§
    !¾<i]  ã                   óX   — d Z  G d„ d¦  «        Z G d„ d¦  «        Z G d„ d¦  «        ZdS )zˆauthlib.oauth2.rfc6749.models.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This module defines how to construct Client, AuthorizationCode and Token.
c                   óB   — e Zd ZdZd„ Zd„ Zd„ Zd„ Zd„ Zd„ Z	d„ Z
d	„ Zd
S )ÚClientMixina½  Implementation of OAuth 2 Client described in `Section 2`_ with
    some methods to help validation. A client has at least these information:

    * client_id: A string represents client identifier.
    * client_secret: A string represents client password.
    * token_endpoint_auth_method: A way to authenticate client at token
                                  endpoint.

    .. _`Section 2`: https://tools.ietf.org/html/rfc6749#section-2
    c                 ó   — t          ¦   «         ‚)zñA method to return client_id of the client. For instance, the value
        in database is saved in a column called ``client_id``::

            def get_client_id(self):
                return self.client_id

        :return: string
        ©ÚNotImplementedError©Úselfs    ú˜/Users/kimhansen/Desktop/03 Workspace/ceo-agents/chl-effectiveness/mcp-servers/whoop/.venv/lib/python3.11/site-packages/authlib/oauth2/rfc6749/models.pyÚget_client_idzClientMixin.get_client_id   ó   € õ "Ñ#Ô#Ð#ó    c                 ó   — t          ¦   «         ‚)a  A method to get client default redirect_uri. For instance, the
        database table for client has a column called ``default_redirect_uri``::

            def get_default_redirect_uri(self):
                return self.default_redirect_uri

        :return: A URL string
        r   r   s    r	   Úget_default_redirect_uriz$ClientMixin.get_default_redirect_uri   r   r   c                 ó   — t          ¦   «         ‚)aÒ  A method to return a list of requested scopes which are supported by
        this client. For instance, there is a ``scope`` column::

            def get_allowed_scope(self, scope):
                if not scope:
                    return ""
                allowed = set(scope_to_list(self.scope))
                return list_to_scope([s for s in scope.split() if s in allowed])

        :param scope: the requested scope.
        :return: string of scope
        r   )r   Úscopes     r	   Úget_allowed_scopezClientMixin.get_allowed_scope*   ó   € õ "Ñ#Ô#Ð#r   c                 ó   — t          ¦   «         ‚)as  Validate redirect_uri parameter in Authorization Endpoints. For
        instance, in the client table, there is an ``allowed_redirect_uris``
        column::

            def check_redirect_uri(self, redirect_uri):
                return redirect_uri in self.allowed_redirect_uris

        :param redirect_uri: A URL string for redirecting.
        :return: bool
        r   )r   Úredirect_uris     r	   Úcheck_redirect_urizClientMixin.check_redirect_uri9   ó   € õ "Ñ#Ô#Ð#r   c                 ó   — t          ¦   «         ‚)a‚  Check client_secret matching with the client. For instance, in
        the client table, the column is called ``client_secret``::

            import secrets


            def check_client_secret(self, client_secret):
                return secrets.compare_digest(self.client_secret, client_secret)

        :param client_secret: A string of client secret
        :return: bool
        r   )r   Úclient_secrets     r	   Úcheck_client_secretzClientMixin.check_client_secretF   r   r   c                 ó   — t          ¦   «         ‚)a¢  Check if client support the given method for the given endpoint.
        There is a ``token_endpoint_auth_method`` defined via `RFC7591`_.
        Developers MAY re-implement this method with::

            def check_endpoint_auth_method(self, method, endpoint):
                if endpoint == "token":
                    # if client table has ``token_endpoint_auth_method``
                    return self.token_endpoint_auth_method == method
                return True

        Method values defined by this specification are:

        *  "none": The client is a public client as defined in OAuth 2.0,
            and does not have a client secret.

        *  "client_secret_post": The client uses the HTTP POST parameters
            as defined in OAuth 2.0

        *  "client_secret_basic": The client uses HTTP Basic as defined in
            OAuth 2.0

        .. _`RFC7591`: https://tools.ietf.org/html/rfc7591
        r   )r   ÚmethodÚendpoints      r	   Úcheck_endpoint_auth_methodz&ClientMixin.check_endpoint_auth_methodU   s   € õ0 "Ñ#Ô#Ð#r   c                 ó   — t          ¦   «         ‚)a°  Validate if the client can handle the given response_type. There
        are two response types defined by RFC6749: code and token. For
        instance, there is a ``allowed_response_types`` column in your client::

            def check_response_type(self, response_type):
                return response_type in self.response_types

        :param response_type: the requested response_type string.
        :return: bool
        r   )r   Úresponse_types     r	   Úcheck_response_typezClientMixin.check_response_typeo   r   r   c                 ó   — t          ¦   «         ‚)aè  Validate if the client can handle the given grant_type. There are
        four grant types defined by RFC6749:

