)`i#>ddlmZmZddlmZddlmZddlmZddl m Z ddl m Z ddl mZddlmZmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddl m!Z!ddl"m#Z#m$Z$ddl%m&Z&ddl'm(Z(defdZ)dZ*dZ+dZ,dZ-dee geeezfde.e/defdZ0 d.de!eeefd ed!edzd"e#dzd#e$dzde.ef d$Z1d ed!edzd"e#d#e$de(f d%Z2d&edefd'Z3 d.d(ed)e.ed*e.e/dzd+e/dzd,edzde.ef d-Z4dS)/) AwaitableCallable)Any)urlparse) AnyHttpUrl)CORSMiddleware)Request)Response)Routerequest_response)ASGIApp)AuthorizationHandler)MetadataHandler)RegistrationHandler)RevocationHandler) TokenHandler)ClientAuthenticator) OAuthAuthorizationServerProvider)ClientRegistrationOptionsRevocationOptions)MCP_PROTOCOL_VERSION_HEADER) OAuthMetadataurlc|jdkr;|jdkr0|j)|jdstd|jrtd|jrtddS)z Validate that the issuer URL meets OAuth 2.0 requirements. Args: url: The issuer URL to validate Raises: ValueError: If the issuer URL is invalid https localhostNz 127.0.0.1zIssuer URL must be HTTPSz#Issuer URL must not have a fragmentz'Issuer URL must not have a query string)schemehost startswith ValueErrorfragmentquery)rs j/home/jaya/work/projects/VOICE-AGENT/VIET/agent-env/lib/python3.11/site-packages/mcp/server/auth/routes.pyvalidate_issuer_urlr$s g H # # X !#(*=*=k*J*J !3444 |@>??? yDBCCCDDz /authorizez/tokenz /registerz/revokehandler allow_methodsreturncRtt|d|tg}|S)N*)app allow_originsr' allow_headers)rr r)r&r'cors_apps r#cors_middlewarer/8s6 W % %#23 H Or%Nprovider issuer_urlservice_documentation_urlclient_registration_optionsrevocation_optionsc @t||p t}|p t}t||||}t |}t dt t|jddgddgt tt|jddgt tt t||jddgddgg}|j rRt||}|t t t |jddgddg|j rQt#||} |t t$t | jddgddg|S)Nz'/.well-known/oauth-authorization-serverGETOPTIONSendpointmethodsPOST)options)r$rrbuild_metadatarr r/rhandleAUTHORIZATION_PATHr TOKEN_PATHrenabledrappendREGISTRATION_PATHrREVOCATION_PATH) r0r1r2r3r4metadataclient_authenticatorroutesregistration_handlerrevocation_handlers r#create_auth_routesrJEs ###"="\AZA\A\+B/@/B/B!# H /x88  5$))0 "I&      *(33:FO      $X';<<C#Y'    !F4#* 2 /     !((/Y' +     !  .x9MNN (&-Y' +      Mr%cRtt|dtz}tt|dtz}t ||||jdgdddgddgd|dddddg}|jr#>AS#STT3z??11#66CDDI0 4A"(!%3_E/CEZ.[9=7!#*0H&#*e)3C OO4J4J34O4ORc4c)d)d&!l'1#j//2H2H2M2MP_2_'`'`$?SUj>k; Or%resource_server_urlctt|}|jdkr|jnd}t|jd|jd|S)u Build RFC 9728 compliant protected resource metadata URL. Inserts /.well-known/oauth-protected-resource between host and resource path as specified in RFC 9728 §3.1. Args: resource_server_url: The resource server URL (e.g., https://example.com/mcp) Returns: The metadata URL (e.g., https://example.com/.well-known/oauth-protected-resource/mcp) rLz://z%/.well-known/oauth-protected-resource)rrbpathrrnetloc)rjparsed resource_paths r#build_resource_metadata_urlrqsZc-.. / /F#);##5#5FKK2M nn6=nn_lnn o oor% resource_urlauthorization_serversrV resource_nameresource_documentationcddlm}ddlm}||||||}||}t |} t t | } | j} t| t|j ddgddggS)a} Create routes for OAuth 2.0 Protected Resource Metadata (RFC 9728). Args: resource_url: The URL of this resource server authorization_servers: List of authorization servers that can issue tokens scopes_supported: Optional list of scopes supported by this resource Returns: List of Starlette routes for protected resource metadata r) ProtectedResourceMetadataHandler)ProtectedResourceMetadata)resourcersrVrtrur6r7r8) !mcp.server.auth.handlers.metadatarwmcp.shared.authrxrqrrbrmr r/r>) rrrsrVrtrurwrxrEr& metadata_urlrowell_known_paths r# create_protected_resource_routesr~s$SRRRRR999999((3)#5 H/.x88G/|<rsd////////!!!!!!444444&&&&&&((((((55555555######CCCCCC======AAAAAA======777777FFFFFFEEEEEEQQQQQQQQBBBBBB))))))DZDDDD4"    wiIh,?!?? @ 9       48DH37 NN.sC}=NN *D0N";T!A N *D0 N  %[ NNNNb%%)D0%";%* %  %%%%PpZpJpppp,*. $04 ,,, +,3i$&,: , '- ,  %[ ,,,,,,r%