([fz.rddlmZddlmZddlmZmZddlmZm Z m Z m Z ddl m Z GddZd Zd S) )ContinueIteration)ClientAuthentication) OAuth2Request JsonRequest) OAuth2ErrorInvalidScopeErrorUnsupportedResponseTypeErrorUnsupportedGrantTypeError) scope_to_listceZdZdZddZdZdZ ddZdZdd Z d Z d Z d Z de fdZdefdZdZddZddZdZdZddZdZddZddZddZdZdS) AuthorizationServerzAuthorization server that handles Authorization Endpoint and Token Endpoint. :param scopes_supported: A list of supported scopes by this authorization server. NcZ||_i|_d|_g|_g|_i|_dSN)scopes_supported_token_generators _client_auth_authorization_grants _token_grants _endpoints)selfrs _/var/www/piapp/venv/lib/python3.11/site-packages/authlib/oauth2/rfc6749/authorization_server.py__init__zAuthorizationServer.__init__s5 0!# %'"ct)zQuery OAuth client by client_id. The client model class MUST implement the methods described by :class:`~authlib.oauth2.rfc6749.ClientMixin`. NotImplementedError)r client_ids r query_clientz AuthorizationServer.query_clients "###rct)z:Define function to save the generated token into database.r)rtokenrequests r save_tokenzAuthorizationServer.save_token"!###rTc|j|}|s|jd}|std|||||||S)aGenerate the token dict. :param grant_type: current requested grant_type. :param client: the client that making the request. :param user: current authorized user. :param expires_in: if provided, use this value as expires_in. :param scope: current requested scope. :param include_refresh_token: should refresh_token be included. :return: Token dict defaultzNo configured token generator) grant_typeclientuserscope expires_ininclude_refresh_token)rget RuntimeError)rr'r(r)r*r+r,funcs rgenerate_tokenz"AuthorizationServer.generate_token&s|%))*55 9)--i88D @>?? ?t!&t5!9NPPP Prc||j|<dS)aRegister a function as token generator for the given ``grant_type``. Developers MUST register a default token generator with a special ``grant_type=default``:: def generate_bearer_token(grant_type, client, user=None, scope=None, expires_in=None, include_refresh_token=True): token = {'token_type': 'Bearer', 'access_token': ...} if include_refresh_token: token['refresh_token'] = ... ... return token authorization_server.register_token_generator('default', generate_bearer_token) If you register a generator for a certain grant type, that generator will only works for the given grant type:: authorization_server.register_token_generator('client_credentials', generate_bearer_token) :param grant_type: string name of the grant type :param func: a function to generate token N)r)rr'r/s rregister_token_generatorz,AuthorizationServer.register_token_generator>s..2z***rr!c~|j |jrt|j|_||||S)zAuthenticate client via HTTP request information with the given methods, such as ``client_secret_basic``, ``client_secret_post``. )rrr)rr"methodsendpoints rauthenticate_clientz'AuthorizationServer.authenticate_clientWs@   $): $ 4T5F G GD   '8<< > > > > ? ?rct|tr ||}n||_|j|jg}||dS)zAdd extra endpoint to authorization server. e.g. RevocationEndpoint:: authorization_server.register_endpoint(RevocationEndpoint) :param endpoint_cls: A endpoint class or instance. N) isinstancetypeserverr setdefault ENDPOINT_NAMEr[)rr5 endpointss rregister_endpointz%AuthorizationServer.register_endpoints` h % % #x~~HH"HOO..x/ErJJ """""rc|jD].\}}||rt||||cS/t|j)zFind the authorization grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrX _create_grantr response_typerr"r\r]s rget_authorization_grantz+AuthorizationServer.get_authorization_grantse (,'A K K #Y 55g>> K$Y GTJJJJJ K*7+@AAArc||}||_||}||S)zValidate current HTTP request for authorization page. This page is designed for resource owner to grant or deny the authorization. )rHr)rkvalidate_consent_request)rr"end_usergrants rget_consent_grantz%AuthorizationServer.get_consent_grantsH,,W55 ,,W55 &&((( rc|jD].\}}||rt||||cS/t|j)zFind the token grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrYrhr r'rjs rget_token_grantz#AuthorizationServer.get_token_grantse (,'9 K K #Y --g66 K$Y GTJJJJJ K'(:;;;rc*||jvrtd|d|j|}|D]f}||} |j||cS#t$rY9t $r"}|||cYd}~cSd}~wwxYwdS)zValidate endpoint request and create endpoint response. :param name: Endpoint name :param request: HTTP request instance. :return: Response z There is no "z " endpoint.N)rr.create_endpoint_requestrPrrhandle_error_response)rrAr"rer5r>s rcreate_endpoint_responsez,AuthorizationServer.create_endpoint_responses t & &@t@@@AA AOD) ! B BH66w??G B+t+XXg->->????$    B B B11'5AAAAAAAAAA B  B Bs$A B% B.B B Bct|ts||} ||}n-#t$r }|||cYd}~Sd}~wwxYw |}|||}|j|S#t$r }|||cYd}~Sd}~wwxYw)zValidate authorization request and create authorization response. :param request: HTTP request instance. :param grant_user: if granted, it is resource owner. If denied, it is None. :returns: Response N) r`rrHrkr ruvalidate_authorization_requestcreate_authorization_responserPr)rr" grant_userror> redirect_urirBs rryz1AuthorizationServer.create_authorization_responses'=11 :0099G >0099EE+ > > >--gu== = = = = = = > > ??AAL66|ZPPD'4'. . > > >--gu== = = = = = = >s;A A, A'!A,'A,03B$$ C.C C Cct||} ||}n-#t$r }|||cYd}~Sd}~wwxYw ||}|j|S#t$r }|||cYd}~Sd}~wwxYw)ziValidate token request and create token response. :param request: HTTP request instance N)rHrrr ruvalidate_token_requestcreate_token_responserPr)rr"ror>rBs rr~z)AuthorizationServer.create_token_responses ,,W55 >((11EE( > > >--gu== = = = = = = > >  ( ( * * *..00D'4'. . > > >--gu== = = = = = = >s8- AA AA1B B7B2,B72B7cP|j||||Sr)rPr?r=s rruz)AuthorizationServer.handle_error_response$s,#t#UU4+=+=gu+M+M%N%NOOrr)NNNT)r!)NN)__name__ __module__ __qualname____doc__rrr#r0r2r6r:r?rDrrHrrKrPrVr^rfrkrprrrvryr~rur<rrrr s $$$$$$CG>BPPPP02222====1116$$$ $ $$$$$k$$$$$$$5555????&### B B B     < < <BBBB(>>>>.>>>>$PPPPPrrcB|||}|r|D] }|||Srr<)r\r]r"rbroexts rrhrh(s> Igv & &E  C CJJJJ LrN)authlib.common.errorsrr6rrequestsrrerrorsrr r r utilr rrhr<rrrs33333355555500000000  XPXPXPXPXPXPXPXPvr