python · srittau · Jul 7, 2025 · Jul 4, 2025
diff --git a/stubs/Authlib/@tests/stubtest_allowlist.txt b/stubs/Authlib/@tests/stubtest_allowlist.txt
@@ -1,25 +1,5 @@
 # TODO: check these entries
-authlib.jose.ECKey.PRIVATE_KEY_CLS
-authlib.jose.ECKey.PUBLIC_KEY_CLS
-authlib.jose.RSAKey.PRIVATE_KEY_CLS
-authlib.jose.RSAKey.PUBLIC_KEY_CLS
-authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.description
-authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.name
 authlib.jose.drafts._jwe_enc_cryptodome
-authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.description
-authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.name
-authlib.jose.rfc7518.ECDHESAlgorithm.description
-authlib.jose.rfc7518.ECDHESAlgorithm.name
-authlib.jose.rfc7518.ECKey.PRIVATE_KEY_CLS
-authlib.jose.rfc7518.ECKey.PUBLIC_KEY_CLS
-authlib.jose.rfc7518.RSAKey.PRIVATE_KEY_CLS
-authlib.jose.rfc7518.RSAKey.PUBLIC_KEY_CLS
-authlib.jose.rfc7518.ec_key.ECKey.PRIVATE_KEY_CLS
-authlib.jose.rfc7518.ec_key.ECKey.PUBLIC_KEY_CLS
-authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.description
-authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.name
-authlib.jose.rfc7518.rsa_key.RSAKey.PRIVATE_KEY_CLS
-authlib.jose.rfc7518.rsa_key.RSAKey.PUBLIC_KEY_CLS
 authlib.oauth2.OAuth2Client.client_auth_class
 authlib.oauth2.OAuth2Client.oauth_error_class
 authlib.oauth2.OAuth2Client.token_auth_class
@@ -30,7 +10,24 @@ authlib.oauth2.rfc7521.AssertionClient.oauth_error_class
 authlib.oauth2.rfc7521.client.AssertionClient.oauth_error_class
 authlib.oauth2.rfc7523.JWTBearerTokenValidator.token_cls
 authlib.oauth2.rfc7523.validator.JWTBearerTokenValidator.token_cls
-authlib.oauth2.rfc9068.claims.JWTAccessTokenClaims.validate
+
+# Are set to `None` by default, initialized later:
+authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.description
+authlib.jose.drafts._jwe_algorithms.ECDH1PUAlgorithm.name
+authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.description
+authlib.jose.drafts._jwe_enc_cryptography.C20PEncAlgorithm.name
+authlib.jose.rfc7518.AESAlgorithm.description
+authlib.jose.rfc7518.AESAlgorithm.name
+authlib.jose.rfc7518.ECDHESAlgorithm.description
+authlib.jose.rfc7518.ECDHESAlgorithm.name
+authlib.jose.rfc7518.jwe_algs.AESAlgorithm.description
+authlib.jose.rfc7518.jwe_algs.AESAlgorithm.name
+authlib.jose.rfc7518.jwe_algs.AESGCMAlgorithm.description
+authlib.jose.rfc7518.jwe_algs.AESGCMAlgorithm.name
+authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.description
+authlib.jose.rfc7518.jwe_algs.ECDHESAlgorithm.name
+authlib.jose.rfc7518.jwe_algs.RSAAlgorithm.description
+authlib.jose.rfc7518.jwe_algs.RSAAlgorithm.name
 
 # Re-exports of hashlib functions whose signatures changed in Python 3.13.4.
 # (Remove once 3.13.4 is consistently available)
@@ -65,3 +62,15 @@ authlib.oauth2.rfc8628.device_code.DeviceCodeGrant.create_token_response
 authlib.oidc.core.OpenIDImplicitGrant.validate_consent_request
 authlib.oidc.core.grants.OpenIDImplicitGrant.validate_consent_request
 authlib.oidc.core.grants.implicit.OpenIDImplicitGrant.validate_consent_request
+
+# Exclude integrations dirs:
+authlib.integrations.django_client
+authlib.integrations.django_oauth1
+authlib.integrations.django_oauth2
+authlib.integrations.flask_client
+authlib.integrations.flask_oauth1
+authlib.integrations.flask_oauth2
+authlib.integrations.httpx_client
+authlib.integrations.requests_client
+authlib.integrations.sqla_oauth2
+authlib.integrations.starlette_client
diff --git a/stubs/Authlib/METADATA.toml b/stubs/Authlib/METADATA.toml
@@ -1,7 +1,3 @@
 version = "~= 1.6.0"
 upstream_repository = "https://github.com/lepture/authlib"
 requires = ["cryptography"]
-partial_stub = true
-
-[tool.stubtest]
-ignore_missing_stub = true
diff --git a/stubs/Authlib/authlib/integrations/base_client/async_app.pyi b/stubs/Authlib/authlib/integrations/base_client/async_app.pyi
@@ -1,5 +1,9 @@
+from logging import Logger
+
 from authlib.integrations.base_client.sync_app import OAuth1Base, OAuth2Base
 
