§ "¾QãóÒ—dZddlmZddlZddlmZddlmZmZddl Z ddl mZmZddl mZddlmZdd lmZdd lmZmZmZddlmZmZddlmZdd lmZmZddlm Z ddl!m"Z"ddl#m$Z$ddl%m&Z&m'Z'e$e(¦«Z)Gd„ded¬¦«Z*Gd„de¦«Z+eddd¬¦«Gd„d¦«¦«Z,Gd„de¦«Z-Gd„de¦«Z.Gd „d!e¦«Z/dS)"z*TokenVerifier implementations for FastMCP.é)ÚannotationsN)Ú dataclass)ÚAnyÚcast)Ú JsonWebKeyÚJsonWebToken)Ú JoseError)Ú serialization)Úrsa)Ú AnyHttpUrlÚ SecretStrÚfield_validator)ÚBaseSettingsÚSettingsConfigDict)Ú TypedDict)ÚAccessTokenÚ TokenVerifier)ÚENV_FILE©Úparse_scopes)Ú get_logger)ÚNotSetÚNotSetTcód—eZdZUdZded<ded<ded<ded<ded<ded<d ed <ded<dS) ÚJWKDatazJSON Web Key data structure.ÚstrÚktyÚkidÚuseÚalgÚnÚeú list[str]Úx5cÚx5tN©Ú__name__Ú __module__Ú__qualname__Ú__doc__Ú__annotations__©óúœ/Users/kimhansen/Desktop/03 Workspace/ceo-agents/chl-effectiveness/mcp-servers/whoop/.venv/lib/python3.11/site-packages/fastmcp/server/auth/providers/jwt.pyrrs^€€€€€€Ø&Ð&à€H€HHØ€H€HHØ€H€HHØ€H€HHØ €F€FFØ €F€FFØ€N€NNØ€H€HH€H€Hr-rF)Útotalcó—eZdZUdZded<dS)ÚJWKSDataz JSON Web Key Set data structure.z list[JWKData]ÚkeysNr&r,r-r.r1r1(s$€€€€€€Ø*Ð*àÐÐÑÐÐr-r1T)ÚfrozenÚkw_onlyÚreprcóX—eZdZUdZded<ded<edd„¦«Z ddd„Zd S)Ú RSAKeyPairzRSA key pair for JWT testing.r Úprivate_keyrÚ public_keyÚreturncóÊ—tjdd¬¦«}| tjjtjjtj¦«¬¦« d¦«}| ¦« tjjtjj ¬¦« d¦«}|t|¦«|¬¦«S)zt Generate an RSA key pair for testing. Returns: RSAKeyPair: Generated key pair ii)Úpublic_exponentÚkey_size)ÚencodingÚformatÚencryption_algorithmúutf-8)r>r?)r8r9)rÚgenerate_private_keyÚ private_bytesr ÚEncodingÚPEMÚ PrivateFormatÚPKCS8ÚNoEncryptionÚdecoder9Úpublic_bytesÚPublicFormatÚSubjectPublicKeyInfor )Úclsr8Úprivate_pemÚ public_pems r.ÚgeneratezRSAKeyPair.generate5sÝ€õÔ.Ø!Øð ñ ô ˆð"×/Ò/Ý"Ô+Ô/Ý Ô.Ô4Ý!.Ô!;Ñ!=Ô!=ð0ñ ô ÷Š&‰/Œ/ð ð ×"Ò"Ñ$Ô$ß Š\Ý&Ô/Ô3Ý$Ô1ÔFðñô÷ŠVG‰_Œ_ð ðˆsÝ! +Ñ.Ô.Ø!