ї
    !Ў<i╛  Ц                   СR   ≈ d dl mZ ddlmZ ddlmZ ddlmZ  G d└ deі  ╚        ZdS )	И    )зdefault_json_headersИ   )зInvalidRequestError)зTokenEndpoint)зUnsupportedTokenTypeErrorc                   С@   ≈ e Zd ZdZdZd└ Zd└ Zd└ Zd└ Zd└ Z	d└ Z
d	└ Zd
S )зIntrospectionEndpointz┴Implementation of introspection endpoint which is described in
    `RFC7662`_.

    .. _RFC7662: https://tools.ietf.org/html/rfc7662
    зintrospectionc                 Сч   ≈ | ═                     ||і  ╚         | ═                    |j        d         |j        ═                    dі  ╚        і  ╚        }|r| ═                    |||і  ╚        r|S dS dS )aw  The protected resource calls the introspection endpoint using an HTTP
        ``POST`` request with parameters sent as
        "application/x-www-form-urlencoded" data. The protected resource sends a
        parameter representing the token along with optional parameters
        representing additional context that is known by the protected resource
        to aid the authorization server in its response.

        token
            **REQUIRED**  The string value of the token. For access tokens, this
            is the ``access_token`` value returned from the token endpoint
            defined in OAuth 2.0. For refresh tokens, this is the
            ``refresh_token`` value returned from the token endpoint as defined
            in OAuth 2.0.

        token_type_hint
            **OPTIONAL**  A hint about the type of the token submitted for
            introspection.
        зtokenзtoken_type_hintN)зcheck_paramsзquery_tokenзformзgetзcheck_permission)зselfзrequestзclientr   s       З÷/Users/kimhansen/Desktop/03 Workspace/ceo-agents/chl-effectiveness/mcp-servers/whoop/.venv/lib/python3.11/site-packages/authlib/oauth2/rfc7662/introspection.pyзauthenticate_tokenz(IntrospectionEndpoint.authenticate_token   s┬   ─ П& 	вр≤'═6я*т*п*ьв р ь▄L≤т!═7є<в#3р#3п4Eя#Fт#FЯ
Т 
┬П П 	░Tв*р*╗5╟&╦'яBтBП 	ь┬LП	П 	П 	П 	С    c                 С≤   ≈ |j         }d|vrt          і   ╚         ┌|═                    dі  ╚        }|r|| j        vrt	          і   ╚         ┌d S d S )Nr   r   )r   r   r   зSUPPORTED_TOKEN_TYPESr   )r   r   r   зparamsзhints        r   r   z"IntrospectionEndpoint.check_params,   sc   ─ ь■┬ь≤&п п щ%я'т'п'Ю▐z┼zп+я,т,┬ьП 	.░D═т :п:п:щ+я-т-п-П	.П 	.п:п:r   c                 С√   ≈ | ═                     |і  ╚        }| ═                    ||і  ╚        }| ═                    |і  ╚        }d|t          fS )zpValidate introspection request and create the response.

        :returns: (status_code, body, headers)
        Их   )зauthenticate_endpoint_clientr   зcreate_introspection_payloadr   )r   r   r   r   зbodys        r   зcreate_endpoint_responsez.IntrospectionEndpoint.create_endpoint_response5   sQ   ─ П в2р2╟7я;т;┬П в'р'╗╟я8т8┬П в0р0╟я7т7┬ь░Dу.п.п.r   c                 Сі   ≈ |sddiS |═                     і   ╚         s|═                    і   ╚         rddiS | ═                    |і  ╚        }d|vrd|d<   |S )NзactiveFT)з
is_expiredз
is_revokedзintrospect_token)r   r   зpayloads      r   r    z2IntrospectionEndpoint.create_introspection_payloadE   sv   ─ П
 П 	%ь≤eп$п$ьврятП 	%═в!1р!1я!3т!3П 	%ь≤eп$п$ьв'р'╗я.т.┬ь≤7п"п"ь $┬G░Hяь┬r   c                 С   ≈ t          і   ╚         ┌)aU  Check if the request has permission to introspect the token. Developers
        MUST implement this method::

            def check_permission(self, token, client, request):
                # only allow a special client to introspect the token
                return client.client_id == "introspection_client"

        :return: bool
        ╘зNotImplementedError)r   r   r   r   s       r   r   z&IntrospectionEndpoint.check_permissionS   s   ─ У "я#т#п#r   c                 С   ≈ t          і   ╚         ┌)a▓  Get the token from database/storage by the given token string.
        Developers should implement this method::

            def query_token(self, token_string, token_type_hint):
                if token_type_hint == "access_token":
                    tok = Token.query_by_access_token(token_string)
                elif token_type_hint == "refresh_token":
                    tok = Token.query_by_refresh_token(token_string)
                else:
                    tok = Token.query_by_access_token(token_string)
                    if not tok:
                        tok = Token.query_by_refresh_token(token_string)
                return tok
        r*   )r   зtoken_stringr   s      r   r   z!IntrospectionEndpoint.query_token_   s   ─ У "я#т#п#r   c                 С   ≈ t          і   ╚         ┌)a  Read given token and return its introspection metadata as a
        dictionary following `Section 2.2`_::

            def introspect_token(self, token):
                return {
                    "active": True,
                    "client_id": token.client_id,
                    "token_type": token.token_type,
                    "username": get_token_username(token),
                    "scope": token.get_scope(),
                    "sub": get_token_user_sub(token),
                    "aud": token.client_id,
                    "iss": "https://server.example.com/",
                    "exp": token.expires_at,
                    "iat": token.issued_at,
                }

        .. _`Section 2.2`: https://tools.ietf.org/html/rfc7662#section-2.2
        r*   )r   r   s     r   r'   z&IntrospectionEndpoint.introspect_tokenp   s   ─ У( "я#т#п#r   N)з__name__з
__module__з__qualname__з__doc__зENDPOINT_NAMEr   r   r"   r    r   r   r'   ╘ r   r   r	   r	      s▌   ─ ─ ─ ─ ─ ПП П $─MПП П П4.П .П .П/П /П /П П П П
$П 
$П 
$П$П $П $П"$П $П $П $П $r   r	   N)зauthlib.constsr   зrfc6749r   r   r   r	   r4   r   r   З<module>r7      s▀   Пь /п /п /п /п /п /Ю )п )п )п )п )п )ь #п #п #п #п #п #ь /п /п /п /п /п /П|$П |$П |$П |$П |$≤MЯ |$Т |$П |$П |$П |$r   