+log: Logger
+
 __all__ = ["AsyncOAuth1Mixin", "AsyncOAuth2Mixin"]
 
 class AsyncOAuth1Mixin(OAuth1Base):

diff --git a/stubs/Authlib/authlib/integrations/base_client/sync_app.pyi b/stubs/Authlib/authlib/integrations/base_client/sync_app.pyi
@@ -1,4 +1,7 @@
 from _typeshed import Incomplete
+from logging import Logger
+
+log: Logger
 
 class BaseApp:
     client_cls: Incomplete

diff --git a/stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi b/stubs/Authlib/authlib/jose/drafts/_jwe_algorithms.pyi
@@ -1,9 +1,11 @@
 from _typeshed import Incomplete
+from collections.abc import Iterable
+from typing import ClassVar
 
 from authlib.jose.rfc7516 import JWEAlgorithmWithTagAwareKeyAgreement
 
 class ECDH1PUAlgorithm(JWEAlgorithmWithTagAwareKeyAgreement):
-    EXTRA_HEADERS: Incomplete
+    EXTRA_HEADERS: ClassVar[Iterable[str]]
     ALLOWED_KEY_CLS: Incomplete
     name: str
     description: str

diff --git a/stubs/Authlib/authlib/jose/rfc7516/models.pyi b/stubs/Authlib/authlib/jose/rfc7516/models.pyi
@@ -1,10 +1,12 @@
 from _typeshed import Incomplete
 from abc import ABCMeta
+from collections.abc import Iterable
+from typing import ClassVar
 
 class JWEAlgorithmBase(metaclass=ABCMeta):
-    EXTRA_HEADERS: Incomplete
-    name: Incomplete
-    description: Incomplete
+    EXTRA_HEADERS: ClassVar[Iterable[str] | None]
+    name: str | None
+    description: str | None
     algorithm_type: str
     algorithm_location: str
     def prepare_key(self, raw_data) -> None: ...
@@ -21,8 +23,8 @@ class JWEAlgorithmWithTagAwareKeyAgreement(JWEAlgorithmBase, metaclass=ABCMeta):
     def unwrap(self, enc_alg, ek, headers, key, sender_key, tag=None) -> None: ...
 
 class JWEEncAlgorithm:
-    name: Incomplete
-    description: Incomplete
+    name: str | None
+    description: str | None
     algorithm_type: str
     algorithm_location: str
     IV_SIZE: Incomplete

diff --git a/stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi b/stubs/Authlib/authlib/jose/rfc7517/asymmetric_key.pyi
@@ -1,13 +1,14 @@
 from _typeshed import Incomplete
+from typing import ClassVar
 
 from authlib.jose.rfc7517 import Key
 
 class AsymmetricKey(Key):
-    PUBLIC_KEY_FIELDS: Incomplete
-    PRIVATE_KEY_FIELDS: Incomplete
-    PRIVATE_KEY_CLS = Incomplete
-    PUBLIC_KEY_CLS = Incomplete
-    SSH_PUBLIC_PREFIX: bytes
+    PUBLIC_KEY_FIELDS: ClassVar[list[str]]
+    PRIVATE_KEY_FIELDS: ClassVar[list[str]]
+    PRIVATE_KEY_CLS: ClassVar[type | tuple[type, ...]]
+    PUBLIC_KEY_CLS: ClassVar[type | tuple[type, ...]]
+    SSH_PUBLIC_PREFIX: ClassVar[bytes]
     private_key: Incomplete
     public_key: Incomplete
     def __init__(self, private_key=None, public_key=None, options=None) -> None: ...
@@ -18,10 +19,10 @@ class AsymmetricKey(Key):
     def get_private_key(self): ...
     def load_raw_key(self) -> None: ...
     def load_dict_key(self) -> None: ...
-    def dumps_private_key(self) -> None: ...
-    def dumps_public_key(self) -> None: ...
-    def load_private_key(self) -> None: ...
-    def load_public_key(self) -> None: ...
+    def dumps_private_key(self): ...
+    def dumps_public_key(self): ...
+    def load_private_key(self): ...
+    def load_public_key(self): ...
     def as_dict(self, is_private: bool = False, **params): ...
     def as_key(self, is_private: bool = False): ...
     def as_bytes(self, encoding=None, is_private: bool = False, password=None): ...

