError
 
@@ -10,13 +9,13 @@ if TYPE_CHECKING:
 
 
 class FitbitSSO(SSOBase):
-    """Class providing login via Fitbit OAuth"""
+    """Class providing login via Fitbit OAuth."""
 
     provider = "fitbit"
-    scope = ["profile"]
+    scope: ClassVar = ["profile"]
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Google"""
+        """Return OpenID from user information provided by Google."""
         info = response.get("user")
         if not info:
             raise SSOLoginError(401, "Failed to process login via Fitbit")
@@ -29,7 +28,7 @@ class FitbitSSO(SSOBase):
         )
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://www.fitbit.com/oauth2/authorize?response_type=code",
             "token_endpoint": "https://api.fitbit.com/oauth2/token",

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/generic.py

@@ -1,5 +1,5 @@
 """A generic OAuth client that can be used to quickly create support for any OAuth provider
-with close to no code
+with close to no code.
 """
 
 import logging
@@ -24,7 +24,6 @@ def create_provider(
     Returns a class.
 
     Args:
-
         name: Name of the provider
         default_scope: default list of scopes (can be overriden in constructor)
         discovery_document: a dictionary containing discovery document or a callable returning it
@@ -53,13 +52,13 @@ def create_provider(
     """
 
     class GenericSSOProvider(SSOBase):
-        """SSO Provider Template"""
+        """SSO Provider Template."""
 
         provider = name
         scope = default_scope or ["openid"]
 
         async def get_discovery_document(self) -> DiscoveryDocument:
-            """Get document containing handy urls"""
+            """Get document containing handy urls."""
             if callable(discovery_document):
                 return discovery_document(self)
             return discovery_document

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/github.py

@@ -1,6 +1,6 @@
-"""Github SSO Oauth Helper class"""
+"""Github SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class GithubSSO(SSOBase):
-    """Class providing login via Github SSO"""
+    """Class providing login via Github SSO."""
 
     provider = "github"
-    scope = ["user:email"]
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar = ["user:email"]
+    additional_headers: ClassVar = {"accept": "application/json"}
     emails_endpoint = "https://api.github.com/user/emails"
 
     async def get_discovery_document(self) -> DiscoveryDocument:
@@ -25,7 +25,8 @@ class GithubSSO(SSOBase):
 
     async def _get_primary_email(self, session: Optional["httpx.AsyncClient"] = None) -> Optional[str]:
         """Attempt to get primary email from Github for a current user.
-        The session received must be authenticated."""
+        The session received must be authenticated.
+        """
         if not session:
             return None
         response = await session.get(self.emails_endpoint)

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/gitlab.py

@@ -1,6 +1,6 @@
-"""Gitlab SSO Oauth Helper class"""
+"""Gitlab SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, List, Optional, Tuple, Union
+from typing import TYPE_CHECKING, ClassVar, List, Optional, Tuple, Union
 from urllib.parse import urljoin
 
 import pydantic
@@ -12,11 +12,11 @@ if TYPE_CHECKING:
 
 
 class GitlabSSO(SSOBase):
-    """Class providing login via Gitlab SSO"""
+    """Class providing login via Gitlab SSO."""
 
     provider = "gitlab"
-    scope = ["read_user", "openid", "profile"]
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar = ["read_user", "openid", "profile"]
+    additional_headers: ClassVar = {"accept": "application/json"}
     base_endpoint_url = "https://gitlab.com"
 
     def __init__(
@@ -41,7 +41,6 @@ class GitlabSSO(SSOBase):
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         """Override the discovery document method to return Yandex OAuth endpoints."""
-
         return {
             "authorization_endpoint": urljoin(self.base_endpoint_url, "/oauth/authorize"),
             "token_endpoint": urljoin(self.base_endpoint_url, "/oauth/token"),

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/google.py

@@ -1,7 +1,6 @@
-"""Google SSO Login Helper
-"""
+"""Google SSO Login Helper."""
 
-from typing import Optional
+from typing import ClassVar, Optional
 
 import httpx
 
@@ -9,17 +8,17 @@ from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase, SSOLoginErr
 
 
 class GoogleSSO(SSOBase):
-    """Class providing login via Google OAuth"""
+    """Class providing login via Google OAuth."""
 
     discovery_url = "https://accounts.google.com/.well-known/openid-configuration"
     provider = "google"
-    scope = ["openid", "email", "profile"]
+    scope: ClassVar = ["openid", "email", "profile"]
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Google"""
+        """Return OpenID from user information provided by Google."""
         if response.get("email_verified"):
             return OpenID(
-                email=response.get("email", ""),
+                email=response.get("email"),
                 provider=self.provider,
                 id=response.get("sub"),
                 first_name=response.get("given_name"),
@@ -30,7 +29,7 @@ class GoogleSSO(SSOBase):
         raise SSOLoginError(401, f"User {response.get('email')} is not verified with Google")
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         async with httpx.AsyncClient() as session:
             response = await session.get(self.discovery_url)
             content = response.json()