ð ñ ô ð r-úfastmcp-userúhttps://fastmcp.example.comNéÚsubjectÚissuerÚaudienceústr | list[str] | NoneÚscopesúlist[str] | NoneÚexpires_in_secondsÚintÚadditional_claimsúdict[str, Any] | Nonerú str | Nonecóº—ddi}|r||d<||ttj¦«¦«ttj¦«¦«|zdœ} |r|| d<|rd |¦«| d<|r| |¦«t dg¦«} | || |j ¦«¦«}| d¦«S) a× Generate a test JWT token for testing purposes. Args: subject: Subject claim (usually user ID) issuer: Issuer claim audience: Audience claim - can be a string or list of strings (optional) scopes: List of scopes to include expires_in_seconds: Token expiration time in seconds additional_claims: Any additional claims to include kid: Key ID to include in header r ÚRS256r)ÚsubÚissÚiatÚexpÚaudú ÚscoperA) r[ÚtimeÚjoinÚupdaterÚencoder8Úget_secret_valuerI)ÚselfrTrUrVrXrZr\rÚheaderÚpayloadÚjwt_libÚtoken_bytess r.Úcreate_tokenzRSAKeyPair.create_tokenYs÷€ð.˜Ð!ˆØð ØˆF5‰MðØÝ•t”y‘{”{Ñ#Ô#Ý•t”y‘{”{Ñ#Ô#Ð&8Ñ8ð ð ˆðð &Ø%ˆGE‰Nàð 0Ø"Ÿxšx¨Ñ/Ô/ˆGGÑàð .ØNŠNÐ,Ñ-Ô-Ð-õ ˜yÑ)Ô)ˆØ—n’nØG˜TÔ-×>Ò>Ñ@Ô@ñ ô ˆð×!Ò! 'Ñ*Ô*Ð*r-)r:r7)rQrRNNrSNN)rTrrUrrVrWrXrYrZr[r\r]rr^r:r)r'r(r)r*r+ÚclassmethodrPrrr,r-r.r7r7.s€€€€€€€à'Ð'àÐÐÑØ€O€OOàð! ð! ð! ñ„[ð! ðJ&Ø3Ø+/Ø#'Ø"&Ø37Øð2+ð2+ð2+ð2+ð2+ð2+ð2+r-r7cóÎ—eZdZUdZeded¬¦«ZdZded<dZ ded<dZ d ed <dZded<dZd ed<dZ d ed<dZded<edd¬¦«ed„¦«¦«ZdS)ÚJWTVerifierSettingsz$Settings for JWT token verification.ÚFASTMCP_SERVER_AUTH_JWT_Úignore)Ú env_prefixÚenv_fileÚextraNr^r9Újwks_urirWrUÚ algorithmrVrYÚrequired_scopeszAnyHttpUrl | str | NoneÚbase_urlÚbefore)Úmodecó —t|¦«S©Nr)rMÚvs r.Ú _parse_scopesz!JWTVerifierSettings._parse_scopesŸs€õ˜A‰ŒÐr-)r'r(r)r*rrÚmodel_configr9r+r{rUr|rVr}r~rrsr„r,r-r.ruruŽsé€€€€€€Ø.Ð.à%Ð%Ø-ØØðñô€Lð"€JÐ!Ð!Ð!Ñ!Ø€HÐÐÐÑØ%)€FÐ)Ð)Ð)Ñ)Ø €IÐ Ð Ð Ñ Ø'+€HÐ+Ð+Ð+Ñ+Ø(,€OÐ,Ð,Ð,Ñ,Ø(,€HÐ,Ð,Ð,Ñ,à€_Ð&¨XÐ6Ñ6Ô6Øððñ„[ñ7Ô6ðððr-rucó^‡—eZdZdZeeeeeeedœdˆfd„Zdd„Zdd„Zd d„Zd!d„Z d!d„Z ˆxZS)"ÚJWTVerifiera JWT token verifier supporting both asymmetric (RSA/ECDSA) and symmetric (HMAC) algorithms. This verifier validates JWT tokens using various signing algorithms: - **Asymmetric algorithms** (RS256/384/512, ES256/384/512, PS256/384/512): Uses public/private key pairs. Ideal for external clients and services where only the authorization server has the private key. - **Symmetric algorithms** (HS256/384/512): Uses