§
    "¾<iá0  ã                  óf  — d dl mZ d dlZd dlZd dlmZ d dlmZ d dlZd dl	Z	d dl
mZ d dlmZ d dlmZ d dlmZmZ d d	lmZ d d
lmZmZmZ d dlmZ d dlmZ d dlmZ d dlm Z m!Z! d dl"m#Z# d dl$m%Z% dgZ& e%e'¦  «        Z( G d„ de)¦  «        Z*	 ddd„Z+ G d„ de¦  «        Z, G d„ de¦  «        Z-dS ) é    )ÚannotationsN)ÚAsyncGenerator)ÚAny)ÚPydanticAdapter)ÚAsyncKeyValue)ÚMemoryStore)ÚOAuthClientProviderÚTokenStorage)ÚMcpHttpClientFactory)ÚOAuthClientInformationFullÚOAuthClientMetadataÚ
OAuthToken)Ú
AnyHttpUrl)Úoverride)ÚServer)ÚOAuthCallbackResultÚcreate_oauth_callback_server)Úfind_available_port)Ú
get_loggerÚOAuthc                  ó   — e Zd ZdZdS )ÚClientNotFoundErrorzARaised when OAuth client credentials are not found on the server.N)Ú__name__Ú
__module__Ú__qualname__Ú__doc__© ó    ú”/Users/kimhansen/Desktop/03 Workspace/ceo-agents/chl-effectiveness/mcp-servers/whoop/.venv/lib/python3.11/site-packages/fastmcp/client/auth/oauth.pyr   r   $   s   € € € € € ØKÐKÐKÐKr   r   Úmcp_urlÚstrÚhttpx_kwargsúdict[str, Any] | NoneÚreturnÚboolc              ƒ  ó†  K  — t          j        di |pi ¤Ž4 ƒd{V —†}	 |                     | d¬¦  «        ƒ d{V —†}|j        dv r	 ddd¦  «        ƒd{V —† dS d|j        v r	 ddd¦  «        ƒd{V —† dS 	 ddd¦  «        ƒd{V —† dS # t           j        $ r Y ddd¦  «        ƒd{V —† dS w xY w# 1 ƒd{V —†swxY w Y   dS )	z 
    Check if the MCP endpoint requires authentication by making a test request.

    Returns:
        True if auth appears to be required, False otherwise
    Ng      @)Útimeout)i‘  i“  TzWWW-AuthenticateFr   )ÚhttpxÚAsyncClientÚgetÚstatus_codeÚheadersÚRequestError)r    r"   ÚclientÚresponses       r   Úcheck_if_auth_requiredr0   (   s+  è è € õ Ô Ð8Ð8 LÐ$6°BÐ8Ð8ð ð ð ð ð ð ð ¸Fð	à#ŸZšZ¨¸˜ZÑ=Ô=Ð=Ð=Ð=Ð=Ð=Ð=ˆHð Ô# zÐ1Ð1Øðð ð ñ ô ð ð ð ð ð ð ð ð ð ð " XÔ%5Ð5Ð5Øðð ð ñ ô ð ð ð ð ð ð ð ð ð ð ðð ð ñ ô ð ð ð ð ð ð ð ð ð øõ  Ô!ð 	ð 	ð 	àð%ð ð ñ ô ð ð ð ð ð ð ð ð ð ð 	øøøð!ð ð ð ð ð ð ð ð ð øøøð ð ð ð ð ð s4   œB0ž&B	Á	B	Â	B-ÂB0Â,B-Â-B0Â0
B:Â=B:c                  ó¸   — e Zd ZU ded<   ded<   ded<   ded<   dd„Zdd„Zdd„Zdd„Zedd„¦   «         Z	ed d„¦   «         Z
ed!d„¦   «         Zed"d„¦   «         ZdS )#ÚTokenStorageAdapterr!   Ú_server_urlr   Ú_key_value_storezPydanticAdapter[OAuthToken]Ú_storage_oauth_tokenz+PydanticAdapter[OAuthClientInformationFull]Ú_storage_client_infoÚasync_key_valueÚ
server_urlc                óÂ   — || _         || _        t          t                   d|t          d¬¦  «        | _        t          t
                   d|t
