[Authlib] Update return types

stubs/Authlib/authlib/common/urls.pyi

@@ -13,7 +13,7 @@ def url_decode(query: str) -> _ExplodedQueryString: ...
 def add_params_to_qs(query: str, params: _ExplodedQueryString) -> str: ...
 def add_params_to_uri(uri: str, params: _ExplodedQueryString, fragment: bool = False): ...
 def quote(s: str, safe: bytes = b"/") -> str: ...
-def unquote(s: str) -> str: ...
+def unquote(s: str | bytes) -> str: ...
 def quote_url(s: str) -> str: ...
 def extract_params(raw: dict[str, str] | _ExplodedQueryString) -> _ExplodedQueryString: ...
 def is_valid_url(url: str, fragments_allowed: bool = True) -> bool: ...

stubs/Authlib/authlib/integrations/base_client/async_app.pyi

@@ -1,3 +1,4 @@
+from _typeshed import Incomplete
 from logging import Logger
 
 from authlib.integrations.base_client.sync_app import OAuth1Base, OAuth2Base
@@ -8,11 +9,11 @@ __all__ = ["AsyncOAuth1Mixin", "AsyncOAuth2Mixin"]
 
 class AsyncOAuth1Mixin(OAuth1Base):
     async def request(self, method, url, token=None, **kwargs): ...
-    async def create_authorization_url(self, redirect_uri=None, **kwargs): ...
+    async def create_authorization_url(self, redirect_uri=None, **kwargs) -> dict[Incomplete, Incomplete]: ...
     async def fetch_access_token(self, request_token=None, **kwargs): ...
 
 class AsyncOAuth2Mixin(OAuth2Base):
-    async def load_server_metadata(self): ...
+    async def load_server_metadata(self) -> dict[Incomplete, Incomplete]: ...
     async def request(self, method, url, token=None, **kwargs): ...
-    async def create_authorization_url(self, redirect_uri=None, **kwargs): ...
+    async def create_authorization_url(self, redirect_uri=None, **kwargs) -> dict[Incomplete, Incomplete]: ...
     async def fetch_access_token(self, redirect_uri=None, **kwargs): ...

stubs/Authlib/authlib/integrations/base_client/async_openid.pyi

@@ -1,6 +1,8 @@
+from authlib.oidc.core.claims import UserInfo
+
 __all__ = ["AsyncOpenIDMixin"]
 
 class AsyncOpenIDMixin:
     async def fetch_jwk_set(self, force: bool = False): ...
-    async def userinfo(self, **kwargs): ...
-    async def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120): ...
+    async def userinfo(self, **kwargs) -> UserInfo: ...
+    async def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120) -> UserInfo: ...

stubs/Authlib/authlib/integrations/base_client/framework_integration.pyi

@@ -8,6 +8,6 @@ class FrameworkIntegration:
     def get_state_data(self, session, state): ...
     def set_state_data(self, session, state, data): ...
     def clear_state_data(self, session, state): ...
-    def update_token(self, token, refresh_token=None, access_token=None) -> None: ...
+    def update_token(self, token, refresh_token=None, access_token=None): ...
     @staticmethod
     def load_config(oauth, name, params): ...

stubs/Authlib/authlib/integrations/base_client/registry.pyi

@@ -14,6 +14,6 @@ class BaseOAuth:
     def __init__(self, cache=None, fetch_token=None, update_token=None) -> None: ...
     def create_client(self, name): ...
     def register(self, name, overwrite: bool = False, **kwargs): ...
-    def generate_client_kwargs(self, name, overwrite, **kwargs): ...
+    def generate_client_kwargs(self, name, overwrite, **kwargs) -> dict[Incomplete, Incomplete]: ...
     def load_config(self, name, params): ...
     def __getattr__(self, key): ...

stubs/Authlib/authlib/integrations/base_client/sync_app.pyi

@@ -50,7 +50,7 @@ class OAuth1Base:
 
 class OAuth1Mixin(_RequestMixin, OAuth1Base):
     def request(self, method, url, token=None, **kwargs): ...
-    def create_authorization_url(self, redirect_uri=None, **kwargs): ...
+    def create_authorization_url(self, redirect_uri=None, **kwargs) -> dict[Incomplete, Incomplete]: ...
     def fetch_access_token(self, request_token=None, **kwargs): ...
 
 class OAuth2Base:
@@ -91,6 +91,6 @@ class OAuth2Base:
 
 class OAuth2Mixin(_RequestMixin, OAuth2Base):
     def request(self, method, url, token=None, **kwargs): ...
-    def load_server_metadata(self): ...
-    def create_authorization_url(self, redirect_uri=None, **kwargs): ...
+    def load_server_metadata(self) -> dict[Incomplete, Incomplete]: ...
+    def create_authorization_url(self, redirect_uri=None, **kwargs) -> dict[Incomplete, Incomplete]: ...
     def fetch_access_token(self, redirect_uri=None, **kwargs): ...

stubs/Authlib/authlib/integrations/base_client/sync_openid.pyi

@@ -1,5 +1,7 @@
+from authlib.oidc.core.claims import UserInfo
+
 class OpenIDMixin:
     def fetch_jwk_set(self, force: bool = False): ...
-    def userinfo(self, **kwargs): ...
-    def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120): ...
+    def userinfo(self, **kwargs) -> UserInfo: ...
+    def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway: int = 120) -> UserInfo | None: ...
     def create_load_key(self): ...

stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi

@@ -1,6 +1,6 @@
 from _typeshed import Incomplete
 from collections.abc import Iterable
-from typing import ClassVar
+from typing import ClassVar, Final
 
 from authlib.jose.rfc7516 import JWEAlgorithmWithTagAwareKeyAgreement
 
@@ -13,17 +13,19 @@ class ECDH1PUAlgorithm(JWEAlgorithmWithTagAwareKeyAgreement):
     aeskw: Incomplete
     def __init__(self, key_size=None) -> None: ...
     def prepare_key(self, raw_data): ...
-    def generate_preset(self, enc_alg, key): ...
+    def generate_preset(self, enc_alg, key) -> dict[str, Incomplete]: ...
     def compute_shared_key(self, shared_key_e, shared_key_s): ...
-    def compute_fixed_info(self, headers, bit_size, tag): ...
-    def compute_derived_key(self, shared_key, fixed_info, bit_size): ...
-    def deliver_at_sender(self, sender_static_key, sender_ephemeral_key, recipient_pubkey, headers, bit_size, tag): ...
-    def deliver_at_recipient(self, recipient_key, sender_static_pubkey, sender_ephemeral_pubkey, headers, bit_size, tag): ...
-    def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset=None): ...
+    def compute_fixed_info(self, headers, bit_size, tag) -> bytes: ...
+    def compute_derived_key(self, shared_key, fixed_info, bit_size) -> bytes: ...
+    def deliver_at_sender(self, sender_static_key, sender_ephemeral_key, recipient_pubkey, headers, bit_size, tag) -> bytes: ...
+    def deliver_at_recipient(
+        self, recipient_key, sender_static_pubkey, sender_ephemeral_pubkey, headers, bit_size, tag
+    ) -> bytes: ...
+    def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset=None) -> dict[str, Incomplete]: ...
     def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag): ...
-    def wrap(self, enc_alg, headers, key, sender_key, preset=None): ...
-    def unwrap(self, enc_alg, ek, headers, key, sender_key, tag=None): ...
+    def wrap(self, enc_alg, headers, key, sender_key, preset=None) -> dict[str, Incomplete]: ...
+    def unwrap(self, enc_alg, ek, headers, key, sender_key, tag=None) -> bytes: ...
 
-JWE_DRAFT_ALG_ALGORITHMS: Incomplete
+JWE_DRAFT_ALG_ALGORITHMS: Final[list[ECDH1PUAlgorithm]]
 
 def register_jwe_alg_draft(cls) -> None: ...

stubs/Authlib/authlib/jose/drafts/_jwe_enc_cryptography.pyi

@@ -9,5 +9,5 @@ class C20PEncAlgorithm(JWEEncAlgorithm):
     key_size: Incomplete
     CEK_SIZE: Incomplete
     def __init__(self, key_size) -> None: ...
-    def encrypt(self, msg, aad, iv, key): ...
-    def decrypt(self, ciphertext, aad, iv, tag, key): ...
+    def encrypt(self, msg, aad, iv, key) -> tuple[bytes, bytes]: ...
+    def decrypt(self, ciphertext, aad, iv, tag, key) -> bytes: ...

stubs/Authlib/authlib/jose/jwk.pyi

@@ -1,2 +1,7 @@
+from _typeshed import Incomplete
+from typing_extensions import deprecated
+
+@deprecated("Please use `JsonWebKey` directly.")
 def loads(obj, kid=None): ...
-def dumps(key, kty=None, **params): ...
+@deprecated("Please use `JsonWebKey` directly.")
+def dumps(key, kty=None, **params) -> dict[Incomplete, Incomplete]: ...

stubs/Authlib/authlib/jose/rfc7515/jws.pyi

@@ -1,15 +1,17 @@
 from _typeshed import Incomplete
 
+from .models import JWSObject
+
 class JsonWebSignature:
     REGISTERED_HEADER_PARAMETER_NAMES: frozenset[str]
     MAX_CONTENT_LENGTH: int
     ALGORITHMS_REGISTRY: dict[str, Incomplete]
     def __init__(self, algorithms=None, private_headers=None) -> None: ...
     @classmethod
     def register_algorithm(cls, algorithm) -> None: ...
-    def serialize_compact(self, protected, payload, key): ...
-    def deserialize_compact(self, s, key, decode=None): ...
+    def serialize_compact(self, protected, payload, key) -> bytes: ...
+    def deserialize_compact(self, s, key, decode=None) -> JWSObject: ...
     def serialize_json(self, header_obj, payload, key): ...
-    def deserialize_json(self, obj, key, decode=None): ...
+    def deserialize_json(self, obj, key, decode=None) -> JWSObject: ...
     def serialize(self, header, payload, key): ...
-    def deserialize(self, s, key, decode=None): ...
+    def deserialize(self, s, key, decode=None) -> JWSObject: ...

stubs/Authlib/authlib/jose/rfc7515/models.pyi

@@ -1,11 +1,12 @@
 from _typeshed import Incomplete
+from typing_extensions import Self
 
 class JWSAlgorithm:
     name: Incomplete
     description: Incomplete
     algorithm_type: str
     algorithm_location: str
-    def prepare_key(self, raw_data) -> None: ...
+    def prepare_key(self, raw_data): ...
     def sign(self, msg, key): ...
     def verify(self, msg, sig, key) -> bool: ...
 
@@ -14,7 +15,7 @@ class JWSHeader(dict[str, object]):
     header: Incomplete
     def __init__(self, protected, header) -> None: ...
     @classmethod
-    def from_dict(cls, obj): ...
+    def from_dict(cls, obj) -> Self: ...
 
 class JWSObject(dict[str, object]):
     header: Incomplete

stubs/Authlib/authlib/jose/rfc7516/jwe.pyi

@@ -1,21 +1,22 @@
 from _typeshed import Incomplete
+from collections import OrderedDict
 
 class JsonWebEncryption:
-    REGISTERED_HEADER_PARAMETER_NAMES: Incomplete
-    ALG_REGISTRY: Incomplete
-    ENC_REGISTRY: Incomplete
-    ZIP_REGISTRY: Incomplete
+    REGISTERED_HEADER_PARAMETER_NAMES: frozenset[str]
+    ALG_REGISTRY: dict[Incomplete, Incomplete]
+    ENC_REGISTRY: dict[Incomplete, Incomplete]
+    ZIP_REGISTRY: dict[Incomplete, Incomplete]
     def __init__(self, algorithms=None, private_headers=None) -> None: ...
     @classmethod
     def register_algorithm(cls, algorithm) -> None: ...
-    def serialize_compact(self, protected, payload, key, sender_key=None): ...
-    def serialize_json(self, header_obj, payload, keys, sender_key=None): ...
+    def serialize_compact(self, protected, payload, key, sender_key=None) -> bytes: ...
+    def serialize_json(self, header_obj, payload, keys, sender_key=None) -> OrderedDict[Incomplete, Incomplete]: ...
     def serialize(self, header, payload, key, sender_key=None): ...
     def deserialize_compact(self, s, key, decode=None, sender_key=None): ...
-    def deserialize_json(self, obj, key, decode=None, sender_key=None): ...
+    def deserialize_json(self, obj, key, decode=None, sender_key=None) -> dict[str, Incomplete]: ...
     def deserialize(self, obj, key, decode=None, sender_key=None): ...
     @staticmethod
-    def parse_json(obj): ...
+    def parse_json(obj) -> dict[Incomplete, Incomplete]: ...
     def get_header_alg(self, header): ...
     def get_header_enc(self, header): ...
     def get_header_zip(self, header): ...