a shared secret for both signing and verification. Perfect for internal microservices and trusted environments where the secret can be securely shared. Use this when: - You have JWT tokens issued by an external service (asymmetric) - You need JWKS support for automatic key rotation (asymmetric) - You have internal microservices sharing a secret key (symmetric) - Your tokens contain standard OAuth scopes and claims ©r9r{rUrVr|r}r~r9ústr | NotSetT | Noner{rUú str | list[str] | NotSetT | NonerVr|r}úlist[str] | NotSetT | Noner~ú!AnyHttpUrl | str | NotSetT | Nonecó•—t d„|||||||dœ ¦«D¦«¦«}|js|jstd¦«‚|jr|jrtd¦«‚|jpd}|dvrtd|›d¦«‚t¦« |j |j ¬ ¦«||_|j|_|j|_|j|_|j|_t|jg¦«|_tt ¦«|_i|_d |_d|_dS) a… Initialize a JWTVerifier configured to validate JWTs using either a static key or a JWKS endpoint. Parameters: public_key (str | NotSetT | None): PEM-encoded public key for asymmetric algorithms or shared secret for symmetric algorithms. jwks_uri (str | NotSetT | None): URI to fetch a JSON Web Key Set; used when verifying tokens with remote JWKS. issuer (str | list[str] | NotSetT | None): Expected issuer claim value or list of allowed issuer values. audience (str | list[str] | NotSetT | None): Expected audience claim value or list of allowed audience values. algorithm (str | NotSetT | None): JWT signing algorithm to accept (default: "RS256"). Supported: HS256/384/512, RS256/384/512, ES256/384/512, PS256/384/512. required_scopes (list[str] | NotSetT | None): Scopes that must be present in validated tokens. base_url (AnyHttpUrl | str | NotSetT | None): Base URL passed to the parent TokenVerifier. Raises: ValueError: If neither or both of `public_key` and `jwks_uri` are provided, or if `algorithm` is unsupported. có,—i|]\}}|tu¯||“ŒSr,)r)Ú.0Úkrƒs r.ú z(JWTVerifier.__init__..Ós3€ð ð ð áAqðF??