fastapi-sso 0.14.2__tar.gz → 0.16.0__tar.gz

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fastapi-sso
-Version: 0.14.2
+Version: 0.16.0
 Summary: FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)
 Home-page: https://tomasvotava.github.io/fastapi-sso/
 License: MIT
@@ -15,10 +15,12 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Requires-Dist: fastapi (>=0.80)
 Requires-Dist: httpx (>=0.23.0)
 Requires-Dist: oauthlib (>=3.1.0)
 Requires-Dist: pydantic[email] (>=1.8.0)
+Requires-Dist: typing-extensions (>=4.12.2,<5.0.0) ; python_version < "3.10"
 Project-URL: Documentation, https://tomasvotava.github.io/fastapi-sso/
 Project-URL: Repository, https://github.com/tomasvotava/fastapi-sso
 Description-Content-Type: text/markdown
@@ -28,7 +30,7 @@ Description-Content-Type: text/markdown
 ![Supported Python Versions](https://img.shields.io/pypi/pyversions/fastapi-sso)
 [![Test coverage](https://codecov.io/gh/tomasvotava/fastapi-sso/graph/badge.svg?token=SIFCTVSSOS)](https://codecov.io/gh/tomasvotava/fastapi-sso)
 ![Tests Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/test.yml?label=tests)
-![Pylint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=pylint)
+![Lint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=ruff)
 ![Mypy Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=mypy)
 ![Black Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=black)
 ![CodeQL Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/codeql-analysis.yml?label=CodeQL)
@@ -46,14 +48,68 @@ backend very easily.
 
 **Source Code**: [https://github.com/tomasvotava/fastapi-sso](https://github.com/tomasvotava/fastapi-sso/)
 
-## Security warning
+## Demo site
 
-Please note that versions preceding `0.7.0` had a security vulnerability.
-The SSO instance could share state between requests, which could lead to security issues.
-**Please update to `0.7.0` or newer**.
+An awesome demo site was created and is maintained by even awesomer
+[Chris Karvouniaris (@chrisK824)](https://github.com/chrisK824). Chris has also posted multiple
+Medium articles about FastAPI and FastAPI SSO.
 
-Also, the preferred way of using the SSO instances is to use `with` statement, which will ensure the state is cleared.
-See example below.
+Be sure to see his tutorials, follow him and show him some appreciation!
+
+Please see his [announcement](https://github.com/tomasvotava/fastapi-sso/discussions/150) with all the links.
+
+Quick links for the eager ones:
+
+- [Demo site](https://fastapi-sso-example.vercel.app/)
+- [Medium articles](https://medium.com/@christos.karvouniaris247)
+
+## Security Notice
+
+### Version `0.16.0` Update: Race Condition Bug Fix & Context Manager Change
+
+A race condition bug in the login flow that could, in rare cases, allow one user
+to assume the identity of another due to concurrent login requests was recently discovered
+by [@parikls](https://github.com/parikls).
+This issue was reported in [#186](https://github.com/tomasvotava/fastapi-sso/issues/186) and has been resolved
+in version `0.16.0`.
+
+**Details of the Fix:**
+
+The bug was mitigated by introducing an async lock mechanism that ensures only one user can attempt the login
+process at any given time. This prevents race conditions that could lead to unintended user identity crossover.
+
+**Important Change:**
+
+To fully support this fix, **users must now use the SSO instance within an `async with`
+context manager**. This adjustment is necessary for proper handling of asynchronous operations.
+
+The synchronous `with` context manager is now deprecated and will produce a warning.
+It will be removed in future versions to ensure best practices for async handling.
+
+**Impact:**
+
+This bug could potentially affect deployments with high concurrency or scenarios where multiple users initiate
+login requests simultaneously. To prevent potential issues and deprecation warnings, **update to
+version `0.16.0` or later and modify your code to use the async with context**.
+
+Code Example Update:
+
+```python
+# Before (deprecated)
+with sso:
+    openid = await sso.verify_and_process(request)
+
+# After (recommended)
+async with sso:
+    openid = await sso.verify_and_process(request)
+```
+
+Thanks to both [@parikls](https://github.com/parikls) and the community for helping me identify and improve the
+security of `fastapi-sso`. If you encounter any issues or potential vulnerabilities, please report them
+immediately so they can be addressed.
+
+For more details, refer to Issue [#186](https://github.com/tomasvotava/fastapi-sso/issues/186)
+and PR [#189](https://github.com/tomasvotava/fastapi-sso/pull/189).
 
 ## Support this project
 
@@ -86,6 +142,7 @@ I tend to process Pull Requests faster when properly caffeinated 😉.
 - Line (by Jimmy Yeh) - [jimmyyyeh](https://github.com/jimmyyyeh)
 - LinkedIn (by Alessandro Pischedda) - [Cereal84](https://github.com/Cereal84)
 - Yandex (by Akim Faskhutdinov) – [akimrx](https://github.com/akimrx)
+- Seznam (by Tomas Koutek) - [TomasKoutek](https://github.com/TomasKoutek)
 
 See [Contributing](#contributing) for a guide on how to contribute your own login provider.
 

