Ld,hddlmZddlmZmZddlmZmZmZm Z ddl m Z Gdde Z dZdS) )ClientAuthentication) OAuth2Request JsonRequest) OAuth2ErrorInvalidScopeErrorUnsupportedResponseTypeErrorUnsupportedGrantTypeError) scope_to_listceZdZdZddZdZdZ ddZdZdd Z d Z d Z d Z de fdZdefdZdZddZddZdZdZddZdZddZddZddZdZdS) AuthorizationServerzAuthorization server that handles Authorization Endpoint and Token Endpoint. :param scopes_supported: A list of supported scopes by this authorization server. NcZ||_i|_d|_g|_g|_i|_dSN)scopes_supported_token_generators _client_auth_authorization_grants _token_grants _endpoints)selfrs QF:\djangOuth\env\Lib\site-packages\authlib/oauth2/rfc6749/authorization_server.py__init__zAuthorizationServer.__init__s5 0!# %'"ct)zQuery OAuth client by client_id. The client model class MUST implement the methods described by :class:`~authlib.oauth2.rfc6749.ClientMixin`. NotImplementedError)r client_ids r query_clientz AuthorizationServer.query_clients "###rct)z:Define function to save the generated token into database.r)rtokenrequests r save_tokenzAuthorizationServer.save_token!!###rTc|j|}|s|jd}|std|||||||S)aGenerate the token dict. :param grant_type: current requested grant_type. :param client: the client that making the request. :param user: current authorized user. :param expires_in: if provided, use this value as expires_in. :param scope: current requested scope. :param include_refresh_token: should refresh_token be included. :return: Token dict defaultzNo configured token generator) grant_typeclientuserscope expires_ininclude_refresh_token)rget RuntimeError)rr%r&r'r(r)r*funcs rgenerate_tokenz"AuthorizationServer.generate_token%s|%))*55 9)--i88D @>?? ?t!&t5!9NPPP Prc||j|<dS)aRegister a function as token generator for the given ``grant_type``. Developers MUST register a default token generator with a special ``grant_type=default``:: def generate_bearer_token(grant_type, client, user=None, scope=None, expires_in=None, include_refresh_token=True): token = {'token_type': 'Bearer', 'access_token': ...} if include_refresh_token: token['refresh_token'] = ... ... return token authorization_server.register_token_generator('default', generate_bearer_token) If you register a generator for a certain grant type, that generator will only works for the given grant type:: authorization_server.register_token_generator('client_credentials', generate_bearer_token) :param grant_type: string name of the grant type :param func: a function to generate token N)r)rr%r-s rregister_token_generatorz,AuthorizationServer.register_token_generator=s..2z***rrc~|j |jrt|j|_||||S)zAuthenticate client via HTTP request information with the given methods, such as ``client_secret_basic``, ``client_secret_post``. )rrr)rr methodsendpoints rauthenticate_clientz'AuthorizationServer.authenticate_clientVs@   $): $ 4T5F G GD   '8<< > > > > ? ?rc6|||j|j<dS)zAdd extra endpoint to authorization server. e.g. RevocationEndpoint:: authorization_server.register_endpoint(RevocationEndpoint) :param endpoint_cls: A endpoint class N)r ENDPOINT_NAME)r endpoint_clss rregister_endpointz%AuthorizationServer.register_endpoints$7Cl46H6H 2333rc|jD].\}}||rt||||cS/t|j)zFind the authorization grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrV _create_grantr response_typerr rZr[s rget_authorization_grantz+AuthorizationServer.get_authorization_grantse (,'A K K #Y 55g>> K$Y GTJJJJJ K*7+@AAArc||}||_||}||S)zValidate current HTTP request for authorization page. This page is designed for resource owner to grant or deny the authorization. )rFr'revalidate_consent_request)rr end_usergrants rget_consent_grantz%AuthorizationServer.get_consent_grantsH,,W55 ,,W55 &&((( rc|jD].\}}||rt||||cS/t|j)zFind the token grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrWrbr r%rds rget_token_grantz#AuthorizationServer.get_token_grantse (,'9 K K #Y --g66 K$Y GTJJJJJ K'(:;;;rc||jvrtd|d|j|}||} |j||S#t$r }|||cYd}~Sd}~wwxYw)zValidate endpoint request and create endpoint response. :param name: Endpoint name :param request: HTTP request instance. :return: Response z There is no "z " endpoint.N)rr,create_endpoint_requestrNrhandle_error_response)rr?r r3r<s rcreate_endpoint_responsez,AuthorizationServer.create_endpoint_responses t & &@t@@@AA A?4(227;; >'4''):):; ; > > >--gu== = = = = = = >sA A=A82A=8A=cx||} ||}n-#t$r }|||cYd}~Sd}~wwxYw |}|||}|j|S#t$r }|||cYd}~Sd}~wwxYw)zValidate authorization request and create authorization response. :param request: HTTP request instance. :param grant_user: if granted, it is resource owner. If denied, it is None. :returns: Response N)rFrerrovalidate_authorization_requestcreate_authorization_responserNr)rr grant_userrir< redirect_urir@s rrsz1AuthorizationServer.create_authorization_responses,,W55 >0099EE+ > > >--gu== = = = = = = > > ??AAL66|ZPPD'4'. . > > >--gu== = = = = = = >s8- AA AA3B B9B4.B94B9ct||} ||}n-#t$r }|||cYd}~Sd}~wwxYw ||}|j|S#t$r }|||cYd}~Sd}~wwxYw)ziValidate token request and create token response. :param request: HTTP request instance N)rFrlr rovalidate_token_requestcreate_token_responserNr)rr rir<r@s rrxz)AuthorizationServer.create_token_responses ,,W55 >((11EE( > > >--gu== = = = = = = > >  ( ( * * *..00D'4'. . > > >--gu== = = = = = = >s8- AA AA1B B7B2,B72B7cP|j||||Sr)rNr=r;s rroz)AuthorizationServer.handle_error_responses,#t#UU4+=+=gu+M+M%N%NOOrr)NNNT)r)NN)__name__ __module__ __qualname____doc__rrr!r.r0r4r8r=rBrrFrrIrNrTr\r`rerjrlrprsrxror:rrr r s $$$$$$CG>BPPPP02222====1116$$$ $ $$$$$k$$$$$$$5555????&III B B B     < < <>>>>">>>>*>>>>$PPPPPrr cB|||}|r|D] }|||Srr:)rZr[r serverriexts rrbrbs> Igv & &E  C CJJJJ LrN)r4rrequestsrrerrorsrrrr utilr objectr rbr:rrrs55555500000000  MPMPMPMPMP&MPMPMP`r