kCi~U.SrSSKrSSKJr SSKrSSKrSSKJr SSKJ r SSKJ r SSKJ r SSKJ r SSKJ r SS KJr S rS rS rS rSrSrSrSSjrSSjrSSjr\ R24SjrSSjrSrSSjrSSjrSSjrSSjr g) aOAuth 2.0 client. This is a client for interacting with an OAuth 2.0 authorization server's token endpoint. For more information about the token endpoint, see `Section 3.1 of rfc6749`_ .. _Section 3.1 of rfc6749: https://tools.ietf.org/html/rfc6749#section-3.2 N)_exponential_backoff)_helpers) credentials) exceptions)jwt)metrics) transportz!application/x-www-form-urlencodedzapplication/jsonz+urn:ietf:params:oauth:grant-type:jwt-bearer refresh_tokenc6U(aUOSn[U[5(a[R"XS9eSR USUR S55n[R"X US9e![ [4a [R"U5nN=f=f)a<Translates an error response into an exception. Args: response_data (Mapping | str): The decoded response data. retryable_error Optional[bool]: A boolean indicating if an error is retryable. Defaults to False. Raises: google.auth.exceptions.RefreshError: The errors contained in response_data. F retryablez{}: {}errorerror_description) isinstancestrr RefreshErrorformatgetKeyError ValueErrorjsondumps) response_dataretryable_error error_detailss Q/var/www/html/land-ocr/venv/lib/python3.13/site-packages/google/oauth2/_client.py_handle_error_responser-s*9oeO-%%%%mOO2  ' "M$5$56I$J   ! !  j !2 =1 2s$A//&BBcR^U[R;agURS5=(d SnURS5=(d Sn[U[5(a[U[5(dg1Skm[ U4SjX2455(agg![ a gf=f)aChecks if a request can be retried by inspecting the status code and response body of the request. Args: status_code (int): The response status code. response_data (Mapping | str): The decoded response data. Returns: bool: True if the response is retryable. False otherwise. TrrF> server_errorinternal_failuretemporarily_unavailablec3,># UH oT;v M g7fN).0eretryable_error_descriptionss r _can_retry..hsS:RQ00:Rs)r DEFAULT_RETRYABLE_STATUS_CODESrrranyAttributeError) status_coder error_desc error_coder(s @r _can_retryr1Jsi>>> "&&':;Ar "&&w/52 *c***Z2M2M( $ S::RS S S T     sAB7B B&%B&cURSS5nUbJ[U[5(a [U5n[R "5[ R"US9-$g)zParses the expiry field from a response into a datetime. Args: response_data (Mapping): The JSON-parsed response data. Returns: Optional[datetime]: The expiration or ``None`` if no expiration was specified. expires_inN)seconds)rrrintrutcnowdatetime timedelta)rr3s r _parse_expiryr9qsT""<6J j# & &ZJ 8#5#5j#IIIc U(a.S[0n[R"U5RS5nO6S[0n[ R RU5RS5nU(aSRU5US'U(aURU5 0n Sn [R"5n U Hn U"S SXUS.UD6n [U RS5(aU RRS5O U Rn[R"U5n U R"[$R&:XaS U S 4s $[)U R"U S 9n U(a U (aMSX4s $ SX4$![ a Un Ncf=f) aMakes a request to the OAuth 2.0 authorization server's token endpoint. This function doesn't throw on response errors. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. access_token (Optional(str)): The access token needed to make the request. use_json (Optional(bool)): Use urlencoded format or json format for the content type. The default value is False. can_retry (bool): Enable or disable request retry behavior. headers (Optional[Mapping[str, str]]): The headers for the request. kwargs: Additional arguments passed on to the request method. The kwargs will be passed to `requests.request` method, see: https://docs.python-requests.org/en/latest/api/#requests.request. For example, you can use `cert=("cert_pem_path", "key_pem_path")` to set up client side SSL certificate, and use `verify="ca_bundle_path"` to set up the CA certificates for sever side SSL certificate verification. Returns: Tuple(bool, Mapping[str, str], Optional[bool]): A boolean indicating if the request is successful, a mapping for the JSON-decoded response data and in the case of an error a boolean indicating if the error is retryable. z Content-Typeutf-8z Bearer {} AuthorizationFPOST)methodurlheadersbodydecodeTNr.rr%)_JSON_CONTENT_TYPErrencode_URLENCODED_CONTENT_TYPEurllibparse urlencoderupdaterExponentialBackoffhasattrdatarCloadsrstatus http_clientOKr1)request token_urirB access_tokenuse_json can_retryrAkwargsheaders_to_userrretries_response response_bodys r _token_endpoint_request_no_throwr^snL(*<=zz$&&w/(*BC||%%d+227;*5*<*<\*J'g&MO"557G  yt OU  x}}h// MM  )   * JJ}5M ??knn ,, ,$ } -8 814 - 00 *)M *s E77 FFc V[UUU4UUUUS.UD6upn U(d [X5 U $)a Makes a request to the OAuth 2.0 authorization server's token endpoint. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. access_token (Optional(str)): The access token needed to make the request. use_json (Optional(bool)): Use urlencoded format or json format for the content type. The default value is False. can_retry (bool): Enable or disable request retry behavior. headers (Optional[Mapping[str, str]]): The headers for the request. kwargs: Additional arguments passed on to the request method. The kwargs will be passed to `requests.request` method, see: https://docs.python-requests.org/en/latest/api/#requests.request. For example, you can use `cert=("cert_pem_path", "key_pem_path")` to set up client side SSL certificate, and use `verify="ca_bundle_path"` to set up the CA certificates for sever side SSL certificate verification. Returns: Mapping[str, str]: The JSON-decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. )rUrVrWrA)r^r) rSrTrBrUrVrWrArXresponse_status_okrrs r_token_endpoint_requestrasON:Z  :" :  :6 }> r:c U[S.n[UUUU[R[R"50S9nUSn[U5n XiU4$![ an[ R"SUSS9nXeSnAff=f)aImplements the JWT Profile for OAuth 2.0 Authorization Grants. For more details, see `rfc7523 section 4`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. assertion (str): The OAuth 2.0 assertion. can_retry (bool): Enable or disable request retry behavior. Returns: Tuple[str, Optional[datetime], Mapping[str, str]]: The access token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc7523 section 4: https://tools.ietf.org/html/rfc7523#section-4  assertion grant_typerWrArUNo access token in response.Fr N) _JWT_GRANT_TYPErarAPI_CLIENT_HEADER'token_request_access_token_sa_assertionrrrr9) rSrTrdrWrBrrU caught_excnew_excexpirys r jwt_grantrns.#/ BD+   % %w'V'V'X M&$^4 = )F  .. &)) *MU % &sA A6A11A6cVUSSS.n[UUR[RU5R U5UUSS9nUSn[R"USS 9n [RRU S 5n X4$![ an [ R"SUSS9n XeS n A ff=f) a`Call iam.generateIdToken endpoint to get ID token. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. iam_id_token_endpoint (str): The IAM ID token endpoint to use. signer_email (str): The signer email used to form the IAM generateIdToken endpoint. audience (str): The audience for the ID token. access_token (str): The access token used to call the IAM endpoint. universe_domain (str): The universe domain for the request. The default is ``googleapis.com``. Returns: Tuple[str, datetime]: The ID token and expiration. true)audience includeEmail useEmailAzpT)rUrVtokenNo ID token in response.Fr Nverifyexp) rareplacerDEFAULT_UNIVERSE_DOMAINrrrrrrCr7utcfromtimestamp) rSiam_id_token_endpoint signer_emailrqrUuniverse_domainrBrid_tokenrkrlpayloadrms r#call_iam_generate_id_token_endpointrBs0!& PD+%%  / / &  !M& )jj%0G    / / ?F   &)) &  % &sB B( B##B(c JU[S.n[UUUU[R[R"50S9nUSn[R"USS9n [RRU S 5n XjU4$![ an[ R"SUSS9nXeSnAff=f) aImplements the JWT Profile for OAuth 2.0 Authorization Grants, but requests an OpenID Connect ID Token instead of an access token. This is a variant on the standard JWT Profile that is currently unique to Google. This was added for the benefit of authenticating to services that require ID Tokens instead of access tokens or JWT bearer tokens. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorization server's token endpoint URI. assertion (str): JWT token signed by a service account. The token's payload must include a ``target_audience`` claim. can_retry (bool): Enable or disable request retry behavior. Returns: Tuple[str, Optional[datetime], Mapping[str, str]]: The (encoded) Open ID Connect ID Token, expiration, and additional data returned by the endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. rcrfrruFr Nrvrx) rhrarri#token_request_id_token_sa_assertionrrrrrCr7r{) rSrTrdrWrBrrrkrlrrms rid_token_jwt_grantrts4#/ BD+   % %w'R'R'T M& ,jj%0G    / / ?F ] ** &)) &  % &sA;; B"BB"cUSnURSU5n[ U5nX!XP4$![an[R"SUSS9nXCeSnAff=f)a'Extract tokens from refresh grant response. Args: response_data (Mapping[str, str]): Refresh grant response data. refresh_token (str): Current refresh token. Returns: Tuple[str, str, Optional[datetime], Mapping[str, str]]: The access token, refresh token, expiration, and additional data returned by the token endpoint. If response_data doesn't have refresh token, then the current refresh token will be returned. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. rUrgFr Nr )rrrrr9)rr rUrkrlrms r_handle_refresh_grant_responsersk"&$^4 "%%o}EM = )F  == &)) *MU % &s( AA  Ac[UUUS.nU(aSRU5US'U(aXhS'[XXS9n [X5$)aImplements the OAuth 2.0 refresh token grant. For more details, see `rfc678 section 6`_. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. refresh_token (str): The refresh token to use to get a new access token. client_id (str): The OAuth 2.0 application's client ID. client_secret (str): The Oauth 2.0 appliaction's client secret. scopes (Optional(Sequence[str])): Scopes to request. If present, all scopes must be authorized for the refresh token. Useful if refresh token has a wild card scope (e.g. 'https://www.googleapis.com/auth/any-api'). rapt_token (Optional(str)): The reauth Proof Token. can_retry (bool): Enable or disable request retry behavior. Returns: Tuple[str, str, Optional[datetime], Mapping[str, str]]: The access token, new or current refresh token, expiration, and additional data returned by the token endpoint. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. .. _rfc6748 section 6: https://tools.ietf.org/html/rfc6749#section-6 )re client_id client_secretr  scoperapt)rW)_REFRESH_GRANT_TYPEjoinrar) rSrTr rrscopes rapt_tokenrWrBrs r refresh_grantrsUT*&&  D (W !V +DM *- GGr:cp[XUS9nSU;a%[R"SRU55eU$)aImplements the global lookup of a credential trust boundary. For the lookup, we send a request to the global lookup endpoint and then parse the response. Service account credentials, workload identity pools and workforce pools implementation may have trust boundaries configured. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. url (str): The trust boundary lookup url. headers (Optional[Mapping[str, str]]): The headers for the request. Returns: Mapping[str,list|str]: A dictionary containing "locations" as a list of allowed locations as strings and "encodedLocations" as a hex string. e.g: { "locations": [ "us-central1", "us-east1", "europe-west1", "asia-east1" ], "encodedLocations": "0xA30" } If the credential is not set up with explicit trust boundaries, a trust boundary of "all" will be returned as a default response. { "locations": [], "encodedLocations": "0x0" } Raises: exceptions.RefreshError: If the response status code is not 200. exceptions.MalformedError: If the response is not in a valid format. )rAencodedLocationszInvalid trust boundary info: {})_lookup_trust_boundary_requestrMalformedErrorr)rSr@rArs r_lookup_trust_boundaryrsB@37QM.'' - 4 4] C   r:cH[XX#5upEnU(d [XV5 U$)aMakes a request to the trust boundary lookup endpoint. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. url (str): The trust boundary lookup url. can_retry (bool): Enable or disable request retry behavior. Defaults to true. headers (Optional[Mapping[str, str]]): The headers for the request. Returns: Mapping[str, str]: The JSON-decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. )'_lookup_trust_boundary_request_no_throwr)rSr@rWrAr`rrs rrr*s-":ai:6 }> r:c0nSn[R"5nUHnU"SXS9n[URS5(aURR S5O URn [ R "U 5nUR[R:XaSUS4s $[URUS9nU(a U(aMSXE4s $ SXE4$![a U nNcf=f) aMakes a request to the trust boundary lookup endpoint. This function doesn't throw on response errors. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. url (str): The trust boundary lookup url. can_retry (bool): Enable or disable request retry behavior. Defaults to true. headers (Optional[Mapping[str, str]]): The headers for the request. Returns: Tuple(bool, Mapping[str, str], Optional[bool]): A boolean indicating if the request is successful, a mapping for the JSON-decoded response data and in the case of an error a boolean indicating if the error is retryable. FGET)r?r@rArCr<TNrD) rrLrMrNrCrrOrrPrQrRr1) rSr@rWrArrrZr[r\r]s rrrCs$MO"557G %SBx}}h// MM  )   * JJ}5M ??knn ,, ,$ } -8 8-0 - 00 *)M *s)C C#"C#)NFTN)T)NNTr$)TN)!__doc__r7 http.clientclientrQrrH google.authrrrrrrr rGrErhrrr1r9r^rarnrzrrrrrrrr%r:rrs ! , #"!>'?%:$N6  Q1p  3l-/l 77 /d1+h>J 7Ht&R2.1r: