9i2,ddlZ ddlmZddlZej eZdZdZ dZ dZ e e e degZ gdZdZGd d eZGd d eZd ZdZdZy#e$r ddlmZY]wxYw)N)urlparsezlogin.microsoftonline.uszlogin.chinacloudapi.cnzlogin.microsoftonline.comzlogin-us.microsoftonline.com)z b2clogin.comz b2clogin.cnz b2clogin.usz b2clogin.dez ciamlogin.comz.ciamlogin.comceZdZdZdZy)AuthorityBuilderc\|jd|_|jd|_y)zA helper to save caller from doing string concatenation. Usage is documented in :func:`application.ClientApplication.__init__`. /N)rstrip _instancestrip_tenant)selfinstancetenants A/var/www/html/venv/lib/python3.12/site-packages/msal/authority.py__init__zAuthorityBuilder.__init__#s$ "-||C( cNdj|j|jS)Nz https://{}/{})formatr r )r s r__str__zAuthorityBuilder.__str__+s%%dnndllCCrN)__name__ __module__ __qualname__rrrrrr"s )DrrcBeZdZdZegZ ddZdZdZddZ y) AuthorityzThis class represents an (already-validated) authority. Once constructed, it contains members named "*_endpoint" for this instance. TODO: It will also cache the previously-validated authority instances. Nc$||_|r(tjd||j|}n)tjd||j |||} t ||j}tjd|||d|_|d |_ |jd |_ t|j\} } |_ y #t $r4|rdj|ndj|dz}t |wxYw) a`Creates an authority instance, and also validates it. :param validate_authority: The Authority validation process actually checks two parts: instance (a.k.a. host) and tenant. We always do a tenant discovery. This parameter only controls whether an instance discovery will be performed. z$Initializing with OIDC authority: %sz%Initializing with Entra authority: %szUnable to get OIDC authority configuration for {url} because its OIDC Discovery endpoint is unavailable at {url}/.well-known/openid-configuration )urlzUnable to get authority configuration for {}. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant or https://tenant_name.ciamlogin.com or https://tenant_name.b2clogin.com/tenant.onmicrosoft.com/policy. z> Also please double check your tenant name or GUID is correct.zopenid_config("%s") = %sauthorization_endpointtoken_endpointdevice_authorization_endpointN) _http_clientloggerdebug_initialize_oidc_authority_initialize_entra_authoritytenant_discovery ValueErrorrrrgetr canonicalizer) r authority_url http_clientvalidate_authorityinstance_discoveryoidc_authority_urltenant_discovery_endpoint openid_config error_message_s rrzAuthority.__init__7s,(  LL?AS T(,(G(G")$ % LL@- P(,(H(H13E)G % ,,)!!#M"  &(A= R&34L&M#+,<=-:->->?^-_*()<)<=1dk' , &::@&EW&:XV  &T UM]+ + ,s C=Dct|\}|_}|jdk(|_d|_d|_|dzS)NadfsTz!/.well-known/openid-configuration)r(r loweris_adfs_is_b2c_is_known_to_developer)r r- authorityrs rr#z$Authority._initialize_oidc_authoritygsE+78J+K( 4=&||~/  '+#!$GGGrc t|tr t|}t|\}_}jj t }|jdk(xr| _|jjd}tfdtDxs2t|dk(xr"|djjd_jxsjxs| _jt"v}|dvrdj%t&n|} | rr|spj sdt)d j%j|jj*| } | j-d d k(rt/d |z| d } | S|j1dj%|rt|jdkr|n |jjrdndj3} | S)Nr3rc3ZK|]"}jjd|z$yw).N)r endswith).0dr s r z8Authority._initialize_entra_authority..}s)01DMM " "37 +s(+b2c_)NTz$https://{}/common/discovery/instancez"https://{}{}/oauth2/v2.0/authorizeerrorinvalid_instancezinvalid_instance: The authority you provided, %s, is not whitelisted. If it is indeed your legit customized domain name, you can turn off this check by passing in instance_discovery=Falser.z2{prefix}{version}/.well-known/openid-configurationz/v2.0)prefixversion)path) isinstancerstrr(r r<_CIAM_DOMAIN_SUFFIXr4r5rIsplitanyWELL_KNOWN_B2C_HOSTSlen startswithr6r7WELL_KNOWN_AUTHORITY_HOSTSr WORLD_WIDE_instance_discoveryr r'r&_replacegeturl) r r)r+r,r8ris_ciampartsis_known_to_microsoftinstance_discovery_endpointpayloadr.s ` rr$z%Authority._initialize_entra_authorityps m%5 6 .M+7 +F( 4=&--(()<=||~/?K $$S)5IKe*/IeAhnn&6&A&A&&I '+ll&\dll&\J\F\# $ 1K K $|3 'M&S&S ':L $ '%)D)D)4;;MM9>>3!!+ -G {{7#'99 / $ $%%)00K(L %)()2(:(:IPP%,Y^^1D1I6&^^"&,,BGQ);) &( &)(rc|j|jjvr|xs;|jj dj |j|d|d}|j dk7r/|jtj|jS|jjj|jiS)Nz 5 @D 3&%%'zz$)),, NN @ @ D DT]] S r)TNN)NN) rrr__doc__setrbrr#r$rlrrrrr/s5 -0G) $## .>`H/)brrct|}|jdk(r|jjd}t |dk\r |dr|dnd}|j j trE|r|n1dj|j jtdd}||j |fSt |dk\r|dr||j |dfStd|z)NhttpsrrArEz{}.onmicrosoft.comra Your given address (%s) should consist of an https url with a minimum of one segment in a path: e.g. https://login.microsoftonline.com/{tenant} or https://{tenant_name}.ciamlogin.com/{tenant} or https://{tenant_name}.b2clogin.com/{tenant_name}.onmicrosoft.com/policy) rschemerIrMrPhostnamer<rLrrsplitr&)authority_or_auth_endpointr8rX first_partrs rr(r(s34I7"$$S)!$UqU1XU1X4    & &': ;#-Z3G3N3N""))*=qA!D4FFi00&8 8 u:?uQxi00%(: :  U %  % &&rc p|j|fd|ddi|}tj|jS)Nparamsz1.0)rz api-version)r'rerfrg)rr*rZkwargsrks rrTrTsA ;??# *-eD   D ::dii  rc ||j|fi|}|jdk(rtj|jSd|jcxkrdkr3nn0t dj ||j|j|jtd|j|jfz)Niiz7OIDC Discovery failed on {}. HTTP status: {}, Error: {}z)Unable to complete OIDC Discovery: %d, %s) r'rcrerfrgr&rrd RuntimeError)r.r*rxrks rr%r%s ;??4 ? ?D 3zz$))$$ d$$RYY %    II    3t7G7G6SS UUr)re urllib.parser ImportErrorlogging getLoggerrr!AZURE_US_GOVERNMENT AZURE_CHINA AZURE_PUBLICrSrnrRrOrLobjectrrr(rTr%rrrrs "%   8 $1& * (  " " ' Dv D@@F&.!UY"!"sA A*)A*