          d¬¦  «        | _        d S )Nzmcp-oauth-tokenT)Údefault_collectionÚ	key_valueÚpydantic_modelÚraise_on_validation_errorzmcp-oauth-client-info)r3   r4   r   r   r5   r   r6   )Úselfr7   r8   s      r   Ú__init__zTokenStorageAdapter.__init__L   sk   € Ø%ˆÔØ /ˆÔÝ$3µJÔ$?Ø0Ø%Ý%Ø&*ð	%
ñ %
ô %
ˆÔ!õ %4Õ4NÔ$OØ6Ø%Ý5Ø&*ð	%
ñ %
ô %
ˆÔ!Ð!Ð!r   r$   c                ó   — | j         › dS )Nz/tokens©r3   ©r>   s    r   Ú_get_token_cache_keyz(TokenStorageAdapter._get_token_cache_key\   s   € ØÔ"Ð+Ð+Ð+Ð+r   c                ó   — | j         › dS )Nz/client_inforA   rB   s    r   Ú_get_client_info_cache_keyz.TokenStorageAdapter._get_client_info_cache_key_   s   € ØÔ"Ð0Ð0Ð0Ð0r   ÚNonec              ƒ  óÖ   K  — | j                              |                      ¦   «         ¬¦  «        ƒ d {V —† | j                             |                      ¦   «         ¬¦  «        ƒ d {V —† d S ©N)Úkey)r5   ÚdeleterC   r6   rE   rB   s    r   ÚclearzTokenStorageAdapter.clearb   s|   è è € ØÔ'×.Ò.°4×3LÒ3LÑ3NÔ3NÐ.ÑOÔOÐOÐOÐOÐOÐOÐOÐOØÔ'×.Ò.°4×3RÒ3RÑ3TÔ3TÐ.ÑUÔUÐUÐUÐUÐUÐUÐUÐUÐUÐUr   úOAuthToken | Nonec              ƒ  ól   K  — | j                              |                      ¦   «         ¬¦  «        ƒ d {V —†S rH   )r5   r*   rC   rB   s    r   Ú
get_tokenszTokenStorageAdapter.get_tokensf   s>   è è € àÔ.×2Ò2°t×7PÒ7PÑ7RÔ7RÐ2ÑSÔSÐSÐSÐSÐSÐSÐSÐSr   Útokensr   c              ƒ  ó~   K  — | j                              |                      ¦   «         ||j        ¬¦  «        ƒ d {V —† d S ©N)rI   ÚvalueÚttl)r5   ÚputrC   Ú
expires_in)r>   rO   s     r   Ú
set_tokenszTokenStorageAdapter.set_tokensj   sf   è è € àÔ'×+Ò+Ø×)Ò)Ñ+Ô+ØØÔ!ð ,ñ 
ô 
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
r   ú!OAuthClientInformationFull | Nonec              ƒ  ól   K  — | j                              |                      ¦   «         ¬¦  «        ƒ d {V —†S rH   )r6   r*   rE   rB   s    r   Úget_client_infoz#TokenStorageAdapter.get_client_infor   sS   è è € àÔ.×2Ò2Ø×/Ò/Ñ1Ô1ð 3ñ 
ô 
ð 
ð 
ð 
ð 
ð 
ð 
ð 	
r   Úclient_infor   c              ƒ  óÖ   K  — d }|j         r(|j         t          t          j        ¦   «         ¦  «        z
  }| j                             |                      ¦   «         ||¬¦  «        ƒ d {V —† d S rQ   )Úclient_secret_expires_atÚintÚtimer6   rT   rE   )r>   rZ   rS   s      r   Úset_client_infoz#TokenStorageAdapter.set_client_infox   s   è è € àˆàÔ/ð 	JØÔ6½½T¼Y¹[¼[Ñ9IÔ9IÑIˆCàÔ'×+Ò+Ø×/Ò/Ñ1Ô1ØØð ,ñ 
ô 
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