diff --git a/stubs/Authlib/authlib/jose/rfc7517/base_key.pyi b/stubs/Authlib/authlib/jose/rfc7517/base_key.pyi
@@ -1,11 +1,12 @@
 from _typeshed import Incomplete
+from typing import ClassVar
 
 class Key:
     kty: str
-    ALLOWED_PARAMS: Incomplete
-    PRIVATE_KEY_OPS: Incomplete
-    PUBLIC_KEY_OPS: Incomplete
-    REQUIRED_JSON_FIELDS: Incomplete
+    ALLOWED_PARAMS: ClassVar[list[str]]
+    PRIVATE_KEY_OPS: ClassVar[list[str]]
+    PUBLIC_KEY_OPS: ClassVar[list[str]]
+    REQUIRED_JSON_FIELDS: ClassVar[list[str]]
     options: Incomplete
     def __init__(self, options=None) -> None: ...
     @property

diff --git a/stubs/Authlib/authlib/jose/rfc7518/ec_key.pyi b/stubs/Authlib/authlib/jose/rfc7518/ec_key.pyi
@@ -1,24 +1,25 @@
 from _typeshed import Incomplete
+from typing import ClassVar
 
 from authlib.jose.rfc7517 import AsymmetricKey
-from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKeyWithSerialization, EllipticCurvePublicKey
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey, EllipticCurvePublicKey
 
 class ECKey(AsymmetricKey):
     kty: str
     DSS_CURVES: Incomplete
     CURVES_DSS: Incomplete
-    REQUIRED_JSON_FIELDS: Incomplete
+    REQUIRED_JSON_FIELDS: ClassVar[list[str]]
     PUBLIC_KEY_FIELDS = REQUIRED_JSON_FIELDS
-    PRIVATE_KEY_FIELDS: Incomplete
-    PUBLIC_KEY_CLS = EllipticCurvePublicKey
-    PRIVATE_KEY_CLS = EllipticCurvePrivateKeyWithSerialization
-    SSH_PUBLIC_PREFIX: bytes
+    PRIVATE_KEY_FIELDS: ClassVar[list[str]]
+    PUBLIC_KEY_CLS: ClassVar[type]
+    PRIVATE_KEY_CLS: ClassVar[type]
+    SSH_PUBLIC_PREFIX: ClassVar[bytes]
     def exchange_shared_key(self, pubkey): ...
     @property
     def curve_key_size(self): ...
-    def load_private_key(self): ...
-    def load_public_key(self): ...
-    def dumps_private_key(self): ...
-    def dumps_public_key(self): ...
+    def load_private_key(self) -> EllipticCurvePrivateKey: ...
+    def load_public_key(self) -> EllipticCurvePublicKey: ...
+    def dumps_private_key(self) -> dict[str, str]: ...
+    def dumps_public_key(self) -> dict[str, str]: ...
     @classmethod
     def generate_key(cls, crv: str = "P-256", options=None, is_private: bool = False) -> ECKey: ...
diff --git a/stubs/Authlib/authlib/jose/rfc7518/jwe_algs.pyi b/stubs/Authlib/authlib/jose/rfc7518/jwe_algs.pyi
@@ -1,4 +1,6 @@
 from _typeshed import Incomplete
+from collections.abc import Iterable
+from typing import ClassVar, Final
 
 from authlib.jose.rfc7516 import JWEAlgorithm
 
@@ -12,8 +14,8 @@ class DirectAlgorithm(JWEAlgorithm):
 
 class RSAAlgorithm(JWEAlgorithm):
     key_size: int
-    name: Incomplete
-    description: Incomplete
+    name: str
+    description: str
     padding: Incomplete
     def __init__(self, name, description, pad_fn) -> None: ...
     def prepare_key(self, raw_data): ...
@@ -22,8 +24,8 @@ class RSAAlgorithm(JWEAlgorithm):
     def unwrap(self, enc_alg, ek, headers, key): ...
 
