k7iISSKJr SSKJr SSKJr SSKJr SSKJr SSK J r SSK J r SS K J r SS K J r SS KJr SS KJr S SS.r"SS5rSrg))generate_token) url_decode) ClientAuth) TokenAuth) OAuth2Error)!parse_authorization_code_response)parse_implicit_response)prepare_grant_uri)prepare_token_request)prepare_revoke_token_request)create_s256_code_challengezapplication/jsonz/application/x-www-form-urlencoded;charset=UTF-8)Acceptz Content-TypecL\rSrSrSr\r\r\ r Sr /r SSjr SrSr\S5r\R$S 5rSS jrSS jrSS jrSS jrSSjrS SjrS SjrSrSrS!SjrS"SjrS SjrSrSr S#Sjr!Sr"Sr#g)$ OAuth2ClientaConstruct a new OAuth 2 protocol client. :param session: Requests session object to communicate with authorization server. :param client_id: Client ID, which you get from client registration. :param client_secret: Client Secret, which you get from registration. :param token_endpoint_auth_method: client authentication method for token endpoint. :param revocation_endpoint_auth_method: client authentication method for revocation endpoint. :param scope: Scope that you needed to access user resources. :param state: Shared secret to prevent CSRF attack. :param redirect_uri: Redirect URI you registered as callback. :param code_challenge_method: PKCE method name, only S256 is supported. :param token: A dict of token attributes such as ``access_token``, ``token_type`` and ``expires_at``. :param token_placement: The place to put token in HTTP request. Available values: "header", "body", "uri". :param update_token: A function for you to update token. It accept a :class:`OAuth2Token` as parameter. :param leeway: Time window in seconds before the actual expiration of the authentication token, that the token is considered expired and will be refreshed. ) response_modenonceprompt login_hintNc XlX lX0lXplUc U(aSnOSnX@lUc U(aSnOSnXPlX`lXlXlURXU5Ul Xl URSS5nU(a [S5eXl[5[5[5[5[5S.Ul0UlXlg)Nclient_secret_basicnone token_updaterz " & "jjF7O '**f4'A-'PF# $.2.H.HF* +,,A1 #5 MM!, -  nn'    zr9c @U=(d URnURSS5n U (aSU ;aURX5$URU5n U (aSU ;aSn[ U US9n U SUS'UcUR R S5nUc[U5nX`R S'UR"X&40UD6nUcURUR5nUc[nUcUR R S 5nUR"U4X%X4S .U D6$) a;Generic method for fetching an access token from the token endpoint. :param url: Access Token endpoint URL, if not configured, ``authorization_response`` is used to extract token from its fragment (implicit way). :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param method: The HTTP method used to make the request. Defaults to POST, but may also be GET. Other methods should be added as needed. :param headers: Dict to default request headers with. :param auth: An auth tuple or method as accepted by requests. :param grant_type: Use specified grant_type to fetch token. :param state: Optional "state" value to fetch token. :return: A :class:`OAuth2Token` object (a dict too). authorization_responseN#zcode=authorization_code)r#rO grant_typetoken_endpoint)bodyr>methodheaders) r#r,token_from_fragment_extract_session_request_paramsr r.rR_guess_grant_type_prepare_token_endpoint_bodyrEr$DEFAULT_HEADERS _fetch_token) r3rTrarbrcr>r_r#rVr\session_kwargsparamss r6 fetch_tokenOAuth2Client.fetch_tokens26#!',Dd!K !c-C&C++,BJ J==fE !g1G&G-J6&F$F^F6N  **<8J  *62J*4MM, '00LVL <##D$C$CDD ?%G ;--##$45C   f IW  r9cx[X5nSU;a"URUSURS5S9eX0lU$)Nerrorerror_descriptionro description)r oauth_error_classrRr4)r3r\r#r4s r6rd OAuth2Client.token_from_fragmentsL'(>F e ((Gn%))) rer4rRr&r rhcopyr.r0rEr$_refresh_token) r3rTrvrar>rcrVrjhooks r6rvOAuth2Client.refresh_tokens ==fE%H)H & TZZ"jjF7O$ T 1> BH  ?%**,G ;--##$45C(()@AD!