([fDddlmZddlmZddlmZmZmZmZddl m Z ddl m Z ddl mZmZddlmZd d d ZGd d ZdZdS))generate_token) url_decode)prepare_grant_uriprepare_token_request!parse_authorization_code_responseparse_implicit_response)prepare_revoke_token_request)create_s256_code_challenge) TokenAuth ClientAuth) OAuth2Errorzapplication/jsonz/application/x-www-form-urlencoded;charset=UTF-8)Acceptz Content-TypeceZdZdZeZeZeZ dZ gZ ddZ dZ dZedZejd Zdd Z dd ZddZ ddZdZ d dZ d dZdZdZ d!dZ ddZ d dZdZdZd"dZ dS)# OAuth2ClientaZConstruct a new OAuth 2 protocol client. :param session: Requests session object to communicate with authorization server. :param client_id: Client ID, which you get from client registration. :param client_secret: Client Secret, which you get from registration. :param token_endpoint_auth_method: client authentication method for token endpoint. :param revocation_endpoint_auth_method: client authentication method for revocation endpoint. :param scope: Scope that you needed to access user resources. :param state: Shared secret to prevent CSRF attack. :param redirect_uri: Redirect URI you registered as callback. :param code_challenge_method: PKCE method name, only S256 is supported. :param token: A dict of token attributes such as ``access_token``, ``token_type`` and ``expires_at``. :param token_placement: The place to put token in HTTP request. Available values: "header", "body", "uri". :param update_token: A function for you to update token. It accept a :class:`OAuth2Token` as parameter. ) response_modenonceprompt login_hintNheaderc  ||_||_||_||_||rd}nd}||_||rd}nd}||_||_||_| |_| | | ||_ | |_ | dd}|rtd| |_tttttd|_i|_dS)Nclient_secret_basicnone token_updaterz " & "jF7O  I]f449SW]9]9]'A-'P'PF# $.2.HF* +, - -A1 #5#5 M!,q  #>##!##Ezr7POSTc |p|j}|dd} | rd| vr|| |S||} | r"d| vrd}t | |} | d|d<||jd}|t|}||jd<|j||fi|}|| |j }|t}||jd }|j |f||||d | S) amGeneric method for fetching an access token from the token endpoint. :param url: Access Token endpoint URL, if not configured, ``authorization_response`` is used to extract token from its fragment (implicit way). :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param method: The HTTP method used to make the request. Defaults to POST, but may also be GET. Other methods should be added as needed. :param headers: Dict to default request headers with. :param auth: An auth tuple or method as accepted by requests. :param grant_type: Use specified grant_type to fetch token :return: A :class:`OAuth2Token` object (a dict too). authorization_responseN#zcode=authorization_code)r#rI grant_typetoken_endpoint)bodyr<methodheaders) r#r,token_from_fragment_extract_session_request_paramsrr.rL_guess_grant_type_prepare_token_endpoint_bodyrBr$DEFAULT_HEADERS _fetch_token) r2rNr\r]r^r<rZr#rPrWsession_kwargsparamss r5 fetch_tokenzOAuth2Client.fetch_tokensp"#!',Dd!K!K ! Kc-C&C&C++,BEJJ J==fEE ! ,g1G&G&G-J6&F$F^F6N  **<88J  *622J*4DM, '0t0zLLVLL <##D$CDDD ?%G ;-##$455C t  f  -   r7ct||}d|vr0||d|d||_|S)Nerrorerror_descriptionri description)r oauth_error_classrLr3)r2rWr#r3s r5r_z OAuth2Client.token_from_fragments_'(>FF e  ((Gn!II&9::)   r7c ||}|p|jd}d|vr|jr |j|d<t d|fd|i|}|t }|jdD]}||||\}}}|||j }|j |f||||d|S)a Fetch a new access token using a refresh token. :param url: Refresh Token endpoint, must be HTTPS. :param refresh_token: The refresh_token to use. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: A :class:`OAuth2Token` object (a dict too). refresh_tokenr&Nr)ror\r^r<) r`r3rLr&rrccopyr0rBr$_refresh_token) r2rNror\r<r^rPrehooks r5rozOAuth2Client.refresh_tokens==fEE%H)H)H & TZ "jF7O$ T  ' +1   ?%**,,G()@A : :D!