|
Server : LiteSpeed System : Linux server51.dnsbootclub.com 4.18.0-553.62.1.lve.el8.x86_64 #1 SMP Mon Jul 21 17:50:35 UTC 2025 x86_64 User : nandedex ( 1060) PHP Version : 8.1.33 Disable Function : NONE Directory : /opt/cppython/lib/python3.8/site-packages/google/oauth2/__pycache__/ |
U
����O��g+����������������������@���sJ���d�Z�ddlmZ�ddlZddlZddlmZ�ddiZG�dd��dej �Z
dS�)a���OAuth 2.0 Token Exchange Spec.
This module defines a token exchange utility based on the `OAuth 2.0 Token
Exchange`_ spec. This will be mainly used to exchange external credentials
for GCP access tokens in workload identity pools to access Google APIs.
The implementation will support various types of client authentication as
allowed in the spec.
A deviation on the spec will be for additional Google specific options that
cannot be easily mapped to parameters defined in the RFC.
The returned dictionary response will be based on the `rfc8693 section 2.2.1`_
spec JSON response.
.. _OAuth 2.0 Token Exchange: https://tools.ietf.org/html/rfc8693
.. _rfc8693 section 2.2.1: https://tools.ietf.org/html/rfc8693#section-2.2.1
�����N)�utilsz
Content-Typez!application/x-www-form-urlencodedc�����������������������s<���e�Zd�ZdZd
��fdd� Zdd��Zd
dd�Zd d
��Z���ZS�)
�ClientzcImplements the OAuth 2.0 token exchange spec based on
https://tools.ietf.org/html/rfc8693.
Nc��������������������s���t�t|���|��||�_dS�)a5��Initializes an STS client instance.
Args:
token_exchange_endpoint (str): The token exchange endpoint.
client_authentication (Optional(google.oauth2.oauth2_utils.ClientAuthentication)):
The optional OAuth client authentication credentials if available.
N)�superr����__init__�_token_exchange_endpoint)�selfZtoken_exchange_endpointZclient_authentication�� __class__���>/opt/cppython/lib/python3.8/site-packages/google/oauth2/sts.pyr���1���s����zClient.__init__c�����������
������C���s����t����}|r*t|����D�]\}}|||<�q|��||��||�jd|tj�|�� d�d�}t
|j
d�rn|j
�
d�n|j
}|j
tjkr�t�|��t�|�} | S�)N�POSTzutf-8)�url�method�headers�body�decode)�_URLENCODED_HEADERS�copy�dict�itemsZ#apply_client_authentication_optionsr����urllib�parse� urlencode�encode�hasattr�datar����status�
http_client�OKr���Zhandle_error_response�json�loads)
r����requestr����
request_bodyZrequest_headers�k�v�responseZ
response_bodyZ
response_datar
���r
���r
����
_make_request<���s&����
�
��
zClient._make_requestc
��������������
���C���sx���|||d��|pg��|||| |
dd�
}
|
r>tj�t�|
��|
d<�t|
����D�]
\}}|dksb|dkrJ|
|=�qJ|��||
|
�S�)aT��Exchanges the provided token for another type of token based on the
rfc8693 spec.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
grant_type (str): The OAuth 2.0 token exchange grant type.
subject_token (str): The OAuth 2.0 token exchange subject token.
subject_token_type (str): The OAuth 2.0 token exchange subject token type.
resource (Optional[str]): The optional OAuth 2.0 token exchange resource field.
audience (Optional[str]): The optional OAuth 2.0 token exchange audience field.
scopes (Optional[Sequence[str]]): The optional list of scopes to use.
requested_token_type (Optional[str]): The optional OAuth 2.0 token exchange requested
token type.
actor_token (Optional[str]): The optional OAuth 2.0 token exchange actor token.
actor_token_type (Optional[str]): The optional OAuth 2.0 token exchange actor token type.
additional_options (Optional[Mapping[str, str]]): The optional additional
non-standard Google specific options.
additional_headers (Optional[Mapping[str, str]]): The optional additional
headers to pass to the token exchange endpoint.
Returns:
Mapping[str, str]: The token exchange JSON-decoded response data containing
the requested token and its expiration time.
Raises:
google.auth.exceptions.OAuthError: If the token endpoint returned
an error.
� N)
�
grant_type�resource�audience�scope�requested_token_type�
subject_token�subject_token_type�
actor_token�actor_token_type�optionsr1�����) �joinr���r����quoter ����dumpsr���r���r&���)r���r!���r(���r-���r.���r)���r*���Zscopesr,���r/���r0���Zadditional_optionsZadditional_headersr"���r#���r$���r
���r
���r
����exchange_token_���s"����.
�
zClient.exchange_tokenc�����������������C���s���|���|dd|d��S�)a��Exchanges a refresh token for an access token based on the
RFC6749 spec.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
subject_token (str): The OAuth 2.0 refresh token.
N�
refresh_token)r(���r7���)r&���)r���r!���r7���r
���r
���r
���r7�������s
����
�zClient.refresh_token)N)NNNNNNNN) �__name__�
__module__�
__qualname__�__doc__r���r&���r6���r7����
__classcell__r
���r
���r���r
���r���,���s���
)���������
Cr���)
r;����
http.client�clientr
���r ���r���Z
google.oauth2r���r���ZOAuthClientAuthHandlerr���r
���r
���r
���r
����<module>���s
���