1#------------------------------------------------------------------------------ 2# 3# Copyright (c) Microsoft Corporation. 4# All rights reserved. 5# 6# This code is licensed under the MIT License. 7# 8# Permission is hereby granted, free of charge, to any person obtaining a copy 9# of this software and associated documentation files(the "Software"), to deal 10# in the Software without restriction, including without limitation the rights 11# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell 12# copies of the Software, and to permit persons to whom the Software is 13# furnished to do so, subject to the following conditions : 14# 15# The above copyright notice and this permission notice shall be included in 16# all copies or substantial portions of the Software. 17# 18# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE 21# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24# THE SOFTWARE. 25# 26#------------------------------------------------------------------------------ 27# pylint: disable=too-few-public-methods,old-style-class,no-init 28 29class Errors: 30 # Constants 31 ERROR_VALUE_NONE = '{} should not be None.' 32 ERROR_VALUE_EMPTY_STRING = '{} should not be "".' 33 ERROR_RESPONSE_MALFORMED_XML = 'The provided response string is not well formed XML.' 34 35class OAuth2Parameters(object): 36 37 GRANT_TYPE = 'grant_type' 38 CLIENT_ASSERTION = 'client_assertion' 39 CLIENT_ASSERTION_TYPE = 'client_assertion_type' 40 CLIENT_ID = 'client_id' 41 CLIENT_SECRET = 'client_secret' 42 REDIRECT_URI = 'redirect_uri' 43 RESOURCE = 'resource' 44 CODE = 'code' 45 CODE_VERIFIER = 'code_verifier' 46 SCOPE = 'scope' 47 ASSERTION = 'assertion' 48 AAD_API_VERSION = 'api-version' 49 USERNAME = 'username' 50 PASSWORD = 'password' 51 REFRESH_TOKEN = 'refresh_token' 52 LANGUAGE = 'mkt' 53 DEVICE_CODE = 'device_code' 54 55class OAuth2GrantType(object): 56 57 AUTHORIZATION_CODE = 'authorization_code' 58 REFRESH_TOKEN = 'refresh_token' 59 CLIENT_CREDENTIALS = 'client_credentials' 60 JWT_BEARER = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' 61 PASSWORD = 'password' 62 SAML1 = 'urn:ietf:params:oauth:grant-type:saml1_1-bearer' 63 SAML2 = 'urn:ietf:params:oauth:grant-type:saml2-bearer' 64 DEVICE_CODE = 'device_code' 65 66 67class OAuth2ResponseParameters(object): 68 69 CODE = 'code' 70 TOKEN_TYPE = 'token_type' 71 ACCESS_TOKEN = 'access_token' 72 ID_TOKEN = 'id_token' 73 REFRESH_TOKEN = 'refresh_token' 74 CREATED_ON = 'created_on' 75 EXPIRES_ON = 'expires_on' 76 EXPIRES_IN = 'expires_in' 77 RESOURCE = 'resource' 78 ERROR = 'error' 79 ERROR_DESCRIPTION = 'error_description' 80 81class OAuth2DeviceCodeResponseParameters: 82 USER_CODE = 'user_code' 83 DEVICE_CODE = 'device_code' 84 VERIFICATION_URL = 'verification_url' 85 EXPIRES_IN = 'expires_in' 86 INTERVAL = 'interval' 87 MESSAGE = 'message' 88 ERROR = 'error' 89 ERROR_DESCRIPTION = 'error_description' 90 91class OAuth2Scope(object): 92 93 OPENID = 'openid' 94 95 96class OAuth2(object): 97 98 Parameters = OAuth2Parameters() 99 GrantType = OAuth2GrantType() 100 ResponseParameters = OAuth2ResponseParameters() 101 DeviceCodeResponseParameters = OAuth2DeviceCodeResponseParameters() 102 Scope = OAuth2Scope() 103 IdTokenMap = { 104 'tid' : 'tenantId', 105 'given_name' : 'givenName', 106 'family_name' : 'familyName', 107 'idp' : 'identityProvider', 108 'oid' : 'oid' 109 } 110 111 112class TokenResponseFields(object): 113 114 TOKEN_TYPE = 'tokenType' 115 ACCESS_TOKEN = 'accessToken' 116 REFRESH_TOKEN = 