From 4b3a7ba671752f476e5699e93a2065874cb4bc9010b61ae1af131b08aaf8675c Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Sat, 25 Jan 2025 20:55:26 +0000
Subject: [PATCH] Accepting request 1240203 from home:ecsos:python

- Update to 1.4.0
  * Fix id_token decoding when kid is null. :pr:`659`
  * Support for Python 3.13. :pr:`682`
  * Force login if the prompt parameter value is login. :pr:`637`
  * Support for httpx 0.28, :pr:`695`
  * Breaking changes:
    - Stop support for Python 3.8. :pr:`682`
- Drop py313-tests.patch, because now in upstream.
- Drop httpx028.patch, because now in upstream.

OBS-URL: https://build.opensuse.org/request/show/1240203
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Authlib?expand=0&rev=36
---
 authlib-1.3.2.tar.gz   |   3 --
 authlib-1.4.0.tar.gz   |   3 ++
 httpx028.patch         | 106 -----------------------------------------
 py313-tests.patch      |  70 ---------------------------
 python-Authlib.changes |  13 +++++
 python-Authlib.spec    |   8 ++--
 6 files changed, 19 insertions(+), 184 deletions(-)
 delete mode 100644 authlib-1.3.2.tar.gz
 create mode 100644 authlib-1.4.0.tar.gz
 delete mode 100644 httpx028.patch
 delete mode 100644 py313-tests.patch

diff --git a/authlib-1.3.2.tar.gz b/authlib-1.3.2.tar.gz
deleted file mode 100644
index 6992032..0000000
--- a/authlib-1.3.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8a6a7e4bc869491cafac524ec32e9f22ecb5de97801033b7b1e75a0824d5bf6f
-size 321266
diff --git a/authlib-1.4.0.tar.gz b/authlib-1.4.0.tar.gz
new file mode 100644
index 0000000..8ae8f96
--- /dev/null
+++ b/authlib-1.4.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3d0bcb3697a300844416290634ec689933de6c6f9ac5642c267aa8164b238f89
+size 322334
diff --git a/httpx028.patch b/httpx028.patch
deleted file mode 100644
index ead59d3..0000000
--- a/httpx028.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-Index: authlib-1.3.2/authlib/integrations/httpx_client/oauth2_client.py
-===================================================================
---- authlib-1.3.2.orig/authlib/integrations/httpx_client/oauth2_client.py
-+++ authlib-1.3.2/authlib/integrations/httpx_client/oauth2_client.py
-@@ -62,6 +62,11 @@ class AsyncOAuth2Client(_OAuth2Client, h
- 
-         # extract httpx.Client kwargs
-         client_kwargs = self._extract_session_request_params(kwargs)
-+        # app keyword was dropped!
-+        app_value = client_kwargs.pop('app', None)
-+        if app_value is not None:
-+            client_kwargs['transport'] = httpx.ASGITransport(app=app_value)
-+
-         httpx.AsyncClient.__init__(self, **client_kwargs)
- 
-         # We use a Lock to synchronize coroutines to prevent
-@@ -177,6 +182,11 @@ class OAuth2Client(_OAuth2Client, httpx.
- 
-         # extract httpx.Client kwargs
-         client_kwargs = self._extract_session_request_params(kwargs)
-+        # app keyword was dropped!
