alita-sdk 0.3.442__py3-none-any.whl → 0.3.444__py3-none-any.whl

alita_sdk/runtime/toolkits/mcp.py

@@ -22,6 +22,7 @@ from ..utils.mcp_oauth import (
     canonical_resource,
     extract_resource_metadata_url,
     fetch_resource_metadata,
+    infer_authorization_servers_from_realm,
 )
 
 logger = logging.getLogger(__name__)
@@ -547,6 +548,25 @@ class McpToolkit(BaseToolkit):
             if response.status_code == 401:
                 resource_metadata_url = extract_resource_metadata_url(auth_header, connection_config.url)
                 metadata = fetch_resource_metadata(resource_metadata_url, timeout=timeout) if resource_metadata_url else None
+                
+                # If we couldn't get metadata from the resource_metadata endpoint,
+                # infer authorization servers from the WWW-Authenticate header and server URL
+                if not metadata or not metadata.get('authorization_servers'):
+                    inferred_servers = infer_authorization_servers_from_realm(auth_header, connection_config.url)
+                    if inferred_servers:
+                        if not metadata:
+                            metadata = {}
+                        metadata['authorization_servers'] = inferred_servers
+                        logger.info(f"Inferred authorization servers for {connection_config.url}: {inferred_servers}")
+                        
+                        # Fetch OAuth authorization server metadata from the inferred server
+                        # This avoids CORS issues in the frontend
+                        from alita_sdk.runtime.utils.mcp_oauth import fetch_oauth_authorization_server_metadata
+                        auth_server_metadata = fetch_oauth_authorization_server_metadata(inferred_servers[0], timeout=timeout)
+                        if auth_server_metadata:
+                            metadata['oauth_authorization_server'] = auth_server_metadata
+                            logger.info(f"Fetched OAuth metadata for {inferred_servers[0]}")
+                
                 raise McpAuthorizationRequired(
                     message=f"MCP server {connection_config.url} requires OAuth authorization",
                     server_url=canonical_resource(connection_config.url),

alita_sdk/runtime/tools/mcp_remote_tool.py

@@ -18,6 +18,7 @@ from ..utils.mcp_oauth import (
     canonical_resource,
     extract_resource_metadata_url,
     fetch_resource_metadata_async,
+    infer_authorization_servers_from_realm,
 )
 
 logger = logging.getLogger(__name__)
@@ -129,6 +130,25 @@ class McpRemoteTool(McpServerTool):
                                 session=session,
                                 timeout=self.tool_timeout_sec,
                             )
+                        
+                        # If we couldn't get metadata from the resource_metadata endpoint,
+                        # infer authorization servers from the WWW-Authenticate header and server URL
+                        if not metadata or not metadata.get('authorization_servers'):
+                            inferred_servers = infer_authorization_servers_from_realm(auth_header, self.server_url)
+                            if inferred_servers:
+                                if not metadata:
+                                    metadata = {}
+                                metadata['authorization_servers'] = inferred_servers
+                                logger.info(f"Inferred authorization servers for {self.server_url}: {inferred_servers}")
+                                
+                                # Fetch OAuth authorization server metadata from the inferred server
+                                # This avoids CORS issues in the frontend
+                                from alita_sdk.runtime.utils.mcp_oauth import fetch_oauth_authorization_server_metadata
+                                auth_server_metadata = fetch_oauth_authorization_server_metadata(inferred_servers[0], timeout=self.tool_timeout_sec)
+                                if auth_server_metadata:
+                                    metadata['oauth_authorization_server'] = auth_server_metadata
+                                    logger.info(f"Fetched OAuth metadata for {inferred_servers[0]}")
+                        
                         raise McpAuthorizationRequired(
                             message=f"MCP server {self.server_url} requires OAuth authorization",
                             server_url=canonical_resource(self.server_url),

alita_sdk/runtime/utils/mcp_oauth.py

@@ -46,7 +46,7 @@ class McpAuthorizationRequired(ToolException):
 def extract_resource_metadata_url(www_authenticate: Optional[str], server_url: Optional[str] = None) -> Optional[str]:
     """
     Pull the resource_metadata URL from a WWW-Authenticate header if present.
-    If not found and server_url is provided, construct the standard .well-known URL.
+    If not found and server_url is provided, try to construct resource metadata URLs.
     """
     if not www_authenticate and not server_url:
         return None
@@ -57,16 +57,62 @@ def extract_resource_metadata_url(www_authenticate: Optional[str], server_url: O
         if match:
             return match.group(1)
     