'refreshToken' 117 CREATED_ON = 'createdOn' 118 EXPIRES_ON = 'expiresOn' 119 EXPIRES_IN = 'expiresIn' 120 RESOURCE = 'resource' 121 USER_ID = 'userId' 122 ERROR = 'error' 123 ERROR_DESCRIPTION = 'errorDescription' 124 125 # not from the wire, but amends for token cache 126 _AUTHORITY = '_authority' 127 _CLIENT_ID = '_clientId' 128 IS_MRRT = 'isMRRT' 129 130 131class IdTokenFields(object): 132 133 USER_ID = 'userId' 134 IS_USER_ID_DISPLAYABLE = 'isUserIdDisplayable' 135 TENANT_ID = 'tenantId' 136 GIVE_NAME = 'givenName' 137 FAMILY_NAME = 'familyName' 138 IDENTITY_PROVIDER = 'identityProvider' 139 140class Misc(object): 141 142 MAX_DATE = 0xffffffff 143 CLOCK_BUFFER = 5 # In minutes. 144 145 146class Jwt(object): 147 148 SELF_SIGNED_JWT_LIFETIME = 10 # 10 mins in mins 149 AUDIENCE = 'aud' 150 ISSUER = 'iss' 151 SUBJECT = 'sub' 152 NOT_BEFORE = 'nbf' 153 EXPIRES_ON = 'exp' 154 JWT_ID = 'jti' 155 156 157class UserRealm(object): 158 159 federation_protocol_type = { 160 'WSFederation' : 'wstrust', 161 'SAML2' : 'saml20', 162 'Unknown' : 'unknown' 163 } 164 165 account_type = { 166 'Federated' : 'federated', 167 'Managed' : 'managed', 168 'Unknown' : 'unknown' 169 } 170 171 172class Saml(object): 173 174 TokenTypeV1 = 'urn:oasis:names:tc:SAML:1.0:assertion' 175 TokenTypeV2 = 'urn:oasis:names:tc:SAML:2.0:assertion' 176 OasisWssSaml11TokenProfile11 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" 177 OasisWssSaml2TokenProfile2 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" 178 179 180class XmlNamespaces(object): 181 namespaces = { 182 'wsdl' :'http://schemas.xmlsoap.org/wsdl/', 183 'sp' :'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702', 184 'sp2005' :'http://schemas.xmlsoap.org/ws/2005/07/securitypolicy', 185 'wsu' :'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd', 186 'wsa10' :'http://www.w3.org/2005/08/addressing', 187 'http' :'http://schemas.microsoft.com/ws/06/2004/policy/http', 188 'soap12' :'http://schemas.xmlsoap.org/wsdl/soap12/', 189 'wsp' :'http://schemas.xmlsoap.org/ws/2004/09/policy', 190 's' :'http://www.w3.org/2003/05/soap-envelope', 191 'wsa' :'http://www.w3.org/2005/08/addressing', 192 'wst' :'http://docs.oasis-open.org/ws-sx/ws-trust/200512', 193 'trust' : "http://docs.oasis-open.org/ws-sx/ws-trust/200512", 194 'saml' : "urn:oasis:names:tc:SAML:1.0:assertion", 195 't' : 'http://schemas.xmlsoap.org/ws/2005/02/trust' 196 } 197 198 199class Cache(object): 200 201 HASH_ALGORITHM = 'sha256' 202 203 204class HttpError(object): 205 206 UNAUTHORIZED = 401 207 208 209class AADConstants(object): 210 211 WORLD_WIDE_AUTHORITY = 'login.microsoftonline.com' 212 WELL_KNOWN_AUTHORITY_HOSTS = [ 213 'login.windows.net', 214 'login.microsoftonline.com', 215 'login.chinacloudapi.cn', 216 'login.microsoftonline.us', 217 'login.microsoftonline.de', 218 ] 219 INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = 'https://{authorize_host}/common/discovery/instance?authorization_endpoint={authorize_endpoint}&api-version=1.0' # pylint: disable=invalid-name 220 AUTHORIZE_ENDPOINT_PATH = '/oauth2/authorize' 221 TOKEN_ENDPOINT_PATH = '/oauth2/token' 222 DEVICE_ENDPOINT_PATH = '/oauth2/devicecode' 223 224 225class AdalIdParameters(object): 226 227 SKU = 'x-client-SKU' 228 VERSION = 'x-client-Ver' 229 OS = 'x-client-OS' # pylint: disable=invalid-name 230 CPU = 'x-client-CPU' 231 PYTHON_SKU = 'Python' 232 233class WSTrustVersion(object): 234 UNDEFINED = 'undefined' 235 WSTRUST13 = 'wstrust13' 236 WSTRUST2005 = 'wstrust2005' 237 238