chore: address linting and formatting issues

3 weeks ago · a9409b8a36
3 changed files with 37 additions and 26 deletions
--- a/src/keycloak/keycloak_openid.py
+++ b/src/keycloak/keycloak_openid.py
@ -282,8 +282,8 @@ class KeycloakOpenID:
        scope: str = "email",
        state: str = "",
        nonce: str = "",
-        code_challenge: str = None,
-        code_challenge_method: str = None,
+        code_challenge: str | None = None,
+        code_challenge_method: str | None = None,
    ) -> str:
        """
        Get authorization URL endpoint.
@ -327,7 +327,7 @@ class KeycloakOpenID:
        redirect_uri: str = "",
        totp: int | None = None,
        scope: str = "openid",
-        code_verifier: str = None,
+        code_verifier: str | None = None,
        **extra: dict,
    ) -> dict:
        """
@ -1044,8 +1044,8 @@ class KeycloakOpenID:
        scope: str = "email",
        state: str = "",
        nonce: str = "",
-        code_challenge: str = None,
-        code_challenge_method: str = None,
+        code_challenge: str | None = None,
+        code_challenge_method: str | None = None,
    ) -> str:
        """
        Get authorization URL endpoint asynchronously.
@ -1089,7 +1089,7 @@ class KeycloakOpenID:
        redirect_uri: str = "",
        totp: int | None = None,
        scope: str = "openid",
-        code_verifier: str = None,
+        code_verifier: str | None = None,
        **extra: dict,
    ) -> dict:
        """
--- a/src/keycloak/pkce_utils.py
+++ b/src/keycloak/pkce_utils.py
@ -19,30 +19,37 @@
 # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+"""PKCE utility functions for code verifier and code challenge generation."""
+
 import base64
 import hashlib
 import os
-from typing import Tuple


 def generate_code_verifier(length: int = 128) -> str:
    """
-    Generates a high-entropy cryptographic random string for PKCE code_verifier.
+    Generate a high-entropy cryptographic random string for PKCE code_verifier.
+
    RFC 7636 recommends a length between 43 and 128 characters.
    """
    return base64.urlsafe_b64encode(os.urandom(length)).rstrip(b"=").decode("utf-8")[:length]

-def generate_code_challenge(code_verifier: str, method: str = "S256") -> Tuple[str, str]:
+
+def generate_code_challenge(code_verifier: str, method: str = "S256") -> tuple[str, str]:
    """
-    Generates a code_challenge from the code_verifier using the specified method.
-    Supported methods: "S256" (default), "plain"
-    Returns (code_challenge, code_challenge_method)
+    Generate a code_challenge from the code_verifier using the specified method.
+
+    Supported methods: "S256" (default), "plain".
+    Returns (code_challenge, code_challenge_method).
    """
    if method == "S256":
-        code_challenge = base64.urlsafe_b64encode(
-            hashlib.sha256(code_verifier.encode("utf-8")).digest()
-        ).rstrip(b"=").decode("utf-8")
+        code_challenge = (
+            base64.urlsafe_b64encode(hashlib.sha256(code_verifier.encode("utf-8")).digest())
+            .rstrip(b"=")
+            .decode("utf-8")
+        )
        return code_challenge, "S256"
    if method == "plain":
        return code_verifier, "plain"
-    raise ValueError(f"Unsupported PKCE method: {method}")
+    error_msg = f"Unsupported PKCE method: {method}"
+    raise ValueError(error_msg)
--- a/tests/test_pkce_flow.py
+++ b/tests/test_pkce_flow.py
@ -1,13 +1,13 @@
+"""Tests for PKCE flow: code verifier and code challenge handling."""
+
 from unittest import mock

 from keycloak import KeycloakOpenID
 from keycloak.pkce_utils import generate_code_challenge, generate_code_verifier


-def test_pkce_auth_url_and_token(env):
-    """
-    Test PKCE flow: auth_url includes code_challenge, token includes code_verifier.
-    """
+def test_pkce_auth_url_and_token(env: object) -> None:
+    """Test PKCE flow: auth_url includes code_challenge, token includes code_verifier."""
    oid = KeycloakOpenID(
        server_url=f"http://{env.keycloak_host}:{env.keycloak_port}",
        realm_name="master",
@ -27,11 +27,15 @@ def test_pkce_auth_url_and_token(env):

    # Simulate token exchange with PKCE
    # This part would require a real code from Keycloak, so we mock the response
-    with mock.patch.object(oid, "token", return_value={
-        "access_token": mock.ANY,
-        "refresh_token": mock.ANY,
-        "token_type": "Bearer",
-    }) as mocked_token:
+    with mock.patch.object(
+        oid,
+        "token",
+        return_value={
+            "access_token": mock.ANY,
+            "refresh_token": mock.ANY,
+            "token_type": "Bearer",
+        },
+    ) as mocked_token:
        token = oid.token(
            grant_type="authorization_code",
            code="dummy_code",
@ -46,4 +50,4 @@ def test_pkce_auth_url_and_token(env):
        )
        assert "access_token" in token
        assert "refresh_token" in token
-        assert token["token_type"] == "Bearer"
+    assert token["token_type"] == "Bearer"  # noqa: S105