o a2@sJdZddlZddlmZmZGdddeZGdddeZGdd d eZGd d d eZ Gd d d eZ GdddeZ GdddeZ GdddeZ Gddde ZGdddeZGdddeZGdddeZGdddeZGdddeZGd d!d!eZGd"d#d#eZGd$d%d%eZGd&d'd'eZGd(d)d)eZGd*d+d+eZGd,d-d-eZGd.d/d/eZGd0d1d1eZGd2d3d3eZGd4d5d5e ZGd6d7d7eZGd8d9d9eZ Gd:d;d;eZ!Gdd?d?eZ#Gd@dAdAeZ$GdBdCdCeZ%GdDdEdEeZ&GdFdGdGeZ'dJdHdIZ(dS)Kz oauthlib.oauth2.rfc6749.errors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Error used both by OAuth 2 clients and providers to represent the spec defined error responses for all four core grant types. N)add_params_to_uri urlencodecsfeZdZdZdZdZ  dfdd ZddZedd Z ed d Z ed d Z eddZ Z S) OAuth2ErrorNcs|dur||_d|j|j}|r|dt|7}t|||_||_|r*||_|rN|j |_ |j |_ |j |_ |j |_ |j |_ |j|_|sL|j|_dSdSd|_ d|_ d|_ d|_ d|_ d|_dS)a0 :param description: A human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred. Values for the "error_description" parameter MUST NOT include characters outside the set x20-21 / x23-5B / x5D-7E. :param uri: A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error. Values for the "error_uri" parameter MUST conform to the URI- Reference syntax, and thus MUST NOT include characters outside the set x21 / x23-5B / x5D-7E. :param state: A CSRF protection value received from the client. :param status_code: :param request: OAuthlib request. :type request: oauthlib.common.Request Nz({}) {} ) descriptionformaterrorreprsuper__init__uristate status_code redirect_uri client_idscopes response_type response_mode grant_type)selfrrrrrequestmessage __class__@/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/errors.pyr s4   zOAuth2Error.__init__cCs|jdk}t||j|S)Nfragment)rr twotuples)rrrrrrin_uriIs zOAuth2Error.in_uricCsRd|jfg}|jr|d|jf|jr|d|jf|jr'|d|jf|S)Nr error_description error_urir)r rappendrr)rr rrrrMs zOAuth2Error.twotuplescCs t|jSN)rrrrrr urlencodedXs zOAuth2Error.urlencodedcCstt|jSr$)jsondumpsdictrr%rrrr'\szOAuth2Error.jsoncCs`|jdkr. d|jg}|jr|d|j|jr%|d|jddd|iSiS)Nz error="{}"zerror_description="{}"zerror_uri="{}"zWWW-AuthenticatezBearer z, )rr r rr#rjoin)r authvaluesrrrheaders`s zOAuth2Error.headers)NNNNN)__name__ __module__ __qualname__r rrr r propertyrr&r'r- __classcell__rrrrr s 7   rc@eZdZdZdS)TokenExpiredError token_expiredNr.r/r0r rrrrr4sr4c@eZdZdZdZdS)InsecureTransportErrorinsecure_transportzOAuth 2 MUST utilize https.Nr.r/r0r rrrrrr9wr9c@r8)MismatchingStateErrormismatching_statez6CSRF Warning! State not equal in request and response.Nr;rrrrr=|r<r=c@r3)MissingCodeError missing_codeNr6rrrrr?r7r?c@r3)MissingTokenError missing_tokenNr6rrrrrAr7rAc@r3)MissingTokenTypeErrormissing_token_typeNr6rrrrrCr7rCc@r3)FatalClientErrora Errors during authorization where user should not be redirected back. If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI. Instead the user should be informed of the error by the provider itself. N)r.r/r0__doc__rrrrrEs rEc@r8)InvalidRequestFatalErrorz For fatal errors, the request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. invalid_requestNr.r/r0rFr rrrrrGrGc@r3)InvalidRedirectURIErrorzInvalid redirect URI.Nr.r/r0rrrrrrKr7rKc@r3)MissingRedirectURIErrorzMissing redirect URI.NrLrrrrrMr7rMc@r3)MismatchingRedirectURIErrorzMismatching redirect URI.NrLrrrrrNr7rNc@r3)InvalidClientIdErrorz"Invalid client_id parameter value.NrLrrrrrOr7rOc@r3)MissingClientIdErrorzMissing client_id parameter.NrLrrrrrPr7rPc@r8)InvalidRequestErrorz The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. rHNrIrrrrrQrJrQc@r3)MissingResponseTypeErrorz Missing response_type parameter.NrLrrrrrRr7rRc@r8)MissingCodeChallengeErrora If the server requires Proof Key for Code Exchange (PKCE) by OAuth public clients and the client does not send the "code_challenge" in the request, the authorization endpoint MUST return the authorization error response with the "error" value set to "invalid_request". The "error_description" or the response of "error_uri" SHOULD explain