[Authlib] Annotate more (#15203)

Author: donbarbos

stubs/Authlib/@tests/stubtest_allowlist.txt

@@ -10,6 +10,9 @@ authlib.jose.rfc7518.AESAlgorithm.description
 authlib.jose.rfc7518.AESAlgorithm.name
 authlib.jose.rfc7518.ECDHESAlgorithm.description
 authlib.jose.rfc7518.ECDHESAlgorithm.name
+authlib.jose.rfc7518.CBCHS2EncAlgorithm.CEK_SIZE
+authlib.jose.rfc7518.CBCHS2EncAlgorithm.description
+authlib.jose.rfc7518.CBCHS2EncAlgorithm.name
 authlib.jose.rfc7518.jwe_algs.AESAlgorithm.description
 authlib.jose.rfc7518.jwe_algs.AESAlgorithm.name
 authlib.jose.rfc7518.jwe_algs.AESGCMAlgorithm.description
@@ -18,6 +21,20 @@ authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.description
 authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.name
 authlib.jose.rfc7518.jwe_algs.RSAAlgorithm.description
 authlib.jose.rfc7518.jwe_algs.RSAAlgorithm.name
+authlib.jose.rfc7518.jwe_encs.CBCHS2EncAlgorithm.CEK_SIZE
+authlib.jose.rfc7518.jwe_encs.CBCHS2EncAlgorithm.description
+authlib.jose.rfc7518.jwe_encs.CBCHS2EncAlgorithm.name
+authlib.jose.rfc7518.jwe_encs.GCMEncAlgorithm.CEK_SIZE
+authlib.jose.rfc7518.jwe_encs.GCMEncAlgorithm.description
+authlib.jose.rfc7518.jwe_encs.GCMEncAlgorithm.name
+authlib.jose.rfc7518.jws_algs.ECAlgorithm.description
+authlib.jose.rfc7518.jws_algs.ECAlgorithm.name
+authlib.jose.rfc7518.jws_algs.HMACAlgorithm.description
+authlib.jose.rfc7518.jws_algs.HMACAlgorithm.name
+authlib.jose.rfc7518.jws_algs.RSAAlgorithm.description
+authlib.jose.rfc7518.jws_algs.RSAAlgorithm.name
+authlib.jose.rfc7518.jws_algs.RSAPSSAlgorithm.description
+authlib.jose.rfc7518.jws_algs.RSAPSSAlgorithm.name
 
 # Methods whose *args and **kwargs arguments are added dynamically due to the @hooked decorator:
 authlib.oauth2.rfc6749.AuthorizationCodeGrant.create_token_response

stubs/Authlib/authlib/common/urls.pyi

@@ -11,7 +11,7 @@ _ExplodedQueryString: TypeAlias = list[tuple[str, str]]
 def url_encode(params: _ExplodedQueryString) -> str: ...
 def url_decode(query: str) -> _ExplodedQueryString: ...
 def add_params_to_qs(query: str, params: _ExplodedQueryString) -> str: ...
-def add_params_to_uri(uri: str, params: _ExplodedQueryString, fragment: bool = False): ...
+def add_params_to_uri(uri: str, params: _ExplodedQueryString, fragment: bool = False) -> str: ...
 def quote(s: str, safe: bytes = b"/") -> str: ...
 def unquote(s: str | bytes) -> str: ...
 def quote_url(s: str) -> str: ...

stubs/Authlib/authlib/integrations/requests_client/oauth2_session.pyi

@@ -21,7 +21,7 @@ class OAuth2Session(OAuth2Client):
     client_auth_class = OAuth2ClientAuth
     token_auth_class = OAuth2Auth
     oauth_error_class = OAuthError  # type: ignore[assignment]
-    SESSION_REQUEST_PARAMS: tuple[str, ...]
+    SESSION_REQUEST_PARAMS: tuple[str, ...]  # type: ignore[assignment]
     default_timeout: Incomplete
     def __init__(
         self,

stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi

@@ -3,16 +3,18 @@ from collections.abc import Iterable
 from typing import ClassVar, Final
 
 from authlib.jose.rfc7516 import JWEAlgorithmWithTagAwareKeyAgreement
+from authlib.jose.rfc7518 import AESAlgorithm, ECKey
+from authlib.jose.rfc8037 import OKPKey
 
