9i,RddlZddlZddlZddlZddlZddlmZddlmZm Z ddl m Z eje ZdZdZdZGd d eZGd d eZy) N) canonicalize) decode_partdecode_id_token)Clientbrokerc t|fi||k(SN)dict)smallbigs C/var/www/html/venv/lib/python3.12/site-packages/msal/token_cache.py is_subdict_ofrs  u  $$cD|jd|jdS)Npreferred_usernameupn)get)id_token_claimss r _get_usernamers&   E" $$rc eZdZdZGddZGddZdZ ddZdd Zdd Z e dd e d e d e de fdZddddZddddZddZdZddZddZdZdZdZdZdZy) TokenCacheaThis is considered as a base class containing minimal cache behavior. Although it maintains tokens using unified schema across all MSAL libraries, this class does not serialize/persist them. See subclass :class:`SerializableTokenCache` for details on serialization. c eZdZdZdZdZdZdZy)TokenCache.CredentialType AccessToken RefreshTokenAccountIdToken AppMetadataN)__name__ __module__ __qualname__ ACCESS_TOKEN REFRESH_TOKENACCOUNTID_TOKEN APP_METADATArrCredentialTypers$ & $ rr)ceZdZdZdZy)TokenCache.AuthorityTypeADFSMSSTSN)r r!r"r,r-r(rr AuthorityTyper+&s rr.c \tj_i_jj dfd jj dfd jj dfd jjddjjd di_ y) Nc dj|xsd|xsdjj|xsdd|xsdgjSN-)joinr)r$lower)home_account_id environment client_idtarget!ignored_payload_from_a_real_tokenselfs rz%TokenCache.__init__..1sRHH'-2#)r++99!R " !57rc dj|xsd|xsdjj|xsd|xsd|xsdgjSr1)r4r)r#r5)r6r7r8realmr9r:r;s rr<z%TokenCache.__init__..<sX HH'-2#)r++88!R  " !57rcdj|xsd|xsdjj|xsd|xsddgjSr1)r4r)r&r5)r6r7r8r>r:r;s rr<z%TokenCache.__init__..KsRHH'-2#)r++44!R  !57rc^dj|xsd|xsd|xsdgjSr1)r4r5)r6r7r>!ignored_payload_from_a_real_entrys rr<z%TokenCache.__init__..Vs8HH'-2#)r !57 rc6dj|xsd|xsdS)Nzappmetadata-{}-{}r3)format)r7r8kwargss rr<z%TokenCache.__init__..^s '..{/@b)/rRr)NNNN)NNNNN)NNNNN) threadingRLock_lock_cacher)r$r#r&r%r' key_makersr;s`r__init__zTokenCache.__init__*s__&      - -IM# #    , ,IM+/ #    ( (IM" #    ' '#    , ,Sc3rNc |j|jj|jtjj||||dj ||S)N )r6r7r8r>r9default)_getr)r#rJrr4)r;r6r7r8r>r9rPs r_get_access_tokenzTokenCache._get_access_tokenbse yy    , , CDOOJ55BB C /'#xx'    rc|j|jj|jtjj|||S)N)r7r8rO)rQr)r'rJr)r;r7r8rPs r_get_app_metadatazTokenCache._get_app_metadatarsQyy    , , CDOOJ55BB C'#   rc|j5|jj|ij||cdddS#1swYyxYwr )rHrIr)r;credential_typekeyrPs rrQzTokenCache._get{sA ZZ J;;???B7;;CI J J Js ,AA entryquery target_setreturnc $|rI|jDcic]-\}}||dk(r t|tr|jn|/c}}ni}t ||xr0|r,|t |j ddjkSdScc}}w)Nr7r9r3T)items isinstancestrr5rsetrsplit)rXrYrZkv query_with_lowercase_environments r _is_matchingzTokenCache._is_matchings , 1 A.:a3Eqwwy1 L,  ) =uE% #eii"5;;=> > %# % , s2B nowc#(Kt|xsg}t|tsJdd}||jjk(r[t|t rKd|vrGd|vrCd|vr?d|vr;|r9|j |d|d|d|d|}|r|j||r|t|}|j5t|tjn|}g}|jj|ijD]]}||jjk(r#t|d|kr|j|?||k7sE|j|||sZ|_|D]} |j!|  dddy#1swYyxYww) zReturns a generator of matching entries. It is O(1) for AT hits, and O(n) for other types. Note that it holds a lock during the entire search. zInvalid parameter typeNr6r7r8r> expires_on)rZ)sortedr^listr)r#r rRrer`rHinttimerIrvaluesappend remove_at) r;rVr9rYrgpreferred_resultrZexpired_access_tokensrXats rsearchzTokenCache.searchs  "%&$'A)AA' t22?? ?5$'!U*}/Eu$E)9f#55'(% *>k"E'NF <  D$5$5 %%'&[ ZZ #S[diikc:C% ! "=DDF #t':':'G'GGE,/036)007--))%:)NK , #r" #' # # #s+B4F6BF FF= FF Fcrtjdtt|j ||||S)z Equivalent to list(search(...)).z7Use list(search(...)) instead to explicitly get a list.)r9rYrg)warningswarnDeprecationWarningrkrt)r;rVr9rYrgs rfindzTokenCache.finds3 E  DKKeQTKUVVrc d}t|||jdid||jdid}tjdt j |dd t |j|| S) z:Handle a token obtaining event, and add tokens into cache.cb|jDcic]\}}|||vrdn|c}}Scc}}w)Nz********)r]) dictionarysensitive_fieldsrbrcs rmake_clean_copyz'TokenCache.add..make_clean_copys@',,.Aq&6!6:A= s+data)password client_secret refresh_token assertionresponse)r access_tokenrid_tokenusername)rrzevent=%sT)indent sort_keysrPrf)r rloggerdebugjsondumpsr__TokenCache__add)r;eventrgr~ clean_events raddzTokenCache.adds    62!69%UYYz2%>A    Z  "  zz%Sz))rcd|vr=tjt|d}d|vrd|vr|djdi|fS|r |d}d|i|fSidfS)z&Return client_info and home_account_id client_infouidutidz {uid}.