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/kakao.py

@@ -1,6 +1,6 @@
-"""Kakao SSO Oauth Helper class"""
+"""Kakao SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,10 +9,10 @@ if TYPE_CHECKING:
 
 
 class KakaoSSO(SSOBase):
-    """Class providing login using Kakao OAuth"""
+    """Class providing login using Kakao OAuth."""
 
     provider = "kakao"
-    scope = ["openid"]
+    scop: ClassVar = ["openid"]
     version = "v2"
 
     async def get_discovery_document(self) -> DiscoveryDocument:

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/line.py

@@ -1,7 +1,6 @@
-"""Line SSO Login Helper
-"""
+"""Line SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -10,14 +9,14 @@ if TYPE_CHECKING:
 
 
 class LineSSO(SSOBase):
-    """Class providing login via Line OAuth"""
+    """Class providing login via Line OAuth."""
 
     provider = "line"
     base_url = "https://api.line.me/oauth2/v2.1"
-    scope = ["email", "profile", "openid"]
+    scope: ClassVar = ["email", "profile", "openid"]
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://access.line.me/oauth2/v2.1/authorize",
             "token_endpoint": f"{self.base_url}/token",
@@ -25,7 +24,7 @@ class LineSSO(SSOBase):
         }
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Line"""
+        """Return OpenID from user information provided by Line."""
         return OpenID(
             email=response.get("email"),
             first_name=None,

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/linkedin.py

@@ -1,6 +1,6 @@
-"""LinkedIn SSO Oauth Helper class"""
+"""LinkedIn SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Dict, Optional
+from typing import TYPE_CHECKING, ClassVar, Dict, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class LinkedInSSO(SSOBase):
-    """Class providing login via LinkedIn SSO"""
+    """Class providing login via LinkedIn SSO."""
 
     provider = "linkedin"
-    scope = ["openid", "profile", "email"]
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar = ["openid", "profile", "email"]
+    additional_headers: ClassVar = {"accept": "application/json"}
 
     @property
     def _extra_query_params(self) -> Dict:

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/microsoft.py

@@ -1,6 +1,6 @@
-"""Microsoft SSO Oauth Helper class"""
+"""Microsoft SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, List, Optional, Union
+from typing import TYPE_CHECKING, ClassVar, List, Optional, Union
 
 import pydantic
 
@@ -11,10 +11,10 @@ if TYPE_CHECKING:
 
 
 class MicrosoftSSO(SSOBase):
-    """Class providing login using Microsoft OAuth"""
+    """Class providing login using Microsoft OAuth."""
 
     provider = "microsoft"
-    scope = ["openid", "User.Read", "email"]
+    scope: ClassVar = ["openid", "User.Read", "email"]
     version = "v1.0"
     tenant: str = "common"
 

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/naver.py

@@ -1,6 +1,6 @@
-"""Naver SSO Oauth Helper class"""
+"""Naver SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, List, Optional
+from typing import TYPE_CHECKING, ClassVar, List, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class NaverSSO(SSOBase):
-    """Class providing login using Naver OAuth"""
+    """Class providing login using Naver OAuth."""
 
     provider = "naver"
-    scope: List[str] = []
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar[List[str]] = []
+    additional_headers: ClassVar = {"accept": "application/json"}
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         return {

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/notion.py

@@ -1,6 +1,6 @@
-"""Notion SSO Oauth Helper class"""
+"""Notion SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase, SSOLoginError
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class NotionSSO(SSOBase):
-    """Class providing login using Notion OAuth"""
+    """Class providing login using Notion OAuth."""
 
     provider = "notion"
-    scope = ["openid"]
-    additional_headers = {"Notion-Version": "2022-06-28"}
+    scope: ClassVar = ["openid"]
+    additional_headers: ClassVar = {"Notion-Version": "2022-06-28"}
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         return {

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/spotify.py

@@ -1,7 +1,6 @@
-"""Spotify SSO Login Helper
-"""
+"""Spotify SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -10,13 +9,13 @@ if TYPE_CHECKING:
 
 
 class SpotifySSO(SSOBase):
-    """Class providing login via Spotify OAuth"""
+    """Class providing login via Spotify OAuth."""
 
     provider = "spotify"
-    scope = ["user-read-private", "user-read-email"]
+    scope: ClassVar = ["user-read-private", "user-read-email"]
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://accounts.spotify.com/authorize",
             "token_endpoint": "https://accounts.spotify.com/api/token",
@@ -24,13 +23,10 @@ class SpotifySSO(SSOBase):
         }
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Spotify"""
-        if response.get("images", []):
-            picture = response["images"][0]["url"]
-        else:
-            picture = None
+        """Return OpenID from user information provided by Spotify."""
+        picture = response["images"][0]["url"] if response.get("images", []) else None
         return OpenID(
-            email=response.get("email", ""),
+            email=response.get("email"),
             display_name=response.get("display_name"),
             provider=self.provider,
             id=response.get("id"),

