U 6dU@sddlmZddlZddlmZmZddlmZmZddlm Z ddlm Z m Z ddl Z e eZGdddeZGd d d e jZdS) )unicode_literalsN)generate_token urldecode)WebApplicationClientInsecureTransportError)LegacyApplicationClient)TokenExpiredErroris_secure_transportcseZdZfddZZS) TokenUpdatedcstt|||_dSN)superr __init__token)selfr __class__D/tmp/pip-unpacked-wheel-h5x5xq8v/requests_oauthlib/oauth2_session.pyr szTokenUpdated.__init__)__name__ __module__ __qualname__r __classcell__rrrrr sr cseZdZdZd$fdd ZddZeddZejd dZej d dZed d Z e jd d Z eddZ e jddZ e j ddZ eddZ d%ddZ d&ddZddZd'ddZd(fd d! Zd"d#ZZS)) OAuth2Sessiona*Versatile OAuth 2 extension to :class:`requests.Session`. Supports any grant type adhering to :class:`oauthlib.oauth2.Client` spec including the four core OAuth 2 grants. Can be used to create authorization urls, fetch tokens and access protected resources using the :class:`requests.Session` interface you are used to. - :class:`oauthlib.oauth2.WebApplicationClient` (default): Authorization Code Grant - :class:`oauthlib.oauth2.MobileApplicationClient`: Implicit Grant - :class:`oauthlib.oauth2.LegacyApplicationClient`: Password Credentials Grant - :class:`oauthlib.oauth2.BackendApplicationClient`: Client Credentials Grant Note that the only time you will be using Implicit Grant from python is if you are driving a user agent able to obtain URL fragments. Nc  stt|jf| |p t||d|_|p*i|_||_||_|p@t|_ ||_ ||_ |pVi|_ | |_ dd|_tttd|_dS)aHConstruct a new OAuth 2 client session. :param client_id: Client id obtained during registration :param client: :class:`oauthlib.oauth2.Client` to be used. Default is WebApplicationClient which is useful for any hosted application but not mobile or desktop. :param scope: List of scopes you wish to request access to :param redirect_uri: Redirect URI you registered as callback :param token: Token dictionary, must include access_token and token_type. :param state: State string used to prevent CSRF. This will be given when creating the authorization url and must be supplied when parsing the authorization response. Can be either a string or a no argument callable. :auto_refresh_url: Refresh token endpoint URL, must be HTTPS. Supply this if you wish the client to automatically refresh your access tokens. :auto_refresh_kwargs: Extra arguments to pass to the refresh token endpoint. :token_updater: Method with one argument, token, to be used to update your token database on automatic token refresh. If not set a TokenUpdated warning will be raised when a token has been refreshed. This warning will carry the token in its token argument. :param kwargs: Arguments to pass to the Session constructor. )rcSs|Sr r)rrrrZz(OAuth2Session.__init__..)access_token_responserefresh_token_responseprotected_requestN)r rr r_clientrscope redirect_urirstate_stateauto_refresh_urlauto_refresh_kwargs token_updaterauthsetcompliance_hook) r client_idclientr$r%r r!rr"r&kwargsrrrr &s'    zOAuth2Session.__init__cCsNz||_td|jWn*tk rF|j|_td|jYnX|jS)z6Generates a state string to be used in authorizations.zGenerated new state %s.z&Re-using previously supplied state %s.)r"r#logdebug TypeErrorrrrr new_stateds zOAuth2Session.new_statecCst|jddS)Nr*getattrrr0rrrr*nszOAuth2Session.client_idcCs ||j_dSr rr*rvaluerrrr*rscCs |j`dSr r4r0rrrr*vscCst|jddS)Nrr2r0rrrrzszOAuth2Session.tokencCs||j_|j|dSr )rrZpopulate_token_attributesr5rrrr~scCst|jddS)N access_tokenr2r0rrrr7szOAuth2Session.access_tokencCs ||j_dSr rr7r5rrrr7scCs |j`dSr r8r0rrrr7scCs t|jS)aBoolean that indicates whether this session has an OAuth token or not. If `self.authorized` is True, you can reasonably expect OAuth-protected requests to the resource to succeed. If `self.authorized` is False, you need the user to go through the OAuth authentication dance before OAuth-protected requests to the resource will succeed. )boolr7r0rrr authorizeds zOAuth2Session.authorizedcKs0|p |}|jj|f|j|j|d||fS)aFForm an authorization URL. :param url: Authorization endpoint url, must be HTTPS. :param state: An optional state string for CSRF protection. If not given it will be generated for you. :param kwargs: Extra parameters to include. :return: authorization_url, state )r!r r")r1rZprepare_request_urir!r )rurlr"r,rrrauthorization_urls zOAuth2Session.authorization_urlPOSTFTc Ksvt|st|s2|r2|jj||jd|jj}n$|sVt|jtrV|jj}|sVtdt|jt r|dkrrtd|dkrtd|dk r||d<|dk r||d<|dk r|dkrd}n<|d k r|j }|rt d ||dk r|nd }t j||}|r |dk r ||d <|jjf|||j|d |}| p8ddd} i|_i}|dkrntt||| rhdnd<n(|dkrtt||d<ntd|jf||| | || | |d|}t d|jt d|jjt d|jjt d|jjt d|j|jt dt|jd|jdD]}t d|||}q(|jj|j|jd|jj|_t d |j|jS)!a Generic method for fetching an access token from the token endpoint. If you are using the MobileApplicationClient you will want to use `token_from_fragment` instead of `fetch_token`. The current implementation enforces the RFC guidelines. :param token_url: Token endpoint URL, must use HTTPS. :param code: Authorization code (used by WebApplicationClients). :param authorization_response: Authorization response URL, the callback URL of the request back to you. Used by WebApplicationClients instead of code. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param username: Username required by LegacyApplicationClients to appear in the request body. :param password: Password required by LegacyApplicationClients to appear in the request body. :param method: The HTTP method used to make the request. Defaults to POST, but may also be GET. Other methods should be added as needed. :param force_querystring: If True, force the request body to be sent in the querystring instead. :param timeout: Timeout of the request in seconds. :param headers: Dict to default request headers with. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument is passed onto `requests`. :param include_client_id: Should the request body include the `client_id` parameter. Default is `None`, which will attempt to autodetect. This can be forced to always include (True) or never include (False). :param client_secret: The `client_secret` paired to the `client_id`. This is generally required unless provided in the `auth` tuple. If the value is `None`, it will be omitted from the request, however if the value is an empty string, an empty string will be sent. :param cert: Client certificate to send for OAuth 2.0 Mutual-TLS Client Authentication (draft-ietf-oauth-mtls). Can either be the path of a file containing the private key and certificate or a tuple of two filenames for certificate and key. :param kwargs: Extra parameters to include in the token request. :return: A token dict r"z?Please supply either code or authorization_response parameters.NzQ`LegacyApplicationClient` requires both the `username` and `password` parameters.zGThe required parameter `username` was supplied, but `password` was not.usernamepasswordFTzIEncoding `client_id` "%s" with `client_secret` as Basic auth credentials.r= client_secret)codebodyr!include_client_idapplication/json/application/x-www-form-urlencoded;charset=UTF-8Acceptz Content-Typer>paramsdataGETz%The method kwarg must be POST or GET.)methodr;timeoutheadersr'verifyproxiescertz0Request to fetch token completed with status %s.zRequest url was %szRequest headers were %szRequest body was %s(Response headers were %s and content %s.!Invoking %d token response hooks.rInvoking hook %s.r zObtained token %s.) r rrparse_request_uri_responser#rC isinstancer ValueErrorrr*r-r.requestsr' HTTPBasicAuthZprepare_request_bodyr!rupperdictrrequest status_coder;rOrDtextlenr)parse_request_body_responser )r token_urlrCauthorization_responserDr'r@rArMZforce_querystringrNrOrPrQrErBrRr,r*Zrequest_kwargsrhookrrr fetch_tokensA         zOAuth2Session.fetch_tokencCs"|jj||jd|jj|_|jS)zParse token from the URI fragment, used by MobileApplicationClients. :param authorization_response: The full URL of the redirect back to you :return: A token dict r?)rrWr#r)rrdrrrtoken_from_fragmentss  z!OAuth2Session.token_from_fragmentc Ks6|s tdt|st|p(|jd}td|j| |j|j j f|||j d| }td||dkr~ddd }|j |t t|||||d |d } td | jtd | j| jtdt|jd|jdD]} td| | | } q|j j| j|j d|_d|jkr0td||jd<|jS)aFetch a new access token using a refresh token. :param token_url: The token endpoint, must be HTTPS. :param refresh_token: The refresh_token to use. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param timeout: Timeout of the request in seconds. :param headers: A dict of headers to be used by `requests`. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument will be passed to `requests`. :param kwargs: Extra parameters to include in the token request. :return: A token dict z'No token endpoint set for auto_refresh. refresh_tokenz*Adding auto refresh key word arguments %s.)rDrhr z&Prepared refresh token request body %sNrFrGrHT)rKr'rNrOrPwithhold_tokenrQz2Request to refresh token completed with status %s.rSrTrrUrVz)No new refresh token given. Re-using old.)rYr rrgetr-r.r%updaterZprepare_refresh_bodyr postr]rr_rOr`rar)rb) rrcrhrDr'rNrOrPrQr,rrerrrrhs\          zOAuth2Session.refresh_tokenc st|st|jrR|sRtdt|jd|jdD]"} td| | |||\}}}qFNNTNNNN)Nr=NNNTN)NNFNN)rrr__doc__r r1propertyr*setterdeleterrr7r:r<rfrgrhr^rorrrrrrs>           E OCr) __future__rloggingZoauthlib.commonrrZoauthlib.oauth2rrrrr rZ getLoggerrr-Warningr Sessionrrrrrs