k7iTSrSSKJr SSKJr SSKJr "SS5r"SS5rg ) zauthlib.oauth2.rfc6749.resource_protector. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Implementation of Accessing Protected Resources per `Section 7`_. .. _`Section 7`: https://tools.ietf.org/html/rfc6749#section-7 )MissingAuthorizationError)UnsupportedTokenTypeError) scope_to_listcH\rSrSrSrSrS Sjr\S5rSr Sr S r S r g) TokenValidatorzaBase token validator class. Subclass this validator to register into ResourceProtector instance. bearerNc XlX lgN)realmextra_attributes)selfr r s c/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc6749/resource_protector.py__init__TokenValidator.__init__s  0cU(dg[U5nU(dg[U5nUH/n[[U55nURU5(dM/ g g)NFT)rset issuperset) token_scopesrequired_scopesscoperesource_scopess rscope_insufficient!TokenValidator.scope_insufficientsT$\2 <( $E!-"67O&&77% rc[5e)a/A method to query token from database with the given token string. Developers MUST re-implement this method. For instance:: def authenticate_token(self, token_string): return get_token_from_database(token_string) :param token_string: A string to represent the access_token. :return: token NotImplementedError)r token_strings rauthenticate_token!TokenValidator.authenticate_token*s "##rcg)aA method to validate if the HTTP request is valid or not. Developers MUST re-implement this method. For instance, your server requires a "X-Device-Version" in the header:: def validate_request(self, request): if "X-Device-Version" not in request.headers: raise InvalidRequestError() Usually, you don't have to detect if the request is valid or not. If you have to, you MUST re-implement this method. :param request: instance of HttpRequest :raise: InvalidRequestError N)rrequests rvalidate_requestTokenValidator.validate_request6src[5e)aA method to validate if the authorized token is valid, if it has the permission on the given scopes. Developers MUST re-implement this method. e.g, check if token is expired, revoked:: def validate_token(self, token, scopes, request): if not token: raise InvalidTokenError() if token.is_expired() or token.is_revoked(): raise InvalidTokenError() if not match_token_scopes(token, scopes): raise InsufficientScopeError() r)rtokenscopesr$s rvalidate_tokenTokenValidator.validate_tokenFs "##r)r r r ) __name__ __module__ __qualname____firstlineno____doc__ TOKEN_TYPEr staticmethodrr r%r*__static_attributes__r#rrrrs6J1 $ $rrc:\rSrSrSrS\4SjrSrSrSr Sr g ) ResourceProtectorVc.0UlSUlSUlgr )_token_validators_default_realm_default_auth_type)rs rrResourceProtector.__init__Ws!#""&r validatorcUR(d"URUlURUlURUR;aXRUR'gg)ztRegister a token validator for a given Authorization type. Authlib has a built-in BearerTokenValidator per rfc6750. N)r:r r9r1r8)rr<s rregister_token_validator*ResourceProtector.register_token_validator\sT&&"+//D &/&:&:D #   t'='= =;D " "9#7#7 8 >rcURRUR55nU(d [URUR 5eU$)z;Get token validator from registry for the given token type.)r8getlowerrr:r9)r token_typer<s rget_token_validator%ResourceProtector.get_token_validatorgsJ**..z/?/?/AB +'')<)< rc8URRS5nU(d [URUR5eUR SS5n[ U5S:wa [URUR5eUupEURU5nXe4$)aParse the token and token validator from request Authorization header. Here is an example of Authorization header:: Authorization: Bearer a-token-string This method will parse this header, if it can find the validator for ``Bearer``, it will return the validator and ``a-token-string``. :return: validator, token_string :raise: MissingAuthorizationError :raise: UnsupportedTokenTypeError AuthorizationNr) headersrArr:r9splitlenrrD)rr$auth token_partsrCrr<s rparse_request_authorization-ResourceProtector.parse_request_authorizationps""?3+'')<)<  jjq) { q +'')<)< $/ ,,Z8 &&rc URU5upEURU5 URU5nUR"XaU40UD6 U$)z(Validate the request and return a token.)rNr%r r*)rr)r$kwargsr<rr(s rr%"ResourceProtector.validate_requestsM"&"B"B7"K ""7+,,\:  B6B r)r:r9r8N) r,r-r.r/rrr>rDrNr%r3r#rrr5r5Vs$' E. E'<rr5N)r0errorsrrutilrrr5r#rrrUs,.-E$E$P>>r