e 4ddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddl Z ddlmZddlmZddlZddlmZddlmZddlmZmZddlmZmZmZddlmZd d lmZd d l m!Z!d d l"m#Z#m$Z$m%Z%m&Z&m'Z'd d l(m)Z)d dl*m+Z+m,Z,ej-e.Z/dZ0dZ1dZ2dZ3dZ4dZ5Gddej6jeZ7Gdde7Z8Gdde8Z9Gdde8Z:Gdde7Z;Gdd e7Z<Gd!d"e7Z=Gd#d$e7Z>Gd%d&e7Z?Gd'd(e7Z@Gd)d*e7ZAGd+d,e7ZBGd-d.eZCGd/d0ej6jZDGd1d2eZEGd3d4eEZFe=e?e@eeAe9e:d5 ZGe!d6D]ZHeHIeGeHjJ<eKeGLejMNd7d8_NdS)9N)urlsafe_b64encode)partial) AuthProvider) OAuth2Mixin) HTTPError HTTPRequest)rRequestHandlerdecode_signed_value)WebSocketHandler)config)entry_points_for)BASIC_LOGIN_TEMPLATECDN_DISTERROR_TEMPLATELOGOUT_TEMPLATE_env)state)base64url_encode decode_tokenzpanel-oauth-statezpanel-oauth-codec tj|jd}n*#t$rtj|jd}YnwxYwt jdd|}t jdd|}t j|}|S)z Decodes the JSON-format response body Arguments --------- response: tornado.httpclient.HTTPResponse Returns ------- Decoded response content asciiutf-8"')codecsdecodebody Exceptionresubjsonloads)responsers *lib/python3.11/site-packages/panel/auth.pydecode_response_bodyr&&s5}X]G44 555}X]G445 6#tT " "D 6#sD ! !D :d  D Ks$AAcj|||d|dgdS)zH Extracts a request argument from a urllib.parse.parse_qs dict. z/?Nr)get)argskeys r%extract_urlparamr+=s3 88C*s**tf55 6 6q 99ctj|}tj|ddS)zCSerialize OAuth state to a base64 string after passing through JSONutf8r)r"dumpsbase64rencoder)r json_states r%_serialize_stater3Ds>E""J  #J$5$5f$=$= > > E Eg N NNr,ct|tr|d} tj|d}n-#t $r td|icYSwxYw tj |S#t $r td|icYSwxYw)z9Deserialize OAuth state as serialized in _serialize_staterr.zFailed to b64-decode state: %rzFailed to json-decode state: %r) isinstancestrr1r0urlsafe_b64decoder ValueErrorlogerrorr"r#) b64_stater2s r%_deserialize_stater<Js)S!!.$$W-- -i88??GG  2I>>> z*%%%  3Z@@@ s#'A'A>=A>B'C?CceZdZdddZgdZddiZdZdZeZ dZ e d Z dd Z dd Zd Zd ZdZdZdZdZdZddZddZdZdS)OAuthLoginHandlerapplication/json Tornado OAuthAcceptz User-Agent)openidemailprofileoffline_access grant_typeauthorization_codeN/logincdtjvrtjdSdtjvr|jSdtjddDS)NscopePANEL_OAUTH_SCOPEcg|]}|SrN).0rKs r% z,OAuthLoginHandler._SCOPE..usNNN%NNNr,,)r oauth_extra_paramsosenviron_DEFAULT_SCOPESsplitselfs r%_SCOPEzOAuthLoginHandler._SCOPEos^ f/ / /,W5 5  2 2' 'NN2:.A#B#H#H#M#MNNNNr,cK|r&|||||d{V\}}}}|S|||dd|id}dtjvrtjd|dd<|j |j|d<dtjvrtjd|d<td t |j|jd i|dS) a Fetches the authenticated user Arguments --------- redirect_uri: (str) The OAuth redirect URI client_id: (str) The OAuth client ID state: (str) The unguessable random string to protect against cross-site request forgery attacks client_secret: (str, optional) The client secret code: (str, optional) The response code from the server ) client_secretcodeNr\r) redirect_uri client_idr[ response_type extra_paramsaudiencer`rKz%s making authorize requestrN) _fetch_access_tokenr rRrYr9debugtype__name__authorize_redirect) rXr]r^rr[r\user_paramss r%get_authenticated_userz(OAuthLoginHandler.get_authenticated_userws&  "&":":+ #;##MD!Q K)%*#    2 2 2171J:1VF> ": . ; ""kF7O f/ / /$7@F7O /d1DEEE))&)))))r,c Ktdt|jd|i|j}|r||d<|jrd|j|d<|r||d<|r ||d<d|d<|r||d <n1|r||| n||d <| } t|j d tj ||j } | | d{V} n`#t $rS} tdt|j|| jdYd} ~ nd} ~ wwxYw| jrt)| x} sBtdt|j|| d| vrI|r/tdt|jdS|| | d| d| d}}| d}|rt-|}| dx}r\ |||||}tdt|j||||fS#t0$rYnwxYwt3|j}|jr+|j}|j| d|d<n!d|j| d}tdt|j | ||d{V}t)|}n#t $rd}YnwxYw|stdt|j t;| d}nU#t<$rHtdt|j|| | dYnwxYwtdt|j|||||}||||fS) a Fetches the access token. Arguments --------- client_id: The client ID redirect_uri: The redirect URI code: The response code from the server client_secret: The client secret refresh_token: A token used for refreshing the access_token username: A username password: A password z%s making access token request.r^r] rKr\ refresh_tokenrGr[)usernamepassword code_verifierPOST)methodrheadersNz%s access token request failed.)statusz6%s token endpoint did not return a valid access token. access_tokenz2%s token endpoint did not reissue an access token.)NNN expires_inid_tokenz3%s successfully obtained access_token and id_token. Authorizationz{}{}z%s requesting OpenID userinfo.)rszP%s could not obtain userinfo or id_token, falling back to decoding access_token.z!%s could not decode access_token.z3%s successfully obtained access_token and userinfo.)r9rcrdre_EXTRA_TOKEN_PARAMSrYjoinupdateget_code_cookieget_auth_http_clientr_OAUTH_ACCESS_TOKEN_URLurlparse urlencode_API_BASE_HEADERSfetchHTTPClientError _raise_errorr$rr&r(int_on_authrdict_access_token_header_OAUTH_USER_URLformatrr)rXr^r]r[r\rmrnrorihttpreqr$errvrwrxrg user_headersuser_url user_responses r%rbz%OAuthLoginHandler._fetch_access_tokens0 3T$ZZ5HIII  &   2%1F> " ; 4!hht{33F7O  "!F6N  3&3F? ##2F<  =&3F? # #  = MM8hM ? ? ? ?&*&:&:&<&&:DHH_ IIhjnosjtjtj} ~ ~ ~ >'^(<== > > > =tDzz?RSSS!!(D!===== > GdI\]]]}}X|]JOO\=*<NN &~m.B.B7.K.KLLSSUU*+?@@GGPPXXY\^`aan,,r,c|ttjpddd}|t|S)Nrr,r.r)rCODE_COOKIE_NAMEr rrrrXr\s r%r}z!OAuthLoginHandler.get_code_cookie>sP&&'7fFY&ZZa^aiijpr{|| *+++ r,cV|t|tjddSr)rrr rrs r%set_code_cookiez!OAuthLoginHandler.set_code_cookieCs5  d1Dt      r,cKtdt|jtjr tj}n*d|jj|jj }|tj d}| di}|r2tj |}d|D}| dt|d}| dt|d}| dt|d}|h| d t|d }|s|}td t|j|t#d || |}|r||kr.td ||t#d dd t)|} |tj||d|jdi|d{V} | t#ddtdt|j|| jdddS|x|d<} || |jdi|d{VdS)Nz%s received login requestz {0}://{1})r]r^rcLi|]!\}}|dd|"S)?)rV)rOargvalues r% z)OAuthLoginHandler.get..Zs-UUUjc5 #r*EUUUr,r\rr:error_descriptionz2%s failed to authenticate with following error: %srtreasonOAuth state mismatch: %s != %sz=OAuth state mismatch. Please restart the authentication flow.zstate mismatch)r[r\rzPermissions unknown.'%s authorized user, redirecting to app.rrrN)r9rcrdrer oauth_redirect_urirrprotocolhost oauth_keyrrparse_qsitemsr+r:rrrr<r| oauth_secretrjredirectr(rr) rXr]rinext_argr\ url_stater: error_msg cookie_staterrgs r%r(zOAuthLoginHandler.getHs -tDzz/BCCC  $ !4LL&-- % !L )",   $$VR00  V(22HUUHNNDTDTUUUH  )9(F)K)KLL%%g/?'/R/RSS !!'+;Hg+N+NOO  ))#%5h@S%T%TVVI "! IIDT #U   C5999 9,,..  8y(( >v>>>>>>>>D|%;<<< II?dAT U U U MM)%)J44 5 5 5 5 5'+nn&6&6 6F7Oe  ! !% ( ( (-$-7777 7 7 7 7 7 7 7 7 7r,c 6t|trt|}n#|}tt j|}t jp|j}||vr ||}n>t dt|j |tdd|d|d|t jt"jrt"j|d}t"j|d}|r2t"j|d}|d|t j|d |t j|rt*jt*jj}|d tt7||zt j|r"|d |t j|t"jvr t"j|d|S) Nz-%s token payload did not contain expected %r.rtz,OAuth token payload missing user informationis_guestrgrrrvrxrrm)r5r6rrr"r/r oauth_jwt_user _USER_KEYr9r:rdrerrrrr encryptionencryptr1dtdatetimenowtimezoneutc timestampr_oauth_user_overridespop) rXrxrvrmrwdecodeduser_keyrgnow_tss r%rzOAuthLoginHandler._on_auths> h $ $ >"8,,GGG' 8(<(<==H(:DN w  8$DD IIE4jj)8 5 5 5C!OPP P *%%% vt&:MNNN   X +33L4G4G4P4PQQL'//0H0HIIH X % 0 8 89M9Mg9V9V W W  ~|&J]^^^ z8&BUVVV  t[__R[_55??AAF  " ">3s6J;N7O7O3P3P_e_r " s s s  e  " "?MPVPc " d d d 5. . .  ' + +D$ 7 7 7 r,c  |pt|}n#tjj$r|}YnwxYw|jjdd}|jr(t|d|jd|n t |d|dt|| dt|| dd  ) N LoginHandlerrz OAuth provider returned a z error. The full response was: zN OAuth provider failed to fully authenticate returning the following response:.rr:z Unknown errorr) r&r"decoderJSONDecodeError __class__rerr:r9rrr(r6)rXr$rruproviders r%rzOAuthLoginHandler._raise_errors& 9/99DD|+   DDD >*22>2FF > $ II>>hn>>7;>> ? ? ? ? KK8##### $ $ $  HH(#d)) 4 488G_55    s --c |d\}}}||ddt|tr|j|j}}nD|jjdd}t |d|d\}}| |j tjdd || dS) Nexc_info Content-Typez text/htmlrrz. OAuth provider encountered unexpected error: )z500: Internal Server Errorz&Server encountered unexpected problem.zPanel: Authentication ErrorzAuthentication Error)npm_cdntitle error_typer:r)clear_all_cookies set_headerr5rr log_messagerrerr9r:write_error_templaterenderr r)rX status_codekwargsrhrr:rrs r% write_errorzOAuthLoginHandler.write_errors$1a      444 a # #  x9EE~.66~rJJH II     E9 4'..N/- /       r,)NNNNNNNN)Nr)re __module__ __qualname__rrUrzrrrrrpropertyrYrjrbrrrrr}rr(rrr rNr,r%r>r>ZsY%% GFFO - M$OO OOXO?C,*,*,*,*^FJ48m=m=m=m=^ " " "      (---     <8<8<8|>    &     r,r>creZdZdZddiZedZedZedZedZ dS) GenericLoginHandler Bearer {}rGrHc|tjdtjdS)N TOKEN_URLPANEL_OAUTH_TOKEN_URLr rRr(rSrTrWs r%rz+GenericLoginHandler._OAUTH_ACCESS_TOKEN_URLs*(,,["*..I`:a:abbbr,c|tjdtjdS)N AUTHORIZE_URLPANEL_OAUTH_AUTHORIZE_URLrrWs r%_OAUTH_AUTHORIZE_URLz(GenericLoginHandler._OAUTH_AUTHORIZE_URLs*(,,_bjnnMh>i>ijjjr,c|tjdtjdS)NUSER_URLPANEL_OAUTH_USER_URLrrWs r%rz#GenericLoginHandler._OAUTH_USER_URLs*(,,ZH^9_9_```r,c~tjdtjddS)NUSER_KEYPANEL_USER_KEYrDrrWs r%rzGenericLoginHandler._USER_KEYs-(,,ZHXZa9b9bcccr,N) rer r rrzrrrrrrNr,r%rrs& *ccXckkXkaaXaddXdddr,rc"eZdZddiZdZdZdS)PasswordLoginHandlerrGroc  |d}n#t$rd}YnwxYw|dd}|r|d||j|t }||dSNr:rrr) errormessage PANEL_CDNrr set_cookie_login_templaterrrrXr$rhtmls r%r(zPasswordLoginHandler.get ,,W55LL   LLL $$VT22  2 OOJ 1 1 1#**%+   4  ''cfK|dd}|dd}tjr tj}n"|jjd|jj|j}|tj|||d{V\}}}}|sdS| ddS)Nrnrro://)r^r]rnror) rr rrrrrrbrr)rXrnror]rgrhs r%postzPasswordLoginHandler.posts$$Z44$$Z44  $ b!4LL"l3aa 8Ia4K_aaL"66&% 7        aA   F cr,N)rer r rzr(r/rNr,r%r!r!sA j   r,r!ceZdZdZdZdS)CodeChallengeLoginHandlercK|dd}|dd}tjr tj}n"|jjd|jj|j}|r|s||dS|}||kr,t d||tddt|}| |tj||d{V}|td td t!|j||jd d dS) Nr\rrr.rrzOAuth state mismatch)r\rrrr)rr rrrrr_authorize_redirectrr9rrr<rjrrcrdrerr()rXr\rr]rrrgs r%r(zCodeChallengeLoginHandler.getsl  ,,%%gr22  $ b!4LL"l3aa 8Ia4K_aaL 9   $ $\ 2 2 2 F,,.. 9 $ $ KK8, R R RC!788 8"9--00v?OQZae0ffffffff <C..  ;T$ZZ=PQQQ iei C0011111r,c p|}|||\}}||tjdd|j|d|d|d}tj |}| |j d|dS)Nr\rlqueryS256)r^r_rKr response_modercode_challenge_methodr]r) rrrrr rr{rYrrrr)rXr]rrprri query_paramss r%r3z-CodeChallengeLoginHandler._authorize_redirect+s   e$$$(, % ~ ]+++)#XXdk**$,%+(    )&11  2CC\CCDDDDDr,N)rer r r(r3rNr,r%r1r1s72220EEEEEr,r1c&eZdZdZdZdZdZdZdZdS)GithubLoginHandlerzGitHub OAuth2 Authentication To authenticate with GitHub, first register your application at https://github.com/settings/applications/new to get the client ID and secret. z+https://github.com/login/oauth/access_tokenz(https://github.com/login/oauth/authorizezhttps://api.github.com/userztoken {}loginN) rer r __doc__rrrrrrNr,r%r;r;?s7 LE3O%IIIr,r;c&eZdZddiZdZdZdZdZdS)BitbucketLoginHandlerrBr?z.https://bitbucket.org/site/oauth2/access_tokenz+https://bitbucket.org/site/oauth2/authorizez0https://api.bitbucket.org/2.0/user?access_token=rnN)rer r rrrrrrNr,r%r?r?Os7 $OHHOIIIr,r?cdeZdZdZdZdZdZdZedZ edZ edZ d S) Auth0Handlerrz!https://{0}.auth0.com/oauth/tokenzhttps://{0}.auth0.com/authorizezhttps://{0}.auth0.com/userinforDcvtjdd}|j|SN subdomainexampler rRr(_OAUTH_ACCESS_TOKEN_URL_rrXurls r%rz$Auth0Handler._OAUTH_ACCESS_TOKEN_URLfs1'++KCC,33C888r,cvtjdd}|j|SrCr rRr(_OAUTH_AUTHORIZE_URL_rrHs r%rz!Auth0Handler._OAUTH_AUTHORIZE_URLks1'++KCC)00555r,cvtjdd}|j|SrCr rRr(_OAUTH_USER_URL_rrHs r%rzAuth0Handler._OAUTH_USER_URLps1'++KCC$++C000r,N) rer r rrGrLrOrrrrrrNr,r%rArA\s&B=7I 99X966X611X111r,rActeZdZddiZddiZdZdZdZdZd Z e d Z e d Z e d Z d S)GitLabLoginHandlerrBr?rGrHzhttps://{0}/oauth/tokenzhttps://{0}/oauth/authorizezhttps://{0}/api/v4/userrrncvtjdd}|j|SNrIz gitlab.comrFrHs r%rz*GitLabLoginHandler._OAUTH_ACCESS_TOKEN_URLs1'++E<@@,33C888r,cvtjdd}|j|SrSrKrHs r%rz'GitLabLoginHandler._OAUTH_AUTHORIZE_URLs1'++E<@@)00555r,cvtjdd}|j|SrSrNrHs r%rz"GitLabLoginHandler._OAUTH_USER_URLs1'++E<@@$++C000r,N)rer r rrzrGrLrOrrrrrrrNr,r%rQrQws $ * 990&I 99X966X611X111r,rQcjeZdZdddZdZdZdZdZedZ ed Z ed Z d S) AzureAdLoginHandlerr?r@rAz7https://login.microsoftonline.com/{tenant}/oauth2/tokenz;https://login.microsoftonline.com/{tenant}/oauth2/authorizer unique_namectjdtjdd}|j|SN AAD_TENANT_IDtenantcommon)r\rSrTr(r rRrGrrXr\s r%rz+AzureAdLoginHandler._OAUTH_ACCESS_TOKEN_URLE1J1N1NxYa1b1bcc,3363BBBr,ctjdtjdd}|j|SrZrSrTr(r rRrLrr_s r%rz(AzureAdLoginHandler._OAUTH_AUTHORIZE_URLE1J1N1NxYa1b1bcc)000???r,c:|jjditjSNrNrOrr rRrWs r%rz#AzureAdLoginHandler._OAUTH_USER_URL!