B7nSrSSKJr SSKJr SSKJr SSKrSSKJr SSKJr SSKJ r SS KJ r SS KJr SSKJr SS KJr SS KJr SSKJ r SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SS KJr SSK J!r" SSK#r#SSK$J%r% SSK$J&r& Sr'"SS\ RP5r("SS\(\ RR5r*"SS\(\ RR5r+"SS\(\ RX5r-"SS \R\5r.S)S!jr/S"r0\Rb"S#\0S$9S%5r2S&r3"S'S(\ R\5r4g)*z5Customizations of google auth credentials for gcloud.)absolute_import)division)unicode_literalsN)_helpers) credentials) exceptions) external_account_authorized_user)_client)reauth) context_aware)http)log) properties) console_io)retry)client)errors) http_client)urllibz$https://oauth2.googleapis.com/revokec\rSrSrSrSrg)Error0z2Exceptions for the google_auth_credentials module.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r>lib/googlecloudsdk/core/credentials/google_auth_credentials.pyrr0s:r!rc\rSrSrSrSrg)ReauthRequiredError4z#Exceptions when reauth is required.rNrrr!r"r$r$4s+r!r$c,^\rSrSrSrU4SjrSrU=r$)ContextAwareAccessDeniedError8z!Exceptions when access is denied.cd>[[U] [RR 55 gN)superr'__init__r ContextAwareAccessErrorGet)self __class__s r"r,&ContextAwareAccessDeniedError.__init__;s% '7--113r!r)rrrrrr,r __classcell__r0s@r"r'r'8s)r!r'c\rSrSrSrSrg)TokenRevokeErrorAzSU;aUSUlUS OSUl[[U]"U0UD6 g)N rapt_token) _rapt_tokenr+r8r,)r/argskwargsr0s r"r,Credentials.__init__Os<v -d  d +t%t6v6r!cX>[[U] U5 URS5Ulg)Nr<)r+r8 __setstate__getr<)r/dr0s r"rACredentials.__setstate__Ws# +t)!,uu]+Dr!cUR$)zReauth proof token.)r<r/s r"r;Credentials.rapt_token[s   r!c TURU5$![Ga [R"5(d[R "S5e[ RRRR5(a[R"S5 SSK Jn SUl[ R""UUR$UR&UR(UR*[-UR.=(d /55UlGO ![2R4an[R "S5UeSnAf[6a [R8"S5ef=f[R"S 5 [:R<(aSOS n[>R@"US 9RBn[DRF"UUR$UR&UR(UR*[-UR.=(d /55UlOf=fURU5$) zRefreshes the access token and handles reauth request when it is asked. Args: request: google.auth.transport.Request, a callable used to make HTTP requests. z/cannot prompt during non-interactive execution.zusing google-auth reauthr)customauthenticatorziA security key reauthentication challenge was issued but no key was found. Try manually reauthenticating.NzgFailed to obtain reauth rapt token. Did you touch the security key within the 15 second timeout window?zusing oauth2client reauthzutf-8)response_encoding)$_Refreshr$r CanPromptgoogle_auth_exceptionsReauthFailErrorrVALUESauthreauth_use_google_authGetBoolrdebugpyu2f.conveniencerIU2F_SIGNATURE_TIMEOUT_SECONDSgoogle_auth_reauthget_rapt_token _client_id_client_secret_refresh_token _token_urilistscopesr< pyu2f_errors OsHidErrorKeyError RefreshErrorsixPY2r Httprequestr GetRaptToken)r/rfrIerK http_requests r"refreshCredentials.refresh`s< ]]7 ## :  ! ! # #$44 =       6 6 > > @ @ ,- ;?A  ;/>>oo!!!!oo4;;$"%  $ && '66;    '339   -.$'GGDyy3DEMM !..  OO       OO " #  g: x == !!s0BHA1DE$D;;$EB4HHc URb'URbURb URc[R "S5e[ USS5n[XRURURURURU5up4pVX0l XPl X@lURS5Ul URS5Ul UR(axSU;aq[UR5n[USR55nXx- n U (a4[R "SR!SR#U 555eggg)NzThe credentials do not contain the necessary fields need to refresh the access token. You must specify refresh_token, token_uri, client_id, and client_secret.r<id_tokenscopezUNot all requested scopes were granted by the authorization server, missing scopes {}.z, )r[r\rYrZrNrbgetattr _RefreshGrant_scopestokenexpiryrB _id_token id_tokenb64 frozensetsplitformatjoin) r/rfr; access_token refresh_tokenrsgrant_responserequested_scopesgranted_scopes scopes_requested_but_not_granteds r"rLCredentials._Refreshs> #t'> 4#6#6#> " / / 5 66}d3J:G$"5"5t T\\:;77LJK'#'' 3DN&))*5D ||>1"4<<0 !8!>!>!@An)9)J& )$11 77=v :;8=> > * 2|r!cSUR=(d UR0n[R"[U5nS[ R 0nU"X4SS9nUR[R:wac[R"UR5n[R"U5nURS5nURS5n [!X5eg)Nrr content-typePOST)headersmethoderrorerror_description)r{rrr update_queryGOOGLE_REVOKE_URIgoogle_auth_client_URLENCODED_CONTENT_TYPEstatusrOKrc ensure_textdatajsonloadsrBr5) r/rf query_paramstoken_revoke_urirresponse response_data response_jsonrrs r"revokeCredentials.revokesT//=4::>L,,-> M*CCG'HH+..