o Df@shddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z Gd d d eZ d S) )IntrospectionEndpoint)ContinueIteration)default_json_headers)ExpiredTokenError)InvalidClaimError)InvalidTokenError)JWTBearerTokenValidatorcsXeZdZdZdZdfdd ZddZdd Zd d Zd d Z de de fddZ Z S)JWTIntrospectionEndpointa JWTIntrospectionEndpoint inherits from :ref:`specs/rfc7662` :class:`~authlib.oauth2.rfc7662.IntrospectionEndpoint` and implements the machinery to automatically process the JWT access tokens. :param issuer: The issuer identifier for which tokens will be introspected. :param \*\*kwargs: Other parameters are inherited from :class:`~authlib.oauth2.rfc7662.introspection.IntrospectionEndpoint`. :: class MyJWTAccessTokenIntrospectionEndpoint(JWTRevocationEndpoint): def get_jwks(self): ... def get_username(self, user_id): ... authorization_server.register_endpoint( MyJWTAccessTokenIntrospectionEndpoint( issuer="https://authorization-server.example.org", ) ) authorization_server.register_endpoint(MyRefreshTokenIntrospectionEndpoint) introspectionNcs tj|d|i|||_dS)Nserver)super__init__issuer)selfrr argskwargs __class__]/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc9068/introspection.pyr*s z!JWTIntrospectionEndpoint.__init__cCs*||}|||}||}d|tfS))authenticate_endpoint_clientauthenticate_tokencreate_introspection_payloadr)rrequestclienttokenbodyrrrcreate_endpoint_response.s    z1JWTIntrospectionEndpoint.create_endpoint_responsecCs||||jddvrtt|jdd}|j|_z ||jd}Wn ty0tw|r<| |||r>|SdSdS)rtoken_type_hint) access_tokenNN)rresource_serverr) check_paramsformgetrr rget_jwksrrcheck_permission)rrr validatorrrrrr;s  z+JWTIntrospectionEndpoint.authenticate_tokenc Cs|sddiSz|Wn#tyddiYSty/}z |jdkr(ttd}~wwdd|d|d|d|d |d|d |d d }||d}rW||d <|S)NactiveFissTBearer client_idscopesubaudexpiat) r* token_typer-r.r/r0r+r1r2username)validaterr claim_namerr get_username)rrexcpayloadr4rrrrOs2     z5JWTIntrospectionEndpoint.create_introspection_payloadcCst)zReturn the JWKs that will be used to check the JWT access token signature. Developers MUST re-implement this method:: def get_jwks(self): return load_jwks("jwks.json") )NotImplementedError)rrrrr'nsz!JWTIntrospectionEndpoint.get_jwksuser_idreturncCsdS)zReturns an username from a user ID. Developers MAY re-implement this method:: def get_username(self, user_id): return User.get(id=user_id).username Nr)rr;rrrr7wsz%JWTIntrospectionEndpoint.get_username)N) __name__ __module__ __qualname____doc__ ENDPOINT_NAMErr rrr'strr7 __classcell__rrrrr s  r N)rfc7662rauthlib.common.errorsrauthlib.constsrauthlib.jose.errorsrrauthlib.oauth2.rfc6750.errorsr&authlib.oauth2.rfc9068.token_validatorr r rrrrs