g|]ddlZddlmZmZddlmZmZddlmZddlmZm Z ddl Z eje Z GddeZGdd e j Zy) N)generate_token urldecode)WebApplicationClientInsecureTransportError)LegacyApplicationClient)TokenExpiredErroris_secure_transportceZdZfdZxZS) TokenUpdatedc8tt| ||_yN)superr __init__token)selfr __class__s U/var/www/openai/venv/lib/python3.12/site-packages/requests_oauthlib/oauth2_session.pyrzTokenUpdated.__init__ s lD*, )__name__ __module__ __qualname__r __classcell__rs@rr r s rr ceZdZdZ dfd ZedZejdZdZedZ e jdZ e jdZ ed Z e jd Z ed Z e jd Z e jd Z edZ ddZ ddZdZ ddZ dfd ZdZxZS) OAuth2Sessiona*Versatile OAuth 2 extension to :class:`requests.Session`. Supports any grant type adhering to :class:`oauthlib.oauth2.Client` spec including the four core OAuth 2 grants. Can be used to create authorization urls, fetch tokens and access protected resources using the :class:`requests.Session` interface you are used to. - :class:`oauthlib.oauth2.WebApplicationClient` (default): Authorization Code Grant - :class:`oauthlib.oauth2.MobileApplicationClient`: Implicit Grant - :class:`oauthlib.oauth2.LegacyApplicationClient`: Password Credentials Grant - :class:`oauthlib.oauth2.BackendApplicationClient`: Client Credentials Grant Note that the only time you will be using Implicit Grant from python is if you are driving a user agent able to obtain URL fragments. c  tt| di| |xs t|||_|xsi|_||_||_|xst|_ ||_ ||_ |xsi|_ | |_ | |_|jdvr/tdj!|j"|jd|_t't't't't'd|_y)aConstruct a new OAuth 2 client session. :param client_id: Client id obtained during registration :param client: :class:`oauthlib.oauth2.Client` to be used. Default is WebApplicationClient which is useful for any hosted application but not mobile or desktop. :param scope: List of scopes you wish to request access to :param redirect_uri: Redirect URI you registered as callback :param token: Token dictionary, must include access_token and token_type. :param state: State string used to prevent CSRF. This will be given when creating the authorization url and must be supplied when parsing the authorization response. Can be either a string or a no argument callable. :auto_refresh_url: Refresh token endpoint URL, must be HTTPS. Supply this if you wish the client to automatically refresh your access tokens. :auto_refresh_kwargs: Extra arguments to pass to the refresh token endpoint. :token_updater: Method with one argument, token, to be used to update your token database on automatic token refresh. If not set a TokenUpdated warning will be raised when a token has been refreshed. This warning will carry the token in its token argument. :param pkce: Set "S256" or "plain" to enable PKCE. Default is disabled. :param kwargs: Arguments to pass to the Session constructor. )r)S256plainNzWrong value for {}(.., pkce={})c|Sr )rs rz(OAuth2Session.__init__..^sar)access_token_responserefresh_token_responseprotected_requestrefresh_token_requestaccess_token_requestNr )rrrr_clientr_scope redirect_urirstate_stateauto_refresh_urlauto_refresh_kwargs token_updater_pkceAttributeErrorformatrauthsetcompliance_hook) r client_idclientr-r.scoper*rr+r/pkcekwargsrs rrzOAuth2Session.__init__$sR mT+5f5M!5iu!M [b  (,n  0#6#<" * ::4 4 !B!I!I$..Z^ZdZd!ef f  &)U&)e!$%(U$'E  rcx|j |jS|j|jjSy)zBBy default the scope from the client is used, except if overriddenN)r)r(r8rs rr8zOAuth2Session.scopejs5 ;; ";;  \\ %<<%% %rc||_yr )r))rr8s rr8zOAuth2Session.scopets  rc |j|_tjd|j|jS#t$r?|j|_tjd|jY|jSwxYw)z6Generates a state string to be used in authorizations.zGenerated new state %s.z&Re-using previously supplied state %s.)r+r,logdebug TypeErrorr<s r new_statezOAuth2Session.new_statexso M**,DK II/ ={{ M**DK II> L{{ Ms5A:B  B c0t|jddS)Nr6getattrr(r<s rr6zOAuth2Session.client_idst||[$77rc&||j_yr r(r6rvalues rr6zOAuth2Session.client_ids!