-+        app_value = client_kwargs.pop('app', None)
-+        if app_value is not None:
-+            client_kwargs['transport'] = httpx.WSGITransport(app=app_value)
-+
-         httpx.Client.__init__(self, **client_kwargs)
- 
-         _OAuth2Client.__init__(
-Index: authlib-1.3.2/tests/clients/test_httpx/test_async_oauth2_client.py
-===================================================================
---- authlib-1.3.2.orig/tests/clients/test_httpx/test_async_oauth2_client.py
-+++ authlib-1.3.2/tests/clients/test_httpx/test_async_oauth2_client.py
-@@ -4,7 +4,7 @@ import pytest
- from unittest import mock
- from copy import deepcopy
- 
--from httpx import AsyncClient
-+from httpx import AsyncClient, ASGITransport
- 
- from authlib.common.security import generate_token
- from authlib.common.urls import url_encode
-@@ -96,7 +96,7 @@ async def test_add_token_to_streaming_re
-         token_placement="header",
-         app=AsyncMockDispatch({'a': 'a'}, assert_func=assert_token_in_header)
-     ),
--    AsyncClient(app=AsyncMockDispatch({'a': 'a'}))
-+    AsyncClient(transport=ASGITransport(app=AsyncMockDispatch({'a': 'a'})))
- ])
- async def test_httpx_client_stream_match(client):
-     async with client as client_entered:
-Index: authlib-1.3.2/authlib/integrations/httpx_client/oauth1_client.py
-===================================================================
---- authlib-1.3.2.orig/authlib/integrations/httpx_client/oauth1_client.py
-+++ authlib-1.3.2/authlib/integrations/httpx_client/oauth1_client.py
-@@ -34,6 +34,11 @@ class AsyncOAuth1Client(_OAuth1Client, h
-                  force_include_body=False, **kwargs):
- 
-         _client_kwargs = extract_client_kwargs(kwargs)
-+        # app keyword was dropped!
-+        app_value = _client_kwargs.pop('app', None)
-+        if app_value is not None:
-+            _client_kwargs['transport'] = httpx.ASGITransport(app=app_value)
-+
-         httpx.AsyncClient.__init__(self, **_client_kwargs)
- 
-         _OAuth1Client.__init__(
-@@ -87,6 +92,11 @@ class OAuth1Client(_OAuth1Client, httpx.
-                  force_include_body=False, **kwargs):
- 
-         _client_kwargs = extract_client_kwargs(kwargs)
-+        # app keyword was dropped!
-+        app_value = _client_kwargs.pop('app', None)
-+        if app_value is not None:
-+            _client_kwargs['transport'] = httpx.WSGITransport(app=app_value)
-+
-         httpx.Client.__init__(self, **_client_kwargs)
- 
-         _OAuth1Client.__init__(
-Index: authlib-1.3.2/authlib/integrations/httpx_client/assertion_client.py
-===================================================================
---- authlib-1.3.2.orig/authlib/integrations/httpx_client/assertion_client.py
-+++ authlib-1.3.2/authlib/integrations/httpx_client/assertion_client.py
-@@ -22,6 +22,11 @@ class AsyncAssertionClient(_AssertionCli
-                  claims=None, token_placement='header', scope=None, **kwargs):
- 
-         client_kwargs = extract_client_kwargs(kwargs)
-+        # app keyword was dropped!
-+        app_value = client_kwargs.pop('app', None)
-+        if app_value is not None:
-+            client_kwargs['transport'] = httpx.ASGITransport(app=app_value)
-+
-         httpx.AsyncClient.__init__(self, **client_kwargs)
- 
-         _AssertionClient.__init__(
-@@ -61,6 +66,11 @@ class AssertionClient(_AssertionClient,
-                  claims=None, token_placement='header', scope=None, **kwargs):
- 
-         client_kwargs = extract_client_kwargs(kwargs)
-+        # app keyword was dropped!
