§
    "¾<i†  م                   َب   — d Z ddlmZ ddlmZmZmZ ddlmZm	Z	 ddl
mZ ddlmZ ddlmZ ddlmZ dd	lmZmZ  ee¦  «        Z G d
„ de¦  «        Z G d„ de¦  «        ZdS )a™  Auth0 OAuth provider for FastMCP.

This module provides a complete Auth0 integration that's ready to use with
just the configuration URL, client ID, client secret, audience, and base URL.

Example:
    ```python
    from fastmcp import FastMCP
    from fastmcp.server.auth.providers.auth0 import Auth0Provider

    # Simple Auth0 OAuth protection
    auth = Auth0Provider(
        config_url="https://auth0.config.url",
        client_id="your-auth0-client-id",
        client_secret="your-auth0-client-secret",
        audience="your-auth0-api-audience",
        base_url="http://localhost:8000",
    )

    mcp = FastMCP("My Protected Server", auth=auth)
    ```
é    )عAsyncKeyValue)ع
AnyHttpUrlع	SecretStrعfield_validator)عBaseSettingsعSettingsConfigDict)ع	OIDCProxy)عENV_FILE©عparse_scopes)ع
get_logger)عNotSetعNotSetTc                   َL  — e Zd ZU dZ eded¬¦  «        ZdZedz  e	d<   dZ
edz  e	d<   dZedz  e	d<   dZedz  e	d	<   dZedz  e	d
<   dZedz  e	d<   dZedz  e	d<   dZee         dz  e	d<   dZee         dz  e	d<   dZedz  e	d<    edd¬¦  «        ed„ ¦   «         ¦   «         ZdS )عAuth0ProviderSettingsz!Settings for Auth0 OIDC provider.عFASTMCP_SERVER_AUTH_AUTH0_عignore)ع
env_prefixعenv_fileعextraNع
config_urlع	client_idعclient_secretعaudienceعbase_urlع
issuer_urlعredirect_pathعrequired_scopesعallowed_client_redirect_urisعjwt_signing_keyعbefore)عmodec                 َ    — t          |¦  «        S )Nr   )عclsعvs     ْ‍/Users/kimhansen/Desktop/03 Workspace/ceo-agents/chl-effectiveness/mcp-servers/whoop/.venv/lib/python3.11/site-packages/fastmcp/server/auth/providers/auth0.pyع_parse_scopesz#Auth0ProviderSettings._parse_scopes9   s   € ُ کA‰Œذَ    )ع__name__ع
__module__ع__qualname__ع__doc__r   r
   عmodel_configr   r   ع__annotations__r   عstrr   r   r   r   r   r   r   عlistr   r    r   عclassmethodr'   © r(   r&   r   r   %   sI  € € € € € € ط+ذ+à%ذ%ط/ططًٌ ô €Lً %)€Jگ
کTر!ذ(ذ(ر(ط €IˆsگT‰zذ ذ ر ط&*€Mگ9کtر#ذ*ذ*ر*ط€HˆcگD‰jذذرط"&€Hˆjک4رذ&ذ&ر&ط$(€Jگ
کTر!ذ(ذ(ر(ط $€Mگ3ک‘:ذ$ذ$ر$ط(,€OگTک#”Y ر%ذ,ذ,ر,ط59ذ  $ s¤)¨dر"2ذ9ذ9ر9ط"&€OگSک4‘Zذ&ذ&ر&à€_ذ&¨Xذ6ر6ش6طًً ٌ „[ٌ 7ش6ًً ً r(   r   c                   َو   ‡ — e Zd ZdZeeeeeeeeededdœdeez  ez  deez  deez  deez  d	eez  ez  d
eez  ez  dee         ez  deez  dee         ez  de	dz  dee
z  ez  deddfˆ fd„Zˆ xZS )عAuth0Provideraه  An Auth0 provider implementation for FastMCP.

    This provider is a complete Auth0 integration that's ready to use with
    just the configuration URL, client ID, client secret, audience, and base URL.

    Example:
        ```python
        from fastmcp import FastMCP
        from fastmcp.server.auth.providers.auth0 import Auth0Provider

        # Simple Auth0 OAuth protection
        auth = Auth0Provider(
            config_url="https://auth0.config.url",
            client_id="your-auth0-client-id",
            client_secret="your-auth0-client-secret",
            audience="your-auth0-api-audience",
            base_url="http://localhost:8000",
        )

        mcp = FastMCP("My Protected Server", auth=auth)
        ```
    NT)r   r   r   r   r   r   r   r   r   عclient_storager    عrequire_authorization_consentr   r   r   r   r   r   r   r   r   r5   r    r6   عreturnc                َ”  •— t                                d„ |||||||||	|dœ
                     ¦   «         D ¦   «         ¦  «        }|j        st	          d¦  «        ‚|j        st	          d¦  «        ‚|j        st	          d¦  «        ‚|j        st	          d¦  «        ‚|j        st	          d¦  «        ‚|j	        pdg}t          ¦   «                              |j        |j        |j                             ¦   «         |j        |j        |j        |j        ||j        |
|j        |¬	¦  «         t"                               d
|j        |¦  «         dS )aV  Initialize Auth0 OAuth provider.

