o
    ,&]i  ã                   @  s    d dl mZ d dlmZmZmZ d dlmZmZm	Z	m
Z
mZ d dlmZ d dlmZ er<d dlmZ d dlZd dlmZ G d	d
„ d
e	eeƒZG dd„ deƒZdS )é    )Úannotations)ÚTYPE_CHECKINGÚAnyÚcast)ÚBaseAppÚ	BaseOAuthÚOAuth2MixinÚ
OAuthErrorÚOpenIDMixin)ÚOAuth2Session)ÚTornadoIntegration)ÚCallableN)Ú	AuthCachec                      sD   e Zd ZeZd‡ fdd„Z	dddd„Zddd„Zddd„Z‡  Z	S )ÚTornadoOAuth2AppÚreturnúdict[str, Any]c                   s.   t dtƒ  ¡ ƒ}d| dg ¡v rd| jd< |S )zGWe enforce S256 code challenge method if it is supported by the server.r   ÚS256Ú code_challenge_methods_supportedÚcode_challenge_method)r   ÚsuperÚload_server_metadataÚgetÚclient_kwargs)ÚselfÚresult©Ú	__class__© ú]/var/www/html/IGF-ODF-V3/venv/lib/python3.10/site-packages/streamlit/web/server/oidc_mixin.pyr   -   s   
z%TornadoOAuth2App.load_server_metadataNÚrequest_handlerútornado.web.RequestHandlerÚredirect_urir   ÚkwargsÚNonec                 K  s<   | j |fi |¤Ž}| jdd|i|¤Ž |j|d dd dS )a(  Create a HTTP Redirect for Authorization Endpoint.

        :param request_handler: HTTP request instance from Tornado.
        :param redirect_uri: Callback or redirect URI for authorization.
        :param kwargs: Extra parameters to include.
        :return: A HTTP redirect response.
        r!   Úurli.  )ÚstatusNr   )Úcreate_authorization_urlÚ_save_authorize_dataÚredirect)r   r   r!   r"   Úauth_contextr   r   r   Úauthorize_redirect4   s   z#TornadoOAuth2App.authorize_redirectc                 K  sä   |  dd¡}|r|  dd¡}t||d‚|  d¡|  d¡dœ}i }| dd¡}| j || d¡¡}| j || d¡¡ |sCtd	d
d‚|  ||¡}| jdi |¤|¤Ž}	d|	v rmd|v rm| j	|	|d |d}
i |	¥d|
i¥}	t
d|	ƒS )zl
        :param request_handler: HTTP request instance from Tornado.
        :return: A token dict.
        ÚerrorNÚerror_description)r+   ÚdescriptionÚcodeÚstate)r.   r/   Úclaims_optionsÚinvalid_statez>OAuth state not found or expired. Please try logging in again.Úid_tokenÚnonce)r3   r0   Úuserinfor   r   )Úget_argumentr	   ÚpopÚ	frameworkÚget_state_datar   Úclear_state_dataÚ_format_state_paramsÚfetch_access_tokenÚparse_id_tokenr   )r   r   r"   r+   r-   ÚparamsÚsessionr0   Ú
state_dataÚtokenr4   r   r   r   Úauthorize_access_tokenE   s0   þþ
ÿ
z'TornadoOAuth2App.authorize_access_tokenc                 K  s0   |  dd¡}|ri }| j |||¡ dS tdƒ‚)a\  Authlib underlying uses the concept of "session" to store state data.
        In Tornado, we don't have a session, so we use an empty dict as a placeholder.
        We also override state access to use the cache instead of session in `TornadoIntegration`.
        Authlib 1.6.6+ always writes state to session even when cache is available.
        r/   NzMissing state value)r6   r7   Úset_state_dataÚRuntimeError)r   r"   r/   r>   r   r   r   r'   n   s
   z%TornadoOAuth2App._save_authorize_data)r   r   )N)r   r    r!   r   r"   r   r   r#   )r   r    r"   r   r   r   )r"   r   r   r#   )
Ú__name__Ú
__module__Ú__qualname__r   Ú
client_clsr   r*   rA   r'   Ú__classcell__r   r   r   r   r   *   s    
ý
)r   c                      s0   e Zd ZeZeZ				dd‡ fd	d
„Z‡  ZS )ÚTornadoOAuthNÚconfigúdict[str, Any] | NoneÚcacheúAuthCache | NoneÚfetch_tokenú1Callable[[dict[str, Any]], dict[str, Any]] | NoneÚupdate_tokenc                   s   t ƒ j|||d || _d S )N)rL   rN   rP   )r   Ú__init__rJ   )r   rJ   rL   rN   rP   r   r   r   rQ   €   s   ÿ
zTornadoOAuth.__init__)NNNN)rJ   rK   rL   rM   rN   rO   rP   rO   )	rD   rE   rF   r   Úoauth2_client_clsr   Úframework_integration_clsrQ   rH   r   r   r   r   rI   |   s    ûrI   )Ú
__future__r   Útypingr   r   r   Ú authlib.integrations.base_clientr   r   r   r	   r
   Ú$authlib.integrations.requests_clientr   Ú0streamlit.web.server.authlib_tornado_integrationr   Úcollections.abcr   Útornado.webÚtornadoÚstreamlit.auth_utilr   r   rI   r   r   r   r   Ú<module>   s   R