~hddlZddlZddlmZddlmZddlmZddlmZddlmZddlm Z ejd Z ejd Z d Z d Zd ZGd dZy)N)to_bytes) to_unicode)urlsafe_b64encode)InvalidGrantError)InvalidRequestError) OAuth2Requestz^[a-zA-Z0-9\-._~]{43,128}$ctjt|dj}t t |S)z8Create S256 code_challenge with the given code_verifier.ascii)hashlibsha256rdigestrr) code_verifierdatas \/opt/mcp/mcp-sentiment/venv/lib/python3.12/site-packages/authlib/oauth2/rfc7636/challenge.pycreate_s256_code_challengers1 >>(=': ; B B DD '- ..c ||k(SNrcode_challenges rcompare_plain_code_challengers N **rct||k(Sr)rrs rcompare_s256_code_challengers %m 4 FFrcLeZdZdZdZddgZeedZd dZ dZ dZ dZ d Z d Zy ) CodeChallengeaCodeChallenge extension to Authorization Code Grant. It is used to improve the security of Authorization Code flow for public clients by sending extra "code_challenge" and "code_verifier" to the authorization server. The AuthorizationCodeGrant SHOULD save the ``code_challenge`` and ``code_challenge_method`` into database when ``save_authorization_code``. Then register this extension via:: server.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) plainS256)rrc||_yr)required)selfr!s r__init__zCodeChallenge.__init__8s   rct|jd|j|jd|jy)N,after_validate_authorization_request_payloadafter_validate_token_request) register_hookvalidate_code_challengevalidate_code_verifier)r"grants r__call__zCodeChallenge.__call__;s8  :  ( (   *  ' ' rc>|j}|jjjd}|jjjd}|s|sy|s t dt |jj jdgdkDr t dtj|s t d|r||jvr t dt |jj jdgdkDr t dy) Nrcode_challenge_methodzMissing 'code_challenge'z%Multiple 'code_challenge' in request.zInvalid 'code_challenge'z#Unsupported 'code_challenge_method'z,Multiple 'code_challenge_method' in request.) requestpayloadrgetrlendatalistCODE_CHALLENGE_PATTERNmatchSUPPORTED_CODE_CHALLENGE_METHOD)r"r* redirect_urir/ challengemethods rr(z%CodeChallenge.validate_code_challengeEs!&OO((,,-=> %%))*AB %&@A A w''++,PQ >77F**..v6!7xqAB BHi(#0HI I)rc|jS)a[Get "code_challenge" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge(self, authorization_code): return authorization_code.code_challenge :param authorization_code: the instance of authorization_code )rr"r@s rrAz.CodeChallenge.get_authorization_code_challenges"000rc|jS)apGet "code_challenge_method" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge_method(self, authorization_code): return authorization_code.code_challenge_method :param authorization_code: the instance of authorization_code )r-rKs rrCz5CodeChallenge.get_authorization_code_challenge_methods"777rN)T)__name__ __module__ __qualname____doc__rDr6rrrEr#r+r(r)rArCrrrrr!sK %,!'.&7#.+ ! V,"JH 1 8rr)r reauthlib.common.encodingrrrrfc6749rrr compilerBr4rrrrrrrrUs] ,.5')#" #@A#$AB/ + G r8r8r