[Authlib] Update to 1.7.1

Closes: #15649
Diff: authlib/authlib@v1.6.11...v1.7.1

Author: donbarbos

stubs/Authlib/METADATA.toml

@@ -1,3 +1,3 @@
-version = "1.6.11"
+version = "1.7.1"
 upstream-repository = "https://github.com/authlib/authlib"
 dependencies = ["cryptography"]

stubs/Authlib/authlib/deprecate.pyi

@@ -1,5 +1,3 @@
 class AuthlibDeprecationWarning(DeprecationWarning): ...
 
-def deprecate(
-    message: str, version: str | None = None, link_uid: str | None = None, link_file: str | None = None, stacklevel: int = 3
-) -> None: ...
+def deprecate(message: str, version: str | None = None, stacklevel: int = 3) -> None: ...

stubs/Authlib/authlib/integrations/base_client/async_openid.pyi

@@ -1,3 +1,4 @@
+from authlib.integrations.base_client.sync_openid import _LogoutData
 from authlib.oidc.core.claims import UserInfo
 
 __all__ = ["AsyncOpenIDMixin"]
@@ -6,3 +7,6 @@ class AsyncOpenIDMixin:
     async def fetch_jwk_set(self, force: bool = False): ...
     async def userinfo(self, **kwargs) -> UserInfo: ...
     async def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120) -> UserInfo: ...
+    async def create_logout_url(
+        self, post_logout_redirect_uri=None, id_token_hint=None, state=None, *, client_id=None, logout_hint=None, ui_locales=None
+    ) -> _LogoutData: ...

stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi

@@ -1,7 +1,17 @@
+from _typeshed import Incomplete
+from typing import TypedDict, type_check_only
+
 from authlib.oidc.core.claims import UserInfo
 
+@type_check_only
+class _LogoutData(TypedDict):
+    url: str
+    state: Incomplete
+
 class OpenIDMixin:
     def fetch_jwk_set(self, force: bool = False): ...
     def userinfo(self, **kwargs) -> UserInfo: ...
     def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120) -> UserInfo | None: ...
-    def create_load_key(self): ...
+    def create_logout_url(
+        self, post_logout_redirect_uri=None, id_token_hint=None, state=None, *, client_id=None, logout_hint=None, ui_locales=None
+    ) -> _LogoutData: ...

stubs/Authlib/authlib/integrations/django_client/apps.pyi

@@ -1,6 +1,11 @@
+from _typeshed import Incomplete
+from typing import TypeAlias
+
 from ..base_client import BaseApp, OAuth1Mixin, OAuth2Mixin, OpenIDMixin
 from ..requests_client import OAuth1Session, OAuth2Session
 
+_HttpResponseRedirect: TypeAlias = Incomplete  # actual type is django.http.response.HttpResponseRedirect
+
 class DjangoAppMixin:
     def save_authorize_data(self, request, **kwargs) -> None: ...
     def authorize_redirect(self, request, redirect_uri=None, **kwargs): ...
@@ -11,4 +16,16 @@ class DjangoOAuth1App(DjangoAppMixin, OAuth1Mixin, BaseApp):
 
 class DjangoOAuth2App(DjangoAppMixin, OAuth2Mixin, OpenIDMixin, BaseApp):
     client_cls = OAuth2Session
+    def logout_redirect(
+        self,
+        request,
+        post_logout_redirect_uri=None,
+        id_token_hint=None,
+        *,
+        state=None,
+        client_id=None,
+        logout_hint=None,
+        ui_locales=None,
+    ) -> _HttpResponseRedirect: ...
+    def validate_logout_response(self, request): ...
     def authorize_access_token(self, request, **kwargs): ...

stubs/Authlib/authlib/integrations/flask_client/apps.pyi

@@ -1,6 +1,11 @@
+from _typeshed import Incomplete
+from typing import TypeAlias
+
 from ..base_client import BaseApp, OAuth1Mixin, OAuth2Mixin, OpenIDMixin
 from ..requests_client import OAuth1Session, OAuth2Session
 
+_Response: TypeAlias = Incomplete  # actual type is werkzeug.wrappers.Response
+
 class FlaskAppMixin:
     @property
     def token(self): ...
@@ -15,4 +20,8 @@ class FlaskOAuth1App(FlaskAppMixin, OAuth1Mixin, BaseApp):
 
 class FlaskOAuth2App(FlaskAppMixin, OAuth2Mixin, OpenIDMixin, BaseApp):
     client_cls = OAuth2Session
+    def logout_redirect(
+        self, post_logout_redirect_uri=None, id_token_hint=None, *, state=None, client_id=None, logout_hint=None, ui_locales=None
+    ) -> _Response: ...
+    def validate_logout_response(self): ...
     def authorize_access_token(self, **kwargs): ...

