iU.%SSKJr SSKrSSKrSSKrSSKJr SSKJrJ r J r SSK J r J r J r SSKJrJrJrJr SSKJrJrJr SS KJrJrJrJrJrJrJrJrJ r SS KJ!r! \(d\""\RF"S S 55(aUSSK$r$\$RJS :aSSKJ&r& OSSK'J&r& SSK(J)r)J*r* SSK+J,r, SSK-J.r.J/r/J0r0 \\)\,\1\24r3S\4S'\\*\,\1\24r5S\4S'"SS5r6\6"5r7\\7l8\7Rrr9\7Rtr:\7Rvr;g)) annotationsN)timegm) ContainerIterableSequence)datetime timedeltatimezone) TYPE_CHECKINGAnyUnioncast)PyJWS_ALGORITHM_UNSET_jws_global_obj) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorInvalidJTIErrorInvalidSubjectErrorMissingRequiredClaimError)RemovedInPyjwt3Warning SPHINX_BUILD) ) TypeAlias)AllowedPrivateKeysAllowedPublicKeys)PyJWK) FullOptionsOptions SigOptionsr!AllowedPrivateKeyTypesAllowedPublicKeyTypesc2\rSrSrSSSjjr\SSj5rSSjrSSSjjr\ SSS4SSjjr SS S jjr S!S"S jjr S#S jr S!S$S jjrS%S&S jjrS'SjrSS(SjjrS)SjrS*SjrS*SjrS*SjrSS.S+SjjrS,SjrSrg)-PyJWT*NcU UR5UlUbURU5Ul[UR 5S9Ulg)N)options)_get_default_optionsr._merge_optionsr_get_sig_options_jwsselfr.s V/home/maestro/MAESTRO/maestro-backend/venv/lib/python3.13/site-packages/jwt/api_jwt.py__init__PyJWT.__init__+sB 002  ..w7DL$"7"7"9: c SSSSSSSS/SSS. $)NTF) verify_signature verify_exp verify_nbf verify_iat verify_aud verify_iss verify_sub verify_jtirequire strict_audenforce_minimum_key_lengthrEr8r5r/PyJWT._get_default_options3s/!%*/  r8cZURSURRSS5S.$)Nr:rDF)r:rDr.get)r4s r5r1PyJWT._get_sig_optionsCs0 $ -? @*.,,*:*:,e+  r8cUc UR$URSS5(dURSS5US'URSS5US'URSS5US'URSS5US'URSS5US'URS S5US 'URS S5US '0UREUE$) Nr:Tr;Fr<r=r>r?r@rArHr3s r5r0PyJWT._merge_optionsKs ?<< {{-t44$+KK e$DGL !$+KK e$DGL !$+KK e$DGL !$+KK e$DGL !$+KK e$DGL !$+KK e$DGL !$+KK e$DGL !*$,,*'**r8Tc [U[5(d [S5eUR5nSHFn[UR U5[ 5(dM)[ XR55X'MH SU;a#[US[5(d [S5eURUUUS9nURRUUUUUUS9$)aEncode the ``payload`` as JSON Web Token. :param payload: JWT claims, e.g. ``dict(iss=..., aud=..., sub=...)`` :type payload: dict[str, typing.Any] :param key: a key suitable for the chosen algorithm: * for **asymmetric algorithms**: PEM-formatted private key, a multiline string * for **symmetric algorithms**: plain string, sufficiently long for security :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPrivateKeys` :param algorithm: algorithm to sign the token with, e.g. ``"ES256"``. If ``headers`` includes ``alg``, it will be preferred to this parameter. If ``key`` is a :class:`PyJWK` object, by default the key algorithm will be used. :type algorithm: str or None :param headers: additional JWT header fields, e.g. ``dict(kid="my-key-id")``. :type headers: dict[str, typing.Any] or None :param json_encoder: custom JSON encoder for ``payload`` and ``headers`` :type json_encoder: json.JSONEncoder or None :rtype: str :returns: a JSON Web Token :raises TypeError: if ``payload`` is not a ``dict`` zGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbfisszIssuer (iss) must be a string.)headers json_encoder) sort_headers) isinstancedict TypeErrorcopyrIrr utctimetuplestr_encode_payloadr2encode) r4payloadkey algorithmrRrSrT time_claim json_payloads r5r\ PyJWT.encodeZsD'4((,  ,,./J'++j18<<&,W-@-M-M-O&P#0 G Jwu~s$C$C<= =++ %, yy     %    r8cL[R"USUS9RS5$)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsr\)r4r]rRrSs r5r[PyJWT._encode_payloads)zz !  &/  r8c U (a4[R"S[U R553[SS9 UcSn OUR SS5n UbX\:wa[R"S[ SS9 URU5n SU 0nURRUUUUUS9nURU5nURUU UUU U S 9 UUS 'U$) u,Identical to ``jwt.decode`` except for return value which is a dictionary containing the token header (JOSE Header), the token payload (JWT Payload), and token signature (JWT Signature) on the keys "header", "payload", and "signature" respectively. :param jwt: the token to be decoded :type jwt: str or bytes :param key: the key suitable for the allowed algorithm :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPublicKeys` :param algorithms: allowed algorithms, e.g. ``["ES256"]`` .. warning:: Do **not** compute the ``algorithms`` parameter based on the ``alg`` from the token itself, or on any other data that an attacker may be able to influence, as that might expose you to various vulnerabilities (see `RFC 8725 §2.1 `_). Instead, either hard-code a fixed value for ``algorithms``, or configure it in the same place you configure the ``key``. Make sure not to mix symmetric and asymmetric algorithms that interpret the ``key`` in different ways (e.g. HS\* and RS\*). :type algorithms: typing.Sequence[str] or None :param jwt.types.Options options: extended decoding and validation options Refer to :py:class:`jwt.types.Options` for more information. :param audience: optional, the value for ``verify_aud`` check :type audience: str or typing.Iterable[str] or None :param issuer: optional, the value for ``verify_iss`` check :type issuer: str or typing.Container[str] or None :param leeway: a time margin in seconds for the expiration check :type leeway: float or datetime.timedelta :rtype: dict[str, typing.Any] :returns: Decoded JWT with the JOSE Header on the key ``header``, the JWS Payload on the key ``payload``, and the JWS Signature on the key ``signature``. zypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelTr:zThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryrn)r^ algorithmsr.detached_payload)audienceissuerleewaysubjectr]) warningswarntuplekeysrrIDeprecationWarningr0r2decode_complete_decode_payload_validate_claims)r4jwtr^rpr.verifyrqrrrsrurtkwargsr:merged_options sig_optionsdecodedr]s r5r{PyJWT.decode_completesr  MM'',V[[]';&<>'   ?# &{{+=tD   &"< MMY,  ,,W5  0# ))++ !- , &&w/     % r8c[R"US5n[ U[ 5(d [S5eU$![an[SU35UeSnAff=f)z Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r]zInvalid payload string: Nz-Invalid payload string: must be a json object)rhloads ValueErrorrrUrV)r4rr]es r5r|PyJWT._decode_payloadsd E&*jj1C&DG'4((MN N  E 8<=1 D Es= AAAc U (a4[R"S[U R553[SS9 UR UUUUUUUUU U S9 n [ [[[4U S5$)uVerify the ``jwt`` token signature and return the token claims. :param jwt: the token to be decoded :type jwt: str or bytes :param key: the key suitable for the allowed algorithm :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPublicKeys` :param algorithms: allowed algorithms, e.g. ``["ES256"]`` If ``key`` is a :class:`PyJWK` object, allowed algorithms will default to the key algorithm. .. warning:: Do **not** compute the ``algorithms`` parameter based on the ``alg`` from the token itself, or on any other data that an attacker may be able to influence, as that might expose you to various vulnerabilities (see `RFC 8725 §2.1 `_). Instead, either hard-code a fixed value for ``algorithms``, or configure it in the same place you configure the ``key``. Make sure not to mix symmetric and asymmetric algorithms that interpret the ``key`` in different ways (e.g. HS\* and RS\*). :type algorithms: typing.Sequence[str] or None :param jwt.types.Options options: extended decoding and validation options Refer to :py:class:`jwt.types.Options` for more information. :param audience: optional, the value for ``verify_aud`` check :type audience: str or typing.Iterable[str] or None :param subject: optional, the value for ``verify_sub`` check :type subject: str or None :param issuer: optional, the value for ``verify_iss`` check :type issuer: str or typing.Container[str] or None :param leeway: a time margin in seconds for the expiration check :type leeway: float or datetime.timedelta :rtype: dict[str, typing.Any] :returns: the JWT claims zppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rlrm)rrqrrrursrtr]) rvrwrxryrr{rrVrZr ) r4r~r^rpr.rrqrrrursrtrrs r5decode PyJWT.decode,sr  MM'',V[[]';&<>'  &&    -'  