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/README.md

@@ -3,7 +3,7 @@
 ![Supported Python Versions](https://img.shields.io/pypi/pyversions/fastapi-sso)
 [![Test coverage](https://codecov.io/gh/tomasvotava/fastapi-sso/graph/badge.svg?token=SIFCTVSSOS)](https://codecov.io/gh/tomasvotava/fastapi-sso)
 ![Tests Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/test.yml?label=tests)
-![Pylint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=pylint)
+![Lint Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=ruff)
 ![Mypy Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=mypy)
 ![Black Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/lint.yml?label=black)
 ![CodeQL Workflow Status](https://img.shields.io/github/actions/workflow/status/tomasvotava/fastapi-sso/codeql-analysis.yml?label=CodeQL)
@@ -21,14 +21,68 @@ backend very easily.
 
 **Source Code**: [https://github.com/tomasvotava/fastapi-sso](https://github.com/tomasvotava/fastapi-sso/)
 
-## Security warning
+## Demo site
 
-Please note that versions preceding `0.7.0` had a security vulnerability.
-The SSO instance could share state between requests, which could lead to security issues.
-**Please update to `0.7.0` or newer**.
+An awesome demo site was created and is maintained by even awesomer
+[Chris Karvouniaris (@chrisK824)](https://github.com/chrisK824). Chris has also posted multiple
+Medium articles about FastAPI and FastAPI SSO.
 
-Also, the preferred way of using the SSO instances is to use `with` statement, which will ensure the state is cleared.
-See example below.
+Be sure to see his tutorials, follow him and show him some appreciation!
+
+Please see his [announcement](https://github.com/tomasvotava/fastapi-sso/discussions/150) with all the links.
+
+Quick links for the eager ones:
+
+- [Demo site](https://fastapi-sso-example.vercel.app/)
+- [Medium articles](https://medium.com/@christos.karvouniaris247)
+
+## Security Notice
+
+### Version `0.16.0` Update: Race Condition Bug Fix & Context Manager Change
+
+A race condition bug in the login flow that could, in rare cases, allow one user
+to assume the identity of another due to concurrent login requests was recently discovered
+by [@parikls](https://github.com/parikls).
+This issue was reported in [#186](https://github.com/tomasvotava/fastapi-sso/issues/186) and has been resolved
+in version `0.16.0`.
+
+**Details of the Fix:**
+
+The bug was mitigated by introducing an async lock mechanism that ensures only one user can attempt the login
+process at any given time. This prevents race conditions that could lead to unintended user identity crossover.
+
+**Important Change:**
+
+To fully support this fix, **users must now use the SSO instance within an `async with`
+context manager**. This adjustment is necessary for proper handling of asynchronous operations.
+
+The synchronous `with` context manager is now deprecated and will produce a warning.
+It will be removed in future versions to ensure best practices for async handling.
+
+**Impact:**
+
+This bug could potentially affect deployments with high concurrency or scenarios where multiple users initiate
+login requests simultaneously. To prevent potential issues and deprecation warnings, **update to
+version `0.16.0` or later and modify your code to use the async with context**.
+
+Code Example Update:
+
+```python
+# Before (deprecated)
+with sso:
+    openid = await sso.verify_and_process(request)
+
+# After (recommended)
+async with sso:
+    openid = await sso.verify_and_process(request)
+```
+
+Thanks to both [@parikls](https://github.com/parikls) and the community for helping me identify and improve the
+security of `fastapi-sso`. If you encounter any issues or potential vulnerabilities, please report them
+immediately so they can be addressed.
+
+For more details, refer to Issue [#186](https://github.com/tomasvotava/fastapi-sso/issues/186)
+and PR [#189](https://github.com/tomasvotava/fastapi-sso/pull/189).
 
 ## Support this project
 
@@ -61,6 +115,7 @@ I tend to process Pull Requests faster when properly caffeinated 😉.
 - Line (by Jimmy Yeh) - [jimmyyyeh](https://github.com/jimmyyyeh)
 - LinkedIn (by Alessandro Pischedda) - [Cereal84](https://github.com/Cereal84)
 - Yandex (by Akim Faskhutdinov) – [akimrx](https://github.com/akimrx)
+- Seznam (by Tomas Koutek) - [TomasKoutek](https://github.com/TomasKoutek)
 
 See [Contributing](#contributing) for a guide on how to contribute your own login provider.
 

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/__init__.py

@@ -1,4 +1,5 @@
-"""FastAPI plugin to enable SSO to most common providers
+"""FastAPI plugin to enable SSO to most common providers.
+
 (such as Facebook login, Google login and login via Microsoft Office 365 account)
 """
 
@@ -17,3 +18,23 @@ from .sso.naver import NaverSSO
 from .sso.notion import NotionSSO
 from .sso.spotify import SpotifySSO
 from .sso.twitter import TwitterSSO
+
+__all__ = [
+    "OpenID",
+    "SSOBase",
+    "SSOLoginError",
+    "FacebookSSO",
+    "FitbitSSO",
+    "create_provider",
+    "GithubSSO",
+    "GitlabSSO",
+    "GoogleSSO",
+    "KakaoSSO",
+    "LineSSO",
+    "LinkedInSSO",
+    "MicrosoftSSO",
+    "NaverSSO",
+    "NotionSSO",
+    "SpotifySSO",
+    "TwitterSSO",
+]

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/pkce.py

@@ -1,4 +1,4 @@
-"""PKCE-related helper functions"""
+"""PKCE-related helper functions."""
 
 import base64
 import hashlib
@@ -7,7 +7,7 @@ from typing import Tuple
 
 
 def get_code_verifier(length: int = 96) -> str:
-    """Get code verifier for PKCE challenge"""
+    """Get code verifier for PKCE challenge."""
     length = max(43, min(length, 128))
     bytes_length = int(length * 3 / 4)
     return base64.urlsafe_b64encode(os.urandom(bytes_length)).decode("utf-8").replace("=", "")[:length]

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/base.py

@@ -1,14 +1,13 @@
-"""SSO login base dependency
-"""
-
-# pylint: disable=too-few-public-methods
+"""SSO login base dependency."""
 