the nature of error, e.g., code challenge required. zCode challenge required.Nr.r/r0rFrrrrrrSrSc@r8)MissingCodeVerifierErrorzr The request to the token endpoint, when PKCE is enabled, has the parameter `code_verifier` REQUIRED. zCode verifier required.NrTrrrrrVrVc@r8)AccessDeniedErrorzH The resource owner or authorization server denied the request. access_deniedNrIrrrrrXsrXc@r8)UnsupportedResponseTypeErrorzj The authorization server does not support obtaining an authorization code using this method. unsupported_response_typeNrIrrrrrZrWrZc@r8)#UnsupportedCodeChallengeMethodErrorad If the server supporting PKCE does not support the requested transformation, the authorization endpoint MUST return the authorization error response with "error" value set to "invalid_request". The "error_description" or the response of "error_uri" SHOULD explain the nature of error, e.g., transform algorithm not supported. z"Transform algorithm not supported.NrTrrrrr\rUr\c@r8)InvalidScopeErrorz The requested scope is invalid, unknown, or malformed, or exceeds the scope granted by the resource owner. https://tools.ietf.org/html/rfc6749#section-5.2 invalid_scopeNrIrrrrr]r]c@r8) ServerErrora  The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via a HTTP redirect.) server_errorNrIrrrrr`r_r`c@r8)TemporarilyUnavailableErrora The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via a HTTP redirect.) temporarily_unavailableNrIrrrrrb r_rbc@eZdZdZdZdZdS)InvalidClientErroraG Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client. invalid_clientr*Nr.r/r0rFr rrrrrres rec@rd)InvalidGrantErrora7 The provided authorization grant (e.g. authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. https://tools.ietf.org/html/rfc6749#section-5.2 invalid_grantrNrgrrrrrh#srhc@r8)UnauthorizedClientErrorz^ The authenticated client is not authorized to use this authorization grant type. unauthorized_clientNrIrrrrrj0rWrjc@r8)UnsupportedGrantTypeErrorzX The authorization grant type is not supported by the authorization server. unsupported_grant_typeNrIrrrrrl8rWrlc@r8)UnsupportedTokenTypeErrorz The authorization server does not support the hint of the presented token type. I.e. the client tried to revoke an access token on a server not supporting this feature. unsupported_token_typeNrIrrrrrn@rJrnc@eZdZdZdZdZdZdS)InvalidTokenErrora The access token provided is expired, revoked, malformed, or invalid for other reasons. The resource SHOULD respond with the HTTP 401 (Unauthorized) status code. The client MAY request a new access token and retry the protected resource request. invalid_tokenr*zWThe access token provided is expired, revoked, malformed, or invalid for other reasons.Nr.r/r0rFr rrrrrrrqI rqc@rp)InsufficientScopeErrora The request requires higher privileges than provided by the access token. The resource server SHOULD respond with the HTTP 403 (Forbidden) status code and MAY include the "scope" attribute with the scope necessary to access the protected resource. insufficient_scopeizIThe request requires higher privileges than provided by the access token.NrsrrrrruWrtruc@r8)ConsentRequireda The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User consent. consent_requiredNrIrrrrrwerwc@r8) LoginRequireda' The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication. login_requiredNrIrrrrrzpryrzcs eZdZdZfddZZS)CustomOAuth2Errorz This error is a placeholder for all custom errors not described by the RFC. Some of the popular OAuth2 providers are using custom errors. cs||_tj|i|dSr$)r r r )rr argskwargsrrrr szCustomOAuth2Error.__init__)r.r/r0rFr r2rrrrr|{sr|cCsvddl}ddl}|d|d|dd}||jt|jD]\}}|j|kr1|di|q!tdd|i|)Nrr!r"r)rrrr r) inspectsysget getmembersmodulesr.isclassr r|)r paramsrrr~_clsrrrraise_from_errors rr$))rFr'oauthlib.commonrr Exceptionrr4r9r=r?rArCrErGrKrMrNrOrPrQrRrSrVrXrZr\r]r`rbrerhrjrlrnrqrurwrzr|rrrrrsLf