+t$+HHf.GHHHr,N rer r rrGrLrOrrrrrrNr,r%rWrWs%% YYI CCXC@@X@IIXIIIr,rWcjeZdZdddZdZdZdZdZedZ ed Z ed Z d S) AzureAdV2LoginHandlerr?r@rAz>*..xCC  >077VDD D188== =r,ctjdd}tjdd}|r|j||S|j|Srq)r rRr(rLr_OAUTH_AUTHORIZE_URL__rus r%rz%OktaLoginHandler._OAUTH_AUTHORIZE_URLsj'++E:>>*..xCC  ;-44S&AA A.55c:: :r,ctjdd}tjdd}|r|j||S|j||Srq)r rRr(rOr_OAUTH_USER_URL__rus r%rz OktaLoginHandler._OAUTH_USER_URLsl'++E:>>*..xCC  >(//V<< <)00f== =r,N)rer r r=rzrGrtrLrwrOryrrrrrrNr,r%roros.. A =A>IFI >>X>;;X;>>X>>>r,roc*eZdZddiZgdZdZdZdZdS)GoogleLoginHandlerrz0application/x-www-form-urlencoded; charset=utf-8)rCrDrEz,https://accounts.google.com/o/oauth2/v2/authz*https://accounts.google.com/o/oauth2/tokenrDN)rer r rrUrrrrNr,r%r{r{s< J544OIJIIIr,r{c*eZdZeZdZdZdZdZdS)BasicLoginHandlerc  |d}n#t$rd}YnwxYw|dd}|r|d||j|t }||dSr#r&r)s r%r(zBasicLoginHandler.getr+r,c dtj|jivrtj|jd}n tj}t |trntj |rOt|d5}tj |}dddn #1swxYwYt |tr||vrdS|||kS||krdSdS)N basic_authr)encodingFT)r_server_configr( applicationr rr5r6rSrisfileopenr"r#readr)rXrnro auth_info auth_files r% _validatezBasicLoginHandler._validate s. 5/33D4DbII I I,T-=>|LII)I i % % 9"'..*C*C 9i'222 9i Jy~~'7'788  9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 i & & y((uy22 2  " "4us'C  CCc|dd}|dd}|||}|rB|||dd}||dSdt jdz}||jj |zdS)Nrnrrorrz?error=zInvalid username or password!) rrset_current_user get_cookiertornadoescape url_escaperr)rXrnroauthrrs r%r/zBasicLoginHandler.post0s$$Z44$$Z44~~h11  8  ! !( + + +z377H MM( # # # # #!GN$=$=>]$^$^^I MM$,*Y6 7 7 7 7 7r,c|s,|d|ddS|d|d|tjt t jd|i}tjr2tj | d}|d|tjdS)Nrrgrrrx) rrr rrr"r/rrrr1)rXrgrxs r%rz"BasicLoginHandler.set_current_user<s    j ) ) )   f % % % F *%%% vt&:MNNN#DJ~$>$>??   J'//0H0HIIH z8&BUVVVVVr,N) rer r rr(r(rr/rrNr,r%r}r} sZ*O    8 8 8 W W W W Wr,r}ceZdZdZeZdZdS) LogoutHandlerrIc|d|d|d|d|d|t|jt|j}||dS)Nrgrxrvrmr)r%LOGIN_ENDPOINT)rr_logout_templaterrrr)rXr*s r%r(zLogoutHandler.getOs &!!! *%%% .))) /*** .))) +,,,$++/,   4r,N)rer r rrrr(rNr,r%rrIs.O&     r,rceZdZdZ d fd ZdZdZedZedZ edZ ed Z ed Z xZ S) BasicAuthProviderzF An AuthProvider which serves a simple login and logout page. Nc| t|_nRt|5}tj||_dddn #1swxYwY| t |_nRt|5}tj||_dddn #1swxYwY| t|_ nRt|5}tj||_ dddn #1swxYwY|pd|_ |pd|_ |pg|_ tj|jt!dS)NrIz/logout)rrrr from_stringrrrrr(r_logout_endpoint_guest_endpointsron_session_destroyed _remove_usersuper__init__) rXlogin_endpointlogout_endpointlogin_templatelogout_templateerror_templateguest_endpointsfrs r%rzBasicAuthProvider.__init__bs0  !#1D n%% B'+'7'A'A$ B B B B B B B B B B B B B B B  "$3D ! !o&& C!(,(8(B(B% C C C C C C C C C C C C C C C  !#7D n%% B'+'7'A'A$ B B B B B B B B B B B B B B B-9 / <9 / 52 "4#4555 s5,AAA,B99B=B=",DD!Dcx|jjd}|jjd}|rd}n7|r3ttjd|}|r|d}nd}|sdStj|xxdzcc<tj|stj|=dSdSNrrgguestrr ) rcookiesr(r r cookie_secretrr _active_usersrXsession_context guest_cookie user_cookiergs r%rzBasicAuthProvider._remove_user}s&.6:::FF %-599&AA  DD  &$fkD ,{{7++D  F D!!!Q&!!!"4( *#D))) * *r,c~tjr||jksd|vsdS|dd|jvrdndS)Nz?code=Tz/wsrF)r oauth_optionalrrr)rXrs r% _allow_guestzBasicAuthProvider._allow_guestsM   #1E*E*EUX4{{5"--1FFFttEQr,cfd}|S)Nc|dtj}|r|d}ng|jjrHd}d|jjd<t|ts"| ddtj|r/t|trtj |xxdz cc<|S) Nrgrrr1rrr ) rr rrrrrrr5r r'rr)request_handlerrgrXs r%get_userz,BasicAuthProvider.get_user..get_users"44V&J]4^^D b{{7++""?#:#>?? b>A'/ ;!/3CDDb#..z3VM`.aaa / ?4DEE /#D)))Q.)))Kr,rN)rXrs` r%rzBasicAuthProvider.get_users#     r,c|jSN)rrWs r% login_urlzBasicAuthProvider.login_urls ##r,cT|jt_|jt_tSr)rr}r(rWs r% login_handlerzBasicAuthProvider.login_handlers ,0,@),0,@)  r,c|jSr)rrWs r% logout_urlzBasicAuthProvider.logout_urls $$r,cb|jr|jt_|jt_tSr)rrrrWs r%logout_handlerz BasicAuthProvider.logout_handlers*   C-1-BM *(,(< %r,r )rer r r=rrrrrrrrr __classcell__rs@r%rr]s 48BF6***&RRR X $$X$!!X! %%X%Xr,rcveZdZdZedZefdZedZdZdZ dZ dZ xZ S) OAuthProviderz~ An AuthProvider using specific OAuth implementation selected via the global config.oauth_provider configuration. cdSrrNrWs r%rzOAuthProvider.get_userstr,cfd}|S)Nc2Ktt |}tjr||St jt jj  }d}|tj vritj |s,tjdd{Vtj |,tj |}|d}|dr|d}nS|dtj}|st"ddStj|}|j t)|}|d}nQ#t*$rD|dtj}|t"d|cYSYnwxYw|tj vrtj |d }nc|d tj} | r>tj| } |d|||j|jnd}||krt"d |S|r/ t)|} | d|krd}n#t*$rYnwxYw|/t"d t3 jdSt"d t3 j |||j|jd{V|S) N皙?rvexpiryrz:No access token available, forcing user to reauthenticate.exprzCaccess_token is not a valid JWT token. Expiry cannot be determined.rmz1Fully authenticated and access_token still valid.z[%s access_token is expired and refresh_token not available, forcing user to reauthenticate.%s refreshing token)rrrr oauth_refresh_tokensrrrrrrrrasynciosleeprrr9rc_decrypt_cookierr_schedule_refreshrrrdre_refresh_access_token) handlerrgrr user_staterv access_cookie access_jsonrmrefresh_cookie refresh_jsonrrXs r%rz.OAuthProvider.get_user_async..get_usersG--66w??D. $, [__R[_55??AAFFu2225d;-!