ó æk7i€)ãó¨•SSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SS K J r S S K Jr S S K Jr S S K Jr S SK Jr "SS5rg)é)Újwt)Ú JoseErroré)ÚAuthorizationServer)Ú ClientMixin)ÚInvalidRequestError)Ú_validate_client)ÚBasicOAuth2Payload)Ú OAuth2Requesté)ÚInvalidRequestObjectError)ÚInvalidRequestUriError)ÚRequestNotSupportedError)ÚRequestUriNotSupportedErrorcóÌ•\rSrSrSrSS\S\4SjjrS\4SjrS\S\ 4S jr S\S\ S \ S \4S jr S\S\ S \ 4S jrS \ S\ 4SjrS\ 4SjrS \ 4SjrS \4SjrS \ S \4SjrSrg)ÚJWTAuthenticationRequestéa©Authorization server extension implementing the support for JWT secured authentication request, as defined in :rfc:`RFC9101 <9101>`. :param support_request: Whether to enable support for the ``request`` parameter. :param support_request_uri: Whether to enable support for the ``request_uri`` parameter. This extension is intended to be inherited and registered into the authorization server:: class JWTAuthenticationRequest(rfc9101.JWTAuthenticationRequest): def resolve_client_public_key(self, client: ClientMixin): return get_jwks_for_client(client) def get_request_object(self, request_uri: str): try: return requests.get(request_uri).text except requests.Exception: return None def get_server_metadata(self): return { "issuer": ..., "authorization_endpoint": ..., "require_signed_request_object": ..., } def get_client_require_signed_request_object(self, client: ClientMixin): return client.require_signed_request_object authorization_server.register_extension(JWTAuthenticationRequest()) Úsupport_requestÚsupport_request_uricó•XlX lg©N©rr)Úselfrrs Úe/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc9101/authorization_server.pyÚ__init__Ú!JWTAuthenticationRequest.__init__1s€Ø.ÔØ#6Õ óÚauthorization_servercó<•URSUR5 g)NÚbefore_get_authorization_grant)Ú register_hookÚparse_authorization_request)rrs rÚ__call__Ú!JWTAuthenticationRequest.__call__5s€Ø×*Ñ*Ø ,¨d×.NÑ.Nõ rÚrequestcóð•[URURR5nUR XU5(dgUR X5nUR X#U5n[U5nXblgr)r Ú query_clientÚpayloadÚ client_idÚ"_shoud_proceed_with_request_objectÚ_get_raw_request_objectÚ_decode_request_objectr )rrr%ÚclientÚraw_request_objectÚrequest_objectr(s rr"Ú4JWTAuthenticationRequest.parse_authorization_request:s{€ô"Ø × -Ñ -¨w¯©×/HÑ/Hó ˆð×6Ñ6Ø ¨6÷ ñ ð à!×9Ñ9Ð:NÓXÐØ×4Ñ4Ø Ð/ó ˆô% ^Ó4ˆØ!rr-ÚreturncóÌ•SURR;a8SURR;a[SURRS9eSURR;a/UR(d[ URRS9egSURR;a/UR (d[URRS9egURU5(a[SURRS9eUR5nU(a5URSS5(a[S URRS9eg) Nr%Ú request_urizBThe 'request' and 'request_uri' parameters are mutually exclusive.©ÚstateTúGAuthorization requests for this client must use signed request objects.Úrequire_signed_request_objectFúGAuthorization requests for this server must use signed request objects.) r(Údatarr5rrrrÚ(get_client_require_signed_request_objectÚget_server_metadataÚget)rrr%r-Úmetadatas rr*Ú;JWTAuthenticationRequest._shoud_proceed_with_request_objectLs"€ð ˜Ÿ™×,Ñ,Ó ,°À'Ç/Á/×BVÑBVÓ1VÜ%ØTØ—o‘o×+Ñ+ñð 𠘟™×,Ñ,Ó ,Ø×'×'Ü.°W·_±_×5JÑ5JÑKÐKØà ˜GŸO™O×0Ñ0Ó 0Ø×+×+Ü1¸¿¹×8MÑ8MÑNÐNØð × 8Ñ 8¸× @Ñ @Ü%ØYØ—o‘o×+Ñ+ñð ð×+Ñ+Ó-ˆÞ ˜Ÿ ™ Ð%DÀe×LÑLÜ%ØYØ—o‘o×+Ñ+ñð ð rcó •SURR;aOURURRS5nU(d[URRS9eU$URRSnU$)Nr3r4r%)r(r9Úget_request_objectrr5)rrr%r.s rr+Ú0JWTAuthenticationRequest._get_raw_request_objectws}€ð ˜GŸO™O×0Ñ0Ó 0Ø!%×!8Ñ!8Ø—‘×$Ñ$ ]Ñ3ó"Ð ö&Ü,°7·?±?×3HÑ3HÑIÐIð&ð "Ð!ð")§¡×!5Ñ!5°iÑ!@Ð à!