k7iSrSSKrSSKJr SSKJr SSKJr SSKJr SSKJr SS K J r S S K J r S S K J r \R"\5r"S S\ \ 5rg)zauthlib.oauth2.rfc6749.grants.refresh_token. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A special grant endpoint for refresh_token grant_type. Refreshing an Access Token per `Section 6`_. .. _`Section 6`: https://tools.ietf.org/html/rfc6749#section-6 N)InvalidGrantError)InvalidRequestError)InvalidScopeError)UnauthorizedClientError)hooked) scope_to_list) BaseGrant)TokenEndpointMixinc`\rSrSrSrSrSrSrSrSr Sr \ S 5r S r S rS rS rSrg)RefreshTokenGrantzA special grant endpoint for refresh_token grant_type. Refreshing an Access Token per `Section 6`_. .. _`Section 6`: https://tools.ietf.org/html/rfc6749#section-6 refresh_tokenFcUR5n[RSU5 URUR5(d[ SURS35eU$)NzValidate token request of %rz0The client is not authorized to use 'grant_type=')"authenticate_token_endpoint_clientlogdebugcheck_grant_type GRANT_TYPEr)selfclients e/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc6749/grants/refresh_token.py_validate_request_client*RefreshTokenGrant._validate_request_client$s\88: 0&9&&t77)B4??BSSTU  cURRRS5nUc [S5eUR U5nU(aUR U5(d [ 5eU$)Nrz#Missing 'refresh_token' in request.)requestformgetrauthenticate_refresh_token check_clientr)rrrtokens r_validate_request_token)RefreshTokenGrant._validate_request_token2s_ ))--o>  %&KL L// >E..v66#% % rc"URRRnU(dgUR5nU(d [ 5e[ [ U55nUR[ [ U555(d [ 5eg)N)rpayloadscope get_scopersetr issuperset)rr$r)original_scopes r_validate_token_scope'RefreshTokenGrant._validate_token_scope<sn $$** *#% %]>:;((]5-A)BCC#% %DrcUR5nXRlURU5nUR U5 X Rlg)afIf the authorization server issued a refresh token to the client, the client makes a refresh request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body, per Section 6: grant_type REQUIRED. Value MUST be set to "refresh_token". refresh_token REQUIRED. The refresh token issued to the client. scope OPTIONAL. The scope of the access request as described by Section 3.3. The requested scope MUST NOT include any scope not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the resource owner. For example, the client makes the following HTTP request using transport-layer security (with extra line breaks for display purposes only): .. code-block:: http POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA N)rrrr%r.r)rrrs rvalidate_token_request(RefreshTokenGrant.validate_token_requestIsED..0$ 44V<  ""=1%2 "rcnURRnURU5nU(d [S5eURRnUR X!5n[ RSXC5 X RlURU5 URU5 SX@R4$)zIf valid and authorized, the authorization server issues an access token as described in Section 5.1. If the request failed verification or is invalid, the authorization server returns an error response as described in Section 5.2. z"There is no 'user' for this token.zIssue token %r to %r) rrauthenticate_userrr issue_tokenrruser save_tokenrevoke_old_credentialTOKEN_RESPONSE_HEADER)rrr7rr$s rcreate_token_response'RefreshTokenGrant.create_token_responseqs 22 %%m4%&JK K$$  5 (%8   ""=1E5555rcURRRnU(dUR5nUR UUUR S9nU$)N)r7r)include_refresh_token)rr(r)r*generate_tokenINCLUDE_NEW_REFRESH_TOKEN)rr7rr)r$s rr6RefreshTokenGrant.issue_tokensS $$**!++-E##"&"@"@$   rc[5e)arGet token information with refresh_token string. Developers MUST implement this method in subclass:: def authenticate_refresh_token(self, refresh_token): token = Token.get(refresh_token=refresh_token) if token and not token.refresh_token_revoked: return token :param refresh_token: The refresh token issued to the client :return: token NotImplementedErrorrrs rr",RefreshTokenGrant.authenticate_refresh_tokens "##rc[5e)zAuthenticate the user related to this credential. Developers MUST implement this method in subclass:: def authenticate_user(self, credential): return User.get(credential.user_id) :param refresh_token: Token object :return: user rCrEs rr5#RefreshTokenGrant.authenticate_users "##rc[5e)a4The authorization server MAY revoke the old refresh token after issuing a new refresh token to the client. Developers MUST implement this method in subclass:: def revoke_old_credential(self, refresh_token): credential.revoked = True credential.save() :param refresh_token: Token object rCrEs rr9'RefreshTokenGrant.revoke_old_credentials "##rN)__name__ __module__ __qualname____firstlineno____doc__rr@rr%r.r1rr;r6r"r5r9__static_attributes__rKrrrrsS !J!&  &&3P 6 6(  $ $ $rr)rPloggingerrorsrrrrhooksrutilr baser r getLoggerrLrrrKrrrXsH&(&, $ !_$ #5_$r