3 L(Y@s|dZddlZddlZddlmZddlmZddlmZddlmZdZ dZ d Z d d Z d d Z ddZddZddZdS)aOAuth 2.0 client. This is a client for interacting with an OAuth 2.0 authorization server's token endpoint. For more information about the token endpoint, see `Section 3.1 of rfc6749`_ .. _Section 3.1 of rfc6749: https://tools.ietf.org/html/rfc6749#section-3.2 N) http_client)urllib)_helpers) exceptionsz!application/x-www-form-urlencodedz+urn:ietf:params:oauth:grant-type:jwt-bearer refresh_tokenc CsRy$tj|}dj|d|jd}Wnttfk r@|}YnXtj||dS)z"Translates an error response into an exception. Args: response_body (str): The decoded response data. Raises: google.auth.exceptions.RefreshError z{}: {}errorZerror_descriptionN)jsonloadsformatgetKeyError ValueErrorr RefreshError) response_bodyZ error_dataZ error_detailsrD/private/tmp/pip-build-nl73fm5q/google-auth/google/oauth2/_client.py_handle_error_response(s   rcCs0|jdd}|dk r(tjtj|dSdSdS)zParses the expiry field from a response into a datetime. Args: response_data (Mapping): The JSON-parsed response data. Returns: Optional[datetime]: The expiration or ``None`` if no expiration was specified. expires_inN)seconds)r rutcnowdatetime timedelta) response_datarrrr _parse_expiry>s   rcCsRtjj|}dti}|d|||d}|jjd}|jtjkrDt |t j |}|S)a Makes a request to the OAuth 2.0 authorization server's token endpoint. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. Returns: Mapping[str, str]: The JSON-decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. z content-typePOST)methodurlheadersbodyzutf-8) rparse urlencode_URLENCODED_CONTENT_TYPEdatadecodestatusrOKrrr )request token_urirrresponserrrrr_token_endpoint_requestQs    r)c CsV|td}t|||}y |d}Wn tk rBtjd|YnXt|}|||fS)aImplements the JWT Profile for OAuth 2.0 Authorization Grants. For more details, see `rfc7523 section 4`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. assertion (str): The OAuth 2.0 assertion. Returns: Tuple[str, Optional[datetime], Mapping[str, str]]: The access token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc7523 section 4: https://tools.ietf.org/html/rfc7523#section-4 ) assertion grant_type access_tokenzNo access token in response.)_JWT_GRANT_TYPEr)r rrr)r&r'r*rrr,expiryrrr jwt_grantts  r/c Csht|||d}t|||}y |d}Wn tk rFtjd|YnX|jd|}t|}||||fS)aImplements the OAuth 2.0 refresh token grant. For more details, see `rfc678 section 6`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. refresh_token (str): The refresh token to use to get a new access token. client_id (str): The OAuth 2.0 application's client ID. client_secret (str): The Oauth 2.0 appliaction's client secret. Returns: Tuple[str, Optional[str], Optional[datetime], Mapping[str, str]]: The access token, new refresh token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc6748 section 6: https://tools.ietf.org/html/rfc6749#section-6 )r+ client_id client_secretrr,zNo access token in response.r)_REFRESH_GRANT_TYPEr)r rrr r) r&r'rr0r1rrr,r.rrr refresh_grants   r3)__doc__rrZ six.movesrrZ google.authrrr!r-r2rrr)r/r3rrrrs    #(