)dZddlmZmZddlZddlZddlZddlmZddl m Z m Z ddl m Z dd lmZdd lmZdd lmZd d lmZej,eZGdde Zy)zoauthlib.oauth2.rfc6749.endpoint.metadata ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An implementation of the `OAuth 2.0 Authorization Server Metadata`. .. _`OAuth 2.0 Authorization Server Metadata`: https://tools.ietf.org/html/rfc8414 )absolute_importunicode_literalsN) unicode_type) BaseEndpointcatch_errors_and_unavailability)AuthorizationEndpoint)IntrospectEndpoint) TokenEndpoint)RevocationEndpoint) grant_typescbeZdZdZidfdZe d dZ d dZdZdZ d Z d Z d Z y)MetadataEndpointaOAuth2.0 Authorization Server Metadata endpoint. This specification generalizes the metadata format defined by `OpenID Connect Discovery 1.0` in a way that is compatible with OpenID Connect Discovery while being applicable to a wider set of OAuth 2.0 use cases. This is intentionally parallel to the way that OAuth 2.0 Dynamic Client Registration Protocol [`RFC7591`_] generalized the dynamic client registration mechanisms defined by OpenID Connect Dynamic Client Registration 1.0 in a way that is compatible with it. .. _`OpenID Connect Discovery 1.0`: https://openid.net/specs/openid-connect-discovery-1_0.html .. _`RFC7591`: https://tools.ietf.org/html/rfc7591 Tct|tsJ|D]}t|trJtj|||_||_||_|j|_y)N) isinstancedictr__init__ raise_errors endpointsinitial_claimsvalidate_metadata_serverclaims)selfrrrendpoints =lib/third_party/oauthlib/oauth2/rfc6749/endpoints/metadata.pyrzMetadataEndpoint.__init__+sc fd ## # , // /$$DDN D//1DKNcNddi}|tj|jdfS)zCreate metadata responsez Content-Typezapplication/json)jsondumpsr)ruri http_methodbodyheaderss rcreate_metadata_responsez)MetadataEndpoint.create_metadata_response6s)12G DJJt{{+S 00rct|jsy||vr|rtdj|y|rf||jdstdj|||d||vsd||vsd||vrtdj|||y|r3||jdstd j|||y|rkt ||t std j|||||D]1}t |t rtd j||||yy) Nzkey {} is a mandatory metadata.httpszkey {}: {} must be an HTTPS URL?&#z8key {}: {} must not contain query or fragment componentshttpzkey {}: {} must be an URLzkey {}: {} must be an Arrayz/array {}: {} must contains only string (not {}))r ValueErrorformat startswithrlistr)rarraykey is_requiredis_listis_url is_issuerelems rvalidate_metadataz"MetadataEndpoint.validate_metadata@sj     % :AA#FGG   3Z " "7 +:AA s  c cU3Z/3%*3D F M MU3Z !" "4E  3Z " "6 *4;;CsLMM+  c D )6==c5:NOO*$$ -?FFuSz4)* * rc |jj|jj|jdddg|j |dd|j |dd|j |dddy ) z If the token endpoint is used in the grant type, the value of this parameter MUST be the same as the value of the "grant_type" parameter passed to the token endpoint defined in the grant type definition. %token_endpoint_auth_methods_supportedclient_secret_postclient_secret_basicTr50token_endpoint_auth_signing_alg_values_supportedtoken_endpointr4r6N) _grant_typesextendkeys setdefaultr9rrrs rvalidate_metadata_tokenz(MetadataEndpoint.validate_metadata_tokends X22779: =+-BCE 7G:  d4Arc |jdttd|jj |jdddgd|dvr|j j d|j|ddd |j|dd d |dvr|jd }t|tjst|d r |j}|jd t|jj |j|d d |j|dddy)Nresponse_types_supportedc |dk7S)Nnone)xs rzBMetadataEndpoint.validate_metadata_authorization..