KiS6ddlmZddlmZddlmZddlmZddlmZddlm Z ddlm Z dd l m Z dd l m Z dd lmZdd lmZdd lmZGdde ZdZy))ContinueIteration) deprecate)ClientAuthentication)InvalidScopeError) OAuth2Error)UnsupportedGrantTypeError)UnsupportedResponseTypeError)Hookable)hooked) JsonRequest) OAuth2Request) scope_to_listceZdZdZdfd ZdZdZ ddZdZddZ dZ d Z d Z d Z d efd Zd efdZdZdZddZdZedZddZdZddZeddZddZdZxZS)AuthorizationServerzAuthorization server that handles Authorization Endpoint and Token Endpoint. :param scopes_supported: A list of supported scopes by this authorization server. ct|||_i|_d|_g|_g|_i|_g|_yN) super__init__scopes_supported_token_generators _client_auth_authorization_grants _token_grants _endpoints _extensions)selfr __class__s w/home/jay/workspace/scripts/.codegraph-venv/lib/python3.12/site-packages/authlib/oauth2/rfc6749/authorization_server.pyrzAuthorizationServer.__init__sE  0!# %'"ct)zQuery OAuth client by client_id. The client model class MUST implement the methods described by :class:`~authlib.oauth2.rfc6749.ClientMixin`. NotImplementedError)r client_ids r query_clientz AuthorizationServer.query_client!s "##r ct)z:Define function to save the generated token into database.r")rtokenrequests r save_tokenzAuthorizationServer.save_token( !##r c|jj|}|s|jjd}|s td|||||||S)aGenerate the token dict. :param grant_type: current requested grant_type. :param client: the client that making the request. :param user: current authorized user. :param expires_in: if provided, use this value as expires_in. :param scope: current requested scope. :param include_refresh_token: should refresh_token be included. :return: Token dict defaultzNo configured token generator) grant_typeclientuserscope expires_ininclude_refresh_token)rget RuntimeError)rr-r.r/r0r1r2funcs rgenerate_tokenz"AuthorizationServer.generate_token,sa(%%))*5))--i8D>? ?!!"7   r c"||j|<y)ayRegister a function as token generator for the given ``grant_type``. Developers MUST register a default token generator with a special ``grant_type=default``:: def generate_bearer_token( grant_type, client, user=None, scope=None, expires_in=None, include_refresh_token=True, ): token = {"token_type": "Bearer", "access_token": ...} if include_refresh_token: token["refresh_token"] = ... ... return token authorization_server.register_token_generator( "default", generate_bearer_token ) If you register a generator for a certain grant type, that generator will only works for the given grant type:: authorization_server.register_token_generator( "client_credentials", generate_bearer_token, ) :param grant_type: string name of the grant type :param func: a function to generate token N)r)rr-r5s rregister_token_generatorz,AuthorizationServer.register_token_generatorPsF.2z*r c|j&|jrt|j|_|j|||S)zAuthenticate client via HTTP request information with the given methods, such as ``client_secret_basic``, ``client_secret_post``. )rr%r)rr(methodsendpoints rauthenticate_clientz'AuthorizationServer.authenticate_clientus@    $):): 4T5F5F GD   '8< 6r ct|tr ||}n||_|jj |j g}|j |y)zAdd extra endpoint to authorization server. e.g. RevocationEndpoint:: authorization_server.register_endpoint(RevocationEndpoint) :param endpoint_cls: A endpoint