 class AESAlgorithm(JWEAlgorithm):
-    name: Incomplete
-    description: Incomplete
+    name: str
+    description: str
     key_size: Incomplete
     def __init__(self, key_size) -> None: ...
     def prepare_key(self, raw_data): ...
@@ -33,9 +35,9 @@ class AESAlgorithm(JWEAlgorithm):
     def unwrap(self, enc_alg, ek, headers, key): ...
 
 class AESGCMAlgorithm(JWEAlgorithm):
-    EXTRA_HEADERS: Incomplete
-    name: Incomplete
-    description: Incomplete
+    EXTRA_HEADERS: ClassVar[Iterable[str]]
+    name: str
+    description: str
     key_size: Incomplete
     def __init__(self, key_size) -> None: ...
     def prepare_key(self, raw_data): ...
@@ -44,7 +46,7 @@ class AESGCMAlgorithm(JWEAlgorithm):
     def unwrap(self, enc_alg, ek, headers, key): ...
 
 class ECDHESAlgorithm(JWEAlgorithm):
-    EXTRA_HEADERS: Incomplete
+    EXTRA_HEADERS: ClassVar[Iterable[str]]
     ALLOWED_KEY_CLS = Incomplete
     name: str
     description: str
@@ -61,4 +63,4 @@ class ECDHESAlgorithm(JWEAlgorithm):
 
 def u32be_len_input(s, base64: bool = False): ...
 
-JWE_ALG_ALGORITHMS: Incomplete
+JWE_ALG_ALGORITHMS: Final[list[JWEAlgorithm]]
diff --git a/stubs/Authlib/authlib/jose/rfc7518/oct_key.pyi b/stubs/Authlib/authlib/jose/rfc7518/oct_key.pyi
@@ -1,12 +1,13 @@
 from _typeshed import Incomplete
+from typing import ClassVar, Final
 
 from authlib.jose.rfc7517 import Key
 
-POSSIBLE_UNSAFE_KEYS: Incomplete
+POSSIBLE_UNSAFE_KEYS: Final[tuple[bytes, ...]]
 
 class OctKey(Key):
     kty: str
-    REQUIRED_JSON_FIELDS: Incomplete
+    REQUIRED_JSON_FIELDS: ClassVar[list[str]]
     raw_key: Incomplete
     def __init__(self, raw_key=None, options=None) -> None: ...
     @property

diff --git a/stubs/Authlib/authlib/jose/rfc7518/rsa_key.pyi b/stubs/Authlib/authlib/jose/rfc7518/rsa_key.pyi
@@ -1,23 +1,23 @@
-from _typeshed import Incomplete
+from typing import ClassVar
 
 from authlib.jose.rfc7517 import AsymmetricKey
-from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKeyWithSerialization, RSAPublicKey
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey
 
 class RSAKey(AsymmetricKey):
     kty: str
-    PUBLIC_KEY_CLS = RSAPublicKey
-    PRIVATE_KEY_CLS = RSAPrivateKeyWithSerialization
-    PUBLIC_KEY_FIELDS: Incomplete
-    PRIVATE_KEY_FIELDS: Incomplete
-    REQUIRED_JSON_FIELDS: Incomplete
-    SSH_PUBLIC_PREFIX: bytes
-    def dumps_private_key(self): ...
-    def dumps_public_key(self): ...
-    def load_private_key(self): ...
-    def load_public_key(self): ...
+    PUBLIC_KEY_CLS: ClassVar[type]
+    PRIVATE_KEY_CLS: ClassVar[type]
+    PUBLIC_KEY_FIELDS: ClassVar[list[str]]
+    PRIVATE_KEY_FIELDS: ClassVar[list[str]]
+    REQUIRED_JSON_FIELDS: ClassVar[list[str]]
+    SSH_PUBLIC_PREFIX: ClassVar[bytes]
+    def dumps_private_key(self) -> dict[str, str]: ...
+    def dumps_public_key(self) -> dict[str, str]: ...
+    def load_private_key(self) -> RSAPrivateKey: ...
+    def load_public_key(self) -> RSAPublicKey: ...
     @classmethod
     def generate_key(cls, key_size: int = 2048, options=None, is_private: bool = False) -> RSAKey: ...
     @classmethod
     def import_dict_key(cls, raw, options=None): ...
 
