i[fddlZddlZddlZddlmZddlmZddlmZm Z ddl m Z m Z ddl m Z dd lmZdd lmZmZmZGd d ZdS) N)default_json_headersgenerate_token) JsonWebToken JoseError)AccessDeniedErrorInvalidRequestError) scope_to_list)ClientMetadataClaims)InvalidClientMetadataError UnapprovedSoftwareStatementErrorInvalidSoftwareStatementErrorcxeZdZdZdZeZdZdZdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZdZdS)ClientRegistrationEndpointzThe client registration endpoint is an OAuth 2.0 endpoint designed to allow a client to be registered with the authorization server. client_registrationNc||_dSN)server)selfrs S/var/www/piapp/venv/lib/python3.11/site-packages/authlib/oauth2/rfc7591/endpoint.py__init__z#ClientRegistrationEndpoint.__init__s  c,||Sr)create_registration_responserrequests r__call__z#ClientRegistrationEndpoint.__call__!s00999rc||}|st||_||}|}i}||||||||}|||}|r||d|tfS)N) authenticate_tokenr credentialextract_client_metadatagenerate_client_infoupdate save_client!generate_client_registration_infor)rrtokenclient_metadata client_infobodyclientregistration_infos rrz7ClientRegistrationEndpoint.create_registration_response$s''00 &#%% %"66w??//11  O$$$ K   !!+HH BB67SS  + KK) * * *D...rc|jst|j}|dd}|r2|jr+|||}|||}||i|| } | n&#t$r}t|j d}~wwxYw|S)Nsoftware_statement)datar copypop'software_statement_alg_values_supportedextract_software_statementr&get_claims_options claims_classget_server_metadatavalidaterr descriptionget_registered_claims)rr json_datar0r1optionsclaimserrors rr$z2ClientRegistrationEndpoint.extract_client_metadata6s| (%'' 'L%%'' &]]+?FF  #$"N #223EwOOD   T " " "))++""9b'4;S;S;U;UVV @ OO     @ @ @,U->?? ? @++---s8C C0C++C0c||}|st t|j}|||}|S#t $rt wxYwr)resolve_public_keyrrr4decoderr)rr0rkeyjwtr>s rr5z5ClientRegistrationEndpoint.extract_software_statementHs~%%g.. 5244 4 2tKLLCZZ 2C88FM 2 2 2/11 1 2s +AA,c |}|siS|d |d|d|d}i} t  fd}d|i|d<tfd }d|i|d <tfd }d|i|d <|d |i|d<|S)zFGenerate claims options validation from Authorization Server metadata.scopes_supportedresponse_types_supportedgrant_types_supported%token_endpoint_auth_methods_supportedNcn|sdStt|}|S)NT)setr issuperset)r>valuescopesrFs r_validate_scopezFClientRegistrationEndpoint.get_claims_options.._validate_scopecs9 4]51122'226:::rr9scopecV|rt|ndh}|S)NcoderKrL)r>rMresponse_typesrGs r_validate_response_typeszOClientRegistrationEndpoint.get_claims_options.._validate_response_typesns/05!BU6(/::>JJJrrTcV|rt|ndh}|S)Nauthorization_coderS)r>rM grant_typesrHs r_validate_grant_typeszLClientRegistrationEndpoint.get_claims_options.._validate_grant_typesys1-2Mc%jjj8L7M ,77 DDDrrXvaluestoken_endpoint_auth_method)r8getrK) rmetadataauth_methods_supportedr=rOrUrYrHrGrFs @@@rr6z-ClientRegistrationEndpoint.get_claims_optionsUsZ++-- I#<<(:;;#+<<0J#K#K ( -D E E!).U!V!V  '"#344  ; ; ; ; ; !+O$> ! E E E E E '12G%HGM " ! -5=?U4VG0 1rc|}|}ttj}d}t ||||S)Nr) client_id client_secretclient_id_issued_atclient_secret_expires_at)generate_client_idgenerate_client_secretinttimedict)rr`rarbrcs rr%z/ClientRegistrationEndpoint.generate_client_infosa++-- 3355 !$)++..#$ ' 3%=     rcdS)zGenerate ```registration_client_uri`` and ``registration_access_token`` for RFC7592. This method returns ``None`` by default. Developers MAY rewrite this method to return registration information.N)rr-rs rr(zr errorsrrrrrjrrrs //////22222200000000<<<<<<<<######((((((B$B$B$B$B$B$B$B$B$B$r