§
    !¾<i!  م                   َv   — d dl mZ d dlmZ d dlmZ d dlmZ d dlmZ d dl	m
Z
 ddlmZ  G d	„ d
e¦  «        ZdS )é    )عContinueIteration)عdefault_json_headers)عExpiredTokenError)عInvalidClaimError)عInvalidTokenError)عJWTBearerTokenValidatoré   )عIntrospectionEndpointc                   َP   ‡ — e Zd ZdZdZdˆ fd„	Zd„ Zd„ Zd„ Zd„ Z	d	e
d
e
fd„Zˆ xZS )عJWTIntrospectionEndpointaً  JWTIntrospectionEndpoint inherits from :ref:`specs/rfc7662`
    :class:`~authlib.oauth2.rfc7662.IntrospectionEndpoint` and implements the machinery
    to automatically process the JWT access tokens.

    :param issuer: The issuer identifier for which tokens will be introspected.

    :param \\*\\*kwargs: Other parameters are inherited from
        :class:`~authlib.oauth2.rfc7662.introspection.IntrospectionEndpoint`.

    ::

        class MyJWTAccessTokenIntrospectionEndpoint(JWTIntrospectionEndpoint):
            def get_jwks(self): ...

            def get_username(self, user_id): ...


        # endpoint dedicated to JWT access token introspection
        authorization_server.register_endpoint(
            MyJWTAccessTokenIntrospectionEndpoint(
                issuer="https://authorization-server.example.org",
            )
        )

        # another endpoint dedicated to refresh token introspection
        authorization_server.register_endpoint(MyRefreshTokenIntrospectionEndpoint)

    عintrospectionNc                 َL   •—  t          ¦   «         j        |d|i|¤ژ || _        d S )Nعserver)عsuperع__init__عissuer)عselfr   r   عargsعkwargsع	__class__s        €ْں/Users/kimhansen/Desktop/03 Workspace/ceo-agents/chl-effectiveness/mcp-servers/whoop/.venv/lib/python3.11/site-packages/authlib/oauth2/rfc9068/introspection.pyr   z!JWTIntrospectionEndpoint.__init__,   s/   ّ€ طچ‰Œشک$ذ8 vذ8°ذ8ذ8ذ8طˆŒˆˆَ    c                 َ–   — |                       |¦  «        }|                      ||¦  «        }|                      |¦  «        }d|t          fS )ع éب   )عauthenticate_endpoint_clientعauthenticate_tokenعcreate_introspection_payloadr   )r   عrequestعclientعtokenعbodys        r   عcreate_endpoint_responsez1JWTIntrospectionEndpoint.create_endpoint_response0   sQ   € ً ×2ز2°7ر;ش;ˆً ×'ز'¨°ر8ش8ˆً ×0ز0°ر7ش7ˆطگDص.ذ.ذ.r   c                 َٹ  — |                       ||¦  «         |j                             d¦  «        dvrt          ¦   «         ‚t	          | j        d¬¦  «        }| j        |_        	 |                     |j        d         ¦  «        }n!# t          $ r}t          ¦   «         |‚d}~ww xY w|r|  	                    |||¦  «        r|S dS dS )r   عtoken_type_hint)عaccess_tokenNN)r   عresource_serverr!   )
عcheck_paramsعformعgetr   r   r   عget_jwksr   r   عcheck_permission)r   r   r    ع	validatorr!   عexcs         r   r   z+JWTIntrospectionEndpoint.authenticate_token=   sî   € à×زک' 6ر*ش*ذ*ً Œ<×زذ-ر.ش.ذ6LذLذLف#ر%ش%ذ%ه+°4´;ذPTذUرUشUˆ	ط!œ]ˆ	شً	/ط×0ز0°´¸gش1FرGشGˆEˆEُّ !ً 	/ً 	/ً 	/ف#ر%ش%¨3ذ.ًّّّّ	/ًّّّ ً 	گT×*ز*¨5°&¸'رBشBً 	طˆLً	ً 	ً 	ً 	s   ء$ B آ
B#آBآB#c           
      َ‚  — |sddiS 	 |                      ¦   «          nJ# t          $ r ddicY S t          $ r.}|j        dk    rt	          ¦   «         |‚t          ¦   «         |‚d }~ww xY wdd|d         |d         |d         |d	         |d         |d
         |d         dœ	}|                      |d         ¦  «        x}r||d<   |S )NعactiveFعissTعBearerع	client_idعscopeعsubعaudعexpعiat)	r0   ع
token_typer3   r4   r5   r6   r1   r7   r8   عusername)عvalidater   r   ع
claim_namer   r   عget_username)r   r!   r.   عpayloadr:   s        r   r   z5JWTIntrospectionEndpoint.create_introspection_payloadQ   s  € طً 	%طکeذ$ذ$ً	/طڈNٹNرشذذّف ً 	%ً 	%ً 	%طکeذ$ذ$ذ$ذ$ف ً 	/ً 	/ً 	/طŒ~ ز&ذ&ف'ر)ش)¨sذ2ف#ر%ش%¨3ذ.ًّّّّ	/ًّّّ ط"طک{ش+طک7”^طک”<طک”<طک”<طک”<طک”<ً

ً 

ˆً ×(ز(¨¨u¬ر6ش6ذ6ˆ8ً 	+ط"*ˆGگJرàˆs   ˆ ‌A$­	A$¶)AءA$c                 َ   — t          ¦   «         ‚)zصReturn the JWKs that will be used to check the JWT access token signature.
        Developers MUST re-implement this method::

            def get_jwks(self):
                return load_jwks("jwks.json")
        )عNotImplementedError)r   s    r   r+   z!JWTIntrospectionEndpoint.get_jwkso   s   € ُ "ر#ش#ذ#r   عuser_idعreturnc                 َ   — dS )zءReturns an username from a user ID.
        Developers MAY re-implement this method::

            def get_username(self, user_id):
                return User.get(id=user_id).username
        N© )r   rA   s     r   r=   z%JWTIntrospectionEndpoint.get_usernamex   s	   € ً ˆtr   )N)ع__name__ع
__module__ع__qualname__ع__doc__عENDPOINT_NAMEr   r#   r   r   r+   عstrr=   ع__classcell__)r   s   @r   r   r      s¬   ّ€ € € € € ًً ً< $€Mًً ً ً ً ً ً/ً /ً /ًً ً ً(ً ً ً<$ً $ً $ً Cً ¨Cً ً ً ً ً ً ً ً r   r   N)عauthlib.common.errorsr   عauthlib.constsr   عauthlib.jose.errorsr   r   عauthlib.oauth2.rfc6750.errorsr   ع&authlib.oauth2.rfc9068.token_validatorr   عrfc7662r
   r   rD   r   r   ْ<module>rR      sآ   ًط 3ذ 3ذ 3ذ 3ذ 3ذ 3ط /ذ /ذ /ذ /ذ /ذ /ط 1ذ 1ذ 1ذ 1ذ 1ذ 1ط 1ذ 1ذ 1ذ 1ذ 1ذ 1ط ;ذ ;ذ ;ذ ;ذ ;ذ ;ط Jذ Jذ Jذ Jذ Jذ Jà +ذ +ذ +ذ +ذ +ذ +ًtً tً tً tً tذ4ٌ tô tً tً tً tr   