o ˷e2@sdZddlZddlZddlZddlmZddlmZddlmZddlm Z ddlm Z dZ d Z d Z d Zd d ZddZ dddZ dddZddZddZddZ  dddZdS)aOAuth 2.0 client. This is a client for interacting with an OAuth 2.0 authorization server's token endpoint. For more information about the token endpoint, see `Section 3.1 of rfc6749`_ .. _Section 3.1 of rfc6749: https://tools.ietf.org/html/rfc6749#section-3.2 N) http_client)urllib)_helpers) exceptions)jwtz!application/x-www-form-urlencodedzapplication/jsonz+urn:ietf:params:oauth:grant-type:jwt-bearer refresh_tokenc Cs^t|tjr t|z d|d|d}Wnttfy(t |}Ynwt||)zTranslates an error response into an exception. Args: response_data (Mapping | str): The decoded response data. Raises: google.auth.exceptions.RefreshError: The errors contained in response_data. z{}: {}errorerror_description) isinstancesix string_typesr RefreshErrorformatgetKeyError ValueErrorjsondumps) response_data error_detailsrL/var/www/ideatree/venv/lib/python3.10/site-packages/google/oauth2/_client.py_handle_error_response+s  rcCs,|dd}|durttj|dSdS)zParses the expiry field from a response into a datetime. Args: response_data (Mapping): The JSON-parsed response data. Returns: Optional[datetime]: The expiration or ``None`` if no expiration was specified. expires_inN)seconds)rrutcnowdatetime timedelta)rrrrr _parse_expiryAs rFc Ks(|rdti}t|d}n dti}tj|d}|r%d||d<d} |dd|||d|}t |j d r@|j dn|j } |j t jkrSt| } d| fSz2t| } | d p_d } | d pfd } td d| | fDr||dkr|d7}Wq'Wd| fSWd| fSty| } Yd| fSw)aMakes a request to the OAuth 2.0 authorization server's token endpoint. This function doesn't throw on response errors. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. access_token (Optional(str)): The access token needed to make the request. use_json (Optional(bool)): Use urlencoded format or json format for the content type. The default value is False. kwargs: Additional arguments passed on to the request method. The kwargs will be passed to `requests.request` method, see: https://docs.python-requests.org/en/latest/api/#requests.request. For example, you can use `cert=("cert_pem_path", "key_pem_path")` to set up client side SSL certificate, and use `verify="ca_bundle_path"` to set up the CA certificates for sever side SSL certificate verification. Returns: Tuple(bool, Mapping[str, str]): A boolean indicating if the request is successful, and a mapping for the JSON-decoded response data. z Content-Typezutf-8z Bearer {} AuthorizationrTPOST)methodurlheadersbodydecoder rcss|]}|dkVqdS)internal_failureNr).0errr sz3_token_endpoint_request_no_throw..FNr)_JSON_CONTENT_TYPErrencode_URLENCODED_CONTENT_TYPErparse urlencoderhasattrdatar%statusrOKloadsranyr) request token_urir$ access_tokenuse_jsonkwargsr#retryresponse response_bodyr error_desc error_coderrr _token_endpoint_request_no_throwSsN     rAcKs.t|||f||d|\}}|st||S)aMakes a request to the OAuth 2.0 authorization server's token endpoint. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. access_token (Optional(str)): The access token needed to make the request. use_json (Optional(bool)): Use urlencoded format or json format for the content type. The default value is False. kwargs: Additional arguments passed on to the request method. The kwargs will be passed to `requests.request` method, see: https://docs.python-requests.org/en/latest/api/#requests.request. For example, you can use `cert=("cert_pem_path", "key_pem_path")` to set up client side SSL certificate, and use `verify="ca_bundle_path"` to set up the CA certificates for sever side SSL certificate verification. Returns: Mapping[str, str]: The JSON-decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. )r9r:)rAr)r7r8r$r9r:r;response_status_okrrrr_token_endpoint_requests rCc Csr|td}t|||}z|d}Wnty/}ztd|}t||WYd}~nd}~wwt|}|||fS)aImplements the JWT Profile for OAuth 2.0 Authorization Grants. For more details, see `rfc7523 section 4`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. assertion (str): The OAuth 2.0 assertion. Returns: Tuple[str, Optional[datetime], Mapping[str, str]]: The access token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc7523 section 4: https://tools.ietf.org/html/rfc7523#section-4  assertion grant_typer9No access token in response.N)_JWT_GRANT_TYPErCrrr r raise_fromr) r7r8rEr$rr9 caught_excnew_excexpiryrrr jwt_grants     rMc Cs|td}t|||}z|d}Wnty/}ztd|}t||WYd}~nd}~wwtj|dd}t j |d} || |fS)aImplements the JWT Profile for OAuth 2.0 Authorization Grants, but requests an OpenID Connect ID Token instead of an access token. This is a variant on the standard JWT Profile that is currently unique to Google. This was added for the benefit of authenticating to services that require ID Tokens instead of access tokens or JWT bearer tokens. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorization server's token endpoint URI. assertion (str): JWT token signed by a service account. The token's payload must include a ``target_audience`` claim. Returns: Tuple[str, Optional[datetime], Mapping[str, str]]: The (encoded) Open ID Connect ID Token, expiration, and additional data returned by the endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. rDid_tokenzNo ID token in response.NF)verifyexp) rHrCrrr r rIrr%rutcfromtimestamp) r7r8rEr$rrNrJrKpayloadrLrrrid_token_jwt_grants     rSc Csjz|d}Wnty$}ztd|}t||WYd}~nd}~ww|d|}t|}||||fS)aWExtract tokens from refresh grant response. Args: response_data (Mapping[str, str]): Refresh grant response data. refresh_token (str): Current refresh token. Returns: Tuple[str, str, Optional[datetime], Mapping[str, str]]: The access token, refresh token, expiration, and additional data returned by the token endpoint. If response_data doesn't have refresh token, then the current refresh token will be returned. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. r9rGNr)rrr r rIrr)rrr9rJrKrLrrr_handle_refresh_grant_responses    rTc CsBt|||d}|rd||d<|r||d<t|||}t||S)aImplements the OAuth 2.0 refresh token grant. For more details, see `rfc678 section 6`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. refresh_token (str): The refresh token to use to get a new access token. client_id (str): The OAuth 2.0 application's client ID. client_secret (str): The Oauth 2.0 appliaction's client secret. scopes (Optional(Sequence[str])): Scopes to request. If present, all scopes must be authorized for the refresh token. Useful if refresh token has a wild card scope (e.g. 'https://www.googleapis.com/auth/any-api'). rapt_token (Optional(str)): The reauth Proof Token. Returns: Tuple[str, str, Optional[datetime], Mapping[str, str]]: The access token, new or current refresh token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc6748 section 6: https://tools.ietf.org/html/rfc6749#section-6 )rF client_id client_secretr scoperapt)_REFRESH_GRANT_TYPEjoinrCrT) r7r8rrUrVscopes rapt_tokenr$rrrr refresh_grant,s(  r^)NF)NN)__doc__rrr six.movesrr google.authrrrr.r,rHrZrrrArCrMrSrTr^rrrrs2       J %%)#