VdZddlZddlmZddlmZdZdZdZ d dZ d Z ddifd Z y) aRClient for interacting with the Reauth HTTP API. This module provides the ability to do the following with the API: 1. Get a list of challenges needed to obtain additional authorization. 2. Send the result of the challenge to obtain a rapt token. 3. A modified version of the standard OAuth2.0 refresh grant that takes a rapt token. N)urllib)errorsz)https://reauth.googleapis.com/v2/sessionscDd|vrtj|dd|S)zRaise an exception if msg has errors. Args: msg: parsed json from http response. Returns: input response. Raises: ReauthAPIError errormessage)rReauthAPIError)msgs 7platform/bq/third_party/google_reauth/_reauth_client.py_handle_errorsr #s*#~##CL$;<< Jc |djt|dtj|ddj|i\}}tj|}t ||S)Nz{0}{1}POST Authorizationz Bearer {0}urimethodbodyheaders)format _REAUTH_APIjsondumpsloadsr ) http_requestpathr access_token_contentresponses r _endpoint_requestr 1s] OOK . ZZ  ,"5"5l"CD JAw zz'"H8 Or c4d|i}|r||d<t|d||S)aDoes initial request to reauth API to get the challenges. Args: http_request (Callable): callable to run http requests. Accepts uri, method, body and headers. Returns a tuple: (response, content) supported_challenge_types (Sequence[str]): list of challenge names supported by the manager. access_token (str): Access token with reauth scopes. requested_scopes (list[str]): Authorized scopes for the credentials. Returns: dict: The response from the reauth API. supportedChallengeTypes oauthScopesForDomainPolicyLookupz:start)r )rsupported_challenge_typesrrequested_scopesrs r get_challengesr&=s3 &'@ AD3C /0 hl 44r cJ||d|d}t|dj|||S)aAttempt to refresh access token by sending next challenge result. Args: http_request (Callable): callable to run http requests. Accepts uri, method, body and headers. Returns a tuple: (response, content) session_id (str): session id returned by the initial reauth call. challenge_id (str): challenge id returned by the initial reauth call. client_input: dict with a challenge-specific client input. For example: ``{'credential': password}`` for password challenge. access_token (str): Access token with reauth scopes. Returns: dict: The response from the reauth API. RESPOND) sessionId challengeIdactionproposalResponsez /{0}:continue)r r)r session_id challenge_id client_inputrrs r send_challenge_resultr0Us<" #(  D o,,Z8$  NNr cd|||d}|r||d<|r||d<tjj|} ||d| |\} } | | fS)aImplements the OAuth 2.0 Refresh Grant with the addition of the reauth token. Args: http_request (Callable): callable to run http requests. Accepts uri, method, body and headers. Returns a tuple: (response, content) client_id (str): client id to get access token for reauth scope. client_secret (str): client secret for the client_id refresh_token (str): refresh token to refresh access token token_uri (str): uri to refresh access token scopes (str): scopes required by the client application as a comma-joined list. rapt (str): RAPT token headers (dict): headers for http request Returns: Tuple[str, dict]: http response and parsed response content. refresh_token) grant_type client_id client_secretr2scoperaptrr)rparse urlencode) rr4r5r2 token_uriscopesr7r parametersrrrs r refresh_grantr=pso,&&& J$ 7 ! 6 << ! !* -D$   Hg W r )N) __doc__r six.movesr google_reauthrrr r r&r0r=r r rBsB   9   40N:T2)r