stubs/Authlib/authlib/jose/rfc7516/models.pyi

@@ -2,25 +2,26 @@ from _typeshed import Incomplete
 from abc import ABCMeta
 from collections.abc import Iterable
 from typing import ClassVar
+from typing_extensions import Self
 
 class JWEAlgorithmBase(metaclass=ABCMeta):
     EXTRA_HEADERS: ClassVar[Iterable[str] | None]
     name: str | None
     description: str | None
     algorithm_type: str
     algorithm_location: str
-    def prepare_key(self, raw_data) -> None: ...
-    def generate_preset(self, enc_alg, key) -> None: ...
+    def prepare_key(self, raw_data): ...
+    def generate_preset(self, enc_alg, key): ...
 
 class JWEAlgorithm(JWEAlgorithmBase, metaclass=ABCMeta):
-    def wrap(self, enc_alg, headers, key, preset=None) -> None: ...
-    def unwrap(self, enc_alg, ek, headers, key) -> None: ...
+    def wrap(self, enc_alg, headers, key, preset=None): ...
+    def unwrap(self, enc_alg, ek, headers, key): ...
 
 class JWEAlgorithmWithTagAwareKeyAgreement(JWEAlgorithmBase, metaclass=ABCMeta):
-    def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset=None) -> None: ...
-    def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag) -> None: ...
-    def wrap(self, enc_alg, headers, key, sender_key, preset=None) -> None: ...
-    def unwrap(self, enc_alg, ek, headers, key, sender_key, tag=None) -> None: ...
+    def generate_keys_and_prepare_headers(self, enc_alg, key, sender_key, preset=None): ...
+    def agree_upon_key_and_wrap_cek(self, enc_alg, headers, key, sender_key, epk, cek, tag): ...
+    def wrap(self, enc_alg, headers, key, sender_key, preset=None): ...
+    def unwrap(self, enc_alg, ek, headers, key, sender_key, tag=None): ...
 
 class JWEEncAlgorithm:
     name: str | None
@@ -32,8 +33,8 @@ class JWEEncAlgorithm:
     def generate_cek(self): ...
     def generate_iv(self): ...
     def check_iv(self, iv) -> None: ...
-    def encrypt(self, msg, aad, iv, key) -> None: ...
-    def decrypt(self, ciphertext, aad, iv, tag, key) -> None: ...
+    def encrypt(self, msg, aad, iv, key): ...
+    def decrypt(self, ciphertext, aad, iv, tag, key): ...
 
 class JWEZipAlgorithm:
     name: Incomplete
@@ -49,7 +50,7 @@ class JWESharedHeader(dict[str, object]):
     def __init__(self, protected, unprotected) -> None: ...
     def update_protected(self, addition) -> None: ...
     @classmethod
-    def from_dict(cls, obj): ...
+    def from_dict(cls, obj) -> Self: ...
 
 class JWEHeader(dict[str, object]):
     protected: Incomplete

stubs/Authlib/authlib/jose/rfc7517/_cryptography_key.pyi

@@ -1 +1,35 @@
-def load_pem_key(raw, ssh_type=None, key_type=None, password=None): ...
+from _typeshed import ReadableBuffer
+from collections.abc import Iterable
+from typing import Literal, SupportsBytes, SupportsIndex, overload
+
+from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes, PublicKeyTypes
+from cryptography.hazmat.primitives.serialization.ssh import SSHPublicKeyTypes
+
+@overload  # if ssh_type is None
+def load_pem_key(
+    raw: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer,
+    ssh_type: None = None,
+    key_type: str | None = None,
+    password: bytes | None = None,
+) -> PublicKeyTypes | PrivateKeyTypes: ...
+@overload  # if key_type == "public"
+def load_pem_key(
+    raw: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer,
+    ssh_type: ReadableBuffer | tuple[ReadableBuffer, ...] | None = None,
+    key_type: Literal["public"] = ...,
+    password: bytes | None = None,
+) -> PublicKeyTypes: ...
+@overload  # if key_type is not empty, but not "public"
+def load_pem_key(
+    raw: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer,
+    ssh_type: ReadableBuffer | tuple[ReadableBuffer, ...] | None = None,
+    key_type: str = ...,
+    password: bytes | None = None,
+) -> PrivateKeyTypes: ...
+@overload  # if ssh_type is not empty
+def load_pem_key(
+    raw: str | bytes | float | Iterable[SupportsIndex] | SupportsIndex | SupportsBytes | ReadableBuffer,
+    ssh_type: ReadableBuffer | tuple[ReadableBuffer, ...] = ...,
+    key_type: str | None = None,
+    password: bytes | None = None,
+) -> SSHPublicKeyTypes | PublicKeyTypes | PrivateKeyTypes: ...

stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi

@@ -1,5 +1,6 @@
 from _typeshed import Incomplete
 from typing import ClassVar
+from typing_extensions import Self
 
 from authlib.jose.rfc7517 import Key
 
@@ -13,7 +14,7 @@ class AsymmetricKey(Key):
     public_key: Incomplete
     def __init__(self, private_key=None, public_key=None, options=None) -> None: ...
     @property
-    def public_only(self): ...
+    def public_only(self) -> bool: ...
     def get_op_key(self, operation): ...
     def get_public_key(self): ...
     def get_private_key(self): ...
@@ -23,16 +24,16 @@ class AsymmetricKey(Key):
     def dumps_public_key(self): ...
     def load_private_key(self): ...
     def load_public_key(self): ...
-    def as_dict(self, is_private: bool = False, **params): ...
+    def as_dict(self, is_private: bool = False, **params) -> dict[Incomplete, Incomplete]: ...
     def as_key(self, is_private: bool = False): ...
     def as_bytes(self, encoding=None, is_private: bool = False, password=None): ...
     def as_pem(self, is_private: bool = False, password=None): ...
     def as_der(self, is_private: bool = False, password=None): ...
     @classmethod
-    def import_dict_key(cls, raw, options=None): ...
+    def import_dict_key(cls, raw, options=None) -> Self: ...
     @classmethod
-    def import_key(cls, raw, options=None): ...
+    def import_key(cls, raw, options=None) -> Self: ...
     @classmethod
-    def validate_raw_key(cls, key): ...
+    def validate_raw_key(cls, key) -> bool: ...
     @classmethod
     def generate_key(cls, crv_or_size, options=None, is_private: bool = False) -> AsymmetricKey: ...

stubs/Authlib/authlib/jose/rfc7517/base_key.pyi

@@ -10,20 +10,20 @@ class Key:
     options: Incomplete
     def __init__(self, options=None) -> None: ...
     @property
-    def tokens(self): ...
+    def tokens(self) -> dict[Incomplete, Incomplete]: ...
     @property
     def kid(self): ...
     def keys(self): ...
     def __getitem__(self, item): ...
     @property
-    def public_only(self) -> None: ...
-    def load_raw_key(self) -> None: ...
-    def load_dict_key(self) -> None: ...
+    def public_only(self): ...
+    def load_raw_key(self): ...
+    def load_dict_key(self): ...
     def check_key_op(self, operation) -> None: ...
-    def as_dict(self, is_private: bool = False, **params) -> None: ...
-    def as_json(self, is_private: bool = False, **params): ...
-    def thumbprint(self): ...
+    def as_dict(self, is_private: bool = False, **params): ...
+    def as_json(self, is_private: bool = False, **params) -> str: ...
+    def thumbprint(self) -> str: ...
     @classmethod
     def check_required_fields(cls, data) -> None: ...
     @classmethod
-    def validate_raw_key(cls, key) -> None: ...
+    def validate_raw_key(cls, key): ...

stubs/Authlib/authlib/jose/rfc7517/jwk.pyi

@@ -4,7 +4,7 @@ from collections.abc import Collection, Mapping
 from authlib.jose.rfc7517 import Key, KeySet
 
 class JsonWebKey:
-    JWK_KEY_CLS: Incomplete
+    JWK_KEY_CLS: dict[Incomplete, Incomplete]
     @classmethod
     def generate_key(cls, kty, crv_or_size, options=None, is_private: bool = False): ...
     @classmethod

stubs/Authlib/authlib/jose/rfc7517/key_set.pyi

@@ -1,10 +1,11 @@
+from _typeshed import Incomplete
 from collections.abc import Collection
 
 from authlib.jose.rfc7517 import Key
 
 class KeySet:
     keys: Collection[Key]
     def __init__(self, keys) -> None: ...
-    def as_dict(self, is_private: bool = False, **params): ...
-    def as_json(self, is_private: bool = False, **params): ...
+    def as_dict(self, is_private: bool = False, **params) -> dict[str, list[Incomplete]]: ...
+    def as_json(self, is_private: bool = False, **params) -> str: ...
     def find_by_kid(self, kid, **params): ...