The API functions don't support static typing well. For example:
If we want to allow other types for identity (e.g. #397), then we can't put types on these public API functions, as we wouldn't know what the correct type is.
The context parameter must be typed as Any and default to None to be compatible with the API. However, some implementations may require a specific type for context and won't accept a default (e.g. aiohttp-admin). There's no way to validate this with a type checker.
Solution
I'm thinking the best approach will be to remove the API functions (everything in api.py), and then use the IdentityPolicy and AuthorizationPolicy classes directly.
A few tweaks will need to be made, but this should make it much easier to subclass and implement these with precise types.
Most of these functions are just calling the methods anyway, so there's not really any extra complexity to just call the methods directly.
Problem
The API functions don't support static typing well. For example:
contextparameter must be typed asAnyand default toNoneto be compatible with the API. However, some implementations may require a specific type forcontextand won't accept a default (e.g. aiohttp-admin). There's no way to validate this with a type checker.Solution
I'm thinking the best approach will be to remove the API functions (everything in api.py), and then use the IdentityPolicy and AuthorizationPolicy classes directly.
A few tweaks will need to be made, but this should make it much easier to subclass and implement these with precise types.
Most of these functions are just calling the methods anyway, so there's not really any extra complexity to just call the methods directly.