Added MyPy configuration in setup.cfg and added a MyPy job to CI

Author: aiudirog

.github/workflows/ci.yml

@@ -26,9 +26,29 @@ jobs:
       - name: Check
         run: python -m flake8
 
+  mypy:
+    name: MyPy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4.1.1
+      - name: Setup Build Tools
+        run: sudo apt-get install -y libkrb5-dev krb5-user krb5-kdc krb5-admin-server krb5-multidev
+      - name: Set Up Python
+        uses: actions/setup-python@v5.0.0
+        with:
+          python-version: '3.13'
+      - name: Install dependencies
+        run: |
+          python -m pip install -U pip
+          python -m pip install mypy .[all]
+      - name: Check
+        run: python -m mypy --install-types --non-interactive
+
   test:
     name: Test
-    needs: flake8
+    needs:
+      - flake8
+      - mypy
     runs-on: ubuntu-latest
     strategy:
       matrix:

HISTORY.rst

@@ -4,6 +4,7 @@ History
 FUTURE: TBD
 -----------
 - Added ``py.typed`` marker to declare this package supports typing (closes #50)
+- Added MyPy configuration in `setup.cfg` and added a MyPy job to CI
 
 0.5.0: 2025-09-08
 -----------------

httpx_gssapi/exceptions.py

@@ -5,14 +5,17 @@
 This module contains the set of exceptions.
 
 """
+
+from typing import Optional
+
 from httpx import RequestError, Request, Response
 
 
 class MutualAuthenticationError(RequestError):
     """Mutual Authentication Error"""
 
     def __init__(self, *,
-                 request: Request = None,
+                 request: Optional[Request] = None,
                  response: Response):
         self.response = response
         super().__init__(

httpx_gssapi/gssapi_.py

@@ -42,10 +42,9 @@
 def _negotiate_value(response: Response) -> Optional[bytes]:
     """Extracts the gssapi authentication token from the appropriate header"""
     authreq = response.headers.get('www-authenticate', None)
-    if authreq:
-        match_obj = _find_auth(authreq)
-        if match_obj:
-            return b64decode(match_obj.group(1))
+    if authreq and (match := _find_auth(authreq)):
+        return b64decode(match.group(1))
+    return None
 
 
 def _sanitize_response(response: Response):
@@ -139,10 +138,10 @@ class HTTPSPNEGOAuth(Auth):
 
     def __init__(self,
                  mutual_authentication: int = DISABLED,
-                 target_name: Optional[str] = "HTTP",
+                 target_name: Optional[Union[str, gssapi.Name]] = "HTTP",
                  delegate: bool = False,
                  opportunistic_auth: bool = False,
-                 creds: gssapi.Credentials = None,
+                 creds: Optional[gssapi.Credentials] = None,
                  mech: Optional[Union[bytes, gssapi.OID]] = SPNEGO,
                  sanitize_mutual_error_response: bool = True):
         self.mutual_authentication = mutual_authentication
@@ -165,7 +164,7 @@ def auth_flow(self, request: Request) -> FlowGen:
 
     def handle_response(self,
                         response: Response,
-                        ctx: SecurityContext = None) -> FlowGen:
+                        ctx: Optional[SecurityContext] = None) -> FlowGen:
         num_401s = 0
         while response.status_code == 401 and num_401s < 2:
             num_401s += 1
@@ -235,7 +234,7 @@ def handle_mutual_auth(self, response: Response, ctx: SecurityContext):
     @_handle_gsserror(gss_stage='stepping', result=_gss_to_spnego_error)
     def set_auth_header(self,
                         request: Request,
-                        response: Response = None) -> SecurityContext:
+                        response: Optional[Response] = None) -> SecurityContext:
         """
         Create a new security context, generate the GSSAPI authentication
         token, and insert it into the request header. The new security context
@@ -286,17 +285,17 @@ def _make_context(self, request: Request) -> SecurityContext:
             used if it isn't included in :py:attr:`target_name`.
         """
         name = self.target_name
-        if type(name) != gssapi.Name:  # type(name) is str
-            if '@' not in name:
+        if type(name) != gssapi.Name:  # None/str
+            if isinstance(name, str) and '@' not in name:
                 name += f"@{request.url.host}"
             name = gssapi.Name(name, gssapi.NameType.hostbased_service)
 
         return SecurityContext(
             usage="initiate",
-            flags=self._gssflags,
+            flags=self._gssflags,  # type: ignore[arg-type] # list[int] is fine
             name=name,
             creds=self.creds,
-            mech=self.mech,
+            mech=self.mech,  # type: ignore[arg-type] # bytes are fine
         )
 
     @property

setup.cfg

@@ -75,6 +75,11 @@ exclude =
     doc,
     httpx_gssapi/_version.py
 
+[mypy]
+packages =
+    httpx_gssapi,
+    tests
+
 [tox:tox]
 envlist = py36, py37, py38, py39, py310
 

tests/conftest.py

@@ -10,7 +10,7 @@
 from http.server import HTTPServer, BaseHTTPRequestHandler
 
 import pytest
-import k5test
+import k5test  # type: ignore[import-untyped]
 
 import gssapi.exceptions
 
@@ -86,7 +86,7 @@ def start_http_server(realm: k5test.K5Realm,
 
     with HTTPServer(server_address=(host, port),
                     RequestHandlerClass=KrbRequestHandler) as httpd:
-        httpd.krb5_realm = realm
+        httpd.krb5_realm = realm  # type: ignore[attr-defined]
         httpd.serve_forever()