-    # Fallback: construct standard .well-known URL if server_url provided
-    if server_url:
-        parsed = urlparse(server_url)
-        # Build the standard resource metadata URL
-        base_url = f"{parsed.scheme}://{parsed.netloc}"
-        return f"{base_url}/.well-known/resource-metadata"
+    # For servers that don't provide resource_metadata in WWW-Authenticate,
+    # we'll return None and rely on inferring authorization servers from the realm
+    # or using well-known OAuth discovery endpoints directly
+    return None
+
+
+def fetch_oauth_authorization_server_metadata(base_url: str, timeout: int = 10) -> Optional[Dict[str, Any]]:
+    """
+    Fetch OAuth authorization server metadata from well-known endpoints.
+    Tries both oauth-authorization-server and openid-configuration discovery endpoints.
+    """
+    discovery_endpoints = [
+        f"{base_url}/.well-known/oauth-authorization-server",
+        f"{base_url}/.well-known/openid-configuration",
+    ]
+    
+    for endpoint in discovery_endpoints:
+        try:
+            resp = requests.get(endpoint, timeout=timeout)
+            if resp.status_code == 200:
+                return resp.json()
+        except Exception as exc:
+            logger.debug(f"Failed to fetch OAuth metadata from {endpoint}: {exc}")
+            continue
     
     return None
 
 
+def infer_authorization_servers_from_realm(www_authenticate: Optional[str], server_url: str) -> Optional[list]:
+    """
+    Infer authorization server URLs from WWW-Authenticate realm or server URL.
+    This is used when the server doesn't provide resource_metadata endpoint.
+    """
+    if not www_authenticate and not server_url:
+        return None
+    
+    authorization_servers = []
+    
+    # Try to extract realm from WWW-Authenticate header
+    realm = None
+    if www_authenticate:
+        realm_match = re.search(r'realm\s*=\s*\"([^\"]+)\"', www_authenticate)
+        if realm_match:
+            realm = realm_match.group(1)
+    
+    # Parse the server URL to get base domain
+    parsed = urlparse(server_url)
+    base_url = f"{parsed.scheme}://{parsed.netloc}"
+    
+    # Return the base authorization server URL (not the discovery endpoint)
+    # The client will append .well-known paths when fetching metadata
+    authorization_servers.append(base_url)
+    
+    return authorization_servers if authorization_servers else None
+
+
 def fetch_resource_metadata(resource_metadata_url: str, timeout: int = 10) -> Optional[Dict[str, Any]]:
     """Fetch and parse the protected resource metadata document."""
     try:

{alita_sdk-0.3.442.dist-info → alita_sdk-0.3.444.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: alita_sdk
-Version: 0.3.442
+Version: 0.3.444
 Summary: SDK for building langchain agents using resources from Alita
 Author-email: Artem Rozumenko <artyom.rozumenko@gmail.com>, Mikalai Biazruchka <mikalai_biazruchka@epam.com>, Roman Mitusov <roman_mitusov@epam.com>, Ivan Krakhmaliuk <lifedj27@gmail.com>, Artem Dubrovskiy <ad13box@gmail.com>
 License-Expression: Apache-2.0

