ȯeiddlmZddlmZmZmZddlmZmZm Z m Z m Z ddl m Z ddlmZerddlmZddlZddlmZGd d e e eZGd d eZy) ) annotations) TYPE_CHECKINGAnycast)BaseApp BaseOAuth OAuth2Mixin OAuthError OpenIDMixin) OAuth2Session)TornadoIntegration)CallableN) AuthCachecZeZdZeZdfd Z d ddZ ddZd dZxZ S) TornadoOAuth2Appc~tdt| }d|jdgvrd|jd<|S)zGWe enforce S256 code challenge method if it is supported by the server.dict[str, Any]S256 code_challenge_methods_supportedcode_challenge_method)rsuperload_server_metadataget client_kwargs)selfresult __class__s a/var/www/html/glpi_dashboard/venv/lib/python3.12/site-packages/streamlit/web/server/oidc_mixin.pyrz%TornadoOAuth2App.load_server_metadata-sB&(D(FG VZZ BBG G:@D  6 7 c ~|j|fi|}|jdd|i||j|ddy)a(Create a HTTP Redirect for Authorization Endpoint. :param request_handler: HTTP request instance from Tornado. :param redirect_uri: Callback or redirect URI for authorization. :param kwargs: Extra parameters to include. :return: A HTTP redirect response. redirect_uriurli.)statusN)create_authorization_url_save_authorize_dataredirect)rrequest_handlerr!kwargs auth_contexts rauthorize_redirectz#TornadoOAuth2App.authorize_redirect4sK5t44\LVL !!!L|L|L  e!4S Arc R|jdd}|r|jdd}t|||jd|jdd}i}|jdd}|jj ||j d}|jj ||j d|s td d |j||}|jdi||} d | vr#d |vr|j| |d | } i| d| i} td| S)zl :param request_handler: HTTP request instance from Tornado. :return: A token dict. errorNerror_description)r- descriptioncodestate)r0r1claims_options invalid_statez>OAuth state not found or expired. Please try logging in again.id_tokennonce)r5r2userinforr$) get_argumentr pop frameworkget_state_datarclear_state_data_format_state_paramsfetch_access_tokenparse_id_tokenr) rr(r)r-r/paramssessionr2 state_datatokenr6s rauthorize_access_tokenz'TornadoOAuth2App.authorize_access_tokenEsG ,,Wd; )667JDQK5kB B$008$11': #%$4d;^^227FJJw''';&;F;  7j#8**Z0+H4u3j(3E$e,,rc |jdd}|r i}|jj|||ytd)a\Authlib underlying uses the concept of "session" to store state data. In Tornado, we don't have a session, so we use an empty dict as a placeholder. We also override state access to use the cache instead of session in `TornadoIntegration`. Authlib 1.6.6+ always writes state to session even when cache is available. r1NzMissing state value)r8r9set_state_data RuntimeError)rr)r1r@s rr&z%TornadoOAuth2App._save_authorize_datans>  7D) &(G NN ) )'5& A45 5r)returnr)N)r(tornado.web.RequestHandlerr!rr)rrGNone)r(rHr)rrGr)r)rrGrI) __name__ __module__ __qualname__r client_clsrr+rCr& __classcell__rs@rrr*seJ!B3BB B  B"'-9'-EH'- '-R 6rrc@eZdZeZeZ d dfd ZxZS) TornadoOAuthc8t||||||_y)N)cache fetch_token update_token)r__init__config)rrWrSrTrUrs rrVzTornadoOAuth.__init__s' [|   r)NNNN)rWzdict[str, Any] | NonerSzAuthCache | NonerT1Callable[[dict[str, Any]], dict[str, Any]] | NonerUrX) rJrKrLroauth2_client_clsr framework_integration_clsrVrNrOs@rrQrQ|sO( 2)-"&IMJN %   G  H  rrQ) __future__rtypingrrr authlib.integrations.base_clientrrr r r $authlib.integrations.requests_clientr 0streamlit.web.server.authlib_tornado_integrationr collections.abcr tornado.webtornadostreamlit.auth_utilrrrQr$rrrdsP"#++P(-O6{KO6d9r