o i"@sddlmZmZddlmZddlmZddlmZddl m Z ddl m Z ddl mZddlmZmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddl m!Z!ddl"m#Z#m$Z$ddl%m&Z&ddl'm(Z(defddZ)dZ*dZ+dZ,dZ-dee geeeBfde.e/defddZ0 d4d!e!eeefd"ed#ed Bd$e#d Bd%e$d Bde.ef d&d'Z1d"ed#ed Bd$e#d%e$de(f d(d)Z2d*edefd+d,Z3 d4d-ed.e.ed/e.e/d Bd0e/d Bd1ed Bde.ef d2d3Z4d S)5) AwaitableCallable)Any)urlparse) AnyHttpUrl)CORSMiddleware)Request)Response)Routerequest_response)ASGIApp)AuthorizationHandler)MetadataHandler)RegistrationHandler)RevocationHandler) TokenHandler)ClientAuthenticator) OAuthAuthorizationServerProvider)ClientRegistrationOptionsRevocationOptions)MCP_PROTOCOL_VERSION_HEADER) OAuthMetadataurlcCsR|jdkr|jdkr|jdur|jdstd|jr td|jr'tddS)z Validate that the issuer URL meets OAuth 2.0 requirements. Args: url: The issuer URL to validate Raises: ValueError: If the issuer URL is invalid https localhostNz 127.0.0.1zIssuer URL must be HTTPSz#Issuer URL must not have a fragmentz'Issuer URL must not have a query string)schemehost startswith ValueErrorfragmentquery)rr!\/var/www/html/karishye-ai-python/venv/lib/python3.10/site-packages/mcp/server/auth/routes.pyvalidate_issuer_urls r#z /authorizez/tokenz /registerz/revokehandler allow_methodsreturncCstt|d|tgd}|S)N*)app allow_originsr% allow_headers)rr r)r$r%cors_appr!r!r"cors_middleware8sr,Nprovider issuer_urlservice_documentation_urlclient_registration_optionsrevocation_optionsc Cst||pt}|p t}t||||}t|}tdtt|jddgddgdtt t |jddgdtt tt ||jddgddgdg}|j rbt||d}|ttt|jddgddgd|j r|t||} |ttt| jddgddgd|S)Nz'/.well-known/oauth-authorization-serverGETOPTIONSendpointmethodsPOST)options)r#rrbuild_metadatarr r,rhandleAUTHORIZATION_PATHr TOKEN_PATHrenabledrappendREGISTRATION_PATHrREVOCATION_PATH) r-r.r/r0r1metadataclient_authenticatorroutesregistration_handlerrevocation_handlerr!r!r"create_auth_routesEsx     rFcCstt|dt}tt|dt}t||||jdgdddgdgd|dddddgd}|jr>tt|dt|_ |jrQtt|dt |_ dg|_ |S)N/codeauthorization_code refresh_tokenclient_secret_postS256)issuerauthorization_endpointtoken_endpointscopes_supportedresponse_types_supportedresponse_modes_supportedgrant_types_supported%token_endpoint_auth_methods_supported0token_endpoint_auth_signing_alg_values_supportedservice_documentationui_locales_supported op_policy_uri op_tos_uriintrospection_endpoint code_challenge_methods_supported) rstrrstripr;r<r valid_scopesr=r?registration_endpointr@revocation_endpoint*revocation_endpoint_auth_methods_supported)r.r/r0r1authorization_url token_urlrAr!r!r"r9s2r9resource_server_urlcCs<tt|}|jdkr|jnd}t|jd|jd|S)u Build RFC 9728 compliant protected resource metadata URL. Inserts /.well-known/oauth-protected-resource between host and resource path as specified in RFC 9728 §3.1. Args: resource_server_url: The resource server URL (e.g., https://example.com/mcp) Returns: The metadata URL (e.g., https://example.com/.well-known/oauth-protected-resource/mcp) rGz://z%/.well-known/oauth-protected-resource)rr\pathrrnetloc)rdparsed resource_pathr!r!r"build_resource_metadata_urls rj resource_urlauthorization_serversrP resource_nameresource_documentationc Cslddlm}ddlm}||||||d}||}t|} tt| } | j} t| t |j ddgddgdgS)a} Create routes for OAuth 2.0 Protected Resource Metadata (RFC 9728). Args: resource_url: The URL of this resource server authorization_servers: List of authorization servers that can issue tokens scopes_supported: Optional list of scopes supported by this resource Returns: List of Starlette routes for protected resource metadata r) ProtectedResourceMetadataHandler)ProtectedResourceMetadata)resourcerlrPrmrnr2r3r4) !mcp.server.auth.handlers.metadataromcp.shared.authrprjrr\rfr r,r:) rkrlrPrmrnrorprAr$ metadata_urlrhwell_known_pathr!r!r" create_protected_resource_routess&    rv)NNN)5collections.abcrrtypingr urllib.parserpydanticrstarlette.middleware.corsrstarlette.requestsrstarlette.responsesr starlette.routingr r starlette.typesr "mcp.server.auth.handlers.authorizer rrr!mcp.server.auth.handlers.registerrmcp.server.auth.handlers.revokermcp.server.auth.handlers.tokenr&mcp.server.auth.middleware.client_authrmcp.server.auth.providerrmcp.server.auth.settingsrrmcp.server.streamable_httprrsrr#r;r<r?r@listr\r,rFr9rjrvr!r!r!r"s                   Q (