stubs/Authlib/authlib/integrations/starlette_client/apps.pyi

@@ -1,16 +1,33 @@
+from _typeshed import Incomplete
+from typing import TypeAlias
+
 from ..base_client import BaseApp
 from ..base_client.async_app import AsyncOAuth1Mixin, AsyncOAuth2Mixin
 from ..base_client.async_openid import AsyncOpenIDMixin
 from ..httpx_client import AsyncOAuth1Client, AsyncOAuth2Client
 
+_RedirectResponse: TypeAlias = Incomplete  # actual type is starlette.responses.RedirectResponse
+
 class StarletteAppMixin:
     async def save_authorize_data(self, request, **kwargs) -> None: ...
-    async def authorize_redirect(self, request, redirect_uri=None, **kwargs): ...
+    async def authorize_redirect(self, request, redirect_uri=None, **kwargs) -> _RedirectResponse: ...
 
 class StarletteOAuth1App(StarletteAppMixin, AsyncOAuth1Mixin, BaseApp):
     client_cls = AsyncOAuth1Client
     async def authorize_access_token(self, request, **kwargs): ...
 
 class StarletteOAuth2App(StarletteAppMixin, AsyncOAuth2Mixin, AsyncOpenIDMixin, BaseApp):
     client_cls = AsyncOAuth2Client
+    async def logout_redirect(
+        self,
+        request,
+        post_logout_redirect_uri=None,
+        id_token_hint=None,
+        *,
+        state=None,
+        client_id=None,
+        logout_hint=None,
+        ui_locales=None,
+    ) -> _RedirectResponse: ...
+    async def validate_logout_response(self, request): ...
     async def authorize_access_token(self, request, **kwargs): ...

stubs/Authlib/authlib/jose/rfc7519/claims.pyi

@@ -12,11 +12,11 @@ class BaseClaims(dict[str, Any]):  # dict values are key-dependent
     def get_registered_claims(self) -> dict[str, Incomplete]: ...
 
 class JWTClaims(BaseClaims):
-    def validate(self, now=None, leeway: int = 0) -> None: ...
+    def validate(self, now: int | None = None, leeway: int = 0) -> None: ...
     def validate_iss(self) -> None: ...
     def validate_sub(self) -> None: ...
     def validate_aud(self) -> None: ...
-    def validate_exp(self, now, leeway) -> None: ...
-    def validate_nbf(self, now, leeway) -> None: ...
-    def validate_iat(self, now, leeway) -> None: ...
+    def validate_exp(self, now: int, leeway: int) -> None: ...
+    def validate_nbf(self, now: int, leeway: int) -> None: ...
+    def validate_iat(self, now: int, leeway: int) -> None: ...
     def validate_jti(self) -> None: ...

stubs/Authlib/authlib/oauth2/claims.pyi

@@ -0,0 +1,31 @@
+from _typeshed import Incomplete
+from collections.abc import Callable
+from typing import Any, TypedDict
+
+class ClaimsOption(TypedDict, total=False):
+    essential: bool
+    allow_blank: bool | None
+    value: str | int | bool
+    values: list[str | int | bool] | list[str] | list[int] | list[bool]
+    validate: Callable[[BaseClaims, Any], bool]
+
+class BaseClaims(dict[str, Incomplete]):
+    registry_cls: Incomplete
+    REGISTERED_CLAIMS: list[str]
+    header: dict[str, Any]
+    options: dict[str, ClaimsOption]
+    params: dict[str, Any]
+    def __init__(
+        self,
+        claims: dict[str, Any],
+        header: dict[str, Any],
+        options: dict[str, ClaimsOption] | None = None,
+        params: dict[str, Any] | None = None,
+    ) -> None: ...
+    def get_registered_claims(self) -> dict[str, Incomplete]: ...
+    def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ...
+
+class JWTClaims(BaseClaims):
+    registry_cls: Incomplete
+    REGISTERED_CLAIMS: list[str]
+    def validate(self, now: int | Callable[[], int] | None = None, leeway: int = 0) -> None: ...

stubs/Authlib/authlib/oauth2/rfc6749/__init__.pyi

@@ -1,5 +1,6 @@
 from .authenticate_client import ClientAuthentication as ClientAuthentication
 from .authorization_server import AuthorizationServer as AuthorizationServer
+from .endpoint import Endpoint, EndpointRequest
 from .errors import (
     AccessDeniedError as AccessDeniedError,
     InsecureTransportError as InsecureTransportError,
@@ -69,6 +70,8 @@ __all__ = [
     "AuthorizationServer",
     "ResourceProtector",
     "TokenValidator",
+    "Endpoint",
+    "EndpointRequest",
     "TokenEndpoint",
     "BaseGrant",
     "AuthorizationEndpointMixin",