+ Ii!^RIHt^RIt^RIt^RIHt^RIHt^RI H t ^RI H t H t ^RIHtHt^RIHt^R IHtHt^R IHt!R R 4tR#) ) annotationsN) lru_cache) SSLContext)Any) HTTPErrorURLError)PyJWKPyJWKSet)decode_complete)PyJWKClientConnectionErrorPyJWKClientError) JWKSetCachec]tRt^tRRRlltRRltRRRlltRRR lltR R ltR R lt ] RRl4t Rt R#) PyJWKClientNc8V^8dQhRRRRRRRRRR R R R R R R/#)uristr cache_keysboolmax_cached_keysint cache_jwk_setlifespanfloatheaderszdict[str, Any] | Nonetimeout ssl_contextzSSLContext | None)formats"xC:\Users\petid\OneDrive\Desktop\Maestro\MAESTRO CLAUDE\MAESTRO\maestro-backend\venv\Lib\site-packages\jwt/jwks_client.py __annotate__PyJWKClient.__annotate__sdL3L3 L3L3 L3  L3  L3'L3L3'L3c  Vf/pWnRVnW`nWpnWnV'd(V^8:d\ RV R24h\ V4VnMRVnV'd%\VR7!VP4p WnR#R#)uA client for retrieving signing keys from a JWKS endpoint. ``PyJWKClient`` uses a two-tier caching system to avoid unnecessary network requests: **Tier 1 — JWK Set cache** (enabled by default): Caches the entire JSON Web Key Set response from the endpoint. Controlled by: - ``cache_jwk_set``: Set to ``True`` (the default) to enable this cache. When enabled, the JWK Set is fetched from the network only when the cache is empty or expired. - ``lifespan``: Time in seconds before the cached JWK Set expires. Defaults to ``300`` (5 minutes). Must be greater than 0. **Tier 2 — Signing key cache** (disabled by default): Caches individual signing keys (looked up by ``kid``) using an LRU cache with **no time-based expiration**. Keys are evicted only when the cache reaches its maximum size. Controlled by: - ``cache_keys``: Set to ``True`` to enable this cache. Defaults to ``False``. - ``max_cached_keys``: Maximum number of signing keys to keep in the LRU cache. Defaults to ``16``. :param uri: The URL of the JWKS endpoint. :type uri: str :param cache_keys: Enable the per-key LRU cache (Tier 2). :type cache_keys: bool :param max_cached_keys: Max entries in the signing key LRU cache. :type max_cached_keys: int :param cache_jwk_set: Enable the JWK Set response cache (Tier 1). :type cache_jwk_set: bool :param lifespan: TTL in seconds for the JWK Set cache. :type lifespan: float :param headers: Optional HTTP headers to include in requests. :type headers: dict or None :param timeout: HTTP request timeout in seconds. :type timeout: float :param ssl_context: Optional SSL context for the request. :type ssl_context: ssl.SSLContext or None Nz/Lifespan must be greater than 0, the input is "")maxsize) r jwk_set_cacherrrr rrget_signing_key) selfrrrrrrrrr)s &&&&&&&&& r!__init__PyJWKClient.__init__sj ?G15  & 1}&EhZqQ"-X!6D !%D  '@AUAUVO#2 r$cV^8dQhRR/#)rreturnrr)r s"r!r"r#_s00C0r$c Rp\PPVPVPR7p\PP W P VPR7;_uu_4p\P!V4pRRR4TVPeVPPV4## +'giL<;i \\3d<p\T\4'dTP!4\#RT R24ThRp?ii;i TPeTPPT4ii;i)a5Fetch the JWK Set from the JWKS endpoint. Makes an HTTP request to the configured ``uri`` and returns the parsed JSON response. If the JWK Set cache is enabled, the response is stored in the cache. :returns: The parsed JWK Set as a dictionary. :raises PyJWKClientConnectionError: If the HTTP request fails. N)urlr)rcontextz'Fail to fetch data from the url, err: "r&)urllibrequestRequestrrurlopenrrjsonloadr(putr TimeoutError isinstancercloser )r*jwk_setrresponsees& r! fetch_dataPyJWKClient.fetch_data_s 0&&488T\\&JA''<<1A1A())H-!!