o c۷i' @s,ddlZddlZddlZddlmZddlmZmZmZddl m Z m Z m Z m Z mZmZddlmZddlmZddlmZddlmZmZdd lmZmZmZdd lmZGd d d e ZGd dde Z Gdddeeee Be ddfZ!Gddde Z"GdddeeZ#eGdddZ$dS)N) dataclass) AnnotatedAnyLiteral) AnyHttpUrlAnyUrl BaseModelField RootModelValidationError)Request)stringify_pydantic_error)PydanticJSONResponse)AuthenticationErrorClientAuthenticator) OAuthAuthorizationServerProvider TokenErrorTokenErrorCode) OAuthTokenc@seZdZUeded<edddZeed<edddZe dBed <eed <dZ edBed <edd dZ eed <edddZ edBed<dS)AuthorizationCodeRequestauthorization_code grant_type.zThe authorization code descriptioncodeNz7Must be the same as redirect URI provided in /authorize redirect_uri client_id client_secretzPKCE code verifier code_verifier Resource indicator for the tokenresource) __name__ __module__ __qualname__r__annotations__r rstrrrrrr r&r&T/home/ubuntu/vllm_env/lib/python3.10/site-packages/mcp/server/auth/handlers/token.pyrs rc@sveZdZUeded<edddZeed<edddZedBed<eed <dZ edBed <edd dZ edBed <dS) RefreshTokenRequest refresh_tokenr.zThe refresh tokenrNzOptional scope parameterscoperrrr ) r!r"r#rr$r r)r%r*rr r&r&r&r'r(s r(c@s(eZdZUeeeBeddfed<dS) TokenRequestr discriminatorrootN)r!r"r#rrr(r r$r&r&r&r'r++s  r+rr,c@s:eZdZUdZeed<dZedBed<dZe dBed<dS)TokenErrorResponsezG See https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 errorNerror_description error_uri) r!r"r#__doc__rr$r1r%r2rr&r&r&r'r/9s r/c@seZdZUeed<dS)TokenSuccessResponser.N)r!r"r#rr$r&r&r&r'r4Cs r4c@sHeZdZUeeeefed<eed<deeBfddZ de fddZ d S) TokenHandlerproviderclient_authenticatorobjcCs&d}t|tr d}t||ddddS)Nino-storeno-cachez Cache-ControlPragmacontent status_codeheaders) isinstancer/r)selfr8r@r&r&r'responseOs zTokenHandler.responserequestc stz |j|IdH}Wn!ty-}zttd|jddddddWYd}~Sd}~wwz|IdH}tt |j }Wnt y\}z| tdt |dWYd}~Sd}~ww|j|jvrq| td d |jd dS|td r!|j||jIdH}|dus|j|jkr| td ddS|jtkr| td ddS|jr|j}nd}|jdurt|jnd} |durt|nd} | | kr| tdddSt|j} t | !"d} | |j#kr| td ddSz |j$||IdH} Wnt%y }z| t|j&|j'dWYd}~Sd}~wwt(d r|j)||j*IdH}|dus?|j|jkrH| td ddS|jr]|jtkr]| td ddS|j+rg|j+,dn|j-}|D]}||j-vr| tdd|ddSqlz |j.|||IdH} Wnt%y}z| t|j&|j'dWYd}~Sd}~ww| t/| dS)Nunauthorized_client)r0r1ir:r;r<r>invalid_requestunsupported_grant_typez2Unsupported grant type (supported grant types are )r& invalid_grantz!authorization code does not existzauthorization code has expiredz?redirect_uri did not match the one used when creating auth code=zincorrect code_verifierzrefresh token does not existzrefresh token has expired invalid_scopezcannot request scope `z` not provided by refresh token)r.)0r7authenticate_requestrrr/messageformr+model_validatedictr.r rDr r grant_typesrr6load_authorization_coderr expires_attime redirect_uri_provided_explicitlyrr%hashlibsha256rencodedigestbase64urlsafe_b64encodedecoderstripcode_challengeexchange_authorization_coderr0r1r(load_refresh_tokenr)r*splitscopesexchange_refresh_tokenr4)rCrE client_infoe form_data token_requestvalidation_error auth_codeauthorize_request_redirect_uritoken_redirect_strauth_redirect_strrYhashed_code_verifiertokensr)rdr*r&r&r'handle]s       B  +zTokenHandler.handleN) r!r"r#rrr$rr4r/rDr rqr&r&r&r'r5Js r5)%r\rXrV dataclassesrtypingrrrpydanticrrrr r r starlette.requestsr mcp.server.auth.errorsr mcp.server.auth.json_responser&mcp.server.auth.middleware.client_authrrmcp.server.auth.providerrrrmcp.shared.authrrr(r+r/r4r5r&r&r&r's6