Bump requests-oauthlib from 1.3.1 to 2.0.0 (#2293)

* Bump requests-oauthlib from 1.3.1 to 2.0.0 Bumps [requests-oauthlib](https://github.com/requests/requests-oauthlib) from 1.3.1 to 2.0.0. - [Release notes](https://github.com/requests/requests-oauthlib/releases) - [Changelog](https://github.com/requests/requests-oauthlib/blob/master/HISTORY.rst) - [Commits](https://github.com/requests/requests-oauthlib/compare/v1.3.1...v2.0.0) --- updated-dependencies: - dependency-name: requests-oauthlib dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update requests-oauthlib==2.0.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-08-14 02:26:58 -07:00 · 2024-03-30 15:28:02 -07:00 · 2024-03-30 15:28:02 -07:00 · 0d1d2a3e6b
commit 0d1d2a3e6b
parent 452a4afdcf
60 changed files with 2414 additions and 2291 deletions
--- a/lib/oauthlib/oauth2/rfc6749/endpoints/introspect.py
+++ b/lib/oauthlib/oauth2/rfc6749/endpoints/introspect.py
@ -86,9 +86,9 @@ class IntrospectEndpoint(BaseEndpoint):
        an HTTP POST request with parameters sent as
        "application/x-www-form-urlencoded".

-        token REQUIRED.  The string value of the token.
+        * token REQUIRED.  The string value of the token.
+        * token_type_hint OPTIONAL.

-        token_type_hint OPTIONAL.
        A hint about the type of the token submitted for
        introspection.  The protected resource MAY pass this parameter to
        help the authorization server optimize the token lookup.  If the
@ -96,11 +96,9 @@ class IntrospectEndpoint(BaseEndpoint):
        extend its search across all of its supported token types.  An
        authorization server MAY ignore this parameter, particularly if it
        is able to detect the token type automatically.
-            *  access_token: An Access Token as defined in [`RFC6749`],
-                `section 1.4`_

-            *  refresh_token: A Refresh Token as defined in [`RFC6749`],
-                `section 1.5`_
+        *  access_token: An Access Token as defined in [`RFC6749`], `section 1.4`_
+        *  refresh_token: A Refresh Token as defined in [`RFC6749`], `section 1.5`_

        The introspection endpoint MAY accept other OPTIONAL
        parameters to provide further context to the query.  For
--- a/lib/oauthlib/oauth2/rfc6749/endpoints/metadata.py
+++ b/lib/oauthlib/oauth2/rfc6749/endpoints/metadata.py
@ -10,7 +10,7 @@ import copy
 import json
 import logging

-from .. import grant_types
+from .. import grant_types, utils
 from .authorization import AuthorizationEndpoint
 from .base import BaseEndpoint, catch_errors_and_unavailability
 from .introspect import IntrospectEndpoint
@ -68,7 +68,7 @@ class MetadataEndpoint(BaseEndpoint):
                raise ValueError("key {} is a mandatory metadata.".format(key))

        elif is_issuer:
-            if not array[key].startswith("https"):
+            if not utils.is_secure_transport(array[key]):
                raise ValueError("key {}: {} must be an HTTPS URL".format(key, array[key]))
            if "?" in array[key] or "&" in array[key] or "#" in array[key]:
                raise ValueError("key {}: {} must not contain query or fragment components".format(key, array[key]))
--- a/lib/oauthlib/oauth2/rfc6749/endpoints/revocation.py
+++ b/lib/oauthlib/oauth2/rfc6749/endpoints/revocation.py
@ -42,7 +42,7 @@ class RevocationEndpoint(BaseEndpoint):


        The authorization server responds with HTTP status code 200 if the
-        token has been revoked sucessfully or if the client submitted an
+        token has been revoked successfully or if the client submitted an
        invalid token.

        Note: invalid tokens do not cause an error response since the client
@ -95,7 +95,7 @@ class RevocationEndpoint(BaseEndpoint):
        submitted for revocation.  Clients MAY pass this parameter in order to
        help the authorization server to optimize the token lookup.  If the
        server is unable to locate the token using the given hint, it MUST
-        extend its search accross all of its supported token types.  An
+        extend its search across all of its supported token types.  An
        authorization server MAY ignore this parameter, particularly if it is
        able to detect the token type automatically.  This specification
        defines two such values: