o +if0,@sddlZzddlmZWneyddlmZYnwddlZeeZdZdZ dZ dZ e e e degZ gdZdZGd d d eZGd d d eZd dZddZddZdS)N)urlparsezlogin.microsoftonline.uszlogin.chinacloudapi.cnzlogin.microsoftonline.comzlogin-us.microsoftonline.com)z b2clogin.comz b2clogin.cnz b2clogin.usz b2clogin.dez ciamlogin.comz.ciamlogin.comc@seZdZddZddZdS)AuthorityBuildercCs|d|_|d|_dS)zA helper to save caller from doing string concatenation. Usage is documented in :func:`application.ClientApplication.__init__`. /N)rstrip _instancestrip_tenant)selfinstancetenantr G/var/www/html/corbot_env/lib/python3.10/site-packages/msal/authority.py__init__#s zAuthorityBuilder.__init__cCsd|j|jS)Nz https://{}/{})formatrrr r r r __str__+szAuthorityBuilder.__str__N)__name__ __module__ __qualname__rrr r r r r"s rc@sBeZdZdZegZ   d ddZddZdd Zd d d Z dS) AuthorityzThis class represents an (already-validated) authority. Once constructed, it contains members named "*_endpoint" for this instance. TODO: It will also cache the previously-validated authority instances. TNc Cs||_|rtd|||}n td|||||}zt||j}Wnty@|r5dj|dnd|d}t|wtd|||d|_ |d |_ | d |_ t |j \} } |_d S) a`Creates an authority instance, and also validates it. :param validate_authority: The Authority validation process actually checks two parts: instance (a.k.a. host) and tenant. We always do a tenant discovery. This parameter only controls whether an instance discovery will be performed. z$Initializing with OIDC authority: %sz%Initializing with Entra authority: %szUnable to get OIDC authority configuration for {url} because its OIDC Discovery endpoint is unavailable at {url}/.well-known/openid-configuration )urlzUnable to get authority configuration for {}. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant or https://tenant_name.ciamlogin.com or https://tenant_name.b2clogin.com/tenant.onmicrosoft.com/policy. z> Also please double check your tenant name or GUID is correct.zopenid_config("%s") = %sauthorization_endpointtoken_endpointdevice_authorization_endpointN) _http_clientloggerinfo_initialize_oidc_authority_initialize_entra_authoritytenant_discovery ValueErrorrdebugrrgetr canonicalizer ) r authority_url http_clientvalidate_authorityinstance_discoveryoidc_authority_urltenant_discovery_endpoint openid_config error_message_r r r r7sB       zAuthority.__init__cCs2t|\}|_}|dk|_d|_d|_|dS)NadfsTz!/.well-known/openid-configuration)r#r loweris_adfs_is_b2c_is_known_to_developer)r r( authorityr r r r rgs z$Authority._initialize_oidc_authorityc sFt|tr t|}t|\}_}jt}|dko| _|j d}t fddt Dp@t |dko@|dd_jpJjpJ| _jtv}|dvrZd tn|} | r|sjstd j|j j| } | d d kr}td || d} | S|jdj|rt |j dkr|n|j jrdnddd} | S)Nr-rc3s |] }jd|VqdS).N)r endswith).0drr r }s z8Authority._initialize_entra_authority..b2c_)NTz$https://{}/common/discovery/instancez"https://{}{}/oauth2/v2.0/authorizeerrorinvalid_instancezinvalid_instance: The authority you provided, %s, is not whitelisted. If it is indeed your legit customized domain name, you can turn off this check by passing in instance_discovery=Falser)z2{prefix}{version}/.well-known/openid-configurationz/v2.0)prefixversion)path) isinstancerstrr#r r4_CIAM_DOMAIN_SUFFIXr.r/rAsplitanyWELL_KNOWN_B2C_HOSTSlen startswithr0r1WELL_KNOWN_AUTHORITY_HOSTSr WORLD_WIDE_instance_discoveryrr"r _replacegeturl) r r$r&r'r2r is_ciampartsis_known_to_microsoftinstance_discovery_endpointpayloadr)r rr rpsb       z%Authority._initialize_entra_authoritycCsf|j|jjvr1|p|jjdj|j|dd|dd}|jdkr)|t |j S|jj |jiS)Nzs4