{utid}subNr()rloadsrrC)r;rrrrs r__parse_accountzTokenCache.__parse_accountsr H $**[-1H%IJK #+(="$9N$9$9$HK$HHH !%(C3<$ $4xrc dx}}d|vrt|d\}}}d|vr|d}|jdi}|jdi}|jd}|jd} |jd} |jdxs| rt| |d  ni} |j|| \} } d j t |jd xsg}|j 5t|tjn|}|r1|jd rt|jd |z nd}t|jd|}t|jd|}|jj|| ||jd |||jddt|t||zt||zd }|j|Dcic] }|dvs|||c}d|vr|d}t||z|d<|j|jj||| r|jds| |||jd| jd| jdt| xs(|jdxs|jdxsd|jd|dk(r|jj n|jj"d}t$d d!t&j(d"f}|jd#|vr|d#|d$<|j|jj*||| rS|jj,| | |||jd d%}|j|jj,||| ri|jj.| | ||jd |t|d&}d'|vr|d'|d(<|j|jj.|||jd |d)}d'|vr|jd'|d(<|j|jj0||dddycc}w#1swYyxYw)*Ntoken_endpointr7rrrrrrr8)r8rNscoperiiX expires_inext_expires_in token_typeBearer) rVsecretr6r7r8r9r>r cached_atriextended_expires_on>key_id refresh_in refresh_onskip_account_creation _account_idoidrrr3authority_typeadfs)r6r7r>local_account_idrrauthorization_coder GRANT_TYPE grant_typeaccount_source)rVrr6r7r>r8)rVrr6r7r8r9last_modification_timefoci family_id)r8r7)rrr_TokenCache__parse_accountr4rjrHrlrmr)r#r_updatemodifyrr.r,r-_GRANT_TYPE_BROKERr DEVICE_FLOWr%r&r$r')r;rrgr7r>_rrrrrrrr6r9default_expires_inrrrsrbraccount%grant_types_that_establish_an_accountidtrt app_metadatas r__addzTokenCache.__adds#" e u $$07G1H$I !A{E E ! .K99Z,yy$||N3  _5 << +",,'89YGOOHk0B CUW (,';';Ho'V$ _&7!3!9r:; ZZ\ VS[diikc:C"l3 \23c99<#!LL/ABD !$ << *-"/(,':':'G'G*'6#.!&;!7$""*,,|X"F!$S"%cJ&6"7+.s^/C+D  t!q=81d1g:  8+!),!7J'*3+;'!88J/! 99Z0!&+ii(38F?**//!%!3!3!9!9';&'( 6Q> >I7R>RR c$|j|di|}|j5|r,|jj|i}t |fi|||<n,|jj|ij |ddddy#1swYyxYw)Nr()rJrHrI setdefaultr pop)r;rV old_entrynew_key_value_pairsrWentriess rrzTokenCache.modifyZs/dooo.;; ZZ K"++00"E# +) +  &&;??TJ K K Ks ABBc|jd|jjk(sJ|j|jj|SNrV)rr)r$r)r;rt_items r remove_rtzTokenCache.remove_rtlsC{{,-1D1D1R1RRRR{{4..<eZdZdZdZfdZdfd ZdZdZxZ S)SerializableTokenCacheaThis serialization can be a starting point to implement your own persistence. This class does NOT actually persist the cache on disk/db/etc.. Depending on your need, the following simple recipe for file-based, unencrypted persistence may be sufficient:: import os, atexit, msal cache_filename = os.path.join( # Persist cache into this file os.getenv( # Automatically wipe out the cache from Linux when user's ssh session ends. # See also https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/690 "XDG_RUNTIME_DIR", ""), "my_cache.bin") cache = msal.SerializableTokenCache() if os.path.exists(cache_filename): cache.deserialize(open(cache_filename, "r").read()) atexit.register(lambda: open(cache_filename, "w").write(cache.serialize()) # Hint: The following optional line persists only when state changed if cache.has_state_changed else None ) app = msal.ClientApplication(..., token_cache=cache) ... Alternatively, you may use a more sophisticated cache persistence library, `MSAL Extensions `_, which provides token cache persistence with encryption, and more. :var bool has_state_changed: Indicates whether the cache state in the memory has changed since last :func:`~serialize` or :func:`~deserialize` call. Fc <tt| |fi|d|_yNT)superrrhas_state_changed)r;rrD __class__s rrzSerializableTokenCache.adds  $d/@@!%rc>tt| |||d|_yr)rrrr)r;rVrrrs rrzSerializableTokenCache.modifys# $d2 Y(; =!%rc|j5|rtj|ni|_d|_dddy#1swYyxYw)zEDeserialize the cache from a state previously obtained by serialize()FN)rHrrrIr)r;states r deserializez"SerializableTokenCache.deserializes<ZZ +/4$**U+"DK%*D " + + +s &<Ac|j5d|_tj|jdcdddS#1swYyxYw)z0Serialize the current cache state into a string.Fr)rN)rHrrrrIrKs r serializez SerializableTokenCache.serializes:ZZ 5%*D "::dkk!4 5 5 5s (?Ar ) r r!r"rrrrrr __classcell__)rs@rrrs%@&& +5rr)rrFrmloggingrv authorityroauth2cli.oidcrroauth2cli.oauth2r getLoggerr rrrrobjectrrr(rrrs^  #8$   8 $%$ jFjFZ 85Z85r