i[fPddlmZddlmZddlmZGddZdZdZdS) )default_json_headersgenerate_token)add_params_to_uric`eZdZdZdZgdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdS)DeviceAuthorizationEndpointaY This OAuth 2.0 [RFC6749] protocol extension enables OAuth clients to request user authorization from applications on devices that have limited input capabilities or lack a suitable browser. Such devices include smart TVs, media consoles, picture frames, and printers, which lack an easy input method or a suitable browser required for traditional OAuth interactions. Here is the authorization flow:: +----------+ +----------------+ | |>---(A)-- Client Identifier --->| | | | | | | |<---(B)-- Device Code, ---<| | | | User Code, | | | Device | & Verification URI | | | Client | | | | | [polling] | | | |>---(E)-- Device Code --->| | | | & Client Identifier | | | | | Authorization | | |<---(F)-- Access Token ---<| Server | +----------+ (& Optional Refresh Token) | | v | | : | | (C) User Code & Verification URI | | : | | v | | +----------+ | | | End User | | | | at |<---(D)-- End user reviews --->| | | Browser | authorization request | | +----------+ +----------------+ This DeviceAuthorizationEndpoint is the implementation of step (A) and (B). (A) The client requests access from the authorization server and includes its client identifier in the request. (B) The authorization server issues a device code and an end-user code and provides the end-user verification URI. device_authorization)client_secret_basicclient_secret_postnonestringic||_dSN)server)selfrs S/var/www/piapp/venv/lib/python3.11/site-packages/authlib/oauth2/rfc8628/endpoint.py__init__z$DeviceAuthorizationEndpoint.__init__<s  c,||Sr)create_endpoint_responserrequests r__call__z$DeviceAuthorizationEndpoint.__call__?s,,W555rc6|j|Sr)rcreate_oauth2_requestrs rcreate_endpoint_requestz3DeviceAuthorizationEndpoint.create_endpoint_requestDs{00999rc`|j||j|j}||_|S)aclient_id is REQUIRED **if the client is not** authenticating with the authorization server as described in Section 3.2.1. of [RFC6749]. This means the endpoint support "none" authentication method. In this case, this endpoint's auth methods are: - client_secret_basic - client_secret_post - none Developers change the value of ``CLIENT_AUTH_METHODS`` in subclass. For instance:: class MyDeviceAuthorizationEndpoint(DeviceAuthorizationEndpoint): # only support ``client_secret_basic`` auth method CLIENT_AUTH_METHODS = ['client_secret_basic'] )rauthenticate_clientCLIENT_AUTH_METHODS ENDPOINT_NAMEclient)rrr"s rrz/DeviceAuthorizationEndpoint.authenticate_clientGs6$00 T-t/ACC rc|||j|j|}|}|}t|d|fg}|||||j|j d}| |j |j|d|tfS)N user_code) device_coder$verification_uriverification_uri_complete expires_ininterval) rrvalidate_requested_scopescopegenerate_device_codegenerate_user_codeget_verification_urir EXPIRES_ININTERVALsave_device_credential client_idr)rrr%r$r&r'datas rrz4DeviceAuthorizationEndpoint.create_endpoint_response^s   ))) ,,W];;;//11 ++-- 4466$5  Y78%:%:!'" 0)B/    ##G$5w}dKKKD...rcP|jdkrtStS)zA method to generate ``user_code`` value for device authorization endpoint. This method will generate a random string like MQNA-JPOZ. Developers can rewrite this method to create their own ``user_code``. digital)USER_CODE_TYPEcreate_digital_user_codecreate_string_user_coders rr.z.DeviceAuthorizationEndpoint.generate_user_codevs*  ) + ++-- -&(((rc tdS)zA method to generate ``device_code`` value for device authorization endpoint. This method will generate a random string of 42 characters. Developers can rewrite this method to create their own ``device_code``. *rr:s rr-z0DeviceAuthorizationEndpoint.generate_device_codes b!!!rct)zDefine the ``verification_uri`` of device authorization endpoint. Developers MUST implement this method in subclass:: def get_verification_uri(self): return 'https://your-company.com/active' NotImplementedErrorr:s rr/z0DeviceAuthorizationEndpoint.get_verification_uris"###rct)avSave device token into database for later use. Developers MUST implement this method in subclass:: def save_device_credential(self, client_id, scope, data): item = DeviceCredential( client_id=client_id, scope=scope, **data ) item.save() r>)rr3r,r4s rr2z2DeviceAuthorizationEndpoint.save_device_credentials"###rN)__name__ __module__ __qualname____doc__r!r r7r0r1rrrrrr.r-r/r2rrrrs&&P+MOOONJH666 :::.///0)))"""$$$ $ $ $ $ $rrcld}dtd|td|gS)NBCDFGHJKLMNPQRSTVWXZ-joinrbases rr9r9s2 !D 88^At,,nQ.E.EF G GGrcd}dtd|td|td|gS)N 0123456789rHrJrLs rr8r8sI D 88q$q$q$  rN) authlib.constsrauthlib.common.securityrauthlib.common.urlsrrr9r8rErrrTs//////222222111111V$V$V$V$V$V$V$V$rHHH r