1#------------------------------------------------------------------------------
2#
3# Copyright (c) Microsoft Corporation.
4# All rights reserved.
5#
6# This code is licensed under the MIT License.
7#
8# Permission is hereby granted, free of charge, to any person obtaining a copy
9# of this software and associated documentation files(the "Software"), to deal
10# in the Software without restriction, including without limitation the rights
11# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
12# copies of the Software, and to permit persons to whom the Software is
13# furnished to do so, subject to the following conditions :
14#
15# The above copyright notice and this permission notice shall be included in
16# all copies or substantial portions of the Software.
17#
18# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
21# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24# THE SOFTWARE.
25#
26#------------------------------------------------------------------------------
27# pylint: disable=too-few-public-methods,old-style-class,no-init
28
29class Errors:
30    # Constants
31    ERROR_VALUE_NONE = '{} should not be None.'
32    ERROR_VALUE_EMPTY_STRING = '{} should not be "".'
33    ERROR_RESPONSE_MALFORMED_XML = 'The provided response string is not well formed XML.'
34
35class OAuth2Parameters(object):
36
37    GRANT_TYPE = 'grant_type'
38    CLIENT_ASSERTION = 'client_assertion'
39    CLIENT_ASSERTION_TYPE = 'client_assertion_type'
40    CLIENT_ID = 'client_id'
41    CLIENT_SECRET = 'client_secret'
42    REDIRECT_URI = 'redirect_uri'
43    RESOURCE = 'resource'
44    CODE = 'code'
45    CODE_VERIFIER = 'code_verifier'
46    SCOPE = 'scope'
47    ASSERTION = 'assertion'
48    AAD_API_VERSION = 'api-version'
49    USERNAME = 'username'
50    PASSWORD = 'password'
51    REFRESH_TOKEN = 'refresh_token'
52    LANGUAGE = 'mkt'
53    DEVICE_CODE = 'device_code'
54
55class OAuth2GrantType(object):
56
57    AUTHORIZATION_CODE = 'authorization_code'
58    REFRESH_TOKEN = 'refresh_token'
59    CLIENT_CREDENTIALS = 'client_credentials'
60    JWT_BEARER = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
61    PASSWORD = 'password'
62    SAML1 = 'urn:ietf:params:oauth:grant-type:saml1_1-bearer'
63    SAML2 = 'urn:ietf:params:oauth:grant-type:saml2-bearer'
64    DEVICE_CODE = 'device_code'
65
66
67class OAuth2ResponseParameters(object):
68
69    CODE = 'code'
70    TOKEN_TYPE = 'token_type'
71    ACCESS_TOKEN = 'access_token'
72    ID_TOKEN = 'id_token'
73    REFRESH_TOKEN = 'refresh_token'
74    CREATED_ON = 'created_on'
75    EXPIRES_ON = 'expires_on'
76    EXPIRES_IN = 'expires_in'
77    RESOURCE = 'resource'
78    ERROR = 'error'
79    ERROR_DESCRIPTION = 'error_description'
80
81class OAuth2DeviceCodeResponseParameters:
82    USER_CODE = 'user_code'
83    DEVICE_CODE = 'device_code'
84    VERIFICATION_URL = 'verification_url'
85    EXPIRES_IN = 'expires_in'
86    INTERVAL = 'interval'
87    MESSAGE = 'message'
88    ERROR = 'error'
89    ERROR_DESCRIPTION = 'error_description'
90
91class OAuth2Scope(object):
92
93    OPENID = 'openid'
94
95
96class OAuth2(object):
97
98    Parameters = OAuth2Parameters()
99    GrantType = OAuth2GrantType()
100    ResponseParameters = OAuth2ResponseParameters()
101    DeviceCodeResponseParameters = OAuth2DeviceCodeResponseParameters()
102    Scope = OAuth2Scope()
103    IdTokenMap = {
104        'tid' : 'tenantId',
105        'given_name' : 'givenName',
106        'family_name' : 'familyName',
107        'idp' : 'identityProvider',
108        'oid' : 'oid'
109        }
110
111
112class TokenResponseFields(object):
113
114    TOKEN_TYPE = 'tokenType'
115    ACCESS_TOKEN = 'accessToken'
116    REFRESH_TOKEN = 'refreshToken'
117    CREATED_ON = 'createdOn'
118    EXPIRES_ON = 'expiresOn'
119    EXPIRES_IN = 'expiresIn'
120    RESOURCE = 'resource'
121    USER_ID = 'userId'
122    ERROR = 'error'
123    ERROR_DESCRIPTION = 'errorDescription'
124
125    # not from the wire, but amends for token cache
126    _AUTHORITY = '_authority'
127    _CLIENT_ID = '_clientId'
128    IS_MRRT = 'isMRRT'
129
130
131class IdTokenFields(object):
132
133    USER_ID = 'userId'
134    IS_USER_ID_DISPLAYABLE = 'isUserIdDisplayable'
135    TENANT_ID = 'tenantId'
136    GIVE_NAME = 'givenName'
137    FAMILY_NAME = 'familyName'
138    IDENTITY_PROVIDER = 'identityProvider'
139
140class Misc(object):
141
142    MAX_DATE = 0xffffffff
143    CLOCK_BUFFER = 5 # In minutes.
144
145
146class Jwt(object):
147
148    SELF_SIGNED_JWT_LIFETIME = 10 # 10 mins in mins
149    AUDIENCE = 'aud'
150    ISSUER = 'iss'
151    SUBJECT = 'sub'
152    NOT_BEFORE = 'nbf'
153    EXPIRES_ON = 'exp'
154    JWT_ID = 'jti'
155
156
157class UserRealm(object):
158
159    federation_protocol_type = {
160        'WSFederation' : 'wstrust',
161        'SAML2' : 'saml20',
162        'Unknown' : 'unknown'
163    }
164
165    account_type = {
166        'Federated' : 'federated',
167        'Managed' : 'managed',
168        'Unknown' : 'unknown'
169    }
170
171
172class Saml(object):
173
174    TokenTypeV1 = 'urn:oasis:names:tc:SAML:1.0:assertion'
175    TokenTypeV2 = 'urn:oasis:names:tc:SAML:2.0:assertion'
176    OasisWssSaml11TokenProfile11 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
177    OasisWssSaml2TokenProfile2 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
178
179
180class XmlNamespaces(object):
181    namespaces = {
182        'wsdl'   :'http://schemas.xmlsoap.org/wsdl/',
183        'sp'     :'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702',
184        'sp2005' :'http://schemas.xmlsoap.org/ws/2005/07/securitypolicy',
185        'wsu'    :'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd',
186        'wsa10'  :'http://www.w3.org/2005/08/addressing',
187        'http'   :'http://schemas.microsoft.com/ws/06/2004/policy/http',
188        'soap12' :'http://schemas.xmlsoap.org/wsdl/soap12/',
189        'wsp'    :'http://schemas.xmlsoap.org/ws/2004/09/policy',
190        's'      :'http://www.w3.org/2003/05/soap-envelope',
191        'wsa'    :'http://www.w3.org/2005/08/addressing',
192        'wst'    :'http://docs.oasis-open.org/ws-sx/ws-trust/200512',
193        'trust'  : "http://docs.oasis-open.org/ws-sx/ws-trust/200512",
194        'saml'   : "urn:oasis:names:tc:SAML:1.0:assertion",
195        't'      : 'http://schemas.xmlsoap.org/ws/2005/02/trust'
196    }
197
198
199class Cache(object):
200
201    HASH_ALGORITHM = 'sha256'
202
203
204class HttpError(object):
205
206    UNAUTHORIZED = 401
207
208
209class AADConstants(object):
210
211    WORLD_WIDE_AUTHORITY = 'login.microsoftonline.com'
212    WELL_KNOWN_AUTHORITY_HOSTS = [
213        'login.windows.net',
214        'login.microsoftonline.com',
215        'login.chinacloudapi.cn',
216        'login.microsoftonline.us',
217        'login.microsoftonline.de',
218        ]
219    INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = 'https://{authorize_host}/common/discovery/instance?authorization_endpoint={authorize_endpoint}&api-version=1.0' # pylint: disable=invalid-name
220    AUTHORIZE_ENDPOINT_PATH = '/oauth2/authorize'
221    TOKEN_ENDPOINT_PATH = '/oauth2/token'
222    DEVICE_ENDPOINT_PATH = '/oauth2/devicecode'
223
224
225class AdalIdParameters(object):
226
227    SKU = 'x-client-SKU'
228    VERSION = 'x-client-Ver'
229    OS = 'x-client-OS'  # pylint: disable=invalid-name
230    CPU = 'x-client-CPU'
231    PYTHON_SKU = 'Python'
232
233class WSTrustVersion(object):
234    UNDEFINED = 'undefined'
235    WSTRUST13 = 'wstrust13'
236    WSTRUST2005 = 'wstrust2005'
237
238