o ©D®fÃã@sFddlmZddlmZddlmZGdd„dƒZdd„Zdd „Zd S) é)Údefault_json_headers©Úgenerate_token)Úadd_params_to_uric@speZdZdZdZgd¢ZdZdZdZdd„Z d d „Z d d „Z d d„Z dd„Z dd„Zdd„Zdd„Zdd„ZdS)ÚDeviceAuthorizationEndpointaY This OAuth 2.0 [RFC6749] protocol extension enables OAuth clients to request user authorization from applications on devices that have limited input capabilities or lack a suitable browser. Such devices include smart TVs, media consoles, picture frames, and printers, which lack an easy input method or a suitable browser required for traditional OAuth interactions. Here is the authorization flow:: +----------+ +----------------+ | |>---(A)-- Client Identifier --->| | | | | | | |<---(B)-- Device Code, ---<| | | | User Code, | | | Device | & Verification URI | | | Client | | | | | [polling] | | | |>---(E)-- Device Code --->| | | | & Client Identifier | | | | | Authorization | | |<---(F)-- Access Token ---<| Server | +----------+ (& Optional Refresh Token) | | v | | : | | (C) User Code & Verification URI | | : | | v | | +----------+ | | | End User | | | | at |<---(D)-- End user reviews --->| | | Browser | authorization request | | +----------+ +----------------+ This DeviceAuthorizationEndpoint is the implementation of step (A) and (B). (A) The client requests access from the authorization server and includes its client identifier in the request. (B) The authorization server issues a device code and an end-user code and provides the end-user verification URI. Údevice_authorization)Úclient_secret_basicÚclient_secret_postÚnoneÚstringiécCs ||_dS©N)Úserver)Úselfr©rúX/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc8628/endpoint.pyÚ__init__<s z$DeviceAuthorizationEndpoint.__init__cCs | |¡Sr )Úcreate_endpoint_response©rÚrequestrrrÚ__call__?s z$DeviceAuthorizationEndpoint.__call__cCs |j |¡Sr )rÚcreate_oauth2_requestrrrrÚcreate_endpoint_requestDs z3DeviceAuthorizationEndpoint.create_endpoint_requestcCs|j ||j|j¡}||_|S)a—client_id is REQUIRED **if the client is not** authenticating with the authorization server as described in Section 3.2.1. of [RFC6749]. This means the endpoint support "none" authentication method. In this case, this endpoint's auth methods are: - client_secret_basic - client_secret_post - none Developers change the value of ``CLIENT_AUTH_METHODS`` in subclass. For instance:: class MyDeviceAuthorizationEndpoint(DeviceAuthorizationEndpoint): # only support ``client_secret_basic`` auth method CLIENT_AUTH_METHODS = ['client_secret_basic'] )rÚauthenticate_clientÚCLIENT_AUTH_METHODSÚ ENDPOINT_NAMEÚclient)rrrrrrrGs  ÿz/DeviceAuthorizationEndpoint.authenticate_clientcCsr| |¡|j |j¡| ¡}| ¡}| ¡}t|d|fgƒ}|||||j|j dœ}|  |j |j|¡d|t fS)NÚ user_code)Ú device_coderÚverification_uriÚverification_uri_completeÚ expires_inÚintervaléÈ) rrÚvalidate_requested_scopeÚscopeÚgenerate_device_codeÚgenerate_user_codeÚget_verification_urirÚ EXPIRES_INÚINTERVALÚsave_device_credentialÚ client_idr)rrrrrr Údatarrrr^s"  ÿú z4DeviceAuthorizationEndpoint.create_endpoint_responsecCs|jdkrtƒStƒS)zåA method to generate ``user_code`` value for device authorization endpoint. This method will generate a random string like MQNA-JPOZ. Developers can rewrite this method to create their own ``user_code``. Údigital)ÚUSER_CODE_TYPEÚcreate_digital_user_codeÚcreate_string_user_code©rrrrr'vs z.DeviceAuthorizationEndpoint.generate_user_codecCstdƒS)zêA method to generate ``device_code`` value for device authorization endpoint. This method will generate a random string of 42 characters. Developers can rewrite this method to create their own ``device_code``. é*rr2rrrr&€sz0DeviceAuthorizationEndpoint.generate_device_codecCótƒ‚)zìDefine the ``verification_uri`` of device authorization endpoint. Developers MUST implement this method in subclass:: def get_verification_uri(self): return 'https://your-company.com/active' ©ÚNotImplementedErrorr2rrrr(‡sz0DeviceAuthorizationEndpoint.get_verification_uricCr4)avSave device token into database for later use. Developers MUST implement this method in subclass:: def save_device_credential(self, client_id, scope, data): item = DeviceCredential( client_id=client_id, scope=scope, **data ) item.save() r5)rr,r%r-rrrr+s z2DeviceAuthorizationEndpoint.save_device_credentialN)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrr/r)r*rrrrrr'r&r(r+rrrrrs (  rcCsd}d td|ƒtd|ƒg¡S)NÚBCDFGHJKLMNPQRSTVWXZú-é©Újoinr©Úbaserrrr1Ÿsr1cCs&d}d td|ƒtd|ƒtd|ƒg¡S)NÚ 0123456789r<ér>r@rrrr0¤s ýr0N) Úauthlib.constsrÚauthlib.common.securityrÚauthlib.common.urlsrrr1r0rrrrÚs