| 143 | |
| 144 | |
| 145 | def build_metadata( |
| 146 | issuer_url: AnyHttpUrl, |
| 147 | service_documentation_url: AnyHttpUrl | None, |
| 148 | client_registration_options: ClientRegistrationOptions, |
| 149 | revocation_options: RevocationOptions, |
| 150 | ) -> OAuthMetadata: |
| 151 | authorization_url = AnyHttpUrl(str(issuer_url).rstrip("/") + AUTHORIZATION_PATH) |
| 152 | token_url = AnyHttpUrl(str(issuer_url).rstrip("/") + TOKEN_PATH) |
| 153 | |
| 154 | # Create metadata |
| 155 | metadata = OAuthMetadata( |
| 156 | issuer=issuer_url, |
| 157 | authorization_endpoint=authorization_url, |
| 158 | token_endpoint=token_url, |
| 159 | scopes_supported=client_registration_options.valid_scopes, |
| 160 | response_types_supported=["code"], |
| 161 | response_modes_supported=None, |
| 162 | grant_types_supported=["authorization_code", "refresh_token"], |
| 163 | token_endpoint_auth_methods_supported=["client_secret_post", "client_secret_basic"], |
| 164 | token_endpoint_auth_signing_alg_values_supported=None, |
| 165 | service_documentation=service_documentation_url, |
| 166 | ui_locales_supported=None, |
| 167 | op_policy_uri=None, |
| 168 | op_tos_uri=None, |
| 169 | introspection_endpoint=None, |
| 170 | code_challenge_methods_supported=["S256"], |
| 171 | ) |
| 172 | |
| 173 | # Add registration endpoint if supported |
| 174 | if client_registration_options.enabled: # pragma: no branch |
| 175 | metadata.registration_endpoint = AnyHttpUrl(str(issuer_url).rstrip("/") + REGISTRATION_PATH) |
| 176 | |
| 177 | # Add revocation endpoint if supported |
| 178 | if revocation_options.enabled: # pragma: no branch |
| 179 | metadata.revocation_endpoint = AnyHttpUrl(str(issuer_url).rstrip("/") + REVOCATION_PATH) |
| 180 | metadata.revocation_endpoint_auth_methods_supported = ["client_secret_post", "client_secret_basic"] |
| 181 | |
| 182 | return metadata |
| 183 | |
| 184 | |
| 185 | def build_resource_metadata_url(resource_server_url: AnyHttpUrl) -> AnyHttpUrl: |