:SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKJ r SSKJ r SSK J r SS KJr SSKJ r SS KJr SS KJr SS KJr S rSS0rSr"SS\ R05r"SS\5r"SS\5r"SS\R65rSrg)z+Provides utilities for token introspection.)absolute_import)division)unicode_literalsN) exceptions)external_account)utils)config) properties) http_client)urllibz-urn:ietf:params:oauth:token-type:access_tokenz Content-Typez!application/x-www-form-urlencodedz(https://sts.googleapis.com/v1/introspectc\rSrSrSrSrg)Error*z!A base exception for this module.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r1lib/googlecloudsdk/core/credentials/introspect.pyrr*s)rrc\rSrSrSrSrg)InactiveCredentialsError.z[[U] U5 Xlg)aInitializes an OAuth introspection client instance. Args: token_introspect_endpoint (str): The token introspection endpoint. client_authentication (Optional[oauth2_utils.ClientAuthentication]): The optional OAuth client authentication credentials if available. N)superr!__init___token_introspect_endpoint)selftoken_introspect_endpointclient_authentication __class__s rr%IntrospectionClient.__init__?s t-.CD&?#rc[R5nUUS.nURXE5 U"URSU[R R U5RS5S9n[URS5(aURRS5O URnUR[R:wa [U5e[R "U5nUR#S5(aU$[%U5e)a\Returns the meta-information associated with an OAuth token. Args: request (google.auth.transport.Request): A callable that makes HTTP requests. token (str): The OAuth token whose meta-information are to be returned. token_type_hint (Optional[str]): The optional token type. The default is access_token. Returns: Mapping: The active token meta-information returned by the introspection endpoint. Raises: InactiveCredentialsError: If the credentials are invalid or expired. TokenIntrospectionError: If an error is encountered while calling the token introspection endpoint. )tokentoken_type_hintPOSTzutf-8)urlmethodheadersbodydecodeactive)_URLENCODED_HEADERScopy#apply_client_authentication_optionsr&r parse urlencodeencodehasattrdatar4statusr OKrjsonloadsgetr) r'requestr-r.r2 request_bodyresponse response_body response_datas r introspectIntrospectionClient.introspectJs&"&&(G*L  ,,WC  + + \\ # #L 1 8 8 A H 8==( + +  W% ]]+..( #M 22JJ}-M""  $] 33r)r&)N) rrrrrr%_ACCESS_TOKEN_TYPErHr __classcell__)r*s@rr!r!6s @8J2424rr!cSSKJn [R"[RR [ R[ R5n[n[RRRR5nURnU(dU(a U=(d Un[!UUS9nUR#5n[%U[&R(5(ai[+US5(aX[-[/US55(a>UR15(a)UR35up[4R6"XxU 4S9nURH(dURKU5 URMXpRN5n U RQS5$![8[:[<R>[@[B4a!n [DRF"SU 5 Sn A NSn A ff=f) amReturns the external account credentials' identifier. This requires basic client authentication and only works with external account credentials that have not been impersonated. The returned username field is used for the account ID. Args: creds (google.auth.external_account.Credentials): The external account credentials whose account ID is to be determined. Returns: Optional(str): The account ID string if determinable. Raises: InactiveCredentialsError: If the credentials are invalid or expired. TokenIntrospectionError: If an error is encountered while calling the token introspection endpoint. r)requests)r(r)_mtls_required)certz0Could not get mTLS certificate and key paths: %sNusername))googlecloudsdk.corerM oauth2_utilsClientAuthenticationClientAuthTypebasicr CLOUDSDK_CLIENT_IDCLOUDSDK_CLIENT_NOTSOSECRET(_EXTERNAL_ACCT_TOKEN_INTROSPECT_ENDPOINTr VALUESauthtoken_introspection_endpointGettoken_info_urlr!GoogleAuthRequest isinstancer Credentialsr<callablegetattrrN_get_mtls_cert_and_key_paths functoolspartialAttributeError ValueErrorgoogle_auth_exceptionsGoogleAuthErrorIOErrorOSErrorloggingdebugvalidrefreshrHr-rB) creds core_requestsr)r[endpoint_overrideproperty_overrideoauth_introspectionrC cert_pathkey_pathe token_infos rGetExternalAccountIdrys(<';;!!''  (("J '',,IIMMO**+#4#I8I + <1  + + -' (4455 %) * * 75"23 4 4      !>>@i!!'H0EFg  MM'"--g{{C*  ## ..    mmFJ   s*(F )G* G%%G*)r __future__rrrrdr@rl google.authrrhr google.oauth2rrRrQr r six.movesr r rJr6rXrrrOAuthClientAuthHandlerr!ryrrrrs2&' <(/&**!E%'JK.) *J  *EuEOeOF4,==F4RK$r