Ki1VddlmZddlZddlZddlmZddlmZddlZddl Z ddl m Z ddl m Z ddlmZddlmZmZdd lmZdd lmZmZmZdd lmZdd lmZdd lmZddlm Z m!Z!ddl"m#Z#ddl$m%Z%dgZ&e%e'Z(Gdde)Z* d ddZ+GddeZ,GddeZ-y)) annotationsN)AsyncGenerator)Any)PydanticAdapter) AsyncKeyValue) MemoryStore)OAuthClientProvider TokenStorage)McpHttpClientFactory)OAuthClientInformationFullOAuthClientMetadata OAuthToken) AnyHttpUrl)override)Server)OAuthCallbackResultcreate_oauth_callback_server)find_available_port) get_loggerOAuthceZdZdZy)ClientNotFoundErrorzARaised when OAuth client credentials are not found on the server.N)__name__ __module__ __qualname____doc__e/home/jay/workspace/scripts/.codegraph-venv/lib/python3.12/site-packages/fastmcp/client/auth/oauth.pyrr$sKrrcKtjdi|xsi4d{} |j|dd{}|jdvr dddd{yd|jvr dddd{y dddd{y7r7X7;77 #tj $rYdddd{7ywxYw#1d{7swYyxYww) z Check if the MCP endpoint requires authentication by making a test request. Returns: True if auth appears to be required, False otherwise Ng@)timeout)iiTzWWW-AuthenticateFr)httpx AsyncClientget status_codeheaders RequestError)mcp_url httpx_kwargsclientresponses rcheck_if_auth_requiredr,(s  8L$6B8F #ZZZ==H##z1"X%5%55> !! %  !sCBCCBBB CBC!B0 C;B<C C BCBCCCC0C1 C<B?=CCCC C CCceZdZUded<ded<ded<ded<dd Zdd Zdd Zdd Zedd Z eddZ eddZ eddZ y)TokenStorageAdapterstr _server_urlr_key_value_storezPydanticAdapter[OAuthToken]_storage_oauth_tokenz+PydanticAdapter[OAuthClientInformationFull]_storage_client_infoc||_||_ttd|td|_tt d|t d|_y)Nzmcp-oauth-tokenT)default_collection key_valuepydantic_modelraise_on_validation_errorzmcp-oauth-client-info)r0r1rrr2r r3)selfasync_key_value server_urls r__init__zTokenStorageAdapter.__init__LsQ% /$3J$?0%%&* % ! %44N$O6%5&* % !rc |jdS)Nz/tokensr0r9s r_get_token_cache_keyz(TokenStorageAdapter._get_token_cache_key\s""#7++rc |jdS)Nz /client_infor>r?s r_get_client_info_cache_keyz.TokenStorageAdapter._get_client_info_cache_key_s""#<00rcK|jj|jd{|jj|j d{y777wN)key)r2deleter@r3rBr?s rclearzTokenStorageAdapter.clearbs\''..43L3L3N.OOO''..43R3R3T.UUU PUs!.A,A(1A,"A*#A,*A,crK|jj|jd{S7wrD)r2r$r@r?s r get_tokenszTokenStorageAdapter.get_tokensfs/..22t7P7P7R2SSSS .757cxK|jj|j|dd{y7w)Ni3rEvaluettl)r2putr@)r9tokenss r set_tokenszTokenStorageAdapter.set_tokensjs= ''++))+",   s 0:8:crK|jj|jd{S7wrD)r3r$rBr?s rget_client_infoz#TokenStorageAdapter.get_client_infous:..22//13    rJcKd}|jr*|jttjz }|jj |j ||d{y7w)NrL)client_secret_expires_atinttimer3rOrB)r9 client_inforNs rset_client_infoz#TokenStorageAdapter.set_client_info{sd  / /66TYY[9IIC''++//1,   sA(A2*A0+A2N)r:rr;r/)returnr/rZNone)rZzOAuthToken | None)rPrrZr\)rZz!OAuthClientInformationFull | None)rXr rZr\) rrr__annotations__r<r@rBrGrrIrQrSrYrrrr.r.Fs##55EE ,1VTT        rr.c|eZdZdZ d dfd Zd fd Zd dZd dZ d fd ZxZ S) rz OAuth client provider for MCP servers with browser-based authentication. This class provides OAuth authentication for FastMCP clients by opening a browser for user authorization and running a local callback server. c :|jd}|xstj|_|xs t |_d|j d}t |trdj|} n| t|} nd} td|t|gddgd g| d |xsi} |xs t}t |trd d l m} | d dt|||_||_t$ |M|| |j |j(|j*y)al Initialize OAuth client provider for an MCP server. Args: mcp_url: Full URL to the MCP endpoint (e.g. "http://host/mcp/sse/") scopes: OAuth scopes to request. Can be a space-separated string or a list of strings. client_name: Name for this client during registration token_storage: An AsyncKeyValue-compatible token store, tokens are stored in memory if not provided additional_client_metadata: Extra fields for OAuthClientMetadata callback_port: Fixed port for OAuth callback (default: random available port) /zhttp://localhost:z /callback Nauthorization_code