o Df@sddlZddlZddlZddlmZddlmZddlmZm Z ddl m Z m Z ddl m Z dd lmZdd lmZmZmZGd d d ZdS) N)default_json_headersgenerate_token) JsonWebToken JoseError)AccessDeniedErrorInvalidRequestError) scope_to_list)ClientMetadataClaims)InvalidClientMetadataError UnapprovedSoftwareStatementErrorInvalidSoftwareStatementErrorc@seZdZdZdZeZdZddZddZ dd Z d d Z d d Z ddZ ddZddZddZddZddZddZddZddZd d!ZdS)"ClientRegistrationEndpointzThe client registration endpoint is an OAuth 2.0 endpoint designed to allow a client to be registered with the authorization server. client_registrationNcCs ||_dSN)server)selfrrX/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7591/endpoint.py__init__ z#ClientRegistrationEndpoint.__init__cCs ||Sr)create_registration_responserrequestrrr__call__!rz#ClientRegistrationEndpoint.__call__cCsv||}|s t||_||}|}i}||||||||}|||}|r6||d|tfS)N) authenticate_tokenr credentialextract_client_metadatagenerate_client_infoupdate save_client!generate_client_registration_infor)rrtokenclient_metadata client_infobodyclientregistration_inforrrr$s       z7ClientRegistrationEndpoint.create_registration_responsec Cs|jst|j}|dd}|r!|jr!|||}|||}||i|| }z | W|St yI}zt |j d}~ww)Nsoftware_statement)datar copypop'software_statement_alg_values_supportedextract_software_statementr"get_claims_options claims_classget_server_metadatavalidaterr descriptionget_registered_claims)rr json_datar+r,optionsclaimserrorrrrr 6s        z2ClientRegistrationEndpoint.extract_client_metadatacCsF||}|s tzt|j}|||}|WSty"twr)resolve_public_keyrrr/decoderr)rr+rkeyjwtr9rrrr0Hs    z5ClientRegistrationEndpoint.extract_software_statementcs|}|siS|d|d|d|d}i}dur2tfdd}d|i|d <durFtfd d }d|i|d <durZtfd d}d|i|d<|durdd|i|d<|S)zFGenerate claims options validation from Authorization Server metadata.scopes_supportedresponse_types_supportedgrant_types_supported%token_endpoint_auth_methods_supportedNcs|sdStt|}|S)NT)setr issuperset)r9valuescopes)r?rr_validate_scopecs  zFClientRegistrationEndpoint.get_claims_options.._validate_scoper4scopec|rt|ndh}|S)NcoderCrD)r9rEresponse_types)r@rr_validate_response_typesn zOClientRegistrationEndpoint.get_claims_options.._validate_response_typesrLcrI)Nauthorization_coderK)r9rE grant_types)rArr_validate_grant_typesyrNzLClientRegistrationEndpoint.get_claims_options.._validate_grant_typesrPvaluestoken_endpoint_auth_method)r3getrC)rmetadataauth_methods_supportedr8rGrMrQr)rAr@r?rr1Us.           z-ClientRegistrationEndpoint.get_claims_optionscCs0|}|}tt}d}t||||dS)Nr) client_id client_secretclient_id_issued_atclient_secret_expires_at)generate_client_idgenerate_client_secretinttimedict)rrWrXrYrZrrrr!s z/ClientRegistrationEndpoint.generate_client_infocCsdS)zGenerate ```registration_client_uri`` and ``registration_access_token`` for RFC7592. This method returns ``None`` by default. Developers MAY rewrite this method to return registration information.Nr)rr)rrrrr$szs