Skip to content

Accept any Collection for algorithms, not just list#98

Merged
lepture merged 1 commit into
authlib:mainfrom
jonathangreen:algorithms-accept-collection
May 21, 2026
Merged

Accept any Collection for algorithms, not just list#98
lepture merged 1 commit into
authlib:mainfrom
jonathangreen:algorithms-accept-collection

Conversation

@jonathangreen

Copy link
Copy Markdown
Contributor

Background

Thank you for the great library 🙇🏻! We use it in a project I work on (https://github.com/ThePalaceProject/circulation). I was migrating from authlib to joserfc (in ThePalaceProject/circulation#3371) and I tried to pass a frozenset of algorithms into jwt.decode, which gave me a type error.

Looking through the code, it looks like any Collection will work, not just a list, so I made this small PR to widen the type hint and added tests covering additional collection types. This ended up being a bit bigger than I expected, since I had to thread the type hint through, but I think it's a helpful improvement for library consumers.

Changes

  • Widen the algorithms parameter type to Collection[str] | None in jwt.py, jws.py, jwe.py, and the JWS/JWE registry constructors.
  • Update the corresponding docstrings.
  • Add regression tests decoding with list/tuple/set/frozenset, and confirm a disallowed algorithm passed as a non-list collection still raises UnsupportedAlgorithmError.

The `algorithms` argument is only ever tested with truthiness and the
`in` operator (it is stored verbatim as `self.allowed` on the JWS/JWE
registries), so a tuple, set, or frozenset works at runtime. Widen the
type hint from `list[str] | None` to `Collection[str] | None` across the
jwt/jws/jwe public APIs and the registry constructors, and add a
regression test covering list/tuple/set/frozenset.
@codecov

codecov Bot commented May 21, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (8b869e8) to head (102a7a7).

Additional details and impacted files
@@            Coverage Diff            @@
##              main       #98   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           47        47           
  Lines         2930      2935    +5     
  Branches       340       340           
=========================================
+ Hits          2930      2935    +5     
Flag Coverage Δ
unittests 100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@lepture lepture merged commit 6d24037 into authlib:main May 21, 2026
10 checks passed
jonathangreen added a commit to ThePalaceProject/circulation that referenced this pull request May 27, 2026
joserfc 1.6.7 includes the upstream fix from authlib/joserfc#98, so the
jwt.decode algorithms arg-type ignore is no longer needed and mypy now
flags it as unused.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants