{hddlmZmZddlmZddlmZddlmZddl m Z ddl m Z ddl mZmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddl m!Z!m"Z"ddl#m$Z$ddl%m&Z&defdZ'dZ(dZ)dZ*dZ+dee ge ee zfde,e-defdZ. d+deeeefded edzd!e!dzd"e"dzde,ef d#Z/ded edzd!e!d"e"de&f d$Z0 d+d%ed&e,ed'e,e-dzd(e-dzd)edzde,ef d*Z1y),) AwaitableCallable)Any) AnyHttpUrl)CORSMiddleware)Request)Response)Routerequest_response)ASGIApp)AuthorizationHandler)MetadataHandler)RegistrationHandler)RevocationHandler) TokenHandler)ClientAuthenticator) OAuthAuthorizationServerProvider)ClientRegistrationOptionsRevocationOptions)MCP_PROTOCOL_VERSION_HEADER) OAuthMetadataurlc|jdk7rA|jdk7r2|j&|jjds td|jr td|j r tdy)z Validate that the issuer URL meets OAuth 2.0 requirements. Args: url: The issuer URL to validate Raises: ValueError: If the issuer URL is invalid https localhostNz 127.0.0.1zIssuer URL must be HTTPSz#Issuer URL must not have a fragmentz'Issuer URL must not have a query string)schemehost startswith ValueErrorfragmentquery)rs W/var/www/html/hubwallet-dev/venv/lib/python3.12/site-packages/mcp/server/auth/routes.pyvalidate_issuer_urlr#sp g HH # XX !#((*=*=k*J344 ||>?? yyBCCz /authorizez/tokenz /registerz/revokehandler allow_methodsreturnc@tt|d|tg}|S)N*)app allow_originsr& allow_headers)rr r)r%r&cors_apps r"cors_middlewarer.7s) W %#23 H Or$Nprovider issuer_urlservice_documentation_urlclient_registration_optionsrevocation_optionsc t||xs t}|xs t}t||||}t |}t dt t|jddgddgt tt|jddgt tt t||jddgddgg}|jrFt||}|jt t t |jddgddg|jrEt#||} |jt t$t | jddgddg|S)Nz'/.well-known/oauth-authorization-serverGETOPTIONSendpointmethodsPOST)options)r#rrbuild_metadatarr r.rhandleAUTHORIZATION_PATHr TOKEN_PATHrenabledrappendREGISTRATION_PATHrREVOCATION_PATH) r/r0r1r2r3metadataclient_authenticatorroutesregistration_handlerrevocation_handlers r"create_auth_routesrIDs #"="\AZA\+B/@/B!# H /x8  5$)00 "I&    *(3::FO    $X';<CC#Y'  !F4#**2 /   !((//Y' +   !!.x9MN (&--Y' +    Mr$ctt|jdtz}tt|jdtz}t ||||j dgdddgdgd|dddddg}|jr/tt|jdtz|_ |jr7tt|jdtz|_ dg|_ |S)N/codeauthorization_code refresh_tokenclient_secret_postS256)issuerauthorization_endpointtoken_endpointscopes_supportedresponse_types_supportedresponse_modes_supportedgrant_types_supported%token_endpoint_auth_methods_supported0token_endpoint_auth_signing_alg_values_supportedservice_documentationui_locales_supported op_policy_uri op_tos_uriintrospection_endpoint code_challenge_methods_supported) rstrrstripr>r?r valid_scopesr@rBregistration_endpointrCrevocation_endpoint*revocation_endpoint_auth_methods_supported)r0r1r2r3authorization_url token_urlrDs r"r<r<s #3z?#9#9##>AS#ST3z?11#6CDI0 4AA"(!%3_E/C.D9=7!#*0H&#**)3C O4J4J34ORc4c)d&!!'1#j/2H2H2MP_2_'`$?S>T; Or$ resource_urlauthorization_serversrT resource_nameresource_documentationcddlm}ddlm}||||||}||}t dt |j ddgddggS) a} Create routes for OAuth 2.0 Protected Resource Metadata (RFC 9728). Args: resource_url: The URL of this resource server authorization_servers: List of authorization servers that can issue tokens scopes_supported: Optional list of scopes supported by this resource Returns: List of Starlette routes for protected resource metadata r) ProtectedResourceMetadataHandler)ProtectedResourceMetadata)resourcerirTrjrkz%/.well-known/oauth-protected-resourcer5r6r7)!mcp.server.auth.handlers.metadatarmmcp.shared.authrnr r.r=) rhrirTrjrkrmrnrDr%s r" create_protected_resource_routesrrsb$S9(3)#5 H/x8G  3$W^^eY5GHI&  r$)NNN)2collections.abcrrtypingrpydanticrstarlette.middleware.corsrstarlette.requestsrstarlette.responsesr starlette.routingr r starlette.typesr "mcp.server.auth.handlers.authorizer rpr!mcp.server.auth.handlers.registerrmcp.server.auth.handlers.revokermcp.server.auth.handlers.tokenr&mcp.server.auth.middleware.client_authrmcp.server.auth.providerrmcp.server.auth.settingsrrmcp.server.streamable_httprrqrr#r>r?rBrClistr`r.rIr<rrr$r"rs/4&(5#C=A=7FEQB)DZD4"    wiIh,?!?? @ 9    48DH37 N.sC}=NN *D0N";T!A N *D0 N  %[ Nb%%)D0%";%* %  %V*. $04 && +&3i$&&: & '- &  %[ &r$