ð 	
r   N)r7   r   r8   r!   )r$   r!   ©r$   rF   )r$   rL   )rO   r   r$   rF   )r$   rW   )rZ   r   r$   rF   )r   r   r   Ú__annotations__r?   rC   rE   rK   r   rN   rV   rY   r_   r   r   r   r2   r2   F   s  € € € € € € ØÐÐÑØ#Ð#Ð#Ñ#Ø5Ð5Ð5Ñ5ØEÐEÐEÑEð
ð 
ð 
ð 
ð ,ð ,ð ,ð ,ð1ð 1ð 1ð 1ðVð Vð Vð Vð ðTð Tð Tñ „XðTð ð
ð 
ð 
ñ „Xð
ð ð
ð 
ð 
ñ „Xð
ð
 ð

ð 

ð 

ñ „Xð

ð 

ð 

r   r2   c                  óZ   ‡ — e Zd ZdZ	 	 	 	 	 	 ddˆ fd„Zdˆ fd„Zd d„Zd!d„Zd"ˆ fd„Zˆ xZ	S )#r   zé
    OAuth client provider for MCP servers with browser-based authentication.

    This class provides OAuth authentication for FastMCP clients by opening
    a browser for user authorization and running a local callback server.
    NúFastMCP Clientr    r!   Úscopesústr | list[str] | NoneÚclient_nameÚtoken_storageúAsyncKeyValue | NoneÚadditional_client_metadatar#   Úcallback_portú
int | NoneÚhttpx_client_factoryúMcpHttpClientFactory | Nonec           	     ót  •— |                      d¦  «        }|pt          j        | _        |pt	          ¦   «         | _        d| j        › d}t          |t          ¦  «        rd                     |¦  «        }	n|t          |¦  «        }	nd}	t          d|t          |¦  «        gddgd	g|	d
œ|pi ¤Ž}
|pt          ¦   «         }t          |t          ¦  «        rddlm}  |dd¬¦  «         t          ||¬¦  «        | _        || _        t%          ¦   «                              ||
| j        | j        | j        ¬¦  «         dS )al  
        Initialize OAuth client provider for an MCP server.

        Args:
            mcp_url: Full URL to the MCP endpoint (e.g. "http://host/mcp/sse/")
            scopes: OAuth scopes to request. Can be a
            space-separated string or a list of strings.
            client_name: Name for this client during registration
            token_storage: An AsyncKeyValue-compatible token store, tokens are stored in memory if not provided
            additional_client_metadata: Extra fields for OAuthClientMetadata
            callback_port: Fixed port for OAuth callback (default: random available port)
        ú/zhttp://localhost:z	/callbackú NÚ Úauthorization_codeÚrefresh_tokenÚcode)rf   Úredirect_urisÚgrant_typesÚresponse_typesÚscoper   )ÚwarnzöUsing in-memory token storage -- tokens will be lost when the client restarts. For persistent storage across multiple MCP servers, provide an encrypted AsyncKeyValue backend. See https://gofastmcp.com/clients/auth/oauth#token-storage for details.é   )ÚmessageÚ
