o i0@s@ddlmZddlZddlZddlmZddlmZddlm Z ddl Z ddl Z ddl m Z ddlmZddlmZdd lmZmZdd lmZdd lmZmZmZdd lmZdd lmZddlm Z ddl!m"Z"m#Z#ddl$m%Z%ddl&m'Z'dgZ(e'e)Z*Gddde+Z, d d!ddZ-GdddeZ.GdddeZ/dS)") annotationsN)AsyncGenerator)Any)urlparse)PydanticAdapter) AsyncKeyValue) MemoryStore)OAuthClientProvider TokenStorage)McpHttpClientFactory)OAuthClientInformationFullOAuthClientMetadata OAuthToken) AnyHttpUrl)override)Server)OAuthCallbackResultcreate_oauth_callback_server)find_available_port) get_loggerOAuthc@seZdZdZdS)ClientNotFoundErrorzARaised when OAuth client credentials are not found on the server.N)__name__ __module__ __qualname____doc__rr_/var/www/html/karishye-ai-python/venv/lib/python3.10/site-packages/fastmcp/client/auth/oauth.pyr%srmcp_urlstr httpx_kwargsdict[str, Any] | Nonereturnboolc stjdi|pi4IdHN}z8|j|ddIdH}|jdvr,WWdIdHdSd|jvr=WWdIdHdSWWdIdHdStjy\YWdIdHdSw1IdHscwYdS) z Check if the MCP endpoint requires authentication by making a test request. Returns: True if auth appears to be required, False otherwise Ng@)timeout)iiTzWWW-AuthenticateFr)httpx AsyncClientget status_codeheaders RequestError)rr clientresponserrrcheck_if_auth_required)s"   r-c@seZdZUded<ded<ded<ded<d$d d Zd%ddZd%ddZd&ddZed'ddZ ed(ddZ ed)ddZ ed*d!d"Z d#S)+TokenStorageAdapterr _server_urlr_key_value_storezPydanticAdapter[OAuthToken]_storage_oauth_tokenz+PydanticAdapter[OAuthClientInformationFull]_storage_client_infoasync_key_value server_urlcCs<||_||_ttd|tdd|_ttd|tdd|_dS)Nzmcp-oauth-tokenT)default_collection key_valuepydantic_modelraise_on_validation_errorzmcp-oauth-client-info)r/r0rrr1r r2)selfr3r4rrr__init__Ms zTokenStorageAdapter.__init__r"cC |jdS)Nz/tokensr/r9rrr_get_token_cache_key] z(TokenStorageAdapter._get_token_cache_keycCr;)Nz /client_infor<r=rrr_get_client_info_cache_key`r?z.TokenStorageAdapter._get_client_info_cache_keyNonecs6|jj|dIdH|jj|dIdHdSN)key)r1deleter>r2r@r=rrrclearcszTokenStorageAdapter.clearOAuthToken | Nonec|jj|dIdHSrB)r1r'r>r=rrr get_tokensgszTokenStorageAdapter.get_tokenstokensrcs$|jj|||jdIdHdSN)rCvaluettl)r1putr> expires_in)r9rIrrr set_tokensks zTokenStorageAdapter.set_tokens!OAuthClientInformationFull | NonecrGrB)r2r'r@r=rrrget_client_infoss z#TokenStorageAdapter.get_client_info client_infor cs>d}|jr|jtt}|jj|||dIdHdSrJ)client_secret_expires_atinttimer2rMr@)r9rRrLrrrset_client_infoysz#TokenStorageAdapter.set_client_infoN)r3rr4r)r"rr"rA)r"rF)rIrr"rA)r"rP)rRr r"rA) rrr__annotations__r:r>r@rErrHrOrQrVrrrrr.Gs"        r.cs`eZdZdZ      d"d#fdd Zd$fdd Zd%ddZd&ddZd'fd d! ZZ S)(rz OAuth client provider for MCP servers with browser-based authentication. This class provides OAuth authentication for FastMCP clients by opening a browser for user authorization and running a local callback server. NFastMCP Clientrrscopesstr | list[str] | None client_name token_storageAsyncKeyValue | Noneadditional_client_metadatar! callback_port int | Nonehttpx_client_factoryMcpHttpClientFactory | Nonecst|}|jd|j} |ptj|_|pt|_d|jd} t|t r+d |} n |dur4t |} nd} t d|t | gddgd g| d |pHi} |pOt}t|trad d lm} | d ddt|| d|_| |_tj| | |j|j|jddS)al Initialize OAuth client provider for an MCP server. Args: mcp_url: Full URL to the MCP endpoint (e.g. "http://host/mcp/sse/") scopes: OAuth scopes to request. Can