class or instance. N) isinstancetypeserverr setdefault ENDPOINT_NAMErB)rr; endpointss rregister_endpointz%AuthorizationServer.register_endpointsH h %~H"HOOO..x/E/ErJ "r c|jD]&\}}|j|st||||cSd}|jjx}rO|j |x}r<|jj x}r|j|r|}n|j}td|jjd|jj|)zFind the authorization grant for current request. :param request: OAuth2Request instance. :return: grant instance NzThe response type 'z!' is not supported by the server.) redirect_uri) rra _create_grantpayloadr$r%rpcheck_redirect_uriget_default_redirect_urir response_type)rr(rdrerpr$r. requested_uris rget_authorization_grantz+AuthorizationServer.get_authorization_grants&*%?%? K !Iz55g>$Y GTJJ K  11 19 1**955v5$+OO$@$@@=@00?'4 #)#B#B#DL*!'//"?"?!@@a b OO ) )%  r c|j|} ||_|j|}|j||j |S#t $r!}|j j|_d}~wwxYw)zValidate current HTTP request for authorization page. This page is designed for resource owner to grant or deny the authorization. N)rRr/rw&validate_no_multiple_request_parametervalidate_consent_requestrrrstate)rr(end_usergrantrHs rget_consent_grantz%AuthorizationServer.get_consent_grantsy,,W5 #GL009E  8 8 A  * * ,  "////EK   s9A A8A33A8c|jD]&\}}|j|st||||cSt|jj )zFind the token grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrbrqr rrr-)rr(rdres rget_token_grantz#AuthorizationServer.get_token_grantsV &*%7%7 K !Iz--g6$Y GTJJ K((B(BCCr c"||jvrtd|d|j|}|D]*}|j|} |j||cSy#t$rY9t $r}|j ||cYd}~cSd}~wwxYw)zValidate endpoint request and create endpoint response. :param name: Endpoint name :param request: HTTP request instance. :return: Response z There is no 'z ' endpoint.N)rr4create_endpoint_requestrZrrhandle_error_response)rrKr(rmr;rHs rcreate_endpoint_responsez,AuthorizationServer.create_endpoint_response%s t &tfK@A AOOD) ! BH66w?G B+t++Xg->?? B%  B11'5AA Bs$A B(B0B B Bct|ts|j|}|stdd |j |} |j}|j||}|j|}|jd||S#t $r7}|j j|_|j||cYd}~Sd}~wwxYw#t$r7}|j j|_|j||}Yd}~d}~wwxYw)zValidate authorization request and create authorization response. :param request: HTTP request instance. :param grant_user: if granted, it is resource owner. If denied, it is None. :returns: Response z,The 'grant' parameter will become mandatory.z1.8)versionNafter_authorization_response)rhrrRrrwr rrr{rvalidate_authorization_requestcreate_authorization_responserZr execute_hook)rr( grant_userr}rHrprLresponses rrz1AuthorizationServer.create_authorization_response9s'=1009G De T B44W=  B ??AL66|ZPD+t++T2H 98D0 B%oo33 11'5AA B B!////EK11'5AH Bs5B 1C C ,C>C C  D -DD cH|j|} |j|} |j |j }|j |S#t$r}|j||cYd}~Sd}~wwxYw#t$r}|j||cYd}~Sd}~wwxYw)ziValidate token request and create token response. :param request: HTTP request instance N)rRrr rvalidate_token_requestcreate_token_responserZr)rr(r}rHrLs rrz)AuthorizationServer.create_token_responseXs ,,W5 >((1E >  ( ( *..0D'4''. . ) >--gu= = > >--gu= = >s:A.A< A9A4.A94A9< B!BB!B!cL|j||j||Sr)rZrIrGs rrz)AuthorizationServer.handle_error_responsejs'#t##U4+=+=gu+M%NOOr r)NNNT)r')NN)NNN)__name__ __module__ __qualname____doc__rr%r)r6r8r<r@rDrIrNrrRr rUrZr_rfrnr rwr~rrrrr __classcell__)rs@rrrs $$"" H#2J=1:1$ $ $$k$$*?&#     6* DB(  <>$Pr rc:|||}|r|D] }|| |SrrF)rdrer(rjr}exts rrqrqns, gv &E C J  Lr N)authlib.common.errorsrauthlib.deprecaterr<rerrorsrrr r hooksr r requestsr rutilrrrqrFr rrs?3'5%-0!#[P([P| r