ó ‚¾^Yc@sCdZddlZddlZddlZdd„Zd„ZdS(sm Utility functions for implementing Proof Key for Code Exchange (PKCE) by OAuth Public Clients See RFC7636. iÿÿÿÿNi@cCsktjtj|ƒƒjdƒ}t|ƒdkrBtdƒ‚n%t|ƒdkrctdƒ‚n|SdS(sŸ Generates a 'code_verifier' as described in section 4.1 of RFC 7636. This is a 'high-entropy cryptographic random string' that will be impractical for an attacker to guess. Args: n_bytes: integer between 31 and 96, inclusive. default: 64 number of bytes of entropy to include in verifier. Returns: Bytestring, representing urlsafe base64-encoded random data. t=i+s)Verifier too short. n_bytes must be > 30.i€s(Verifier too long. n_bytes must be < 97.N(tbase64turlsafe_b64encodetosturandomtrstriptlent ValueError(tn_bytestverifier((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pkce.pyt code_verifiers !cCs+tj|ƒjƒ}tj|ƒjdƒS(s“ Creates a 'code_challenge' as described in section 4.2 of RFC 7636 by taking the sha256 hash of the verifier and then urlsafe base64-encoding it. Args: verifier: bytestring, representing a code_verifier as generated by code_verifier(). Returns: Bytestring, representing a urlsafe base64-encoded sha256 hash digest, without '=' padding. R(thashlibtsha256tdigestRRR(R R ((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pkce.pytcode_challenge4s(t__doc__RR RR R(((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pkce.pyts