Ð!rr.có0•URU5n[R"X45nUR5 URU5(a1URSS:Xa[SURRS9eUR5nU(aHURSS5(a1URSS:Xa[SURRS9eUS URR:wa[S URRS9eS U;dS U;a[S URRS9eU$![aEn[ UR =(d [ R URRS9UeSnAff=f)N)Ú descriptionr5ÚalgÚnoner6r4r7Fr8r)z\The 'client_id' claim from the request parameters and the request object claims don't match.r%r3zVThe 'request' and 'request_uri' parameters must not be included in the request object.)Úresolve_client_public_keyrÚdecodeÚvalidaterr rCr(r5r:Úheaderrr;r<r))rr%r-r.Újwksr/Úerrorr=s rr,Ú/JWTAuthenticationRequest._decode_request_object†s€ð×-Ñ-¨fÓ5ˆð Ü ŸZšZÐ(:ÓAˆNØ × #Ñ #Ô %ð × 9Ñ 9¸&× AÑ AØ×%Ñ% eÑ,°Ó6ä%ØYØ—o‘o×+Ñ+ñð ð×+Ñ+Ó-ˆæ Ø— ‘ Ð<¸e×DÑDØ×%Ñ% eÑ,°Ó6ä%ØYØ—o‘o×+Ñ+ñð ð ˜+Ñ &¨'¯/©/×*CÑ*CÓ CÜ%ð=à—o‘o×+Ñ+ñð ð ˜Ó &¨-¸>Ó*IÜ%ØhØ—o‘o×+Ñ+ñð ð Ðøôcó Ü+Ø!×-Ñ-×VÔ1J×1VÑ1VØ—o‘o×+Ñ+ñðð ûð ús“&EÅ FÅAFÆFr3có•[5e)aŠDownload the request object at ``request_uri``. This method must be implemented if the ``request_uri`` parameter is supported:: class JWTAuthenticationRequest(rfc9101.JWTAuthenticationRequest): def get_request_object(self, request_uri: str): try: return requests.get(request_uri).text except requests.Exception: return None ©ÚNotImplementedError)rr3s rr@Ú+JWTAuthenticationRequest.get_request_objectÂó €ô"Ó#Ð#rcó•[5e)aÀResolve the client public key for verifying the JWT signature. A client may have many public keys, in this case, we can retrieve it via ``kid`` value in headers. Developers MUST implement this method:: class JWTAuthenticationRequest(rfc9101.JWTAuthenticationRequest): def resolve_client_public_key(self, client): if client.jwks_uri: return requests.get(client.jwks_uri).json return client.jwks rN©rr-s rÚresolve_client_public_keysÚ3JWTAuthenticationRequest.resolve_client_public_keysÐrQrcó•0$)ahReturn server metadata which includes supported grant types, response types and etc. When the ``require_signed_request_object`` claim is :data:`True`, all clients require that authorization requests use request objects, and an error will be returned when the authorization request payload is passed in the request body or query string:: class JWTAuthenticationRequest(rfc9101.JWTAuthenticationRequest): def get_server_metadata(self): return { "issuer": ..., "authorization_endpoint": ..., "require_signed_request_object": ..., } ©)rs rr;Ú,JWTAuthenticationRequest.get_server_metadataÞs €ð$ˆ rcó•g)a Return the 'require_signed_request_object' client metadata. When :data:`True`, the client requires that authorization requests use request objects, and an error will be returned when the authorization request payload is passed in the request body or query string:: class JWTAuthenticationRequest(rfc9101.JWTAuthenticationRequest): def get_client_require_signed_request_object(self, client): return client.require_signed_request_object If not implemented, the value is considered as :data:`False`. FrWrSs rr:ÚAJWTAuthenticationRequest.get_client_require_signed_request_objectòs€ðrrN)TT)Ú__name__Ú __module__Ú __qualname__Ú__firstlineno__Ú__doc__Úboolrrr#r r"rr*Ústrr+r,r@rTÚdictr;r:Ú__static_attributes__rWrrrrsÓ†ññ@7¨ð7È$õ7ð Ð-@ô ð "Ø$7ð"ØBOô"ð$)à1ð)ðð)ðð )ð ô )ðV "Ø$7ð "ØBOð "à ô "ð:Ø*ð:Ø@Cô:ðx $¨cô $ð $°ô $ð Tôð( ¸{ð Èt÷ rrN)Ú authlib.joserÚauthlib.jose.errorsrÚrfc6749rrrÚrfc6749.authenticate_clientr Úrfc6749.requestsr r Úerrorsr rrrrrWrrÚrjs5ðÝÝ)å)Ý!Ý)Ý:Ý1Ý,Ý-Ý*Ý,Ý/÷oòor