+ wi#V^RIHtHt^RIHt^RIHt^RIHt^RI H t ^RI H t ^RI Ht^RIHtHt^R IHt^R IHt^R IHt^R IHt^R IHt^RIHt^RIHt^RI H!t!^RI"H#t#H$t$^RI%H&t&^RI'H(t(RRlt)Rt*Rt+Rt,Rt-RRlt.R%RRllt/RR lt0R!R"lt1R%R#R$llt2R#)&) AwaitableCallable)Any)urlparse AnyHttpUrl)CORSMiddleware)Request)Response)Routerequest_response)ASGIApp)AuthorizationHandler)MetadataHandler)RegistrationHandler)RevocationHandler) TokenHandler)ClientAuthenticator) OAuthAuthorizationServerProvider)ClientRegistrationOptionsRevocationOptions)MCP_PROTOCOL_VERSION_HEADER) OAuthMetadatac$V^8dQhR\/#)urlr)formats"J/home/ubuntu/.local/lib/python3.14/site-packages/mcp/server/auth/routes.py __annotate__rsDDZDc2VPR8wdLVPR8wd;VPe-VPPR4'g \R4hVP'd \R4hVP 'd \R4hR#)z Validate that the issuer URL meets OAuth 2.0 requirements. Args: url: The issuer URL to validate Raises: ValueError: If the issuer URL is invalid https localhostNz 127.0.0.1zIssuer URL must be HTTPSz#Issuer URL must not have a fragmentz'Issuer URL must not have a query string)schemehost startswith ValueErrorfragmentquery)rs&rvalidate_issuer_urlr*sw g HH # XX !#((*=*=k*J*J344 |||>?? yyyBCCr z /authorizez/tokenz /registerz/revokecV^8dQhR\\.\\\,,3,R\\ ,R\ /#)rhandler allow_methodsreturn)rr r rliststrr)rs"rrr8s@   wiIh,?!?? @ 9   r c@\\V4RV\.R7pV#)*)app allow_originsr- allow_headers)r r r)r,r-cors_apps&& rcors_middlewarer78s) W %#23 H Or Nc V^8dQhR\\\\3,R\R\R,R\R,R\R,R\ \ ,/#)rprovider issuer_urlservice_documentation_urlNclient_registration_optionsrevocation_optionsr.)rrrrrr/r )rs"rrrEsjNN.sC}=NN *D0N";T!A N *D0 N  %[ Nr c  \V4T;'g \4pT;'g \4p\VVVV4p\ V4p\ R\ \V4PRR.4RR.R7\ \\V4PRR.R7\ \\ \W4PRR.4RR.R7.pVP'dG\VVR7pVP\ \ \ VPRR.4RR.R74VP'dE\#W4p VP\ \$\ V PRR.4RR.R74V#)z'/.well-known/oauth-authorization-serverGETOPTIONSendpointmethodsPOST)options)r*rrbuild_metadatarr r7rhandleAUTHORIZATION_PATHr TOKEN_PATHrenabledrappendREGISTRATION_PATHrREVOCATION_PATH) r9r:r;r<r=metadataclient_authenticatorroutesregistration_handlerrevocation_handlers &&&&& rcreate_auth_routesrSEs #"="\"\AZA\+BB/@/B!# H /x8  5$)00 "I&    *(3::FO    $X<CC#Y'  !F4#***2 /   !((//Y' +   !!!.xN (&--Y' +    Mr c bV^8dQhR\R\R,R\R\R\/#)rr:r;Nr<r=r.)rrrr)rs"rrrs?%%%)D0%";%* %  %r c8\\V4PR4\,4p\\V4PR4\,4p\ VVVVP R.RRR.RR.RVRRRRR.R7pVP'd4\\V4PR4\,4Vn VP'd=\\V4PR4\,4Vn RR.Vn V#) /codeNauthorization_code refresh_tokenclient_secret_postclient_secret_basicS256)issuerauthorization_endpointtoken_endpointscopes_supportedresponse_types_supportedresponse_modes_supportedgrant_types_supported%token_endpoint_auth_methods_supported0token_endpoint_auth_signing_alg_values_supportedservice_documentationui_locales_supported op_policy_uri op_tos_uriintrospection_endpoint code_challenge_methods_supported) rr0rstriprHrIr valid_scopesrJrLregistration_endpointrMrevocation_endpoint*revocation_endpoint_auth_methods_supported)r:r;r<r=authorization_url token_urlrNs&&&& rrFrFs #3z?#9#9##>AS#ST3z?11#6CDI0 4AA"(!%3_E/CEZ.[9=7!#*0H&#***)3C O4J4J34ORc4c)d&!!!'1#j/2H2H2MP_2_'`$?SUj>k; Or c0V^8dQhR\R\/#)rresource_server_urlr.r)rs"rrrsppZpJpr c\\V44pVPR8wd VPMRp\VP RVP RV 24#)ue Build RFC 9728 compliant protected resource metadata URL. Inserts /.well-known/oauth-protected-resource between host and resource path as specified in RFC 9728 §3.1. Args: resource_server_url: The resource server URL (e.g., https://example.com/mcp) Returns: The metadata URL (e.g., https://example.com/.well-known/oauth-protected-resource/mcp) rVz://z%/.well-known/oauth-protected-resource)rr0pathrr$netloc)rtparsed resource_paths& rbuild_resource_metadata_urlr{sQc-. /F#);;##5FKK2M s6==/9^_l^mn oor c V^8dQhR\R\\,R\\,R,R\R,R\R,R\\,/#)r resource_urlauthorization_serversr`N resource_nameresource_documentationr.)rr/r0r )rs"rrrs_,,, +,3i$&,: , '- ,  %[ ,r c^RIHp^RIHpV!VVVVVR7pV!V4p\ V4p \ \ V 44p V Pp \V \VPRR.4RR.R7.#)a] Create routes for OAuth 2.0 Protected Resource Metadata (RFC 9728). Args: resource_url: The URL of this resource server authorization_servers: List of authorization servers that can issue tokens scopes_supported: Optional list of scopes supported by this resource Returns: List of Starlette routes for protected resource metadata ) ProtectedResourceMetadataHandler)ProtectedResourceMetadata)resourcer~r`rrr?r@rA) !mcp.server.auth.handlers.metadatarmcp.shared.authrr{rr0rwr r7rG) r}r~r`rrrrrNr, metadata_urlrywell_known_paths &&&&& r create_protected_resource_routesrs$S9(3)#5 H/x8G/|rs~/!4&(5#C=A=7FEQB)D4"   Nb%Pp&,,r