fastmcp 2.10.6__py3-none-any.whl → 2.11.1__py3-none-any.whl

fastmcp/server/auth/registry.py

@@ -0,0 +1,52 @@
+"""Provider registry for FastMCP auth providers."""
+
+from __future__ import annotations
+
+from collections.abc import Callable
+from typing import TYPE_CHECKING, TypeVar
+
+if TYPE_CHECKING:
+    from fastmcp.server.auth.auth import AuthProvider
+
+# Type variable for auth providers
+T = TypeVar("T", bound="AuthProvider")
+
+
+# Provider Registry
+_PROVIDER_REGISTRY: dict[str, type[AuthProvider]] = {}
+
+
+def register_provider(name: str) -> Callable[[type[T]], type[T]]:
+    """Decorator to register an auth provider with a given name.
+
+    Args:
+        name: The name to register the provider under (e.g., 'AUTHKIT')
+
+    Returns:
+        The decorated class
+
+    Example:
+        @register_provider('AUTHKIT')
+        class AuthKitProvider(AuthProvider):
+            ...
+    """
+
+    def decorator(cls: type[T]) -> type[T]:
+        _PROVIDER_REGISTRY[name.upper()] = cls
+        return cls
+
+    return decorator
+
+
+def get_registered_provider(name: str) -> type[AuthProvider]:
+    """Get a registered provider by name.
+
+    Args:
+        name: The provider name (case-insensitive)
+
+    Returns:
+        The provider class if found, None otherwise
+    """
+    if name.upper() in _PROVIDER_REGISTRY:
+        return _PROVIDER_REGISTRY[name.upper()]
+    raise ValueError(f"Provider {name!r} has not been registered.")

fastmcp/server/context.py

@@ -1,8 +1,9 @@
 from __future__ import annotations
 
 import asyncio
+import copy
 import warnings
-from collections.abc import Generator
+from collections.abc import Generator, Mapping
 from contextlib import contextmanager
 from contextvars import ContextVar, Token
 from dataclasses import dataclass
@@ -46,6 +47,18 @@ _current_context: ContextVar[Context | None] = ContextVar("context", default=Non
 _flush_lock = asyncio.Lock()
 
 
+@dataclass
+class LogData:
+    """Data object for passing log arguments to client-side handlers.
+
+    This provides an interface to match the Python standard library logging,
+    for compatibility with structured logging.
+    """
+
+    msg: str
+    extra: Mapping[str, Any] | None = None
+
+
 @contextmanager
 def set_context(context: Context) -> Generator[Context, None, None]:
     token = _current_context.set(context)
@@ -83,9 +96,19 @@ class Context:
         request_id = ctx.request_id
         client_id = ctx.client_id
 
+        # Manage state across the request
+        ctx.set_state("key", "value")
+        value = ctx.get_state("key")
+
         return str(x)
     ```
 
+    State Management:
+    Context objects maintain a state dictionary that can be used to store and share
+    data across middleware and tool calls within a request. When a new context
+    is created (nested contexts), it inherits a copy of its parent's state, ensuring
+    that modifications in child contexts don't affect parent contexts.
+
     The context parameter name can be anything as long as it's annotated with Context.
     The context is optional - tools that don't need it can omit the parameter.
 
@@ -95,9 +118,15 @@ class Context:
         self.fastmcp = fastmcp
         self._tokens: list[Token] = []
         self._notification_queue: set[str] = set()  # Dedupe notifications
+        self._state: dict[str, Any] = {}
 
     async def __aenter__(self) -> Context:
         """Enter the context manager and set this context as the current context."""
+        parent_context = _current_context.get(None)
+        if parent_context is not None:
+            # Inherit state from parent context
+            self._state = copy.deepcopy(parent_context._state)
+
         # Always set this context and save the token
         token = _current_context.set(self)
         self._tokens.append(token)
@@ -113,7 +142,7 @@ class Context:
             _current_context.reset(token)
 
     @property
-    def request_context(self) -> RequestContext:
+    def request_context(self) -> RequestContext[ServerSession, Any, Request]:
         """Access to the underlying request context.
 
         If called outside of a request context, this will raise a ValueError.
@@ -167,6 +196,7 @@ class Context:
         message: str,
         level: LoggingLevel | None = None,
         logger_name: str | None = None,
+        extra: Mapping[str, Any] | None = None,
     ) -> None:
         """Send a log message to the client.
 
