o i&@s&ddlZddlmZddlmZmZddlmZmZm Z m Z m Z ddl m Z mZddlmZddlmZmZddlmZdd lmZdd lmZmZmZmZmZdd lmZm Z e!e"Z#Gd d d eZ$GdddeZ%de&dde BeBde&dBfddZ'Gddde eZ(eGdddZ)dS)N) dataclass)AnyLiteral)AnyUrl BaseModelField RootModelValidationError)FormData QueryParams)Request)RedirectResponseResponse)stringify_pydantic_error)PydanticJSONResponse)AuthorizationErrorCodeAuthorizationParamsAuthorizeError OAuthAuthorizationServerProviderconstruct_redirect_uri)InvalidRedirectUriErrorInvalidScopeErrorc@seZdZUedddZeed<edddZedBed<edddZ e d ed <edd dZ eed <ed ddZ e d ed<edddZ edBed<edddZedBed<edddZedBed<dS)AuthorizationRequest.z The client ID) description client_idNz&URL to redirect to after authorization redirect_uriz*Must be 'code' for authorization code flowcode response_typezPKCE code challengecode_challengeZS256z(PKCE code challenge method, must be S256code_challenge_methodzOptional state parameterstatezOOptional scope; if specified, should be a space-separated list of scope stringsscopezIRFC 8707 resource indicator - the MCP server this token will be used withresource)__name__ __module__ __qualname__rrstr__annotations__rrrrrrr r!r"r(r(Y/home/app/Keep/.python/lib/python3.10/site-packages/mcp/server/auth/handlers/authorize.pyrs rc@sBeZdZUeed<edBed<dZedBed<dZedBed<dS)AuthorizationErrorResponseerrorNerror_description error_urir ) r#r$r%rr'r&r-rr r(r(r(r)r*,s  r*keyparamsreturncCs(|durdS||}t|tr|SdS)N)get isinstancer&)r.r/valuer(r(r)best_effort_extract_string4s   r4c@seZdZUeed<dS) AnyUrlModelrootN)r#r$r%rr'r(r(r(r)r5=s r5c@s2eZdZUeeeefed<dedefddZdS)AuthorizationHandlerproviderrequestr0c sdddd ddtdtdBdtffdd }z|jdkr)|jn|IdHtdz t}|j Wn6t yu}z*d }| D]}|d d kr_|d d kr_d}nqM||t |IdHWYd}~WSd}~wwj |jIdHs|d d|jdddIdHWSz|jWnty}z|d |jdIdHWYd}~WSd}~wwz|j}Wnty}z|d|jdIdHWYd}~WSd}~wwt||j|jdu|jd}ztj |IdHdddidWWSty}z||j|jdIdHWYd}~WSd}~wwtyB}zt j!d|d|dddIdHWYd}~Sd}~ww)NTr+r,attempt_load_clientc sdur|rtd}|rj|IdHnddurFrFzdur+dvr+d}n ttdj}|Wn ttfyEYnwdurOtdt ||d}rorot t t fi|j ddddd id Std |dd id S) Nrrr )r+r,r T)Z exclude_none. Cache-Controlno-storeurl status_codeheadersi)r@contentrA)r4r8 get_clientr5model_validater6validate_redirect_urir rr*r rr&Z model_dumpr)r+r,r:rZraw_redirect_uriZ error_respclientr/rselfr r(r)error_responseNsF    z3AuthorizationHandler.handle..error_responseGETr Zinvalid_requestloc)rtypeZ literal_errorZunsupported_response_typez Client ID 'z ' not foundF)r+r,r:)r+r,Z invalid_scope)r scopesrrZ redirect_uri_provided_explicitlyr"r;r<r=r>z)Unexpected error in authorization_handler)exc_info server_errorzAn unexpected error occurred)T)"rr&boolmethodZ query_paramsformr4rrDr r errorsrr8rCrrErrmessageZvalidate_scoper!rrrr"r Z authorizerr+r, Exceptionlogger exception) rHr9rIZ auth_requestZvalidation_errorr+erMZ auth_paramsr(rFr)handleEs@     "     $zAuthorizationHandler.handleN) r#r$r%rrr'r rrYr(r(r(r)r7As r7)*logging dataclassesrtypingrrZpydanticrrrrr Zstarlette.datastructuresr r Zstarlette.requestsr Zstarlette.responsesr rZmcp.server.auth.errorsrZmcp.server.auth.json_responserZmcp.server.auth.providerrrrrrZmcp.shared.authrr getLoggerr#rVrr*r&r4r5r7r(r(r(r)s$     "