Bump requests-oauthlib from 1.3.1 to 2.0.0 (#2293)

* Bump requests-oauthlib from 1.3.1 to 2.0.0 Bumps [requests-oauthlib](https://github.com/requests/requests-oauthlib) from 1.3.1 to 2.0.0. - [Release notes](https://github.com/requests/requests-oauthlib/releases) - [Changelog](https://github.com/requests/requests-oauthlib/blob/master/HISTORY.rst) - [Commits](https://github.com/requests/requests-oauthlib/compare/v1.3.1...v2.0.0) --- updated-dependencies: - dependency-name: requests-oauthlib dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update requests-oauthlib==2.0.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-07-16 02:02:58 -07:00 · 2024-03-30 15:28:02 -07:00 · 2024-03-30 15:28:02 -07:00 · 0d1d2a3e6b
commit 0d1d2a3e6b
parent 452a4afdcf
60 changed files with 2414 additions and 2291 deletions
--- a/lib/oauthlib/oauth2/rfc6749/request_validator.py
+++ b/lib/oauthlib/oauth2/rfc6749/request_validator.py
@ -191,6 +191,7 @@ class RequestValidator:
        claims associated, or `None` in case the token is unknown.

        Below the list of registered claims you should be interested in:
+
        - scope : space-separated list of scopes
        - client_id : client identifier
        - username : human-readable identifier for the resource owner
@ -204,10 +205,10 @@ class RequestValidator:
        - jti : string identifier for the token

        Note that most of them are coming directly from JWT RFC. More details
-        can be found in `Introspect Claims`_ or `_JWT Claims`_.
+        can be found in `Introspect Claims`_ or `JWT Claims`_.

        The implementation can use *token_type_hint* to improve lookup
-        efficency, but must fallback to other types to be compliant with RFC.
+        efficiency, but must fallback to other types to be compliant with RFC.

        The dict of claims is added to request.token after this method.

@ -443,6 +444,7 @@ class RequestValidator:
            - request.user
            - request.scopes
            - request.claims (if given)
+
        OBS! The request.user attribute should be set to the resource owner
        associated with this authorization code. Similarly request.scopes
        must also be set.
@ -451,6 +453,7 @@ class RequestValidator:

        If PKCE is enabled (see 'is_pkce_required' and 'save_authorization_code')
        you MUST set the following based on the information stored:
+
            - request.code_challenge
            - request.code_challenge_method

@ -561,7 +564,7 @@ class RequestValidator:
        OBS! The validation should also set the user attribute of the request
        to a valid resource owner, i.e. request.user = username or similar. If
        not set you will be unable to associate a token with a user in the
-        persistance method used (commonly, save_bearer_token).
+        persistence method used (commonly, save_bearer_token).

        :param username: Unicode username.
        :param password: Unicode password.
@ -671,6 +674,7 @@ class RequestValidator:

        Method is used by:
            - Authorization Code Grant
+            - Refresh Token Grant

        """
        return False