U {Zg|]@s|ddlZddlmZmZddlmZmZddlmZddlmZm Z ddl Z e e Z GdddeZGdd d e jZdS) N)generate_token urldecode)WebApplicationClientInsecureTransportError)LegacyApplicationClient)TokenExpiredErroris_secure_transportcseZdZfddZZS) TokenUpdatedcstt|||_dSN)superr __init__token)selfr  __class__D/tmp/pip-unpacked-wheel-dr3g6iil/requests_oauthlib/oauth2_session.pyr szTokenUpdated.__init__)__name__ __module__ __qualname__r __classcell__rrrrr sr cseZdZdZd&fdd ZeddZejddZdd Zed d Z e jd d Z e j d d Z eddZ e jddZ eddZ e jddZ e j ddZ eddZ d'ddZd(ddZddZd)d d!Zd*fd"d# Zd$d%ZZS)+ OAuth2Sessiona*Versatile OAuth 2 extension to :class:`requests.Session`. Supports any grant type adhering to :class:`oauthlib.oauth2.Client` spec including the four core OAuth 2 grants. Can be used to create authorization urls, fetch tokens and access protected resources using the :class:`requests.Session` interface you are used to. - :class:`oauthlib.oauth2.WebApplicationClient` (default): Authorization Code Grant - :class:`oauthlib.oauth2.MobileApplicationClient`: Implicit Grant - :class:`oauthlib.oauth2.LegacyApplicationClient`: Password Credentials Grant - :class:`oauthlib.oauth2.BackendApplicationClient`: Client Credentials Grant Note that the only time you will be using Implicit Grant from python is if you are driving a user agent able to obtain URL fragments. Nc  stt|jf| |p t||d|_|p*i|_||_||_|p@t|_ ||_ ||_ |pVi|_ | |_ | |_|jdkrtd|j|jdd|_tttttd|_dS)aConstruct a new OAuth 2 client session. :param client_id: Client id obtained during registration :param client: :class:`oauthlib.oauth2.Client` to be used. Default is WebApplicationClient which is useful for any hosted application but not mobile or desktop. :param scope: List of scopes you wish to request access to :param redirect_uri: Redirect URI you registered as callback :param token: Token dictionary, must include access_token and token_type. :param state: State string used to prevent CSRF. This will be given when creating the authorization url and must be supplied when parsing the authorization response. Can be either a string or a no argument callable. :auto_refresh_url: Refresh token endpoint URL, must be HTTPS. Supply this if you wish the client to automatically refresh your access tokens. :auto_refresh_kwargs: Extra arguments to pass to the refresh token endpoint. :token_updater: Method with one argument, token, to be used to update your token database on automatic token refresh. If not set a TokenUpdated warning will be raised when a token has been refreshed. This warning will carry the token in its token argument. :param pkce: Set "S256" or "plain" to enable PKCE. Default is disabled. :param kwargs: Arguments to pass to the Session constructor. )r )ZS256plainNzWrong value for {}(.., pkce={})cSs|Sr r)rrrr^z(OAuth2Session.__init__..)access_token_responserefresh_token_responseprotected_requestrefresh_token_requestaccess_token_requestN)r rr r_clientr _scope redirect_urirstate_stateauto_refresh_urlauto_refresh_kwargs token_updater_pkceAttributeErrorformatrauthsetcompliance_hook) r client_idclientr&r'scoper#r r$r(Zpkcekwargsrrrr $s()     zOAuth2Session.__init__cCs*|jdk r|jS|jdk r"|jjSdSdS)zBBy default the scope from the client is used, except if overriddenN)r"r!r1rrrrr1js   zOAuth2Session.scopecCs ||_dSr )r")rr1rrrr1tscCsNz||_td|jWn*tk rF|j|_td|jYnX|jS)z6Generates a state string to be used in authorizations.zGenerated new state %s.z&Re-using previously supplied state %s.)r$r%logdebug TypeErrorr3rrr new_statexs zOAuth2Session.new_statecCst|jddS)Nr/getattrr!r3rrrr/szOAuth2Session.client_idcCs ||j_dSr r!r/rvaluerrrr/scCs |j`dSr r:r3rrrr/scCst|jddS)Nr r8r3rrrr szOAuth2Session.tokencCs||j_|j|dSr )r!r Zpopulate_token_attributesr;rrrr scCst|jddS)N access_tokenr8r3rrrr=szOAuth2Session.access_tokencCs ||j_dSr r!r=r;rrrr=scCs |j`dSr r>r3rrrr=scCs t|jS)aBoolean that indicates whether this session has an OAuth token or not. If `self.authorized` is True, you can reasonably expect OAuth-protected requests to the resource to succeed. If `self.authorized` is False, you need the user to go through the OAuth authentication dance before OAuth-protected requests to the resource will succeed. )boolr=r3rrr authorizeds zOAuth2Session.authorizedcKsf|p |}|jrB|jd|_|j|d<|jj|j|jd|d<|jj|f|j|j|d||fS)aFForm an authorization URL. :param url: Authorization endpoint url, must be HTTPS. :param state: An optional state string for CSRF protection. If not given it will be generated for you. :param kwargs: Extra parameters to include. :return: authorization_url, state +code_challenge_method) code_verifierrBZcode_challenge)r#r1r$) r7r)r!Zcreate_code_verifier_code_verifierZcreate_code_challengeZprepare_request_urir#r1)rurlr$r2rrrauthorization_urls&   zOAuth2Session.authorization_urlPOSTFc Kst|st|s2|r2|jj||jd|jj}n$|sVt|jtrV|jj}|sVtd|j rx|j dkrntd|j |d<t|jt r|dkrtd|dkrtd|dk r||d<|dk r||d <|dk r|dkrd }nB|d k r|j }|rt d ||dk r |nd }tj||}|r4|dk r4||d<|jjf|||j|d|}| p`ddd} i|_i}|dkrtt||| rdnd<n(|dkrtt||d<ntd|jdD]$}t d|||| |\}} }q|jf||| | || | |d|}t d|jt d|jjt d|jjt d|jjt d|j|jt d t|jd!