k7i7SSKrSSKrSSKJrJrJrJrJrJrJ r SSK J r J r SSK Jr SSKJrJrJr SrSrSr"SS \5rg) N) AccessTokenAuthorizationCodeAuthorizationParamsAuthorizeError RefreshToken TokenErrorconstruct_redirect_uri)OAuthClientInformationFull OAuthToken) AnyHttpUrl)ClientRegistrationOptions OAuthProviderRevocationOptionsi,ic ^\rSrSrSrS!S\\-S-S\\-S-S\S-S\S-S\ \S-4 U4S jjjr S \S \ S-4S jr S \ S S4Sjr S\ S\S \4SjrS\ S\S \S-4SjrS\ S\S \4SjrS\ S\S \S-4SjrS\ S\S\ \S \4SjrS\S \S-4SjrS\S \S-4SjrS"S\S-S\S-4SjjrS\\-S S4SjrS rU=r$)#InMemoryOAuthProviderzs An in-memory OAuth provider for testing purposes. It simulates the OAuth 2.1 flow locally without external calls. Nbase_urlservice_documentation_urlclient_registration_optionsrevocation_optionsrequired_scopesc>[TU]U=(d SUUUUS9 0Ul0Ul0Ul0Ul0Ul0Ulg)Nzhttp://fastmcp.example.com)rrrrr)super__init__clients auth_codes access_tokensrefresh_tokens_access_to_refresh_map_refresh_to_access_map)selfrrrrr __class__s a/home/james-whalen/.local/lib/python3.13/site-packages/fastmcp/server/auth/providers/in_memory.pyrInMemoryOAuthProvider.__init__%sg =!=&?(C1+  ?A 8:5779  #  # client_idreturnc@# URRU5$7fN)rget)r!r&s r# get_client InMemoryOAuthProvider.get_clientAs|| **s client_infocr# URUR;aXRUR'g7fr))r&r)r!r-s r#register_client%InMemoryOAuthProvider.register_clientDs.  DLL 0 .9 [**+s57clientparamsc # URUR;a[SSURS3S9eURUR;aS[ R"S 53n[R"5[-nURb URO/nUR(a<[URR55nUVs/sH oU;dM UPM nn[UURURURUUUR S 9n XR"U'[%['UR5XBR(S 9$![ an[SSS9UeSnAff=fs snf7f) zs Simulates user authorization and generates an authorization code. Returns a redirect URI with the code and state. unauthorized_clientzClient 'z' not registered.)errorerror_descriptioninvalid_requestzInvalid redirect_uri.Ntest_auth_code_)coder& redirect_uri redirect_uri_provided_explicitlyscopes expires_atcode_challenge)r:state)r&rrr; redirect_uris Exceptionsecrets token_hextime DEFAULT_AUTH_CODE_EXPIRY_SECONDSr=scopesetsplitrr<r?rr strr@) r!r1r2eauth_code_valuer> scopes_listclient_allowed_scopess auth_codes r# authorizeInMemoryOAuthProvider.authorizeLsj   4<< / +$,V-=-=,>>O"P  ""&*>*>> ,G,=,=b,A+BCYY[#CC (.}}'@fmmb <<$' (:(:(<$= !&1Pk:O5O1kKP% &&,,-3-T-T!!00  ,5(% ## $?,,  5  ';R  Qs<3E<EBE< E7&E7,A.E< E4$ E//E44E<authorization_codec# URRU5nU(aNURUR:wagUR[R"5:aURU gU$g7fr))rr*r&r>rE)r!r1rS auth_code_objs r#load_authorization_code-InMemoryOAuthProvider.load_authorization_codesc++,>? &&&*:*::''$))+5OO$67 sA2A4c # URUR;a [SS5eURUR S[R"S53nS[R"S53n[ [ R "5[-5nSn[b%[ [ R "5[-5n[UURURUS9URU'[UURURUS9URU'X@RU'X0R U'[#US[USR%UR5S 9$7f) N invalid_grantz-Authorization code not found or already used.test_access_token_ test_refresh_token_tokenr&r=r>Bearer  access_token token_type expires_in refresh_tokenrG)r:rrrCrDintrE#DEFAULT_ACCESS_TOKEN_EXPIRY_SECONDS$DEFAULT_REFRESH_TOKEN_EXPIRY_SECONDSrr&r=rrrrr r join)r!r1rSaccess_token_valuerefresh_token_valueaccess_token_expires_atrefresh_token_expires_ats r#exchange_authorization_code1InMemoryOAuthProvider.exchange_authorization_codes`  " "$// 9!P  OO.33 41'2C2CB2G1HI 3G4E4Eb4I3JK"%diik4W&W"X$( / ;'* BB( $2=$&&%,,. 2 -. 4@%&&%,,/ 4 /0;N##$67;M##$78+:-((-445   E#E%rec# URRU5nU(agURUR:wagURb=UR[R"5:aUR UR S9 gU$g7f)Nrefresh_token_str)rr*r&r>rE_revoke_internalr^)r!r1re token_objs r#load_refresh_token(InMemoryOAuthProvider.load_refresh_tokens~''++M: ""f&6&66##/I4H4H499;4V%%&/oo& sB B r=c # [UR5n[U5nURU5(d [SS5eUR UR S9 S[ R"S53nS[ R"S53n[[R"5[-5nSn [b%[[R"5[-5n [UURUUS9URU'[UURUU S9UR U'XpR"U'X`R$U'['US[US R)U5S 9$7f) N invalid_scopez>Requested scopes exceed those authorized by the refresh token.rrrZr[r\r]r_r`ra)rHr=issubsetrrtr^rCrDrfrErgrhrr&rrrrr r ri) r!r1rer=original_scopesrequested_scopesnew_access_token_valuenew_refresh_token_valuerlrms r#exchange_refresh_token,InMemoryOAuthProvider.exchange_refresh_tokensmm223v;((99P   0C0CD$6g6G6G6K5L!M$78I8I"8M7N"O"%diik4W&W"X$( / ;'* BB( $6A(&&. 6 12 8D)&&/ 8 34?V##$:;?U##$;</:1((6"   rpr^c# URRU5nU(aLURb=UR[R"5:aUR UR S9 gU$g7f)Naccess_token_str)rr*r>rErtr^)r!r^rus r#load_access_token'InMemoryOAuthProvider.load_access_tokense&&**51 ##/I4H4H499;4V%%%.__& sA0A2c@# URU5IShvN $N7f)a Verify a bearer token and return access info if valid. This method implements the TokenVerifier protocol by delegating to our existing load_access_token method. Args: token: The token string to validate Returns: AccessToken object if valid, None if invalid or expired N)rr!r^s r# verify_token"InMemoryOAuthProvider.verify_tokens++E2222s rrscSnSnU(a{XR;aURU UnURRUS5nU(a:XPR;aURU UnURRUS5 U(a{X R;aURU UnURRUS5nU(a:X`R;aURU UnURRUS5 U(aX0R;a URU U(aX@R;aURU ggg)z8Internal helper to remove tokens and their associations.N)rrpoprr )r!rrsremoved_access_tokenremoved_refresh_tokenassociated_refreshassociated_accesss r#rt&InMemoryOAuthProvider._revoke_internal!sQ $ $ #5#55&&'78'7$"&!?,>)++//0BDI  $7$77''(9:(9%!% ; ; ? ?@QSW X  $(:(::**+<=+<(++//0A4H $8rsR  $* &-#'+$tAMtAr%