%cD!9 C$B <##D$C$CDD""  '     r9cUc URnURURS9(dgURS5nURRS5nU(aU(aUR X2S9 gURRS5S:Xa6USnUR USS 9nUR(aURXTS 9 gg) N)r2Trvr`rvr_client_credentials access_token)r_)r~)r4 is_expiredr2rRr.rvrlr+)r3r4rvrTr~ new_tokens r6ensure_active_token OAuth2Client.ensure_active_token-s =JJEt{{3 /2 mm 01 S   s  @ ]]  | ,0D D 0L((9M(NI  !!)!G Er9c rUcURUR5nUR"SU4UUUUUS.UD6$)a^Revoke token method defined via `RFC7009`_. :param url: Revoke Token endpoint, must be HTTPS. :param token: The token to be revoked. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Revocation Response .. _`RFC7009`: https://tools.ietf.org/html/rfc7009 rr4token_type_hintrar>rc)rEr%_handle_token_hintr3rTr4rrar>rcrVs r6 revoke_tokenOAuth2Client.revoke_token>sX0 <##D$H$HID&& "   +    r9c rUcURUR5nUR"SU4UUUUUS.UD6$)aImplementation of OAuth 2.0 Token Introspection defined via `RFC7662`_. :param url: Introspection Endpoint, must be HTTPS. :param token: The token to be introspected. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Introspection Response .. _`RFC7662`: https://tools.ietf.org/html/rfc7662 rr)rEr$rrs r6introspect_tokenOAuth2Client.introspect_tokencsX0 <##D$C$CDD&& &   +    r9cUS:Xa&URRRU5 gXR;a[ SXR5eURURU5 g)aRegister a hook for request/response tweaking. Available hooks are: * access_token_response: invoked before token parsing. * refresh_token_request: invoked before refreshing token. * refresh_token_response: invoked before refresh token parsing. * protected_request: invoked before making a request. * revoke_token_request: invoked before revoking a token. * introspect_token_request: invoked before introspecting a token. protected_requestNzHook type %s is not in %s.)r*hooksaddr0r-)r3 hook_typerys r6register_compliance_hook%OAuth2Client.register_compliance_hooksg + + OO ! ! % %d +  00 0,i9M9M  Y'++D1r9cURS:aUR5 UR5nSU;a"URUSUR S5S9eX lUR $)Nirorprq) status_coderaise_for_statusjsonrsrRr4)r3respr4s r6parse_response_token!OAuth2Client.parse_response_tokensk   s "  ! ! #  e ((Gn%))?&)rcr>r) upperr postdictrjoinrequestr0r) r3rTrarcr>rbrVrrys r6riOAuth2Client._fetch_tokens <<>V #<<$$z$/0'PVDczhh{+hh{+<<''%,;AD(()@AD:DB((..r9c 4UR"U4X5US.UD6nURSH nU"U5nM URU5n SU ;aX RS'[ UR 5(aUR URUS9 UR$)N)rar>rcrrvr|) _http_postr0rr4callabler+) r3rTrvrarcr>rVrryr4s r6rxOAuth2Client._refresh_tokenssT'TVT(()ABD:DC))$/ % '*7JJ ' D%% & &   djj  Fzzr9c UcNUR(a=URRS5=(d URRS5nUcSn[X4XW5upWURUHn U "X'U5up'nM UcUR UR 5nUR U5n UR"X%4XgS.U D6$)Nrvr~)r>rc)r4rRr r0rEr%rer) r3ryrTr4rrar>rcrVr0rjs r6rOAuth2Client._handle_token_hints =TZZJJNN?3Utzz~~n7UE <D4 D  $33D9O!0t!D C$ : <##D$H$HID==fEsWtWWWr9c US:Xa!SU;aURUS'[X!40UD6$SU;a UR(aURUS'[X!40UD6$)Nr^r'r&)r'r r&)r3rar_rVs r6rg)OAuth2Client._prepare_token_endpoint_bodys^ - -V+)-):):~&(DVD D & TZZ"jjF7O$Z@@@r9cd0nURHnX1;dM URU5X#'M U$)zDExtract parameters for session object from the passing ``**kwargs``.)SESSION_REQUEST_PARAMSr,)r3rVrvrWs r6re,OAuth2Client._extract_session_request_paramss2 ,,A{ 1 - r9c fURR"U4[[U55XCS.UD6$)Nr)r rrr)r3rTrar>rcrVs r6rOAuth2Client._http_posts8||   :d+,g LR  r9cU?grH)r rIs r6__del__OAuth2Client.__del__s Lr9)r1r!r"r(r0r2r.r'r%r&r r#r4r*r$r+) NNNNNNNNNheaderN<)NN)NrrNNNNrH)NNrNN)NNNNN)rNNr)NrNN)NNN)$__name__ __module__ __qualname____firstlineno____doc__rrDrr)rrsrSrr7r?rEpropertyr4setterrYrlrdrvrrrrrrirxrrgrerr__static_attributes__r9r6rrs>2# #O #'(," >@1 %% \\))'V   ? BIM( T(  # P  # J2, =C/,DH*  X<A r9rc>SU;aSnU$SU;a SU;aSnU$SnU$)NrOr^usernamepasswordr}r)rVr_s r6rfrf sB )  v *"6  * r9N)authlib.common.securityrauthlib.common.urlsrr>rrbaserrfc6749.parametersr r r r rfc7009r rfc7636rrhrrfrr9r6rsG2*A7151/!E rrjr9