� u��g2,��ddlZ ddlmZn#e$r ddlmZYnwxYwddlZeje��ZdZdZ dZ dZeee deg��Z gd�ZdZGd �d e��ZGd�de��Zd �Zd�Zd�ZdS)�N)�urlparsezlogin.microsoftonline.uszlogin.chinacloudapi.cnzlogin.microsoftonline.comzlogin-us.microsoftonline.com)zb2clogin.comzb2clogin.cnzb2clogin.uszb2clogin.dez ciamlogin.comz.ciamlogin.comc��eZdZd�Zd�ZdS)�AuthorityBuilderc�n�|�d��|_|�d��|_dS)z�A helper to save caller from doing string concatenation. Usage is documented in :func:`application.ClientApplication.__init__`. �/N)�rstrip� _instance�strip�_tenant)�self�instance�tenants �^/home/asafur/pinokio/api/open-webui.git/app/env/lib/python3.11/site-packages/msal/authority.py�__init__zAuthorityBuilder.__init__#s.�� "��-�-��|�|�C�(�(��c�B�d�|j|j��S)Nz https://{}/{})�formatr r)rs r�__str__zAuthorityBuilder.__str__+s��%�%�d�n�d�l�C�C�CrN)�__name__� __module__�__qualname__rr�rrrr"s7��)�)�)�D�D�D�D�Drrc�J�eZdZdZeg��Z dd�Zd�Zd�Zd d�Z dS) � Authorityz�This class represents an (already-validated) authority. Once constructed, it contains members named "*_endpoint" for this instance. TODO: It will also cache the previously-validated authority instances. TNc��||_|r1t�d|��|�|��}n2t�d|��|�|||��} t||j��}nM#t$r@|rd�|��nd�|��dz}t |��wxYwt�d||��|d|_|d |_ |� d ��|_t|j ��\} } |_ dS)a`Creates an authority instance, and also validates it. :param validate_authority: The Authority validation process actually checks two parts: instance (a.k.a. host) and tenant. We always do a tenant discovery. This parameter only controls whether an instance discovery will be performed. z$Initializing with OIDC authority: %sz%Initializing with Entra authority: %sz�Unable to get OIDC authority configuration for {url} because its OIDC Discovery endpoint is unavailable at {url}/.well-known/openid-configuration )�urlz�Unable to get authority configuration for {}. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant or https://tenant_name.ciamlogin.com or https://tenant_name.b2clogin.com/tenant.onmicrosoft.com/policy. z> Also please double check your tenant name or GUID is correct.zopenid_config("%s") = %s�authorization_endpoint�token_endpoint�device_authorization_endpointN)�_http_client�logger�debug�_initialize_oidc_authority�_initialize_entra_authority�tenant_discovery� ValueErrorrrr�getr�canonicalizer) r� authority_url�http_client�validate_authority�instance_discovery�oidc_authority_url�tenant_discovery_endpoint� openid_config� error_message�_s rrzAuthority.__init__7s��(�� G��L�L�?�AS�T�T�T�(,�(G�(G�"�)$�)$�%�%� �L�L�@�-�P�P�P�(,�(H�(H��1�3E�)G�)G�%� ,�,�)��!�#�#�M�M�� ,� ,� ,� &� '�:�:@�&�EW�&�:X�:X�:X�V� �� &�&�T�U�M��]�+�+�+� ,�� &�(A�=� R� R� R�&3�4L�&M��#�+�,<�=��-:�->�->�?^�-_�-_��*�(��)<�=�=��1�d�k�k�ks �.B�A Cc��t|��\}|_}|��dk|_d|_d|_|dzS)N�adfsTz!/.well-known/openid-configuration)r(r �lower�is_adfs�_is_b2c�_is_known_to_developer)rr-� authorityrs rr#z$Authority._initialize_oidc_authoritygsJ��+7�8J�+K�+K�(� �4�=�&��|�|�~�~��/��'+��#�!�$G�G�Grc�8��t|t��rt|��}t|��\}�_}�j�t��}|��dko|�_|j � d��}t�fd�tD��p?t|��dko,|d��d��_�jp �jp|�_�jt"v}|dvrd�t&��n|} | rq|so�jsht)d ��j|j ��j| ��} | �d ��dkrt/d|z��| d }ng|�d�|rt|j ��dkr|n|j �jrdnd��}|S)Nr3rc3�R�K�|]!