{alita_sdk-0.3.442.dist-info → alita_sdk-0.3.444.dist-info}/RECORD

@@ -103,7 +103,7 @@ alita_sdk/runtime/toolkits/application.py,sha256=HHAKgwKOckxc7EQG-AV7rz4POOzQJKF
 alita_sdk/runtime/toolkits/artifact.py,sha256=YChNCX4QhVpaQG7Jk4TS-Wl0Aruc4slQ2K21zh9nNO0,3176
 alita_sdk/runtime/toolkits/configurations.py,sha256=kIDAlnryPQfbZyFxV-9SzN2-Vefzx06TX1BBdIIpN90,141
 alita_sdk/runtime/toolkits/datasource.py,sha256=qk78OdPoReYPCWwahfkKLbKc4pfsu-061oXRryFLP6I,2498
-alita_sdk/runtime/toolkits/mcp.py,sha256=yaEpIYSGGd9W_dlru0s3T-naICdzO1M6OrSfkjtnI7I,39030
+alita_sdk/runtime/toolkits/mcp.py,sha256=4AHZoTb6J3_plIwxK8nQAK5tSTi_zhC3gTOzl0vdYBw,40452
 alita_sdk/runtime/toolkits/prompt.py,sha256=WIpTkkVYWqIqOWR_LlSWz3ug8uO9tm5jJ7aZYdiGRn0,1192
 alita_sdk/runtime/toolkits/subgraph.py,sha256=wwUK8JjPXkGzyVZ3tAukmvST6eGbqx_U11rpnmbrvtg,2105
 alita_sdk/runtime/toolkits/tools.py,sha256=F93TOPQWmULpslyJh-lCEdkQ3OD4RbEvfe84g8wBzb0,11639
@@ -122,7 +122,7 @@ alita_sdk/runtime/tools/llm.py,sha256=iRG_wU4T01LRsjEMPZe5Uah7LiMqDc-vspwkMuQtlt
 alita_sdk/runtime/tools/loop.py,sha256=uds0WhZvwMxDVFI6MZHrcmMle637cQfBNg682iLxoJA,8335
 alita_sdk/runtime/tools/loop_output.py,sha256=U4hO9PCQgWlXwOq6jdmCGbegtAxGAPXObSxZQ3z38uk,8069
 alita_sdk/runtime/tools/mcp_inspect_tool.py,sha256=38X8euaxDbEGjcfp6ElvExZalpZun6QEr6ZEW4nU5pQ,11496
-alita_sdk/runtime/tools/mcp_remote_tool.py,sha256=C05S9UC0OB31idIvZ1CE0qwKrUbCL9nATwZ3RhAovbg,9553
+alita_sdk/runtime/tools/mcp_remote_tool.py,sha256=Rbzkp-uOZ8dXnOgkk0LU4p0Tyo_KmGbeDRfTB-FdEP4,11129
 alita_sdk/runtime/tools/mcp_server_tool.py,sha256=-xO3H6BM63KaIV1CdcQKPVE0WPigiqOgFZDX7m2_yGs,4419
 alita_sdk/runtime/tools/pgvector_search.py,sha256=NN2BGAnq4SsDHIhUcFZ8d_dbEOM8QwB0UwpsWCYruXU,11692
 alita_sdk/runtime/tools/prompt.py,sha256=nJafb_e5aOM1Rr3qGFCR-SKziU9uCsiP2okIMs9PppM,741
@@ -136,7 +136,7 @@ alita_sdk/runtime/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG
 alita_sdk/runtime/utils/constants.py,sha256=Xntx1b_uxUzT4clwqHA_U6K8y5bBqf_4lSQwXdcWrp4,13586
 alita_sdk/runtime/utils/evaluate.py,sha256=iM1P8gzBLHTuSCe85_Ng_h30m52hFuGuhNXJ7kB1tgI,1872
 alita_sdk/runtime/utils/logging.py,sha256=svPyiW8ztDfhqHFITv5FBCj8UhLxz6hWcqGIY6wpJJE,3331
-alita_sdk/runtime/utils/mcp_oauth.py,sha256=NDyRVfkLxVGh8lFo0fWjCZeHf_slZjXJ6Eyf9w-PROU,4400
+alita_sdk/runtime/utils/mcp_oauth.py,sha256=Ynoa_C_G5WXL_tlcdol2wBLgQauyvIPX0isCJKsvWMs,6151
 alita_sdk/runtime/utils/save_dataframe.py,sha256=i-E1wp-t4wb17Zq3nA3xYwgSILjoXNizaQAA9opWvxY,1576
 alita_sdk/runtime/utils/streamlit.py,sha256=yIb4YIGH8HRAXZtZlywjxI07Xdcb5eUt7rMA-elFTdc,107261
 alita_sdk/runtime/utils/toolkit_runtime.py,sha256=MU63Fpxj0b5_r1IUUc0Q3-PN9VwL7rUxp2MRR4tmYR8,5136
@@ -360,8 +360,8 @@ alita_sdk/tools/zephyr_scale/api_wrapper.py,sha256=kT0TbmMvuKhDUZc0i7KO18O38JM9S
 alita_sdk/tools/zephyr_squad/__init__.py,sha256=0ne8XLJEQSLOWfzd2HdnqOYmQlUliKHbBED5kW_Vias,2895
 alita_sdk/tools/zephyr_squad/api_wrapper.py,sha256=kmw_xol8YIYFplBLWTqP_VKPRhL_1ItDD0_vXTe_UuI,14906
 alita_sdk/tools/zephyr_squad/zephyr_squad_cloud_client.py,sha256=R371waHsms4sllHCbijKYs90C-9Yu0sSR3N4SUfQOgU,5066
-alita_sdk-0.3.442.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-alita_sdk-0.3.442.dist-info/METADATA,sha256=n14d1M_12NDy-RGtDKFesrDUl40DJpFZfLEYmihW72A,19071
-alita_sdk-0.3.442.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-alita_sdk-0.3.442.dist-info/top_level.txt,sha256=0vJYy5p_jK6AwVb1aqXr7Kgqgk3WDtQ6t5C-XI9zkmg,10
-alita_sdk-0.3.442.dist-info/RECORD,,
+alita_sdk-0.3.444.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+alita_sdk-0.3.444.dist-info/METADATA,sha256=umIbGNVs1zB3QuPT3WTWNI31mdOJHTPQR6trqqNmCJY,19071
+alita_sdk-0.3.444.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+alita_sdk-0.3.444.dist-info/top_level.txt,sha256=0vJYy5p_jK6AwVb1aqXr7Kgqgk3WDtQ6t5C-XI9zkmg,10
+alita_sdk-0.3.444.dist-info/RECORD,,