o i' @s,ddlZddlZddlZddlmZddlmZmZmZddl m Z m Z m Z m Z mZmZddlmZddlmZddlmZddlmZmZdd lmZmZmZdd lmZGd d d e ZGd dde Z Gdddeeee Be ddfZ!Gddde Z"GdddeeZ#eGdddZ$dS)N) dataclass) AnnotatedAnyLiteral) AnyHttpUrlAnyUrl BaseModelField RootModelValidationError)Request)stringify_pydantic_error)PydanticJSONResponse)AuthenticationErrorClientAuthenticator) OAuthAuthorizationServerProvider TokenErrorTokenErrorCode) OAuthTokenc@seZdZUeded<edddZeed<edddZe dBed <eed <dZ edBed <edd dZ eed <edddZ edBed<dS)AuthorizationCodeRequestZauthorization_code grant_type.zThe authorization code descriptioncodeNz7Must be the same as redirect URI provided in /authorize redirect_uri client_id client_secretzPKCE code verifier code_verifier Resource indicator for the tokenresource) __name__ __module__ __qualname__r__annotations__r rstrrrrrrr%r%U/home/app/Keep/.python/lib/python3.10/site-packages/mcp/server/auth/handlers/token.pyrs rc@sveZdZUeded<edddZeed<edddZedBed<eed <dZ edBed <edd dZ edBed <dS) RefreshTokenRequest refresh_tokenr.zThe refresh tokenrNzOptional scope parameterscoperrrr) r r!r"rr#r r(r$r)rrr%r%r%r&r's r'c@s(eZdZUeeeBeddfed<dS) TokenRequestrZ discriminatorrootN)r r!r"rrr'r r#r%r%r%r&r*+s  r*rr+c@s:eZdZUdZeed<dZedBed<dZe dBed<dS)TokenErrorResponsezG See https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 errorNerror_description error_uri) r r!r"__doc__rr#r/r$r0rr%r%r%r&r-9s r-c@seZdZUeed<dS)TokenSuccessResponser,N)r r!r"rr#r%r%r%r&r2Cs r2c@sHeZdZUeeeefed<eed<deeBfddZ de fddZ d S) TokenHandlerproviderclient_authenticatorobjcCs&d}t|tr d}t||ddddS)Nino-storeno-cachez Cache-ControlZPragmacontent status_codeheaders) isinstancer-r)selfr6r=r%r%r&responseOs zTokenHandler.responserequestc stz |j|IdH}Wn!ty-}zttd|jddddddWYd}~Sd}~wwz|IdH}tt |j }Wnt y\}z| tdt |dWYd}~Sd}~ww|j|jvrq| td d |jd dS|td r!|j||jIdH}|dus|j|jkr| td ddS|jtkr| td ddS|jr|j}nd}|jdurt|jnd} |durt|nd} | | kr| tdddSt|j} t | !"d} | |j#kr| td ddSz |j$||IdH} Wnt%y }z| t|j&|j'dWYd}~Sd}~wwt(d r|j)||j*IdH}|dus?|j|jkrH| td ddS|jr]|jtkr]| td ddS|j+rg|j+,dn|j-}|D]}||j-vr| tdd|ddSqlz |j.|||IdH} Wnt%y}z| t|j&|j'dWYd}~Sd}~ww| t/| dS)NZunauthorized_client)r.r/ir8r9r:r;Zinvalid_requestZunsupported_grant_typez2Unsupported grant type (supported grant types are )r%Z invalid_grantz!authorization code does not existzauthorization code has expiredz?redirect_uri did not match the one used when creating auth code=zincorrect code_verifierzrefresh token does not existzrefresh token has expired Z invalid_scopezcannot request scope `z` not provided by refresh token)r,)0r5Zauthenticate_requestrrr-messageformr*Zmodel_validatedictr,r rAr rZ grant_typesrr4Zload_authorization_coderrZ expires_attimeZ redirect_uri_provided_explicitlyrr$hashlibsha256rencodedigestbase64urlsafe_b64encodedecoderstripZcode_challengeZexchange_authorization_coderr.r/r'Zload_refresh_tokenr(r)splitscopesZexchange_refresh_tokenr2)r@rBZ client_infoeZ form_dataZ token_requestZvalidation_errorZ auth_codeZauthorize_request_redirect_uriZtoken_redirect_strZauth_redirect_strrKZhashed_code_verifiertokensr(rSr)r%r%r&handle]s       B  +zTokenHandler.handleN) r r!r"rrr#rr2r-rAr rVr%r%r%r&r3Js r3)%rNrJrI dataclassesrtypingrrrZpydanticrrrr r r Zstarlette.requestsr Zmcp.server.auth.errorsr Zmcp.server.auth.json_responserZ&mcp.server.auth.middleware.client_authrrZmcp.server.auth.providerrrrZmcp.shared.authrrr'r*r-r2r3r%r%r%r&s6