        * authorization_code
        * implicit
        * client_credentials
        * password

        For instance, there is a ``allowed_grant_types`` column in your client::

            def check_grant_type(self, grant_type):
                return grant_type in self.grant_types

        :param grant_type: the requested grant_type string.
        :return: bool
        r   )r   Ú
grant_types     r	   Úcheck_grant_typezClientMixin.check_grant_type|   s   € õ" "Ñ#Ô#Ð#r   N)Ú__name__Ú
__module__Ú__qualname__Ú__doc__r
   r   r   r   r   r   r    r#   © r   r	   r   r      s–   € € € € € ð	ð 	ð	$ð 	$ð 	$ð	$ð 	$ð 	$ð$ð $ð $ð$ð $ð $ð$ð $ð $ð$ð $ð $ð4$ð $ð $ð$ð $ð $ð $ð $r   r   c                   ó   — e Zd Zd„ Zd„ ZdS )ÚAuthorizationCodeMixinc                 ó   — t          ¦   «         ‚)a  A method to get authorization code's ``redirect_uri``.
        For instance, the database table for authorization code has a
        column called ``redirect_uri``::

            def get_redirect_uri(self):
                return self.redirect_uri

        :return: A URL string
        r   r   s    r	   Úget_redirect_uriz'AuthorizationCodeMixin.get_redirect_uri‘   s   € õ "Ñ#Ô#Ð#r   c                 ó   — t          ¦   «         ‚©zÓA method to get scope of the authorization code. For instance,
        the column is called ``scope``::

            def get_scope(self):
                return self.scope

        :return: scope string
        r   r   s    r	   Ú	get_scopez AuthorizationCodeMixin.get_scope   r   r   N)r$   r%   r&   r,   r/   r(   r   r	   r*   r*      s2   € € € € € ð
$ð 
$ð 
$ð	$ð 	$ð 	$ð 	$ð 	$r   r*   c                   ó>   — e Zd Zd„ Zd„ Zd„ Zd„ Zd„ Zd„ Zde	fd„Z
d	S )
Ú
TokenMixinc                 ó   — t          ¦   «         ‚)a  A method to check if this token is issued to the given client.
        For instance, ``client_id`` is saved on token table::

            def check_client(self, client):
                return self.client_id == client.client_id

        :return: bool
        r   )r   Úclients     r	   Úcheck_clientzTokenMixin.check_clientª   r   r   c                 ó   — t          ¦   «         ‚r.   r   r   s    r	   r/   zTokenMixin.get_scopeµ   r   r   c                 ó   — t          ¦   «         ‚)zàA method to get the ``expires_in`` value of the token. e.g.
        the column is called ``expires_in``::

            def get_expires_in(self):
                return self.expires_in

        :return: timestamp int
        r   r   s    r	   Úget_expires_inzTokenMixin.get_expires_inÀ   r   r   c                 ó   — t          ¦   «         ‚)zåA method to define if this token is expired. For instance,
        there is a column ``expired_at`` in the table::

            def is_expired(self):
                return self.expired_at < now

        :return: boolean
        r   r   s    r	   Ú
is_expiredzTokenMixin.is_expiredË   r   r   c                 ó   — t          ¦   «         ‚)záA method to define if this token is revoked. For instance,
        there is a boolean column ``revoked`` in the table::

            def is_revoked(self):
                return self.revoked

        :return: boolean
        r   r   s    r	   Ú
is_revokedzTokenMixin.is_revokedÖ   r   r   c                 ó   — t          ¦   «         ‚)z¬A method to get the user object associated with this token:

        .. code-block::

            def get_user(self):
                return User.get(self.user_id)
        r   r   s    r	   Úget_userzTokenMixin.get_userá   ó   € õ "Ñ#Ô#Ð#r   Úreturnc                 ó   — t          ¦   «         ‚)z´A method to get the client object associated with this token:

        .. code-block::

            def get_client(self):
                return Client.get(self.client_id)
        r   r   s    r	   Ú
get_clientzTokenMixin.get_clientë   r>   r   N)r$   r%   r&   r4   r/   r7   r9   r;   r=   r   rA   r(   r   r	   r1   r1   ©   s‰   € € € € € ð	$ð 	$ð 	$ð	$ð 	$ð 	$ð	$ð 	$ð 	$ð	$ð 	$ð 	$ð	$ð 	$ð 	$ð$ð $ð $ð$˜Kð $ð $ð $ð $ð $ð $r   r1   N)r'   r   r*   r1   r(   r   r	   ú<module>rB      s¤   ððð ðE$ð E$ð E$ð E$ð E$ñ E$ô E$ð E$ðP$ð $ð $ð $ð $ñ $ô $ð $ð2J$ð J$ð J$ð J$ð J$ñ J$ô J$ð J$ð J$ð J$r   