ð1ð#??r-rˆz.Either public_key or jwks_uri must be providedz/Provide either public_key or jwks_uri, not bothr`>ÚES256ÚES384ÚES512ÚHS256ÚHS384ÚHS512ÚPS256ÚPS384ÚPS512r`ÚRS384ÚRS512zUnsupported algorithm: ú.)r~r}rrSN)ruÚmodel_validateÚitemsr9r{Ú ValueErrorr|ÚsuperÚ__init__r~r}rUrVrÚjwtrr'ÚloggerÚ_jwks_cacheÚ_jwks_cache_timeÚ _cache_ttl) rmr9r{rUrVr|r}r~ÚsettingsÚ __class__s €r.r¢zJWTVerifier.__init__¸s‡ø€õ4'×5Ò5ð ð ð#-Ø (Ø$Ø (Ø!*Ø'6Ø (ðð÷’%‘'”'ð ñ ô ñ ô ˆð Ô"ð O¨8Ô+<ð OÝÐMÑNÔNÐNàÔð P 8Ô#4ð PÝÐNÑOÔOÐOàÔ&Ð1¨'ˆ Øð ð ð õÐC°yÐCÐCÐCÑDÔDÐDõ ‰Œ×ÒØÔ&Ø$Ô4ð ñ ô ð ð #ˆŒØ”oˆŒØ Ô)ˆŒ Ø"Ô-ˆŒØ Ô)ˆŒ Ý ¤Ð 0Ñ1Ô1ˆŒÝ ¥Ñ*Ô*ˆŒð,.ˆÔØ'(ˆÔØˆŒˆˆr-Útokenrr:cƒóšK—|jr|jS ddl}ddl}| d¦«d}|ddt |¦«dzz zz }| | |¦«¦«}| d¦«}| |¦«ƒd{V—†S#t$r}td|›¦«|‚d}~wwxYw)z'Get the verification key for the token.rNrú=érz%Failed to extract key ID from token: )r9Úbase64ÚjsonÚsplitÚlenÚloadsÚurlsafe_b64decodeÚgetÚ _get_jwks_keyÚ Exceptionr )rmrªr®r¯Ú header_b64rnrr"s r.Ú_get_verification_keyz!JWTVerifier._get_verification_keys÷èè€àŒ?ð #Ø”?Ð"ð QØˆMˆMˆMØˆKˆKˆKàŸš SÑ)Ô)¨!Ô,ˆJØ˜# ¥S¨¡_¤_°qÑ%8Ñ!8Ñ9Ñ9ˆJØ—Z’Z × 8Ò 8¸Ñ DÔ DÑEÔEˆFØ—*’*˜UÑ#Ô#ˆCà×+Ò+¨CÑ0Ô0Ð0Ð0Ð0Ð0Ð0Ð0Ð0øåð Qð Qð QÝÐHÀQÐHÐHÑIÔIÈqÐPøøøøð Qøøøs’BB(Â( C Â2CÃC rr^cƒó¦K—|jstd¦«‚tj¦«}||jz |jkre|r||jvr |j|S|sKt |j¦«dkr3tt|j ¦«¦«¦«S tj¦«4ƒd{V—†}| |j¦«ƒd{V—†}| ¦«| ¦«}ddd¦«ƒd{V—†n#1ƒd{V—†swxYwYi|_| dg¦«D]V}| d¦«}tj|¦«}| ¦«} |r| |j|<ŒL| |jd<ŒW||_|rD||jvr.|j d|¦«td|›d ¦«‚|j|St |j¦«dkr3tt|j ¦«¦«¦«St |j¦«dkrtd ¦«‚td¦«‚#tj$r} td| ›¦«| ‚d} ~ wt*$r5} |j d | ›¦«td| ›¦«| ‚d} ~ wwxYw)z(Fetch key from JWKS with simple caching.zJWKS URI not configuredéNr2rÚ_defaultz-JWKS key lookup failed: key ID '%s' not foundzKey ID 'z' not found in JWKSz2Multiple keys in JWKS but no key ID (kid) in tokenzNo keys found in JWKSzFailed to fetch JWKS: zJWKS fetch failed: )r{r rhr¦r§r¥r±ÚnextÚiterÚvaluesÚhttpxÚAsyncClientr´Úraise_for_statusr¯rÚ import_keyÚget_public_keyr¤ÚdebugÚ HTTPErrorr¶)rmrÚcurrent_timeÚclientÚresponseÚ jwks_dataÚkey_dataÚkey_kidÚjwkr9r"s r.rµzJWTVerifier._get_jwks_key sŸèè€àŒ}ð 8ÝÐ6Ñ7Ô7Ð7å”y‘{”{ˆð˜$Ô/Ñ/°$´/ÒAÐAØð =s˜dÔ.Ð.Ð.ØÔ'¨Ô,Ð,Øð =S Ô!1Ñ2Ô2°aÒ7Ð7åD Ô!1×!8Ò!8Ñ!:Ô!:Ñ;Ô;Ñ<Ô<Ð<ð, BÝÔ(Ñ*Ô*ð ,ð ,ð ,ð ,ð ,ð ,ð ,¨fØ!'