-""&&w/.,' !Y'' ,9!A>  !!-""&&w/.sBA2C6C CD# C CD %6DD  D##,Ec V^8dQhRRRR/#)rrefreshrr.r r)r s"r!r"r#|s((4(H(r$c RpVPe#V'gVPP4pVfVP4p\V\4'g \ R4h\ P!V4#)aReturn the JWK Set, using the cache when available. :param refresh: Force a fresh fetch from the endpoint, bypassing the cache. :type refresh: bool :returns: The JWK Set. :rtype: PyJWKSet :raises PyJWKClientError: If the endpoint does not return a JSON object. Nz.The JWKS endpoint did not return a JSON object)r(getr@r:dictr r from_dict)r*rCdatas&& r! get_jwk_setPyJWKClient.get_jwk_set|sf    )'%%))+D <??$D$%%"#ST T!!$''r$c V^8dQhRRRR/#)rrCrr. list[PyJWK]r)r s"r!r"r#sr$c VPV4pVPUu.uF,pVPR9gKVP'gK*VNK. ppV'g \ R4hV#uupi)a_Return all signing keys from the JWK Set. Filters the JWK Set to keys whose ``use`` is ``"sig"`` (or unspecified) and that have a ``kid``. :param refresh: Force a fresh fetch from the endpoint, bypassing the cache. :type refresh: bool :returns: A list of signing keys. :rtype: list[PyJWK] :raises PyJWKClientError: If no signing keys are found. z2The JWKS endpoint did not contain any signing keys)sigN)rIkeyspublic_key_usekey_idr )r*rCr< jwk_set_key signing_keyss&& r!get_signing_keysPyJWKClient.get_signing_keysst""7+ '|| + ))]: ?J?Q?Q K+  "#WX X sA)A) A)c V^8dQhRRRR/#)rkidrr.r r)r s"r!r"r#s35r$c VP4pVPW!4pV'g;VPRR7pVPW!4pV'g\RV R24hV#)aYReturn the signing key matching the given ``kid``. If no match is found in the current JWK Set, the set is refreshed from the endpoint and the lookup is retried once. :param kid: The key ID to look up. :type kid: str :returns: The matching signing key. :rtype: PyJWK :raises PyJWKClientError: If no matching key is found after refreshing. T)rCz,Unable to find a signing key that matches: "r&)rT match_kidr )r*rWrS signing_keys&& r!r)PyJWKClient.get_signing_keysh,,. nn\7 000>L..;K&B3%qIr$c V^8dQhRRRR/#)rtokenz str | bytesr.r r)r s"r!r"r#s 7 7k 7e 7r$c r\VRR/R7pVR,pVPVPR44#)aReturn the signing key for a JWT by reading its ``kid`` header. Extracts the ``kid`` from the token's unverified header and delegates to :meth:`get_signing_key`. :param token: The encoded JWT. :type token: str or bytes :returns: The matching signing key. :rtype: PyJWK verify_signatureF)optionsheaderrW) decode_tokenr)rE)r*r] unverifiedras&& r!get_signing_key_from_jwt$PyJWKClient.get_signing_key_from_jwts:"%2De1LM H%##FJJu$566r$c$V^8dQhRRRRRR/#)rrSrLrWrr.z PyJWK | Noner)r s"r!r"r#s! #,r$c HRpVFpVPV8XgKTpV# V#)zFind a key in *signing_keys* that matches *kid*. :param signing_keys: The list of keys to search. :type signing_keys: list[PyJWK] :param kid: The key ID to match. :type kid: str :returns: The matching key, or ``None`` if not found. :rtype: PyJWK or None N)rQ)rSrWrZkeys&& r!rYPyJWKClient.match_kids5 CzzS !   r$)r)rr(rrr)FTi,NN)F) __name__ __module__ __qualname____firstlineno__r+r@rIrTr)rd staticmethodrY__static_attributes__rr$r!rrs6L3\0:(.28 7r$r) __future__rr6urllib.requestr2 functoolsrsslrtypingr urllib.errorrrapi_jwkr r api_jwtr rb exceptionsr r r(rrrr$r!r{s2" ,$4D&YYr$