~hT"xddlmZddlmZddlmZddlmZddlmZddlmZddl m Z dd l m Z Gd d Z y ) )default_json_headers) JoseError)AccessDeniedError)InvalidClientError)InvalidRequestError)UnauthorizedClientError)InvalidClientMetadataError)ClientMetadataClaimscxeZdZdZddZdZdZdZdZdZ d Z d Z d Z d Z d ZdZdZdZdZdZdZy)ClientConfigurationEndpointclient_configurationNc2||_|xstg|_yN)serverr claims_classes)selfrrs [/opt/mcp/mcp-sentiment/venv/lib/python3.12/site-packages/authlib/oauth2/rfc7592/endpoint.py__init__z$ClientConfigurationEndpoint.__init__s ,F1E0Fc$|j|Sr)create_configuration_responserrequests r__call__z$ClientConfigurationEndpoint.__call__s11'::rc|j|}|s t||_|j|}|s|j ||t dd|j ||s tdd||_|jdk(r|j||S|jdk(r|j||S|jdk(r|j||Sy) Niz)The client does not exist on this server.) status_code descriptioniz7The client does not have permission to read its record.GETDELETEPUT) authenticate_tokenr credentialauthenticate_clientrevoke_access_tokenrcheck_permissionr clientmethodcreate_read_client_responsecreate_delete_client_responsecreate_update_client_response)rrtokenr's rrz9ClientConfigurationEndpoint.create_configuration_responses''0#% %"))'2  $ $We 4$-X $$VW5*U    >>U "33FGD D ^^x '55fgF F ^^u $55fgF F%rc8|jj|Sr)rcreate_json_requestrs rcreate_endpoint_requestz3ClientConfigurationEndpoint.create_endpoint_request:s{{..w77rcx|j|}|j|j||d|tfS)N)introspect_clientupdate!generate_client_registration_infor)rr'rbodys rr)z7ClientConfigurationEndpoint.create_read_client_response=s9%%f- D::67KLD...rc8|j||ddg}dd|fS)N)z Cache-Controlzno-store)Pragmazno-cache) delete_client)rr'rheaderss rr*z9ClientConfigurationEndpoint.create_delete_client_responseBs. 67+ ) " Brcd}|D]$}||jjvst|jjjd}|s t||j k7r td|jjvr2|j |jjds t|j |}|j|||}|j||S)N)registration_access_tokenregistration_client_uriclient_secret_expires_atclient_id_issued_at client_id client_secret) payloaddatarget get_client_idcheck_client_secretextract_client_metadata update_clientr))rr'rmust_not_includekrAclient_metadatas rr+z9ClientConfigurationEndpoint.create_update_client_responseJs  " ,AGOO((()++ , OO((,,[9 %' ' ,,. .%' ' goo22 2--goo.B.B?.ST)++66w?##FOWE//@@rc|jjj}i}|j}|jD]_}t |dr|r|j |ni}||i||} |j|jdi|ja|S#t$r}t|j|d}~wwxYw)Nget_claims_options) rCrDcopyget_server_metadatarhasattrrNvalidaterr rr3get_registered_claims) rr json_datarLserver_metadata claims_classoptionsclaimserrors rrHz3ClientConfigurationEndpoint.extract_client_metadatajsOO((--/ 224 // EL<)=>?//@  ")R/JF O! #O " " DV%A%A%C D E  O01B1BCN Os3B'' C 0CC c6i|j|jSr) client_inforL)rr's rr2z-ClientConfigurationEndpoint.introspect_client}s?&$$?(>(>??rct)aGenerate ```registration_client_uri`` and ``registration_access_token`` for RFC7592. By default this method returns the values sent in the current request. Developers MUST rewrite this method to return different registration information.:: def generate_client_registration_info(self, client, request):{ access_token = request.headers['Authorization'].split(' ')[1] return { 'registration_client_uri': request.uri, 'registration_access_token': access_token, } :param client: the instance of OAuth client :param request: formatted request instance NotImplementedErrorrr'rs rr4z=ClientConfigurationEndpoint.generate_client_registration_info "##rct)aLAuthenticate current credential who is requesting to register a client. Developers MUST implement this method in subclass:: def authenticate_token(self, request): auth = request.headers.get("Authorization") return get_token_by_auth(auth) :return: token instance r^rs rr"z.ClientConfigurationEndpoint.authenticate_token "##rct)a<Read a client from the request payload. Developers MUST implement this method in subclass:: def authenticate_client(self, request): client_id = request.payload.data.get("client_id") return Client.get(client_id=client_id) :return: client instance r^rs rr$z/ClientConfigurationEndpoint.authenticate_clientrcrct)aRevoke a token access in case an invalid client has been requested. Developers MUST implement this method in subclass:: def revoke_access_token(self, token, request): token.revoked = True token.save() r^)rr,rs rr%z/ClientConfigurationEndpoint.revoke_access_token "##rct)a Checks whether the current client is allowed to be accessed, edited or deleted. Developers MUST implement it in subclass, e.g.:: def check_permission(self, client, request): return client.editable :return: boolean r^r`s rr&z,ClientConfigurationEndpoint.check_permissionrfrct)a2Delete authorization code from database or cache. Developers MUST implement it in subclass, e.g.:: def delete_client(self, client, request): client.delete() :param client: the instance of OAuth client :param request: formatted request instance r^r`s rr:z)ClientConfigurationEndpoint.delete_clientrcrct)a:Update the client in the database. Developers MUST implement this method in subclass:: def update_client(self, client, client_metadata, request): client.set_client_metadata( {**client.client_metadata, **client_metadata} ) client.save() return client :param client: the instance of OAuth client :param client_metadata: a dict of the client claims to update :param request: formatted request instance :return: client instance r^)rr'rLrs rrIz)ClientConfigurationEndpoint.update_clientrarct)zeReturn server metadata which includes supported grant types, response types and etc. r^)rs rrQz/ClientConfigurationEndpoint.get_server_metadatas "##r)NN)__name__ __module__ __qualname__ ENDPOINT_NAMErrrr/r)r*r+rHr2r4r"r$r%r&r:rIrQrOrrr r sb*MG;"GH8/  A@&@$$ $ $ $ $ $$$$rr N)authlib.constsr authlib.joserrfc6749rrrr rfc7591r rfc7591.claimsr r rOrrrts)/"'()-01V$V$r