+import asyncio
 import json
+import logging
 import os
 import sys
 import warnings
 from types import TracebackType
-from typing import Any, Dict, List, Literal, Optional, Type, Union, overload
+from typing import Any, ClassVar, Dict, List, Literal, Optional, Type, TypedDict, TypeVar, Union, overload
 
 import httpx
 import pydantic
@@ -20,31 +19,44 @@ from starlette.responses import RedirectResponse
 from fastapi_sso.pkce import get_pkce_challenge_pair
 from fastapi_sso.state import generate_random_state
 
-if sys.version_info >= (3, 8):
-    from typing import TypedDict
+if sys.version_info < (3, 10):
+    from typing import Callable  # pragma: no cover
+
+    from typing_extensions import ParamSpec  # pragma: no cover
 else:
-    from typing_extensions import TypedDict  # pragma: no cover
+    from collections.abc import Callable
+    from typing import ParamSpec
+
+logger = logging.getLogger(__name__)
+
+T = TypeVar("T")
+P = ParamSpec("P")
+
+
+class DiscoveryDocument(TypedDict):
+    """Discovery document."""
 
-DiscoveryDocument = TypedDict(
-    "DiscoveryDocument", {"authorization_endpoint": str, "token_endpoint": str, "userinfo_endpoint": str}
-)
+    authorization_endpoint: str
+    token_endpoint: str
+    userinfo_endpoint: str
 
 
 class UnsetStateWarning(UserWarning):
-    """Warning about unset state parameter"""
+    """Warning about unset state parameter."""
 
 
 class ReusedOauthClientWarning(UserWarning):
-    """Warning about reused oauth client instance"""
+    """Warning about reused oauth client instance."""
 
 
 class SSOLoginError(HTTPException):
-    """Raised when any login-related error ocurrs
-    (such as when user is not verified or if there was an attempt for fake login)
+    """Raised when any login-related error ocurrs.
+
+    Such as when user is not verified or if there was an attempt for fake login.
     """
 
 
-class OpenID(pydantic.BaseModel):  # pylint: disable=no-member
+class OpenID(pydantic.BaseModel):
     """Class (schema) to represent information got from sso provider in a common form."""
 
     id: Optional[str] = None
@@ -56,16 +68,35 @@ class OpenID(pydantic.BaseModel):  # pylint: disable=no-member
     provider: Optional[str] = None
 
 
-# pylint: disable=too-many-instance-attributes
+class SecurityWarning(UserWarning):
+    """Raised when insecure usage is detected"""
+
+
+def requires_async_context(func: Callable[P, T]) -> Callable[P, T]:
+    def wrapper(*args: P.args, **kwargs: P.kwargs) -> T:
+        if not args or not isinstance(args[0], SSOBase):
+            return func(*args, **kwargs)
+        if not args[0]._in_stack:
+            warnings.warn(
+                "Please make sure you are using SSO provider in an async context (using 'async with provider:'). "
+                "See https://github.com/tomasvotava/fastapi-sso/issues/186 for more information.",
+                category=SecurityWarning,
+                stacklevel=1,
+            )
+        return func(*args, **kwargs)
+
+    return wrapper
+
+
 class SSOBase:
-    """Base class (mixin) for all SSO providers"""
+    """Base class for all SSO providers."""
 
     provider: str = NotImplemented
     client_id: str = NotImplemented
     client_secret: str = NotImplemented
     redirect_uri: Optional[Union[pydantic.AnyHttpUrl, str]] = NotImplemented
-    scope: List[str] = NotImplemented
-    additional_headers: Optional[Dict[str, Any]] = None
+    scope: ClassVar[List[str]] = []
+    additional_headers: ClassVar[Optional[Dict[str, Any]]] = None
     uses_pkce: bool = False
     requires_state: bool = False
 
@@ -80,15 +111,18 @@ class SSOBase:
         use_state: bool = False,
         scope: Optional[List[str]] = None,
     ):
-        # pylint: disable=too-many-arguments
+        """Base class (mixin) for all SSO providers."""
         self.client_id: str = client_id
         self.client_secret: str = client_secret
         self.redirect_uri: Optional[Union[pydantic.AnyHttpUrl, str]] = redirect_uri
         self.allow_insecure_http: bool = allow_insecure_http
+        self._login_lock = asyncio.Lock()
+        self._in_stack = False
         self._oauth_client: Optional[WebApplicationClient] = None
         self._generated_state: Optional[str] = None
 
         if self.allow_insecure_http:
+            logger.debug("Initializing %s with allow_insecure_http=True", self.__class__.__name__)
             os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
 
         # TODO: Remove use_state argument and attribute
@@ -100,7 +134,7 @@ class SSOBase:
                 ),
                 DeprecationWarning,
             )
-        self.scope = scope or self.scope
+        self._scope = scope or self.scope
         self._refresh_token: Optional[str] = None
         self._id_token: Optional[str] = None
         self._state: Optional[str] = None
@@ -110,8 +144,7 @@ class SSOBase:
 
     @property
     def state(self) -> Optional[str]:
-        """
-        Retrieves the state as it was returned from the server.
+        """Retrieves the state as it was returned from the server.
 
