D6i3ddlZddlZddlZddlmZmZmZmZddlmZddl m Z ddl m Z ddl mZddlmZmZmZmZdd lmZej,eZGd d eZy) N) current_appredirectrequesturl_for)generate_token)MissingCodeError)cached_property)Response)BaseOAuthConsumerBlueprintoauth_authorizedoauth_before_login oauth_error) OAuth2SessionceZdZdZ dddddddddddddddddddddddddddddZedZejdZed Z d Z dd Z d Z d Z y)OAuth2ConsumerBlueprintzU A subclass of :class:`flask.Blueprint` that sets up OAuth 2 authentication. NFS256)clientauto_refresh_urlauto_refresh_kwargsscopestate static_folderstatic_url_pathtemplate_folder url_prefix subdomain url_defaults root_path login_urlauthorized_urlbase_urlauthorization_urlauthorization_url_params token_urltoken_url_params redirect_url redirect_to session_classstorage rule_kwargsuse_pkcecode_challenge_methodc tj|||| | | | |||||||||_|xst|_||_||_||_||_||_ | |_ ||_ ||_ ||_ |xsi|_||_|xsi|_||_||_||_||_|j+|j,y)a Most of the constructor arguments are forwarded either to the :class:`flask.Blueprint` constructor or the :class:`requests_oauthlib.OAuth2Session` constructor, including ``**kwargs`` (which is forwarded to :class:`~requests_oauthlib.OAuth2Session`). Only the arguments that are relevant to Flask-Dance are documented here. Args: base_url: The base URL of the OAuth provider. If specified, all URLs passed to this instance will be resolved relative to this URL. authorization_url: The URL specified by the OAuth provider for obtaining an `authorization grant `__. This can be an fully-qualified URL, or a path that is resolved relative to the ``base_url``. authorization_url_params (dict): A dict of extra key-value pairs to include in the query string of the ``authorization_url``, beyond those necessary for a standard OAuth 2 authorization grant request. token_url: The URL specified by the OAuth provider for obtaining an `access token `__. This can be an fully-qualified URL, or a path that is resolved relative to the ``base_url``. token_url_params (dict): A dict of extra key-value pairs to include in the query string of the ``token_url``, beyond those necessary for a standard OAuth 2 access token request. login_url: The URL route for the ``login`` view that kicks off the OAuth dance. This string will be :ref:`formatted ` with the instance so that attributes can be interpolated. Defaults to ``/{bp.name}``, so that the URL is based on the name of the blueprint. authorized_url: The URL route for the ``authorized`` view that completes the OAuth dance. This string will be :ref:`formatted ` with the instance so that attributes can be interpolated. Defaults to ``/{bp.name}/authorized``, so that the URL is based on the name of the blueprint. redirect_url: When the OAuth dance is complete, redirect the user to this URL. redirect_to: When the OAuth dance is complete, redirect the user to the URL obtained by calling :func:`~flask.url_for` with this argument. If you do not specify either ``redirect_url`` or ``redirect_to``, the user will be redirected to the root path (``/``). session_class: The class to use for creating a Requests session between the consumer (your website) and the provider (e.g. Google). Defaults to :class:`~flask_dance.consumer.requests.OAuth2Session`. storage: A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to :class:`~flask_dance.consumer.storage.session.SessionStorage`. rule_kwargs (dict, optional): Additional arguments that should be passed when adding the login and authorized routes. Defaults to ``None``. use_pkce: If true then the authorization flow will follow the PKCE (Proof Key for Code Exchange). For more details please refer to `RFC7636 `__ code_challenge_method: Code challenge method to be used in authorization code flow with PKCE instead of client secret. It will be used only if ``use_pkce`` is set to True. Defaults to ``S256``. ) rrrrrrrr r!r*r+N)r __init__r"rr) _client_idrrrrrkwargs client_secretr#r$r%r&r'r(r-r,teardown_app_requestteardown_session) selfname import_name client_idr2rrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r1s ^/home/azureuser/techstart-app/venv/lib/python3.12/site-packages/flask_dance/consumer/oauth2.pyr/z OAuth2ConsumerBlueprint.__init__sF #++   '++!%)# "! *;m$ 0#6    *"3(@(FB%" 0 6B(&%:"   !!$"7"78c.|jjSN)sessionr8)r5s r9r8z!OAuth2ConsumerBlueprint.client_ids||%%%r:c\||j_||jj_yr<)r=r8_client)r5values r9r8z!OAuth2ConsumerBlueprint.client_ids !& ). &r:c jdjjjjj j jdj}fd}||_ j|S)z This is a session between the consumer (your website) and the provider (e.g. Google). It is *not* a session between a user of your website and your website. :return: )r8rrrrr blueprintr"c|_yr<token)rEr5s r9 token_updaterz6OAuth2ConsumerBlueprint.session..token_updaters DJr:) r)r0rrrrrr"r1rFsession_created)r5retrFs` r9r=zOAuth2ConsumerBlueprint.sessions!d   oo;;!22 $ 8 8****]]  kk   *##C((r:c|Sr<rG)r5r=s r9rHz'OAuth2ConsumerBlueprint.session_createdsr:c( |`y#t$rYywxYwr<)r=KeyError)r5 exceptions r9r4z(OAuth2ConsumerBlueprint.teardown_sessions     s  c,tjd|jtdd|j_|j rtd}|jjj||j}|jj|j|d|jd }|tj|<tjd ||jj|jfd |j i|j\}}|jd }|tj|<tjd |tjd|t#j$||t'|S)Nclient_id = %s .authorizedT _external0)length) code_verifierr-)r-code_challenge_oauth_code_verifiercode_verifier = %sr _oauth_state state = %szredirect URL = %s)url)logdebugr8rr= redirect_urir,rr?create_code_challenger-r$updater6flaskr#rrsendr)r5rUrVcode_verifier_keyr[r state_keys r9loginzOAuth2ConsumerBlueprint.loginsR "DNN3$+MT$J ! ==*"5M!\\11GG+&*&@&@HN  ) ) 0 0-1-G-G&4  $(99+-A B /J ((5I KKI   "&&EZ9G%#FAs!#+2L2L'MN" #H% %yyk. EMM ) HHA BGH-. . i( ,&#  MM) $ ==#'99+-A B   5MN 122!MM*;rsP  99*,*& $g!w"8w"r: