(phMnSrSSKrSSKrSSKrSSKrSSKJr SSKJr SSKJr SSKJ r SSK r SSK r SSK r SSKJr SSKJr SS KJr S rS rS rS r\"\R."SS9R155r\"\R."SS9R155r\"\R."SS9R155rSr\"/SQ5rSrSr Sr!Sr""SS\ RFRHRJ5r&"SS5r'"SS5r("S S!\ RR5r*"S"S#5r+"S$S%5r,"S&S'\RZ5r."S(S)\RZ5r/"S*S+\R`5r1"S,S-\R`5r2"S.S/\Rf5r4"S0S1\45r5"S2S3\45r6g)4z1Firebase token minting and validation sub module.N) credentials)iam)jwt) transport) exceptions) _auth_utils) _http_clientzhttps://securetoken.google.com/zXhttps://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.comz$https://session.firebase.google.com/zEhttps://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys)minutes)days)hourszYhttps://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit)acramrat_hashaud auth_timeazpcnfc_hashexpfirebaseiatissjtinbfnoncesubzZhttp://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/emailRS256nonez"firebase-auth-emulator@example.comc$\rSrSrSrSrSrSrg)_EmulatedSigner?NcgNselfs L/var/www/html/venv/lib/python3.13/site-packages/firebase_admin/_token_gen.py__init___EmulatedSigner.__init__Bs cg)Nr-r'r)messages r*sign_EmulatedSigner.signEsr-r')__name__ __module__ __qualname____firstlineno__key_idr+r1__static_attributes__r'r-r*r#r#?s F r-r#c\rSrSrSr\4Sjr\S5r\S5r \S5r \ S5r \ S5r \ S 5rS rg ) _SigningProviderIz2Stores a reference to a google.auth.crypto.Signer.c(XlX lX0lgr&)_signer _signer_email_alg)r)signer signer_emailalgs r*r+_SigningProvider.__init__Ls ) r-cUR$r&)r=r(s r*r@_SigningProvider.signerQs ||r-cUR$r&)r>r(s r*rA_SigningProvider.signer_emailUs!!!r-cUR$r&)r?r(s r*rB_SigningProvider.algYs yyr-cB[URUR5$r&)r:r@rA)cls google_creds r*from_credential _SigningProvider.from_credential]s 2 2K4L4LMMr-cF[R"XU5n[XC5$r&)rSignerr:)rKrequestrLservice_accountr@s r*from_iam_SigningProvider.from_iamasG/B88r-c<[[5[[5$r&)r:r#AUTH_EMULATOR_EMAILALGORITHM_NONE)rKs r* for_emulator_SigningProvider.for_emulatorfs 13FWWr-)r?r=r>N)r3r4r5r6__doc__ALGORITHM_RS256r+propertyr@rArB classmethodrMrSrXr8r'r-r*r:r:Is<1@ ""NN99XXr-r:cL\rSrSrSrSrS SjrSr\S5r S Sjr S r S r g) TokenGeneratorkz,Generates custom tokens and session cookies.z)https://identitytoolkit.googleapis.com/v1NcXlX l[RR 5UlU=(d UR nSRXAR5Ul SUl g)Nz{0}/projects/{1}) app http_clientrrequestsRequestrQID_TOOLKIT_URLformat project_idbase_url_signing_provider)r)rbrc url_override url_prefixs r*r+TokenGenerator.__init__psQ& ))113 !8T%8%8 *11*nnM !%r-cZ[R"5(a[R5$URR R 5n[U[RRR5(a[RU5$URRRS5nU(a [RUR X5$[U["R$5(a[RU5$UR![&SS0S9nUR(S:wa2[+SR-UR.R1555eUR.R15n[RUR X5$)zPInitializes a signing provider by following the go/firebase-admin-sign protocol.serviceAccountIdzMetadata-FlavorGoogle)urlheadersz2Failed to contact the local metadata service: {0}.)r is_emulatedr:rXrb credentialget_credential isinstancegoogleoauth2rR CredentialsrMoptionsgetrSrQrSigningMETADATA_SERVICE_URLstatus ValueErrorrgdatadecode)r)rLrRresps r*_init_signing_provider%TokenGenerator._init_signing_providerxs>  " " $ $#002 2hh))88: k6==#@#@#L#L M M#33K@ @((**../AB #,,T\\;X X k;#6#6 7 7#33K@ @|| 4?PRZ>[|\ ;;# DKKDIIL\L\L^_a a))**,(({TTr-cUR(d"UR5UlUR$UR$![a!nSn[SR X55eSnAff=f)z@Initializes and returns the SigningProvider instance to be used.z@https://firebase.google.com/docs/auth/admin/create-custom-tokenszFailed to determine service account: {0}. Make sure to initialize the SDK with service account credentials or specify a service account ID with iam.serviceAccounts.signBlob permission. Please refer to {1} for more details on creating custom tokens.N)rjr Exceptionrrg)r)errorrqs r*signing_providerTokenGenerator.signing_providersw%% M)-)D)D)F&%%%t%%% MX 9:@9K MM MsA A+ A&&A+ctUb[U[5(d [S5e[UR 55[ -nU(a[[ U5S:a!SRSRU55nO SRSRU55n[U5eU(a$[U[5(a[ U5S:a [S5eURn[[R"55nURUR[UUU[-S .nU(aX8S 'UbX(S 'S UR 0n ["R$"UR&XS 9$![(R*R,R.a!n SRU 5n [1X5eSn A ff=f)z.Builds and signs a Firebase custom auth token.Nz%developer_claims must be a dictionaryrz:Developer claims {0} are reserved and cannot be specified.z, z8Developer claim {0} is reserved and cannot be specified.z2uid must be a string between 1 and 128 characters.)rrruidrr tenant_idclaimsrB)headerz Failed to sign custom token. {0})rwdictrsetkeysRESERVED_CLAIMSlenrgjoinstrrinttimerAFIREBASE_AUDIENCEMAX_TOKEN_LIFETIME_SECONDSrBrencoder@rxauthrTransportErrorTokenSignError) r)rdeveloper_claimsrdisallowed_keys error_messagernowpayloadrrmsgs r*create_custom_token"TokenGenerator.create_custom_tokens  '.55 !HII!"2"7"7"9:_LO'!+&< > ?sF--G& G!!G&)rjrbrircrQr&)NN) r3r4r5r6rZrfr+rr\rrrr8r'r-r*r_r_ks46@N&U: & &*-Z -r-r_cL\rSrSrSrS Sjr\S5r\S5rS Sjr Sr g) CertificateFetchRequestzqA google-auth transport that supports HTTP cache-control. Also injects a timeout to each outgoing HTTP request. Nc[R"[R"55Ul[ RR UR5UlXl gr&) cachecontrol CacheControlrdSession_sessionrresession _delegate_timeout_seconds)r)timeout_secondss r*r+ CertificateFetchRequest.__init__s?$11(2B2B2DE "++33DLLA /r-cUR$r&)rr(s r*rCertificateFetchRequest.sessions }}r-cUR$r&)rr(s r*r'CertificateFetchRequest.timeout_secondss$$$r-c XU=(d URnUR"U4X#XES.UD6$)N)methodrrrtimeout)rr)r)rqrrrrrkwargss r*__call__ CertificateFetchRequest.__call__s<1T11~~ W7WOUW Wr-)rrrr&)GETNNN) r3r4r5r6rZr+r\rrrr8r'r-r*rrs: 0 %%Wr-rc2\rSrSrSrSrSSjrSSjrSrg) TokenVerifieri z'Verifies ID tokens and session cookies.c HURRS[R5n[ U5Ul[ URSSS[[[R[S9Ul [ URSSS[[[ ["S9Ulg)N httpTimeoutzID tokenzverify_id_token()zSURS05;a(SR URUR 5n GOESR UR 5n GO(U (dBURS5S:wa-SR UR URS5U 5n OXpR:wa)SR UR URUX5n OXi:waSR UR XX5n OUb[U[5(dSR UR U 5n OOU(dSR UR U 5n O+[#U5S:aSR UR U 5n U (aUR%U 5eU (aUnO?[&R(R*R-UUURUR.US9nUS US'U$![&R0R2R4an[7[U5US9eS nAf[aFnS [U5;aUR9[U5US9eUR%[U5US9eS nAff=f)!z5Verifies the signature and data for the provided JWT.rz:Illegal {0} provided: {1}. {0} must be a non-empty string.aFailed to ascertain project ID from the credential or the environment. Project ID is required to call {0}. Initialize the app with a credentials.Certificate or set your Firebase project ID as an app option. Alternatively set the GOOGLE_CLOUD_PROJECT environment variable.r<zKIllegal clock_skew_seconds value: {0}. Must be between 0 and 60, inclusive.rrrzlMake sure the {0} comes from the same Firebase project as the service account used to authenticate this SDK.z+See {0} for details on how to retrieve {1}.Nz.