o *is@s~ddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z GdddeZGd d d ZdS) N)Any)unquote)Request) OAuthAuthorizationServerProvider)OAuthClientInformationFullc@seZdZdefddZdS)AuthenticationErrormessagecCs ||_dS)N)r)selfrr c/home/ubuntu/veenaModal/venv/lib/python3.10/site-packages/mcp/server/auth/middleware/client_auth.py__init__s zAuthenticationError.__init__N)__name__ __module__ __qualname__strr r r r r rsrc@s:eZdZdZdeeeeffddZdedefddZ d S) ClientAuthenticatora ClientAuthenticator is a callable which validates requests from a client application, used to verify /token calls. If, during registration, the client requested to be issued a secret, the authenticator asserts that /token calls must be authenticated with that same token. NOTE: clients can opt for no authentication during registration, in which case this logic is skipped. providercCs ||_dS)zx Initialize the dependency. Args: provider: Provider to look up client information N)r)r rr r r r s zClientAuthenticator.__init__requestreturnc s|IdH}|d}|std|jt|IdH}|s$tdd}|jdd}|jdkr{|ds;td z0|d d}t | d }d |vrRt d | d d\} }t| } t|}| |krjtdWn3t ttjfyztdw|jdkr|d} t| trt| }n|jdkrd}ntd|j|jr|stdt|j|std|jr|jttkrtd|S)a Authenticate a client from an HTTP request. Extracts client credentials from the appropriate location based on the client's registered authentication method and validates them. Args: request: The HTTP request containing client credentials Returns: The authenticated client information Raises: AuthenticationError: If authentication fails N client_idzMissing client_idzInvalid client_id Authorizationclient_secret_basiczBasic z?Missing or invalid Basic authentication in Authorization headerzutf-8:zInvalid Basic auth formatz Client ID mismatch in Basic authz#Invalid Basic authentication headerclient_secret_post client_secretnonezUnsupported auth method: zClient secret is requiredzInvalid client_secretzClient secret has expired)formgetrr get_clientrheaderstoken_endpoint_auth_method startswithbase64 b64decodedecode ValueErrorsplitrUnicodeDecodeErrorbinasciiError isinstancerhmaccompare_digestencodeclient_secret_expires_atinttime) r r form_datarclientrequest_client_secret auth_headerencoded_credentialsdecodedbasic_client_id raw_form_datar r r authenticate_request'sZ         z(ClientAuthenticator.authenticate_requestN) r rr__doc__rrr rrr<r r r r rs  r)r%r+r.r3typingr urllib.parserstarlette.requestsrmcp.server.auth.providerrmcp.shared.authr Exceptionrrr r r r s