k7iSSKrSSKrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r \R"S 5r \R"S 5r S r S rS r"S S5rg)N)to_bytes) to_unicode)urlsafe_b64encode)InvalidGrantError)InvalidRequestError) OAuth2Requestz^[a-zA-Z0-9\-._~]{43,128}$c[R"[US55R5n[ [ U55$)z8Create S256 code_challenge with the given code_verifier.ascii)hashlibsha256rdigestrr) code_verifierdatas Z/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc7636/challenge.pycreate_s256_code_challengers1 >>(=': ; B B DD '- ..c X:H$Nrcode_challenges rcompare_plain_code_challengers   **rc[U5U:H$r)rrs rcompare_s256_code_challengers %m 4 FFrcV\rSrSrSrSrSS/r\\S.r SSjr Sr Sr S r S rS rS rg ) CodeChallenge!aCodeChallenge extension to Authorization Code Grant. It is used to improve the security of Authorization Code flow for public clients by sending extra "code_challenge" and "code_verifier" to the authorization server. The AuthorizationCodeGrant SHOULD save the ``code_challenge`` and ``code_challenge_method`` into database when ``save_authorization_code``. Then register this extension via:: server.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) plainS256)rr cXlgrrequired)selfr#s r__init__CodeChallenge.__init__8s rctURSUR5 URSUR5 g)N,after_validate_authorization_request_payloadafter_validate_token_request) register_hookvalidate_code_challengevalidate_code_verifier)r$grants r__call__CodeChallenge.__call__;s8  :  ( (   *  ' ' rcvURnURRRS5nURRRS5nU(dU(dgU(d [ S5e[ URR RS/55S:a [ S5e[RU5(d [ S5eU(aXPR;a [ S5e[ URR RS/55S:a [ S5eg) Nrcode_challenge_methodzMissing 'code_challenge'z%Multiple 'code_challenge' in request.zInvalid 'code_challenge'z#Unsupported 'code_challenge_method'z,Multiple 'code_challenge_method' in request.) requestpayloadrgetrlendatalistCODE_CHALLENGE_PATTERNmatchSUPPORTED_CODE_CHALLENGE_METHOD)r$r- redirect_urir3 challengemethods rr+%CodeChallenge.validate_code_challengeEs!&OO((,,-=> %%))*AB %&@A A w''++,PQ >77F**..v6!7xqAB BH((#0HI I)rcUR$)a3Get "code_challenge" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge(self, authorization_code): return authorization_code.code_challenge :param authorization_code: the instance of authorization_code )rr$rEs rrF.CodeChallenge.get_authorization_code_challenges"000rcUR$)aHGet "code_challenge_method" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge_method(self, authorization_code): return authorization_code.code_challenge_method :param authorization_code: the instance of authorization_code )r1rQs rrH5CodeChallenge.get_authorization_code_challenge_methods"777rr"N)T)__name__ __module__ __qualname____firstlineno____doc__rIr:rrrJr%r.r+r,rFrH__static_attributes__rrrrr!sK %,!'.&7#.+ ! V,"JH 1 8rr)r reauthlib.common.encodingrrrrfc6749rrr compilerGr8rrrrrrrr_sY ,.5')# #@A$AB/ + G r8r8r