@@ -175,12 +205,14 @@ class Context:
             level: Optional log level. One of "debug", "info", "notice", "warning", "error", "critical",
                 "alert", or "emergency". Default is "info".
             logger_name: Optional logger name
+            extra: Optional mapping for additional arguments
         """
         if level is None:
             level = "info"
+        data = LogData(msg=message, extra=extra)
         await self.session.send_log_message(
             level=level,
-            data=message,
+            data=data,
             logger=logger_name,
             related_request_id=self.request_id,
         )
@@ -200,35 +232,48 @@ class Context:
         return str(self.request_context.request_id)
 
     @property
-    def session_id(self) -> str | None:
-        """Get the MCP session ID for HTTP transports.
+    def session_id(self) -> str:
+        """Get the MCP session ID for ALL transports.
 
         Returns the session ID that can be used as a key for session-based
         data storage (e.g., Redis) to share data between tool calls within
         the same client session.
 
         Returns:
-            The session ID for HTTP transports (SSE, StreamableHTTP), or None
-            for stdio and in-memory transports which don't use session IDs.
+            The session ID for StreamableHTTP transports, or a generated ID
+            for other transports.
 
         Example:
             ```python
             @server.tool
             def store_data(data: dict, ctx: Context) -> str:
-                if session_id := ctx.session_id:
-                    redis_client.set(f"session:{session_id}:data", json.dumps(data))
-                    return f"Data stored for session {session_id}"
-                return "No session ID available (stdio/memory transport)"
+                session_id = ctx.session_id
+                redis_client.set(f"session:{session_id}:data", json.dumps(data))
+                return f"Data stored for session {session_id}"
             ```
         """
-        try:
-            from fastmcp.server.dependencies import get_http_headers
+        request_ctx = self.request_context
+        session = request_ctx.session
 
-            headers = get_http_headers(include_all=True)
-            return headers.get("mcp-session-id")
-        except RuntimeError:
-            # No HTTP context available (stdio/in-memory transport)
-            return None
+        # Try to get the session ID from the session attributes
+        session_id = getattr(session, "_fastmcp_id", None)
+        if session_id is not None:
+            return session_id
+
+        # Try to get the session ID from the http request headers
+        request = request_ctx.request
+        if request:
+            session_id = request.headers.get("mcp-session-id")
+
+        # Generate a session ID if it doesn't exist.
+        if session_id is None:
+            from uuid import uuid4
+
+            session_id = str(uuid4())
+
+        # Save the session id to the session attributes
+        setattr(session, "_fastmcp_id", session_id)
+        return session_id
 
     @property
     def session(self) -> ServerSession:
@@ -236,21 +281,49 @@ class Context:
         return self.request_context.session
 
     # Convenience methods for common log levels
-    async def debug(self, message: str, logger_name: str | None = None) -> None:
+    async def debug(
+        self,
+        message: str,
+        logger_name: str | None = None,
+        extra: Mapping[str, Any] | None = None,
+    ) -> None:
         """Send a debug log message."""
-        await self.log(level="debug", message=message, logger_name=logger_name)
+        await self.log(
+            level="debug", message=message, logger_name=logger_name, extra=extra
+        )
 
-    async def info(self, message: str, logger_name: str | None = None) -> None:
+    async def info(
+        self,
+        message: str,
+        logger_name: str | None = None,
+        extra: Mapping[str, Any] | None = None,
+    ) -> None:
         """Send an info log message."""
-        await self.log(level="info", message=message, logger_name=logger_name)
+        await self.log(
+            level="info", message=message, logger_name=logger_name, extra=extra
+        )
 
-    async def warning(self, message: str, logger_name: str | None = None) -> None:
+    async def warning(
+        self,
+        message: str,
+        logger_name: str | None = None,
+        extra: Mapping[str, Any] | None = None,
+    ) -> None:
         """Send a warning log message."""
-        await self.log(level="warning", message=message, logger_name=logger_name)
+        await self.log(
+            level="warning", message=message, logger_name=logger_name, extra=extra
+        )
 
-    async def error(self, message: str, logger_name: str | None = None) -> None:
+    async def error(
+        self,
+        message: str,
+        logger_name: str | None = None,
+        extra: Mapping[str, Any] | None = None,
+    ) -> None:
         """Send an error log message."""
-        await self.log(level="error", message=message, logger_name=logger_name)
+        await self.log(
+            level="error", message=message, logger_name=logger_name, extra=extra
+        )
 
     async def list_roots(self) -> list[Root]:
         """List the roots available to the server, as indicated by the client."""
@@ -455,6 +528,14 @@ class Context:
 
         return fastmcp.server.dependencies.get_http_request()
 
