k7iJSSKJr SSKJr SSKJr SSKJr "SS\5rg) )default_json_headers)InvalidRequestError) TokenEndpoint)UnsupportedTokenTypeErrorcF\rSrSrSrSrSrSrSrSr Sr S r S r S r g ) IntrospectionEndpointz}Implementation of introspection endpoint which is described in `RFC7662`_. .. _RFC7662: https://tools.ietf.org/html/rfc7662 introspectioncURX5 URURSURRS55nU(aUR X2U5(aU$gg)aThe protected resource calls the introspection endpoint using an HTTP ``POST`` request with parameters sent as "application/x-www-form-urlencoded" data. The protected resource sends a parameter representing the token along with optional parameters representing additional context that is known by the protected resource to aid the authorization server in its response. token **REQUIRED** The string value of the token. For access tokens, this is the ``access_token`` value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the ``refresh_token`` value returned from the token endpoint as defined in OAuth 2.0. token_type_hint **OPTIONAL** A hint about the type of the token submitted for introspection. tokentoken_type_hintN) check_params query_tokenformgetcheck_permission)selfrequestclientr s ^/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc7662/introspection.pyauthenticate_token(IntrospectionEndpoint.authenticate_tokensd& '*  LL !7<<#3#34E#F  T**5'BBLC5cURnSU;a [5eURS5nU(aX@R;a [ 5egg)Nr r)rrrSUPPORTED_TOKEN_TYPESr)rrrparamshints rr"IntrospectionEndpoint.check_params,sI & %' 'zz+, D : ::+- -;4rczURU5nURX5nURU5nSU[4$)z`Validate introspection request and create the response. :returns: (status_code, body, headers) )authenticate_endpoint_clientrcreate_introspection_payloadr)rrrr bodys rcreate_endpoint_response.IntrospectionEndpoint.create_endpoint_response5sF 227;''8007D...rcU(dSS0$UR5(dUR5(aSS0$URU5nSU;aSUS'U$)NactiveFT) is_expired is_revokedintrospect_token)rr payloads rr#2IntrospectionEndpoint.create_introspection_payloadEsa e$ $     !1!1!3!3e$ $''. 7 " $GH rc[5e)a%Check if the request has permission to introspect the token. Developers MUST implement this method:: def check_permission(self, token, client, request): # only allow a special client to introspect the token return client.client_id == "introspection_client" :return: bool NotImplementedError)rr rrs rr&IntrospectionEndpoint.check_permissionSs "##rc[5e)a2Get the token from database/storage by the given token string. Developers should implement this method:: def query_token(self, token_string, token_type_hint): if token_type_hint == "access_token": tok = Token.query_by_access_token(token_string) elif token_type_hint == "refresh_token": tok = Token.query_by_refresh_token(token_string) else: tok = Token.query_by_access_token(token_string) if not tok: tok = Token.query_by_refresh_token(token_string) return tok r/)r token_stringrs rr!IntrospectionEndpoint.query_token_s "##rc[5e)aRead given token and return its introspection metadata as a dictionary following `Section 2.2`_:: def introspect_token(self, token): return { "active": True, "client_id": token.client_id, "token_type": token.token_type, "username": get_token_username(token), "scope": token.get_scope(), "sub": get_token_user_sub(token), "aud": token.client_id, "iss": "https://server.example.com/", "exp": token.expires_at, "iat": token.issued_at, } .. _`Section 2.2`: https://tools.ietf.org/html/rfc7662#section-2.2 r/)rr s rr+&IntrospectionEndpoint.introspect_tokenps ("##rN)__name__ __module__ __qualname____firstlineno____doc__ ENDPOINT_NAMErrr%r#rrr+__static_attributes__r7rrr r s1$M4./  $$"$rr N)authlib.constsrrfc6749rrrr r7rrrAs/)#/|$M|$r