deprecate jwk.loads and jwk.dumps

lepture · lepture · commit e98325a03041 · 2022-12-06T17:30:26.000+09:00
diff --git a/authlib/jose/jwk.py b/authlib/jose/jwk.py
@@ -1,16 +1,17 @@
+from authlib.deprecate import deprecate
 from .rfc7517 import JsonWebKey
 
 
 def loads(obj, kid=None):
-    # TODO: deprecate
+    deprecate('Please use ``JsonWebKey`` directly.')
     key_set = JsonWebKey.import_key_set(obj)
     if key_set:
         return key_set.find_by_kid(kid)
     return JsonWebKey.import_key(obj)
 
 
 def dumps(key, kty=None, **params):
-    # TODO: deprecate
+    deprecate('Please use ``JsonWebKey`` directly.')
     if kty:
         params['kty'] = kty
 
diff --git a/tests/clients/test_django/test_oauth_client.py b/tests/clients/test_django/test_oauth_client.py
@@ -1,5 +1,5 @@
 from unittest import mock
-from authlib.jose import jwk
+from authlib.jose import JsonWebKey
 from authlib.oidc.core.grants.util import generate_id_token
 from authlib.integrations.django_client import OAuth, OAuthError
 from authlib.common.urls import urlparse, url_decode
@@ -201,13 +201,13 @@ def test_oauth2_authorize_code_verifier(self):
     def test_openid_authorize(self):
         request = self.factory.get('/login')
         request.session = self.factory.session
-        key = jwk.dumps('secret', 'oct', kid='f')
+        secret_key = JsonWebKey.import_key('secret', {'kty': 'oct', 'kid': 'f'})
 
         oauth = OAuth()
         client = oauth.register(
             'dev',
             client_id='dev',
-            jwks={'keys': [key]},
+            jwks={'keys': [secret_key.as_dict()]},
             api_base_url='https://i.b/api',
             access_token_url='https://i.b/token',
             authorize_url='https://i.b/authorize',
diff --git a/tests/clients/test_flask/test_user_mixin.py b/tests/clients/test_flask/test_user_mixin.py
@@ -1,11 +1,13 @@
 from unittest import TestCase, mock
 from flask import Flask
-from authlib.jose import jwk
+from authlib.jose import JsonWebKey
 from authlib.jose.errors import InvalidClaimError
 from authlib.integrations.flask_client import OAuth
 from authlib.oidc.core.grants.util import generate_id_token
 from ..util import get_bearer_token, read_key_file
 
+secret_key = JsonWebKey.import_key('secret', {'kty': 'oct', 'kid': 'f'})
+
 
 class FlaskUserMixinTest(TestCase):
     def test_fetch_userinfo(self):
@@ -32,10 +34,9 @@ def fake_send(sess, req, **kwargs):
                 self.assertEqual(user.sub, '123')
 
     def test_parse_id_token(self):
-        key = jwk.dumps('secret', 'oct', kid='f')
         token = get_bearer_token()
         id_token = generate_id_token(
-            token, {'sub': '123'}, key,
+            token, {'sub': '123'}, secret_key,
             alg='HS256', iss='https://i.b',
             aud='dev', exp=3600, nonce='n',
         )
@@ -48,7 +49,7 @@ def test_parse_id_token(self):
             client_id='dev',
             client_secret='dev',
             fetch_token=get_bearer_token,
-            jwks={'keys': [key]},
+            jwks={'keys': [secret_key.as_dict()]},
             issuer='https://i.b',
             id_token_signing_alg_values_supported=['HS256', 'RS256'],
         )
@@ -70,10 +71,9 @@ def test_parse_id_token(self):
             )
 