         Warning:
             This will emit a warning if the state is unset, implying either that
@@ -130,9 +163,9 @@ class SSOBase:
         return self._state
 
     @property
+    @requires_async_context
     def oauth_client(self) -> WebApplicationClient:
-        """
-        Retrieves the OAuth Client to aid in generating requests and parsing responses.
+        """Retrieves the OAuth Client to aid in generating requests and parsing responses.
 
         Raises:
             NotImplementedError: If the provider is not supported or `client_id` is not set.
@@ -147,9 +180,9 @@ class SSOBase:
         return self._oauth_client
 
     @property
+    @requires_async_context
     def access_token(self) -> Optional[str]:
-        """
-        Retrieves the access token from token endpoint.
+        """Retrieves the access token from token endpoint.
 
         Returns:
             Optional[str]: The access token if available.
@@ -157,9 +190,9 @@ class SSOBase:
         return self.oauth_client.access_token
 
     @property
+    @requires_async_context
     def refresh_token(self) -> Optional[str]:
-        """
-        Retrieves the refresh token if returned from provider.
+        """Retrieves the refresh token if returned from provider.
 
         Returns:
             Optional[str]: The refresh token if available.
@@ -167,9 +200,9 @@ class SSOBase:
         return self._refresh_token or self.oauth_client.refresh_token
 
     @property
+    @requires_async_context
     def id_token(self) -> Optional[str]:
-        """
-        Retrieves the id token if returned from provider.
+        """Retrieves the id token if returned from provider.
 
         Returns:
             Optional[str]: The id token if available.
@@ -177,8 +210,7 @@ class SSOBase:
         return self._id_token
 
     async def openid_from_response(self, response: dict, session: Optional[httpx.AsyncClient] = None) -> OpenID:
-        """
-        Converts a response from the provider's user info endpoint to an OpenID object.
+        """Converts a response from the provider's user info endpoint to an OpenID object.
 
         Args:
             response (dict): The response from the user info endpoint.
@@ -193,8 +225,7 @@ class SSOBase:
         raise NotImplementedError(f"Provider {self.provider} not supported")
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """
-        Retrieves the discovery document containing useful URLs.
+        """Retrieves the discovery document containing useful URLs.
 
         Raises:
             NotImplementedError: If the provider is not supported.
@@ -206,19 +237,19 @@ class SSOBase:
 
     @property
     async def authorization_endpoint(self) -> Optional[str]:
-        """Return `authorization_endpoint` from discovery document"""
+        """Return `authorization_endpoint` from discovery document."""
         discovery = await self.get_discovery_document()
         return discovery.get("authorization_endpoint")
 
     @property
     async def token_endpoint(self) -> Optional[str]:
-        """Return `token_endpoint` from discovery document"""
+        """Return `token_endpoint` from discovery document."""
         discovery = await self.get_discovery_document()
         return discovery.get("token_endpoint")
 
     @property
     async def userinfo_endpoint(self) -> Optional[str]:
-        """Return `userinfo_endpoint` from discovery document"""
+        """Return `userinfo_endpoint` from discovery document."""
         discovery = await self.get_discovery_document()
         return discovery.get("userinfo_endpoint")
 
@@ -229,8 +260,7 @@ class SSOBase:
         params: Optional[Dict[str, Any]] = None,
         state: Optional[str] = None,
     ) -> str:
-        """
-        Generates and returns the prepared login URL.
+        """Generates and returns the prepared login URL.
 
         Args:
             redirect_uri (Optional[str]): Overrides the `redirect_uri` specified on this instance.
@@ -263,7 +293,7 @@ class SSOBase:
             await self.authorization_endpoint,
             redirect_uri=redirect_uri,
             state=state,
-            scope=self.scope,
+            scope=self._scope,
             code_challenge=self._pkce_code_challenge,
             code_challenge_method=self._pkce_challenge_method,
             **params,
@@ -277,8 +307,7 @@ class SSOBase:
         params: Optional[Dict[str, Any]] = None,
         state: Optional[str] = None,
     ) -> RedirectResponse:
-        """
-        Constructs and returns a redirect response to the login page of OAuth SSO provider.
+        """Constructs and returns a redirect response to the login page of OAuth SSO provider.
 
         Args:
             redirect_uri (Optional[str]): Overrides the `redirect_uri` specified on this instance.
@@ -318,6 +347,7 @@ class SSOBase:
         convert_response: Literal[False],
     ) -> Optional[Dict[str, Any]]: ...
 
+    @requires_async_context
     async def verify_and_process(
         self,
         request: Request,
@@ -327,8 +357,7 @@ class SSOBase:
         redirect_uri: Optional[str] = None,
         convert_response: Union[Literal[True], Literal[False]] = True,
     ) -> Union[Optional[OpenID], Optional[Dict[str, Any]]]:
-        """
-        Processes the login given a FastAPI (Starlette) Request object. This should be used for the /callback path.
+        """Processes the login given a FastAPI (Starlette) Request object. This should be used for the /callback path.
 
