o i@sdZddlmZddlZddlmZddlmZmZddl m Z ddl m Z ddl mZmZdd lmZdd lmZdd lmZdd lmZmZeeZGd ddeZGdddeZdS)aScalekit authentication provider for FastMCP. This module provides ScalekitProvider - a complete authentication solution that integrates with Scalekit's OAuth 2.1 and OpenID Connect services, supporting Resource Server authentication for seamless MCP client authentication. ) annotationsN) AnyHttpUrl) BaseSettingsSettingsConfigDict) JSONResponse)Route)RemoteAuthProvider TokenVerifier) JWTVerifier)ENV_FILE) get_logger)NotSetNotSetTc@s<eZdZUededdZded<ded<ded<ded <d S) ScalekitProviderSettings%FASTMCP_SERVER_AUTH_SCALEKITPROVIDER_ignore) env_prefixenv_fileextrarenvironment_urlstr client_id resource_idmcp_urlN)__name__ __module__ __qualname__rr model_config__annotations__rrl/var/www/html/karishye-ai-python/venv/lib/python3.10/site-packages/fastmcp/server/auth/providers/scalekit.pyrs  rcsBeZdZdZeeeedddfd d Z ddfdd ZZS)ScalekitProvideraScalekit resource server provider for OAuth 2.1 authentication. This provider implements Scalekit integration using resource server pattern. FastMCP acts as a protected resource server that validates access tokens issued by Scalekit's authorization server. IMPORTANT SETUP REQUIREMENTS: 1. Create an MCP Server in Scalekit Dashboard: - Go to your [Scalekit Dashboard](https://app.scalekit.com/) - Navigate to MCP Servers section - Register a new MCP Server with appropriate scopes - Ensure the Resource Identifier matches exactly what you configure as MCP URL - Note the Resource ID 2. Environment Configuration: - Set SCALEKIT_ENVIRONMENT_URL (e.g., https://your-env.scalekit.com) - Set SCALEKIT_CLIENT_ID from your OAuth application - Set SCALEKIT_RESOURCE_ID from your created resource - Set MCP_URL to your FastMCP server's public URL For detailed setup instructions, see: https://docs.scalekit.com/mcp/overview/ Example: ```python from fastmcp.server.auth.providers.scalekit import ScalekitProvider # Create Scalekit resource server provider scalekit_auth = ScalekitProvider( environment_url="https://your-env.scalekit.com", client_id="sk_client_...", resource_id="sk_resource_...", mcp_url="https://your-fastmcp-server.com", ) # Use with FastMCP mcp = FastMCP("My App", auth=scalekit_auth) ``` N)rrrrtoken_verifierrAnyHttpUrl | str | NotSetTr str | NotSetTrrr"TokenVerifier | Nonecstdd||||dD}t|jd|_|j|_|j|_t|j|_|dur:t |jd|jd|jd}t j |t |jd |jg|jd dS) aInitialize Scalekit resource server provider. Args: environment_url: Your Scalekit environment URL (e.g., "https://your-env.scalekit.com") client_id: Your Scalekit OAuth client ID resource_id: Your Scalekit resource ID mcp_url: Public URL of this FastMCP server (used as audience) token_verifier: Optional token verifier. If None, creates JWT verifier for Scalekit cSsi|] \}}|tur||qSr)r ).0kvrrr cs z-ScalekitProvider.__init__..)rrrr/Nz/keysRS256)jwks_uriissuer algorithmaudiencez /resources/)r"authorization_serversbase_url) rmodel_validateitemsrrrstriprrrr super__init__r)selfrrrrr"settings __class__rr r6Ps6    zScalekitProvider.__init__mcp_path str | Nonereturn list[Route]cs2t|}fdd}|td|dgd|S)aGet OAuth routes including Scalekit authorization server metadata forwarding. This returns the standard protected resource routes plus an authorization server metadata endpoint that forwards Scalekit's OAuth metadata to clients. Args: mcp_path: The path where the MCP endpoint is mounted (e.g., "/mcp") This is used to advertise the resource URL in metadata. c sz=t4IdH'}|jdjIdH}||}t|WdIdHWS1IdHs7wYWdStyd}zt d|tdd|dddWYd}~Sd}~ww)zQForward Scalekit OAuth authorization server metadata with FastMCP customizations.Nz2/.well-known/oauth-authorization-server/resources/z#Failed to fetch Scalekit metadata: server_error)errorerror_descriptioni) status_code) httpx AsyncClientgetrrraise_for_statusjsonr Exceptionloggerr@)requestclientresponsemetadataer7rr #oauth_authorization_server_metadatas( 4zHScalekitProvider.get_routes..oauth_authorization_server_metadataz'/.well-known/oauth-authorization-serverGET)endpointmethods)r5 get_routesappendr)r7r;routesrPr9rOr rTs  zScalekitProvider.get_routes) rr#rr$rr$rr#r"r%)N)r;r<r=r>)rrr__doc__r r6rT __classcell__rrr9r r!&s,8r!)rW __future__rrCpydanticrpydantic_settingsrrstarlette.responsesrstarlette.routingrfastmcp.server.authrr !fastmcp.server.auth.providers.jwtr fastmcp.settingsr fastmcp.utilities.loggingr fastmcp.utilities.typesr rrrIrr!rrrr s