ZSrSSKrSSKJr SSKJr SrSrSrS Sjr S r SS04S jr g) aRClient for interacting with the Reauth HTTP API. This module provides the ability to do the following with the API: 1. Get a list of challenges needed to obtain additional authorization. 2. Send the result of the challenge to obtain a rapt token. 3. A modified version of the standard OAuth2.0 refresh grant that takes a rapt token. N)urllib)errorsz)https://reauth.googleapis.com/v2/sessionscJSU;a[R"USS5eU$)zRaise an exception if msg has errors. Args: msg: parsed json from http response. Returns: input response. Raises: ReauthAPIError errormessage)rReauthAPIError)msgs 7platform/bq/third_party/google_reauth/_reauth_client.py_handle_errorsr #s*#~##CL$;<< Jc U"SR[U5S[R"U5SSRU50S9upE[R"U5n[ U5 U$)Nz{0}{1}POST Authorizationz Bearer {0}urimethodbodyheaders)format _REAUTH_APIjsondumpsloadsr ) http_requestpathr access_token_contentresponses r _endpoint_requestr 1s[ OOK . ZZ  ,"5"5l"CD JA zz'"H8 Or c:SU0nU(aX4S'[USXB5$)aDoes initial request to reauth API to get the challenges. Args: http_request (Callable): callable to run http requests. Accepts uri, method, body and headers. Returns a tuple: (response, content) supported_challenge_types (Sequence[str]): list of challenge names supported by the manager. access_token (str): Access token with reauth scopes. requested_scopes (list[str]): Authorized scopes for the credentials. Returns: dict: The response from the reauth API. supportedChallengeTypes oauthScopesForDomainPolicyLookupz:start)r )rsupported_challenge_typesrrequested_scopesrs r get_challengesr&=s/ &'@ AD3C /0 h 44r cHUUSUS.n[USRU5XT5$)aaAttempt to refresh access token by sending next challenge result. Args: http_request (Callable): callable to run http requests. Accepts uri, method, body and headers. Returns a tuple: (response, content) session_id (str): session id returned by the initial reauth call. challenge_id (str): challenge id returned by the initial reauth call. client_input: dict with a challenge-specific client input. For example: ``{'credential': password}`` for password challenge. access_token (str): Access token with reauth scopes. Returns: dict: The response from the reauth API. RESPOND) sessionId challengeIdactionproposalResponsez /{0}:continue)r r)r session_id challenge_id client_inputrrs r send_challenge_resultr0Us:" #(  D o,,Z8$ NNr cSUUUS.nU(aXXS'U(aXhS'[RRU5n U"USU US9upX4$)aImplements the OAuth 2.0 Refresh Grant with the addition of the reauth token. Args: http_request (Callable): callable to run http requests. Accepts uri, method, body and headers. Returns a tuple: (response, content) client_id (str): client id to get access token for reauth scope. client_secret (str): client secret for the client_id refresh_token (str): refresh token to refresh access token token_uri (str): uri to refresh access token scopes (str): scopes required by the client application as a comma-joined list. rapt (str): RAPT token headers (dict): headers for http request Returns: Tuple[str, dict]: http response and parsed response content. refresh_token) grant_type client_id client_secretr2scoperaptrr)rparse urlencode) rr4r5r2 token_uriscopesr7r parametersrrrs r refresh_grantr=psg,&&& J$7 !6 << ! !* -D$   H  r )N) __doc__r six.movesr google_reauthrrr r r&r0r=r r rBsB   9   40N:T2)r