o i'e^1@sddlmZddlZddlZddlmZddlmZddlmZm Z m Z ddl m Z m Z ddlmZdd lmZmZmZmZmZmZmZdd lmZe rTdd lmZmZGd d d ZeZejZejZej Z dS)) annotationsN)timegm)Iterable)datetime timedeltatimezone) TYPE_CHECKINGAny)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysc@seZdZdJdKddZedLd d Z   dMdNddZ  dOdPddZ        dQdRd0d1ZdSd3d4Z        dQdTd5d6Z   dUdVd7d8Z dWd9d:Z dXd=d>Z dXd?d@ZdXdAdBZdCdDdYdFdGZdZdHdIZdS)[PyJWTNoptionsdict[str, Any] | NonereturnNonecCs"|duri}i|||_dSN)_get_default_optionsr)selfrr+lib/python3.10/site-packages/jwt/api_jwt.py__init__szPyJWT.__init__dict[str, bool | list[str]]cCsddddddgdS)NT)verify_signature verify_exp verify_nbf verify_iat verify_aud verify_issrequirerrrrrr szPyJWT._get_default_optionsHS256Tpayloaddict[str, Any]key AllowedPrivateKeys | str | bytes algorithm str | Noneheaders json_encodertype[json.JSONEncoder] | None sort_headersboolstrc Csnt|ts td|}dD]}t||tr#t||||<q|j|||d}t j ||||||dS)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)r0r1)r3) isinstancedict TypeErrorcopygetrrZ utctimetuple_encode_payloadr encode) rr*r,r.r0r1r3Z time_claimZ json_payloadrrrr?,s, z PyJWT.encodebytescCstj|d|ddS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:)Z separatorsclszutf-8)jsondumpsr?)rr*r0r1rrrr>Rs zPyJWT._encode_payloadrjwt str | bytesAllowedPublicKeys | str | bytes algorithmslist[str] | Noneverify bool | Nonedetached_payload bytes | Noneaudiencestr | Iterable[str] | Noneissuerleewayfloat | timedeltakwargsr c Ks| rtdt| tt|pi}|dd|dur,||dkr,tjdtd|dsN|dd|dd|d d|d d|d d|drX|sXtd t j |||||d } | | } i|j |} |j | | ||| d| | d<| S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r"TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryr#Fr$r%r&r'z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r,rJrrN)rPrRrSr*)warningswarntuplekeysrr: setdefaultDeprecationWarningr r decode_complete_decode_payloadr_validate_claims)rrGr,rJrrLrNrPrRrSrUdecodedr*Zmerged_optionsrrrr]dsL           zPyJWT.decode_completer`c CsPz t|d}Wnty}ztd|d}~wwt|ts&td|S)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r*zInvalid payload string: Nz-Invalid payload string: must be a json object)rDloads ValueErrorr r9r:)rr`r*errrr^s zPyJWT._decode_payloadc KsB| rtdt| t|j||||||||| d } | dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )rLrNrPrRrSr*)rWrXrYrZrr]) rrGr,rJrrLrNrPrRrSrUr`rrrdecodes&  z PyJWT.decodecCst|tr |}|durt|ttfstd|||tjt j d }d|vr6|dr6| |||d|vrE|drE| |||d|vrT|drT|||||d r^||||d rp|j|||d d d dSdS)Nz+audience must be a string, iterable or None)Ztzr7r%r8r$r6r#r'r&Z strict_audFstrict)r9rZ total_secondsr5rr;_validate_required_claimsrnowrZutcZ timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audr=)rr*rrPrRrSrhrrrr_s&    zPyJWT._validate_claimscCs(|dD] }||durt|qdS)Nr()r=r)rr*rZclaimrrrrgs zPyJWT._validate_required_claimsrhfloatcC@zt|d}Wn tytdw|||krtddS)Nr7z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrbrr)rr*rhrSr7rrrri s  zPyJWT._validate_iatcCro)Nr8z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rprbr r)rr*rhrSr8rrrrj  zPyJWT._validate_nbfcCs@zt|d}Wn tytdw|||krtddS)Nr6z/Expiration Time claim (exp) must be an integer.zSignature has expired)rprbr r )rr*rhrSr6rrrrk&rqzPyJWT._validate_expFrerfcs|durd|vs |dsdStdd|vs|dstd|d|r@t|ts-tdtts6td|kr>tddSttrHgttsQtdtddDr^tdt|trf|g}tfd d|Drutd dS) NaudzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokencss|] }t|t VqdSr)r9r5).0crrr ]sz&PyJWT._validate_aud..c3s|]}|vVqdSrr)rsrrZaudience_claimsrrrucszAudience doesn't match)rrr9r5listanyall)rr*rPrfrrvrrm4s4     zPyJWT._validate_audcCs4|durdSd|vrtd|d|krtddS)NZisszInvalid issuer)rr)rr*rRrrrrlfs zPyJWT._validate_issr)rrrr)rr!)r)NNT)r*r+r,r-r.r/r0rr1r2r3r4rr5)NN)r*r+r0rr1r2rr@)rFNNNNNNr)rGrHr,rIrJrKrrrLrMrNrOrPrQrRr/rSrTrUr rr+)r`r+rr )rGrHr,rIrJrKrrrLrMrNrOrPrQrRr/rSrTrUr rr )NNr)r*r+rr+rSrTrr)r*r+rr+rr)r*r+rhrnrSrnrr)r*r+rPrQrfr4rr)r*r+rRr rr)__name__ __module__ __qualname__r staticmethodrr?r>r]r^rdr_rgrirjrkrmrlrrrrrsT   )  E * # 2r)!Z __future__rrDrWZcalendarrZcollections.abcrrrrtypingrr rFr exceptionsr r rrrrrrrJrrrZ_jwt_global_objr?r]rdrrrrs&    $ Y