DcNGI$677r8c[U[5(aUR5nUb&[U[[45(d [ S5eUR XS5 [R"[RS9R5nSU;aUS(aURXU5 SU;aUS(aURXU5 SU;aUS (aURXU5 US (aURX5 US (a UR!XUR#S S 5S9 US(aUR%X5 US(aUR'U5 gg)Nz+audience must be a string, iterable or NonerB)tzrOr=rPr<rNr;r?r>rCFstrictr@rA)rUr total_secondsrZrrW_validate_required_claimsrnowr utc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audrI _validate_sub _validate_jti)r4r]r.rrrsrurtrs r5r}PyJWT._validate_claims{s@ fi ( ())+F   8c8_(M(MIJ J &&w 0BCllhll+557 G  5   wV 4 G  5   wV 4 G  5   wV 4 <   w / <   '++lE*J   <   w 0 <   w ' !r8cPUH nURU5bM[U5e gN)rIr)r4r]claimsclaims r5rPyJWT._validate_required_claimss( E{{5!)/66r8cSU;ag[US[5(d [S5eUb!URS5U:wa [S5egg)z Checks whether "sub" if in the payload is valid or not. This is an Optional claim :param payload(dict): The payload which needs to be validated :param subject(str): The subject of the token subNzSubject must be a stringzInvalid subject)rUrZrrI)r4r]rus r5rPyJWT._validate_subsY   '%.#..%&@A A  {{5!W,)*;<<- r8cpSU;ag[URS5[5(d [S5eg)z Checks whether "jti" if in the payload is valid or not This is an Optional claim :param payload(dict): The payload which needs to be validated jtiNzJWT ID must be a string)rUrIrZr)r4r]s r5rPyJWT._validate_jtis6   '++e,c22!";< <3r8c|[US5nXBU-:a [S5eg![a [S5Sef=f)NrOz)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrrr)r4r]rrtrOs r5rPyJWT._validate_iatsV  gen%C , ()KL L  &;  $;c|[US5nXBU-:a [S5eg![a [S5Sef=f)NrPz*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rrrr)r4r]rrtrPs r5rPyJWT._validate_nbfsU  Vgen%C , ()KL L  VJKQU U Vrc|[US5nXBU- ::a [S5eg![a [S5Sef=f)NrNz/Expiration Time claim (exp) must be an integer.zSignature has expired)rrrr)r4r]rrtrNs r5rPyJWT._validate_expsV  gen%C < '(?@ @ !  A  rFrcd^UcSU;d US(dg[S5eSU;d US(d [S5eUSmU(aR[U[5(d [S5e[T[5(d [S5eUT:wa [S5eg[T[5(aT/m[T[5(d [S5e[ ST55(a [S5e[U[5(aU/n[ U4SjU55(a [S 5eg) NaudzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokenc3L# UHn[U[5(+v M g7fr)rUrZ).0cs r5 &PyJWT._validate_aud..'s?!:a%%%s"$c3,># UH oT;v M g7frrE)rraudience_claimss r5rr-s>Xc/)XszAudience doesn't match)rrrUrZlistanyall)r4r]rrrrs @r5rPyJWT._validate_auds  G#75>''9: :  wu~,E2 2!%. h,,*+FGGos33*+STT?**+LMM  os + +./O/400&'FG G ?? ? ?&'FG G h $ $ zH >X> > >&'?@ @ ?r8cUcgSU;a [S5eUSn[U[5(d [S5e[U[5(aX2:wa [S5egX2;a [S5eg![a [S5Sef=f)NrQz%Payload Issuer (iss) must be a stringzInvalid issuerz.Issuer param must be "str" or "Container[str]")rrUrZrrW)r4r]rsrQs r5rPyJWT._validate_iss0s >   +E2 2en#s##$%LM M fc " "}()9:: $,-=>>% (D s "A33B )r2r.r)r.Options | NonereturnNone)rr%)rr')r.rrr%)r]dict[str, Any]r^r(r_ str | NonerRdict[str, Any] | NonerStype[json.JSONEncoder] | NonerTboolrrZ)NN)r]rrRrrSrrbytes) rNNNNNNNr)r~ str | bytesr^r)rpSequence[str] | Noner.rr bool | Nonerq bytes | Nonerrstr | Iterable[str] | Nonersstr | Container[str] | Nonerurrtfloat | timedeltarr rr)rrrr)r~rr^z'AllowedPublicKeys | PyJWK | str | bytesrprr.rrrrqrrrrrurrsrrtrrr rr)NNNr)r]rr.r%rrzIterable[str] | str | NonersContainer[str] | str | Nonerurrtrrr)r]rrz Iterable[str]rr)r]rrurrr)r]rrr)r]rrfloatrtrrr)r]rrrrrrrr)r]rrsrrr)__name__ __module__ __qualname____firstlineno__r6 staticmethodr/r1r0rr\r[r{r|rr}rrrrrrrr__static_attributes__rEr8r5r+r+*s;      +&!1)-6:!@ @ $@  @ ' @ 4 @ @  @ J*.6: '4   *&(+/"&")-04.2"$%l l#l) l  ll'l-l,ll"l"#l$ %l\&8:+/"&")-04".2$%M8 M85M8) M8  M8M8'M8-M8M8,M8"M8"#M8$ %M8f04.2"$%((((((- (( , ((  (("(( ((T777  7>B=%=0:= =* = M M M M  M M M M M  MAAA A  A* 0A0A-0A  0A  0Ad%/J r8r+)< __future__rrhosrvcalendarrcollections.abcrrrrr r typingr r r rapi_jwsrrr exceptionsrrrrrrrrrrrgetenvsys version_infor!typing_extensionsrpr"r#api_jwkr$typesr%r&r'rZrr(__annotations__r)r+_jwt_global_objr2r\r{rrEr8r5rs" 992222==   -D>2677 7"$ 0A77(-.@%e.S(TIT',->sE-Q'R9R]]@'&   !11   r8