o Df @s`dZddlZddlmZmZddlmZddlmZm Z m Z m Z e e ZGdd d eeZdS) a authlib.oauth2.rfc6749.grants.refresh_token ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A special grant endpoint for refresh_token grant_type. Refreshing an Access Token per `Section 6`_. .. _`Section 6`: https://tools.ietf.org/html/rfc6749#section-6 N) BaseGrantTokenEndpointMixin) scope_to_list)InvalidRequestErrorInvalidScopeErrorInvalidGrantErrorUnauthorizedClientErrorc@s`eZdZdZdZdZddZddZdd Zd d Z d d Z ddZ ddZ ddZ ddZdS)RefreshTokenGrantzA special grant endpoint for refresh_token grant_type. Refreshing an Access Token per `Section 6`_. .. _`Section 6`: https://tools.ietf.org/html/rfc6749#section-6 refresh_tokenFcCs*|}td|||jst|S)NzValidate token request of %r)"authenticate_token_endpoint_clientlogdebugcheck_grant_type GRANT_TYPEr )selfclientrd/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc6749/grants/refresh_token.py_validate_request_client"s   z*RefreshTokenGrant._validate_request_clientcCs@|jjd}|durtd||}|r||st|S)Nr z#Missing "refresh_token" in request.)requestformgetrauthenticate_refresh_token check_clientr )rrr tokenrrr_validate_request_token.s z)RefreshTokenGrant._validate_request_tokencCsJ|jj}|sdS|}|sttt|}|tt|s#tdS)N)rscope get_scopersetr issuperset)rrroriginal_scoperrr_validate_token_scope8s z'RefreshTokenGrant._validate_token_scopecCs0|}||j_||}||||j_dS)a&If the authorization server issued a refresh token to the client, the client makes a refresh request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body, per Section 6: grant_type REQUIRED. Value MUST be set to "refresh_token". refresh_token REQUIRED. The refresh token issued to the client. scope OPTIONAL. The scope of the access request as described by Section 3.3. The requested scope MUST NOT include any scope not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the resource owner. For example, the client makes the following HTTP request using transport-layer security (with extra line breaks for display purposes only): .. code-block:: http POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA N)rrrrr#r )rrr rrrvalidate_token_requestEs "   z(RefreshTokenGrant.validate_token_requestcCsv|jj}||}|std|jj}|||}td||||j_| ||j d|d| |d||j fS)a If valid and authorized, the authorization server issues an access token as described in Section 5.1. If the request failed verification or is invalid, the authorization server returns an error response as described in Section 5.2. z"There is no "user" for this token.zIssue token %r to %r process_token)r) rr authenticate_userrr issue_tokenrruser save_token execute_hookrevoke_old_credentialTOKEN_RESPONSE_HEADER)rr r)rrrrrcreate_token_responsems     z'RefreshTokenGrant.create_token_responsecCs*|jj}|s |}|j|||jd}|S)N)r)rinclude_refresh_token)rrrgenerate_tokenINCLUDE_NEW_REFRESH_TOKEN)rr)r rrrrrr(szRefreshTokenGrant.issue_tokencCt)aGet token information with refresh_token string. Developers MUST implement this method in subclass:: def authenticate_refresh_token(self, refresh_token): token = Token.get(refresh_token=refresh_token) if token and not token.refresh_token_revoked: return token :param refresh_token: The refresh token issued to the client :return: token NotImplementedErrorrr rrrrs z,RefreshTokenGrant.authenticate_refresh_tokencCr2)a"Authenticate the user related to this credential. Developers MUST implement this method in subclass:: def authenticate_user(self, credential): return User.get(credential.user_id) :param refresh_token: Token object :return: user r3r5rrrr's z#RefreshTokenGrant.authenticate_usercCr2)alThe authorization server MAY revoke the old refresh token after issuing a new refresh token to the client. Developers MUST implement this method in subclass:: def revoke_old_credential(self, refresh_token): credential.revoked = True credential.save() :param refresh_token: Token object r3r5rrrr,s z'RefreshTokenGrant.revoke_old_credentialN)__name__ __module__ __qualname____doc__rr1rrr#r$r.r(rr'r,rrrrr s   (  r )r9loggingbaserrutilrerrorsrrr r getLoggerr6rr rrrrs