-+        app_value = client_kwargs.pop('app', None)
-+        if app_value is not None:
-+            client_kwargs['transport'] = httpx.WSGITransport(app=app_value)
-+
-         httpx.Client.__init__(self, **client_kwargs)
- 
-         _AssertionClient.__init__(
diff --git a/py313-tests.patch b/py313-tests.patch
deleted file mode 100644
index ed73bab..0000000
--- a/py313-tests.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From d282c1afad676cf8ed3670e60fd43516fc9615de Mon Sep 17 00:00:00 2001
-From: "Kai A. Hiller" <git@kaialexhiller.de>
-Date: Sun, 20 Oct 2024 16:56:25 +0200
-Subject: [PATCH] tests: Dereference LocalProxy before serialization
-
----
- .../test_oauth2/test_jwt_access_token.py      | 30 +++++++++++++++----
- 1 file changed, 25 insertions(+), 5 deletions(-)
-
-diff --git a/tests/flask/test_oauth2/test_jwt_access_token.py b/tests/flask/test_oauth2/test_jwt_access_token.py
-index f4b8cf99..20feb1bb 100644
---- a/tests/flask/test_oauth2/test_jwt_access_token.py
-+++ b/tests/flask/test_oauth2/test_jwt_access_token.py
-@@ -49,31 +49,51 @@ def create_resource_protector(app, validator):
-     @require_oauth()
-     def protected():
-         user = db.session.get(User, current_token['sub'])
--        return jsonify(id=user.id, username=user.username, token=current_token)
-+        return jsonify(
-+            id=user.id,
-+            username=user.username,
-+            token=current_token._get_current_object(),
-+        )
- 
-     @app.route('/protected-by-scope')
-     @require_oauth('profile')
-     def protected_by_scope():
-         user = db.session.get(User, current_token['sub'])
--        return jsonify(id=user.id, username=user.username, token=current_token)
-+        return jsonify(
-+            id=user.id,
-+            username=user.username,
-+            token=current_token._get_current_object(),
-+        )
- 
-     @app.route('/protected-by-groups')
-     @require_oauth(groups=['admins'])
-     def protected_by_groups():
-         user = db.session.get(User, current_token['sub'])
--        return jsonify(id=user.id, username=user.username, token=current_token)
-+        return jsonify(
-+            id=user.id,
-+            username=user.username,
-+            token=current_token._get_current_object(),
-+        )
- 
-     @app.route('/protected-by-roles')
-     @require_oauth(roles=['student'])
-     def protected_by_roles():
-         user = db.session.get(User, current_token['sub'])
--        return jsonify(id=user.id, username=user.username, token=current_token)
-+        return jsonify(
-+            id=user.id,
-+            username=user.username,
-+            token=current_token._get_current_object(),
-+        )
- 
-     @app.route('/protected-by-entitlements')
-     @require_oauth(entitlements=['captain'])
-     def protected_by_entitlements():
-         user = db.session.get(User, current_token['sub'])
--        return jsonify(id=user.id, username=user.username, token=current_token)
-+        return jsonify(
-+            id=user.id,
-+            username=user.username,
-+            token=current_token._get_current_object(),
-+        )
- 
-     return require_oauth
- 
diff --git a/python-Authlib.changes b/python-Authlib.changes
index 38166ea..ef6ade7 100644
--- a/python-Authlib.changes
+++ b/python-Authlib.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Jan 24 18:21:06 UTC 2025 - ecsos <ecsos@opensuse.org>
+
+- Update to 1.4.0
+  * Fix id_token decoding when kid is null. :pr:`659`
+  * Support for Python 3.13. :pr:`682`
+  * Force login if the prompt parameter value is login. :pr:`637`
+  * Support for httpx 0.28, :pr:`695`
+  * Breaking changes:
+    - Stop support for Python 3.8. :pr:`682`
+- Drop py313-tests.patch, because now in upstream.
+- Drop httpx028.patch, because now in upstream.
+
 -------------------------------------------------------------------
 Thu Dec 19 13:57:51 UTC 2024 - Markéta Machová <mmachova@suse.com>
 
diff --git a/python-Authlib.spec b/python-Authlib.spec
index c58a2b8..636fc51 100644
--- a/python-Authlib.spec
+++ b/python-Authlib.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-Authlib
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,15 +19,13 @@
 %define modname authlib
 %{?sle15_python_module_pythons}
 Name:           python-Authlib
-Version:        1.3.2
+Version:        1.4.0
 Release:        0
 Summary:        Python library for building OAuth and OpenID Connect servers
 License:        BSD-3-Clause
 URL:            https://authlib.org/
 Source:         https://github.com/lepture/%{modname}/archive/refs/tags/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz
-Patch1:         https://github.com/lepture/authlib/commit/d282c1afad676cf8ed3670e60fd43516fc9615de.patch#/py313-tests.patch
-# PATCH-FIX-UPSTREAM https://github.com/lepture/authlib/pull/695 Support httpx 0.28
-Patch2:         httpx028.patch
+BuildRequires:  %{python_module base >= 3.9}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module wheel}