)`isddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z GddeZGd d ZdS) N)Any)unquote)Request) OAuthAuthorizationServerProvider)OAuthClientInformationFullceZdZdefdZdS)AuthenticationErrormessagec||_dS)N)r )selfr s z/home/jaya/work/projects/VOICE-AGENT/VIET/agent-env/lib/python3.11/site-packages/mcp/server/auth/middleware/client_auth.py__init__zAuthenticationError.__init__s  N)__name__ __module__ __qualname__strrrr r r s/rr c@eZdZdZdeeeeffdZdedefdZ dS)ClientAuthenticatora ClientAuthenticator is a callable which validates requests from a client application, used to verify /token calls. If, during registration, the client requested to be issued a secret, the authenticator asserts that /token calls must be authenticated with that same token. NOTE: clients can opt for no authentication during registration, in which case this logic is skipped. providerc||_dS)zx Initialize the dependency. Args: provider: Provider to look up client information N)r)r rs r rzClientAuthenticator.__init__s! rrequestreturnc<K|d{V}|d}|std|jt |d{V}|stdd}|jdd}|jdkr|dstd  |d d}tj | d }d |vrtd | d d\} }t| } t|}| |krtdn#ttt jf$rtdwxYw|jdkr:|d} t%| t rt | }n%|jdkrd}ntd|j|jr|stdt)j|j|std|jr8|jt1t3jkrtd|S)a Authenticate a client from an HTTP request. Extracts client credentials from the appropriate location based on the client's registered authentication method and validates them. Args: request: The HTTP request containing client credentials Returns: The authenticated client information Raises: AuthenticationError: If authentication fails N client_idzMissing client_idzInvalid client_id Authorizationclient_secret_basiczBasic z?Missing or invalid Basic authentication in Authorization headerzutf-8:zInvalid Basic auth formatz Client ID mismatch in Basic authz#Invalid Basic authentication headerclient_secret_post client_secretnonezUnsupported auth method: zClient secret is requiredzInvalid client_secretzClient secret has expired)formgetr r get_clientrheaderstoken_endpoint_auth_method startswithbase64 b64decodedecode ValueErrorsplitrUnicodeDecodeErrorbinasciiError isinstancer$hmaccompare_digestencodeclient_secret_expires_atinttime) r r form_datarclientrequest_client_secret auth_headerencoded_credentialsdecodedbasic_client_id raw_form_datas r authenticate_requestz(ClientAuthenticator.authenticate_request's ",,..(((((( MM+..  ;%&9:: :}//I???????? ;%&9:: :,0o))/2>>  ,0E E E))(33 m)*klll Q&1!""o# *+>??FFwOOg%%$%@AAA9@sA9N9N6!6#*/":":(/0E(F(F%"i//-.PQQQ0 2HNC Q Q Q)*OPPP Q .2F F F%MM/::M--- ;(+M(:(:%  .& 8 8$( ! !%OF,MOO    G( G)*EFFF &v';'B'B'D'DF[FbFbFdFdee C)*ABBB. G63RUXY]YbYdYdUeUe3e3e)*EFFF s BE,F N) rrr__doc__rrrrrrCrrr rrsp!!A#sC-!P!!!!L'L>XLLLLLLrr)r,r2r5r:typingr urllib.parserstarlette.requestsrmcp.server.auth.providerrmcp.shared.authr Exceptionr rrrr rKs   &&&&&&EEEEEE666666) ``````````r