o ^[2hI@sddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l m Z dd lmZdd lmZd ddZGdddZddZdS))generate_token) url_decode) ClientAuth) TokenAuth) OAuth2Error)!parse_authorization_code_response)parse_implicit_response)prepare_grant_uri)prepare_token_request)prepare_revoke_token_request)create_s256_code_challengezapplication/jsonz/application/x-www-form-urlencoded;charset=UTF-8)Acceptz Content-Typec@s8eZdZdZeZeZeZ dZ gZ            d1ddZ dd Z d d Zed d Zejdd Zd2ddZ       d3ddZd4ddZ d5ddZd4ddZ     d6ddZ     d6ddZdd Zd!d"Z d7d#d$Z d8d%d&Z     d6d'd(Zd)d*Zd+d,Zd9d-d.Z d/d0Z!dS): OAuth2Clienta Construct a new OAuth 2 protocol client. :param session: Requests session object to communicate with authorization server. :param client_id: Client ID, which you get from client registration. :param client_secret: Client Secret, which you get from registration. :param token_endpoint_auth_method: client authentication method for token endpoint. :param revocation_endpoint_auth_method: client authentication method for revocation endpoint. :param scope: Scope that you needed to access user resources. :param state: Shared secret to prevent CSRF attack. :param redirect_uri: Redirect URI you registered as callback. :param code_challenge_method: PKCE method name, only S256 is supported. :param token: A dict of token attributes such as ``access_token``, ``token_type`` and ``expires_at``. :param token_placement: The place to put token in HTTP request. Available values: "header", "body", "uri". :param update_token: A function for you to update token. It accept a :class:`OAuth2Token` as parameter. :param leeway: Time window in seconds before the actual expiration of the authentication token, that the token is considered expired and will be refreshed. ) response_modenonceprompt login_hintNheader<cKs||_||_||_||_|dur|rd}nd}||_|dur%|r#d}nd}||_||_||_| |_| | | ||_ | |_ | dd}|rHt d||_tttttd|_i|_| |_dS)Nclient_secret_basicnone token_updaterz           zOAuth2Client.fetch_tokencCs4t||}d|vr|j|d|dd||_|S)Nerrorerror_descriptionrb description)r oauth_error_classrGr2)r1rQr!r2r4r4r5rYs z OAuth2Client.token_from_fragmentc Ks||}|p |jd}d|vr|jr|j|d<td|fd|i|}|dur,t}|dur6|jd}|jdD] }||||\}}}q;|durQ| |j }|j |f||||d|S)a Fetch a new access token using a refresh token. :param url: Refresh Token endpoint, must be HTTPS. :param refresh_token: The refresh_token to use. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: A :class:`OAuth2Token` object (a dict too). refresh_tokenr$NrUr)rgrVrXr:) rZr2rGr$r r]copyr,r.r?r"_refresh_token) r1rIrgrVr:rXrKr_hookr4r4r5rgs:    zOAuth2Client.refresh_tokencCs|dur|j}|j|jdsdS|d}|jd}|r(|r(|j||ddS|jddkrG|d}|j|dd }|jrE|j||d dSdS) N)r0TrgrUrgrTclient_credentials access_token)rT)rm)r2 is_expiredr0rGr,rgrar))r1r2rgrIrm new_tokenr4r4r5ensure_active_token,s   z OAuth2Client.ensure_active_tokencK4|dur ||j}|jd|f|||||d|S)aRevoke token method defined via `RFC7009`_. :param url: Revoke Token endpoint, must be HTTPS. :param token: The token to be revoked. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Revocation Response .. _`RFC7009`: https://tools.ietf.org/html/rfc7009 Nrr2token_type_hintrVr:rX)r?r#_handle_token_hintr1rIr2rsrVr:rXrKr4r4r5 revoke_token= zOAuth2Client.revoke_tokencKrq)aImplementation of OAuth 2.0 Token Introspection defined via `RFC7662`_. :param url: Introspection Endpoint, must be HTTPS. :param token: The token to be introspected. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Introspection Response .. _`RFC7662`: https://tools.ietf.org/html/rfc7662 Nrrr)r?r"rtrur4r4r5introspect_tokenbrwzOAuth2Client.introspect_tokencCsF|dkr |jj|dS||jvrtd||j|j||dS)aRegister a hook for request/response tweaking. Available hooks are: * access_token_response: invoked before token parsing. * refresh_token_request: invoked before refreshing token. * refresh_token_response: invoked before refresh token parsing. * protected_request: invoked before making a request. * revoke_token_request: invoked before revoking a token. * introspect_token_request: invoked before introspecting a token. protected_requestNzHook type %s is not in %s.)r(hooksaddr.r+)r1 hook_typerjr4r4r5register_compliance_hooks  z%OAuth2Client.register_compliance_hookcCsF|jdkr ||}d|vr|j|d|dd||_|jS)Nirbrcrd) status_coderaise_for_statusjsonrfrGr2)r1respr2r4r4r5parse_response_tokens z!OAuth2Client.parse_response_tokenc Ks|dkr|jj|ftt|||d|}n!d|vr%d||g}nd||g}|jj||f||d|}|jdD]}||}q?||S)NrPdatarXr:?&)rXr:r) upperrpostdictrjoinrequestr.r) r1rIrVrXr:rWrKrrjr4r4r5r^s*   zOAuth2Client._fetch_tokenc Ksn|j|f|||d|}|jdD]}||}q||} d| vr'||jd<t|jr4|j|j|d|jS)N)rVr:rXrrgrk) _http_postr.rr2callabler)) r1rIrgrVrXr:rKrrjr2r4r4r5ris    zOAuth2Client._refresh_tokenc Ks|dur|jr|jdp|jd}|durd}t||||\}}|j|D] } | |||\}}}q'|dur=||j}||} |j||f||d| S)NrgrmrO)r:rX)r2rGr r.r?r#rZr) r1rjrIr2rsrVr:rXrKr.r_r4r4r5rts   zOAuth2Client._handle_token_hintcKsV|dkrd|vr |j|d<t||fi|Sd|vr"|jr"|j|d<t||fi|S)NrSr%r$)r%r r$)r1rVrTrKr4r4r5r\s  z)OAuth2Client._prepare_token_endpoint_bodycCs*i}|jD] }||vr||||<q|S)zDExtract parameters for session object from the passing ``**kwargs``.)SESSION_REQUEST_PARAMSr*)r1rKrvrLr4r4r5rZs  z,OAuth2Client._extract_session_request_paramscKs$|jj|ftt|||d|S)Nr)rrrr)r1rIrVr:rXrKr4r4r5rszOAuth2Client._http_postcCs|`dSr@)rrAr4r4r5__del__szOAuth2Client.__del__) NNNNNNNNNrNr)NN)NrOrPNNNNr@)NNrONN)NNNNN)rONNrP)NrONN)NNN)"__name__ __module__ __qualname____doc__rr>rr'rrfrHrr6r;r?propertyr2setterrNrarYrgrprvrxr}rr^rirtr\rZrrr4r4r4r5rs @    + @ * ( %     rcCs0d|vrd}|Sd|vrd|vrd}|Sd}|S)NrDrSusernamepasswordrlr4)rKrTr4r4r5r[sr[N)authlib.common.securityrauthlib.common.urlsrr:rrbaserrfc6749.parametersrr r r rfc7009r rfc7636r r]rr[r4r4r4r5s&           w