o i,R@sddlZddlZddlZddlZddlZddlmZddlmZm Z ddl m Z e e ZdZddZd d ZGd d d eZGd ddeZdS)N) canonicalize) decode_partdecode_id_token)ClientZbrokercCst|fi||kSN)dict)Zsmallbigr G/home/app/Keep/.python/lib/python3.10/site-packages/msal/token_cache.py is_subdict_ofr cCs|d|dS)NZpreferred_usernameZupn)get)id_token_claimsr r r _get_usernamesrc @seZdZdZGdddZGdddZddZ d,d d Zd,d d Zd,d dZ e d,de de de de fddZd-ddddZd-ddddZd,ddZddZd,ddZd,d d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+ZdS). TokenCacheaThis is considered as a base class containing minimal cache behavior. Although it maintains tokens using unified schema across all MSAL libraries, this class does not serialize/persist them. See subclass :class:`SerializableTokenCache` for details on serialization. c@s eZdZdZdZdZdZdZdS)zTokenCache.CredentialTypeZ AccessTokenZ RefreshTokenZAccountZIdTokenZ AppMetadataN)__name__ __module__ __qualname__ ACCESS_TOKEN REFRESH_TOKENACCOUNTID_TOKEN APP_METADATAr r r r CredentialTypes rc@seZdZdZdZdS)zTokenCache.AuthorityTypeADFSMSSTSN)rrrrrr r r r AuthorityType&src sxt_i_jj dfdd jj dfdd jj dfdd jjd ddjj d ddi_ dS) Ncs.d|pd|pdjj|pdd|pdgSN-)joinrrlower)home_account_id environment client_idtarget!ignored_payload_from_a_real_tokenselfr r 1sz%TokenCache.__init__..cs2d|pd|pdjj|pd|pd|pdgSr)r!rrr")r#r$r%realmr&r'r(r r r*<scs.d|pd|pdjj|pd|pddgSr)r!rrr")r#r$r%r+r'r(r r r*Ksc[s d|pd|pd|p dgSr)r!r")r#r$r+Z!ignored_payload_from_a_real_entryr r r r*Vs c[sd|pd|pdS)Nzappmetadata-{}-{}r )format)r$r%kwargsr r r r*^r )NNNN)NNNNN)NNNNN) threadingRLock_lock_cacherrrrrr key_makersr(r r(r __init__*s&       zTokenCache.__init__Nc Cs2|j|jj|jtjj||||d|d|dS)N )r#r$r%r+r&default)_getrrr3rr!)r)r#r$r%r+r&r7r r r _get_access_tokenbs zTokenCache._get_access_tokencCs&|j|jj|jtjj||d|dS)N)r$r%r6)r8rrr3r)r)r$r%r7r r r _get_app_metadatars zTokenCache._get_app_metadatacCs@|j|j|i||WdS1swYdSr)r1r2r)r)credential_typekeyr7r r r r8{s$zTokenCache._getentryquery target_setreturncCsD|r dd|Dni}t||o!|r |t|ddkSdS)NcSs0i|]\}}||dkrt|tr|n|qS)r$) isinstancestrr".0kvr r r sz+TokenCache._is_matching..r&r T)itemsr setrsplit)r=r>r?Z query_with_lowercase_environmentr r r _is_matchings zTokenCache._is_matchingnowc csXt|pg}t|tsJdd}||jjkrKt|trKd|vrKd|vrKd|vrKd|vrK|rK||d|d|d|d|}|rK|||rK|Vt|}|j Pt |dur\t n|}g}|j |iD]%}||jjkrt |d|kr||qj||kr|j|||dr|Vqj|D]} || qWddS1swYdS) zReturns a generator of matching entries. It is O(1) for AT hits, and O(n) for other types. Note that it holds a lock during the entire search. zInvalid parameter typeNr#r$r%r+ expires_on)r?)sortedrAlistrrrr9rKrIr1inttimer2rvaluesappend remove_at) r)r;r&r>rMZpreferred_resultr?Zexpired_access_tokensr=atr r r searchsF      "zTokenCache.searchcCs"tdtt|j||||dS)z Equivalent to list(search(...)).z7Use list(search(...)) instead to explicitly get a list.)r&r>rM)warningswarnDeprecationWarningrPrW)r)r;r&r>rMr r r finds zTokenCache.findc CsZdd}t|||did||didd}tdtj|d d td |j||d S) z:Handle a token obtaining event, and add tokens into cache.csfdd|DS)Ncs"i|] \}}||vr dn|qS)z********r rCsensitive_fieldsr r rGsz;TokenCache.add..make_clean_copy..)rH) dictionaryr]r r\r make_clean_copys z'TokenCache.add..make_clean_copydata)passwordZ client_secret refresh_tokenZ assertionresponse)r access_tokenrbid_tokenusername)r`rczevent=%sT)indent sort_keysr7rL)rrloggerdebugjsondumpsrB_TokenCache__add)r)eventrMr_Z clean_eventr r r adds zTokenCache.addcCs^d|vrtt|d}d|vrd|vr|djdi|fS|r+|d}d|i|fSidfS)z&Return client_info and home_account_id client_infouidZutidz {uid}.{utid}subNr )rlloadsrr,)r)rcrrqrsr r r Z__parse_accounts zTokenCache.