         Args:
             request (Request): FastAPI or Starlette request object.
@@ -347,6 +376,12 @@ class SSOBase:
         headers = headers or {}
         code = request.query_params.get("code")
         if code is None:
+            logger.debug(
+                "Callback request:\n\tURI: %s\n\tHeaders: %s\n\tQuery params: %s",
+                request.url,
+                request.headers,
+                request.query_params,
+            )
             raise SSOLoginError(400, "'code' parameter was not found in callback request")
         self._state = request.query_params.get("state")
         pkce_code_verifier: Optional[str] = None
@@ -367,6 +402,12 @@ class SSOBase:
         )
 
     def __enter__(self) -> "SSOBase":
+        warnings.warn(
+            "SSO Providers are supposed to be used in async context, please change 'with provider' to "
+            "'async with provider'. See https://github.com/tomasvotava/fastapi-sso/issues/186 for more information.",
+            DeprecationWarning,
+            stacklevel=1,
+        )
         self._oauth_client = None
         self._refresh_token = None
         self._id_token = None
@@ -377,6 +418,28 @@ class SSOBase:
             self._pkce_code_verifier, self._pkce_code_challenge = get_pkce_challenge_pair(self._pkce_challenge_length)
         return self
 
+    async def __aenter__(self) -> "SSOBase":
+        await self._login_lock.acquire()
+        self._in_stack = True
+        self._oauth_client = None
+        self._refresh_token = None
+        self._id_token = None
+        self._state = None
+        if self.requires_state:
+            self._generated_state = generate_random_state()
+        if self.uses_pkce:
+            self._pkce_code_verifier, self._pkce_code_challenge = get_pkce_challenge_pair(self._pkce_challenge_length)
+        return self
+
+    async def __aexit__(
+        self,
+        _exc_type: Optional[Type[BaseException]],
+        _exc_val: Optional[BaseException],
+        _exc_tb: Optional[TracebackType],
+    ) -> None:
+        self._in_stack = False
+        self._login_lock.release()
+
     def __exit__(
         self,
         _exc_type: Optional[Type[BaseException]],
@@ -415,6 +478,7 @@ class SSOBase:
         convert_response: Literal[False],
     ) -> Optional[Dict[str, Any]]: ...
 
+    @requires_async_context
     async def process_login(
         self,
         code: str,
@@ -426,8 +490,7 @@ class SSOBase:
         pkce_code_verifier: Optional[str] = None,
         convert_response: Union[Literal[True], Literal[False]] = True,
     ) -> Union[Optional[OpenID], Optional[Dict[str, Any]]]:
-        """
-        Processes login from the callback endpoint to verify the user and request user info endpoint.
+        """Processes login from the callback endpoint to verify the user and request user info endpoint.
         It's a lower-level method, typically, you should use `verify_and_process` instead.
 
         Args:
@@ -446,7 +509,6 @@ class SSOBase:
             Optional[OpenID]: User information in OpenID format if the login was successful (convert_response == True).
             Optional[Dict[str, Any]]: Original userinfo API endpoint response.
         """
-        # pylint: disable=too-many-locals
         if self._oauth_client is not None:  # pragma: no cover
             self._oauth_client = None
             self._refresh_token = None

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/facebook.py

@@ -1,7 +1,6 @@
-"""Facebook SSO Login Helper
-"""
+"""Facebook SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -10,14 +9,14 @@ if TYPE_CHECKING:
 
 
 class FacebookSSO(SSOBase):
-    """Class providing login via Facebook OAuth"""
+    """Class providing login via Facebook OAuth."""
 
     provider = "facebook"
-    base_url = "https://graph.facebook.com/v9.0"
-    scope = ["email"]
+    base_url = "https://graph.facebook.com/v19.0"
+    scope: ClassVar = ["email"]
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://www.facebook.com/v9.0/dialog/oauth",
             "token_endpoint": f"{self.base_url}/oauth/access_token",
@@ -25,9 +24,10 @@ class FacebookSSO(SSOBase):
         }
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Facebook"""
+        """Return OpenID from user information provided by Facebook."""
+
         return OpenID(
-            email=response.get("email", ""),
+            email=response.get("email"),
             first_name=response.get("first_name"),
             last_name=response.get("last_name"),
             display_name=response.get("name"),

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/fitbit.py

@@ -1,7 +1,6 @@
-"""Fitbit OAuth Login Helper
-"""
+"""Fitbit OAuth Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase, SSOLoginError
 
@@ -10,13 +9,13 @@ if TYPE_CHECKING:
 
 
 class FitbitSSO(SSOBase):
-    """Class providing login via Fitbit OAuth"""
+    """Class providing login via Fitbit OAuth."""
 
     provider = "fitbit"
-    scope = ["profile"]
+    scope: ClassVar = ["profile"]
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Google"""
+        """Return OpenID from user information provided by Google."""
         info = response.get("user")
         if not info:
             raise SSOLoginError(401, "Failed to process login via Fitbit")
@@ -29,7 +28,7 @@ class FitbitSSO(SSOBase):
         )
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://www.fitbit.com/oauth2/authorize?response_type=code",
             "token_endpoint": "https://api.fitbit.com/oauth2/token",

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/generic.py

@@ -1,5 +1,5 @@
 """A generic OAuth client that can be used to quickly create support for any OAuth provider
-with close to no code
+with close to no code.
 """
 
 import logging
@@ -24,7 +24,6 @@ def create_provider(
     Returns a class.
 
