o i@sdZddlmZddlZddlmZddlmZmZddl m Z ddl m Z ddl mZmZdd lmZdd lmZdd lmZdd lmZmZeeZGd ddeZGdddeZdS)aDescope authentication provider for FastMCP. This module provides DescopeProvider - a complete authentication solution that integrates with Descope's OAuth 2.1 and OpenID Connect services, supporting Dynamic Client Registration (DCR) for seamless MCP client authentication. ) annotationsN) AnyHttpUrl) BaseSettingsSettingsConfigDict) JSONResponse)Route)RemoteAuthProvider TokenVerifier) JWTVerifier)ENV_FILE) get_logger)NotSetNotSetTc@s<eZdZUededdZded<ded<edZded <d S) DescopeProviderSettings$FASTMCP_SERVER_AUTH_DESCOPEPROVIDER_ignore) env_prefixenv_fileextrastr project_idrbase_urlzhttps://api.descope.comdescope_base_urlN) __name__ __module__ __qualname__rr model_config__annotations__rrrrk/var/www/html/karishye-ai-python/venv/lib/python3.10/site-packages/fastmcp/server/auth/providers/descope.pyrs rcs@eZdZdZeeedddfd d Z ddfdd ZZS)DescopeProvideraDescope metadata provider for DCR (Dynamic Client Registration). This provider implements Descope integration using metadata forwarding. This is the recommended approach for Descope DCR as it allows Descope to handle the OAuth flow directly while FastMCP acts as a resource server. IMPORTANT SETUP REQUIREMENTS: 1. Enable Dynamic Client Registration in Descope Console: - Go to the [Inbound Apps page](https://app.descope.com/apps/inbound) of the Descope Console - Click **DCR Settings** - Enable **Dynamic Client Registration (DCR)** - Define allowed scopes 2. Note your Project ID: - Save your Project ID from [Project Settings](https://app.descope.com/settings/project) - Example: P2abc...123 For detailed setup instructions, see: https://docs.descope.com/identity-federation/inbound-apps/creating-inbound-apps#method-2-dynamic-client-registration-dcr Example: ```python from fastmcp.server.auth.providers.descope import DescopeProvider # Create Descope metadata provider (JWT verifier created automatically) descope_auth = DescopeProvider( project_id="P2abc...123", base_url="https://your-fastmcp-server.com", descope_base_url="https://api.descope.com", ) # Use with FastMCP mcp = FastMCP("My App", auth=descope_auth) ``` N)rrrtoken_verifierr str | NotSetTrAnyHttpUrl | str | NotSetTrr!TokenVerifier | Nonecstdd|||dD}|j|_tt|jd|_t|jd|_|durDt |jd|jd|jd|jd|jd }t j |t|jd|jg|jd dS) asInitialize Descope metadata provider. Args: project_id: Your Descope Project ID (e.g., "P2abc...123") base_url: Public URL of this FastMCP server descope_base_url: Descope API base URL (defaults to https://api.descope.com) token_verifier: Optional token verifier. If None, creates JWT verifier for Descope cSsi|] \}}|tur||qSr)r ).0kvrrr ]s z,DescopeProvider.__init__..)rrr/Nz/.well-known/jwks.json /v1/apps/RS256)jwks_uriissuer algorithmaudience)r!authorization_serversr) rmodel_validateitemsrrrrrstriprr super__init__)selfrrrr!settings __class__rrr5Ls2  zDescopeProvider.__init__mcp_path str | Nonereturn list[Route]cs2t|}fdd}|td|dgd|S)aGet OAuth routes including Descope authorization server metadata forwarding. This returns the standard protected resource routes plus an authorization server metadata endpoint that forwards Descope's OAuth metadata to clients. Args: mcp_path: The path where the MCP endpoint is mounted (e.g., "/mcp") This is used to advertise the resource URL in metadata. c sz>t4IdH(}|jdjdIdH}||}t|WdIdHWS1IdHs8wYWdSty]}ztdd|dddWYd}~Sd}~ww) zPForward Descope OAuth authorization server metadata with FastMCP customizations.Nr*'/.well-known/oauth-authorization-server server_errorz"Failed to fetch Descope metadata: )errorerror_descriptioni) status_code) httpx AsyncClientgetrrraise_for_statusjsonr Exception)requestclientresponsemetadataer6rr#oauth_authorization_server_metadatas& 4zGDescopeProvider.get_routes..oauth_authorization_server_metadatar>GET)endpointmethods)r4 get_routesappendr)r6r:routesrOr8rNrrS~s  zDescopeProvider.get_routes)rr"rr#rr#r!r$)N)r:r;r<r=)rrr__doc__r r5rS __classcell__rrr8rr %s)4r )rV __future__rrCpydanticrpydantic_settingsrrstarlette.responsesrstarlette.routingrfastmcp.server.authrr !fastmcp.server.auth.providers.jwtr fastmcp.settingsr fastmcp.utilities.loggingr fastmcp.utilities.typesr rrloggerrr rrrrs