o ˷e@sdZddlZddlZddlZddlZddlmZddlm Z ddlm Z e Z gdZ eddd gZ Gd d d ZGd d d eZGdddeZGdddeZddZdS)zFirebase credentials module.N)requests) credentials)service_account)z.https://www.googleapis.com/auth/cloud-platformz)https://www.googleapis.com/auth/datastorez5https://www.googleapis.com/auth/devstorage.read_writez(https://www.googleapis.com/auth/firebasez/https://www.googleapis.com/auth/identitytoolkitz.https://www.googleapis.com/auth/userinfo.emailAccessTokenInfo access_tokenexpiryc@s eZdZdZddZddZdS)Basez>Provides OAuth2 access tokens for accessing Firebase services.cCs |}|tt|j|jS)zFetches a Google OAuth2 access token using this credential instance. Returns: AccessTokenInfo: An access token obtained using the credential. )get_credentialrefresh_requestrtokenr)self google_credrQ/var/www/ideatree/venv/lib/python3.10/site-packages/firebase_admin/credentials.pyget_access_token/s zBase.get_access_tokencCst)z?Returns the Google credential instance used for authentication.)NotImplementedErrorr rrrr 9szBase.get_credentialN)__name__ __module__ __qualname____doc__rr rrrrr,s rcPeZdZdZdZfddZeddZeddZed d Z d d Z Z S) Certificatez9A credential initialized from a JSON certificate keyfile.rc stt|t|r%t| }t|}Wdn1swYnt|tr-|}nt d || d|j krDt d |j z t jj|td|_WdSt yc}zt d |d}~ww)a]Initializes a credential from a Google service account certificate. Service account certificates can be downloaded as JSON files from the Firebase console. To instantiate a credential from a certificate file, either specify the file path or a dict representing the parsed contents of the file. Args: cert: Path to a certificate file or a dict representing the contents of a certificate. Raises: IOError: If the specified certificate file doesn't exist or cannot be read. ValueError: If the specified certificate is invalid. Nz}Invalid certificate argument: "{0}". Certificate argument must be a file path, or a dict containing the parsed file contents.typezZInvalid service account certificate. Certificate must contain a "type" field set to "{0}".scopesz?Failed to initialize a certificate credential. Caused by: "{0}")superr__init__ _is_file_pathopenjsonload isinstancedict ValueErrorformatget_CREDENTIAL_TYPEr Credentialsfrom_service_account_info_scopes _g_credential)r cert json_file json_dataerror __class__rrrCs4   zCertificate.__init__cC|jjSN)r, project_idrrrrr5fzCertificate.project_idcCr3r4)r,signerrrrrr7jr6zCertificate.signercCr3r4)r,service_account_emailrrrrr8nr6z!Certificate.service_account_emailcC|jSzReturns the underlying Google credential. Returns: google.auth.credentials.Credentials: A Google Auth credential instance.r,rrrrr rzCertificate.get_credential) rrrrr(rpropertyr5r7r8r __classcell__rrr1rr>s #   rcs<eZdZdZfddZddZeddZdd ZZ S) ApplicationDefaultz(A Google Application Default credential.cstt|d|_dS)zCreates an instance that will use Application Default credentials. The credentials will be lazily initialized when get_credential() or project_id() is called. See those methods for possible errors raised. N)rr?rr,rr1rrr}s zApplicationDefault.__init__cC||jS)a:Returns the underlying Google credential. Raises: google.auth.exceptions.DefaultCredentialsError: If Application Default credentials cannot be initialized in the current environment. Returns: google.auth.credentials.Credentials: A Google Auth credential instance.)_load_credentialr,rrrrr sz!ApplicationDefault.get_credentialcCr@)aReturns the project_id from the underlying Google credential. Raises: google.auth.exceptions.DefaultCredentialsError: If Application Default credentials cannot be initialized in the current environment. Returns: str: The project id.)rA _project_idrrrrr5s zApplicationDefault.project_idcCs$|jstjjtd\|_|_dSdS)Nr)r,googleauthdefaultr+rBrrrrrAsz#ApplicationDefault._load_credential) rrrrrr r=r5rAr>rrr1rr?zs    r?cr) RefreshTokenz8A credential initialized from an existing refresh token.authorized_usercstt|t|r%t| }t|}Wdn1swYnt|tr-|}nt d || d|j krDt d |j t j|t|_dS)aInitializes a credential from a refresh token JSON file. The JSON must consist of client_id, client_secret and refresh_token fields. Refresh token files are typically created and managed by the gcloud SDK. To instantiate a credential from a refresh token file, either specify the file path or a dict representing the parsed contents of the file. Args: refresh_token: Path to a refresh token file or a dict representing the contents of a refresh token file. Raises: IOError: If the specified file doesn't exist or cannot be read. ValueError: If the refresh token configuration is invalid. NzInvalid refresh token argument: "{0}". Refresh token argument must be a file path, or a dict containing the parsed file contents.rzSInvalid refresh token configuration. JSON must contain a "type" field set to "{0}".)rrFrrr r!r"r#r$r%r&r'r(rr)from_authorized_user_infor+r,)r refresh_tokenr.r/r1rrrs"   zRefreshToken.__init__cCr3r4)r, client_idrrrrrJr6zRefreshToken.client_idcCr3r4)r, client_secretrrrrrKr6zRefreshToken.client_secretcCr3r4)r,rIrrrrrIr6zRefreshToken.refresh_tokencCr9r:r;rrrrr r<zRefreshToken.get_credential) rrrrr(rr=rJrKrIr r>rrr1rrFs    rFcCs&zt|WdStyYdSw)NTF)pathlibPath TypeError)pathrrrrs   r)r collectionsr!rL google.authrCgoogle.auth.transportr google.oauth2rrRequestr r+ namedtuplerrrr?rFrrrrrs"    <' 9