Accepting request 1311065 from devel:languages:python

- Update to 1.6.5 (fixes CVE-2025-61920, bsc#1251921)
  * RFC7591 generate_client_info and generate_client_secret take a request
    parameter.
  * Add size limitation when decode JWS/JWE to prevent DoS.
  * Add size limitation for DEF JWE zip algorithm.
- Update to 1.6.4
  * fix(jose): prevent public/unprotected header overwriting protected header
    by @lepture in #809
  * Fix InsecureTransportError raising by @azmeuk in #810
  * Add conventional-commits pre-commit hook by @azmeuk in #811
  * Fix response_mode=form_post with Starlette client by @azmeuk in #812
  * Specify README.md as project long description by @EpicWink in #817
  * Migrate tests to pytest paradigm by @azmeuk in #813
  * jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
    by @AL-Cybision in #823
  * Use explicit *.test urls in unit tests by @azmeuk in #824
- Update to 1.6.3
  * Add diff-cover check in GHA by @azmeuk in #803
  * Run GHA unit tests with uv by @azmeuk in #805
  * Move from pre-commit to prek by @azmeuk in #804
  * Sign OIDC id_token according to id_token_signed_response_alg client
    metadata by @azmeuk in #802
- Update to 1.6.2
  * Allow insecure transport for 127.0.0.1 for debugging
    by @geigerzaehler in #788
  * Raise a MissingCodeError when code parameter is missing by @lepture in #786
  * Temporarily restore OAuth2Request body parameter by @azmeuk in #791
  * Raise MissingCodeException when code parameter is missing
    by @lepture in #794
  * Fix id_token generation with EdDSA alg by @azmeuk in #800
- Update test requirements (forwarded request 1311035 from nkrapp)

OBS-URL: https://build.opensuse.org/request/show/1311065
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Authlib?expand=0&rev=26

authlib-1.3.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a8a74e0f1179318bbf898082ad0565f30b1d63bbed7b370529a395d5912380e3
-size 319831

authlib-1.6.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:488ea98a032cb803e3af502cef6db616d76735b631097bc661b2a9dd10db73cc
+size 328496

python-Authlib.changes

@@ -1,3 +1,140 @@
+-------------------------------------------------------------------
+Mon Oct 13 08:51:01 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
+
+- Update to 1.6.5 (fixes CVE-2025-61920, bsc#1251921)
+  * RFC7591 generate_client_info and generate_client_secret take a request
+    parameter.
+  * Add size limitation when decode JWS/JWE to prevent DoS.
+  * Add size limitation for DEF JWE zip algorithm.
+- Update to 1.6.4
+  * fix(jose): prevent public/unprotected header overwriting protected header
+    by @lepture in #809
+  * Fix InsecureTransportError raising by @azmeuk in #810
+  * Add conventional-commits pre-commit hook by @azmeuk in #811
+  * Fix response_mode=form_post with Starlette client by @azmeuk in #812
+  * Specify README.md as project long description by @EpicWink in #817
+  * Migrate tests to pytest paradigm by @azmeuk in #813
+  * jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
+    by @AL-Cybision in #823
+  * Use explicit *.test urls in unit tests by @azmeuk in #824
+- Update to 1.6.3
+  * Add diff-cover check in GHA by @azmeuk in #803
+  * Run GHA unit tests with uv by @azmeuk in #805
+  * Move from pre-commit to prek by @azmeuk in #804
+  * Sign OIDC id_token according to id_token_signed_response_alg client
+    metadata by @azmeuk in #802
+- Update to 1.6.2
+  * Allow insecure transport for 127.0.0.1 for debugging
+    by @geigerzaehler in #788
+  * Raise a MissingCodeError when code parameter is missing by @lepture in #786
+  * Temporarily restore OAuth2Request body parameter by @azmeuk in #791
+  * Raise MissingCodeException when code parameter is missing
+    by @lepture in #794
+  * Fix id_token generation with EdDSA alg by @azmeuk in #800
+- Update test requirements
+
+-------------------------------------------------------------------
+Tue Aug  5 07:34:40 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.6.1
+  * Filter key set with additional "alg" and "use" parameters.
+- Fix bogus version number in previous changelog entry
+- Rename README.rst to README.md in %files section
+
+-------------------------------------------------------------------
+Tue Jun  3 06:26:39 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.6.0
+  * Fix issue when RFC9207 is enabled and the authorization endpoint
+    response is not a redirection. pull request #733
+  * Fix missing state parameter in authorization error responses.
+    issue #525
+  * Support for acr and amr claims in id_token. issue #734
+  * Support for the none JWS algorithm.
+  * Fix response_types strict order during dynamic client
+    registration. issue #760
+  * Implement RFC9101 The OAuth 2.0 Authorization Framework:
+    JWT-Secured Authorization Request (JAR). issue #723
+  * OIDC UserInfo endpoint support. issue #459
+- Drop 767-skip-xc20p-tests.patch, merged upstream
+
+-------------------------------------------------------------------
+Fri May  2 21:29:54 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add 767-skip-xc20p-tests.patch to skip unavailable tests
+  (gh#authlib/authlib#456).
+
+-------------------------------------------------------------------
+Wed Apr 23 10:49:33 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.5.2
+  * Forbid fragments in ``redirect_uris``. :issue:`714`
+  * Fix invalid characters in ``error_description``. :issue:`720`
+  * Add ``claims_cls``` parameter for client's ``parse_id_token``
+    method. :issue:`725`
+
+-------------------------------------------------------------------
+Mon Apr 14 05:42:44 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Support both lowercased and unnormalized metadata directory names.
+
+-------------------------------------------------------------------
+Wed Mar 26 00:26:31 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Lowercase metadata directory name.
+
+-------------------------------------------------------------------
+Sun Mar 23 21:41:44 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.5.1:
+  * Fix RFC9207 iss parameter.
+  * Fix token introspection auth method for clients.
+  * Optional typ claim in JWT tokens.
+  * JWT validation leeway.
+  * Implement server-side :rfc:`RFC9207 <9207>`.
+  * generate_id_token can take a kid parameter.
+  * More detailed InvalidClientError.
+  * OpenID Connect Dynamic Client Registration implementation.
+
+-------------------------------------------------------------------
+Thu Feb  6 11:41:00 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.4.1
+  * Improve garbage collection on OAuth clients. (#698)
+  * Fix client parameters for httpx. (#694)
+
+-------------------------------------------------------------------
+Fri Jan 24 18:21:06 UTC 2025 - ecsos <ecsos@opensuse.org>
+
+- Update to 1.4.0
+  * Fix id_token decoding when kid is null. :pr:`659`
+  * Support for Python 3.13. :pr:`682`
+  * Force login if the prompt parameter value is login. :pr:`637`
+  * Support for httpx 0.28, :pr:`695`
+  * Breaking changes:
+    - Stop support for Python 3.8. :pr:`682`
+- Drop py313-tests.patch, because now in upstream.
+- Drop httpx028.patch, because now in upstream.
+
+-------------------------------------------------------------------
+Thu Dec 19 13:57:51 UTC 2024 - Markéta Machová <mmachova@suse.com>
+
+- Add httpx028.patch to add compatibility with new httpx
+
+-------------------------------------------------------------------
+Thu Oct 31 09:13:27 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- add py313-tests.patch
+- modernize spec file
+
+-------------------------------------------------------------------
+Sat Sep 28 20:03:15 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.3.2:
+  * Prevent ever-growing session size for OAuth clients.
+  * Revert quote client id and secret.
+  * unquote basic auth header for authorization server.
+
 -------------------------------------------------------------------
 Mon Jun 10 11:05:10 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 