__parse_accountcs<d}}d|vrt|d\}}}d|vr|d}|di}|di|d}|d}|d} |dpD| rCt| |d d ni} ||| \} } d t|d pVg} |j6t|durgtn|}|r|d rzt|d |nd}t|d|}t|d|}|j j || ||d | ||ddt |t ||t ||d }| fddDd|vr|d}t |||d<| |j j ||| r,|ds,| |||d| d| dt| pdp|dpd|d|dkr|jjn|jjd }td!d"tjd#f}|d$|vr#|d$|d%<| |j j||| rF|j j| | |||d d&}| |j j|||rn|j j|| ||d | t |d'}d(|vre|d(|d)<| |j j|||d |d*}d(|vr|d(|d)<| |j j||WddS1swYdS)+NZtoken_endpointr$rcr`rdrbrerr%)r%r5scoperNiX expires_inext_expires_in token_typeZBearer) r;secretr#r$r%r&r+rxZ cached_atrNZextended_expires_oncsi|] }|dvr||qS)>Zkey_idr )rDrEr`r r rGsz$TokenCache.__add.. refresh_inZ refresh_onZskip_account_creationZ _account_idoidrsrfr authority_typeZadfs)r#r$r+Zlocal_account_idrfr}Zauthorization_coderaZ GRANT_TYPEZ grant_typeZaccount_source)r;ryr#r$r+r%)r;ryr#r$r%r&last_modification_timeZfociZ family_id)r%r$)rrr_TokenCache__parse_accountr!rOr1rQrRrrrBupdatemodifyrrrr_GRANT_TYPE_BROKERrZ DEVICE_FLOWrrrr)r)rorMr$r+_rcrdrbrerrqr#r&Zdefault_expires_inrvrwrVr{accountZ%grant_types_that_establish_an_accountZidtrtZ app_metadatar rzr Z__adds                 $zTokenCache.__addcCs|j|di|}|j0|r"|j|i}t|fi|||<n|j|i|dWddSWddS1s@wYdS)Nr )r3r1r2 setdefaultrpop)r)r; old_entrynew_key_value_pairsr<entriesr r r rZs "zTokenCache.modifycC&|d|jjks J||jj|SNr;)rrrr)r)rt_itemr r r remove_rtlzTokenCache.remove_rtc Cs:|d|jjks J||jj||tttdS)Nr;)ryr~)rrrrrBrQrR)r)rZnew_rtr r r update_rtps  zTokenCache.update_rtcCrr)rrrr)r)Zat_itemr r r rUwrzTokenCache.remove_atcCrr)rrrr)r)Zidt_itemr r r remove_idt{rzTokenCache.remove_idtcCsd|vsJ||jj|S)Nr})rrr)r)Z account_itemr r r remove_accounts zTokenCache.remove_accountrr.)rrr__doc__rrr4r9r:r8 staticmethodrrIboolrKrWr[rprrnrrrrUrrr r r r rs,;   /  r rcsBeZdZdZdZfddZd fdd Zdd Zd d ZZ S) SerializableTokenCacheaThis serialization can be a starting point to implement your own persistence. This class does NOT actually persist the cache on disk/db/etc.. Depending on your need, the following simple recipe for file-based, unencrypted persistence may be sufficient:: import os, atexit, msal cache_filename = os.path.join( # Persist cache into this file os.getenv( # Automatically wipe out the cache from Linux when user's ssh session ends. # See also https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/690 "XDG_RUNTIME_DIR", ""), "my_cache.bin") cache = msal.SerializableTokenCache() if os.path.exists(cache_filename): cache.deserialize(open(cache_filename, "r").read()) atexit.register(lambda: open(cache_filename, "w").write(cache.serialize()) # Hint: The following optional line persists only when state changed if cache.has_state_changed else None ) app = msal.ClientApplication(..., token_cache=cache) ... Alternatively, you may use a more sophisticated cache persistence library, `MSAL Extensions `_, which provides token cache persistence with encryption, and more. :var bool has_state_changed: Indicates whether the cache state in the memory has changed since last :func:`~serialize` or :func:`~deserialize` call. Fc s"tt|j|fi|d|_dSNT)superrrphas_state_changed)r)ror- __class__r r rps zSerializableTokenCache.addNcstt||||d|_dSr)rrrr)r)r;rrrr r rs  zSerializableTokenCache.modifycCsF|j|r t|ni|_d|_WddS1swYdS)zEDeserialize the cache from a state previously obtained by serialize()FN)r1rlrtr2r)r)stater r r deserializes"z"SerializableTokenCache.deserializecCs@|jd|_tj|jddWdS1swYdS)z0Serialize the current cache state into a string.Frg)rhN)r1rrlrmr2r(r r r serializes$z SerializableTokenCache.serializer) rrrrrrprrr __classcell__r r rr rs r)rlr/rRloggingrX authorityrZoauth2cli.oidcrrZoauth2cli.oauth2r getLoggerrrjrr robjectrrr r r r s    o