c")dZddlZddlZddlZddlmZmZddlmZddl m Z m Z ddl m Z dd lmZdd lmZejeZGd d e ZdS) z oauthlib.oauth2.rfc6749.endpoint.metadata ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An implementation of the `OAuth 2.0 Authorization Server Metadata`. .. _`OAuth 2.0 Authorization Server Metadata`: https://tools.ietf.org/html/rfc8414 N) grant_typesutils)AuthorizationEndpoint) BaseEndpointcatch_errors_and_unavailability)IntrospectEndpoint)RevocationEndpoint) TokenEndpointc`eZdZdZidfdZe ddZddZd Zd Z d Z d Z d Z dS)MetadataEndpointaOAuth2.0 Authorization Server Metadata endpoint. This specification generalizes the metadata format defined by `OpenID Connect Discovery 1.0` in a way that is compatible with OpenID Connect Discovery while being applicable to a wider set of OAuth 2.0 use cases. This is intentionally parallel to the way that OAuth 2.0 Dynamic Client Registration Protocol [`RFC7591`_] generalized the dynamic client registration mechanisms defined by OpenID Connect Dynamic Client Registration 1.0 in a way that is compatible with it. .. _`OpenID Connect Discovery 1.0`: https://openid.net/specs/openid-connect-discovery-1_0.html .. _`RFC7591`: https://tools.ietf.org/html/rfc7591 Tct|tsJ|D]}t|tsJtj|||_||_||_||_dS)N) isinstancedictr__init__ raise_errors endpointsinitial_claimsvalidate_metadata_serverclaims)selfrrrendpoints L/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/endpoints/metadata.pyrzMetadataEndpoint.__init__(s&$'''''! 6 6Hh 55 5 5 5 5d###("$3355 GETNcDddd}|tj|jdfS)z!Create metadata response zapplication/json*)z Content-TypezAccess-Control-Allow-Origin)jsondumpsr)ruri http_methodbodyheaderss rcreate_metadata_responsez)MetadataEndpoint.create_metadata_response3s1 /+.   4;//44rFc<|jsdS||vr&|r"td|dS|rtj||s)td|||d||vsd||vs d||vr)td|||dS|rF||ds)td|||dS|rt ||ts)td |||||D]C}t |ts*td ||||BdSdS) Nzkey {} is a mandatory metadata.zkey {}: {} must be an HTTPS URL?&#z8key {}: {} must not contain query or fragment componentshttpzkey {}: {} must be an URLzkey {}: {} must be an Arrayz/array {}: {} must contains only string (not {})) r ValueErrorformatris_secure_transport startswithrliststr)rarraykey is_requiredis_listis_url is_issuerelems rvalidate_metadataz"MetadataEndpoint.validate_metadata>s   F e   P !B!I!I#!N!NOOO P P v,U3Z88 \ !B!I!I#uUXz!Z!Z[[[eCj  C5:$5$5c 9J9J ![!b!bcfhmnqhr!s!sttt:K9J v:((00 V !!E!Ec5QT:!V!VWWWc  v v!$,,v$%V%]%]^achilcmos%t%tuuuv  v v v vrc*|j|j|dddg||dd||dd||dddd S) z If the token endpoint is used in the grant type, the value of this parameter MUST be the same as the value of the "grant_type" parameter passed to the token endpoint defined in the grant type definition. %token_endpoint_auth_methods_supportedclient_secret_postclient_secret_basicTr50token_endpoint_auth_signing_alg_values_supportedtoken_endpointr4r6N) _grant_typesextendkeys setdefaultr9rrrs rvalidate_metadata_tokenz(MetadataEndpoint.validate_metadata_tokenWs   !6!;!;!=!=>>>ADXZoCpqqq v'NX\]]] v'Ycghhh v'7TRVWWWWWrc |dttd|j|dddgd|dvr|jd||ddd ||dd d |dvr|jd }t|tj st|d r|j }|d t|j ||d d ||ddddS)Nresponse_types_supportedc|dkS)Nnone)xs rzBMetadataEndpoint.validate_metadata_authorization..gs V rresponse_modes_supportedqueryfragmenttokenimplicitT)r4r5r>code default_grant code_challenge_methods_supportedauthorization_endpointrA)rEr0filter_response_typesrDrBappendr9rrAuthorizationCodeGranthasattrrU_code_challenge_methods)rrr code_grants rvalidate_metadata_authorizationz0MetadataEndpoint.validate_metadata_authorizationes4v&;&;X=U=Z=Z=\=\]]^^ ` ` `4w 6KLLL f78 8 8   $ $Z 0 0 0 v'At]abbb v'A4PPP V67 7 7!1&9Jj+*LMM 6RYZdfuRvRv 6'5   @":#E#J#J#L#LMM O O O  " "6+MW[ " \ \ \ v'?TZ^_____rc|dddg||dd||dd||ddddS) N*revocation_endpoint_auth_methods_supportedr<r=Tr>5revocation_endpoint_auth_signing_alg_values_supportedrevocation_endpointrArEr9rFs rvalidate_metadata_revocationz-MetadataEndpoint.validate_metadata_revocation|sF/1FG I I I v'S]abbb v'^hlmmm v'<$W[\\\\\rc|dddg||dd||dd||ddddS) N-introspection_endpoint_auth_methods_supportedr<r=Tr>8introspection_endpoint_auth_signing_alg_values_supportedintrospection_endpointrArdrFs rvalidate_metadata_introspectionz0MetadataEndpoint.validate_metadata_introspectionsI/1FG I I I v'V`deee v'akoppp v'?TZ^_____rcjtj|j}||ddd||dd||dd||dd||d d||d d||d dg|_|jD]}t |tr|||t |tr| ||t |tr| ||t |tr||||d |j||d d|S) a Authorization servers can have metadata describing their configuration. The following authorization server metadata values are used by this specification. More details can be found in `RFC8414 section 2`_ : issuer REQUIRED authorization_endpoint URL of the authorization server's authorization endpoint [`RFC6749#Authorization`_]. This is REQUIRED unless no grant types are supported that use the authorization endpoint. token_endpoint URL of the authorization server's token endpoint [`RFC6749#Token`_]. This is REQUIRED unless only the implicit grant type is supported. scopes_supported RECOMMENDED. response_types_supported REQUIRED. Other OPTIONAL fields: jwks_uri, registration_endpoint, response_modes_supported grant_types_supported OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports. The array values used are the same as those used with the "grant_types" parameter defined by "OAuth 2.0 Dynamic Client Registration Protocol" [`RFC7591`_]. If omitted, the default value is "["authorization_code", "implicit"]". token_endpoint_auth_methods_supported token_endpoint_auth_signing_alg_values_supported service_documentation ui_locales_supported op_policy_uri op_tos_uri revocation_endpoint revocation_endpoint_auth_methods_supported revocation_endpoint_auth_signing_alg_values_supported introspection_endpoint introspection_endpoint_auth_methods_supported introspection_endpoint_auth_signing_alg_values_supported code_challenge_methods_supported Additional authorization server metadata parameters MAY also be used. Some are defined by other specifications, such as OpenID Connect Discovery 1.0 [`OpenID.Discovery`_]. .. _`RFC8414 section 2`: https://tools.ietf.org/html/rfc8414#section-2 .. _`RFC6749#Authorization`: https://tools.ietf.org/html/rfc6749#section-3.1 .. _`RFC6749#Token`: https://tools.ietf.org/html/rfc6749#section-3.2 .. _`RFC7591`: https://tools.ietf.org/html/rfc7591 .. _`OpenID.Discovery`: https://openid.net/specs/openid-connect-discovery-1_0.html issuerT)r4r7jwks_uri)r6scopes_supportedr>service_documentationui_locales_supported op_policy_uri op_tos_urigrant_types_supported)copydeepcopyrr9rBrrr rGrr_r rer rjrErFs rrz)MetadataEndpoint.validate_metadata_serversTt233 vxTTRRR vz$??? v'94HHH v'>tLLL v'=tLLL vtDDD v|DAAA G GH(M22 ?,,VX>>>($9:: G44VXFFF($677 D11&(CCC($677 G44VXFFF 143DEEE v'>MMM r)rNN)FFFF) __name__ __module__ __qualname____doc__rr r&r9rGr_rerjrrLrrrrs  *,$ 6 6 6 6%DH)-555%$5vvvv2 X X X```.]]]```bbbbbrr)ryrtr loggingrr authorizationrbaserr introspectr revocationr rRr getLoggerrvlogrrLrrrs !!!!!!!!000000????????************ g!!WWWWW|WWWWWr