KisddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z GddeZGd d Zy) N)Any)unquote)Request) OAuthAuthorizationServerProvider)OAuthClientInformationFullceZdZdefdZy)AuthenticationErrormessagec||_y)N)r )selfr s r/home/jay/workspace/scripts/.codegraph-venv/lib/python3.12/site-packages/mcp/server/auth/middleware/client_auth.py__init__zAuthenticationError.__init__s  N)__name__ __module__ __qualname__strrrr r r srr c8eZdZdZdeeeeffdZdedefdZ y)ClientAuthenticatora ClientAuthenticator is a callable which validates requests from a client application, used to verify /token calls. If, during registration, the client requested to be issued a secret, the authenticator asserts that /token calls must be authenticated with that same token. NOTE: clients can opt for no authentication during registration, in which case this logic is skipped. providerc||_y)zx Initialize the dependency. Args: provider: Provider to look up client information N)r)r rs r rzClientAuthenticator.__init__s ! rrequestreturncK|jd{}|jd}|s td|jj t |d{}|s tdd}|j jdd}|jdk(r|jds td  |d d}tj|jd }d |vr td |jd d\} }t| } t|}| |k7r tdnf|jdk(r-|jd} t%| t r6t | }n*|jdk(rd}ntd|j|j&r|s tdt)j*|j&j-|j-s td|j.r5|j.t1t3j2kr td|S7#7#ttt j"f$r tdwxYww)a Authenticate a client from an HTTP request. Extracts client credentials from the appropriate location based on the client's registered authentication method and validates them. Args: request: The HTTP request containing client credentials Returns: The authenticated client information Raises: AuthenticationError: If authentication fails N client_idzMissing client_idzInvalid client_id Authorizationclient_secret_basiczBasic z?Missing or invalid Basic authentication in Authorization headerzutf-8:zInvalid Basic auth formatz Client ID mismatch in Basic authz#Invalid Basic authentication headerclient_secret_post client_secretnonezUnsupported auth method: zClient secret is requiredzInvalid client_secretzClient secret has expired)formgetr r get_clientrheaderstoken_endpoint_auth_method startswithbase64 b64decodedecode ValueErrorsplitrUnicodeDecodeErrorbinasciiError isinstancer$hmaccompare_digestencodeclient_secret_expires_atinttime) r r form_datarclientrequest_client_secret auth_headerencoded_credentialsdecodedbasic_client_id raw_form_datas r authenticate_requestz(ClientAuthenticator.authenticate_request'sP ",,.( MM+. %&9: :}}//I??%&9: :,0oo))/2>  , ,0E E))(3)*kll Q&1!"o# **+>?FFwOg%$%@AA9@sA9N6!6#*/":(/0E(F%"i/-.PQQ0  . .2F F%MM/:M--(+M(:%  . .& 8$( !%+F,M,M+NO    ()*EFF &&v';';'B'B'DF[FbFbFde)*ABB..63R3RUXY]YbYbYdUe3e)*EFF y) @0 2HNNC Q)*OPP Qs=I,H9A I, H<!AI,XLrr)r,r2r5r:typingr urllib.parserstarlette.requestsrmcp.server.auth.providerrmcp.shared.authr Exceptionr rrrr rKs8   &E6) ``r