-def has_all_prime_factors(obj): ...
+def has_all_prime_factors(obj) -> bool: ...
diff --git a/stubs/Authlib/authlib/jose/rfc8037/okp_key.pyi b/stubs/Authlib/authlib/jose/rfc8037/okp_key.pyi
@@ -1,24 +1,28 @@
-from _typeshed import Incomplete
+from typing import ClassVar, Final
 
 from authlib.jose.rfc7517 import AsymmetricKey
+from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey, Ed448PublicKey
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
+from cryptography.hazmat.primitives.asymmetric.x448 import X448PrivateKey, X448PublicKey
+from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey, X25519PublicKey
 
-PUBLIC_KEYS_MAP: Incomplete
-PRIVATE_KEYS_MAP: Incomplete
+PUBLIC_KEYS_MAP: Final[dict[str, type]]
+PRIVATE_KEYS_MAP: Final[dict[str, type]]
 
 class OKPKey(AsymmetricKey):
     kty: str
-    REQUIRED_JSON_FIELDS: Incomplete
+    REQUIRED_JSON_FIELDS: ClassVar[list[str]]
     PUBLIC_KEY_FIELDS = REQUIRED_JSON_FIELDS
-    PRIVATE_KEY_FIELDS: Incomplete
-    PUBLIC_KEY_CLS: Incomplete
-    PRIVATE_KEY_CLS: Incomplete
-    SSH_PUBLIC_PREFIX: bytes
+    PRIVATE_KEY_FIELDS: ClassVar[list[str]]
+    PUBLIC_KEY_CLS: ClassVar[tuple[type, ...]]
+    PRIVATE_KEY_CLS: ClassVar[tuple[type, ...]]
+    SSH_PUBLIC_PREFIX: ClassVar[bytes]
     def exchange_shared_key(self, pubkey): ...
     @staticmethod
     def get_key_curve(key): ...
-    def load_private_key(self): ...
-    def load_public_key(self): ...
-    def dumps_private_key(self): ...
-    def dumps_public_key(self, public_key=None): ...
+    def load_private_key(self) -> Ed25519PrivateKey | Ed448PrivateKey | X25519PrivateKey | X448PrivateKey: ...
+    def load_public_key(self) -> Ed25519PublicKey | Ed448PublicKey | X25519PublicKey | X448PublicKey: ...
+    def dumps_private_key(self) -> dict[str, str | None]: ...
+    def dumps_public_key(self, public_key=None) -> dict[str, str | None]: ...
     @classmethod
     def generate_key(cls, crv: str = "Ed25519", options=None, is_private: bool = False) -> OKPKey: ...
diff --git a/stubs/Authlib/authlib/oauth1/client.pyi b/stubs/Authlib/authlib/oauth1/client.pyi
@@ -37,3 +37,4 @@ class OAuth1Client:
     def parse_response_token(self, status_code, text): ...
     @staticmethod
     def handle_error(error_type, error_description) -> None: ...
+    def __del__(self) -> None: ...
diff --git a/stubs/Authlib/authlib/oauth2/auth.pyi b/stubs/Authlib/authlib/oauth2/auth.pyi
@@ -22,3 +22,4 @@ class TokenAuth:
     def __init__(self, token, token_placement: str = "header", client=None) -> None: ...
     def set_token(self, token) -> None: ...
     def prepare(self, uri, headers, body): ...
+    def __del__(self) -> None: ...
diff --git a/stubs/Authlib/authlib/oauth2/client.pyi b/stubs/Authlib/authlib/oauth2/client.pyi
@@ -58,3 +58,4 @@ class OAuth2Client:
     def introspect_token(self, url, token=None, token_type_hint=None, body=None, auth=None, headers=None, **kwargs): ...
     def register_compliance_hook(self, hook_type, hook) -> None: ...
     def parse_response_token(self, resp): ...
+    def __del__(self) -> None: ...