o Df5@slddlZddlZddlmZmZmZddlmZmZm Z e dZ ddZ dd Z d d ZGd d d ZdS)N)to_bytes to_unicodeurlsafe_b64encode)InvalidRequestErrorInvalidGrantError OAuth2Requestz^[a-zA-Z0-9\-._~]{43,128}$cCs tt|d}tt|S)z8Create S256 code_challenge with the given code_verifier.ascii)hashlibsha256rdigestrr) code_verifierdatarY/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7636/challenge.pycreate_s256_code_challenges rcCs||kSNrr code_challengerrrcompare_plain_code_challengesrcCs t||kSr)rrrrrcompare_s256_code_challenges rc@sXeZdZdZdZddgZeedZdddZ dd Z d d Z d d Z ddZ ddZdS) CodeChallengeaCodeChallenge extension to Authorization Code Grant. It is used to improve the security of Authorization Code flow for public clients by sending extra "code_challenge" and "code_verifier" to the authorization server. The AuthorizationCodeGrant SHOULD save the ``code_challenge`` and ``code_challenge_method`` into database when ``save_authorization_code``. Then register this extension via:: server.register_grant( AuthorizationCodeGrant, [CodeChallenge(required=True)] ) plainS256)rrTcCs ||_dSr)required)selfrrrr__init__8s zCodeChallenge.__init__cCs |d|j|d|jdS)N$after_validate_authorization_requestafter_validate_token_request) register_hookvalidate_code_challengevalidate_code_verifier)rgrantrrr__call__;szCodeChallenge.__call__cCsT|j}|jd}|jd}|s|sdS|std|r&||jvr(tddSdS)Nrcode_challenge_methodzMissing "code_challenge"z#Unsupported "code_challenge_method")requestrgetrSUPPORTED_CODE_CHALLENGE_METHOD)rr"r% challengemethodrrrr Es  z%CodeChallenge.validate_code_challengecCs|j}|jd}|jr|jdkr|std|j}||}|s%|s%dS|s+tdt |s4td| |}|dur@|j }|j |}|sPt d|d|||sZtdddS) Nr nonezMissing "code_verifier"zInvalid "code_verifier"zNo verify method for ""zCode challenge failed.) description)r%formr&r auth_methodrauthorization_code get_authorization_code_challengeCODE_VERIFIER_PATTERNmatch'get_authorization_code_challenge_methodDEFAULT_CODE_CHALLENGE_METHODCODE_CHALLENGE_METHODS RuntimeErrorr)rr"r%verifierr/r(r)funcrrrr!Rs*       z$CodeChallenge.validate_code_verifiercC|jS)a[Get "code_challenge" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge(self, authorization_code): return authorization_code.code_challenge :param authorization_code: the instance of authorization_code )rrr/rrrr0v z.CodeChallenge.get_authorization_code_challengecCr9)apGet "code_challenge_method" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge_method(self, authorization_code): return authorization_code.code_challenge_method :param authorization_code: the instance of authorization_code )r$r:rrrr3r;z5CodeChallenge.get_authorization_code_challenge_methodN)T)__name__ __module__ __qualname____doc__r4r'rrr5rr#r r!r0r3rrrrrs   $ r)rer authlib.common.encodingrrrrfc6749rrrcompiler1rrrrrrrrs