! " & "jF7O  I''*f44'A-'P'PF# $.2.HF* +, - -A1 #5#5 M!,q   n'      Ezr9POSTc |p|j}|dd} | rd| vr|| |S||} | r"d| vrd}t | |} | d|d<||jd}|t|}||jd<|j||fi|}|| |j }|t}||jd }|j |f||||d | S) aGeneric method for fetching an access token from the token endpoint. :param url: Access Token endpoint URL, if not configured, ``authorization_response`` is used to extract token from its fragment (implicit way). :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param method: The HTTP method used to make the request. Defaults to POST, but may also be GET. Other methods should be added as needed. :param headers: Dict to default request headers with. :param auth: An auth tuple or method as accepted by requests. :param grant_type: Use specified grant_type to fetch token. :param state: Optional "state" value to fetch token. :return: A :class:`OAuth2Token` object (a dict too). authorization_responseN#zcode=authorization_code)r$rL grant_typetoken_endpoint)bodyr>methodheaders) r$r-token_from_fragment_extract_session_request_paramsr r/rO_guess_grant_type_prepare_token_endpoint_bodyrDr%DEFAULT_HEADERS _fetch_token) r4rQr_r`rar>r]r$rSrZsession_kwargsparamss r7 fetch_tokenzOAuth2Client.fetch_tokenso6#!',Dd!K!K ! Kc-C&C&C++,BEJJ J==fEE ! ,g1G&G&G-J6&F$F^F6N  **<88J  *622J*4DM, '0t0zLLVLL <##D$CDDD ?%G ;-##$455C t  fg  IW   r9ct||}d|vr0||d|d||_|S)Nerrorerror_descriptionrl description)r oauth_error_classrOr5)r4rZr$r5s r7rbz OAuth2Client.token_from_fragments^'(>FF e  ((Gn%))) rcr5rOr'r rfcopyr/r1rDr%_refresh_token) r4rQrrr_r>rarSrhhooks r7rrzOAuth2Client.refresh_tokens1==fEE%H)H)H & TZ "jF7O$ T  1> BH   ?%**,,G ;-##$455C()@A : :D!%c7D!9!9 C$$ <##D$CDDD"t"  '       r9c||j}||jsdS|d}|jd}|r|r|||dS|jddkr?|d}||d }|jr||| dSdS) N)r3Trrr^rrr]client_credentials access_token)r])ry)r5 is_expiredr3rOr/rrrjr,)r4r5rrrQry new_tokens r7ensure_active_tokenz OAuth2Client.ensure_active_token-s =JEt{33 4 /22 m 011  S    s-  @ @ @4 ]  | , ,0D D D 0L((9M(NNI  H!!),!GGG4 E Dr9c d|||j}|jd|f|||||d|S)aRevoke token method defined via `RFC7009`_. :param url: Revoke Token endpoint, must be HTTPS. :param token: The token to be revoked. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Revocation Response .. _`RFC7009`: https://tools.ietf.org/html/rfc7009 Nrr5token_type_hintr_r>ra)rDr&_handle_token_hintr4rQr5rr_r>rarSs r7 revoke_tokenzOAuth2Client.revoke_token>sa0 <##D$HIID&t& "   +      r9c d|||j}|jd|f|||||d|S)aImplementation of OAuth 2.0 Token Introspection defined via `RFC7662`_. :param url: Introspection Endpoint, must be HTTPS. :param token: The token to be introspected. :param token_type_hint: The type of the token that to be revoked. It can be "access_token" or "refresh_token". :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by requests. :param headers: Dict to default request headers with. :return: Introspection Response .. _`RFC7662`: https://tools.ietf.org/html/rfc7662 Nr r~)rDr%rrs r7introspect_tokenzOAuth2Client.introspect_tokencsa0 <##D$CDDD&t& &   +      r9c|dkr!|jj|dS||jvrt d||j|j||dS)aRegister a hook for request/response tweaking. Available hooks are: * access_token_response: invoked before token parsing. * refresh_token_request: invoked before refreshing token. * refresh_token_response: invoked before refresh token parsing. * protected_request: invoked before making a request. * revoke_token_request: invoked before revoking a token. * introspect_token_request: invoked before introspecting a token. protected_requestNzHook type %s is not in %s.)r+hooksaddr1r.)r4 hook_typerus r7register_compliance_hookz%OAuth2Client.register_compliance_hooks| + + + O ! % %d + + + F D0 0 0,i9M  Y'++D11111r9c|jdkr||}d|vr0||d|d||_|jS)Nirlrmrn) status_coderaise_for_statusjsonrprOr5)r4respr5s r7parse_response_tokenz!OAuth2Client.parse_response_tokens~  s " "  ! ! # # #  e  ((Gn%))?&)rar>r) upperr!postdictrjoinrequestr1r) r4rQr_rar>r`rSrrus r7rgzOAuth2Client._fetch_tokens <<>>V # #$4<$z$//00'PVDDczzhhT{++hhT{++'4<'%,4;AD()@A  D4::DD((...r9c |j|f|||d|}|jdD] }||}||} d| vr ||jd<t |jr||j||jS)N)r_r>rarrrrw) _http_postr1rr5callabler,) r4rQrrr_rar>rSrrur5s r7rtzOAuth2Client._refresh_tokenstsTD'TTVTT()AB  D4::DD))$// % ' '*7DJ ' D% & & G   dj  F F Fzr9c v|;|jr4|jdp|jd}|d}t||||\}}|j|D]} | |||\}}}|||j}||} |j||f||d| S)NrrryrW)r>ra)r5rOr r1rDr&rcr) r4rurQr5rr_r>rarSr1rhs r7rzOAuth2Client._handle_token_hints =TZ=JNN?33Utz~~n7U7UE <D4 ?D'  g $3D9 E EO!0gt!D!D C$$ <##D$HIID==fEEtsDWtWWWWWWr9c |dkrd|vr |j|d<t||fi|Sd|vr|jr |j|d<t||fi|S)Nr\r(r')r(r r')r4r_r]rSs r7rez)OAuth2Client._prepare_token_endpoint_bodyss - - -V++)-):~&(TDDVDD D & TZ "jF7O$Z@@@@@r9cVi}|jD]}||vr||||<|S)zDExtract parameters for session object from the passing ``**kwargs``.)SESSION_REQUEST_PARAMSr-)r4rSrvrTs r7rcz,OAuth2Client._extract_session_request_paramss; , & &AF{{ 1 1 r9c d|jj|ftt|||d|S)Nr)r!rrr)r4rQr_r>rarSs r7rzOAuth2Client._http_postsG t|  :d++,,gD  LR   r9c |`dSrF)r!rGs r7__del__zOAuth2Client.__del__s LLLr9) NNNNNNNNNrNr)NN)NrWrXNNNNrF)NNrWNN)NNNNN)rWNNrX)NrWNN)NNN)"__name__ __module__ __qualname____doc__rrCrr*rrprPrr8r?rDpropertyr5setterrVrjrbrrr|rrrrrgrtrrercrrr9r7rrs`2# #O #'(," >>>>@111   %%X% \))\)''''V   ? ? ? ? BIM( ( ( ( T(  # # # # P  # # # # J222,   =C////,DH*  XXXX<AAA    r9rc.d|vrd}n d|vrd|vrd}nd}|S)NrLr\usernamepasswordrxr)rSr]s r7rdrd s; ) v  *"6"6 ) r9N)authlib.common.securityrauthlib.common.urlsrr>rrbaserrfc6749.parametersr r r r rfc7009r rfc7636rrfrrdrr9r7rs)222222******AAAAAA777777111111555555111111//////!E rrrrrrrrjr9