%c7D!9!9 C$$ <##D$CDDD"t" ),4))')) )r7c|sdS|d}|jd}|r|r|||dS|jddkr?|d}||d}|jr||| dSdS) NTror[rorZclient_credentials access_token)rZ)rv) is_expiredrLr.rorgr+)r2r3rorNrv new_tokens r5ensure_active_tokenz OAuth2Client.ensure_active_tokens!! 4 /22 m 011  S    s-  @ @ @4 ]  | , ,0D D D 0L((9M(NNI  H!!),!GGG4 E Dr7c ,|jd|f|||||d|S)aRevoke token method defined via `RFC7009`_. :param url: Revoke Token endpoint, must be HTTPS. :param token: The token to be revoked. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Revocation Response .. _`RFC7009`: https://tools.ietf.org/html/rfc7009 rr3token_type_hintr\r<r^_handle_token_hintr2rNr3r|r\r<r^rPs r5 revoke_tokenzOAuth2Client.revoke_tokens@ 't& "C=D'==6<== =r7c ,|jd|f|||||d|S)aImplementation of OAuth 2.0 Token Introspection defined via `RFC7662`_. :param url: Introspection Endpoint, must be HTTPS. :param token: The token to be introspected. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Introspection Response .. _`RFC7662`: https://tools.ietf.org/html/rfc7662 rr{r}rs r5introspect_tokenzOAuth2Client.introspect_token(s@ 't& &=D'==6<== =r7c|dkr!|jj|dS||jvrt d||j|j||dS)aRegister a hook for request/response tweaking. Available hooks are: * access_token_response: invoked before token parsing. * refresh_token_request: invoked before refreshing token. * refresh_token_response: invoked before refresh token parsing. * protected_request: invoked before making a request. * revoke_token_request: invoked before revoking a token. * introspect_token_request: invoked before introspecting a token. protected_requestNzHook type %s is not in %s.)r*hooksaddr0r-)r2 hook_typerrs r5register_compliance_hookz%OAuth2Client.register_compliance_hook=s{ + + + O ! % %d + + + F D0 0 09&(<>> > Y'++D11111r7c|jdkr||}d|vr0||d|d||_|jS)Nirirjrk) status_coderaise_for_statusjsonrmrLr3)r2respr3s r5parse_response_tokenz!OAuth2Client.parse_response_tokenRs  s " "  ! ! # # #  e  ((Gn!II&9::)  zr7c |dkr2|jj|ftt |||d|}nJd|vrd||g}nd||g}|jj||f||d|}|jdD] }||}||S)NrUdatar^r<?&)r^r<r) upperr postdictrjoinrequestr0r) r2rNr\r^r<r]rPrrrs r5rdzOAuth2Client._fetch_token_s <<>>V # #$4<$6z$//00d66.466DDczzhhT{++hhT{++'4<'ZW4ZZSYZZD()@A  D4::DD((...r7c |j|f|||d|}|jdD] }||}||} d| vr ||jd<t |jr||j||jS)N)r\r<r^rrort) _http_postr0rr3callabler+) r2rNror\r^r<rPrrrr3s r5rqzOAuth2Client._refresh_tokenrstsTD'TTVTT()AB  D4::DD))$// % ' '*7DJ ' D% & & G   dj  F F Fzr7c v|;|jr4|jdp|jd}|d}t||||\}}|j|D]}||||\}}}|||j}||} |j||f||d| S)NrorvrT)r<r^)r3rLr r0rBr%r`r) r2rrrNr3r|r\r<r^rPres r5r~zOAuth2Client._handle_token_hints =TZ=JNN?33Utz~~n7U7UE <D4 ?D'33 g(. : :D!%c7D!9!9 C$$ <##D$HIID==fEEt E 'EE5CEE Er7c |dkrd|vr |j|d<t||fi|Sd|vr|jr |j|d<t||fi|S)NrYr'r&)r'rr&)r2r\rZrPs r5rbz)OAuth2Client._prepare_token_endpoint_bodyss - - -V++)-):~&(TDDVDD D & TZ "jF7O$Z@@@@@r7cVi}|jD]}||vr||||<|S)zDExtract parameters for session object from the passing ``**kwargs``.)SESSION_REQUEST_PARAMSr,)r2rPrvrQs r5r`z,OAuth2Client._extract_session_request_paramss; , & &AF{{ 1 1 r7c d|jj|ftt|||d|S)Nr)r rrr)r2rNr\r<r^rPs r5rzOAuth2Client._http_postsH t| 2:d++,,$22*022 2r7) NNNNNNNNNrN)NN)NrTrUNNNNrD)NrTNN)NNNNN)rTNNrU)NNN)!__name__ __module__ __qualname____doc__r rAr r)rrmrMrr6r=rBpropertyr3setterrSrgr_roryrrrrrdrqr~rbr`rr7r5rrs*# # >B,015RVDH / / / / b111   %%X% \))\)BEI6:6 6 6 6 p;=)- ) ) ) )D   =A37====*AE7;====*222*   =A"////&HL  IM9=EEEE*AAA222222r7rc.d|vrd}n d|vrd|vrd}nd}|S)NrIrYusernamepasswordrur)rPrZs r5raras; ) v  *"6"6 ) r7N)authlib.common.securityrauthlib.common.urlsrrfc6749.parametersrrrr rfc7009r rfc7636r r<r r baserrcrrarr7r5rs222222****** 211111//////''''''''!E X2X2X2X2X2X2X2X2v r7