i?bddlmZddlZddlZddlmZddlmZddlm Z ddl Z ddl Z ddl m Z ddlmZddlmZdd lmZmZdd lmZdd lmZmZmZdd lmZdd lmZddlm Z ddl!m"Z"m#Z#ddl$m%Z%ddl&m'Z'dgZ(e'e)Z*Gdde+Z, d ddZ-GddeZ.GddeZ/y)) annotationsN)AsyncGenerator)aclosing)Any)PydanticAdapter) AsyncKeyValue) MemoryStore)OAuthClientProvider TokenStorage)McpHttpClientFactory)OAuthClientInformationFullOAuthClientMetadata OAuthToken) AnyHttpUrl)override)Server)OAuthCallbackResultcreate_oauth_callback_server)find_available_port) get_loggerOAuthceZdZdZy)ClientNotFoundErrorzARaised when OAuth client credentials are not found on the server.N)__name__ __module__ __qualname____doc__i/Users/bowang/.openclaw/workspace/ChatDev/.venv/lib/python3.12/site-packages/fastmcp/client/auth/oauth.pyrr%sKrrcKtjdi|xsi4d{} |j|dd{}|jdvr dddd{yd|jvr dddd{y dddd{y7r7X7;77 #tj $rYdddd{7ywxYw#1d{7swYyxYww) z Check if the MCP endpoint requires authentication by making a test request. Returns: True if auth appears to be required, False otherwise Ng@)timeout)iiTzWWW-AuthenticateFr)httpx AsyncClientget status_codeheaders RequestError)mcp_url httpx_kwargsclientresponses r check_if_auth_requiredr-)s  8L$6B88F #ZZZ==H##z1988"X%5%55988988>988 !! %988  !988sCBCCBBB CBC!B0 C;B<C C BCBCCCC0C1 C<B?=CCCC C CCceZdZUded<ded<ded<ded<dd Zdd Zdd Zdd Zedd Z eddZ eddZ eddZ y)TokenStorageAdapterstr _server_urlr_key_value_storezPydanticAdapter[OAuthToken]_storage_oauth_tokenz+PydanticAdapter[OAuthClientInformationFull]_storage_client_infoc||_||_ttd|td|_tt d|t d|_y)Nzmcp-oauth-tokenT)default_collection key_valuepydantic_modelraise_on_validation_errorzmcp-oauth-client-info)r1r2rrr3r r4)selfasync_key_value server_urls r __init__zTokenStorageAdapter.__init__MsQ% /$3J$?0%%&* % ! %44N$O6%5&* % !rc |jdS)Nz/tokensr1r:s r _get_token_cache_keyz(TokenStorageAdapter._get_token_cache_key]s""#7++rc |jdS)Nz /client_infor?r@s r _get_client_info_cache_keyz.TokenStorageAdapter._get_client_info_cache_key`s""#<00rcK|jj|jd{|jj|j d{y777wN)key)r3deleterAr4rCr@s r clearzTokenStorageAdapter.clearcs\''..43L3L3N.OOO''..43R3R3T.UUU PUs!.A,A(1A,"A*#A,*A,crK|jj|jd{S7wrE)r3r%rAr@s r get_tokenszTokenStorageAdapter.get_tokensgs/..22t7P7P7R2SSSS .757cxK|jj|j|dd{y7w)Ni3rFvaluettl)r3putrA)r:tokenss r set_tokenszTokenStorageAdapter.set_tokensks= ''++))+",   s 0:8:crK|jj|jd{S7wrE)r4r%rCr@s r get_client_infoz#TokenStorageAdapter.get_client_infovs:..22//13    rKcKd}|jr*|jttjz }|jj |j ||d{y7w)NrM)client_secret_expires_atinttimer4rPrC)r: client_inforOs r set_client_infoz#TokenStorageAdapter.set_client_info|sd  / /66TYY[9IIC''++//1,   sA(A2*A0+A2N)r;rr<r0)returnr0r[None)r[zOAuthToken | None)rQrr[r])r[z!OAuthClientInformationFull | None)rYr r[r]) rrr__annotations__r=rArCrHrrJrRrTrZrrr r/r/Gs##55EE ,1VTT        rr/ceZdZUdZded< d d dZd fd Zd fd ZddZddZ dfd Z xZ S)rz OAuth client provider for MCP servers with browser-based authentication. This class provides OAuth authentication for FastMCP clients by opening a browser for user authorization and running a local callback server. bool_boundc ||_||_||_||_||_||_| |_| |_d|_|xstj|_ d|_ ||j|yy)a* Initialize OAuth client provider for an MCP server. Args: mcp_url: Full URL to the MCP endpoint (e.g. "http://host/mcp/sse/"). Optional when OAuth is passed to Client(auth=...), which provides the URL automatically from the transport. scopes: OAuth scopes to request. Can be a space-separated string or a list of strings. client_name: Name for this client during registration token_storage: An AsyncKeyValue-compatible token store, tokens are stored in memory if not provided additional_client_metadata: Extra fields for OAuthClientMetadata callback_port: Fixed port for OAuth callback (default: random available port) client_metadata_url: A CIMD (Client ID Metadata Document) URL. When provided, this URL is used as the client_id instead of performing Dynamic Client Registration. Must be an HTTPS URL with a non-root path (e.g. "https://myapp.example.com/oauth/client.json"). client_id: Pre-registered OAuth client ID. When provided, skips dynamic client registration and uses these static credentials instead. client_secret: OAuth client secret (optional, used with client_id) NF)_scopes _client_name_token_storage_additional_client_metadata_callback_port_client_metadata_url _client_id_client_secret_static_client_infor#r$httpx_client_factoryra_bind) r:r)scopes client_name token_storageadditional_client_metadata callback_portrlclient_metadata_url client_id client_secrets r r=zOAuth.__init__s|L '++E(+$7!#+#' $8$MEiH  dllD )$,,/J \\ %T\\*JJ- ))%l34-?"8  //52   ??'11t1DH,8;,0,?,?(V56(B(//"11((D $ ++<{} m[ 1 % \  ;N)g; "  +..!22!22 $ 9 9   rcKt|d{|jH|j|j_|j j |jd{|jjrQ|jjjr0|jj|jjyyy77nw)zBLoad stored tokens and client info, properly setting token expiry.N) r _initializerkcontextrYrrZcurrent_tokens expires_inupdate_token_expiry)r:rs r rzOAuth._initializesg!###  # # /'+'?'?DLL $,,< E,H.&E'H. I EI EH.I E( $E,+G, F 5FF  GH.-F0. H. H.G1 / HH. I H I .I 4H7 5I <I cK|js td tt||4d{}d} |j |d{}|} 7'7 #t $rYnwxYwdddd{7y#1d{7swYyxYw#t$r|j tddtjdd|_ |jjd{7tt||4d{7}d} |j |d{7}|}n#t $rYnwxYw1dddd{7Yy#1d{7swYYyxYwwxYww)zHTTPX auth flow with automatic retry on stale cached credentials. If the OAuth flow fails due to invalid/stale client credentials, clears the cache and retries once with fresh registration. zOAuth provider has no server URL. Either pass mcp_url to OAuth() or use it with Client(auth=...) which provides the URL automatically.NzOAuth server rejected the static client credentials. Verify that the client_id (and client_secret, if provided) are correct and that the client is registered with the server.z@OAuth client not found on server, clearing cache and retrying...F)rarrrasync_auth_flowasendStopAsyncIterationrrkrdebug _initializedrrH)r:requestgenr,yielded_requestrs r rzOAuth.async_auth_flow^sp{{X %  7 @AAS03 (0C*C)8#8 B +D-BAAAA# ''3)U  LLR !&D ,,224 4 4  7 @AAS03 (0C*C*C)8#8- BAAAA% s(E=BA BBA$A" A$B B"A$$ A0-B/A00B3 B>B?BE=B B BBE=BAE:4C75!E:DE:E# E4D75 E?E# E  E# E  E# E:EE:!E=#E6 )E,*E6 1E:4E=6E::E=) NNzFastMCP ClientNNNNNNN)r) str | Nonernzstr | list[str] | Noneror0rpzAsyncKeyValue | Nonerqdict[str, Any] | Nonerrz int | NonerlzMcpHttpClientFactory | Nonersrrtrrur)r)r0r[r]r\)rr0r[r])r[ztuple[str, str | None])rz httpx.Requestr[z-AsyncGenerator[httpx.Request, httpx.Response]) rrrrr^r=rmrrrr __classcell__)rs@r rrs L#)-+.2<@$(<@+/ $$(3 3 '3  3 , 3 %: 3 "3 :3 (3 3 "3 jL\ J+*%JN2$2 622r)N)r)r0r*rr[r`)0 __future__rrXrcollections.abcr contextlibrtypingrrr#key_value.aio.adapters.pydanticrkey_value.aio.protocolsrkey_value.aio.stores.memoryr mcp.client.authr r mcp.shared._httpx_utilsr mcp.shared.authr rrpydanticrtyping_extensionsruvicorn.serverrfastmcp.client.oauth_callbackrrfastmcp.utilities.httprfastmcp.utilities.loggingr__all__rr Exceptionrr-r/rrrr rs" * ;13=8  &!70 ) H L)L 9=  5 <@ ,@ FF Fr