~h!nddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z Gd d e Z y ) )ContinueIteration)default_json_headers)ExpiredTokenError)InvalidClaimError)InvalidTokenError)JWTBearerTokenValidator)IntrospectionEndpointcPeZdZdZdZd fd ZdZdZdZdZ de d e fd Z xZ S) JWTIntrospectionEndpointaJWTIntrospectionEndpoint inherits from :ref:`specs/rfc7662` :class:`~authlib.oauth2.rfc7662.IntrospectionEndpoint` and implements the machinery to automatically process the JWT access tokens. :param issuer: The issuer identifier for which tokens will be introspected. :param \\*\\*kwargs: Other parameters are inherited from :class:`~authlib.oauth2.rfc7662.introspection.IntrospectionEndpoint`. :: class MyJWTAccessTokenIntrospectionEndpoint(JWTIntrospectionEndpoint): def get_jwks(self): ... def get_username(self, user_id): ... # endpoint dedicated to JWT access token introspection authorization_server.register_endpoint( MyJWTAccessTokenIntrospectionEndpoint( issuer="https://authorization-server.example.org", ) ) # another endpoint dedicated to refresh token introspection authorization_server.register_endpoint(MyRefreshTokenIntrospectionEndpoint) introspectionc6t||d|i|||_y)Nserver)super__init__issuer)selfrrargskwargs __class__s `/opt/mcp/mcp-sentiment/venv/lib/python3.12/site-packages/authlib/oauth2/rfc9068/introspection.pyrz!JWTIntrospectionEndpoint.__init__,s! $8v88 c||j|}|j||}|j|}d|tfS))authenticate_endpoint_clientauthenticate_tokencreate_introspection_payloadr)rrequestclienttokenbodys rcreate_endpoint_responsez1JWTIntrospectionEndpoint.create_endpoint_response0sH227;''8007D...rcl|j|||jjddvr tt |j d}|j |_ |j|jd}|r|j|||r|Syy#t$r}t|d}~wwxYw)rtoken_type_hint) access_tokenNN)rresource_serverr!) check_paramsformgetrrrget_jwksrrcheck_permission)rrr validatorr!excs rrz+JWTIntrospectionEndpoint.authenticate_token=s '6* <<  - .6L L#% %+4;;PTU !]]  /00g1FGE T**5&'BLC5! /#%3 . /s#B B3# B..B3c 4|sddiS |jdd|d|d|d|d |d|d |d d }|j |dx}r||d <|S#t$rddicYSt$r*}|jdk(r t |t |d}~wwxYw)NactiveFissTBearer client_idscopesubaudexpiat) r0 token_typer3r4r5r6r1r7r8username)validaterr claim_namerr get_username)rr!r.payloadr:s rrz5JWTIntrospectionEndpoint.create_introspection_payloadQse$ $ / NN "{+7^<<<<<  ((u6 68 6"*GJ -! %e$ $  /~~&')s2#%3 . /sA B%B-%BBct)zReturn the JWKs that will be used to check the JWT access token signature. Developers MUST re-implement this method:: def get_jwks(self): return load_jwks("jwks.json") )NotImplementedError)rs rr+z!JWTIntrospectionEndpoint.get_jwksos "##ruser_idreturncy)zReturns an username from a user ID. Developers MAY re-implement this method:: def get_username(self, user_id): return User.get(id=user_id).username N)rrAs rr=z%JWTIntrospectionEndpoint.get_usernamexsr)N) __name__ __module__ __qualname____doc__ ENDPOINT_NAMErr#rrr+strr= __classcell__)rs@rr r s;<$M /(<$CCrr N)authlib.common.errorsrauthlib.constsrauthlib.jose.errorsrrauthlib.oauth2.rfc6750.errorsr&authlib.oauth2.rfc9068.token_validatorrrfc7662r r rDrrrRs)3/11;J+t4tr