(phCSrSSKrSSKJr SSKrSSKrSSKJr SSKJ r SSKJ r SSKJ r SSKJ r SSKJ r SS KJr S rS rS rS rSrSrSrSSjrSSjrSSjr\ R24SjrSSjrSrSSjrg)aOAuth 2.0 client. This is a client for interacting with an OAuth 2.0 authorization server's token endpoint. For more information about the token endpoint, see `Section 3.1 of rfc6749`_ .. _Section 3.1 of rfc6749: https://tools.ietf.org/html/rfc6749#section-3.2 N)_exponential_backoff)_helpers) credentials) exceptions)jwt)metrics) transportz!application/x-www-form-urlencodedzapplication/jsonz+urn:ietf:params:oauth:grant-type:jwt-bearer refresh_tokenc6U(aUOSn[U[5(a[R"XS9eSR USUR S55n[R"X US9e![ [4a [R"U5nN=f=f)a<Translates an error response into an exception. Args: response_data (Mapping | str): The decoded response data. retryable_error Optional[bool]: A boolean indicating if an error is retryable. Defaults to False. Raises: google.auth.exceptions.RefreshError: The errors contained in response_data. F retryablez{}: {}errorerror_description) isinstancestrr RefreshErrorformatgetKeyError ValueErrorjsondumps) response_dataretryable_error error_detailss H/var/www/html/venv/lib/python3.13/site-packages/google/oauth2/_client.py_handle_error_responser-s*9oeO-%%%%mOO2  ' "M$5$56I$J   ! !  j !2 =1 2s$A//&BBcR^U[R;agURS5=(d SnURS5=(d Sn[U[5(a[U[5(dg1Skm[ U4SjX2455(agg![ a gf=f)aChecks if a request can be retried by inspecting the status code and response body of the request. Args: status_code (int): The response status code. response_data (Mapping | str): The decoded response data. Returns: bool: True if the response is retryable. False otherwise. TrrF> server_errorinternal_failuretemporarily_unavailablec3,># UH oT;v M g7f)N).0eretryable_error_descriptionss r _can_retry..hsS:RQ00:Rs)r DEFAULT_RETRYABLE_STATUS_CODESrrranyAttributeError) status_coder error_desc error_coder's @r _can_retryr0Jsi>>> "&&':;Ar "&&w/52 *c***Z2M2M( $ S::RS S S T     sAB7B B&%B&cURSS5nUbJ[U[5(a [U5n[R "5[ R"US9-$g)zParses the expiry field from a response into a datetime. Args: response_data (Mapping): The JSON-parsed response data. Returns: Optional[datetime]: The expiration or ``None`` if no expiration was specified. expires_inN)seconds)rrrintrutcnowdatetime timedelta)rr2s r _parse_expiryr8qsT""<6J j# & &ZJ 8#5#5j#IIIc U(a.S[0n[R"U5RS5nO6S[0n[ R RU5RS5nU(aSRU5US'U(aURU5 0n Sn [R"5n U Hn U"S SXUS.UD6n [U RS5(aU RRS5O U Rn[R"U5n U R"[$R&:XaS U S 4s $[)U R"U S 9n U(a U (aMSX4s $ SX4$![ a Un Ncf=f) aMakes a request to the OAuth 2.0 authorization server's token endpoint. This function doesn't throw on response errors. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. access_token (Optional(str)): The access token needed to make the request. use_json (Optional(bool)): Use urlencoded format or json format for the content type. The default value is False. can_retry (bool): Enable or disable request retry behavior. headers (Optional[Mapping[str, str]]): The headers for the request. kwargs: Additional arguments passed on to the request method. The kwargs will be passed to `requests.request` method, see: https://docs.python-requests.org/en/latest/api/#requests.request. For example, you can use `cert=("cert_pem_path", "key_pem_path")` to set up client side SSL certificate, and use `verify="ca_bundle_path"` to set up the CA certificates for sever side SSL certificate verification. Returns: Tuple(bool, Mapping[str, str], Optional[bool]): A boolean indicating if the request is successful, a mapping for the JSON-decoded response data and in the case of an error a boolean indicating if the error is retryable. z Content-Typezutf-8z Bearer {} AuthorizationFPOST)methodurlheadersbodydecodeTN)r-rr$)_JSON_CONTENT_TYPErrencode_URLENCODED_CONTENT_TYPEurllibparse urlencoderupdaterExponentialBackoffhasattrdatarAloadsrstatus http_clientOKr0)request token_urir@ access_tokenuse_json can_retryr?kwargsheaders_to_userrretries_response response_bodys r _token_endpoint_request_no_throwr[snL(*<=zz$&&w/(*BC||%%d+227;*5*<*<\*J'g&MO"557G  yt OU  x}}h// MM  )   * JJ}5M ??knn ,, ,$ } -8 814 - 00 *)M *s E77 FFc V[UUU4UUUUS.UD6upn U(d [X5 U $)a Makes a request to the OAuth 2.0 authorization server's token endpoint. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. access_token (Optional(str)): The access token needed to make the request. use_json (Optional(bool)): Use urlencoded format or json format for the content type. The default value is False. can_retry (bool): Enable or disable request retry behavior. headers (Optional[Mapping[str, str]]): The headers for the request. kwargs: Additional arguments passed on to the request method. The kwargs will be passed to `requests.request` method, see: https://docs.python-requests.org/en/latest/api/#requests.request. For example, you can use `cert=("cert_pem_path", "key_pem_path")` to set up client side SSL certificate, and use `verify="ca_bundle_path"` to set up the CA certificates for sever side SSL certificate verification. Returns: Mapping[str, str]: The JSON-decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. )rRrSrTr?)r[r) rPrQr@rRrSrTr?rUresponse_status_okrrs r_token_endpoint_requestr^sON:Z  :" :  :6 }> r9c U[S.n[UUUU[R[R"50S9nUSn[U5n XiU4$![ an[ R"SUSS9nXeSnAff=f)aImplements the JWT Profile for OAuth 2.0 Authorization Grants. For more details, see `rfc7523 section 4`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. assertion (str): The OAuth 2.0 assertion. can_retry (bool): Enable or disable request retry behavior. Returns: Tuple[str, Optional[datetime], Mapping[str, str]]: The access token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc7523 section 4: https://tools.ietf.org/html/rfc7523#section-4  assertion grant_typerTr?rRNo access token in response.Fr N) _JWT_GRANT_TYPEr^rAPI_CLIENT_HEADER'token_request_access_token_sa_assertionrrrr8) rPrQrarTr@rrR caught_excnew_excexpirys r jwt_grantrks.#/ BD+   % %w'V'V'X M&$^4 = )F  .. &)) *MU % &sA A6A11A6cVUSSS.n[UUR[RU5R U5UUSS9nUSn[R"USS 9n [RRU S 5n X4$![ an [ R"SUSS9n XeS n A ff=f) aCall iam.generateIdToken endpoint to get ID token. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. iam_id_token_endpoint (str): The IAM ID token endpoint to use. signer_email (str): The signer email used to form the IAM generateIdToken endpoint. audience (str): The audience for the ID token. access_token (str): The access token used to call the IAM endpoint. Returns: Tuple[str, datetime]: The ID token and expiration. true)audience includeEmail useEmailAzpT)rRrStokenNo ID token in response.Fr Nverifyexp) r^replacerDEFAULT_UNIVERSE_DOMAINrrrrrrAr6utcfromtimestamp) rPiam_id_token_endpoint signer_emailrnrRuniverse_domainr@rid_tokenrhripayloadrjs r#call_iam_generate_id_token_endpointr~Bs,!& PD+%%  / / &  !M& )jj%0G    / / ?F   &)) &  % &sB B( B##B(c JU[S.n[UUUU[R[R"50S9nUSn[R"USS9n [RRU S 5n XjU4$![ an[ R"SUSS9nXeSnAff=f) aImplements the JWT Profile for OAuth 2.0 Authorization Grants, but requests an OpenID Connect ID Token instead of an access token. This is a variant on the standard JWT Profile that is currently unique to Google. This was added for the benefit of authenticating to services that require ID Tokens instead of access tokens or JWT bearer tokens. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorization server's token endpoint URI. assertion (str): JWT token signed by a service account. The token's payload must include a ``target_audience`` claim. can_retry (bool): Enable or disable request retry behavior. Returns: Tuple[str, Optional[datetime], Mapping[str, str]]: The (encoded) Open ID Connect ID Token, expiration, and additional data returned by the endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. r`rcr|rrFr Nrsru) rer^rrf#token_request_id_token_sa_assertionrrrrrAr6rx) rPrQrarTr@rr|rhrir}rjs rid_token_jwt_grantrrs4#/ BD+   % %w'R'R'T M& ,jj%0G    / / ?F ] ** &)) &  % &sA;; B"BB"cUSnURSU5n[ U5nX!XP4$![an[R"SUSS9nXCeSnAff=f)a'Extract tokens from refresh grant response. Args: response_data (Mapping[str, str]): Refresh grant response data. refresh_token (str): Current refresh token. Returns: Tuple[str, str, Optional[datetime], Mapping[str, str]]: The access token, refresh token, expiration, and additional data returned by the token endpoint. If response_data doesn't have refresh token, then the current refresh token will be returned. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. rRrdFr Nr )rrrrr8)rr rRrhrirjs r_handle_refresh_grant_responsersk"&$^4 "%%o}EM = )F  == &)) *MU % &s( AA  Ac[UUUS.nU(aSRU5US'U(aXhS'[XXS9n [X5$)aImplements the OAuth 2.0 refresh token grant. For more details, see `rfc678 section 6`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. refresh_token (str): The refresh token to use to get a new access token. client_id (str): The OAuth 2.0 application's client ID. client_secret (str): The Oauth 2.0 appliaction's client secret. scopes (Optional(Sequence[str])): Scopes to request. If present, all scopes must be authorized for the refresh token. Useful if refresh token has a wild card scope (e.g. 'https://www.googleapis.com/auth/any-api'). rapt_token (Optional(str)): The reauth Proof Token. can_retry (bool): Enable or disable request retry behavior. Returns: Tuple[str, str, Optional[datetime], Mapping[str, str]]: The access token, new or current refresh token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc6748 section 6: https://tools.ietf.org/html/rfc6749#section-6 )rb client_id client_secretr  scoperapt)rT)_REFRESH_GRANT_TYPEjoinr^r) rPrQr rrscopes rapt_tokenrTr@rs r refresh_grantrsUT*&&  D (W !V +DM *- GGr9)NFTN)T)NNT)__doc__r6 http.clientclientrNrrE google.authrrrrrrr rDrBrerrr0r8r[r^rkrwr~rrrr$r9rrs ! , #"!>'?%:$N6  Q1p  3l-/l 77 -`1+h>J 7Hr9