k7irSSKrSSKJr SSKJr SSKJr Sr\R"\ 5r "SS5r S r g) N)jwt) JoseError)InvalidClientErrorz6urn:ietf:params:oauth:client-assertion-type:jwt-bearercT\rSrSrSr\rSrSSjrSr Sr Sr Sr S r S rS rS rg )JWTBearerClientAssertion zUImplementation of Using JWTs for Client Authentication, which is defined by RFC7523. client_assertion_jwtc(XlX lX0lg)N) token_url _validate_jtileeway)selfr validate_jtirs W/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc7523/client.py__init__!JWTBearerClientAssertion.__init__s") c<URnURS5nURS5nU[:XaDU(a=URX5nUR XV5 UR UR 5$[RSUR5 g)Nclient_assertion_typeclient_assertionzAuthenticate via %r failed) formgetASSERTION_TYPEcreate_resolve_key_funcprocess_assertion_claimsauthenticate_clientclientlogdebugCLIENT_AUTH_METHOD)r query_clientrequestdataassertion_type assertion resolve_keys r__call__!JWTBearerClientAssertion.__call__s{||"9:HH/0 ^ + 66|MK  ) )) A++GNN; ; .0G0GHrcS[S.SS0SURS.SS0S.nUR(aSURS.US'U$)z}Create a claims_options for verify JWT payload claims. Developers MAY overwrite this method to create a more strict options. T) essentialvalidater+)r+value)isssubaudexpjti) _validate_issr r r)roptionss rcreate_claims_options.JWTBearerClientAssertion.create_claims_options'sS"&=A&!%?&     +/T=N=NOGENrc[R"XUR5S9nURURS9 U$![ a/n[ RSU5 [URS9UeSnAff=f)a)Extract JWT payload claims from request "assertion", per `Section 3.1`_. :param assertion: assertion string value in the request :param resolve_key: function to resolve the sign key :return: JWTClaims :raise: InvalidClientError .. _`Section 3.1`: https://tools.ietf.org/html/rfc7523#section-3.1 )claims_options)rzAssertion Error: %r descriptionN) rdecoder5r,rrrr rr:)rr&r'claimses rr1JWTBearerClientAssertion.process_assertion_claims7ss GZZt7Q7Q7SF OO4;;O /  G II+Q /$?Q F Gs  , ,T-D-Dg N NM FtG^G^F_`  rc^^^UUU4SjnU$)Ncn>USnT"U5nU(d [SS9eUTlTRX05$)Nr/z)The client does not exist on this server.r9)rrresolve_client_public_key)headerspayload client_idrr"r#rs rr'EJWTBearerClientAssertion.create_resolve_key_func..resolve_keyTsE I!),F( K$GN11&B Br)rr"r#r's``` rr0JWTBearerClientAssertion.create_resolve_key_funcSs Crc[5e)a&Validate if the given ``jti`` value is used before. Developers MUST implement this method:: def validate_jti(self, claims, jti): key = "jti:{}-{}".format(claims["sub"], jti) if redis.get(key): return False redis.set(key, 1, ex=3600) return True NotImplementedError)rr<r2s rr%JWTBearerClientAssertion.validate_jtics "##rc[5e)a&Resolve the client public key for verifying the JWT signature. A client may have many public keys, in this case, we can retrieve it via ``kid`` value in headers. Developers MUST implement this method:: def resolve_client_public_key(self, client, headers): return client.public_key rM)rrrFs rrE2JWTBearerClientAssertion.resolve_client_public_keyps "##r)r rr N)T<)__name__ __module__ __qualname____firstlineno____doc__rCLIENT_ASSERTION_TYPEr!rr(r5rrrrrE__static_attributes__rJrrrr s> +/I *  $$rrcUSU:H$)Nr/rJ)r<r.s rr3r3{s %=C r) logging authlib.joserauthlib.jose.errorsrrfc6749rr getLoggerrSrrr3rJrrr`s8)(I !l$l$^ r