o
    ©D®fQ&  ã                   @   s<   d dl mZmZ d dlmZ d dlmZ G dd„ deƒZdS )é    )Ú
BaseClaimsÚ
JsonWebKey)ÚInvalidClaimError)Úis_valid_urlc                   @   sž   e Zd Zg d¢Zdd„ Zdd„ Zdd„ Zdd	„ Zd
d„ Zdd„ Z	dd„ Z
dd„ Zdd„ Zdd„ Zdd„ Zdd„ Zdd„ Zdd„ Zdd„ Zd d!„ Zd%d#d$„Zd"S )&ÚClientMetadataClaims)Úredirect_urisÚtoken_endpoint_auth_methodÚgrant_typesÚresponse_typesÚclient_nameÚ
client_uriÚlogo_uriÚscopeÚcontactsÚtos_uriÚ
policy_uriÚjwks_uriÚjwksÚsoftware_idÚsoftware_versionc                 C   s„   |   ¡  |  ¡  |  ¡  |  ¡  |  ¡  |  ¡  |  ¡  |  ¡  |  ¡  |  	¡  |  
¡  |  ¡  |  ¡  |  ¡  |  ¡  |  ¡  d S ©N)Ú_validate_essential_claimsÚvalidate_redirect_urisÚ#validate_token_endpoint_auth_methodÚvalidate_grant_typesÚvalidate_response_typesÚvalidate_client_nameÚvalidate_client_uriÚvalidate_logo_uriÚvalidate_scopeÚvalidate_contactsÚvalidate_tos_uriÚvalidate_policy_uriÚvalidate_jwks_uriÚvalidate_jwksÚvalidate_software_idÚvalidate_software_version©Úself© r)   úV/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7591/claims.pyÚvalidate   s    zClientMetadataClaims.validatec                 C   s,   |   d¡}|r|D ]
}|  d|¡ q	dS dS )a°  Array of redirection URI strings for use in redirect-based flows
        such as the authorization code and implicit flows.  As required by
        Section 2 of OAuth 2.0 [RFC6749], clients using flows with
        redirection MUST register their redirection URI values.
        Authorization servers that support dynamic registration for
        redirect-based flows MUST implement support for this metadata
        value.
        r   N)ÚgetÚ_validate_uri)r(   ÚurisÚurir)   r)   r*   r   ,   s   
	þz+ClientMetadataClaims.validate_redirect_urisc                 C   s   d| vrd| d< |   d¡ dS )z`String indicator of the requested authentication method for the
        token endpoint.
        r   Úclient_secret_basicN©Ú_validate_claim_valuer'   r)   r)   r*   r   :   s   z8ClientMetadataClaims.validate_token_endpoint_auth_methodc                 C   ó   |   d¡ dS )zeArray of OAuth 2.0 grant type strings that the client can use at
        the token endpoint.
        r	   Nr1   r'   r)   r)   r*   r   C   ó   z)ClientMetadataClaims.validate_grant_typesc                 C   r3   )ztArray of the OAuth 2.0 response type strings that the client can
        use at the authorization endpoint.
        r
   Nr1   r'   r)   r)   r*   r   I   r4   z,ClientMetadataClaims.validate_response_typesc                 C   ó   dS )a{  Human-readable string name of the client to be presented to the
        end-user during authorization.  If omitted, the authorization
        server MAY display the raw "client_id" value to the end-user
        instead.  It is RECOMMENDED that clients always send this field.
        The value of this field MAY be internationalized, as described in
        Section 2.2.
        Nr)   r'   r)   r)   r*   r   O   ó    z)ClientMetadataClaims.validate_client_namec                 C   r3   )a‰  URL string of a web page providing information about the client.
        If present, the server SHOULD display this URL to the end-user in
        a clickable fashion.  It is RECOMMENDED that clients always send
        this field.  The value of this field MUST point to a valid web
        page.  The value of this field MAY be internationalized, as
        described in Section 2.2.
        r   N©r-   r'   r)   r)   r*   r   X   ó   z(ClientMetadataClaims.validate_client_uric                 C   r3   )a7  URL string that references a logo for the client.  If present, the
        server SHOULD display this image to the end-user during approval.
        The value of this field MUST point to a valid image file.  The
        value of this field MAY be internationalized, as described in
        Section 2.2.
        r   Nr7   r'   r)   r)   r*   r   b   ó   z&ClientMetadataClaims.validate_logo_uric                 C   r3   )ab  String containing a space-separated list of scope values (as
        described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
        can use when requesting access tokens.  The semantics of values in
        this list are service specific.  If omitted, an authorization
        server MAY register a client with a default set of scopes.
        r   Nr1   r'   r)   r)   r*   r   k   r9   z#ClientMetadataClaims.validate_scopec                 C   s&   d| v rt | d tƒstdƒ‚dS dS )aF  Array of strings representing ways to contact people responsible
        for this client, typically email addresses.  The authorization
        server MAY make these contact addresses available to end-users for
        support requests for the client.  See Section 6 for information on
        Privacy Considerations.
        r   N)Ú
isinstanceÚlistr   r'   r)   r)   r*   r    t   s   ÿz&ClientMetadataClaims.validate_contactsc                 C   r3   )aï  URL string that points to a human-readable terms of service
        document for the client that describes a contractual relationship
        between the end-user and the client that the end-user accepts when
        authorizing the client.  The authorization server SHOULD display
        this URL to the end-user if it is provided.  The value of this
        field MUST point to a valid web page.  The value of this field MAY
        be internationalized, as described in Section 2.2.
        r   Nr7   r'   r)   r)   r*   r!   ~   s   	z%ClientMetadataClaims.validate_tos_uric                 C   r3   )a¶  URL string that points to a human-readable privacy policy document
        that describes how the deployment organization collects, uses,
        retains, and discloses personal data.  The authorization server
        SHOULD display this URL to the end-user if it is provided.  The
        value of this field MUST point to a valid web page.  The value of
        this field MAY be internationalized, as described in Section 2.2.
        r   Nr7   r'   r)   r)   r*   r"   ‰   r8   z(ClientMetadataClaims.validate_policy_uric                 C   r3   )aÔ  URL string referencing the client's JSON Web Key (JWK) Set
        [RFC7517] document, which contains the client's public keys.  The
        value of this field MUST point to a valid JWK Set document.  These
        keys can be used by higher-level protocols that use signing or
        encryption.  For instance, these keys might be used by some
        applications for validating signed requests made to the token
        endpoint when using JWTs for client authentication [RFC7523].  Use
        of this parameter is preferred over the "jwks" parameter, as it
        allows for easier key rotation.  The "jwks_uri" and "jwks"
        parameters MUST NOT both be present in the same request or
        response.
        r   Nr7   r'   r)   r)   r*   r#   “   s   z&ClientMetadataClaims.validate_jwks_uric                 C   sX   d| v r*d| v rt dƒ‚| d }zt |¡}|st dƒ‚W dS  ty)   t dƒ‚w dS )a+  Client's JSON Web Key Set [RFC7517] document value, which contains
        the client's public keys.  The value of this field MUST be a JSON
        object containing a valid JWK Set.  These keys can be used by
        higher-level protocols that use signing or encryption.  This
        parameter is intended to be used by clients that cannot use the
        "jwks_uri" parameter, such as native clients that cannot host
        public URLs.  The "jwks_uri" and "jwks" parameters MUST NOT both
        be present in the same request or response.
        r   r   N)r   r   Úimport_key_setÚ
ValueError)r(   r   Úkey_setr)   r)   r*   r$   £   s   

