g1ddlmZddlZddlmZddlmZddlZddl m Z m Z m Z m Z ddlmZddlmZddlmZmZdd lmZe Zdd ZGd d ej2j4ZGd deej2j4ZGddeej2j4ZGddeej2j4Zy)) annotationsN)Any)urlparse) AuthCachedecode_provider_token!generate_default_provider_sectionget_secrets_auth_section)StreamlitAuthError) make_url_path) TornadoOAuthTornadoOAuth2App)AUTH_COOKIE_NAMEclt}|r#|jdd}|j}ni}d}|j|i}|s|dk(rt |}||d<|jdi}d|vrd|d<d|vrd |d<t |t }|j||j||fS) zRCreate an OAuth client for the given provider based on secrets.toml configuration. redirect_uriN/default client_kwargsscopezopenid email profilepromptselect_account)cache) r getto_dict setdefaultrr auth_cacheregister create_client)provider auth_sectionrconfigprovider_sectionprovider_client_kwargsoauths ^/var/www/openai/venv/lib/python3.12/site-packages/streamlit/web/server/oauth_authlib_routes.pycreate_oauth_clientr%$s+-L#''= %%' ((26 I 5<\J,y-88"M,,*@w'--+;x( z 2E NN8   x (, 66c0eZdZdZddZddZd dZddZy) AuthHandlerMixinzNMixin for handling auth cookies. Added for compatibility with Tornado < 6.3.0.c||_yN)base_url)selfr+s r$ initializezAuthHandlerMixin.initializeBs   r&cN|jt|jdy)Nr)redirectr r+r,s r$redirect_to_basez!AuthHandlerMixin.redirect_to_baseEs mDMM378r&ctj|} |jt|dy#t$r|j t|dYywxYw)NT)httpOnly)httponly)jsondumpsset_signed_cookierAttributeErrorset_secure_cookie)r, user_infoserialized_cookie_values r$set_auth_cookiez AuthHandlerMixin.set_auth_cookieHsa"&**Y"7   " " ' #     " " ' #  s0!AAc.|jtyr*) clear_cookierr0s r$clear_auth_cookiez"AuthHandlerMixin.clear_auth_cookieZs *+r&N)r+strreturnNone)rArB)r:zdict[str, Any]rArB)__name__ __module__ __qualname____doc__r-r1r<r?r&r$r(r(?sX!9$,r&r(ceZdZdZddZy)AuthLoginHandlercK|j}||jyt|\}} |j||y#t$r&}|j dt |Yd}~yd}~wwxYww)z*Redirect to the OAuth provider login page.Ni)reason)_parse_provider_tokenr1r%authorize_redirect Exception send_errorr@)r,rclientres r$rzAuthLoginHandler.get_ss--/    ! ! # 28<  0  % %dL 9 0 OOCAO / / 0s.2A:AA: A7A2-A:2A77A:c|jdd} | tdt|}|dS#t$rYywxYw)NrzMissing provider token) get_argumentr r)r,provider_tokenpayloads r$rLz&AuthLoginHandler._parse_provider_tokenlsV**:t< %()ABB+N;Gz"""  s 1 ==NrAz str | None)rCrDrErrLrGr&r$rIrI^s  0 #r&rIceZdZdZy)AuthLogoutHandlercD|j|jyr*)r?r1r0s r$rzAuthLogoutHandler.getys   r&N)rCrDrErrGr&r$rXrXxs r&rXc"eZdZdZddZddZy)AuthCallbackHandlercK|j}|j}||jy|jdd}|r|jy||jyt |\}}|j |}|j d}t||d}|r|j||jyw)NerroruserinfoT)origin is_logged_in) _get_provider_by_state_get_origin_from_secretsr1rSr%authorize_access_tokenrdictr<) r,rr_r]rP_tokenuser cookie_values r$rzAuthCallbackHandler.gets..0..0 >  ! ! # !!'40   ! ! #     ! ! # '1 --d3yy$DdC    . sCCc|jd}ttjj }i}|D]}|j d\}}}}|||<|j |d}|S)Nstatere)rSlistrget_dictkeyssplitr) r,state_code_from_urlcurrent_cache_keysstate_provider_mappingkeyrerecorded_providercoders r$raz*AuthCallbackHandler._get_provider_by_states|"//8!*"5"5"7"<"<">?!#%C,/IIcN )Aq#T+< "4 (& 699:MtTr&cd}t}|r|jdd}|syt|}|jdz|jz}|S)Nrz://)r rrschemenetloc)r,rrredirect_uri_parsedorigin_from_redirect_uris r$rbz,AuthCallbackHandler._get_origin_from_secretss\ /1 '++NDAL&|4  & & .1D1K1K K !('r&NrV)rCrDrErrarbrGr&r$r[r[~s 2  (r&r[)rr@rAztuple[TornadoOAuth2App, str]) __future__rr5typingr urllib.parser tornado.webtornadostreamlit.auth_utilrrrr streamlit.errorsr streamlit.url_utilr streamlit.web.server.oidc_mixinr r streamlit.web.server.server_utilrrr%webRequestHandlerr(rIrXr[rGr&r$rs# ! 0,J= [ 76,w{{11,>#')C)C#4 ('++*D*D 2(*GKK,F,F2(r&