be a space-separated string or a list of strings. client_name: Name for this client during registration token_storage: An AsyncKeyValue-compatible token store, tokens are stored in memory if not provided additional_client_metadata: Extra fields for OAuthClientMetadata callback_port: Fixed port for OAuth callback (default: random available port) z://zhttp://localhost:z /callback Nauthorization_code refresh_tokencode)r\ redirect_uris grant_typesresponse_typesscoper)warnzUsing in-memory token storage -- tokens will be lost when the client restarts. For persistent storage across multiple MCP servers, provide an encrypted AsyncKeyValue backend. See https://gofastmcp.com/clients/auth/oauth#token-storage for details.)message stacklevel)r3r4)r4client_metadatastorageredirect_handlercallback_handlerr)rschemenetlocr%r&rbr redirect_port isinstancelistjoinrr rrwarningsrmr.token_storage_adapterserver_base_urlsuperr:rsrt)r9rrZr\r]r_r`rb parsed_urlr} redirect_uri scopes_strrqrm __class__rrr:sJ        zOAuth.__init__r"rAcs@tIdH|jjr|jjjr|j|jjdSdSdS)zBLoad stored tokens and client info, properly setting token expiry.N)r~ _initializecontextcurrent_tokensrNupdate_token_expiryr=rrrrs zOAuth._initializeauthorization_urlc s|4IdH+}|j|ddIdH}|jdkrtd|jdvr*td|jWdIdHn 1IdHs:wYtd|t|dS) zIOpen browser for authorization, with pre-flight check for invalid client.NF)follow_redirectsiz8OAuth client not found - cached credentials may be stale)i.i/i3i4z#Unexpected authorization response: zOAuth authorization URL: ) rbr'r(r RuntimeErrorloggerinfo webbrowseropen)r9rr+r,rrrrss   (zOAuth.redirect_handlertuple[str, str | None]c st}t}t|j|j||d}t4IdH}||jt d|jd}znzFt |7| IdH|j rA|j |j|jfWdWWd|_tdIdH|jWdIdHS1smwYWnty}z td|d|d}~wwWd|_tdIdH|jnd|_tdIdH|jwWdIdHtd 1IdHswYtd ) z4Handle OAuth callback and return (auth_code, state).)portr4result_container result_readyNu7🎧 OAuth callback server started on http://localhost:gr@Tg?zOAuth callback timed out after z secondsz+OAuth callback handler could not be started)ranyioEventrrwr}create_task_group start_soonserverr fail_afterwaiterrorrhstate should_exitsleep cancel_scopecancel TimeoutErrorr)r9resultrservertgTIMEOUTerrrrts\         zOAuth.callback_handlerrequest httpx.Request-AsyncGenerator[httpx.Request, httpx.Response]c sz#t|}d} z ||IdH}|V}Wn ty#YWdSwq ty^tdd|_|j IdHt|}d} z ||IdH}|V}Wn ty\YYdSwqDw)zHTTPX auth flow with automatic retry on stale cached credentials. If the OAuth flow fails due to invalid/stale client credentials, clears the cache and retries once with fresh registration. NTz@OAuth client not found on server, clearing cache and retrying...F) r~async_auth_flowasendStopAsyncIterationrrdebug _initializedr|rE)r9rgenr,yielded_requestrrrr!s:       zOAuth.async_auth_flow)NrYNNNN)rrrZr[r\rr]r^r_r!r`rarbrcrW)rrr"rA)r"r)rrr"r) rrrrr:rrsrtr __classcell__rrrrrs M ')N)rrr r!r"r#)0 __future__rrUrcollections.abcrtypingr urllib.parserrr%key_value.aio.adapters.pydanticrkey_value.aio.protocolsrkey_value.aio.stores.memoryrmcp.client.authr r mcp.shared._httpx_utilsr mcp.shared.authr r rpydanticrtyping_extensionsruvicorn.serverrfastmcp.client.oauth_callbackrrfastmcp.utilities.httprfastmcp.utilities.loggingr__all__rr Exceptionrr-r.rrrrrs6              @