k7i!^SSKrSSKJr SSKJr SSKJr SSKJr SSKJ r "SS\ 5r g) N)Optional)Uniongenerate_token)jwt)BearerTokenGeneratorc^\rSrSrSrSU4SjjrSrSrS\\ \ \ 44Sjr S\ \ 4Sjr S\ \4S jrS\ \ \ 4S jrS\ 4S jrS rS rU=r$)JWTBearerTokenGenerator aA JWT formatted access token generator. :param issuer: The issuer identifier. Will appear in the JWT ``iss`` claim. :param \\*\\*kwargs: Other parameters are inherited from :class:`~authlib.oauth2.rfc6750.token.BearerTokenGenerator`. This token generator can be registered into the authorization server:: class MyJWTBearerTokenGenerator(JWTBearerTokenGenerator): def get_jwks(self): ... def get_extra_claims(self, client, grant_type, user, scope): ... authorization_server.register_token_generator( "default", MyJWTBearerTokenGenerator( issuer="https://authorization-server.example.org" ), ) cR>[TU]URX45 XlX lg)N)super__init__access_token_generatorissueralg)selfrrrefresh_token_generatorexpires_generator __class__s V/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc9068/token.pyr JWTBearerTokenGenerator.__init__"s*   ' ')@  c[5e)zReturn the JWKs that will be used to sign the JWT access token. Developers MUST re-implement this method:: def get_jwks(self): return load_jwks("jwks.json") )NotImplementedError)rs rget_jwks JWTBearerTokenGenerator.get_jwks/s "##rc0$)a1Return extra claims to add in the JWT access token. Developers MAY re-implement this method to add identity claims like the ones in :ref:`specs/oidc` ID Token, or any other arbitrary claims:: def get_extra_claims(self, client, grant_type, user, scope): return generate_user_info(user, scope) rclient grant_typeuserscopes rget_extra_claims(JWTBearerTokenGenerator.get_extra_claims8s  rreturnc"UR5$)a*Return the audience for the token. By default this simply returns the client ID. Developers MAY re-implement this method to add extra audiences:: def get_audiences(self, client, user, scope): return [ client.get_client_id(), resource_server.get_id(), ] ) get_client_id)rr r"r#s r get_audiences%JWTBearerTokenGenerator.get_audiencesBs##%%rcg)ayAuthentication Context Class Reference. Returns a user-defined case sensitive string indicating the class of authentication the used performed. Token audience may refuse to give access to some resources if some ACR criteria are not met. :ref:`specs/oidc` defines one special value: ``0`` means that the user authentication did not respect `ISO29115`_ level 1, and will be refused monetary operations. Developers MAY re-implement this method:: def get_acr(self, user): if user.insecure_session(): return "0" return "urn:mace:incommon:iap:silver" .. _ISO29115: https://www.iso.org/standard/45138.html Nrrr"s rget_acrJWTBearerTokenGenerator.get_acrOs rcg)aMUser authentication time. Time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. Developers MAY re-implement this method:: def get_auth_time(self, user): return datetime.timestamp(user.get_auth_time()) Nrr,s r get_auth_time%JWTBearerTokenGenerator.get_auth_timearcg)aKAuthentication Methods References. Defined by :ref:`specs/oidc` as an option list of user-defined case-sensitive strings indication which authentication methods have been used to authenticate the user. Developers MAY re-implement this method:: def get_amr(self, user): return ["2FA"] if user.has_2fa_enabled() else [] Nrr,s rget_amrJWTBearerTokenGenerator.get_amrlr2rc[S5$)zJWT ID. Create an unique identifier for the token. Developers MAY re-implement this method:: def get_jti(self, client, grant_type, user scope): return generate_random_string(16) rrs rget_jtiJWTBearerTokenGenerator.get_jtiwsb!!rc [[R"55nXPRX5-nURUUR 5UUR XX45US.nU(aUR 5US'OUR 5US'URXU5US'URU5=n(aXS'URU5=n (aXS'URU5=n (aXS'URURXX455 URSS .n [R"U UUR!5SS 9n U R#5$) N)issexp client_idiatjtir#subFaud auth_timeacramrzat+jwt)rtyp)keycheck)inttime_get_expires_inrr(r8 get_user_idr)r0r-r4updater$rrencoderdecode) rr r!r"r#now expires_in token_datarBrCrDheader access_tokens rr.JWTBearerTokenGenerator.access_token_generators]$))+//CC ;;--/<<D@    $ 0 0 2Ju !' 4 4 6Ju  !% 2 26 GJu **40 09 0&/{ # ,,t$ $3 $ #u  ,,t$ $3 $ #u  $//DPQ(3zz     ""$$r)rr)RS256NN)__name__ __module__ __qualname____firstlineno____doc__rrr$rstrlistr)rr-rHr0r4r8r__static_attributes__ __classcell__)rs@rr r s4  $ $ &E#tCy.4I &x}$ Xc]  xS 2 "#"Y%Y%rr ) rItypingrrauthlib.common.securityr authlib.joserauthlib.oauth2.rfc6750.tokenrr rrrrcs& 2=P%2P%r