o Df&@s~ddlmZddlmZddlmZddlmZddlmZddlm Z ddlm Z dd lm Z dd l m Z Gd d d Zd S))default_json_headers) JoseError)ClientMetadataClaims) scope_to_list)AccessDeniedError)InvalidClientError)InvalidRequestError)UnauthorizedClientError)InvalidClientMetadataErrorc@seZdZdZeZddZddZddZdd Z d d Z d d Z ddZ ddZ ddZddZddZddZddZddZddZd d!Zd"d#Zd$d%Zd&S)'ClientConfigurationEndpointclient_configurationcCs ||_dSN)server)selfrrX/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7592/endpoint.py__init__ z$ClientConfigurationEndpoint.__init__cCs ||Sr)create_configuration_responserrequestrrr__call__rz$ClientConfigurationEndpoint.__call__cCs||}|s t||_||}|s|||tdd|||s*tdd||_|j dkr8| ||S|j dkrC| ||S|j dkrN| ||SdS)Ni) status_codeiGETDELETEPUT) authenticate_tokenr credentialauthenticate_clientrevoke_access_tokenrcheck_permissionr clientmethodcreate_read_client_responsecreate_delete_client_responsecreate_update_client_response)rrtokenr"rrrrs$            z9ClientConfigurationEndpoint.create_configuration_responsecCs |j|Sr)rcreate_json_requestrrrrcreate_endpoint_request7s z3ClientConfigurationEndpoint.create_endpoint_requestcCs&||}||||d|tfS)N)introspect_clientupdate!generate_client_registration_infor)rr"rbodyrrrr$:s  z7ClientConfigurationEndpoint.create_read_client_responsecCs|||ddg}dd|fS)N)z Cache-Controlzno-store)Pragmazno-cache) delete_client)rr"rheadersrrrr%?s  z9ClientConfigurationEndpoint.create_delete_client_responsecCsd}|D] }||jvrtq|jd}|st||kr#td|jvr3||jds3t||}||||}|||S)N)registration_access_tokenregistration_client_uriclient_secret_expires_atclient_id_issued_at client_id client_secret)datar get get_client_idcheck_client_secretextract_client_metadata update_clientr$)rr"rmust_not_includekr8client_metadatarrrr&Gs       z9ClientConfigurationEndpoint.create_update_client_responsec Cs\|j}|}||i||}z |W| Sty-}zt|jd}~wwr) r:copyget_claims_options claims_classget_server_metadatavalidaterr descriptionget_registered_claims)rr json_dataoptionsclaimserrorrrrr>gs   z3ClientConfigurationEndpoint.extract_client_metadatacs|}|siS|d|d|d|d}i}dur2tfdd}d|i|d<durFtfd d }d|i|d <durZtfd d }d|i|d<|durdd|i|d<|S)Nscopes_supportedresponse_types_supportedgrant_types_supported%token_endpoint_auth_methods_supportedcs|sdStt|}|S)NT)setr issuperset)rLvaluescopes)rNrr_validate_scopes  zGClientConfigurationEndpoint.get_claims_options.._validate_scoperGscopect|SrrSrRrLrT)rOrr_validate_response_typeszPClientConfigurationEndpoint.get_claims_options.._validate_response_typesresponse_typescrXrrYrZ)rPrr_validate_grant_typesr\zMClientConfigurationEndpoint.get_claims_options.._validate_grant_types grant_typesvaluestoken_endpoint_auth_method)rFr;rR)rmetadataauth_methods_supportedrKrVr[r^r)rPrOrNrrDrs.           z.ClientConfigurationEndpoint.get_claims_optionscCsi|j|jSr) client_inforB)rr"rrrr+sz-ClientConfigurationEndpoint.introspect_clientcCt)aGenerate ```registration_client_uri`` and ``registration_access_token`` for RFC7592. By default this method returns the values sent in the current request. Developers MUST rewrite this method to return different registration information.:: def generate_client_registration_info(self, client, request):{ access_token = request.headers['Authorization'].split(' ')[1] return { 'registration_client_uri': request.uri, 'registration_access_token': access_token, } :param client: the instance of OAuth client :param request: formatted request instance NotImplementedErrorrr"rrrrr-sz=ClientConfigurationEndpoint.generate_client_registration_infocCre)aLAuthenticate current credential who is requesting to register a client. Developers MUST implement this method in subclass:: def authenticate_token(self, request): auth = request.headers.get('Authorization') return get_token_by_auth(auth) :return: token instance rfrrrrr z.ClientConfigurationEndpoint.authenticate_tokencCre)a4Read a client from the request payload. Developers MUST implement this method in subclass:: def authenticate_client(self, request): client_id = request.data.get('client_id') return Client.get(client_id=client_id) :return: client instance rfrrrrrriz/ClientConfigurationEndpoint.authenticate_clientcCre)aRevoke a token access in case an invalid client has been requested. Developers MUST implement this method in subclass:: def revoke_access_token(self, token, request): token.revoked = True token.save() rf)rr'rrrrr  z/ClientConfigurationEndpoint.revoke_access_tokencCre)a Checks wether the current client is allowed to be accessed, edited or deleted. Developers MUST implement it in subclass, e.g.:: def check_permission(self, client, request): return client.editable :return: boolean rfrhrrrr!rjz,ClientConfigurationEndpoint.check_permissioncCre)a2Delete authorization code from database or cache. Developers MUST implement it in subclass, e.g.:: def delete_client(self, client, request): client.delete() :param client: the instance of OAuth client :param request: formatted request instance rfrhrrrr2riz)ClientConfigurationEndpoint.delete_clientcCre)aUpdate the client in the database. Developers MUST implement this method in subclass:: def update_client(self, client, client_metadata, request): client.set_client_metadata({**client.client_metadata, **client_metadata}) client.save() return client :param client: the instance of OAuth client :param client_metadata: a dict of the client claims to update :param request: formatted request instance :return: client instance rf)rr"rBrrrrr?sz)ClientConfigurationEndpoint.update_clientcCre)zeReturn server metadata which includes supported grant types, response types and etc. rf)rrrrrFsz/ClientConfigurationEndpoint.get_server_metadataN)__name__ __module__ __qualname__ ENDPOINT_NAMErrErrrr)r$r%r&r>rDr+r-rrr r!r2r?rFrrrrr s*  *     r N)authlib.constsr authlib.joserrfc7591.claimsrrfc6749rrrr r rfc7591r r rrrrs