o ưi @srddlZddlZddlmZmZmZmZddlZddlm Z ddl m Z m Z ddl mZmZmZGdddZdS)N)DictOptionalTuplecast)verbose_proxy_logger)get_async_httpx_clienthttpxSpecialProvider)CommonProxyErrorsLitellmUserRolesUserAPIKeyAuthc@seZdZdZededeedeedefddZededeedeede e eefe eefffd d Z edede eeffd d Z ed e dededede eeeeeeff ddZ ededefddZdS) Oauth2Handlerz* Handles OAuth2 token validation. token_info_endpointoauth_client_idoauth_client_secretreturncCsd|vo |duo |duS)am Determine if this is an introspection endpoint (requires POST) or token info endpoint (uses GET). Args: token_info_endpoint: The OAuth2 endpoint URL oauth_client_id: OAuth2 client ID oauth_client_secret: OAuth2 client secret Returns: bool: True if this is an introspection endpoint Z introspectN)lowerr rrrV/home/app/Keep/.python/lib/python3.10/site-packages/litellm/proxy/auth/oauth2_check.py_is_introspection_endpoints z(Oauth2Handler._is_introspection_endpointtokencCs^ddi}d|i}|r%|r%t|d|}d||d<||fS|r+||d<||fS)aP Prepare headers and data for OAuth2 introspection endpoint (RFC 7662). Args: token: The OAuth2 token to validate oauth_client_id: OAuth2 client ID oauth_client_secret: OAuth2 client secret Returns: Tuple of (headers, data) for the introspection request Content-Typez!application/x-www-form-urlencodedr:zBasic AuthorizationZ client_id)base64 b64encodeencodedecode)rrrheadersdata credentialsrrr_prepare_introspection_request+sz,Oauth2Handler._prepare_introspection_requestcCsd|ddS)z Prepare headers for generic token info endpoint. Args: token: The OAuth2 token to validate Returns: Dict of headers for the token info request zBearer zapplication/json)rrrrrrr_prepare_token_info_requestLs z)Oauth2Handler._prepare_token_info_request response_datauser_id_field_nameuser_role_field_nameuser_team_id_field_namecCs(||}||}||}|||fS)a Extract user information from OAuth2 response. Args: response_data: The response data from OAuth2 endpoint user_id_field_name: Field name for user ID user_role_field_name: Field name for user role user_team_id_field_name: Field name for team ID Returns: Tuple of (user_id, user_role, user_team_id) )get)r$r%r&r'user_id user_team_id user_rolerrr_extract_user_infoYs    z Oauth2Handler._extract_user_infoc sddlm}|durtdtjjtd|t d}tj dd}tj d d }tj d d }tj d }tj d}|sEtdt t jd}tj|||d} ze| rqtdtj|||d\} } |j|| | dIdH} ntdtj|d} |j || dIdH} | | } td|| | r| ddstdtj| |||d\} }}t||| tt|dWStjy}ztd|d}~wty}ztd|d}~ww) aB Makes a request to the token introspection endpoint to validate the OAuth2 token. This function implements OAuth2 token introspection according to RFC 7662. It supports both generic token info endpoints (GET) and OAuth2 introspection endpoints (POST). Args: token (str): The OAuth2 token to validate. Returns: UserAPIKeyAuth: If the token is valid, containing user information. Raises: ValueError: If the token is invalid, the request fails, or the token info endpoint is not set. r) premium_userTz;Oauth2 token validation is only available for premium usersz$Oauth2 token validation for token=%sZOAUTH_TOKEN_INFO_ENDPOINTZOAUTH_USER_ID_FIELD_NAMEsubZOAUTH_USER_ROLE_FIELD_NAMEZroleZOAUTH_USER_TEAM_ID_FIELD_NAMEteam_idZOAUTH_CLIENT_IDZOAUTH_CLIENT_SECRETz9OAUTH_TOKEN_INFO_ENDPOINT environment variable is not set)Z llm_providerrz*Using OAuth2 introspection endpoint (POST))rrr)rrNz'Using generic token info endpoint (GET)r")rz?Oauth2 token validation for token=%s, response from endpoint=%sactivezToken is not active)r$r%r&r')Zapi_keyr/r)r+z#Oauth 2.0 Token validation failed: z+An error occurred during token validation: )Zlitellm.proxy.proxy_serverr- ValueErrorr Znot_premium_uservaluerdebugosgetenvenvironr(rrZ Oauth2Checkr rr!postr#raise_for_statusjsonr,r rr httpxZHTTPStatusError Exception)rr-r r%r&r'rrclientZis_introspection_endpointrrresponser)r+r*errrcheck_oauth2_tokenrs           z Oauth2Handler.check_oauth2_tokenN)__name__ __module__ __qualname____doc__ staticmethodstrrboolrrrr!r#r,r r?rrrrr sL     r )rr4typingrrrrr:Zlitellm._loggingrZ&litellm.llms.custom_httpx.http_handlerrrZlitellm.proxy._typesr r r r rrrrs