!>>A E F sL%))+66  H%&FGG G..y99++F5M:: 0&999&&t77 )U4?UUU %  %%'''**U##  %))'22D X'4VWWWW II? N N N..vt<< ( N!%DL    % %r!c||jjj|jjd}t d||jj||d||j fS)zZIf valid and authorized, the authorization server issues an access token. F)scoperCinclude_refresh_tokenzIssue token %r to %r) generate_tokenr;r6rFrCr,r-r7 save_tokenTOKEN_RESPONSE_HEADER)r.tokens rcreate_token_responsez$JWTBearerGrant.create_token_responsest##,&,""'$   (%1DEEE E4555r!ct)a1Fetch client via "iss" in assertion claims. Developers MUST implement this method in subclass, e.g.:: def resolve_issuer_client(self, issuer): return Client.query_by_iss(issuer) :param issuer: "iss" value in assertion :return: Client instance NotImplementedError)r.rs rr3z$JWTBearerGrant.resolve_issuer_client"###r!ct)auResolve client key to decode assertion data. Developers MUST implement this method in subclass. For instance, there is a "jwks" column on client table, e.g.:: def resolve_client_key(self, client, headers, payload): # from authlib.jose import JsonWebKey key_set = JsonWebKey.import_key_set(client.jwks) return key_set.find_by_kid(headers["kid"]) :param client: instance of OAuth client model :param headers: headers part of the JWT :param payload: payload part of the JWT :return: ``authlib.jose.Key`` instance rO)r.r7r5r6s rr4z!JWTBearerGrant.resolve_client_keys "###r!ct)a%Authenticate user with the given assertion claims. Developers MUST implement it in subclass, e.g.:: def authenticate_user(self, subject): return User.get_by_sub(subject) :param subject: "sub" value in claims :return: User instance rO)r.rs rrAz JWTBearerGrant.authenticate_userrQr!ct)aCheck if the client has permission to access the given user's resource. Developers MUST implement it in subclass, e.g.:: def has_granted_permission(self, client, user): permission = ClientUserGrant.query(client=client, user=user) return permission.granted :param client: instance of OAuth client model :param user: instance of User model :return: bool rO)r.r7rCs rrBz%JWTBearerGrant.has_granted_permissions"###r!)NNNN)__name__ __module__ __qualname__JWT_BEARER_GRANT_TYPEr?r)r+ staticmethodr r1r(rDrMr3r4rArBr!rrrs&J T"T"T"NF     \  (AAA:%:%:%x 6 6 6 $ $ $$$$$ $ $ $ $ $ $ $ $r!r)logging authlib.joserrrfc6749rrrr r r r/r getLoggerrUr,rXrrZr!rr_s """"""((((((''''''))))))((((((------000000g!!Eu$u$u$u$u$Y 2u$u$u$u$u$r!