Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Authlib for openSUSE:Factory checked in at 2025-08-12 17:04:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Authlib (Old) and /work/SRC/openSUSE:Factory/.python-Authlib.new.1085 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Authlib" Tue Aug 12 17:04:06 2025 rev:25 rq:1298827 version:1.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Authlib/python-Authlib.changes 2025-06-03 17:58:09.181083816 +0200 +++ /work/SRC/openSUSE:Factory/.python-Authlib.new.1085/python-Authlib.changes 2025-08-12 17:05:16.577017324 +0200 @@ -1,0 +2,8 @@ +Tue Aug 5 07:34:40 UTC 2025 - John Paul Adrian Glaubitz <[email protected]> + +- Update to 1.6.1 + * Filter key set with additional "alg" and "use" parameters. +- Fix bogus version number in previous changelog entry +- Rename README.rst to README.md in %files section + +------------------------------------------------------------------- @@ -4 +12 @@ -- Update to 1.6.2 +- Update to 1.6.0 Old: ---- authlib-1.6.0.tar.gz New: ---- authlib-1.6.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Authlib.spec ++++++ --- /var/tmp/diff_new_pack.T1uw2r/_old 2025-08-12 17:05:17.225044423 +0200 +++ /var/tmp/diff_new_pack.T1uw2r/_new 2025-08-12 17:05:17.225044423 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-Authlib # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define modname authlib %{?sle15_python_module_pythons} Name: python-Authlib -Version: 1.6.0 +Version: 1.6.1 Release: 0 Summary: Python library for building OAuth and OpenID Connect servers License: BSD-3-Clause @@ -82,7 +82,7 @@ } %files %{python_files} -%doc README.rst +%doc README.md %license LICENSE %{python_sitelib}/%{modname} %{python_sitelib}/[Aa]uthlib-%{version}.dist-info ++++++ authlib-1.6.0.tar.gz -> authlib-1.6.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/.github/workflows/docs.yml new/authlib-1.6.1/.github/workflows/docs.yml --- old/authlib-1.6.0/.github/workflows/docs.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/authlib-1.6.1/.github/workflows/docs.yml 2025-07-20 09:37:14.000000000 +0200 @@ -0,0 +1,25 @@ +name: docs + +on: + push: + branches-ignore: + - 'wip-*' + pull_request: + branches-ignore: + - 'wip-*' + +env: + FORCE_COLOR: '1' + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install uv + uses: astral-sh/setup-uv@v6 + with: + enable-cache: true + - run: | + uv sync --all-groups + uv run sphinx-build docs build/sphinx/html --fail-on-warning diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/README.md new/authlib-1.6.1/README.md --- old/authlib-1.6.0/README.md 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/README.md 2025-07-20 09:37:14.000000000 +0200 @@ -124,19 +124,10 @@ Authlib offers two licenses: -1. BSD (LICENSE) +1. BSD LICENSE 2. COMMERCIAL-LICENSE -Companies can purchase a commercial license at -[Authlib Plans](https://authlib.org/plans). - -**If your company is creating a closed source OAuth provider, it is strongly -suggested that your company purchasing a commercial license.** - -## Support - -If you need any help, you can always ask questions on StackOverflow with -a tag of "Authlib". DO NOT ASK HELP IN GITHUB ISSUES. - -We also provide commercial consulting and supports. You can find more -information at <https://authlib.org/support>. +Any project, open or closed source, can use the BSD license. +If your company needs commercial support, you can purchase a commercial license at +[Authlib Plans](https://authlib.org/plans). You can find more information at +<https://authlib.org/support>. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/README.rst new/authlib-1.6.1/README.rst --- old/authlib-1.6.0/README.rst 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/README.rst 1970-01-01 01:00:00.000000000 +0100 @@ -1,73 +0,0 @@ -Authlib -======= - -The ultimate Python library in building OAuth and OpenID Connect servers. -JWS, JWK, JWA, JWT are included. - -Useful Links ------------- - -1. Homepage: https://authlib.org/ -2. Documentation: https://docs.authlib.org/ -3. Purchase Commercial License: https://authlib.org/plans -4. Blog: https://blog.authlib.org/ -5. More Repositories: https://github.com/authlib -6. Twitter: https://twitter.com/authlib -7. Donate: https://www.patreon.com/lepture - -Specifications --------------- - -- RFC5849: The OAuth 1.0 Protocol -- RFC6749: The OAuth 2.0 Authorization Framework -- RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage -- RFC7009: OAuth 2.0 Token Revocation -- RFC7515: JSON Web Signature -- RFC7516: JSON Web Encryption -- RFC7517: JSON Web Key -- RFC7518: JSON Web Algorithms -- RFC7519: JSON Web Token -- RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants -- RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants -- RFC7591: OAuth 2.0 Dynamic Client Registration Protocol -- RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol -- RFC7636: Proof Key for Code Exchange by OAuth Public Clients -- RFC7638: JSON Web Key (JWK) Thumbprint -- RFC7662: OAuth 2.0 Token Introspection -- RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE) -- RFC8414: OAuth 2.0 Authorization Server Metadata -- RFC8628: OAuth 2.0 Device Authorization Grant -- RFC9101: The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) -- RFC9207: OAuth 2.0 Authorization Server Issuer Identification -- OpenID Connect 1.0 -- OpenID Connect Discovery 1.0 -- draft-madden-jose-ecdh-1pu-04: Public Key Authenticated Encryption for JOSE: ECDH-1PU - -Implementations ---------------- - -- Requests OAuth 1 Session -- Requests OAuth 2 Session -- Requests Assertion Session -- HTTPX OAuth 1 Session -- HTTPX OAuth 2 Session -- HTTPX Assertion Session -- Flask OAuth 1/2 Client -- Django OAuth 1/2 Client -- Starlette OAuth 1/2 Client -- Flask OAuth 1.0 Server -- Flask OAuth 2.0 Server -- Flask OpenID Connect 1.0 -- Django OAuth 1.0 Server -- Django OAuth 2.0 Server -- Django OpenID Connect 1.0 - -License -------- - -Authlib is licensed under BSD. Please see LICENSE for licensing details. - -If this license does not fit your company, consider to purchase a commercial -license. Find more information on `Authlib Plans`_. - -.. _`Authlib Plans`: https://authlib.org/plans diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/authlib/consts.py new/authlib-1.6.1/authlib/consts.py --- old/authlib-1.6.0/authlib/consts.py 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/authlib/consts.py 2025-07-20 09:37:14.000000000 +0200 @@ -1,5 +1,5 @@ name = "Authlib" -version = "1.6.0" +version = "1.6.1" author = "Hsiaoming Yang <[email protected]>" homepage = "https://authlib.org"; default_user_agent = f"{name}/{version} (+{homepage})" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/authlib/integrations/base_client/sync_openid.py new/authlib-1.6.1/authlib/integrations/base_client/sync_openid.py --- old/authlib-1.6.0/authlib/integrations/base_client/sync_openid.py 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/authlib/integrations/base_client/sync_openid.py 2025-07-20 09:37:14.000000000 +0200 @@ -82,10 +82,10 @@ def load_key(header, _): jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set()) try: - return jwk_set.find_by_kid(header.get("kid")) + return jwk_set.find_by_kid(header.get("kid"), use="sig", alg=header.get("alg")) except ValueError: # re-try with new jwk set jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set(force=True)) - return jwk_set.find_by_kid(header.get("kid")) + return jwk_set.find_by_kid(header.get("kid"), use="sig", alg=header.get("alg")) return load_key diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/authlib/jose/rfc7517/key_set.py new/authlib-1.6.1/authlib/jose/rfc7517/key_set.py --- old/authlib-1.6.0/authlib/jose/rfc7517/key_set.py 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/authlib/jose/rfc7517/key_set.py 2025-07-20 09:37:14.000000000 +0200 @@ -16,7 +16,7 @@ obj = self.as_dict(is_private, **params) return json_dumps(obj) - def find_by_kid(self, kid): + def find_by_kid(self, kid, **params): """Find the key matches the given kid value. :param kid: A string of kid @@ -27,7 +27,28 @@ # of the set if no kid is specified if kid is None and len(self.keys) == 1: return self.keys[0] - for k in self.keys: - if k.kid == kid: - return k + + keys = [key for key in self.keys if key.kid == kid] + if params: + keys = list(_filter_keys_by_params(keys, **params)) + + if len(keys) == 1: + return keys[0] + raise ValueError("Invalid JSON Web Key Set") + + +def _filter_keys_by_params(keys, **params): + _use = params.get("use") + _alg = params.get("alg") + + for key in keys: + designed_use = key.tokens.get("use") + if designed_use and _use and designed_use != _use: + continue + + designed_alg = key.tokens.get("alg") + if designed_alg and _alg and designed_alg != _alg: + continue + + yield key diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/docs/changelog.rst new/authlib-1.6.1/docs/changelog.rst --- old/authlib-1.6.0/docs/changelog.rst 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/docs/changelog.rst 2025-07-20 09:37:14.000000000 +0200 @@ -6,6 +6,13 @@ Here you can see the full list of changes between each Authlib release. +Version 1.6.1 +------------- + +**Released on Jul 20, 2025** + +- Filter key set with additional "alg" and "use" parameters. + Version 1.6.0 ------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/docs/community/funding.rst new/authlib-1.6.1/docs/community/funding.rst --- old/authlib-1.6.0/docs/community/funding.rst 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/docs/community/funding.rst 2025-07-20 09:37:14.000000000 +0200 @@ -29,7 +29,7 @@ Insiders are people who have access to our private repositories, you can become an insider with: -1. purchasing a paid license at https://authlib.org/plans +1. Purchasing a paid license at https://authlib.org/plans 2. Become a sponsor with tiers including "Access to our private repos" benefit PyPI diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/docs/community/licenses.rst new/authlib-1.6.1/docs/community/licenses.rst --- old/authlib-1.6.0/docs/community/licenses.rst 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/docs/community/licenses.rst 2025-07-20 09:37:14.000000000 +0200 @@ -1,8 +1,15 @@ Authlib Licenses ================ -Authlib offers two licenses, one is BSD for open source projects, one is -a commercial license for closed source projects. +Authlib offers two licenses: + +1. BSD LICENSE +2. COMMERCIAL-LICENSE + +Any project, open or closed source, can use the BSD license. +If your company needs commercial support, you can purchase a commercial license at +`Authlib Plans <https://authlib.org/plans>`_. You can find more information at +https://authlib.org/support. Open Source License ------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/docs/community/sustainable.rst new/authlib-1.6.1/docs/community/sustainable.rst --- old/authlib-1.6.0/docs/community/sustainable.rst 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/docs/community/sustainable.rst 2025-07-20 09:37:14.000000000 +0200 @@ -31,8 +31,10 @@ Commercial License ------------------ -Authlib is licensed under BSD for open source projects. If you are -running a business, consider to purchase a commercial license instead. +Authlib is licensed under BSD-3 for any project. +If you are running a business, and you need advanced support, +and wish to help Authlib sustainability, +please consider to purchase a commercial license instead. Find more information on https://authlib.org/support#commercial-license diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/authlib-1.6.0/tests/jose/test_jwk.py new/authlib-1.6.1/tests/jose/test_jwk.py --- old/authlib-1.6.0/tests/jose/test_jwk.py 2025-05-22 14:58:21.000000000 +0200 +++ new/authlib-1.6.1/tests/jose/test_jwk.py 2025-07-20 09:37:14.000000000 +0200 @@ -263,6 +263,28 @@ with pytest.raises(ValueError): JsonWebKey.import_key_set("invalid") + def test_find_by_kid_with_use(self): + key1 = OctKey.import_key("secret", {"kid": "abc", "use": "sig"}) + key2 = OctKey.import_key("secret", {"kid": "abc", "use": "enc"}) + + key_set = KeySet([key1, key2]) + key = key_set.find_by_kid("abc", use="sig") + self.assertEqual(key, key1) + + key = key_set.find_by_kid("abc", use="enc") + self.assertEqual(key, key2) + + def test_find_by_kid_with_alg(self): + key1 = OctKey.import_key("secret", {"kid": "abc", "alg": "HS256"}) + key2 = OctKey.import_key("secret", {"kid": "abc", "alg": "dir"}) + + key_set = KeySet([key1, key2]) + key = key_set.find_by_kid("abc", alg="HS256") + self.assertEqual(key, key1) + + key = key_set.find_by_kid("abc", alg="dir") + self.assertEqual(key, key2) + def test_thumbprint(self): # https://tools.ietf.org/html/rfc7638#section-3.1 data = read_file_path("thumbprint_example.json")