     Args:
-
         name: Name of the provider
         default_scope: default list of scopes (can be overriden in constructor)
         discovery_document: a dictionary containing discovery document or a callable returning it
@@ -53,13 +52,13 @@ def create_provider(
     """
 
     class GenericSSOProvider(SSOBase):
-        """SSO Provider Template"""
+        """SSO Provider Template."""
 
         provider = name
         scope = default_scope or ["openid"]
 
         async def get_discovery_document(self) -> DiscoveryDocument:
-            """Get document containing handy urls"""
+            """Get document containing handy urls."""
             if callable(discovery_document):
                 return discovery_document(self)
             return discovery_document

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/github.py

@@ -1,6 +1,6 @@
-"""Github SSO Oauth Helper class"""
+"""Github SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class GithubSSO(SSOBase):
-    """Class providing login via Github SSO"""
+    """Class providing login via Github SSO."""
 
     provider = "github"
-    scope = ["user:email"]
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar = ["user:email"]
+    additional_headers: ClassVar = {"accept": "application/json"}
     emails_endpoint = "https://api.github.com/user/emails"
 
     async def get_discovery_document(self) -> DiscoveryDocument:
@@ -25,7 +25,8 @@ class GithubSSO(SSOBase):
 
     async def _get_primary_email(self, session: Optional["httpx.AsyncClient"] = None) -> Optional[str]:
         """Attempt to get primary email from Github for a current user.
-        The session received must be authenticated."""
+        The session received must be authenticated.
+        """
         if not session:
             return None
         response = await session.get(self.emails_endpoint)

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/gitlab.py

@@ -1,6 +1,6 @@
-"""Gitlab SSO Oauth Helper class"""
+"""Gitlab SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, List, Optional, Tuple, Union
+from typing import TYPE_CHECKING, ClassVar, List, Optional, Tuple, Union
 from urllib.parse import urljoin
 
 import pydantic
@@ -12,11 +12,11 @@ if TYPE_CHECKING:
 
 
 class GitlabSSO(SSOBase):
-    """Class providing login via Gitlab SSO"""
+    """Class providing login via Gitlab SSO."""
 
     provider = "gitlab"
-    scope = ["read_user", "openid", "profile"]
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar = ["read_user", "openid", "profile"]
+    additional_headers: ClassVar = {"accept": "application/json"}
     base_endpoint_url = "https://gitlab.com"
 
     def __init__(
@@ -41,7 +41,6 @@ class GitlabSSO(SSOBase):
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         """Override the discovery document method to return Yandex OAuth endpoints."""
-
         return {
             "authorization_endpoint": urljoin(self.base_endpoint_url, "/oauth/authorize"),
             "token_endpoint": urljoin(self.base_endpoint_url, "/oauth/token"),

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/google.py

@@ -1,7 +1,6 @@
-"""Google SSO Login Helper
-"""
+"""Google SSO Login Helper."""
 
-from typing import Optional
+from typing import ClassVar, Optional
 
 import httpx
 
@@ -9,17 +8,17 @@ from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase, SSOLoginErr
 
 
 class GoogleSSO(SSOBase):
-    """Class providing login via Google OAuth"""
+    """Class providing login via Google OAuth."""
 
     discovery_url = "https://accounts.google.com/.well-known/openid-configuration"
     provider = "google"
-    scope = ["openid", "email", "profile"]
+    scope: ClassVar = ["openid", "email", "profile"]
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Google"""
+        """Return OpenID from user information provided by Google."""
         if response.get("email_verified"):
             return OpenID(
-                email=response.get("email", ""),
+                email=response.get("email"),
                 provider=self.provider,
                 id=response.get("sub"),
                 first_name=response.get("given_name"),
@@ -30,7 +29,7 @@ class GoogleSSO(SSOBase):
         raise SSOLoginError(401, f"User {response.get('email')} is not verified with Google")
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         async with httpx.AsyncClient() as session:
             response = await session.get(self.discovery_url)
             content = response.json()

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/kakao.py

@@ -1,6 +1,6 @@
-"""Kakao SSO Oauth Helper class"""
+"""Kakao SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,10 +9,10 @@ if TYPE_CHECKING:
 
 
 class KakaoSSO(SSOBase):
-    """Class providing login using Kakao OAuth"""
+    """Class providing login using Kakao OAuth."""
 
     provider = "kakao"
-    scope = ["openid"]
+    scop: ClassVar = ["openid"]
     version = "v2"
 
     async def get_discovery_document(self) -> DiscoveryDocument:

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/line.py

@@ -1,7 +1,6 @@
-"""Line SSO Login Helper
-"""
+"""Line SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -10,14 +9,14 @@ if TYPE_CHECKING:
 
 
 class LineSSO(SSOBase):
-    """Class providing login via Line OAuth"""
+    """Class providing login via Line OAuth."""
 
     provider = "line"
     base_url = "https://api.line.me/oauth2/v2.1"
-    scope = ["email", "profile", "openid"]
+    scope: ClassVar = ["email", "profile", "openid"]
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://access.line.me/oauth2/v2.1/authorize",
             "token_endpoint": f"{self.base_url}/token",
@@ -25,7 +24,7 @@ class LineSSO(SSOBase):
         }
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Line"""
+        """Return OpenID from user information provided by Line."""
         return OpenID(
             email=response.get("email"),
             first_name=None,

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/linkedin.py

@@ -1,6 +1,6 @@
-"""LinkedIn SSO Oauth Helper class"""
+"""LinkedIn SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Dict, Optional
+from typing import TYPE_CHECKING, ClassVar, Dict, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class LinkedInSSO(SSOBase):
-    """Class providing login via LinkedIn SSO"""
+    """Class providing login via LinkedIn SSO."""
 