     def test_parse_id_token_nonce_supported(self):
-        key = jwk.dumps('secret', 'oct', kid='f')
         token = get_bearer_token()
         id_token = generate_id_token(
-            token, {'sub': '123', 'nonce_supported': False}, key,
+            token, {'sub': '123', 'nonce_supported': False}, secret_key,
             alg='HS256', iss='https://i.b',
             aud='dev', exp=3600,
         )
@@ -86,7 +86,7 @@ def test_parse_id_token_nonce_supported(self):
             client_id='dev',
             client_secret='dev',
             fetch_token=get_bearer_token,
-            jwks={'keys': [key]},
+            jwks={'keys': [secret_key.as_dict()]},
             issuer='https://i.b',
             id_token_signing_alg_values_supported=['HS256', 'RS256'],
         )
@@ -96,23 +96,24 @@ def test_parse_id_token_nonce_supported(self):
             self.assertEqual(user.sub, '123')
 
     def test_runtime_error_fetch_jwks_uri(self):
-        key = jwk.dumps('secret', 'oct', kid='f')
         token = get_bearer_token()
         id_token = generate_id_token(
-            token, {'sub': '123'}, key,
+            token, {'sub': '123'}, secret_key,
             alg='HS256', iss='https://i.b',
             aud='dev', exp=3600, nonce='n',
         )
 
         app = Flask(__name__)
         app.secret_key = '!'
         oauth = OAuth(app)
+        alt_key = secret_key.as_dict()
+        alt_key['kid'] = 'b'
         client = oauth.register(
             'dev',
             client_id='dev',
             client_secret='dev',
             fetch_token=get_bearer_token,
-            jwks={'keys': [jwk.dumps('secret', 'oct', kid='b')]},
+            jwks={'keys': [alt_key]},
             issuer='https://i.b',
             id_token_signing_alg_values_supported=['HS256'],
         )
@@ -137,7 +138,7 @@ def test_force_fetch_jwks_uri(self):
             client_id='dev',
             client_secret='dev',
             fetch_token=get_bearer_token,
-            jwks={'keys': [jwk.dumps('secret', 'oct', kid='f')]},
+            jwks={'keys': [secret_key.as_dict()]},
             jwks_uri='https://i.b/jwks',
             issuer='https://i.b',
         )
diff --git a/tests/clients/test_starlette/test_user_mixin.py b/tests/clients/test_starlette/test_user_mixin.py
@@ -1,12 +1,14 @@
 import pytest
 from starlette.requests import Request
 from authlib.integrations.starlette_client import OAuth
-from authlib.jose import jwk
+from authlib.jose import JsonWebKey
 from authlib.jose.errors import InvalidClaimError
 from authlib.oidc.core.grants.util import generate_id_token
 from ..util import get_bearer_token, read_key_file
 from ..asgi_helper import AsyncPathMapDispatch
 
+secret_key = JsonWebKey.import_key('secret', {'kty': 'oct', 'kid': 'f'})
+
 
 async def run_fetch_userinfo(payload):
     oauth = OAuth()
@@ -42,10 +44,9 @@ async def test_fetch_userinfo():
 
 @pytest.mark.asyncio
 async def test_parse_id_token():
-    key = jwk.dumps('secret', 'oct', kid='f')
     token = get_bearer_token()
     id_token = generate_id_token(
-        token, {'sub': '123'}, key,
+        token, {'sub': '123'}, secret_key,
         alg='HS256', iss='https://i.b',
         aud='dev', exp=3600, nonce='n',
     )
@@ -57,7 +58,7 @@ async def test_parse_id_token():
         client_id='dev',
         client_secret='dev',
         fetch_token=get_bearer_token,
-        jwks={'keys': [key]},
+        jwks={'keys': [secret_key.as_dict()]},
         issuer='https://i.b',
         id_token_signing_alg_values_supported=['HS256', 'RS256'],
     )
@@ -75,10 +76,9 @@ async def test_parse_id_token():
 
 @pytest.mark.asyncio
 async def test_runtime_error_fetch_jwks_uri():
-    key = jwk.dumps('secret', 'oct', kid='f')
     token = get_bearer_token()
     id_token = generate_id_token(
-        token, {'sub': '123'}, key,
+        token, {'sub': '123'}, secret_key,
         alg='HS256', iss='https://i.b',
         aud='dev', exp=3600, nonce='n',
     )
