B `Z)@sdZddlmZmZddlZddlZddlZddlmZddl m Z m Z ddl m Z dd lmZdd lmZdd lmZd d lmZeeZGddde ZdS)z oauthlib.oauth2.rfc6749.endpoint.metadata ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An implementation of the `OAuth 2.0 Authorization Server Metadata`. .. _`OAuth 2.0 Authorization Server Metadata`: https://tools.ietf.org/html/rfc8414 )absolute_importunicode_literalsN) unicode_type) BaseEndpointcatch_errors_and_unavailability)AuthorizationEndpoint)IntrospectEndpoint) TokenEndpoint)RevocationEndpoint) grant_typesc@s^eZdZdZidfddZedddZdd d Zd d ZddZ ddZ ddZ ddZ dS)MetadataEndpointaOAuth2.0 Authorization Server Metadata endpoint. This specification generalizes the metadata format defined by `OpenID Connect Discovery 1.0` in a way that is compatible with OpenID Connect Discovery while being applicable to a wider set of OAuth 2.0 use cases. This is intentionally parallel to the way that OAuth 2.0 Dynamic Client Registration Protocol [`RFC7591`_] generalized the dynamic client registration mechanisms defined by OpenID Connect Dynamic Client Registration 1.0 in a way that is compatible with it. .. _`OpenID Connect Discovery 1.0`: https://openid.net/specs/openid-connect-discovery-1_0.html .. _`RFC7591`: https://tools.ietf.org/html/rfc7591 TcCsTt|tstx|D]}t|tstqWt|||_||_||_||_ dS)N) isinstancedictAssertionErrorr__init__ raise_errors endpointsinitial_claimsvalidate_metadata_serverclaims)selfrrrendpointrY/home/dcms/DCMS/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/endpoints/metadata.pyr-s  zMetadataEndpoint.__init__GETNcCsddi}|t|jdfS)z!Create metadata response z Content-Typezapplication/json)jsondumpsr)ruriZ http_methodbodyheadersrrrcreate_metadata_response8sz)MetadataEndpoint.create_metadata_responseFcCs |js dS||kr&|r$td|n|r||dsLtd|||d||kspd||kspd||krtd|||n|r||dstd |||nZ|rt||tstd |||x0||D]$}t|tstd ||||qWdS) Nzkey {} is a mandatory metadata.httpszkey {}: {} must be an HTTPS URL?&#z8key {}: {} must not contain query or fragment componentshttpzkey {}: {} must be an URLzkey {}: {} must be an Arrayz/array {}: {} must contains only string (not {}))r ValueErrorformat startswithrlistr)rarraykey is_requiredis_listis_url is_issuerelemrrrvalidate_metadataBs&$ z"MetadataEndpoint.validate_metadatacCsX|j|j|dddg|j|ddd|j|ddd|j|ddddd S) z If the token endpoint is used in the grant type, the value of this parameter MUST be the same as the value of the "grant_type" parameter passed to the token endpoint defined in the grant type definition. Z%token_endpoint_auth_methods_supportedclient_secret_postclient_secret_basicT)r1Z0token_endpoint_auth_signing_alg_values_supportedZtoken_endpoint)r0r2N) _grant_typesextendkeys setdefaultr5)rrrrrrvalidate_metadata_token[s z(MetadataEndpoint.validate_metadata_tokencCs|dttdd|j|dddgd|dkrH|jd|j|dd d d |j|dd d d |dkr|jd }t|t j st |d r|j }|dt|j |j|dd d |j|dd d ddS)NZresponse_types_supportedcSs|dkS)Nnoner)xrrrkzBMetadataEndpoint.validate_metadata_authorization..Zresponse_modes_supportedqueryfragmenttokenZimplicitT)r0r1)r1code default_grantZ code_challenge_methods_supportedZauthorization_endpoint)r0r2)r;r-filterZ_response_typesr:r8appendr5rrZAuthorizationCodeGranthasattrrEZ_code_challenge_methods)rrrZ code_grantrrrvalidate_metadata_authorizationis    z0MetadataEndpoint.validate_metadata_authorizationcCsF|dddg|j|ddd|j|ddd|j|dddddS) NZ*revocation_endpoint_auth_methods_supportedr6r7T)r1Z5revocation_endpoint_auth_signing_alg_values_supportedZrevocation_endpoint)r0r2)r;r5)rrrrrrvalidate_metadata_revocations  z-MetadataEndpoint.validate_metadata_revocationcCsF|dddg|j|ddd|j|ddd|j|dddddS) NZ-introspection_endpoint_auth_methods_supportedr6r7T)r1Z8introspection_endpoint_auth_signing_alg_values_supportedZintrospection_endpoint)r0r2)r;r5)rrrrrrvalidate_metadata_introspections  z0MetadataEndpoint.validate_metadata_introspectioncCst|j}|j|dddd|j|ddd|j|ddd|j|ddd|j|d dd|j|d dd|j|d ddg|_xf|jD]\}t|tr|||t|t r| ||t|t r| ||t|t r|||qW|d |j|j|d dd|S) a Authorization servers can have metadata describing their configuration. The following authorization server metadata values are used by this specification. More details can be found in `RFC8414 section 2`_ : issuer REQUIRED authorization_endpoint URL of the authorization server's authorization endpoint [`RFC6749#Authorization`_]. This is REQUIRED unless no grant types are supported that use the authorization endpoint. token_endpoint URL of the authorization server's token endpoint [`RFC6749#Token`_]. This is REQUIRED unless only the implicit grant type is supported. scopes_supported RECOMMENDED. response_types_supported REQUIRED. * Other OPTIONAL fields: jwks_uri registration_endpoint response_modes_supported grant_types_supported OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports. The array values used are the same as those used with the "grant_types" parameter defined by "OAuth 2.0 Dynamic Client Registration Protocol" [`RFC7591`_]. If omitted, the default value is "["authorization_code", "implicit"]". token_endpoint_auth_methods_supported token_endpoint_auth_signing_alg_values_supported service_documentation ui_locales_supported op_policy_uri op_tos_uri revocation_endpoint revocation_endpoint_auth_methods_supported revocation_endpoint_auth_signing_alg_values_supported introspection_endpoint introspection_endpoint_auth_methods_supported introspection_endpoint_auth_signing_alg_values_supported code_challenge_methods_supported Additional authorization server metadata parameters MAY also be used. Some are defined by other specifications, such as OpenID Connect Discovery 1.0 [`OpenID.Discovery`_]. .. _`RFC8414 section 2`: https://tools.ietf.org/html/rfc8414#section-2 .. _`RFC6749#Authorization`: https://tools.ietf.org/html/rfc6749#section-3.1 .. _`RFC6749#Token`: https://tools.ietf.org/html/rfc6749#section-3.2 .. _`RFC7591`: https://tools.ietf.org/html/rfc7591 .. _`OpenID.Discovery`: https://openid.net/specs/openid-connect-discovery-1_0.html ZissuerT)r0r3Zjwks_uri)r2Zscopes_supported)r1Zservice_documentationZui_locales_supportedZ op_policy_uriZ op_tos_uriZgrant_types_supported)copydeepcopyrr5r8rrr r<r rIr rJr rKr;)rrrrrrrs*J         z)MetadataEndpoint.validate_metadata_server)rNN)FFFF) __name__ __module__ __qualname____doc__rrr$r5r<rIrJrKrrrrrrs   r)rQ __future__rrrLrloggingcommonrbaserr authorizationr Z introspectr rCr Z revocationr r getLoggerrNlogrrrrr s