     provider = "linkedin"
-    scope = ["openid", "profile", "email"]
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar = ["openid", "profile", "email"]
+    additional_headers: ClassVar = {"accept": "application/json"}
 
     @property
     def _extra_query_params(self) -> Dict:

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/microsoft.py

@@ -1,6 +1,6 @@
-"""Microsoft SSO Oauth Helper class"""
+"""Microsoft SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, List, Optional, Union
+from typing import TYPE_CHECKING, ClassVar, List, Optional, Union
 
 import pydantic
 
@@ -11,10 +11,10 @@ if TYPE_CHECKING:
 
 
 class MicrosoftSSO(SSOBase):
-    """Class providing login using Microsoft OAuth"""
+    """Class providing login using Microsoft OAuth."""
 
     provider = "microsoft"
-    scope = ["openid", "User.Read", "email"]
+    scope: ClassVar = ["openid", "User.Read", "email"]
     version = "v1.0"
     tenant: str = "common"
 

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/naver.py

@@ -1,6 +1,6 @@
-"""Naver SSO Oauth Helper class"""
+"""Naver SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, List, Optional
+from typing import TYPE_CHECKING, ClassVar, List, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class NaverSSO(SSOBase):
-    """Class providing login using Naver OAuth"""
+    """Class providing login using Naver OAuth."""
 
     provider = "naver"
-    scope: List[str] = []
-    additional_headers = {"accept": "application/json"}
+    scope: ClassVar[List[str]] = []
+    additional_headers: ClassVar = {"accept": "application/json"}
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         return {

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/notion.py

@@ -1,6 +1,6 @@
-"""Notion SSO Oauth Helper class"""
+"""Notion SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase, SSOLoginError
 
@@ -9,11 +9,11 @@ if TYPE_CHECKING:
 
 
 class NotionSSO(SSOBase):
-    """Class providing login using Notion OAuth"""
+    """Class providing login using Notion OAuth."""
 
     provider = "notion"
-    scope = ["openid"]
-    additional_headers = {"Notion-Version": "2022-06-28"}
+    scope: ClassVar = ["openid"]
+    additional_headers: ClassVar = {"Notion-Version": "2022-06-28"}
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         return {

fastapi_sso-0.16.0/fastapi_sso/sso/seznam.py

@@ -0,0 +1,39 @@
+"""Seznam SSO Login Helper."""
+
+from typing import TYPE_CHECKING, ClassVar, Optional
+
+from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
+
+if TYPE_CHECKING:
+    import httpx  # pragma: no cover
+
+
+# https://vyvojari.seznam.cz/oauth/doc
+
+
+class SeznamSSO(SSOBase):
+    """Class providing login via Seznam OAuth."""
+
+    provider = "seznam"
+    base_url = "https://login.szn.cz/api/v1"
+    scope: ClassVar = ["identity", "avatar"]  # + ["contact-phone", "adulthood", "birthday", "gender"]
+
+    async def get_discovery_document(self) -> DiscoveryDocument:
+        """Get document containing handy urls."""
+        return {
+            "authorization_endpoint": f"{self.base_url}/oauth/auth",
+            "token_endpoint": f"{self.base_url}/oauth/token",
+            "userinfo_endpoint": f"{self.base_url}/user",
+        }
+
+    async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
+        """Return OpenID from user information provided by Seznam."""
+        return OpenID(
+            email=response.get("email"),
+            first_name=response.get("firstname"),
+            last_name=response.get("lastname"),
+            display_name=response.get("accountDisplayName"),
+            provider=self.provider,
+            id=response.get("oauth_user_id"),
+            picture=response.get("avatar_url"),
+        )

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/spotify.py

@@ -1,7 +1,6 @@
-"""Spotify SSO Login Helper
-"""
+"""Spotify SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -10,13 +9,13 @@ if TYPE_CHECKING:
 
 
 class SpotifySSO(SSOBase):
-    """Class providing login via Spotify OAuth"""
+    """Class providing login via Spotify OAuth."""
 
     provider = "spotify"
-    scope = ["user-read-private", "user-read-email"]
+    scope: ClassVar = ["user-read-private", "user-read-email"]
 
     async def get_discovery_document(self) -> DiscoveryDocument:
-        """Get document containing handy urls"""
+        """Get document containing handy urls."""
         return {
             "authorization_endpoint": "https://accounts.spotify.com/authorize",
             "token_endpoint": "https://accounts.spotify.com/api/token",
@@ -24,13 +23,10 @@ class SpotifySSO(SSOBase):
         }
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
-        """Return OpenID from user information provided by Spotify"""
-        if response.get("images", []):
-            picture = response["images"][0]["url"]
-        else:
-            picture = None
+        """Return OpenID from user information provided by Spotify."""
+        picture = response["images"][0]["url"] if response.get("images", []) else None
         return OpenID(
-            email=response.get("email", ""),
+            email=response.get("email"),
             display_name=response.get("display_name"),
             provider=self.provider,
             id=response.get("id"),

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/twitter.py

@@ -1,6 +1,6 @@
-"""Twitter (X) SSO Oauth Helper class"""
+"""Twitter (X) SSO Oauth Helper class."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -9,10 +9,10 @@ if TYPE_CHECKING:
 
 
 class TwitterSSO(SSOBase):
-    """Class providing login via Twitter SSO"""
+    """Class providing login via Twitter SSO."""
 
