k7i/VSSKJr SSKJr SSKJr SSKJr SSKJr "SS\5r g ) ) is_valid_url) BaseClaims) JsonWebKey)InvalidClaimError) scope_to_listc\rSrSr/SQrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrSSjr\S5rSrg)ClientMetadataClaims ) redirect_uristoken_endpoint_auth_method grant_typesresponse_types client_name client_urilogo_uriscopecontactstos_uri policy_urijwks_urijwks software_idsoftware_versioncUR5 UR5 UR5 UR5 UR 5 UR 5 UR 5 UR5 UR5 UR5 UR5 UR5 UR5 UR5 UR5 UR5 gN)_validate_essential_claimsvalidate_redirect_uris#validate_token_endpoint_auth_methodvalidate_grant_typesvalidate_response_typesvalidate_client_namevalidate_client_urivalidate_logo_urivalidate_scopevalidate_contactsvalidate_tos_urivalidate_policy_urivalidate_jwks_uri validate_jwksvalidate_software_idvalidate_software_versionselfs W/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc7591/claims.pyvalidateClientMetadataClaims.validates '') ##% 002 !!# $$& !!#   "         "    !!# &&(clURS5nU(aUHnURSU5 M gg)axArray of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows. As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value. r N)get _validate_uri)r.urisuris r/r+ClientMetadataClaims.validate_redirect_uris/s4xx( ""?C8 r2c<SU;aSUS'URS5 g)zPString indicator of the requested authentication method for the token endpoint. r client_secret_basicN_validate_claim_valuer-s r/r8ClientMetadataClaims.validate_token_endpoint_auth_method=s& (t 31FD- . ""#?@r2c&URS5 g)zUArray of OAuth 2.0 grant type strings that the client can use at the token endpoint. rNr;r-s r/r )ClientMetadataClaims.validate_grant_typesFs ""=1r2c&URS5 g)zdArray of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. rNr;r-s r/r!,ClientMetadataClaims.validate_response_typesLs ""#34r2cg)aKHuman-readable string name of the client to be presented to the end-user during authorization. If omitted, the authorization server MAY display the raw "client_id" value to the end-user instead. It is RECOMMENDED that clients always send this field. The value of this field MAY be internationalized, as described in Section 2.2. Nr-s r/r")ClientMetadataClaims.validate_client_nameRr2c&URS5 g)aYURL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. It is RECOMMENDED that clients always send this field. The value of this field MUST point to a valid web page. The value of this field MAY be internationalized, as described in Section 2.2. rNr5r-s r/r#(ClientMetadataClaims.validate_client_uri[ <(r2c&URS5 g)aURL string that references a logo for the client. If present, the server SHOULD display this image to the end-user during approval. The value of this field MUST point to a valid image file. The value of this field MAY be internationalized, as described in Section 2.2. rNrGr-s r/r$&ClientMetadataClaims.validate_logo_uries :&r2c&URS5 g)a:String containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. The semantics of values in this list are service specific. If omitted, an authorization server MAY register a client with a default set of scopes. rNr;r-s r/r%#ClientMetadataClaims.validate_scopens ""7+r2cXSU;a$[US[5(d [S5egg)aArray of strings representing ways to contact people responsible for this client, typically email addresses. The authorization server MAY make these contact addresses available to end-users for support requests for the client. See Section 6 for information on Privacy Considerations. rN) isinstancelistrr-s r/r&&ClientMetadataClaims.validate_contactsws1  jj1A4&H&H#J/ /'I r2c&URS5 g)aURL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. The authorization server SHOULD display this URL to the end-user if it is provided. The value of this field MUST point to a valid web page. The value of this field MAY be internationalized, as described in Section 2.2. rNrGr-s r/r'%ClientMetadataClaims.validate_tos_uris 9%r2c&URS5 g)aURL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data. The authorization server SHOULD display this URL to the end-user if it is provided. The value of this field MUST point to a valid web page. The value of this field MAY be internationalized, as described in Section 2.2. rNrGr-s r/r((ClientMetadataClaims.validate_policy_urirIr2c&URS5 g)a|URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys. The value of this field MUST point to a valid JWK Set document. These keys can be used by higher-level protocols that use signing or encryption. For instance, these keys might be used by some applications for validating signed requests made to the token endpoint when using JWTs for client authentication [RFC7523]. Use of this parameter is preferred over the "jwks" parameter, as it allows for easier key rotation. The "jwks_uri" and "jwks" parameters MUST NOT both be present in the same request or response. rNrGr-s r/r)&ClientMetadataClaims.validate_jwks_uris :&r2cSU;a@SU;a [S5eUSn[R"U5nU(d [S5egg![an[S5UeSnAff=f)aClient's JSON Web Key Set [RFC7517] document value, which contains the client's public keys. The value of this field MUST be a JSON object containing a valid JWK Set. These keys can be used by higher-level protocols that use signing or encryption. This parameter is intended to be used by clients that cannot use the "jwks_uri" parameter, such as native clients that cannot host public URLs. The "jwks_uri" and "jwks" parameters MUST NOT both be present in the same request or response. rrN)rrimport_key_set ValueError)r.rkey_setexcs r/r*"ClientMetadataClaims.validate_jwksss T>T!'//U(dg[[U55nTRU5$)NT)setr issuperset)claimsvaluescopesrgs r/_validate_scope@ClientMetadataClaims.get_claims_options.._validate_scopes)]512'226::r2r0rc>U(a*UVs/sHn[UR55PM snOS1/n[U4SjU55$s snf)Ncodec3.># UH nUT;v M g7frrC).0 response_typerhs r/ \ClientMetadataClaims.get_claims_options.._validate_response_types..s)7 "%==)7s)rlsplitall)rnroitemsrrhs r/_validate_response_typesIClientMetadataClaims.get_claims_options.._validate_response_typessR@EU;UES'U;F8*)7U(a [U5OS1nTRU5$)Nauthorization_code)rlrm)rnrorris r/_validate_grant_typesFClientMetadataClaims.get_claims_options.._validate_grant_typess'-2c%j8L7M ,77 DDr2rvaluesr )r4rlrz) clsmetadataauth_methods_supportedoptionsrqr|r}rrirhrgs @@@r/get_claims_options'ClientMetadataClaims.get_claims_optionss$<<(:;#+<<0J#K ( -D E!).U!V  '"#34  ; !+O ! E '12G%HGM " ! -5=?U4VG0 1?(s,#CrCr)__name__ __module__ __qualname____firstlineno__REGISTERED_CLAIMSr0rrr r!r"r#r$r%r&r'r(r)r*r+r,r5 classmethodr__static_attributes__rCr2r/r r st$)$ 9A2 5  )',0 &)' 9.    ) 22r2r N) authlib.common.urlsr authlib.joserrauthlib.jose.errorsrrfc6749rr rCr2r/rs",##1#I:Ir2