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/twitter.py

@@ -1,6 +1,6 @@
-"""Twitter (X) SSO Oauth Helper class"""
+"""Twitter (X) SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,10 +9,10 @@ if TYPE_CHECKING:
 
 
 class TwitterSSO(SSOBase):
-    """Class providing login via Twitter SSO"""
+    """Class providing login via Twitter SSO."""
 
     provider = "twitter"
-    scope = ["users.read", "tweet.read"]
+    scope: ClassVar = ["users.read", "tweet.read"]
     uses_pkce = True
     requires_state = True
 

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/sso/yandex.py

@@ -1,7 +1,6 @@
-"""Yandex SSO Login Helper
-"""
+"""Yandex SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -13,12 +12,11 @@ class YandexSSO(SSOBase):
     """Class providing login using Yandex OAuth."""
 
     provider = "yandex"
-    scope = ["login:email", "login:info", "login:avatar"]
+    scope: ClassVar = ["login:email", "login:info", "login:avatar"]
     avatar_url = "https://avatars.yandex.net/get-yapic"
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         """Override the discovery document method to return Yandex OAuth endpoints."""
-
         return {
             "authorization_endpoint": "https://oauth.yandex.ru/authorize",
             "token_endpoint": "https://oauth.yandex.ru/token",
@@ -27,7 +25,6 @@ class YandexSSO(SSOBase):
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
         """Converts Yandex user info response to OpenID object."""
-
         picture = None
 
         if (avatar_id := response.get("default_avatar_id")) is not None:

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/fastapi_sso/state.py

@@ -1,10 +1,10 @@
-"""Helper functions to generate state param"""
+"""Helper functions to generate state param."""
 
 import base64
 import os
 
 
 def generate_random_state(length: int = 64) -> str:
-    """Generate a url-safe string to use as a state"""
+    """Generate a url-safe string to use as a state."""
     bytes_length = int(length * 3 / 4)
     return base64.urlsafe_b64encode(os.urandom(bytes_length)).decode("utf-8")

{fastapi_sso-0.14.2 → fastapi_sso-0.15.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "fastapi-sso"
-version = "0.14.2"
+version = "0.15.0"
 description = "FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)"
 authors = ["Tomas Votava <info@tomasvotava.eu>"]
 readme = "README.md"
@@ -37,10 +37,46 @@ addopts = [
 [tool.black]
 line-length = 120
 
+[tool.ruff]
+target-version = "py38"
+line-length = 120
+
+[tool.ruff.lint]
+select = [
+    #"D",
+    "E",
+    "F",
+    "B",
+    "I",
+    "N",
+    "UP",
+    "S",
+    "A",
+    "DTZ",
+    "PT",
+    "SIM",
+    "PTH",
+    "PD",
+    "RUF",
+    "T20",
+]
+
+ignore = [
+    "B028", # allow warning without specifying `stacklevel`
+]
+
+[tool.ruff.lint.pydocstyle]
+convention = "google"
+
+[tool.ruff.lint.isort]
+known-first-party = ["fastapi_sso"]
+
+[tool.ruff.lint.per-file-ignores]
+"tests*/**/*.py" = ["S101"] # Allow asserts in tests
+"**/__init__.py" = ["D104"] # Allow missing docstrings in __init__ files
 
 [tool.poe.tasks]
-pylint = "pylint --disable fixme --rcfile .pylintrc fastapi_sso"
-todos = "pylint --disable all --enable fixme --rcfile .pylintrc fastapi_sso"
+ruff = "ruff check fastapi_sso"
 black = "black fastapi_sso"
 isort = "isort --settings-path .isort.cfg fastapi_sso"
 mypy = "mypy --config-file mypy.ini fastapi_sso"
@@ -48,7 +84,7 @@ black-check = "black --check fastapi_sso"
 isort-check = "isort --settings-path .isort.cfg --check-only fastapi_sso"
 
 format = ["black", "isort"]
-lint = ["pylint", "mypy", "black-check", "isort-check"]
+lint = ["ruff", "mypy", "black-check", "isort-check"]
 pre-commit = "pre-commit"
 
 test = "pytest"
@@ -61,17 +97,17 @@ black = ">=23.7.0"
 isort = "^5"
 markdown-include = "^0.8.1"
 mkdocs-material = { extras = ["imaging"], version = "^9.3.2" }
-mkdocstrings = { extras = ["python"], version = ">=0.23,<0.25" }
+mkdocstrings = { extras = ["python"], version = ">=0.23,<0.26" }
 mypy = "^1"
-poethepoet = ">=0.21.1,<0.26.0"
+poethepoet = ">=0.21.1,<0.27.0"
 pre-commit = "^3"
-pylint = ">=2,<4"
 pytest = ">=7,<9"
 pytest-asyncio = ">=0.21.1,<0.24.0"
 pytest-cov = ">=4,<6"
 pytest-xdist = "^3"
 tox = "^4"
 uvicorn = ">=0.23.1"
+ruff = "^0.4.2"
 
 [tool.poetry.dependencies]
 fastapi = ">=0.80"