o h' @s,ddlZddlZddlZddlmZddlmZmZmZddl m Z m Z m Z m Z mZmZddlmZddlmZddlmZddlmZmZdd lmZmZmZdd lmZGd d d e ZGd dde Z Gdddeeee Be ddfZ!Gddde Z"GdddeeZ#eGdddZ$dS)N) dataclass) AnnotatedAnyLiteral) AnyHttpUrlAnyUrl BaseModelField RootModelValidationError)Request)stringify_pydantic_error)PydanticJSONResponse)AuthenticationErrorClientAuthenticator) OAuthAuthorizationServerProvider TokenErrorTokenErrorCode) OAuthTokenc@seZdZUeded<edddZeed<edddZe dBed <eed <dZ edBed <edd dZ eed <edddZ edBed<dS)AuthorizationCodeRequestauthorization_code grant_type.zThe authorization code descriptioncodeNz7Must be the same as redirect URI provided in /authorize redirect_uri client_id client_secretzPKCE code verifier code_verifier Resource indicator for the tokenresource) __name__ __module__ __qualname__r__annotations__r rstrrrrrr r&r&_/var/www/html/openai_agents/venv/lib/python3.10/site-packages/mcp/server/auth/handlers/token.pyrs rc@sveZdZUeded<edddZeed<edddZedBed<eed <dZ edBed <edd dZ edBed <dS) RefreshTokenRequest refresh_tokenr.zThe refresh tokenrNzOptional scope parameterscoperrrr ) r!r"r#rr$r r)r%r*rr r&r&r&r'r(s r(c@s(eZdZUeeeBeddfed<dS) TokenRequestr discriminatorrootN)r!r"r#rrr(r r$r&r&r&r'r++s  r+rr,c@s:eZdZUdZeed<dZedBed<dZe dBed<dS)TokenErrorResponsezG See https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 errorNerror_description error_uri) r!r"r#__doc__rr$r1r%r2rr&r&r&r'r/9s r/c@seZdZUeed<dS)TokenSuccessResponser.N)r!r"r#rr$r&r&r&r'r4Cs r4c@sHeZdZUeeeefed<eed<deeBfddZ de fddZ d S) TokenHandlerproviderclient_authenticatorobjcCs&d}t|tr d}t||ddddS)Nizno-storezno-cache)z Cache-ControlPragma)content status_codeheaders) isinstancer/r)selfr8r<r&r&r'responseOs zTokenHandler.responserequestc srz|IdH}tt|j}Wnty/}z|tdt|dWYd}~Sd}~wwz|j j |j |j dIdH}Wnt y[}z|td|jdWYd}~Sd}~ww|j|jvrp|tdd|jddS|tdr |j||jIdH}|dus|j |j kr|td d dS|jtkr|td d dS|jr|j}nd}|jdurt|jnd} |durt|nd} | | kr|tdd dSt|j} t | !"d } | |j#kr|td ddSz |j$||IdH} Wnt%y}z|t|j&|j'dWYd}~Sd}~wwt(dr|j)||j*IdH}|dus>|j |j krG|td ddS|jr\|jtkr\|td ddS|j+rf|j+,dn|j-}|D]}||j-vr|tdd|ddSqkz |j.|||IdH} Wnt%y}z|t|j&|j'dWYd}~Sd}~ww|t/| dS)Ninvalid_request)r0r1)rrunauthorized_clientunsupported_grant_typez2Unsupported grant type (supported grant types are )r& invalid_grantz!authorization code does not existzauthorization code has expiredz?redirect_uri did not match the one used when creating auth code=zincorrect code_verifierzrefresh token does not existzrefresh token has expired invalid_scopezcannot request scope `z` not provided by refresh token)r.)0formr+model_validatedictr.r r@r/r r7 authenticaterrrmessager grant_typesrr6load_authorization_coder expires_attime redirect_uri_provided_explicitlyrr%hashlibsha256rencodedigestbase64urlsafe_b64encodedecoderstripcode_challengeexchange_authorization_coderr0r1r(load_refresh_tokenr)r*splitscopesexchange_refresh_tokenr4)r?rA form_data token_requestvalidation_error client_infoe auth_codeauthorize_request_redirect_uritoken_redirect_strauth_redirect_strrUhashed_code_verifiertokensr)r`r*r&r&r'handle]s       B  +zTokenHandler.handleN) r!r"r#rrr$rr4r/r@r rmr&r&r&r'r5Js r5)%rXrTrR dataclassesrtypingrrrpydanticrrrr r r starlette.requestsr mcp.server.auth.errorsr mcp.server.auth.json_responser&mcp.server.auth.middleware.client_authrrmcp.server.auth.providerrrrmcp.shared.authrrr(r+r/r4r5r&r&r&r's6