Authlib - pypi Package Compare versions

Comparing version 1.6.8 to 1.6.9

Authlib.egg-info/PKG-INFO

 Metadata-Version: 2.4
 Name: Authlib
-Version: 1.6.8
+Version: 1.6.9
 Summary: The ultimate Python library in building OAuth and OpenID Connect servers and clients.
@@ -5,0 +5,0 @@ Author-email: Hsiaoming Yang <me@lepture.com>

authlib/consts.py

 name = "Authlib"
-version = "1.6.8"
+version = "1.6.9"
 author = "Hsiaoming Yang <me@lepture.com>"
@@ -4,0 +4,0 @@ homepage = "https://authlib.org"

authlib/jose/__init__.py

@@ -58,2 +58,3 @@ """authlib.jose
         "ES256",
+        "ES256K",
         "ES384",
@@ -60,0 +61,0 @@ "ES512",

authlib/jose/rfc7515/jws.py

@@ -264,4 +264,2 @@ from authlib.common.encoding import json_b64encode
         alg = header["alg"]
-        if self._algorithms is not None and alg not in self._algorithms:
-            raise UnsupportedAlgorithmError()
         if alg not in self.ALGORITHMS_REGISTRY:
@@ -271,6 +269,10 @@ raise UnsupportedAlgorithmError()
         algorithm = self.ALGORITHMS_REGISTRY[alg]
+        if self._algorithms is None:
+            if algorithm.deprecated:
+                raise UnsupportedAlgorithmError()
+        elif alg not in self._algorithms:
+            raise UnsupportedAlgorithmError()
+
         if callable(key):
             key = key(header, payload)
-        elif key is None and "jwk" in header:
-            key = header["jwk"]
         key = algorithm.prepare_key(key)
@@ -277,0 +279,0 @@ return algorithm, key

authlib/jose/rfc7515/models.py

@@ -8,2 +8,3 @@ class JWSAlgorithm:
     description = None
+    deprecated = False
     algorithm_type = "JWS"
@@ -10,0 +11,0 @@ algorithm_location = "alg"

authlib/jose/rfc7516/jwe.py

@@ -700,8 +700,16 @@ from collections import OrderedDict
         alg = header["alg"]
-        if self._algorithms is not None and alg not in self._algorithms:
-            raise UnsupportedAlgorithmError()
         if alg not in self.ALG_REGISTRY:
             raise UnsupportedAlgorithmError()
-        return self.ALG_REGISTRY[alg]
 
+        instance = self.ALG_REGISTRY[alg]
+
+        # use all ALG_REGISTRY algorithms
+        if self._algorithms is None:
+            # do not use deprecated algorithms
+            if instance.deprecated:
+                raise UnsupportedAlgorithmError()
+        elif alg not in self._algorithms:
+            raise UnsupportedAlgorithmError()
+        return instance
+
     def get_header_enc(self, header):
@@ -758,4 +766,2 @@ if "enc" not in header:
         key = key(header, None)
-    elif key is None and "jwk" in header:
-        key = header["jwk"]
     return alg.prepare_key(key)

authlib/jose/rfc7516/models.py

@@ -12,2 +12,3 @@ import os
     description = None
+    deprecated = False
     algorithm_type = "JWE"
@@ -14,0 +15,0 @@ algorithm_location = "alg"

authlib/jose/rfc7518/jwe_algs.py

@@ -1,2 +0,2 @@
-import os
+import secrets
 import struct
@@ -44,3 +44,3 @@
         if len(cek) * 8 != enc_alg.CEK_SIZE:
-            raise ValueError('Invalid "cek" length')
+            cek = secrets.token_bytes(enc_alg.CEK_SIZE // 8)
         return cek
@@ -56,2 +56,3 @@
         self.name = name
+        self.deprecated = name == "RSA1_5"
         self.description = description
@@ -80,7 +81,6 @@ self.padding = pad_fn
     def unwrap(self, enc_alg, ek, headers, key):
-        # it will raise ValueError if failed
         op_key = key.get_op_key("unwrapKey")
         cek = op_key.decrypt(ek, self.padding)
         if len(cek) * 8 != enc_alg.CEK_SIZE:
-            raise ValueError('Invalid "cek" length')
+            cek = secrets.token_bytes(enc_alg.CEK_SIZE // 8)
         return cek
@@ -124,3 +124,3 @@
         if len(cek) * 8 != enc_alg.CEK_SIZE:
-            raise ValueError('Invalid "cek" length')
+            cek = secrets.token_bytes(enc_alg.CEK_SIZE // 8)
         return cek
@@ -161,3 +161,3 @@
         iv_size = 96
-        iv = os.urandom(iv_size // 8)
+        iv = secrets.token_bytes(iv_size // 8)
 
@@ -193,3 +193,3 @@ cipher = Cipher(AES(op_key), GCM(iv), backend=default_backend())
         if len(cek) * 8 != enc_alg.CEK_SIZE:
-            raise ValueError('Invalid "cek" length')
+            cek = secrets.token_bytes(enc_alg.CEK_SIZE // 8)
         return cek
@@ -196,0 +196,0 @@

authlib/jose/rfc7518/jws_algs.py

@@ -30,2 +30,3 @@ """authlib.jose.rfc7518.
     description = "No digital signature or MAC performed"
+    deprecated = True
 
@@ -32,0 +33,0 @@ def prepare_key(self, raw_data):

authlib/oidc/core/claims.py

@@ -306,4 +306,4 @@ import hmac
     hash_value = create_half_hash(s, alg)
-    if not hash_value:
-        return True
+    if hash_value is None:
+        return False
     return hmac.compare_digest(hash_value, to_bytes(signature))

PKG-INFO

 Metadata-Version: 2.4
 Name: Authlib
-Version: 1.6.8
+Version: 1.6.9
 Summary: The ultimate Python library in building OAuth and OpenID Connect servers and clients.
@@ -5,0 +5,0 @@ Author-email: Hsiaoming Yang <me@lepture.com>

Alert delta unavailable

Currently unable to show alert delta for PyPI packages.

Improved metrics

Total package byte prevSize

761367

0.04%

Lines of code

16495

0.05%