~hKVddlmZddlmZddlmZddlmZddlmZGddeZy ) )default_json_headers)InvalidGrantError)InvalidRequestError) TokenEndpoint)UnsupportedTokenTypeErrorc2eZdZdZdZdZdZdZdZdZ y) RevocationEndpointzImplementation of revocation endpoint which is described in `RFC7009`_. .. _RFC7009: https://tools.ietf.org/html/rfc7009 revocationc|j|||j|jd|jjd}|r|j |s t |S)aThe client constructs the request by including the following parameters using the "application/x-www-form-urlencoded" format in the HTTP request entity-body: token REQUIRED. The token that the client wants to get revoked. token_type_hint OPTIONAL. A hint about the type of the token submitted for revocation. tokentoken_type_hint) check_params query_tokenformget check_clientrselfrequestclientr s ]/opt/mcp/mcp-sentiment/venv/lib/python3.12/site-packages/authlib/oauth2/rfc7009/revocation.pyauthenticate_tokenz%RevocationEndpoint.authenticate_tokensb '6*  LL !7<<#3#34E#F  ++F3#% % cd|jvr t|jjd}|r||jvr t yy)Nr r)rrrSUPPORTED_TOKEN_TYPESr)rrrhints rrzRevocationEndpoint.check_params'sL ',, &%' '|| 12 D : ::+- -;4rc|j|}|j||}|r0|j|||jj d||dit fS)aValidate revocation request and create the response for revocation. For example, a client may request the revocation of a refresh token with the following request:: POST /revoke HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token :returns: (status_code, body, headers) after_revoke_token)r r)authenticate_endpoint_clientr revoke_tokenserver send_signalrrs rcreate_endpoint_responsez+RevocationEndpoint.create_endpoint_response/sm227;''8    eW - KK # #$ $  B,,,rct)a7Get the token from database/storage by the given token string. Developers should implement this method:: def query_token(self, token_string, token_type_hint): if token_type_hint == 'access_token': return Token.query_by_access_token(token_string) if token_type_hint == 'refresh_token': return Token.query_by_refresh_token(token_string) return Token.query_by_access_token(token_string) or Token.query_by_refresh_token(token_string) NotImplementedError)r token_stringrs rrzRevocationEndpoint.query_tokenNs "##rct)aMark token as revoked. Since token MUST be unique, it would be dangerous to delete it. Consider this situation: 1. Jane obtained a token XYZ 2. Jane revoked (deleted) token XYZ 3. Bob generated a new token XYZ 4. Jane can use XYZ to access Bob's resource It would be secure to mark a token as revoked:: def revoke_token(self, token, request): hint = request.form.get("token_type_hint") if hint == "access_token": token.access_token_revoked = True else: token.access_token_revoked = True token.refresh_token_revoked = True token.save() r')rr rs rr"zRevocationEndpoint.revoke_token\s ("##rN) __name__ __module__ __qualname____doc__ ENDPOINT_NAMErrr%rr"rrr r s'!M(.-> $$rr N)authlib.constsrrfc6749rrrrr r0rrr3s"/')#/g$g$r