k7iSrSSKJr SSKJrJrJr SSKJrJ r SSK J r SSK J r SSKJr SSKJr SS KJrJr \"\5r"S S \5r"S S \ 5rg)aAuth0 OAuth provider for FastMCP. This module provides a complete Auth0 integration that's ready to use with just the configuration URL, client ID, client secret, audience, and base URL. Example: ```python from fastmcp import FastMCP from fastmcp.server.auth.providers.auth0 import Auth0Provider # Simple Auth0 OAuth protection auth = Auth0Provider( config_url="https://auth0.config.url", client_id="your-auth0-client-id", client_secret="your-auth0-client-secret", audience="your-auth0-api-audience", base_url="http://localhost:8000", ) mcp = FastMCP("My Protected Server", auth=auth) ``` ) AsyncKeyValue) AnyHttpUrl SecretStrfield_validator) BaseSettingsSettingsConfigDict) OIDCProxy)ENV_FILE parse_scopes) get_logger)NotSetNotSetTc"\rSrSr%Sr\"S\SS9rSr\ S-\ S'Sr \ S-\ S'Sr \S-\ S 'Sr\ S-\ S 'Sr\ S-\ S 'Sr\ S-\ S 'Sr\ S-\ S 'Sr\\ S-\ S'Sr\\ S-\ S'Sr\ S-\ S'\"SSS9\S55rSrg)Auth0ProviderSettings%z!Settings for Auth0 OIDC provider.FASTMCP_SERVER_AUTH_AUTH0_ignore) env_prefixenv_fileextraN config_url client_id client_secretaudiencebase_url issuer_url redirect_pathrequired_scopesallowed_client_redirect_urisjwt_signing_keybefore)modec[U5$)Nr )clsvs ]/home/james-whalen/.local/lib/python3.13/site-packages/fastmcp/server/auth/providers/auth0.py _parse_scopes#Auth0ProviderSettings._parse_scopes9sA)__name__ __module__ __qualname____firstlineno____doc__rr model_configrr__annotations__rstrrrrrrrrlistr r!r classmethodr(__static_attributes__r+r*r'rr%s+%/L %)J T!( IsTz &*M9t#*HcDj"&Hj4&$(J T!( $M3:$(,OT#Y%,59 $s)d"29"&OS4Z&&X67r*rc^\rSrSrSr\\\\\\\\\S\SS. S\\-\-S\\-S\\-S \\-S \\-\-S \\-\-S \ \\-S \\-S\ \\-S\ S-S\\ -\-S\ SS4U4Sjjjr SrU=r$) Auth0Provider?aAn Auth0 provider implementation for FastMCP. This provider is a complete Auth0 integration that's ready to use with just the configuration URL, client ID, client secret, audience, and base URL. Example: ```python from fastmcp import FastMCP from fastmcp.server.auth.providers.auth0 import Auth0Provider # Simple Auth0 OAuth protection auth = Auth0Provider( config_url="https://auth0.config.url", client_id="your-auth0-client-id", client_secret="your-auth0-client-secret", audience="your-auth0-api-audience", base_url="http://localhost:8000", ) mcp = FastMCP("My Protected Server", auth=auth) ``` NT) rrrrrrrrr client_storager!require_authorization_consentrrrrrrrrr r:r!r;returnc 4>[RUUUUUUUUU U S. R5V Vs0sHupU[LdMX_M snn 5nUR(d [ S5eUR (d [ S5eUR(d [ S5eUR(d [ S5eUR(d [ S5eUR=(d S/n[TU]1URUR URR5URURURURUUR U UR"U S9 [$R'S UR U5 g s snn f) aInitialize Auth0 OAuth provider. Args: config_url: Auth0 config URL client_id: Auth0 application client id client_secret: Auth0 application client secret audience: Auth0 API audience base_url: Public URL where OAuth endpoints will be accessible (includes any mount path) issuer_url: Issuer URL for OAuth metadata (defaults to base_url). Use root-level URL to avoid 404s during discovery when mounting under a path. required_scopes: Required Auth0 scopes (defaults to ["openid"]) redirect_path: Redirect path configured in Auth0 application allowed_client_redirect_uris: List of allowed redirect URI patterns for MCP clients. If None (default), all URIs are allowed. If empty list, no URIs are allowed. client_storage: Storage backend for OAuth state (client registrations, encrypted tokens). If None, a DiskStore will be created in the data directory (derived from `platformdirs`). The disk store will be encrypted using a key derived from the JWT Signing Key. jwt_signing_key: Secret for signing FastMCP JWT tokens (any string or bytes). If bytes are provided, they will be used as is. If a string is provided, it will be derived into a 32-byte key. If not provided, the upstream client secret will be used to derive a 32-byte key using PBKDF2. require_authorization_consent: Whether to require user consent before authorizing clients (default True). When True, users see a consent screen before being redirected to Auth0. When False, authorization proceeds directly without user confirmation. SECURITY WARNING: Only disable for local development or testing environments. ) rrrrrrrrr r!zRconfig_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CONFIG_URLzPclient_id is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_IDzXclient_secret is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_CLIENT_SECRETzNaudience is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_AUDIENCEzNbase_url is required - set via parameter or FASTMCP_SERVER_AUTH_AUTH0_BASE_URLopenid) rrrrrrrrr r:r!r;z>Initialized Auth0 OAuth provider for client %s with scopes: %sN)rmodel_validateitemsrr ValueErrorrrrrrsuper__init__get_secret_valuerrr r!loggerdebug)selfrrrrrrrrr r:r!r;kr&settingsauth0_required_scopes __class__s r'rCAuth0Provider.__init__WsR)77#-!*%2 ( (",'6%24P'6 %'   DAF?   &""d !!b %%j   `   ` !) 8 8 FXJ **(("00AAC&&&&**"001)1)N)N)$44*G    L    ! y s F F r+)r,r-r.r/r0rrr3rr4rbytesboolrCr6 __classcell__)rKs@r'r8r8?s428#)'-"(/517/5'-rXsK.2;;>4%/03 H L4B IB r*