o i@sdZddlmZddlmZmZmZddlmZm Z ddl m Z ddl m Z ddlmZddlmZdd lmZmZeeZGd d d eZGd d d e ZdS)aAuth0 OAuth provider for FastMCP. This module provides a complete Auth0 integration that's ready to use with just the configuration URL, client ID, client secret, audience, and base URL. Example: ```python from fastmcp import FastMCP from fastmcp.server.auth.providers.auth0 import Auth0Provider # Simple Auth0 OAuth protection auth = Auth0Provider( config_url="https://auth0.config.url", client_id="your-auth0-client-id", client_secret="your-auth0-client-secret", audience="your-auth0-api-audience", base_url="http://localhost:8000", ) mcp = FastMCP("My Protected Server", auth=auth) ``` ) AsyncKeyValue) AnyHttpUrl SecretStrfield_validator) BaseSettingsSettingsConfigDict) OIDCProxy)ENV_FILE parse_scopes) get_logger)NotSetNotSetTc@seZdZUdZededdZdZedBe d<dZ e dBe d<dZ e dBe d<dZe dBe d <dZedBe d <dZedBe d <dZe dBe d <dZee dBe d <dZee dBe d<dZe dBe d<ed ddeddZdS)Auth0ProviderSettingsz!Settings for Auth0 OIDC provider.FASTMCP_SERVER_AUTH_AUTH0_ignore) env_prefixenv_fileextraN config_url client_id client_secretaudiencebase_url issuer_url redirect_pathrequired_scopesallowed_client_redirect_urisjwt_signing_keybefore)modecCst|S)Nr )clsvr#i/var/www/html/karishye-ai-python/venv/lib/python3.10/site-packages/fastmcp/server/auth/providers/auth0.py _parse_scopes9sz#Auth0ProviderSettings._parse_scopes)__name__ __module__ __qualname____doc__rr model_configrr__annotations__rstrrrrrrrrlistrrr classmethodr%r#r#r#r$r%s(  rcseZdZdZeeeeeeeeededd deeBeBdeeBdeeBdeeBd eeBeBd eeBeBd eeeBd eeBd eeeBde dBdee BeBde ddffddZ Z S) Auth0ProvideraAn Auth0 provider implementation for FastMCP. This provider is a complete Auth0 integration that's ready to use with just the configuration URL, client ID, client secret, audience, and base URL. Example: ```python from fastmcp import FastMCP from fastmcp.server.auth.providers.auth0 import Auth0Provider # Simple Auth0 OAuth protection auth = Auth0Provider( config_url="https://auth0.config.url", client_id="your-auth0-client-id", client_secret="your-auth0-client-secret", audience="your-auth0-api-audience", base_url="http://localhost:8000", ) mcp = FastMCP("My Protected Server", auth=auth) ``` NT) rrrrrrrrrclient_storagerrequire_authorization_consentrrrrrrrrrr0rr1returnc stdd||||||||| | d D} | jstd| js%td| js,td| js3td| js:td| j p?d g}t j | j| j| j | j| j| j | j|| j| | j| d td | j|d S) aVInitialize Auth0 OAuth provider. Args: config_url: Auth0 config URL client_id: Auth0 application client id client_secret: Auth0 application client secret audience: Auth0 API audience base_url: Public URL where OAuth endpoints will be accessible (includes any mount path) issuer_url: Issuer URL for OAuth metadata (defaults to base_url). Use root-level URL to avoid 404s during discovery when mounting under a path. required_scopes: Required Auth0 scopes (defaults to ["openid"]) redirect_path: Redirect path configured in Auth0 application allowed_client_redirect_uris: List of allowed redirect URI patterns for MCP clients. If None (default), all URIs are allowed. If empty list, no URIs are allowed. client_storage: Storage backend for OAuth state (client registrations, encrypted tokens). If None, a DiskStore will be created in the data directory (derived from `platformdirs`). The disk store will be encrypted using a key derived from the JWT Signing Key. jwt_signing_key: Secret for signing FastMCP JWT tokens (any string or bytes). If bytes are provided, they will be used as is. If a string is provided, it will be derived into a 32-byte key. If not provided, the upstream client secret will be used to derive a 32-byte key using PBKDF2. require_authorization_consent: Whether to require user consent before authorizing clients (default True). When True, users see a consent screen before being redirected to Auth0. When False, authorization proceeds directly without user confirmation. SECURITY WARNING: Only disable for local development or testing environments. cSsi|] \}}|tur||qSr#)r ).0kr"r#r#r$ s   z*Auth0Provider.__init__..) rrrrrrrrrrzRconfig_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CONFIG_URLzPclient_id is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_IDzXclient_secret is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_SECRETzNaudience is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_AUDIENCEzNbase_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_BASE_URLopenid) rrrrrrrrrr0rr1z>Initialized Auth0 OAuth provider for client %s with scopes: %sN)rmodel_validateitemsr ValueErrorrrrrrsuper__init__get_secret_valuerrrrloggerdebug)selfrrrrrrrrrr0rr1settingsauth0_required_scopes __class__r#r$r;Wsp)  zAuth0Provider.__init__)r&r'r(r)r rr,rr-rbytesboolr; __classcell__r#r#rBr$r/?sR        r/N)r)key_value.aio.protocolsrpydanticrrrpydantic_settingsrrfastmcp.server.auth.oidc_proxyrfastmcp.settingsr fastmcp.utilities.authr fastmcp.utilities.loggingr fastmcp.utilities.typesr rr&r=rr/r#r#r#r$s