 class ECDH1PUAlgorithm(JWEAlgorithmWithTagAwareKeyAgreement):
     EXTRA_HEADERS: ClassVar[Iterable[str]]
-    ALLOWED_KEY_CLS: Incomplete
+    ALLOWED_KEY_CLS: tuple[type, ...]
     name: str
     description: str
     key_size: Incomplete
-    aeskw: Incomplete
+    aeskw: AESAlgorithm
     def __init__(self, key_size=None) -> None: ...
-    def prepare_key(self, raw_data): ...
+    def prepare_key(self, raw_data) -> ECKey | OKPKey: ...
     def generate_preset(self, enc_alg, key) -> dict[str, Incomplete]: ...
     def compute_shared_key(self, shared_key_e, shared_key_s): ...
     def compute_fixed_info(self, headers, bit_size, tag) -> bytes: ...
@@ -22,7 +24,7 @@ class ECDH1PUAlgorithm(JWEAlgorithmWithTagAwareKeyAgreement):
         self, recipient_key, sender_static_pubkey, sender_ephemeral_pubkey, headers, bit_size, tag
     ) -> bytes: ...
     def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset=None) -> dict[str, Incomplete]: ...
-    def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag): ...
+    def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag) -> dict[str, Incomplete]: ...
     def wrap(self, enc_alg, headers, key, sender_key, preset=None) -> dict[str, Incomplete]: ...
     def unwrap(self, enc_alg, ek, headers, key, sender_key, tag=None) -> bytes: ...
 

stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptodome.pyi

@@ -9,5 +9,5 @@ class XC20PEncAlgorithm(JWEEncAlgorithm):
     key_size: Incomplete
     CEK_SIZE: Incomplete
     def __init__(self, key_size) -> None: ...
-    def encrypt(self, msg, aad, iv, key): ...
-    def decrypt(self, ciphertext, aad, iv, tag, key): ...
+    def encrypt(self, msg, aad, iv, key) -> tuple[bytes, bytes]: ...
+    def decrypt(self, ciphertext, aad, iv, tag, key) -> bytes: ...

stubs/Authlib/authlib/jose/rfc7515/jws.pyi

@@ -1,17 +1,21 @@
-from _typeshed import Incomplete
+from _typeshed import Incomplete, ReadableBuffer
+from collections.abc import Iterable
+from typing import SupportsBytes, SupportsIndex
 
-from .models import JWSObject
+from .models import JWSAlgorithm, JWSObject
 
 class JsonWebSignature:
     REGISTERED_HEADER_PARAMETER_NAMES: frozenset[str]
     MAX_CONTENT_LENGTH: int
-    ALGORITHMS_REGISTRY: dict[str, Incomplete]
+    ALGORITHMS_REGISTRY: dict[str, JWSAlgorithm]
     def __init__(self, algorithms=None, private_headers=None) -> None: ...
     @classmethod
-    def register_algorithm(cls, algorithm) -> None: ...
+    def register_algorithm(cls, algorithm: JWSAlgorithm) -> None: ...
     def serialize_compact(self, protected, payload, key) -> bytes: ...
-    def deserialize_compact(self, s, key, decode=None) -> JWSObject: ...
-    def serialize_json(self, header_obj, payload, key): ...
+    def deserialize_compact(
+        self, s: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer, key, decode=None
+    ) -> JWSObject: ...
+    def serialize_json(self, header_obj, payload, key) -> dict[str, Incomplete]: ...
     def deserialize_json(self, obj, key, decode=None) -> JWSObject: ...
-    def serialize(self, header, payload, key): ...
+    def serialize(self, header, payload, key) -> dict[str, Incomplete] | bytes: ...
     def deserialize(self, s, key, decode=None) -> JWSObject: ...

stubs/Authlib/authlib/jose/rfc7515/models.pyi

@@ -2,8 +2,8 @@ from _typeshed import Incomplete
 from typing_extensions import Self
 
 class JWSAlgorithm:
-    name: Incomplete
-    description: Incomplete
+    name: str | None
+    description: str | None
     algorithm_type: str
     algorithm_location: str
     def prepare_key(self, raw_data): ...
@@ -20,7 +20,7 @@ class JWSHeader(dict[str, object]):
 class JWSObject(dict[str, object]):
     header: Incomplete
     payload: Incomplete
-    type: Incomplete
+    type: str
     def __init__(self, header, payload, type: str = "compact") -> None: ...
     @property
     def headers(self): ...