        Args:
            config_url: Auth0 config URL
            client_id: Auth0 application client id
            client_secret: Auth0 application client secret
            audience: Auth0 API audience
            base_url: Public URL where OAuth endpoints will be accessible (includes any mount path)
            issuer_url: Issuer URL for OAuth metadata (defaults to base_url). Use root-level URL
                to avoid 404s during discovery when mounting under a path.
            required_scopes: Required Auth0 scopes (defaults to ["openid"])
            redirect_path: Redirect path configured in Auth0 application
            allowed_client_redirect_uris: List of allowed redirect URI patterns for MCP clients.
                If None (default), all URIs are allowed. If empty list, no URIs are allowed.
            client_storage: Storage backend for OAuth state (client registrations, encrypted tokens).
                If None, a DiskStore will be created in the data directory (derived from `platformdirs`). The
                disk store will be encrypted using a key derived from the JWT Signing Key.
            jwt_signing_key: Secret for signing FastMCP JWT tokens (any string or bytes). If bytes are provided,
                they will be used as is. If a string is provided, it will be derived into a 32-byte key. If not
                provided, the upstream client secret will be used to derive a 32-byte key using PBKDF2.
            require_authorization_consent: Whether to require user consent before authorizing clients (default True).
                When True, users see a consent screen before being redirected to Auth0.
                When False, authorization proceeds directly without user confirmation.
                SECURITY WARNING: Only disable for local development or testing environments.
        c                 َ,   — i | ]\  }}|t           u¯||“ŒS r2   )r   )ع.0عkr%   s      r&   ْ
<dictcomp>z*Auth0Provider.__init__.<locals>.<dictcomp>پ   s3   € ً ً ً لگAگqً ‌Fگ?گ?ً گ1ً #گ?گ?r(   )
r   r   r   r   r   r   r   r   r   r    zRconfig_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CONFIG_URLzPclient_id is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_IDzXclient_secret is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_SECRETzNaudience is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_AUDIENCEzNbase_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_BASE_URLعopenid)r   r   r   r   r   r   r   r   r   r5   r    r6   z>Initialized Auth0 OAuth provider for client %s with scopes: %sN)r   عmodel_validateعitemsr   ع
ValueErrorr   r   r   r   r   عsuperع__init__عget_secret_valuer   r   r   r    عloggerعdebug)عselfr   r   r   r   r   r   r   r   r   r5   r    r6   عsettingsعauth0_required_scopesع	__class__s                  €r&   rB   zAuth0Provider.__init__W   s؟  ّ€ ُR )×7ز7ًً ً #-ط!*ط%2ط (ط (ط",ط'6ط%2ط4Pط'6ًً ÷ ’%‘'”'ًٌ ô ٌ
ô 
ˆً& ش"ً 	فطdٌô ً ً ش!ً 	فطbٌô ً ً ش%ً 	فطjٌô ً ً ش ً 	فط`ٌô ً ً ش ً 	فط`ٌô ً ً !)ش 8ذ F¸X¸Jذه‰Œ×زطش*طش(ط"ش0×AزAرCشCطش&طش&طش*ط"ش0ط1ط)1ش)Nط)ط$ش4ط*Gً 	ٌ 	
ô 	
ً 	
ُ 	ڈٹطLطشط!ٌ	
ô 	
ً 	
ً 	
ً 	
r(   )r)   r*   r+   r,   r   r   r/   r   r0   r   عbytesعboolrB   ع__classcell__)rI   s   @r&   r4   r4   ?   s`  ّ€ € € € € ًً ً4 28ط#)ط'-ط"(ط/5ط17ط/5ط'-ط<Bط/3ط17ط.2ًj
ً j
ً j
ً  ر$ wر.ًj
ً ک‘=ً	j
ً
 کW‘}ًj
ً ک‘-ًj
ً کsر" Wر,ًj
ً  ر$ wر.ًj
ً کcœ Wر,ًj
ً کW‘}ًj
ً '+¨3¤i°'ر&9ًj
ً &¨ر,ًj
ً کu™ wر.ًj
ً (,ًj
ً 
ًj
ً j
ً j
ً j
ً j
ً j
ً j
ً j
ً j
ً j
r(   r4   N)r,   عkey_value.aio.protocolsr   عpydanticr   r   r   عpydantic_settingsr   r   عfastmcp.server.auth.oidc_proxyr	   عfastmcp.settingsr
   عfastmcp.utilities.authr   عfastmcp.utilities.loggingr   عfastmcp.utilities.typesr   r   r)   rD   r   r4   r2   r(   r&   ْ<module>rU      s0  ًًً ً. 2ذ 1ذ 1ذ 1ذ 1ذ 1ط ;ذ ;ذ ;ذ ;ذ ;ذ ;ذ ;ذ ;ذ ;ذ ;ط >ذ >ذ >ذ >ذ >ذ >ذ >ذ >à 4ذ 4ذ 4ذ 4ذ 4ذ 4ط %ذ %ذ %ذ %ذ %ذ %ط /ذ /ذ /ذ /ذ /ذ /ط 0ذ 0ذ 0ذ 0ذ 0ذ 0ط 3ذ 3ذ 3ذ 3ذ 3ذ 3ذ 3ذ 3à	ˆگHر	ش	€ًً ً ً ً کLٌ ô ً ً4B
ً B
ً B
ً B
ً B
گIٌ B
ô B
ً B
ً B
ً B
r(   