stacklevel)r7   r8   )r8   Úclient_metadataÚstorageÚredirect_handlerÚcallback_handlerr   )Úrstripr(   r)   rl   r   Úredirect_portÚ
isinstanceÚlistÚjoinr!   r   r   r   Úwarningsry   r2   Útoken_storage_adapterr    Úsuperr?   r   r€   )r>   r    rd   rf   rg   ri   rj   rl   Úredirect_uriÚ
scopes_strr}   ry   Ú	__class__s               €r   r?   zOAuth.__init__Ž   sœ  ø€ ð. —.’. Ñ%Ô%ˆð %9Ð$M½EÔ<MˆÔ!Ø*ÐCÕ.AÑ.CÔ.CˆÔØH¨4Ô+=ÐHÐHÐHˆõ fdÑ#Ô#ð 	ØŸš &Ñ)Ô)ˆJˆJØÐÝ˜V™œˆJˆJàˆJå-ð 
Ø#Ý% lÑ3Ô3Ð4Ø-¨Ð?Ø"˜8àð
ð 
ð *Ð/¨Rð
ð 
ˆð &Ð6­©¬ˆåm¥[Ñ1Ô1ð 	Ø%Ð%Ð%Ð%Ð%Ð%àˆDð\ð ð	ñ ô ð õ ;NØ)°gð;
ñ ;
ô ;
ˆÔ"ð
 ˆŒõ 	‰Œ×ÒØØ+ØÔ.Ø!Ô2Ø!Ô2ð 	ñ 	
ô 	
ð 	
ð 	
ð 	
r   r$   rF   c              ƒ  óâ   •K  — t          ¦   «                              ¦   «         ƒ d{V —† | j        j        r7| j        j        j        r(| j                             | j        j        ¦  «         dS dS dS )zBLoad stored tokens and client info, properly setting token expiry.N)rˆ   Ú_initializeÚcontextÚcurrent_tokensrU   Úupdate_token_expiry)r>   r‹   s    €r   r   zOAuth._initializeÜ   sŠ   øè è € õ ‰gŒg×!Ò!Ñ#Ô#Ð#Ð#Ð#Ð#Ð#Ð#Ð#ð Œ<Ô&ð 	J¨4¬<Ô+FÔ+Qð 	JØŒL×,Ò,¨T¬\Ô-HÑIÔIÐIÐIÐIð	Jð 	Jð 	Jð 	Jr   Úauthorization_urlc              ƒ  ó˜  K  — |                       ¦   «         4 ƒd{V —†}|                     |d¬¦  «        ƒ d{V —†}|j        dk    rt          d¦  «        ‚|j        dvrt	          d|j        › ¦  «        ‚	 ddd¦  «        ƒd{V —† n# 1 ƒd{V —†swxY w Y   t
                               d|› ¦  «         t          j        |¦  «         dS )	zIOpen browser for authorization, with pre-flight check for invalid client.NF)Úfollow_redirectsi  z8OAuth client not found - cached credentials may be stale)éÈ   i.  i/  i3  i4  z#Unexpected authorization response: zOAuth authorization URL: )	rl   r*   r+   r   ÚRuntimeErrorÚloggerÚinfoÚ
webbrowserÚopen)r>   r‘   r.   r/   s       r   r   zOAuth.redirect_handlerå   s~  è è € ð ×,Ò,Ñ.Ô.ð 	ð 	ð 	ð 	ð 	ð 	ð 	°&Ø#ŸZšZÐ(9ÈE˜ZÑRÔRÐRÐRÐRÐRÐRÐRˆHð Ô# sÒ*Ð*Ý)ØNñô ð ð
 Ô#Ð+DÐDÐDÝ"ØP¸(Ô:NÐPÐPñô ð ð ð	ð 	ð 	ñ 	ô 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	øøøð 	ð 	ð 	ð 	õ 	ŠÐCÐ0AÐCÐCÑDÔDÐDÝŒÐ)Ñ*Ô*Ð*Ð*Ð*s   ABÂ
BÂBútuple[str, str | None]c              ƒ  ó:  K  — t          ¦   «         }t          j        ¦   «         }t          | j        | j        ||¬¦  «        }t          j        ¦   «         4 ƒd{V —†}|                     |j        ¦  «         t           
                    d| j        › ¦  «         d}	 t          j        |¦  «        5  |                     ¦   «         ƒ d{V —† |j        r|j        ‚|j        |j        fcddd¦  «         d|_        t          j        d¦  «        ƒ d{V —† |j                             ¦   «          cddd¦  «        ƒd{V —† S # 1 swxY w Y   n&# t(          $ r}t)          d|› d¦  «        |‚d}~ww xY w	 d|_        t          j        d¦  «        ƒ d{V —† |j                             ¦   «          n?# d|_        t          j        d¦  «        ƒ d{V —† |j                             ¦   «          w xY w	 ddd¦  «        ƒd{V —† n# 1 ƒd{V —†swxY w Y   t+          d	¦  «        ‚)
z4Handle OAuth callback and return (auth_code, state).)Úportr8   Úresult_containerÚresult_readyNu7   ðŸŽ§ OAuth callback server started on http://localhost:g     Àr@Tgš™™™™™¹?zOAuth callback timed out after z secondsz+OAuth callback handler could not be started)r   ÚanyioÚEventr   r‚   r    Úcreate_task_groupÚ
start_soonÚserver–   r—   Ú
fail_afterÚwaitÚerrorrt   ÚstateÚshould_exitÚsleepÚcancel_scopeÚcancelÚTimeoutErrorr•   )r>   Úresultrž   ÚserverÚtgÚTIMEOUTÚes          r   r€   zOAuth.callback_handlerú   s`  è è € õ %Ñ&Ô&ˆÝ”{‘}”}ˆõ 6ØÔ#Ø”|Ø#Ø%ð	
ñ 
ô 
ˆõ Ô*Ñ,Ô,ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)°ØMŠM˜&œ,Ñ'Ô'Ð'ÝKŠKØ^È$ÔJ\Ð^Ð^ñô ð ð ˆGð)ÝÔ% gÑ.Ô.ð 5ð 5Ø&×+Ò+Ñ-Ô-Ð-Ð-Ð-Ð-Ð-Ð-Ð-Ø”|ð +Ø$œlÐ*Ø!œ;¨¬Ð4ð	5ð 5ð 5ð 5ñ 5ô 5ð 5ð &*Ô"Ý”k #Ñ&Ô&Ð&Ð&Ð&Ð&Ð&Ð&Ð&Ø”×&Ò&Ñ(Ô(Ð(ð)	)ð 	)ð 	)ð 	)ñ 	)ô 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð5ð 5ð 5ð 5øøøð 5ð 5ð 5ð 5ð 5øõ
  ð ð ð Ý"ØG°gÐGÐGÐGñô àðøøøøðøøøð5ð &*Ô"Ý”k #Ñ&Ô&Ð&Ð&Ð&Ð&Ð&Ð&Ð&Ø”×&Ò&Ñ(Ô(Ð(Ð(øð &*Ô"Ý”k #Ñ&Ô&Ð&Ð&Ð&Ð&Ð&Ð&Ð&Ø”×&Ò&Ñ(Ô(Ð(Ð(øøøÐ(ð)	)ð 	)ð 	)ñ 	)ô 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)ð 	)øøøð 	)ð 	)ð 	)ð 	)õ, ÐHÑIÔIÐIsr   Á?G=ÂE	Â.6D=Ã$E	Ã0:G=Ä=E	ÅE	ÅE	ÅE	ÅF+Å	
E,ÅE'Å'E,Å,F+Å0;G=Æ+<G'Ç'G=Ç=
HÈ
HÚrequestúhttpx.Requestú-AsyncGenerator[httpx.Request, httpx.Response]c               ó  •K  — 	 t          ¦   «                              |¦  «        }d}	 	 |                     |¦  «        ƒ d{V —†}|W V —}n# t          $ r Y dS w xY wŒ4# t          $ rš t
                               d¦  «         d| _        | j         	                    ¦   «         ƒ d{V —† t          ¦   «                              |¦  «        }d}	 	 |                     |¦  «        ƒ d{V —†}|W V —}n# t          $ r Y Y dS w xY wŒ5w xY w)z×HTTPX auth flow with automatic retry on stale cached credentials.

        If the OAuth flow fails due to invalid/stale client credentials,
        clears the cache and retries once with fresh registration.
        NTz@OAuth client not found on server, clearing cache and retrying...F)
rˆ   Úasync_auth_flowÚasendÚStopAsyncIterationr   r–   ÚdebugÚ_initializedr‡   rK   )r>   r²   Úgenr/   Úyielded_requestr‹   s        €r   r¶   zOAuth.async_auth_flow!  sw  øè è € ð	å‘'”'×)Ò)¨'Ñ2Ô2ˆCØˆHððà,/¯IªI°hÑ,?Ô,?Ð&?Ð&?Ð&?Ð&?Ð&?Ð&?OØ%4Ð4Ð4Ð4HHøÝ)ð ð ð ØEEðøøøðøõ #ð 	ð 	ð 	ÝLŠLØRñô ð ð !&ˆDÔØÔ,×2Ò2Ñ4Ô4Ð4Ð4Ð4Ð4Ð4Ð4Ð4õ ‘'”'×)Ò)¨'Ñ2Ô2ˆCØˆHððØ,/¯IªI°hÑ,?Ô,?Ð&?Ð&?Ð&?Ð&?Ð&?Ð&?OØ%4Ð4Ð4Ð4HHøÝ)ð ð ð ØEEEðøøøð	ð	øøøsS   …$A ª A Á
A Á
AÁA ÁAÁA ÁA.DÃ C-Ã,DÃ-
C<Ã7DÃ;C<Ã<D)Nrc   NNNN)r    r!   rd   re   rf   r!   rg   rh   ri   r#   rj   rk   rl   rm   r`   )r‘   r!   r$   rF   )r$   rš   )r²   r³   r$   r´   )
r   r   r   r   r?   r   r   r€   r¶   Ú__classcell__)r‹   s   @r   r   r   †   s×   ø€ € € € € ðð ð *.Ø+Ø.2Ø<@Ø$(Ø<@ðL
ð L
ð L
ð L
ð L
ð L
ð L
ð\Jð Jð Jð Jð Jð Jð+ð +ð +ð +ð*%Jð %Jð %Jð %JðN$ð $ð $ð $ð $ð $ð $ð $ð $ð $r   )N)r    r!   r"   r#   r$   r%   ).Ú
__future__r   r^   r˜   Úcollections.abcr   Útypingr   rŸ   r(   Úkey_value.aio.adapters.pydanticr   Úkey_value.aio.protocolsr   Úkey_value.aio.stores.memoryr   Úmcp.client.authr	   r
   Úmcp.shared._httpx_utilsr   Úmcp.shared.authr   r   r   Úpydanticr   Útyping_extensionsr   Úuvicorn.serverr   Úfastmcp.client.oauth_callbackr   r   Úfastmcp.utilities.httpr   Úfastmcp.utilities.loggingr   Ú__all__r   r–   Ú	Exceptionr   r0   r2   r   r   r   r   ú<module>rÏ      sJ  ðØ "Ð "Ð "Ð "Ð "Ð "à €€€Ø Ð Ð Ð Ø *Ð *Ð *Ð *Ð *Ð *Ø Ð Ð Ð Ð Ð à €€€Ø €€€Ø ;Ð ;Ð ;Ð ;Ð ;Ð ;Ø 1Ð 1Ð 1Ð 1Ð 1Ð 1Ø 3Ð 3Ð 3Ð 3Ð 3Ð 3Ø =Ð =Ð =Ð =Ð =Ð =Ð =Ð =Ø 8Ð 8Ð 8Ð 8Ð 8Ð 8ðð ð ð ð ð ð ð ð ð ð
  Ð Ð Ð Ð Ð Ø &Ð &Ð &Ð &Ð &Ð &Ø !Ð !Ð !Ð !Ð !Ð !ðð ð ð ð ð ð ð ð 7Ð 6Ð 6Ð 6Ð 6Ð 6Ø 0Ð 0Ð 0Ð 0Ð 0Ð 0àˆ)€à	ˆHÑ	Ô	€ðLð Lð Lð Lð L˜)ñ Lô Lð Lð
 9=ðð ð ð ð ð<=
ð =
ð =
ð =
ð =
˜,ñ =
ô =
ð =
ð@ð ð ð ð Ðñ ô ð ð ð r   