python-Authlib.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-Authlib
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,13 +19,16 @@
 %define modname authlib
 %{?sle15_python_module_pythons}
 Name:           python-Authlib
-Version:        1.3.1
+Version:        1.6.5
 Release:        0
 Summary:        Python library for building OAuth and OpenID Connect servers
 License:        BSD-3-Clause
 URL:            https://authlib.org/
 Source:         https://github.com/lepture/%{modname}/archive/refs/tags/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz
+BuildRequires:  %{python_module base >= 3.9}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  python-rpm-macros
 # SECTION test requirements
 BuildRequires:  %{python_module anyio}
@@ -38,7 +41,9 @@ BuildRequires:  %{python_module cachelib}
 BuildRequires:  %{python_module cryptography}
 BuildRequires:  %{python_module httpx}
 BuildRequires:  %{python_module pytest-asyncio}
+BuildRequires:  %{python_module pytest-django}
 BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module python-multipart}
 BuildRequires:  %{python_module requests}
 BuildRequires:  %{python_module starlette}
 BuildRequires:  %{python_module typing_extensions}
@@ -53,16 +58,16 @@ BuildArch:      noarch
 A Python library for building OAuth and OpenID Connect servers.
 
 %prep
-%setup -q -n %{modname}-%{version}
+%autosetup -p1 -n %{modname}-%{version}
 # Remove the file containing the commercial license so licensedigger
 # doesn't complain about the dual license
 rm COMMERCIAL-LICENSE
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
@@ -70,17 +75,17 @@ rm COMMERCIAL-LICENSE
 $python -mpytest tests/core
 $python -mpytest tests/flask
 # gh#lepture/authlib#456
-$python -mpytest tests/jose -k 'not (test_dir_alg_xc20p or test_xc20p_content_encryption_decryption)'
+# $python -mpytest tests/jose -k 'not (test_dir_alg_xc20p or test_xc20p_content_encryption_decryption)'
-export DJANGO_SETTINGS_MODULE=tests.clients.test_django.settings
+$python -mpytest tests/jose
+export DJANGO_SETTINGS_MODULE=tests.django_settings
 $python -mpytest tests/clients
-# export DJANGO_SETTINGS_MODULE=tests.django.settings
+$python -mpytest tests/django
-# $python -mpytest tests/django
 }
 
 %files %{python_files}
-%doc README.rst
+%doc README.md
 %license LICENSE
 %{python_sitelib}/%{modname}
-%{python_sitelib}/Authlib-%{version}*-info
+%{python_sitelib}/[Aa]uthlib-%{version}.dist-info
 
 %changelog