§¢¨D¬MÑ!:Ô!:Ð:Ð:Ð:Ð:Ð:Ð:Ø×)Ò)Ñ+Ô+Ð+Ø$ŸMšM™OœO ð ,ð ,ð ,ñ ,ô ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,ð ,øøøð ,ð ,ð ,ð ,ð "ˆDÔØ%ŸMšM¨&°"Ñ5Ô5ð >ð >Ø"Ÿ,š, uÑ-Ô-Ý Ô+¨HÑ5Ô5Ø ×/Ò/Ñ1Ô1 àð>Ø0:DÔ$ WÑ-Ð-ð4>DÔ$ ZÑ0Ð0à$0ˆDÔ!ðð >Ø˜dÔ.Ð.Ð.Ø”K×%Ò%ØGÈñôðõ%Ð%H°Ð%HÐ%HÐ%HÑIÔIÐIØÔ'¨Ô,Ð,õtÔ'Ñ(Ô(¨AÒ-Ð-Ý¥ TÔ%5×%<Ò%<Ñ%>Ô%>Ñ ?Ô ?Ñ@Ô@Ð@Ý˜Ô)Ñ*Ô*¨QÒ.Ð.Ý$ØLñôðõ%Ð%<Ñ=Ô=Ð=øåŒð Bð Bð BÝÐ9°aÐ9Ð9Ñ:Ô:ÀÐAøøøøÝð Bð Bð BØŒK×ÒÐ7°AÐ7Ð7Ñ8Ô8Ð8ÝÐ9°aÐ9Ð9Ñ:Ô:ÀÐAøøøøð BøøøsWÂ%I,Â>A DÄI,Ä D#Ä#I,Ä&D#Ä'CI,Ç+A I,È66I,É,KÉ;JÊ KÊ0KËKÚclaimsúdict[str, Any]r#cóÐ—dD]b}||vr\t||t¦«r|| ¦«cSt||t¦«r ||cSŒcgS)zâ Extract scopes from JWT claims. Supports both 'scope' and 'scp' claims. Checks the `scope` claim first (standard OAuth2 claim), then the `scp` claim (used by some Identity Providers). )rgÚscp)Ú isinstancerr°Úlist)rmrÍÚclaims r.Ú_extract_scopeszJWTVerifier._extract_scopes^sz€ð&ð )ð )ˆEØ˜ˆˆÝ˜f UœmSÑ1Ô1ð)Ø! %œ=×.Ò.Ñ0Ô0Ð0Ð0Ð0Ý u¤ tÑ4Ô4ð)Ø! %œ=Ð(Ð(Ð(øàˆ r-úAccessToken | Nonecƒóú‡ K— | |¦«ƒd{V—†}|j ||¦«}| d¦«p+| d¦«p| d¦«pd}| d¦«}|rO|t j¦«kr8|j d|¦«|j d|¦«dS|jr€| d ¦«}d }t|jt¦«r ||jv}n||jk}|s8|j d|¦«|j d|¦«dS|jrè| d¦«Š d }t|jt¦«rSt‰ t¦«r!tˆ fd „|jD¦«¦«}nG‰ tt|j¦«v}n*t‰ t¦«r |j‰ v}n‰ |jk}|s8|j d|¦«|j d|¦«dS| |¦«} |jrqt!| ¦«} t!|j¦«}| | ¦«s9|j d| |¦«|j d|¦«dSt%|t'|¦«| |rt)|¦«nd|¬¦«S#t*$r|j d¦«YdSt,$r3}|j dt'|¦«¦«Yd}~dSd}~wwxYw)a½ Validate a JWT bearer token and return an AccessToken when the token is valid. Parameters: token (str): The JWT bearer token string to validate. Returns: AccessToken | None: An AccessToken populated from token claims if the token is valid; `None` if the token is expired, has an invalid signature or format, fails issuer/audience/scope validation, or any other validation error occurs. NÚ client_idÚazpraÚunknownrdz4Token validation failed: expired token for client %sz#Bearer token rejected for client %srbFz6Token validation failed: issuer mismatch for client %srec3ó •K—|]}|‰vV—Œ dSr‚r,)rÚexpectedres €r.ú z0JWTVerifier.load_access_token..