([f5ddlZddlZddlmZmZmZddlmZmZm Z ej dZ dZ dZ dZGd d ZdS) N)to_bytes to_unicodeurlsafe_b64encode)InvalidRequestErrorInvalidGrantError OAuth2Requestz^[a-zA-Z0-9\-._~]{43,128}$ctjt|d}t t |S)z8Create S256 code_challenge with the given code_verifier.ascii)hashlibsha256rdigestrr) code_verifierdatas T/var/www/piapp/venv/lib/python3.11/site-packages/authlib/oauth2/rfc7636/challenge.pycreate_s256_code_challengers> >(=':: ; ; B B D DD '-- . ..c||kSNrcode_challenges rcompare_plain_code_challengers N **rc(t||kSr)rrs rcompare_s256_code_challengers %m 4 4 FFrcNeZdZdZdZddgZeedZd dZ dZ dZ d Z d Z d Zd S) CodeChallengeaCodeChallenge extension to Authorization Code Grant. It is used to improve the security of Authorization Code flow for public clients by sending extra "code_challenge" and "code_verifier" to the authorization server. The AuthorizationCodeGrant SHOULD save the ``code_challenge`` and ``code_challenge_method`` into database when ``save_authorization_code``. Then register this extension via:: server.register_grant( AuthorizationCodeGrant, [CodeChallenge(required=True)] ) plainS256)rrTc||_dSr)required)selfr!s r__init__zCodeChallenge.__init__8s   rcr|d|j|d|jdS)N$after_validate_authorization_requestafter_validate_token_request) register_hookvalidate_code_challengevalidate_code_verifier)r"grants r__call__zCodeChallenge.__call__;sP  2  (     *  '     rc|j}|jd}|jd}|s|sdS|std|r||jvrtddSdS)Nrcode_challenge_methodzMissing "code_challenge"z#Unsupported "code_challenge_method")requestrgetrSUPPORTED_CODE_CHALLENGE_METHOD)r"r*r. challengemethods rr(z%CodeChallenge.validate_code_challengeEs!&L$$%566 !!"9::   F B%&@AA A  MfD$HHH%&KLL L M MHHrc|j}|jd}|jr|jdkr|st d|j}||}|s|sdS|st dt |st d| |}||j }|j |}|std|d|||stddS) NrnonezMissing "code_verifier"zInvalid "code_verifier"zNo verify method for ""zCode challenge failed.) description)r.formr/r! auth_methodrauthorization_code get_authorization_code_challengeCODE_VERIFIER_PATTERNmatch'get_authorization_code_challenge_methodDEFAULT_CODE_CHALLENGE_METHODCODE_CHALLENGE_METHODS RuntimeErrorr)r"r*r.verifierr9r1r2funcs rr)z$CodeChallenge.validate_code_verifierRsP!&<##O44 = AW0F::8:%&?@@ @$799:LMM    F A%&?@@ @$**844 A%&?@@ @==>PQQ >7F*..v66 CAAAABB BtHi(( J#0HIII I J Jrc|jS)a[Get "code_challenge" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge(self, authorization_code): return authorization_code.code_challenge :param authorization_code: the instance of authorization_code )rr"r9s rr:z.CodeChallenge.get_authorization_code_challengevs "00rc|jS)apGet "code_challenge_method" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge_method(self, authorization_code): return authorization_code.code_challenge_method :param authorization_code: the instance of authorization_code )r-rDs rr=z5CodeChallenge.get_authorization_code_challenge_methods "77rN)T)__name__ __module__ __qualname____doc__r>r0rrr?r#r+r(r)r:r=rrrrrs  %,!'.&7#.+ !!!!    M M M"J"J"JH 1 1 1 8 8 8 8 8rr)rer authlib.common.encodingrrrrfc6749rrr compiler;rrrrrrrrNs KKKKKKKKKK# #@AA/// +++ GGG k8k8k8k8k8k8k8k8k8k8r