|jd!D]}t d"|||}q|jj |j|j!d#|jj|_t d$|j|jS)%a Generic method for fetching an access token from the token endpoint. If you are using the MobileApplicationClient you will want to use `token_from_fragment` instead of `fetch_token`. The current implementation enforces the RFC guidelines. :param token_url: Token endpoint URL, must use HTTPS. :param code: Authorization code (used by WebApplicationClients). :param authorization_response: Authorization response URL, the callback URL of the request back to you. Used by WebApplicationClients instead of code. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param username: Username required by LegacyApplicationClients to appear in the request body. :param password: Password required by LegacyApplicationClients to appear in the request body. :param method: The HTTP method used to make the request. Defaults to POST, but may also be GET. Other methods should be added as needed. :param force_querystring: If True, force the request body to be sent in the querystring instead. :param timeout: Timeout of the request in seconds. :param headers: Dict to default request headers with. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument is passed onto `requests`. :param include_client_id: Should the request body include the `client_id` parameter. Default is `None`, which will attempt to autodetect. This can be forced to always include (True) or never include (False). :param client_secret: The `client_secret` paired to the `client_id`. This is generally required unless provided in the `auth` tuple. If the value is `None`, it will be omitted from the request, however if the value is an empty string, an empty string will be sent. :param cert: Client certificate to send for OAuth 2.0 Mutual-TLS Client Authentication (draft-ietf-oauth-mtls). Can either be the path of a file containing the private key and certificate or a tuple of two filenames for certificate and key. :param kwargs: Extra parameters to include in the token request. :return: A token dict r$z?Please supply either code or authorization_response parameters.NzFCode verifier is not found, authorization URL must be generated beforerCzQ`LegacyApplicationClient` requires both the `username` and `password` parameters.zGThe required parameter `username` was supplied, but `password` was not.usernamepasswordFTzIEncoding `client_id` "%s" with `client_secret` as Basic auth credentials.rG client_secret)codebodyr#include_client_idapplication/json!application/x-www-form-urlencodedAcceptz Content-TyperHparamsdataGETz%The method kwarg must be POST or GET.r z&Invoking access_token_request hook %s.)methodrEtimeoutheadersr,verifyproxiescertz0Request to fetch token completed with status %s.zRequest url was %szRequest headers were %szRequest body was %s(Response headers were %s and content %s.!Invoking %d token response hooks.rInvoking hook %s.r1zObtained token %s.)"rrr!parse_request_uri_responser%rM isinstancer ValueErrorr)rDrr/r4r5requestsr, HTTPBasicAuthZprepare_request_bodyr#r upperdictrr.request status_coderErYrNtextlenparse_request_body_responser1)r token_urlrMauthorization_responserNr,rJrKrWZforce_querystringrXrYrZr[rOrLr\r2r/Zrequest_kwargshookrrrr fetch_tokensA             zOAuth2Session.fetch_tokencCs"|jj||jd|jj|_|jS)zParse token from the URI fragment, used by MobileApplicationClients. :param authorization_response: The full URL of the redirect back to you :return: A token dict rI)r!rar%r )rrnrrrtoken_from_fragments  z!OAuth2Session.token_from_fragmentc Ksf|s tdt|st|p(|jd}td|j| |j|j j f|||j d| }td||dkr~ddd }|j d D]"} td | | |||\}}}q|j |tt|||||d |d } td| jtd| j| jtdt|j d|j dD]} td| | | } q|j j| j|j d|_d|jkr`td||jd<|jS)aFetch a new access token using a refresh token. :param token_url: The token endpoint, must be HTTPS. :param refresh_token: The refresh_token to use. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param timeout: Timeout of the request in seconds. :param headers: A dict of headers to be used by `requests`. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument will be passed to `requests`. :param kwargs: Extra parameters to include in the token request. :return: A token dict z'No token endpoint set for auto_refresh. refresh_tokenz*Adding auto refresh key word arguments %s.)rNrrr1z&Prepared refresh token request body %sNrPrQrRrz'Invoking refresh_token_request hook %s.T)rUr,rXrYrZwithhold_tokenr[z2Request to refresh token completed with status %s.r]r^rr_r`z)No new refresh token given. Re-using old.)rcrrr getr4r5r'updater!Zprepare_refresh_bodyr1r.postrgrrirYrjrkrl) rrmrrrNr,rXrYrZr[r2rorrrrrrsb           zOAuth2Session.refresh_tokenc st|st|jrR|sRtdt|jd|jdD]"} td| | |||\}}}qs