±s8øèè€ð-ð-Ø08˜H¨˜Oð-ð-ð-ð-ð-ð-r-z8Token validation failed: audience mismatch for client %sz4Token missing required scopes. Has: %s, Required: %s©rªr×rXÚ expires_atrÍz5Token validation failed: JWT signature/format invalidzToken validation failed: %s)r¸r£rIr´rhr¤rÄÚinforUrÑrÒrVÚanyrrÔr}ÚsetÚissubsetrrr[r r¶)rmrªÚverification_keyrÍr×rdrbÚissuer_validÚaudience_validrXÚtoken_scopesr}r"res @r.Úload_access_tokenzJWTVerifier.load_access_tokenosûøèè€ðj à%)×%?Ò%?ÀÑ%FÔ%FÐFÐFÐFÐFÐFÐFÐð”X—_’_ UÐ,<Ñ=Ô=ˆFð— ’ ˜;Ñ'Ô'ðØ—:’:˜eÑ$Ô$ðà—:’:˜eÑ$Ô$ððð ð—*’*˜UÑ#Ô#ˆCØð sTœY™[œ[Ò(Ð(Ø”×!Ò!ØJÈIñôðð”× Ò Ð!FÈ ÑRÔRÐRØtðŒ{ð Ø—j’j Ñ'Ô'ð %Ý˜dœk4Ñ0Ô0ð6à#&¨$¬+Ð#5LLð$'¨$¬+Ò#5Là#ð Ø”K×%Ò%ØPØ!ñôðð”K×$Ò$Ð%JÈIÑVÔVÐVØ˜4ðŒ}ð Ø—j’j Ñ'Ô'ð"'Ý˜dœmTÑ2Ô2ð>å! #¥tÑ,Ô,ðJå),ð-ð-ð-ð-Ø<@¼Mð-ñ-ô-ñ*ô*˜˜ð *-µµT¸4¼=Ñ0IÔ0IÐ)I˜˜õ" #¥tÑ,Ô,ð>Ø)-¬¸#Ð)=˜˜à),°´ Ò)=˜à%ð Ø”K×%Ò%ØRØ!ñôðð”K×$Ò$Ð%JÈIÑVÔVÐVØ˜4ð×)Ò)¨&Ñ1Ô1ˆFðÔ#ð Ý" 6™{œ{Ý"% dÔ&:Ñ";Ô";Ø&×/Ò/°Ñ=Ô=ð Ø”K×%Ò%ØNØ$Ø'ñôðð ”K×$Ò$Ð%JÈIÑVÔVÐVØ˜4åØÝ˜i™.œ.ØØ'*Ð43˜s™8œ8˜8°Øðñôð øõð ð ð ØŒK×ÒÐUÑVÔVÐVØ44Ýð ð ð ØŒK×ÒÐ;½SÀ¹V¼VÑDÔDÐDØ44444øøøøð øøøs9…CLÃ"BLÅ)C-LÉBLË%1LÌ$M:Ì> M:Í(M5Í5M:cƒó<K—| |¦«ƒd{V—†S)a\ Verify a bearer token and return access info if valid. This method implements the TokenVerifier protocol by delegating to our existing load_access_token method. Args: token: The JWT token string to validate Returns: AccessToken object if valid, None if invalid or expired N)rç)rmrªs r.Úverify_tokenzJWTVerifier.verify_tokenås.èè€ð×+Ò+¨EÑ2Ô2Ð2Ð2Ð2Ð2Ð2Ð2Ð2r-)r9r‰r{r‰rUrŠrVrŠr|r‰r}r‹r~rŒ)rªrr:r)rr^r:r)rÍrÎr:r#©rªrr:rÕ)r'r(r)r*rr¢r¸rµrÔrçréÚ __classcell__©r©s@r.r‡r‡¥sãø€€€€€ððð*,2Ø)/Ø39Ø5;Ø*0Ø6<Ø6<ðRðRðRðRðRðRðRðRðhQðQðQðQð(<Bð<Bð<Bð<Bð|ðððð"tðtðtðtðl 3ð 3ð 3ð 3ð 3ð 3ð 3ð 3r-r‡có0‡—eZdZdZ d dˆfd„ Zdd„ZˆxZS)ÚStaticTokenVerifiera× Simple static token verifier for testing and development. This verifier validates tokens against a predefined dictionary of valid token strings and their associated claims. When a token string matches a key in the dictionary, the verifier returns the corresponding claims as if the token