{sa6krresponse_modes_supportedqueryfragmenttokenimplicitT)r4r5r>code default_grant code_challenge_methods_supportedauthorization_endpointrA)rEr1filter_response_typesrDrBappendr9rrAuthorizationCodeGranthasattrrU_code_challenge_methods)rrr code_grants rvalidate_metadata_authorizationz0MetadataEndpoint.validate_metadata_authorizationxsP " V)8+C+C+H+H+J KLN 07J2GH &344 z**dL6#=tL 233++F3j  #::<@G&A9--  :Z??DDFGI  4dD(d4Irc|jdddg|j|dd|j|dd|j|dddy) N*revocation_endpoint_auth_methods_supportedr<r=Tr>5revocation_endpoint_auth_signing_alg_values_supportedrevocation_endpointrArEr9rFs rvalidate_metadata_revocationz-MetadataEndpoint.validate_metadata_revocationsw B+-BCE 8introspection_endpoint_auth_signing_alg_values_supportedintrospection_endpointrArdrFs rvalidate_metadata_introspectionz0MetadataEndpoint.validate_metadata_introspectionsw E+-BCE ?OB (d4Irctj|j}|j|ddd|j|dd|j|dd|j|dd|j|d d|j|d d|j|d dg|_|j D]}t |tr|j||t |tr|j||t |tr|j||t |tsz|j|||jd |j|j|d d|S) a Authorization servers can have metadata describing their configuration. The following authorization server metadata values are used by this specification. More details can be found in `RFC8414 section 2`_ : issuer REQUIRED authorization_endpoint URL of the authorization server's authorization endpoint [`RFC6749#Authorization`_]. This is REQUIRED unless no grant types are supported that use the authorization endpoint. token_endpoint URL of the authorization server's token endpoint [`RFC6749#Token`_]. This is REQUIRED unless only the implicit grant type is supported. scopes_supported RECOMMENDED. response_types_supported REQUIRED. * Other OPTIONAL fields: jwks_uri registration_endpoint response_modes_supported grant_types_supported OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports. The array values used are the same as those used with the "grant_types" parameter defined by "OAuth 2.0 Dynamic Client Registration Protocol" [`RFC7591`_]. If omitted, the default value is "["authorization_code", "implicit"]". token_endpoint_auth_methods_supported token_endpoint_auth_signing_alg_values_supported service_documentation ui_locales_supported op_policy_uri op_tos_uri revocation_endpoint revocation_endpoint_auth_methods_supported revocation_endpoint_auth_signing_alg_values_supported introspection_endpoint introspection_endpoint_auth_methods_supported introspection_endpoint_auth_signing_alg_values_supported code_challenge_methods_supported Additional authorization server metadata parameters MAY also be used. Some are defined by other specifications, such as OpenID Connect Discovery 1.0 [`OpenID.Discovery`_]. .. _`RFC8414 section 2`: https://tools.ietf.org/html/rfc8414#section-2 .. _`RFC6749#Authorization`: https://tools.ietf.org/html/rfc6749#section-3.1 .. _`RFC6749#Token`: https://tools.ietf.org/html/rfc6749#section-3.2 .. _`RFC7591`: https://tools.ietf.org/html/rfc7591 .. _`OpenID.Discovery`: https://openid.net/specs/openid-connect-discovery-1_0.html issuerT)r4r7jwks_uri)r6scopes_supportedr>service_documentationui_locales_supported op_policy_uri op_tos_urigrant_types_supported)copydeepcopyrr9rBrrr rGr r_r rer rjrErFs rrz)MetadataEndpoint.validate_metadata_serversf\]]4.. /F68N6:d;6#5tD6#:4H6#94H6?4@6<=DNN Hm , $$VX6 H3 4 ,,VX> H0 1 ))&(; H0 1 ,,VX># -t/@/@A6#:DI Mr)GETNN)FFFF) __name__ __module__ __qualname____doc__rr r'r9rGr_rerjrrLrrrrsd (* 2#,1$('+ 1#1%* %$"' "*HA(I: F Ifrr)rz __future__rrrtr!loggingcommonrbaserr authorizationr introspectr rRr revocationr r getLoggerrwlogrrLrrrsM9 #?0* *g!{|{r