From 5b44752bbcfd4a22f137b76c554bceabc9dc50a015d73ac69e09a8e6fc0eed8d Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sun, 23 Mar 2025 21:42:41 +0000 Subject: [PATCH] - update to 1.5.1: * Fix RFC9207 iss parameter. * Fix token introspection auth method for clients. * Optional typ claim in JWT tokens. * JWT validation leeway. * Implement server-side :rfc:`RFC9207 <9207>`. * generate_id_token can take a kid parameter. * More detailed InvalidClientError. * OpenID Connect Dynamic Client Registration implementation. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Authlib?expand=0&rev=40 --- .gitattributes | 23 ++++++ .gitignore | 1 + authlib-1.3.1.tar.gz | 3 + authlib-1.4.0.tar.gz | 3 + authlib-1.4.1.tar.gz | 3 + authlib-1.5.1.tar.gz | 3 + python-Authlib.changes | 179 +++++++++++++++++++++++++++++++++++++++++ python-Authlib.spec | 89 ++++++++++++++++++++ 8 files changed, 304 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 authlib-1.3.1.tar.gz create mode 100644 authlib-1.4.0.tar.gz create mode 100644 authlib-1.4.1.tar.gz create mode 100644 authlib-1.5.1.tar.gz create mode 100644 python-Authlib.changes create mode 100644 python-Authlib.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/authlib-1.3.1.tar.gz b/authlib-1.3.1.tar.gz new file mode 100644 index 0000000..010c49b --- /dev/null +++ b/authlib-1.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a8a74e0f1179318bbf898082ad0565f30b1d63bbed7b370529a395d5912380e3 +size 319831 diff --git a/authlib-1.4.0.tar.gz b/authlib-1.4.0.tar.gz new file mode 100644 index 0000000..8ae8f96 --- /dev/null +++ b/authlib-1.4.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3d0bcb3697a300844416290634ec689933de6c6f9ac5642c267aa8164b238f89 +size 322334 diff --git a/authlib-1.4.1.tar.gz b/authlib-1.4.1.tar.gz new file mode 100644 index 0000000..85322eb --- /dev/null +++ b/authlib-1.4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1edf089aae7a043b526f6f07b32077e482be12fc36eff27448ced2a44fcd976b +size 322395 diff --git a/authlib-1.5.1.tar.gz b/authlib-1.5.1.tar.gz new file mode 100644 index 0000000..b78019e --- /dev/null +++ b/authlib-1.5.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0125eb3122e0e4e87a8bb81573eda8d4c326f6be81d911cb2f5f11a970800ec6 +size 330575 diff --git a/python-Authlib.changes b/python-Authlib.changes new file mode 100644 index 0000000..7c1d68f --- /dev/null +++ b/python-Authlib.changes @@ -0,0 +1,179 @@ +------------------------------------------------------------------- +Sun Mar 23 21:41:44 UTC 2025 - Dirk Müller + +- update to 1.5.1: + * Fix RFC9207 iss parameter. + * Fix token introspection auth method for clients. + * Optional typ claim in JWT tokens. + * JWT validation leeway. + * Implement server-side :rfc:`RFC9207 <9207>`. + * generate_id_token can take a kid parameter. + * More detailed InvalidClientError. + * OpenID Connect Dynamic Client Registration implementation. + +------------------------------------------------------------------- +Thu Feb 6 11:41:00 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 1.4.1 + * Improve garbage collection on OAuth clients. (#698) + * Fix client parameters for httpx. (#694) + +------------------------------------------------------------------- +Fri Jan 24 18:21:06 UTC 2025 - ecsos + +- Update to 1.4.0 + * Fix id_token decoding when kid is null. :pr:`659` + * Support for Python 3.13. :pr:`682` + * Force login if the prompt parameter value is login. :pr:`637` + * Support for httpx 0.28, :pr:`695` + * Breaking changes: + - Stop support for Python 3.8. :pr:`682` +- Drop py313-tests.patch, because now in upstream. +- Drop httpx028.patch, because now in upstream. + +------------------------------------------------------------------- +Thu Dec 19 13:57:51 UTC 2024 - Markéta Machová + +- Add httpx028.patch to add compatibility with new httpx + +------------------------------------------------------------------- +Thu Oct 31 09:13:27 UTC 2024 - Dirk Müller + +- add py313-tests.patch +- modernize spec file + +------------------------------------------------------------------- +Sat Sep 28 20:03:15 UTC 2024 - Dirk Müller + +- update to 1.3.2: + * Prevent ever-growing session size for OAuth clients. + * Revert quote client id and secret. + * unquote basic auth header for authorization server. + +------------------------------------------------------------------- +Mon Jun 10 11:05:10 UTC 2024 - Daniel Garcia + +- Update to 1.3.1 (CVE-2024-37568, bsc#1226138): + * Prevent OctKey to import ssh and PEM strings. + +------------------------------------------------------------------- +Tue Jan 23 17:10:58 UTC 2024 - Antonio Larrosa + +- Remove the file containing a Commercial license otherwise + licensedigger rejects the dual-licensed package. + See https://docs.authlib.org/en/latest/community/licenses.html . + +------------------------------------------------------------------- +Mon Jan 8 20:58:02 UTC 2024 - Dirk Müller + +- update to 1.3.0: + * Restore AuthorizationServer.create_authorization_response + behavior, via :PR:`558` + * Include leeway in validate_iat() for JWT, via :PR:`565` + * Fix encode_client_secret_basic, via :PR:`594` + * Use single key in JWK if JWS does not specify kid, via + :PR:`596` + * Fix error when RFC9068 JWS has no scope field, via :PR:`598` + * Get werkzeug version using importlib, via :PR:`591` + * New features: + * RFC9068 implementation, via :PR:`586`, by @azmeuk. + * Breaking changes: + * End support for python 3.7 + +------------------------------------------------------------------- +Sun Jun 25 18:48:52 UTC 2023 - Dirk Müller + +- update to 1.2.1: + * Apply headers in ``ClientSecretJWT.sign`` method + * Allow falsy but non-None grant uri params + * Fixed ``authorize_redirect`` for Starlette v0.26.0 + * Removed ``has_client_secret`` method and documentation + * Removed ``request_invalid`` and ``token_revoked`` remaining + occurences and documentation. + * Fixed RFC7591 ``grant_types`` and ``response_types`` default + values + +------------------------------------------------------------------- +Sun Jun 11 14:11:54 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Tue Dec 13 03:19:54 UTC 2022 - Yogalakshmi Arunachalam + +- Update to version 1.2.0 + * Not passing request.body to ResourceProtector, #485. + * Use flask.g instead of _app_ctx_stack, #482. + * Add headers parameter back to ClientSecretJWT, #457. + * Always passing realm parameter in OAuth 1 clients, #339. + * Implemented RFC7592 Dynamic Client Registration Management Protocol, #505` + * Add default_timeout for requests OAuth2Session and AssertionSession. + * Deprecate jwk.loads and jwk.dumps + +------------------------------------------------------------------- +Tue Oct 11 23:14:36 UTC 2022 - Yogalakshmi Arunachalam + +- Update to Version 1.1.0 + * This release contains breaking changes and security fixes. + * Allow to pass claims_options to Framework OpenID Connect clients, via PR#446. + * Fix .stream with context for HTTPX OAuth clients, via PR#465. + * Fix Starlette OAuth client for cache store, via PR#478. + +------------------------------------------------------------------- +Thu Aug 4 06:30:52 UTC 2022 - Steve Kowalik + +- Remove unneeded BuildRequires on mock. +- Remove duplicated BuildRequires on pytest. + +------------------------------------------------------------------- +Mon May 9 22:06:00 UTC 2022 - Matej Cepl + +- Fix tests. + +------------------------------------------------------------------- +Thu Apr 21 11:29:21 UTC 2022 - Michael Ströder + +- Update to 1.0.1 + * Fix authenticate_none method, via #438. + * Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #447. + * Fix missing_token for Flask OAuth client, via #448. + * Allow openid in any place of the scope, via #449. + * Security fix for validating essential value on blank value in JWT, via #445. +- Update to 1.0.0 + * Dropped support for Python 2 + * Removed built-in SQLAlchemy integration. + * The whole framework client integrations have been restructured + +------------------------------------------------------------------- +Tue Nov 16 13:42:27 UTC 2021 - Michael Ströder + +- Update to 0.15.5 + * Make Authlib compatible with latest httpx + * Make Authlib compatible with latest werkzeug + * Allow customize RFC7523 alg value + +------------------------------------------------------------------- +Fri Aug 13 11:16:21 UTC 2021 - John Paul Adrian Glaubitz + +- Update to 0.15.4 + * Security fix when JWT claims is None. + +------------------------------------------------------------------- +Mon Aug 9 22:19:38 UTC 2021 - Jan Engelhardt + +- Drop filler wording from description again. + +------------------------------------------------------------------- +Tue Mar 23 11:52:52 UTC 2021 - Marcus Rueckert + +- Update to 0.15.3 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-3 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-2 + https://docs.authlib.org/en/latest/changelog.html#version-0-15-1 + https://docs.authlib.org/en/latest/changelog.html#version-0-15 + +------------------------------------------------------------------- +Wed Aug 5 14:44:15 UTC 2020 - Stasiek Michalski + +- Initial package + diff --git a/python-Authlib.spec b/python-Authlib.spec new file mode 100644 index 0000000..2656077 --- /dev/null +++ b/python-Authlib.spec @@ -0,0 +1,89 @@ +# +# spec file for package python-Authlib +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define modname authlib +%{?sle15_python_module_pythons} +Name: python-Authlib +Version: 1.5.1 +Release: 0 +Summary: Python library for building OAuth and OpenID Connect servers +License: BSD-3-Clause +URL: https://authlib.org/ +Source: https://github.com/lepture/%{modname}/archive/refs/tags/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz +BuildRequires: %{python_module base >= 3.9} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} +BuildRequires: python-rpm-macros +# SECTION test requirements +BuildRequires: %{python_module anyio} +BuildRequires: %{python_module Django} +BuildRequires: %{python_module Flask-SQLAlchemy} +BuildRequires: %{python_module Flask} +BuildRequires: %{python_module SQLAlchemy} +BuildRequires: %{python_module Werkzeug} +BuildRequires: %{python_module cachelib} +BuildRequires: %{python_module cryptography} +BuildRequires: %{python_module httpx} +BuildRequires: %{python_module pytest-asyncio} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module requests} +BuildRequires: %{python_module starlette} +BuildRequires: %{python_module typing_extensions} +# /SECTION +BuildRequires: fdupes +Requires: python-cryptography +Suggests: python-requests +BuildArch: noarch +%python_subpackages + +%description +A Python library for building OAuth and OpenID Connect servers. + +%prep +%autosetup -p1 -n %{modname}-%{version} +# Remove the file containing the commercial license so licensedigger +# doesn't complain about the dual license +rm COMMERCIAL-LICENSE + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib} PYTHONDONTWRITEBYTECODE=1 +$python -mpytest tests/core +$python -mpytest tests/flask +# gh#lepture/authlib#456 +$python -mpytest tests/jose -k 'not (test_dir_alg_xc20p or test_xc20p_content_encryption_decryption)' +export DJANGO_SETTINGS_MODULE=tests.clients.test_django.settings +$python -mpytest tests/clients +# export DJANGO_SETTINGS_MODULE=tests.django.settings +# $python -mpytest tests/django +} + +%files %{python_files} +%doc README.rst +%license LICENSE +%{python_sitelib}/%{modname} +%{python_sitelib}/Authlib-%{version}.dist-info + +%changelog