-,,,,,,,,, 5d;-"8> ).9 h'2'1F ' 9 9.W]Wj 9 k k $IIZ[[[F$4]CC ~$".|"<"#>L#E*V33(,  D$ wy}CzDzDzMNNN II+T$ZZ-@ A A A,,T='BUW^Wfgg g g g g g g gKs% E##A F10F1#J J JrN)rXrrs` r%get_user_asynczOAuthProvider.get_user_asyncs*= = = = = = |r,cttj}|jr |j|_|j|_|j|_|Sr)AUTH_PROVIDERSr oauth_providerrr(r)rXrs r%rzOAuthProvider.login_handlers@ !67   ;&*&:G #"&"6"&"6r,c|jjd}|jjd}|rd}n7|r3ttjd|}|r|d}nd}|sdStj|xxdzcc<tj|s*tj|=|tj vrtj |=dSdSdSr) rrr(r r rrrrrrs r%rzOAuthProvider._remove_users&.6:::FF %-599&AA  DD  &$fkD ,{{7++D  F D!!!Q&!!!"4( 6#D)u222/555 6 622r,ctj|sdStjtjj}||z dz }t dt|j |tjtj |z}t|j||||} |dkrtj| dS|d} tj| n#t$$rYnwxYwtj| | |dS#tj| | |wxYw)N z)%s scheduling token refresh in %d seconds)secondsrz-refresh-access-tokens)at)rrr(rrrrrrr9rcrdre timedeltar_scheduled_refreshexecute cancel_taskKeyError schedule_task) rX expiry_tsrgrmrrrexpiry_seconds expiry_date refresh_cbtasks r%rzOAuthProvider._schedule_refresh&sU"&&t,,  F11;;=="V+b0 =tDzz?RTbccckoo''",~*N*N*NN T4dM;X_`` Q   M* % % % F... B  d # # # #    D   j[ A A A A A AE j[ A A A A As*DE D(%E'D((EEcK|||||d{Vtj|}|d|d}}|dr |d}nt|d}||||||dS)Nrvrmrr)rrrrr)rXrgrmrrrrvrs r%rz OAuthProvider._scheduled_refresh9s((}k7SSSSSSSSS06 &0&@*_B]m h  7)FF!,//6F vt]KQQQQQr,cK|tjvrjtj|s@tj|s,tjdd{Vtj|,dStj|d}tdt |jitj|<|||}| tj tj |d{V\}}}}|r\tjtjj} |||r| |znddtj|<dStj|=dS)Nrrmr)rr)r^r[rm)rvrmr)rrrrr9rcrdrerrbr rrrrrrrr) rXrgrmrr auth_handlerrhrvrwrs r%rz#OAuthProvider._refresh_access_tokenCs 5. . ..t4 S5d;-!-,,,,,,,,, 5d;- % ;D A/ R  'd)<===,.#D)))k7)SS ;G;[;[& -'<\< < 6 6 6 6 6 6 2<  2[__R[_55??AAF ,!./9C&++t11E ' - - - +D111r,) rer r r=rrrrrrrrrrs@r%rrs X????X?BX666*BBB&RRR2222222r,r) auth0azureazurev2 bitbucketgenericgooglegithubgitlaboktaro auth_codez panel.authF_oauth_provider)Orr0rrrrr"loggingrSr urllib.parseparserrr functoolsrrbokeh.server.auth_providerr tornado.authrtornado.httpclientrrr tornado.webr r tornado.websocketr r entry_pointsr io.resourcesrrrrrio.staterutilrr getLoggerrer9rrr&r+r3r<webr>rr!r1r;r?rArQrWrjror{r}rrrr entry_pointloadnamelistkeysparamobjectsrNr,r%rs    $$$$$$333333$$$$$$HHHHHHHHFFFFFFFFFF......******00000000g!!'%.:::OOO    t t t t t  2Kt t t n ddddd+ddd2$$$$$.$$$N*E*E*E*E*E 3*E*E*E\     *        -   11111$111611111*111DIIIII+III8IIIII-III8.>.>.>.>.>(.>.>.>b*9W9W9W9W9W9W9W9WxGK.(\\\\\ \\\~`2`2`2`2`2%`2`2`2H $&"   $*  $#L11::K'2'7'7'9'9N;#$$9=n>Q>Q>S>S9T9T U-.666r,