Ki' fddlZddlZddlZddlmZddlmZmZmZddl m Z m Z m Z m Z mZmZddlmZddlmZddlmZddlmZmZdd lmZmZmZdd lmZGd d e ZGd de Z Gddeeee ze dfZ!Gdde Z"GddeeZ#eGddZ$y)N) dataclass) AnnotatedAnyLiteral) AnyHttpUrlAnyUrl BaseModelField RootModelValidationError)Request)stringify_pydantic_error)PydanticJSONResponse)AuthenticationErrorClientAuthenticator) OAuthAuthorizationServerProvider TokenErrorTokenErrorCode) OAuthTokenceZdZUeded<eddZeed<eddZe dzed <eed <dZ edzed <edd Z eed <eddZ edzed<y)AuthorizationCodeRequestauthorization_code grant_type.zThe authorization code descriptioncodeNz7Must be the same as redirect URI provided in /authorize redirect_uri client_id client_secretzPKCE code verifier code_verifier Resource indicator for the tokenresource) __name__ __module__ __qualname__r__annotations__r rstrrrrr r"j/home/jay/workspace/scripts/.codegraph-venv/lib/python3.12/site-packages/mcp/server/auth/handlers/token.pyrrsq,--c'?@D#@"':s"tL&4-tN $M3:$s0DEM3E 3UVHcDjVr)rceZdZUeded<eddZeed<eddZedzed<eed <dZ edzed <edd Z edzed <y) RefreshTokenRequest refresh_tokenr.zThe refresh tokenrNzOptional scope parameterscoperrr!r") r#r$r%rr&r r-r'r.rr"r(r)r*r,r,s^((s0CDM3Dd0JKE3:KN $M3:$ 3UVHcDjVr)r,c6eZdZUeeezedfed<y) TokenRequestr discriminatorrootN)r#r$r%rrr,r r&r(r)r*r0r0+s'  #66 L) + r)r0rr1cDeZdZUdZeed<dZedzed<dZe dzed<y)TokenErrorResponsezG See https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 errorNerror_description error_uri) r#r$r%__doc__rr&r7r'r8rr(r)r*r5r59s- $(sTz(#'IzD 'r)r5ceZdZUeed<y)TokenSuccessResponser3N)r#r$r%rr&r(r)r*r;r;Cs  r)r;cLeZdZUeeeefed<eed<deezfdZ de fdZ y) TokenHandlerproviderclient_authenticatorobjcLd}t|trd}t||dddS)Nino-storeno-cachez Cache-ControlPragmacontent status_codeheaders) isinstancer5r)selfr@rIs r*responsezTokenHandler.responseOs5 c- .K##!+$  r)requestc K |jj|d{} |j d{}tjt|j}|j|jvr*|jt d d |jd S|xt d x\|j"j%||j&d{}||j(|j(k7r|jt d dS|j*t-j,kr|jt d dS|j.r |j0}nd}|j0t3|j0nd} | t3|nd} | | k7r|jt ddSt5j6|j8j;j=} t?j@| jCjEd} | |jFk7r|jt d dS |j"jI||d{} nMtPd xA\|j"jS||jTd{}||j(|j(k7r|jt d dS|j*r=|j*t-j,kr|jt d dS|jVr|jVjYdn |jZ}|D]2}||jZvs|jt dd|dcS |j"j]|||d{} n|jt_ S7#t$r0}tt d|j ddddcYd}~Sd}~wwxYw7#t$r/}|jt dt|cYd}~Sd}~wwxYw77#tJ$r:}|jt |jL|jNcYd}~Sd}~wwxYw77#tJ$r:}|jt |jL|jNcYd}~Sd}~wwxYww)Nunauthorized_client)r6r7irCrDrErGinvalid_requestunsupported_grant_typez2Unsupported grant type (supported grant types are )r( invalid_grantz!authorization code does not existzauthorization code has expiredz?redirect_uri did not match the one used when creating auth code=zincorrect code_verifierzrefresh token does not existzrefresh token has expired invalid_scopezcannot request scope `z` not provided by refresh token)r3)0r?authenticate_requestrrr5messageformr0model_validatedictr3r rMrr grant_typesrr>load_authorization_coderr expires_attime redirect_uri_provided_explicitlyrr'hashlibsha256r encodedigestbase64urlsafe_b64encodedecoderstripcode_challengeexchange_authorization_coderr6r7r,load_refresh_tokenr-r.splitscopesexchange_refresh_tokenr;)rLrN client_infoe form_data token_requestvalidation_error auth_codeauthorize_request_redirect_uritoken_redirect_strauth_redirect_strrchashed_code_verifiertokensr-rnr.s r*handlezTokenHandler.handle]s  $ 9 9 N Nw WWK %lln,I(77YHMMM  # #;+B+B B=="2)[\g\s\s[ttu'v +)+"&--"G"G UbUgUg"hh $ (;(;}?V?V(V==*"1.Q''$))+5==*"1.N==5>5K5K2592IVHbHbHnS)C)C%Dtx";Y;eC67ko"&)::==*"3/p! (C(C(J(J(LMTTV'-'?'?'G'N'N'P'W'WX['\$'9+C+CC==*"1.G #'==#L#L[Zc#ddFs,D%&&*mm&F&F{TaToTo&p p  (M,C,C}G^G^,^==*"1.L!++ 0H0H499;0V==*"1.I??eX" '*/&'ii %/(   - =="+&>?O&P  (ipe!==*"#''./.A.A!qBl!==*"#''./.A.As"TO3O0O3P2P/,P2(A:T"Q-#E>T"Q3Q0Q38T>R9?C T #T. R>R<R>T0O33 P,<%P'!P,"T'P,,T/P22 Q*;$Q%Q* T%Q**T0Q33 R6> T/S<6T7T<TTN) r#r$r%rrr&rr;r5rMr r{r(r)r*r=r=Js<.sC}==--  03EE  T@GT@r)r=)%rfrbr` dataclassesrtypingrrrpydanticrrr r r r starlette.requestsr mcp.server.auth.errorsrmcp.server.auth.json_responser&mcp.server.auth.middleware.client_authrrmcp.server.auth.providerrrrmcp.shared.authrrr,r0r5r;r=r(r)r*rs  !**UU&;>[aa& Wy W W) W   $': :  - /  ((9Z0 f@f@ f@r)