Skip to content

third-party blocks: type stubs and documentation #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
divarvel merged 2 commits into from
Sep 19, 2025
Merged

third-party blocks: type stubs and documentation #47

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7e7e3c7
feat: add bindings for third-party blocks management
divarvel Sep 19, 2025
e558396
doc: 3rd party blocks doctests
divarvel Sep 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions biscuit_auth.pyi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,10 +178,38 @@ class Biscuit:
# :rtype: Biscuit
def append(self, block: BlockBuilder) -> Biscuit: ...

# Create a new `Biscuit` by appending a third-party attenuation block
#
# :param external_key: the public key of the third-party that signed the block.
# :type external_key: PublicKey
# :param block: the third party block to append
# :type block: ThirdPartyBlock
# :return: the attenuated biscuit
# :rtype: Biscuit
def append_third_party(
self,
external_key: PublicKey,
block: ThirdPartyBlock,
) -> Biscuit: ...

# Create a third-party request for generating third-party blocks.
#
# :return: the third-party request
# :rtype: ThirdPartyRequest
def third_party_request(self) -> ThirdPartyRequest: ...

# The revocation ids of the token, encoded as hexadecimal strings
@property
def revocation_ids(self) -> List[str]: ...

# Get the external key of a block if it exists
#
# :param index: the block index
# :type index: int
# :return: the public key if it exists
# :rtype: str | None
def block_external_key(self, index: int) -> str | None: ...

class AuthorizerBuilder:
# Create a new authorizer from a datalog snippet and optional parameter values
#
Expand Down Expand Up @@ -597,3 +625,23 @@ class UnverifiedBiscuit:
@property
def revocation_ids(self) -> List[str]: ...
def verify(self, root: PublicKey) -> Biscuit: ...

class ThirdPartyRequest:
# Create a third-party block
#
# :param private_key: the third-party's private key used to sign the block
# :type external_key: PrivateKey
# :param block: the block builder to be signed
# :type block: BlockBuilder
# :return: a signed block that can be appended to a Biscuit
# :rtype: ThirdPartyBlock
#
# :note: this method consumes the `ThirdPartyRequest` object.
def create_block(
self,
private_key: PrivateKey,
block: BlockBuilder
) -> ThirdPartyBlock: ...

class ThirdPartyBlock:
pass
9 changes: 9 additions & 0 deletions docs/basic-use.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,3 +117,12 @@ Save and load snapshots

>>> snapshot = authorizer.base64_snapshot()
>>> parsed = Authorizer.from_base64_snapshot(snapshot)

Third-party blocks
------------------

>>> external_keypair = KeyPair()
>>> third_party_request = token.third_party_request()
>>> new_block = BlockBuilder("external(true)")
>>> third_party_block = third_party_request.create_block(external_keypair.private_key, new_block)
>>> new_biscuit = token.append_third_party(external_keypair.public_key, third_party_block)
Loading