{h' fddlZddlZddlZddlmZddlmZmZmZddl m Z m Z m Z m Z mZmZddlmZddlmZddlmZddlmZmZdd lmZmZmZdd lmZGd d e ZGd de Z Gddeeee ze dfZ!Gdde Z"GddeeZ#eGddZ$y)N) dataclass) AnnotatedAnyLiteral) AnyHttpUrlAnyUrl BaseModelField RootModelValidationError)Request)stringify_pydantic_error)PydanticJSONResponse)AuthenticationErrorClientAuthenticator) OAuthAuthorizationServerProvider TokenErrorTokenErrorCode) OAuthTokenceZdZUeded<eddZeed<eddZe dzed <eed <dZ edzed <edd Z eed <eddZ edzed<y)AuthorizationCodeRequestauthorization_code grant_type.zThe authorization code descriptioncodeNz7Must be the same as redirect URI provided in /authorize redirect_uri client_id client_secretzPKCE code verifier code_verifier Resource indicator for the tokenresource) __name__ __module__ __qualname__r__annotations__r rstrrrrr r"_/var/www/html/hubwallet-dev/venv/lib/python3.12/site-packages/mcp/server/auth/handlers/token.pyrrsq,--c'?@D#@"':s"tL&4-tN $M3:$s0DEM3E 3UVHcDjVr)rceZdZUeded<eddZeed<eddZedzed<eed <dZ edzed <edd Z edzed <y) RefreshTokenRequest refresh_tokenr.zThe refresh tokenrNzOptional scope parameterscoperrr!r") r#r$r%rr&r r-r'r.rr"r(r)r*r,r,s^((s0CDM3Dd0JKE3:KN $M3:$ 3UVHcDjVr)r,c6eZdZUeeezedfed<y) TokenRequestr discriminatorrootN)r#r$r%rrr,r r&r(r)r*r0r0+s'  #66 L) + r)r0rr1cDeZdZUdZeed<dZedzed<dZe dzed<y)TokenErrorResponsezG See https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 errorNerror_description error_uri) r#r$r%__doc__rr&r7r'r8rr(r)r*r5r59s- $(sTz(#'IzD 'r)r5ceZdZUeed<y)TokenSuccessResponser3N)r#r$r%rr&r(r)r*r;r;Cs  r)r;cLeZdZUeeeefed<eed<deezfdZ de fdZ y) TokenHandlerproviderclient_authenticatorobjcLd}t|trd}t||dddS)Nizno-storezno-cache)z Cache-ControlPragma)content status_codeheaders) isinstancer5r)selfr@rEs r*responsezTokenHandler.responseOs5 c- .K##!+$  r)requestc 8 K |jd{}tjt|j} |jj|j|jd{}|j|j vr*|j tdd|j dS|xt"dx\|j$j'||j(d{}||j|jk7r|j td d S|j*t-j,kr|j td d S|j.r |j0}nd}|j0t3|j0nd} | t3|nd} | | k7r|j tdd St5j6|j8j;j=} t?j@| jCjEd } | |jFk7r|j td dS |j$jI||d{} nMtPdxA\|j$jS||jTd{}||j|jk7r|j td dS|j*r=|j*t-j,kr|j td dS|jVr|jVjYdn |jZ}|D]2}||jZvs|j tdd|dcS |j$j]|||d{} n|j t_ S7#t $r/}|j tdt|cYd}~Sd}~wwxYw7#t$r0}|j td|jcYd}~Sd}~wwxYw77#tJ$r:}|j t|jL|jNcYd}~Sd}~wwxYw77#tJ$r:}|j t|jL|jNcYd}~Sd}~wwxYww)Ninvalid_request)r6r7)rrunauthorized_clientunsupported_grant_typez2Unsupported grant type (supported grant types are )r( invalid_grantz!authorization code does not existzauthorization code has expiredz?redirect_uri did not match the one used when creating auth code=zincorrect code_verifierzrefresh token does not existzrefresh token has expired invalid_scopezcannot request scope `z` not provided by refresh token)r3)0formr0model_validatedictr3r rIr5rr? authenticaterrrmessager grant_typesrr>load_authorization_coder expires_attime redirect_uri_provided_explicitlyrr'hashlibsha256r encodedigestbase64urlsafe_b64encodedecoderstripcode_challengeexchange_authorization_coderr6r7r,load_refresh_tokenr-r.splitscopesexchange_refresh_tokenr;)rHrJ form_data token_requestvalidation_error client_infoe auth_codeauthorize_request_redirect_uritoken_redirect_strauth_redirect_strr_hashed_code_verifiertokensr-rjr.s r*handlezTokenHandler.handle]s %lln,I(77YHMMM  $ 9 9 F F'11+99!G!K  # #;+B+B B=="2)[\g\s\s[ttu'v +)+"&--"G"G UbUgUg"hh $ (;(;}?V?V(V==*"1.Q''$))+5==*"1.N==5>5K5K2592IVHbHbHnS)C)C%Dtx";Y;eC67ko"&)::==*"3/p! (C(C(J(J(LMTTV'-'?'?'G'N'N'P'W'WX['\$'9+C+CC==*"1.G #'==#L#L[Zc#ddFs,D%&&*mm&F&F{TaToTo&p p  (M,C,C}G^G^,^==*"1.L!++ 0H0H499;0V==*"1.I??_- =="+&>?O&P  # =="/&'ii  (ipe!==*"#''./.A.A!qBl!==*"#''./.A.As%TP P,P 4Q9Q:Q>A:T8R9E>T8R RR 8TSC T #T S$S%S)TP Q$P<6Q7T<QTQ R%Q;5R6T;RTR S /SS TS  TS T/T T TTTN) r#r$r%rrr&rr;r5rIr rwr(r)r*r=r=Js<.sC}==--  03EE  Q@GQ@r)r=)%rbr^r\ dataclassesrtypingrrrpydanticrrr r r r starlette.requestsr mcp.server.auth.errorsrmcp.server.auth.json_responser&mcp.server.auth.middleware.client_authrrmcp.server.auth.providerrrrmcp.shared.authrrr,r0r5r;r=r(r)r*rs  !**UU&;>[aa& Wy W W) W   $': :  - /  ((9Z0 c@c@ c@r)