k7i,SrSSKJr SSKJr SSKJr SSKJ r SSK J r SSK J r SSKJr SS KJrJrJrJrJr \(aSS KJr \"\5rSSS jjr"S S\5rg )aEnhanced authorization handler with improved error responses. This module provides an enhanced authorization handler that wraps the MCP SDK's AuthorizationHandler to provide better error messages when clients attempt to authorize with unregistered client IDs. The enhancement adds: - Content negotiation: HTML for browsers, JSON for API clients - Enhanced JSON responses with registration endpoint hints - Styled HTML error pages with registration links/forms - Link headers pointing to registration endpoints ) annotations) TYPE_CHECKING)AuthorizationHandler) AnyHttpUrl)Request)Response) get_logger)INFO_BOX_STYLESTOOLTIP_STYLES create_logo create_pagecreate_secure_html_response) OAuthAuthorizationServerProviderNc SSKnURU5nSUS3nSn Sn S[XC=(d SS 9S US US U S U S3 n [[-S-n [ U UU S9$)aCreate styled HTML error page for unregistered client attempts. Args: client_id: The unregistered client ID that was provided registration_endpoint: URL of the registration endpoint discovery_endpoint: URL of the OAuth metadata discovery endpoint server_name: Optional server name for branding server_icon_url: Optional server icon URL title: Page title Returns: HTML string for the error page rNzI

The client ID zN was not found in the server's client registry.

a

Your MCP client opened this page to complete OAuth authorization, but the server did not recognize its client ID. To fix this:

a
Why am I seeing this? OAuth 2.0 requires clients to register before authorization. This server returned a 400 error because the provided client ID was not found.

In browser-delegated OAuth flows, your application cannot detect this error automatically; it's waiting for a callback that will never arrive. You must manually clear auth tokens and reconnect.
z-
FastMCP)icon_urlalt_textz

z

z z
z aU /* Error variant for info-box */ .info-box.error { background: #fef2f2; border-color: #f87171; } .info-box.error strong { color: #991b1b; } /* Warning variant for info-box (yellow) */ .info-box.warning { background: #fffbeb; border-color: #fbbf24; } .info-box.warning strong { color: #92400e; } .info-box code { background: rgba(0, 0, 0, 0.05); padding: 2px 6px; border-radius: 3px; font-family: 'SF Mono', Monaco, 'Cascadia Code', monospace; font-size: 0.9em; } .info-box ul { margin: 10px 0; padding-left: 20px; } .info-box li { margin: 6px 0; } )contenttitleadditional_styles)htmlescaper r r r ) client_idregistration_endpointdiscovery_endpoint server_nameserver_icon_urlr html_moduleclient_id_escaped error_box warning_box help_linkrrs `/home/james-whalen/.local/lib/python3.13/site-packages/fastmcp/server/auth/handlers/authorize.pycreate_unregistered_client_htmlr$(s*#**95$$5#67I KI& /[TU]U5 [U5RS5UlX0lX@lg)aInitialize the enhanced authorization handler. Args: provider: OAuth authorization server provider base_url: Base URL of the server for constructing endpoint URLs server_name: Optional server name for branding server_icon_url: Optional server icon URL for branding /N)super__init__strrstrip _base_url _server_name_server_icon_url)selfproviderbase_urlrr __class__s r#r+AuthorizationHandler.__init__s4 "X--c2' /r%ct># [TU]U5IShvN nURS:XaSnURS:XaURR S5nO)UR 5IShvN nUR S5nU(a[US5(aSSKnURUR5nUR S5S:XaMS UR S S 5R5;a)URXUR S 55IShvN $U$U$GN NN ![a U$f=f7f) a]Handle authorization request with enhanced error responses. This method extends the SDK's authorization handler and intercepts errors for unregistered clients to provide better error responses based on the client's Accept header. Args: request: The authorization request Returns: Response (redirect on success, error response on failure) NGETrbodyrerrorinvalid_requestz not founderror_descriptionstate)r*handle status_codemethod query_paramsgetformhasattrjsonloadsr9lower_create_enhanced_error_response Exception)r1requestresponserrDrFr9r4s r#r?AuthorizationHandler.handles 00   3 &I~~&#0044[A $\\^+ HH[1 x00##zz(--8 HHW-1BB +txx8KR/P/V/V/X X)-)M)M 'DHHW4E*$xA1, $! sYD8D AD8,D#-D8 B D'D%D'D8#D8%D'' D51D84D55D8c# URS3nURS3nSSKJn [URR SS5n[ Xv5(a1URnURn U (aU SROSn OURnURn URRSS5n S U ;a[UUUUU S 9n [U S S 9n O;SS KJn U"SSUS3US9nUR%SS9nUUS'UUS'SSKJn U"S USS0S9n SUS3U RS'[*R-SUS U ;aS5 U $S5 U $7f) zCreate enhanced error response with content negotiation. Args: request: The original request client_id: The unregistered client ID state: The state parameter from the request Returns: HTML or JSON error response based on Accept header z /registerz'/.well-known/oauth-authorization-serverr)rfastmcp_serverNacceptr=z text/html)rrrrrr7)r@)AuthorizationErrorResponser;z Client ID 'z' is not registered with this server. MCP clients should automatically re-register by sending a POST request to the registration_endpoint and retry authorization. If this persists, clear cached authentication tokens and reconnect.)r:r<r>T) exclude_nonerauthorization_server_metadata) JSONResponsez Cache-Controlzno-store)r@rheaders; rel="http://oauth.net/core/2.1/#registration"Linkz5Unregistered client_id=%s, returned %s error responseHTMLJSON)r.fastmcp.server.serverrgetattrappr> isinstancenameiconssrcr/r0rUrCr$r"mcp.server.auth.handlers.authorizerQ model_dumpstarlette.responsesrTloggerinfo)r1rKrr>rrrfastmcprr_rrPrrLrQ error_data error_dictrTs r#rI4AuthorizationHandler._create_enhanced_error_responses$(>>"2) < $//VW 2'++++-=tD g ' '!,,KMME.3eAhllO++K"33O$$Xr2 & 2#&;#5' / D34SIH V3'!)-Z[  J$..D.AJ2GJ. /:LJ6 7 8#"(*5H%&&V W    C !V+F 28 sEE)r.r0r/)NN)r2rr3zAnyHttpUrl | strr str | Nonerrj)rKrreturnr)rKrrr,r>rjrkr) __name__ __module__ __qualname____firstlineno____doc__r+r?rI__static_attributes__ __classcell__)r4s@r#rrsv $#'&* 020#0 0 $ 00(.`QQ+.Q7AQ QQr%r)NNzClient Not Registered)rr,rr,rr,rrjrrjrr,rkr,)rp __future__rtypingrrarSDKAuthorizationHandlerpydanticrstarlette.requestsrrcrfastmcp.utilities.loggingr fastmcp.utilities.uir r r r rmcp.server.auth.providerrrlrdr$r%r#r|s #  &(0I H #"&( uuuu u  u  u upd2dr%