U Tºcã@sfdZddlZddlZddlmZddlmZddlmZm Z ddl m Z e  e ¡ZGdd„deƒZdS) zŸ oauthlib.openid.connect.core.endpoints.userinfo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module is an implementation of userinfo endpoint. éN)ÚRequest)Úerrors)Ú BaseEndpointÚcatch_errors_and_unavailability)Ú BearerTokenc@s.eZdZdZdd„Zed dd„ƒZdd „ZdS) ÚUserInfoEndpointz,Authorizes access to userinfo resource. cCs$t|dddƒ|_||_t |¡dS)N)rÚbearerÚrequest_validatorrÚ__init__)Úselfr ©r úS/tmp/pip-unpacked-wheel-dp7l75bz/oauthlib/openid/connect/core/endpoints/userinfo.pyr szUserInfoEndpoint.__init__ÚGETNcCsÐt||||ƒ}dg|_| |¡|j |¡}|dkrLt d|¡tjdd‚t |t ƒrŠddi}d|kr~t d |¡tjdd‚t   |¡}n0t |t ƒr¢dd i}|}nt d |¡tjdd‚t d |¡||d fS)apValidate BearerToken and return userinfo from RequestValidator The UserInfo Endpoint MUST return a content-type header to indicate which format is being returned. The content-type of the HTTP response MUST be application/json if the response body is a text JSON object; the response body SHOULD be encoded using UTF-8. ÚopenidNz!Userinfo MUST have claims for %r.iô)Ú status_codez Content-Typezapplication/jsonÚsubz Userinfo MUST have "sub" for %r.zapplication/jwtz(Userinfo return unknown response for %r.zUserinfo access valid for %r.éÈ)rÚscopesÚvalidate_userinfo_requestr Zget_userinfo_claimsÚlogÚerrorrZ ServerErrorÚ isinstanceÚdictÚjsonÚdumpsÚstrÚdebug)r ÚuriZ http_methodÚbodyÚheadersÚrequestZclaimsZ resp_headersr r r Úcreate_userinfo_responses0      ÿ    ÿ   z)UserInfoEndpoint.create_userinfo_responsecCs*|j |¡st ¡‚d|jkr&t ¡‚dS)a»Ensure the request is valid. 5.3.1. UserInfo Request The Client sends the UserInfo Request using either HTTP GET or HTTP POST. The Access Token obtained from an OpenID Connect Authentication Request MUST be sent as a Bearer Token, per `Section 2`_ of OAuth 2.0 Bearer Token Usage [RFC6750]. It is RECOMMENDED that the request use the HTTP GET method and the Access Token be sent using the Authorization header field. The following is a non-normative example of a UserInfo Request: .. code-block:: http GET /userinfo HTTP/1.1 Host: server.example.com Authorization: Bearer SlAV32hkKG 5.3.3. UserInfo Error Response When an error condition occurs, the UserInfo Endpoint returns an Error Response as defined in `Section 3`_ of OAuth 2.0 Bearer Token Usage [RFC6750]. (HTTP errors unrelated to RFC 6750 are returned to the User Agent using the appropriate HTTP status code.) The following is a non-normative example of a UserInfo Error Response: .. code-block:: http HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer error="invalid_token", error_description="The Access Token expired" .. _`Section 2`: https://datatracker.ietf.org/doc/html/rfc6750#section-2 .. _`Section 3`: https://datatracker.ietf.org/doc/html/rfc6750#section-3 rN)rZvalidate_requestrZInvalidTokenErrorrZInsufficientScopeError)r r r r r rBs%  z*UserInfoEndpoint.validate_userinfo_request)rNN)Ú__name__Ú __module__Ú __qualname__Ú__doc__r rr!rr r r r rs  %r)r%rÚloggingZoauthlib.commonrZoauthlib.oauth2.rfc6749rZ&oauthlib.oauth2.rfc6749.endpoints.baserrZoauthlib.oauth2.rfc6749.tokensrÚ getLoggerr"rrr r r r Ús