o h@sdddlZddlmZmZmZmZmZddlm Z ddl m Z GdddeeeZ GdddeZ dS) N)BaseApp BaseOAuth OAuth2Mixin OAuthError OpenIDMixin) OAuth2Session)TornadoIntegrationcsPeZdZeZfddZ d dejjfddZ dejjfddZ d d Z Z S) TornadoOAuth2Appcs(t}d|dgvrd|jd<|S)zGWe enforce S256 code challenge method if it is supported by the server.S256 code_challenge_methods_supportedcode_challenge_method)superload_server_metadataget client_kwargs)selfresult __class__S/var/www/vscode/kcb/lib/python3.10/site-packages/streamlit/web/server/oidc_mixin.pyr!s  z%TornadoOAuth2App.load_server_metadataNrequest_handlercKs<|j|fi|}|jdd|i||j|ddddS)a(Create a HTTP Redirect for Authorization Endpoint. :param request_handler: HTTP request instance from Tornado. :param redirect_uri: Callback or redirect URI for authorization. :param kwargs: Extra parameters to include. :return: A HTTP redirect response. redirect_uriurli.)statusNr)create_authorization_url_save_authorize_dataredirect)rrrkwargs auth_contextrrrauthorize_redirect(s z#TornadoOAuth2App.authorize_redirectc Ks|dd}|r|dd}t||d|d|dd}|jjdus'Jd}|dd}|j||d}|j||d|||}|j d i||} d | vrmd |vrm|j | |d |d } i| d | i} | S)zl :param request_handler: HTTP request instance from Tornado. :return: A token dict. errorNerror_description)r! descriptioncodestate)r$r%claims_optionsid_tokennonce)r(r&userinfor) get_argumentr frameworkcachepopget_state_datarclear_state_data_format_state_paramsfetch_access_tokenparse_id_token) rrrr!r#paramssessionr& state_datatokenr)rrrauthorize_access_token6s(      z'TornadoOAuth2App.authorize_access_tokencKs@|dd}|r|jjdusJd}|j|||dStd)zAuthlib underlying uses the concept of "session" to store state data. In Tornado, we don't have a session, so we use the framework's cache option. r%NzMissing state value)r-r+r,set_state_data RuntimeError)rrr%r4rrrrWs z%TornadoOAuth2App._save_authorize_data)N) __name__ __module__ __qualname__r client_clsrtornadowebRequestHandlerr r7r __classcell__rrrrr s   !r cs&eZdZeZeZdfdd ZZS) TornadoOAuthNcstj|||d||_dS)N)r, fetch_token update_token)r __init__config)rrFr,rCrDrrrrEhs zTornadoOAuth.__init__)NNNN) r:r;r<r oauth2_client_clsrframework_integration_clsrErArrrrrBdsrB) tornado.webr> authlib.integrations.base_clientrrrrr$authlib.integrations.requests_clientr0streamlit.web.server.authlib_tornado_integrationrr rBrrrrs   F