was validated by a real authorization server. Use this when: - You're developing or testing locally without a real OAuth server - You need predictable tokens for automated testing - You want to simulate different users/scopes without complex setup - You're prototyping and need simple API key-style authentication WARNING: Never use this in production - tokens are stored in plain text! NÚtokensúdict[str, dict[str, Any]]r}rYcóZ•—t¦« |¬¦«||_dS)a Initialize the static token verifier. Args: tokens: Dict mapping token strings to token metadata Each token should have: client_id, scopes, expires_at (optional) required_scopes: Required scopes for all tokens )r}N)r¡r¢rï)rmrïr}r©s €r.r¢zStaticTokenVerifier.__init__s+ø€õ ‰Œ×Ò¨ÐÑ9Ô9Ð9ØˆŒˆˆr-rªrr:rÕcƒóÄK—|j |¦«}|sdS| d¦«}||tj¦«krdS| dg¦«}|jrZt |¦«}t |j¦«}| |¦«s"t d|›d|›¦«dSt||d|||¬¦«S)z-Verify token against static token dictionary.NrÞrXz$Token missing required scopes. Has: z, Required: r×rÝ) rïr´rhr}rárâr¤rÄr)rmrªÚ token_datarÞrXrær}s r.réz StaticTokenVerifier.verify_tokensèè€à”[—_’_ UÑ+Ô+ˆ Øð Ø4ð —^’^ LÑ1Ô1ˆ ØÐ! jµ4´9±;´;Ò&>Ð&>Ø4à—’ ¨"Ñ-Ô-ˆðÔð Ý˜v™;œ;ˆLÝ! $Ô"6Ñ7Ô7ˆOØ"×+Ò+¨LÑ9Ô9ð Ý—’Øf¸<ÐfÐfÐUdÐfÐfñôððtåØØ Ô-ØØ!Øð ñ ô ð r-r‚)rïrðr}rYrê)r'r(r)r*r¢rérërìs@r.rîrîõseø€€€€€ððð(-1ðððððððð ð ð ð ð ð ð ð r-rî)0r*Ú __future__rrhÚdataclassesrÚtypingrrr¿Úauthlib.joserrÚauthlib.jose.errorsr Úcryptography.hazmat.primitivesr Ú)cryptography.hazmat.primitives.asymmetricrÚpydanticrr rÚpydantic_settingsrrÚtyping_extensionsrÚfastmcp.server.authrrÚfastmcp.settingsrÚfastmcp.utilities.authrÚfastmcp.utilities.loggingrÚfastmcp.utilities.typesrrr'r¤rr1r7rur‡rîr,r-r.úrsŸðØ0Ð0à"Ð"Ð"Ð"Ð"Ð"à€€€Ø!Ð!Ð!Ð!Ð!Ð!ØÐÐÐÐÐÐÐà€€€Ø1Ð1Ð1Ð1Ð1Ð1Ð1Ð1Ø)Ð)Ð)Ð)Ð)Ð)Ø8Ð8Ð8Ð8Ð8Ð8Ø9Ð9Ð9Ð9Ð9Ð9Ø;Ð;Ð;Ð;Ð;Ð;Ð;Ð;Ð;Ð;Ø>Ð>Ð>Ð>Ð>Ð>Ð>Ð>Ø'Ð'Ð'Ð'Ð'Ð'à:Ð:Ð:Ð:Ð:Ð:Ð:Ð:Ø%Ð%Ð%Ð%Ð%Ð%Ø/Ð/Ð/Ð/Ð/Ð/Ø0Ð0Ð0Ð0Ð0Ð0Ø3Ð3Ð3Ð3Ð3Ð3Ð3Ð3à ˆHÑ Ô €ð ð ð ð ð ˆi˜uð ñ ô ð ðððððˆyñôðð€$ ¨5Ð1Ñ1Ô1ð\+ð\+ð\+ð\+ð\+ñ\+ô\+ñ2Ô1ð\+ð~ðððð˜,ñôðð.M3ðM3ðM3ðM3ðM3-ñM3ôM3ðM3ð` ? ð? ð? ð? ð? ˜-ñ? ô? ð? ð? ð? r-