KidZddlmZddlmZmZmZddlmZm Z ddl m Z ddl m Z ddlmZddlmZdd lmZmZeeZGd d eZGd d e Zy)aAuth0 OAuth provider for FastMCP. This module provides a complete Auth0 integration that's ready to use with just the configuration URL, client ID, client secret, audience, and base URL. Example: ```python from fastmcp import FastMCP from fastmcp.server.auth.providers.auth0 import Auth0Provider # Simple Auth0 OAuth protection auth = Auth0Provider( config_url="https://auth0.config.url", client_id="your-auth0-client-id", client_secret="your-auth0-client-secret", audience="your-auth0-api-audience", base_url="http://localhost:8000", ) mcp = FastMCP("My Protected Server", auth=auth) ``` ) AsyncKeyValue) AnyHttpUrl SecretStrfield_validator) BaseSettingsSettingsConfigDict) OIDCProxy)ENV_FILE parse_scopes) get_logger)NotSetNotSetTc&eZdZUdZededZdZedze d<dZ e dze d<dZ e dze d<dZe dze d <dZedze d <dZedze d <dZe dze d <dZee dze d <dZee dze d<dZe dze d<ed dedZy)Auth0ProviderSettingsz!Settings for Auth0 OIDC provider.FASTMCP_SERVER_AUTH_AUTH0_ignore) env_prefixenv_fileextraN config_url client_id client_secretaudiencebase_url issuer_url redirect_pathrequired_scopesallowed_client_redirect_urisjwt_signing_keybefore)modect|S)Nr )clsvs o/home/jay/workspace/scripts/.codegraph-venv/lib/python3.12/site-packages/fastmcp/server/auth/providers/auth0.py _parse_scopesz#Auth0ProviderSettings._parse_scopes9sA)__name__ __module__ __qualname____doc__rr model_configrr__annotations__rstrrrrrrrrlistrr r classmethodr'r(r&rr%s+%/L %)J T!( IsTz &*M9t#*HcDj"&Hj4&$(J T!( $M3:$(,OT#Y%,59 $s)d"29"&OS4Z&&X67r(rceZdZdZeeeeeeeeededd deezezdeezdeezdeezd eezezd eezezd eeezd eezd eeezde dzdee zezde ddffdZ xZ S) Auth0ProvideraAn Auth0 provider implementation for FastMCP. This provider is a complete Auth0 integration that's ready to use with just the configuration URL, client ID, client secret, audience, and base URL. Example: ```python from fastmcp import FastMCP from fastmcp.server.auth.providers.auth0 import Auth0Provider # Simple Auth0 OAuth protection auth = Auth0Provider( config_url="https://auth0.config.url", client_id="your-auth0-client-id", client_secret="your-auth0-client-secret", audience="your-auth0-api-audience", base_url="http://localhost:8000", ) mcp = FastMCP("My Protected Server", auth=auth) ``` NT) rrrrrrrrrclient_storager require_authorization_consentrrrrrrrrrr5r r6returnc tj||||||||| | d jD cic]\} }|tur| |c}} }|js t d|j s t d|js t d|js t d|js t d|jxsdg}t|1|j|j |jj|j|j|j|j||j | |j"|  t$j'd |j |y cc}} w) aVInitialize Auth0 OAuth provider. Args: config_url: Auth0 config URL client_id: Auth0 application client id client_secret: Auth0 application client secret audience: Auth0 API audience base_url: Public URL where OAuth endpoints will be accessible (includes any mount path) issuer_url: Issuer URL for OAuth metadata (defaults to base_url). Use root-level URL to avoid 404s during discovery when mounting under a path. required_scopes: Required Auth0 scopes (defaults to ["openid"]) redirect_path: Redirect path configured in Auth0 application allowed_client_redirect_uris: List of allowed redirect URI patterns for MCP clients. If None (default), all URIs are allowed. If empty list, no URIs are allowed. client_storage: Storage backend for OAuth state (client registrations, encrypted tokens). If None, a DiskStore will be created in the data directory (derived from `platformdirs`). The disk store will be encrypted using a key derived from the JWT Signing Key. jwt_signing_key: Secret for signing FastMCP JWT tokens (any string or bytes). If bytes are provided, they will be used as is. If a string is provided, it will be derived into a 32-byte key. If not provided, the upstream client secret will be used to derive a 32-byte key using PBKDF2. require_authorization_consent: Whether to require user consent before authorizing clients (default True). When True, users see a consent screen before being redirected to Auth0. When False, authorization proceeds directly without user confirmation. SECURITY WARNING: Only disable for local development or testing environments. ) rrrrrrrrrr zRconfig_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CONFIG_URLzPclient_id is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_IDzXclient_secret is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_SECRETzNaudience is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_AUDIENCEzNbase_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_BASE_URLopenid) rrrrrrrrrr5r r6z>Initialized Auth0 OAuth provider for client %s with scopes: %sN)rmodel_validateitemsrr ValueErrorrrrrrsuper__init__get_secret_valuerrrr loggerdebug)selfrrrrrrrrrr5r r6kr%settingsauth0_required_scopes __class__s r&r>zAuth0Provider.__init__WsR)77#-!*%2 ( (",'6%24P'6 %' AqF?1  &""d !!b %%j   `   ` !) 8 8 FXJ **(("00AAC&&&&**"001)1)N)N)$44*G    L    ! y sE5 )r)r*r+r,rrr/rr0rbytesboolr> __classcell__)rFs@r&r4r4?s428#)'-"(/517/5'-rRsK.2;;>4%/03 H L4B IB r(