& rc|j`yr rGr<s rr6zOAuth2Session.client_ids LL "rc0t|jddS)NrrDr<s rrzOAuth2Session.tokenst||Wd33rc\||j_|jj|yr )r(rpopulate_token_attributesrHs rrzOAuth2Session.tokens "  ..u5rc0t|jddS)N access_tokenrDr<s rrOzOAuth2Session.access_tokenst||^T::rc&||j_yr r(rOrHs rrOzOAuth2Session.access_tokens$) !rc|j`yr rQr<s rrOzOAuth2Session.access_tokens LL %rc,t|jS)aBoolean that indicates whether this session has an OAuth token or not. If `self.authorized` is True, you can reasonably expect OAuth-protected requests to the resource to succeed. If `self.authorized` is False, you need the user to go through the OAuth authentication dance before OAuth-protected requests to the resource will succeed. )boolrOr<s r authorizedzOAuth2Session.authorizedsD%%&&rc v|xs|j}|jrc|jjd|_|j|d<|jj |j|j|d<|jj |f|j|j|d||fS)aFForm an authorization URL. :param url: Authorization endpoint url, must be HTTPS. :param state: An optional state string for CSRF protection. If not given it will be generated for you. :param kwargs: Extra parameters to include. :return: authorization_url, state +code_challenge_method) code_verifierrXcode_challenge)r*r8r+) rBr0r(create_code_verifier_code_verifiercreate_code_challengeprepare_request_urir*r8)rurlr+r:s rauthorization_urlzOAuth2Session.authorization_urls)) ::"&,,"C"CB"GD .2jjF* +'+||'I'I"11&*jj(J(F# $ -DLL , , !..jj        rc t|s t|s@|r>|jj||j|jj }n?|s=t |jtr#|jj }|s td|jr&|j td|j|d<t |jtr| td| td|||d<|||d<||Qd }nN|d urJ|j}|rV #HL$IN'88f E\\^u $'+IdO' E157N2 .IwA DLL    DammT & 6 +QYY->->? '8  (()@AD II)4 0QAB 00tzz0J\\''  & 3zzrc|jj||j|jj|_|jS)zParse token from the URI fragment, used by MobileApplicationClients. :param authorization_response: The full URL of the redirect back to you :return: A token dict rb)r(r|r,r)rrs rtoken_from_fragmentz!OAuth2Session.token_from_fragmentsA // "$++ 0 \\'' zzrc |s tdt|s t|xs|jj d}t j d|j| j|j|jjd|||jd| }t j d||ddd}|jd D]&} t j d | | |||\}}}(|j|tt|||||d | } t j d | j t j d| j"| j$t j dt'|jd|jdD] } t j d| | | } "|jj)| j$|j|_d|jvr$t j d||jd<|jS)aFetch a new access token using a refresh token. :param token_url: The token endpoint, must be HTTPS. :param refresh_token: The refresh_token to use. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param timeout: Timeout of the request in seconds. :param headers: A dict of headers to be used by `requests`. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument will be passed to `requests`. :param kwargs: Extra parameters to include in the token request. :return: A token dict z'No token endpoint set for auto_refresh. refresh_tokenz*Adding auto refresh key word arguments %s.)rhrr8z&Prepared refresh token request body %srjrkrlr&z'Invoking refresh_token_request hook %s.T)rpr3rsrtruwithhold_tokenrvz2Request to refresh token completed with status %s.rxryr$rzr{z)No new refresh token given. Re-using old.r )r~r rrgetr?r@r.updater(prepare_refresh_bodyr8r5postrrrrtrrr) rrrrhr3rsrtrurvr:rr!s rrzOAuth2Session.refresh_tokens4FG G"9-(* *%H)H  8$:R:R   d../0t||00 ]$** HN  :DA ?,!DG (()@AD II? F'+Iw'E $IwB II io&   F V  ? (()ABD II)4 0QAC\\==affDJJ=W $** , IIA B*7DJJ 'zzrc  t|s t|jr|stj dt |j d|j dD]&} tj d| | |||\}}}(tj d|j |jj||||\}}}tj d ||tj d ||tj d | t%t&|R||f|||d| S#t$r |jrtj d|j| jdd} |r:|r8| 6tj d |tjj||} |j|jfd| i| } |j rVtj d | |j |j!| |jj||||\}}}n t#| YqwxYw)z ,,-@A -t4%)#w%="WdB II3TZZ @" %)\\%;%;V$&<&"WdF 6VD 4gtD :FC]D1 C !(t5 DJ  E% ((IIK-- "::fd3D ]  c% (}}::9mT.D..--48H?c||jvrtd||j|j|j|y)aRegister a hook for request/response tweaking. Available hooks are: access_token_response invoked before token parsing. refresh_token_response invoked before refresh token parsing. protected_request invoked before making a request. access_token_request invoked before making a token fetch request. refresh_token_request invoked before making a refresh request. If you find a new hook is needed please send a GitHub PR request or open an issue. zHook type %s is not in %s.N)r5r~add)r hook_typers rregister_compliance_hookz&OAuth2Session.register_compliance_hook:sG D00 0,i9M9M  Y'++D1r) NNNNNNNNNNr )NNreNNNrnFNNNNNNN)NreNNNNN)NNFNNN)rrr__doc__rpropertyr8setterrBr6deleterrrOrUr`rrrrrrrs@rrrs&  D L \\88''##44 \\66;;**&&'' >#   #Ob   MfB H2rr)loggingoauthlib.commonrroauthlib.oauth2rrrrr r getLoggerrr?Warningr Sessionrr rrrsI5H3Bg!7 y2H$$y2r