     provider = "twitter"
-    scope = ["users.read", "tweet.read"]
+    scope: ClassVar = ["users.read", "tweet.read"]
     uses_pkce = True
     requires_state = True
 

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/sso/yandex.py

@@ -1,7 +1,6 @@
-"""Yandex SSO Login Helper
-"""
+"""Yandex SSO Login Helper."""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar, Optional
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -13,12 +12,11 @@ class YandexSSO(SSOBase):
     """Class providing login using Yandex OAuth."""
 
     provider = "yandex"
-    scope = ["login:email", "login:info", "login:avatar"]
+    scope: ClassVar = ["login:email", "login:info", "login:avatar"]
     avatar_url = "https://avatars.yandex.net/get-yapic"
 
     async def get_discovery_document(self) -> DiscoveryDocument:
         """Override the discovery document method to return Yandex OAuth endpoints."""
-
         return {
             "authorization_endpoint": "https://oauth.yandex.ru/authorize",
             "token_endpoint": "https://oauth.yandex.ru/token",
@@ -27,7 +25,6 @@ class YandexSSO(SSOBase):
 
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
         """Converts Yandex user info response to OpenID object."""
-
         picture = None
 
         if (avatar_id := response.get("default_avatar_id")) is not None:

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/fastapi_sso/state.py

@@ -1,10 +1,10 @@
-"""Helper functions to generate state param"""
+"""Helper functions to generate state param."""
 
 import base64
 import os
 
 
 def generate_random_state(length: int = 64) -> str:
-    """Generate a url-safe string to use as a state"""
+    """Generate a url-safe string to use as a state."""
     bytes_length = int(length * 3 / 4)
     return base64.urlsafe_b64encode(os.urandom(bytes_length)).decode("utf-8")

{fastapi_sso-0.14.2 → fastapi_sso-0.16.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "fastapi-sso"
-version = "0.14.2"
+version = "0.16.0"
 description = "FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)"
 authors = ["Tomas Votava <info@tomasvotava.eu>"]
 readme = "README.md"
@@ -29,18 +29,52 @@ addopts = [
     "--cov-report=xml:coverage.xml",
     "--cov-report=json:coverage.json",
     "--cov-report=term-missing",
-    "-n",
-    "auto",
 ]
 
 
 [tool.black]
 line-length = 120
 
+[tool.ruff]
+target-version = "py38"
+line-length = 120
+
+[tool.ruff.lint]
+select = [
+    #"D",
+    "E",
+    "F",
+    "B",
+    "I",
+    "N",
+    "UP",
+    "S",
+    "A",
+    "DTZ",
+    "PT",
+    "SIM",
+    "PTH",
+    "PD",
+    "RUF",
+    "T20",
+]
+
+ignore = [
+    "B028", # allow warning without specifying `stacklevel`
+]
+
+[tool.ruff.lint.pydocstyle]
+convention = "google"
+
+[tool.ruff.lint.isort]
+known-first-party = ["fastapi_sso"]
+
+[tool.ruff.lint.per-file-ignores]
+"tests*/**/*.py" = ["S101"] # Allow asserts in tests
+"**/__init__.py" = ["D104"] # Allow missing docstrings in __init__ files
 
 [tool.poe.tasks]
-pylint = "pylint --disable fixme --rcfile .pylintrc fastapi_sso"
-todos = "pylint --disable all --enable fixme --rcfile .pylintrc fastapi_sso"
+ruff = "ruff check fastapi_sso"
 black = "black fastapi_sso"
 isort = "isort --settings-path .isort.cfg fastapi_sso"
 mypy = "mypy --config-file mypy.ini fastapi_sso"
@@ -48,7 +82,7 @@ black-check = "black --check fastapi_sso"
 isort-check = "isort --settings-path .isort.cfg --check-only fastapi_sso"
 
 format = ["black", "isort"]
-lint = ["pylint", "mypy", "black-check", "isort-check"]
+lint = ["ruff", "mypy", "black-check", "isort-check"]
 pre-commit = "pre-commit"
 
 test = "pytest"
@@ -61,17 +95,15 @@ black = ">=23.7.0"
 isort = "^5"
 markdown-include = "^0.8.1"
 mkdocs-material = { extras = ["imaging"], version = "^9.3.2" }
-mkdocstrings = { extras = ["python"], version = ">=0.23,<0.25" }
+mkdocstrings = { extras = ["python"], version = ">=0.23,<0.27" }
 mypy = "^1"
-poethepoet = ">=0.21.1,<0.26.0"
+poethepoet = ">=0.21.1,<0.30.0"
 pre-commit = "^3"
-pylint = ">=2,<4"
 pytest = ">=7,<9"
-pytest-asyncio = ">=0.21.1,<0.24.0"
+pytest-asyncio = "^0.24"
 pytest-cov = ">=4,<6"
-pytest-xdist = "^3"
-tox = "^4"
 uvicorn = ">=0.23.1"
+ruff = ">=0.4.2,<0.8.0"
 
 [tool.poetry.dependencies]
 fastapi = ">=0.80"
@@ -79,6 +111,7 @@ httpx = ">=0.23.0"
 oauthlib = ">=3.1.0"
 pydantic = { extras = ["email"], version = ">=1.8.0" }
 python = ">=3.8,<4.0"
+typing-extensions = { version = "^4.12.2", python = "<3.10" }
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]