ÿÿöz"ClientMetadataClaims.validate_jwksc                 C   r5   )aÎ  A unique identifier string (e.g., a Universally Unique Identifier
        (UUID)) assigned by the client developer or software publisher
        used by registration endpoints to identify the client software to
        be dynamically registered.  Unlike "client_id", which is issued by
        the authorization server and SHOULD vary between instances, the
        "software_id" SHOULD remain the same for all instances of the
        client software.  The "software_id" SHOULD remain the same across
        multiple updates or versions of the same piece of software.  The
        value of this field is not intended to be human readable and is
        usually opaque to the client and authorization server.
        Nr)   r'   r)   r)   r*   r%   º   r6   z)ClientMetadataClaims.validate_software_idc                 C   r5   )a4  A version identifier string for the client software identified by
        "software_id".  The value of the "software_version" SHOULD change
        on any update to the client software identified by the same
        "software_id".  The value of this field is intended to be compared
        using string equality matching and no other comparison semantics
        are defined by this specification.  The value of this field is
        outside the scope of this specification, but it is not intended to
        be human readable and is usually opaque to the client and
        authorization server.  The definition of what constitutes an
        update to client software that would trigger a change to this
        value is specific to the software itself and is outside the scope
        of this specification.
        Nr)   r'   r)   r)   r*   r&   Ç   r6   z.ClientMetadataClaims.validate_software_versionNc                 C   s.   |d u r	|   |¡}|rt|ƒst|ƒ‚d S d S r   )r,   r   r   )r(   Úkeyr/   r)   r)   r*   r-   Ö   s
   
ÿz"ClientMetadataClaims._validate_urir   )Ú__name__Ú
__module__Ú__qualname__ÚREGISTERED_CLAIMSr+   r   r   r   r   r   r   r   r   r    r!   r"   r#   r$   r%   r&   r-   r)   r)   r)   r*   r      s&    		
		

r   N)Úauthlib.joser   r   Úauthlib.jose.errorsr   Úauthlib.common.urlsr   r   r)   r)   r)   r*   Ú<module>   s    