}�j�d|z��V��"dS)�.N)r �endswith)�.0�drs �r� <genexpr>z8Authority._initialize_entra_authority.<locals>.<genexpr>}sH��01�D�M�"�"�3��7�+�+��r��b2c_)NTz$https://{}/common/discovery/instancez"https://{}{}/oauth2/v2.0/authorize�error�invalid_instancez�invalid_instance: The authority you provided, %s, is not whitelisted. If it is indeed your legit customized domain name, you can turn off this check by passing in instance_discovery=Falser.z2{prefix}{version}/.well-known/openid-configuration��z/v2.0)�prefix�version)�path)� isinstancer�strr(r r<�_CIAM_DOMAIN_SUFFIXr4r5rI�split�any�WELL_KNOWN_B2C_HOSTS�len� startswithr6r7�WELL_KNOWN_AUTHORITY_HOSTSr� WORLD_WIDE�_instance_discoveryr r'r&�_replace�geturl)rr)r+r,r8r�is_ciam�parts�is_known_to_microsoft�instance_discovery_endpoint�payloadr.s` rr$z%Authority._initialize_entra_authoritypsh��m�%5�6�6� /�� .�.�M�+7� �+F�+F�(� �4�=�&��-�(�(�)<�=�=��|�|�~�~��/�?��K��$�$�S�)�)��5I��K��e�*�*��/�I�e�A�h�n�n�&6�&6�&A�&A�&�&I�&I� ��'+�l�&\�d�l�&\�J\�F\��#� $� �1K� K�� $�|�3�3� 'M�&S�&S��'�'�'�:L� $� '� �%� �)-�)D� �)�4�;�;��M�9�>�3�3��!�+� -�-�G� �{�{�7�#�#�'9�9�9� �/� $�$�%�%�%�)0�0K�(L�%�%�(1�(:�(:�I�P�P�%,�,��Y�^�1D�1D��1I�1I�6�6�&�^�"&�,�;�B�B�G�Q��);�)�)��&�(�(� &�)�(rc�Z�|j|jjvr�|p8|j�d�|j|��d|d��}|jdkr-|��tj |j ��S|jj�|j��iS)Nz<https://{netloc}/common/userrealm/{username}?api-version=1.0)�netloc�usernamezapplication/json)�Acceptzclient-request-id)�headersi�)r � __class__�%_domains_without_user_realm_discoveryr r'r�status_code�raise_for_status�json�loads�text�add)rr^�correlation_id�response�resps r�user_realm_discoveryzAuthority.user_realm_discovery�s��=�� T�T�T��@�t�0�4�4�N�U�U��=�8�V�=�=�#5�.<�>�>� 5� @� @�D� ��3�&�&��%�%�'�'�'��z�$�)�,�,�,��N�@�D�D�T�]�S�S�S�� r)TNN)NN) rrr�__doc__�setrbrr#r$rlrrrrr/s�� -0�C��G�G�)� $�#�#� .>�.>�.>�.>�`H�H�H�/)�/)�/)�b��rrc��t|��}|jdkr�|j�d��}t |��dkr|dr|dnd}|j�t��rG|r|n8d�|j� td��d��}||j|fSt |��dkr|dr||j|dfStd|z��)N�httpsrrArEz{}.onmicrosoft.comra Your given address (%s) should consist of an https url with a minimum of one segment in a path: e.g. https://login.microsoftonline.com/{tenant} or https://{tenant_name}.ciamlogin.com/{tenant} or https://{tenant_name}.b2clogin.com/{tenant_name}.onmicrosoft.com/policy)r�schemerIrMrP�hostnamer<rLr�rsplitr&)�authority_or_auth_endpointr8rX� first_partrs rr(r(�s��3�4�4�I��7�"�"��$�$�S�)�)��!$�U��q��U�1�X��U�1�X�X�4� ��&�&�':�;�;� 9�#-�F�Z�Z�3G�3N�3N��"�)�)�*=�q�A�A�!�D�4F�4F�F��i�0�&�8�8��u�:�:��?�?�u�Q�x�?��i�0�%��(�:�:� � U� %� %�&�&�&rc�Z�|j|fd|dd�i|��}tj|j��S)N�paramsz1.0)rzapi-version)r'rerfrg)rr*rZ�kwargsrks rrTrT�sK��;�?�#��*-�e�D�D��D��:�d�i� � � rc�P�|j|fi|��}|jdkrtj|j��Sd|jcxkrdkr1nn.td�||j|j��|��td|j|jfz��)N��i�i�z7OIDC Discovery failed on {}. HTTP status: {}, Error: {}z)Unable to complete OIDC Discovery: %d, %s) r'rcrerfrgr&rrd�RuntimeError)r.r*rxrks rr%r%�s��;�?�4�?�?��?�?�D��3��z�$�)�$�$�$� �d��$�$�$�$��$�$�$�$�$��R�Y�Y�%��I�� 3�t�7G��6S�S�U�U�Ur)re�urllib.parser�ImportError�logging� getLoggerrr!�AZURE_US_GOVERNMENT�AZURE_CHINA�AZURE_PUBLICrSrnrRrOrL�objectrrr(rTr%rrr�<module>r�sm��"�%�%�%�%�%�%�%��"�"�"�!�!�!�!�!�!�!�!�"�� 8� $� $��1��&��*�� (� � �S��"�� "��'�� D� D� D� D� D�v� D� D� D�@�@�@�@�@��@�@�@�F&�&�&�.!�!�!�U�U�U�U�Us� ��