{0} expects {1}, but was given a custom token.kidrBHS256vrdz5{0} expects {1}, but was given a legacy custom token.z Firebase {0} has no "kid" claim.r zIFirebase {0} has incorrect algorithm. Expected "RS256" but got "{1}". {2}zXFirebase {0} has incorrect "aud" (audience) claim. Expected "{1}" but got "{2}". {3} {4}zVFirebase {0} has incorrect "iss" (issuer) claim. Expected "{1}" but got "{2}". {3} {4}z.Firebase {0} has no "sub" (subject) claim. {1}z;Firebase {0} has an empty string "sub" (subject) claim. {1}rzHFirebase {0} has a "sub" (subject) claim longer than 128 characters. {1})rQaudience certs_urlclock_skew_in_secondscausez Token expired)rwrrrrrgrrhr_decode_unverifiedr|rrqrrtrrrrrxryr verify_tokenrrrrCertificateFetchErrorr)r)tokenrQrrrrr subjectexpected_issuerproject_id_match_msgverify_id_token_msgemulatedrverified_claimsrs r*r_JWTVerifier.verify<s)3E3)?)? W%U%''u &%8: :=>DVDNN=S U U  !%7"%<]*+- -11%8U#;;u%++e$++7 ((.t(?  : @ @4?? [ **, ( (0H0HI &**U"3"3zz% G+ 11"'7;;sB+?"?#VDNND4L4LM!C I I$// Z fjj/7:#VDOOVZZ5FH[\  (%%+VDOOT__h,@&W  &%%+VDOO_,@&W _Jw$<$<fT__.AB fT__.AB \C fT__.AB  ++M: : E")"(--"8"8"E"E#!__"mm*< #F#> &5U%;OE "" "{{%%44 A'E %@ @ E#e*,//E %/HH++CJe+D D Es&AO$$(Q2 P Q2,AQ--Q2c[R"U5n[R"USS9nX#4$![anUR [ U5US9eSnAff=f)NF)rr )r decode_headerrrrr)r)rrrrs r*r_JWTVerifier._decode_unverifieds\ E&&u-Fjju5G? " E++CJe+D D Es-0 AAA) rrrrrrrhrrqNr) r3r4r5r6rZr+rrr8r'r-r*rr+s@ F^E@Er-rc\rSrSrSrSrSrg)riz7Unexpected error while signing a Firebase custom token.cD[RRXU5 gr&r UnknownErrorr+r)r0rs r*r+TokenSignError.__init__((>r-r'Nr3r4r5r6rZr+r8r'r-r*rrs A?r-rc\rSrSrSrSrSrg)rizHFailed to fetch some public key certificates required to verify a token.cD[RRXU5 gr&rr!s r*r+CertificateFetchError.__init__r#r-r'Nr$r'r-r*rrs R?r-rc\rSrSrSrSrSrg)riz!The provided ID token is expired.cD[RRXU5 gr&rrr+r!s r*r+ExpiredIdTokenError.__init__s''00Fr-r'Nr$r'r-r*rrs +Gr-rc\rSrSrSrSrSrg)RevokedIdTokenErroriz'The provided ID token has been revoked.cB[RRX5 gr&r*r/s r*r+RevokedIdTokenError.__init__s''00?r-r'Nr$r'r-r*r-r-s 1@r-r-c"\rSrSrSrSSjrSrg)riz;The provided string is not a valid Firebase session cookie.NcD[RRXU5 gr&)rInvalidArgumentErrorr+r!s r*r+"InvalidSessionCookieError.__init__s''00Fr-r'r&r$r'r-r*rrs EGr-rc\rSrSrSrSrSrg)riz'The provided session cookie is expired.c0[RXU5 gr&rr+r!s r*r+"ExpiredSessionCookieError.__init__s!**4%@r-r'Nr$r'r-r*rrs 1Ar-rc\rSrSrSrSrSrg)RevokedSessionCookieErroriz-The provided session cookie has been revoked.c.[RX5 gr&r6r/s r*r+"RevokedSessionCookieError.__init__s!**49r-r'Nr$r'r-r*r9r9s 7:r-r9)7rZrrrrd google.authrrrrgoogle.auth.exceptionsrxgoogle.oauth2.id_tokengoogle.oauth2.service_accountfirebase_adminrrr rrrrrrrrrrrrrr~r[rWrVrcryptrPr#r:r_rerrrr rrrrr-r2rrr9r'r-r*rBs8 #!$%&';>>Y&)(*<*