k7iSrSSKJr SSKrSSKJr SSKJrJr SSK J r SSK J r SSK JrJr SS KJr SS KJr SS KJr SS KJrJr \"\5r"S S\5r"SS\5rg)aScalekit authentication provider for FastMCP. This module provides ScalekitProvider - a complete authentication solution that integrates with Scalekit's OAuth 2.1 and OpenID Connect services, supporting Resource Server authentication for seamless MCP client authentication. ) annotationsN) AnyHttpUrl) BaseSettingsSettingsConfigDict) JSONResponse)Route)RemoteAuthProvider TokenVerifier) JWTVerifier)ENV_FILE) get_logger)NotSetNotSetTcN\rSrSr%\"S\SS9rS\S'S\S'S\S 'S\S 'S rg ) ScalekitProviderSettings%FASTMCP_SERVER_AUTH_SCALEKITPROVIDER_ignore) env_prefixenv_fileextrarenvironment_urlstr client_id resource_idmcp_urlN) __name__ __module__ __qualname____firstlineno__rr model_config__annotations____static_attributes__r`/home/james-whalen/.local/lib/python3.13/site-packages/fastmcp/server/auth/providers/scalekit.pyrrs.%:L  N r%rcn^\rSrSrSr\\\\SS.SU4SjjjrS S U4SjjjrSrU=r $) ScalekitProvider&awScalekit resource server provider for OAuth 2.1 authentication. This provider implements Scalekit integration using resource server pattern. FastMCP acts as a protected resource server that validates access tokens issued by Scalekit's authorization server. IMPORTANT SETUP REQUIREMENTS: 1. Create an MCP Server in Scalekit Dashboard: - Go to your [Scalekit Dashboard](https://app.scalekit.com/) - Navigate to MCP Servers section - Register a new MCP Server with appropriate scopes - Ensure the Resource Identifier matches exactly what you configure as MCP URL - Note the Resource ID 2. Environment Configuration: - Set SCALEKIT_ENVIRONMENT_URL (e.g., https://your-env.scalekit.com) - Set SCALEKIT_CLIENT_ID from your OAuth application - Set SCALEKIT_RESOURCE_ID from your created resource - Set MCP_URL to your FastMCP server's public URL For detailed setup instructions, see: https://docs.scalekit.com/mcp/overview/ Example: ```python from fastmcp.server.auth.providers.scalekit import ScalekitProvider # Create Scalekit resource server provider scalekit_auth = ScalekitProvider( environment_url="https://your-env.scalekit.com", client_id="sk_client_...", resource_id="sk_resource_...", mcp_url="https://your-fastmcp-server.com", ) # Use with FastMCP mcp = FastMCP("My App", auth=scalekit_auth) ``` N)rrrrtoken_verifiercD>[RUUUUS.R5VVs0sHupgU[LdMXg_M snn5n[ UR 5R S5UlURUlURUl[ UR5Ul Uc-[UR S3UR SURS9n[T U]1U[UR SUR35/URS9 gs snnf) aInitialize Scalekit resource server provider. Args: environment_url: Your Scalekit environment URL (e.g., "https://your-env.scalekit.com") client_id: Your Scalekit OAuth client ID resource_id: Your Scalekit resource ID mcp_url: Public URL of this FastMCP server (used as audience) token_verifier: Optional token verifier. If None, creates JWT verifier for Scalekit )rrrr/Nz/keysRS256)jwks_uriissuer algorithmaudiencez /resources/)r*authorization_serversbase_url)rmodel_validateitemsrrrrstriprrrr super__init__r) selfrrrrr*kvsettings __class__s r&r8ScalekitProvider.__init__Ps/$,::(7!*#.&  %'  DA F?    #8#;#;<CCCH!++#//8++,   !( 0017++! N )d223;t?O?O>PQR#\\  7 s D D cj>^[TT]U5nU4SjnUR[SUS/S95 U$)auGet OAuth routes including Scalekit authorization server metadata forwarding. This returns the standard protected resource routes plus an authorization server metadata endpoint that forwards Scalekit's OAuth metadata to clients. Args: mcp_path: The path where the MCP endpoint is mounted (e.g., "/mcp") This is used to advertise the resource URL in metadata. c># [R"5IShvN nURTRSTR35IShvN nUR 5 UR 5n[U5sSSS5IShvN $NrNBN !,IShvN (df  g=f![a2n[RSU35 [SSU3S.SS9sSnA$SnAff=f7f)zQForward Scalekit OAuth authorization server metadata with FastMCP customizations.Nz2/.well-known/oauth-authorization-server/resources/z#Failed to fetch Scalekit metadata: server_error)errorerror_descriptioni) status_code) httpx AsyncClientgetrrraise_for_statusjsonr ExceptionloggerrB)requestclientresponsemetadataer9s r&#oauth_authorization_server_metadataHScalekitProvider.get_routes..oauth_authorization_server_metadatas  ,,..&%+ZZ//00bcgcscsbtu& H--/'}}H'1 /.. /...  B1#FG#!//RSTRU-V!$  sC0B1BB1.BB.B? B1 B B1C0B1BB1B.B  B.*B1-C0.B11 C-;'C("C-#C0(C--C0z'/.well-known/oauth-authorization-serverGET)endpointmethods)r7 get_routesappendr)r9mcp_pathroutesrQr=s` r&rVScalekitProvider.get_routessA#H- *  9<   r%)rrrr) rAnyHttpUrl | str | NotSetTr str | NotSetTrr\rr[r*zTokenVerifier | None)N)rXz str | Nonereturnz list[Route]) rrr r!__doc__rr8rVr$ __classcell__)r=s@r&r(r(&sx'X7=#)%+.4/34 44 ! 4 # 4 , 4 -4 4 p $-- --r%r()r^ __future__rrEpydanticrpydantic_settingsrrstarlette.responsesrstarlette.routingrfastmcp.server.authr r !fastmcp.server.auth.providers.jwtr fastmcp.settingsr fastmcp.utilities.loggingr fastmcp.utilities.typesrrrrKrr(rr%r&rjsR# >,#A9%03 H  | M)Mr%