stubs/Authlib/authlib/jose/rfc7516/jwe.pyi

@@ -1,24 +1,34 @@
-from _typeshed import Incomplete
+from _typeshed import Incomplete, ReadableBuffer
 from collections import OrderedDict
+from collections.abc import Iterable
+from typing import SupportsBytes, SupportsIndex
+
+from .models import JWEAlgorithmBase, JWEEncAlgorithm, JWEZipAlgorithm
 
 class JsonWebEncryption:
     REGISTERED_HEADER_PARAMETER_NAMES: frozenset[str]
-    ALG_REGISTRY: dict[Incomplete, Incomplete]
-    ENC_REGISTRY: dict[Incomplete, Incomplete]
-    ZIP_REGISTRY: dict[Incomplete, Incomplete]
+    ALG_REGISTRY: dict[str, JWEAlgorithmBase]
+    ENC_REGISTRY: dict[str, JWEEncAlgorithm]
+    ZIP_REGISTRY: dict[str, JWEZipAlgorithm]
     def __init__(self, algorithms=None, private_headers=None) -> None: ...
     @classmethod
-    def register_algorithm(cls, algorithm) -> None: ...
+    def register_algorithm(cls, algorithm: JWEAlgorithmBase | JWEEncAlgorithm | JWEZipAlgorithm) -> None: ...
     def serialize_compact(self, protected, payload, key, sender_key=None) -> bytes: ...
     def serialize_json(self, header_obj, payload, keys, sender_key=None) -> OrderedDict[Incomplete, Incomplete]: ...
-    def serialize(self, header, payload, key, sender_key=None): ...
-    def deserialize_compact(self, s, key, decode=None, sender_key=None): ...
+    def serialize(self, header, payload, key, sender_key=None) -> OrderedDict[Incomplete, Incomplete] | bytes: ...
+    def deserialize_compact(
+        self,
+        s: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer,
+        key,
+        decode=None,
+        sender_key=None,
+    ) -> dict[str, Incomplete]: ...
     def deserialize_json(self, obj, key, decode=None, sender_key=None) -> dict[str, Incomplete]: ...
-    def deserialize(self, obj, key, decode=None, sender_key=None): ...
+    def deserialize(self, obj, key, decode=None, sender_key=None) -> dict[str, Incomplete]: ...
     @staticmethod
     def parse_json(obj) -> dict[Incomplete, Incomplete]: ...
-    def get_header_alg(self, header): ...
-    def get_header_enc(self, header): ...
-    def get_header_zip(self, header): ...
+    def get_header_alg(self, header) -> JWEAlgorithmBase: ...
+    def get_header_enc(self, header) -> JWEEncAlgorithm: ...
+    def get_header_zip(self, header) -> JWEZipAlgorithm: ...
 
 def prepare_key(alg, header, key): ...

stubs/Authlib/authlib/jose/rfc7516/models.pyi

@@ -1,6 +1,6 @@
 from _typeshed import Incomplete
 from abc import ABCMeta
-from collections.abc import Iterable
+from collections.abc import Iterable, Sized
 from typing import ClassVar
 from typing_extensions import Self
 
@@ -28,13 +28,13 @@ class JWEEncAlgorithm:
     description: str | None
     algorithm_type: str
     algorithm_location: str
-    IV_SIZE: Incomplete
-    CEK_SIZE: Incomplete
-    def generate_cek(self): ...
-    def generate_iv(self): ...
-    def check_iv(self, iv) -> None: ...
-    def encrypt(self, msg, aad, iv, key): ...
-    def decrypt(self, ciphertext, aad, iv, tag, key): ...
+    IV_SIZE: int | None
+    CEK_SIZE: int | None
+    def generate_cek(self) -> bytes: ...
+    def generate_iv(self) -> bytes: ...
+    def check_iv(self, iv: Sized) -> None: ...
+    def encrypt(self, msg, aad, iv, key) -> tuple[bytes, bytes]: ...
+    def decrypt(self, ciphertext, aad, iv, tag, key) -> bytes: ...
 
 class JWEZipAlgorithm:
     name: Incomplete

stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi

@@ -1,5 +1,6 @@
-from _typeshed import Incomplete
-from typing import ClassVar
+from _typeshed import Incomplete, ReadableBuffer
+from collections.abc import Iterable
+from typing import ClassVar, Literal, SupportsBytes, SupportsIndex
 from typing_extensions import Self
 
 from authlib.jose.rfc7517 import Key
@@ -26,9 +27,22 @@ class AsymmetricKey(Key):
     def load_public_key(self): ...
     def as_dict(self, is_private: bool = False, **params) -> dict[Incomplete, Incomplete]: ...
     def as_key(self, is_private: bool = False): ...
-    def as_bytes(self, encoding=None, is_private: bool = False, password=None): ...
-    def as_pem(self, is_private: bool = False, password=None): ...
-    def as_der(self, is_private: bool = False, password=None): ...
+    def as_bytes(
+        self,
+        encoding: Literal["PEM", "DER"] | None = None,
+        is_private: bool = False,
+        password: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer | None = None,
+    ): ...
+    def as_pem(
+        self,
+        is_private: bool = False,
+        password: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer | None = None,
+    ): ...
+    def as_der(
+        self,
+        is_private: bool = False,
+        password: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer | None = None,
+    ): ...
     @classmethod
     def import_dict_key(cls, raw, options=None) -> Self: ...
     @classmethod