(oohmm4mjj/m(e'++,?@ U 66 )r!c D[U[R5(apU"URURUR UR URURURURS9nURUl U$[U[R5(a]U"URURURURURURURURS9$[R"S5e)a Creates an object from creds of google.oauth2.credentials.Credentials. Args: creds: Union[ google.oauth2.credentials.Credentials, google.auth.external_account_authorized_user.Credentials ], The input credentials. Returns: Credentials of Credentials. )r{rm token_uri client_id client_secretr^quota_project_id)rsr{rrrr^rzInvalid Credentials) isinstancerr8rrr{rmrrrr^rrs,google_auth_external_account_authorized_user token_urlrInvalidCredentials)clscredsress r"FromGoogleAuthUserCredentials)Credentials.FromGoogleAuthUserCredentialss%0011  ++++>>OOOO++ 11 3c<JJLL  ++++OOOO++ 1133  ' '(= >>r!)rtr<r[rsrurr)rrrrrr,rApropertyr;rjrLr classmethodrr r2r3s@r"r8r8HsK 7,  E"N>> 7$?$?r!r8cS[R4SU4SU4SU4/nU(a"URSSRU545 U(aURSU45 [ XU5nUSn URSU5n[R"U5n W X,U4$![ a7n [ R"S U5n [R"X5 S n A NiS n A ff=f) z>Prepares the request to send to auth server to refresh tokens. grant_typerrr{rn raptrzzNo access token in response.N) r_REFRESH_GRANT_TYPEappendry_TokenEndpointRequestWithRetryrarNrbrc raise_fromrB _parse_expiry) rfrr{rrr^r;bodyrrz caught_excnew_excrss r"rprps';;<I & &  $  KK#((6*+,KK$%0TJ-( 0L  ##O]C-  + +M :& }m ;; ($11& 7GNN7''(s-B C )-CC c:AAAU[:g=(a U[:g$)aWhether to retry the request when receive errors. Do not retry reauth-related errors or context aware access errors. Retrying won't help in those situations. Args: exc_type: type of the raised exception. exc_value: the instance of the raise the exception. exc_traceback: Traceback, traceback encapsulating the call stack at the the point where the exception occurred. state: RetryerState, state of the retryer. Returns: True if exception and is not due to reauth-related errors or context-aware access restriction. )r$r')exc_type exc_value exc_tracebackstates r"_ShouldRetryServerInternalErrorrs'" ) ) 4 3 35r!) max_retrialsshould_retry_ifc6[RRU5nS[R0nU"SXUS9n[ R "UR5nUR[R:wa [U5 [R"U5nU$)afMakes a request to the OAuth 2.0 authorization server's token endpoint. Args: request: google.auth.transport.Request, A callable used to make HTTP requests. token_uri: str, The OAuth 2.0 authorizations server's token endpoint URI. body: {str: str}, The parameters to send in the request body. Returns: The JSON-decoded response data. rr)rurlrr)rparse urlencoderrrcrrrrr_HandleErrorResponserr)rfrrrr response_bodyrs r"rr3sy    %$(AA 'F  N(//(--0- __ &'**]+- r!c[R"U5nURS5nURS5nU[R:Xa3U[R :XdU[R :Xa [S5e[R"US5 g![Ra+n[R"U5(a [5eeSnAff=f)au"Translates an error response into an exception. Args: response_body: str, The decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an server internal error. ContextAwareAccessDeniedError: if the error was due to a context aware access restriction. ReauthRequiredError: If reauth is required. r error_subtypezreauth is required.FN)rrrBoauth2client_clientREAUTH_NEEDED_ERROR REAUTH_NEEDED_ERROR_INVALID_RAPT!REAUTH_NEEDED_ERROR_RAPT_REQUIREDr$r_handle_error_responserNrbr IsContextAwareAccessDeniedErrorr')r error_data error_coderrhs r"rrRszz-(*~~g&*..1-&:::*KKK*LLL 3 44 --j%@  , , 44Q77 ) ++  sBC-&CCcB^\rSrSrSrU4Sjr\S5rSrSr U=r $)AccessTokenCredentialsioz,A credential represented by an access token.c6>[[U] 5 Xlgr*)r+rr,rr)r/rrr0s r"r,AccessTokenCredentials.__init__rs $02Jr!cg)NFrrFs r"expiredAccessTokenCredentials.expiredvs r!cAgr*r)r/rfs r"rjAccessTokenCredentials.refreshzsr!)rr) rrrrrr,rrrjr r2r3s@r"rros)4    r!r)NN)5r __future__rrrr google.authrrgoogle_auth_credentialsrrNr r google.oauth2r rr rWgooglecloudsdk.corer r rrgooglecloudsdk.core.consolergooglecloudsdk.core.utilr oauth2clientrroauth2client.contribpyu2frr_rc six.movesrrrrrbr$r'GoogleAuthErrorr5r8rprRetryOnExceptionrrrrr!r"rs<'' ><h7%6-*$#*2*6'( !:;J  ;,%!7!D!D,E+A+N+NEu4DDEq?+))q?r!