refresh_tokencode) client_name redirect_uris grant_typesresponse_typesscoper)warnzUsing in-memory token storage -- tokens will be lost when the client restarts. For persistent storage across multiple MCP servers, provide an encrypted AsyncKeyValue backend. See https://gofastmcp.com/clients/auth/oauth#token-storage for details.)message stacklevel)r:r;)r;client_metadatastorageredirect_handlercallback_handlerr)rstripr"r#httpx_client_factoryr redirect_port isinstancelistjoinr/r rrwarningsrkr.token_storage_adapterr(superr<rqrr) r9r(scopesrf token_storageadditional_client_metadata callback_portrt redirect_uri scopes_strrork __class__s rr<zOAuth.__init__s9...%%9$MEiH  fd #&)J  VJJ- #%l34-?"8  */R &6 m[ 1 % \  ;N)g; "   +..!22!22  rc Kt|d{|jjrQ|jjjr0|jj |jjyyy7lw)zBLoad stored tokens and client info, properly setting token expiry.N)r{ _initializecontextcurrent_tokens expires_inupdate_token_expiry)r9rs rrzOAuth._initializeseg!### << & &4<<+F+F+Q+Q LL , ,T\\-H-H I,R & $sBBA-BcK|j4d{}|j|dd{}|jdk(r td|jdvrt d|jdddd{t j d|tj|y7776#1d{7swYFxYww) zIOpen browser for authorization, with pre-flight check for invalid client.NF)follow_redirectsiz8OAuth client not found - cached credentials may be stale)i.i/i3i4z#Unexpected authorization response: zOAuth authorization URL: ) rtr$r%r RuntimeErrorloggerinfo webbrowseropen)r9authorization_urlr*r+s rrqzOAuth.redirect_handlers,,.  &#ZZ(9EZRRH##s*)N ##+DD"9(:N:N9OP    /0A/BCD)*! R    sUCB5CB;B7AB;7 CB93C7B;9C;C C C  CcKt}tj}t|j|j ||}tj 4d{}|j|jtjd|jd} tj|5|jd{|jr |j|j|jfcdddd|_tj"dd{|j$j'cdddd{S77747 #1swYnxYwn!#t($r}t)d|d|d}~wwxYw d|_tj"dd{7|j$j'nD#d|_tj"dd{7|j$j'wxYwdddd{7t+d #1d{7swYt+d xYww) z4Handle OAuth callback and return (auth_code, state).)portr;result_container result_readyNu7🎧 OAuth callback server started on http://localhost:gr@Tg?zOAuth callback timed out after z secondsz+OAuth callback handler could not be started)ranyioEventrrur(create_task_group start_soonserverr fail_afterwaiterrorrestate should_exitsleep cancel_scopecancel TimeoutErrorr)r9resultrservertgTIMEOUTes rrrzOAuth.callback_handlers%&{{} 6##||#%  **, ) ) MM&,, ' KKI$J\J\I]^ G )%%g.5&++---||$ll*!;; 4 55&*"kk#&&&&&() ) ) ).'' )555   "5gYhG  5&*"kk#&&&&&(&*"kk#&&&&&() ) ) ),HII- ) ) ),HIIsAI EI  AH.!E,6E E 3E> E,H.&E'H. I EI EH.I E( $E,+G, F 5FF  GH.-F0. H. H.G1 / HH. I H I .I 4H7 5I <I cK t||}d} |j|d{}|} 7 #t$rYywxYw#t$rt j dd|_|jjd{7t||}d} |j|d{7}|}n#t$rYYywxYw2wxYww)zHTTPX auth flow with automatic retry on stale cached credentials. If the OAuth flow fails due to invalid/stale client credentials, clears the cache and retries once with fresh registration. Nz@OAuth client not found on server, clearing cache and retrying...F) r{async_auth_flowasendStopAsyncIterationrrdebug _initializedrzrG)r9requestgenr+yielded_requestrs rrzOAuth.async_auth_flow$s ')'2CH,/IIh,?&?O%44H '@)#  LLR !&D ,,224 4 4')'2CH,/IIh,?&?&?O%44H)  sCA97 9A9 AACAAAC B  C#C7B:8 CC C C CCCC)NzFastMCP ClientNNNN)r(r/r|zstr | list[str] | Nonerfr/r}zAsyncKeyValue | Noner~dict[str, Any] | Nonerz int | NonertzMcpHttpClientFactory | Noner[)rr/rZr\)rZztuple[str, str | None])rz httpx.RequestrZz-AsyncGenerator[httpx.Request, httpx.Response]) rrrrr<rrqrrr __classcell__)rs@rrrs*.+.2<@$(<@L L 'L  L , L %: L "L :L \J+*%JN$$$ 6$$r)N)r(r/r)rrZbool). __future__rrWrcollections.abcrtypingrrr"key_value.aio.adapters.pydanticrkey_value.aio.protocolsrkey_value.aio.stores.memoryrmcp.client.authr r mcp.shared._httpx_utilsr mcp.shared.authr r rpydanticrtyping_extensionsruvicorn.serverrfastmcp.client.oauth_callbackrrfastmcp.utilities.httprfastmcp.utilities.loggingr__all__rr Exceptionrr,r.rrrrrs" * ;13=8  &!70 ) H L)L 9=  5 <@ ,@ F r