+    def set_state(self, key: str, value: Any) -> None:
+        """Set a value in the context state."""
+        self._state[key] = value
+
+    def get_state(self, key: str) -> Any:
+        """Get a value from the context state. Returns None if the key is not found."""
+        return self._state.get(key)
+
     def _queue_tool_list_changed(self) -> None:
         """Queue a tool list changed notification."""
         self._notification_queue.add("notifications/tools/list_changed")

fastmcp/server/dependencies.py

@@ -37,9 +37,14 @@ def get_context() -> Context:
 
 
 def get_http_request() -> Request:
-    from fastmcp.server.http import _current_http_request
+    from mcp.server.lowlevel.server import request_ctx
+
+    request = None
+    try:
+        request = request_ctx.get().request
+    except LookupError:
+        pass
 
-    request = _current_http_request.get()
     if request is None:
         raise RuntimeError("No active HTTP request found.")
     return request
@@ -72,6 +77,8 @@ def get_http_headers(include_all: bool = False) -> dict[str, str]:
             "proxy-authenticate",
             "proxy-authorization",
             "proxy-connection",
+            # MCP-related headers
+            "mcp-session-id",
         }
         # (just in case)
         if not all(h.lower() == h for h in exclude_headers):

fastmcp/server/http.py

@@ -3,14 +3,14 @@ from __future__ import annotations
 from collections.abc import AsyncGenerator, Callable, Generator
 from contextlib import asynccontextmanager, contextmanager
 from contextvars import ContextVar
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, cast
 
 from mcp.server.auth.middleware.auth_context import AuthContextMiddleware
 from mcp.server.auth.middleware.bearer_auth import (
     BearerAuthBackend,
     RequireAuthMiddleware,
 )
-from mcp.server.auth.routes import create_auth_routes
+from mcp.server.auth.provider import TokenVerifier as TokenVerifierProtocol
 from mcp.server.lowlevel.server import LifespanResultT
 from mcp.server.sse import SseServerTransport
 from mcp.server.streamable_http import EventStore
@@ -23,7 +23,7 @@ from starlette.responses import Response
 from starlette.routing import BaseRoute, Mount, Route
 from starlette.types import Lifespan, Receive, Scope, Send
 
-from fastmcp.server.auth.auth import OAuthProvider
+from fastmcp.server.auth.auth import AuthProvider
 from fastmcp.utilities.logging import get_logger
 
 if TYPE_CHECKING:
@@ -69,44 +69,6 @@ class RequestContextMiddleware:
             await self.app(scope, receive, send)
 
 
-def setup_auth_middleware_and_routes(
-    auth: OAuthProvider,
-) -> tuple[list[Middleware], list[BaseRoute], list[str]]:
-    """Set up authentication middleware and routes if auth is enabled.
-
-    Args:
-        auth: The OAuthProvider authorization server provider
-
-    Returns:
-        Tuple of (middleware, auth_routes, required_scopes)
-    """
-    middleware: list[Middleware] = []
-    auth_routes: list[BaseRoute] = []
-    required_scopes: list[str] = []
-
-    middleware = [
-        Middleware(
-            AuthenticationMiddleware,
-            backend=BearerAuthBackend(auth),
-        ),
-        Middleware(AuthContextMiddleware),
-    ]
-
-    required_scopes = auth.required_scopes or []
-
-    auth_routes.extend(
-        create_auth_routes(
-            provider=auth,
-            issuer_url=auth.issuer_url,
-            service_documentation_url=auth.service_documentation_url,
-            client_registration_options=auth.client_registration_options,
-            revocation_options=auth.revocation_options,
-        )
-    )
-
-    return middleware, auth_routes, required_scopes
-
-
 def create_base_app(
     routes: list[BaseRoute],
     middleware: list[Middleware],
@@ -139,7 +101,7 @@ def create_sse_app(
     server: FastMCP[LifespanResultT],
     message_path: str,
     sse_path: str,
-    auth: OAuthProvider | None = None,
+    auth: AuthProvider | None = None,
     debug: bool = False,
     routes: list[BaseRoute] | None = None,
     middleware: list[Middleware] | None = None,
@@ -150,7 +112,7 @@ def create_sse_app(
         server: The FastMCP server instance
         message_path: Path for SSE messages
         sse_path: Path for SSE connections
-        auth: Optional auth provider
+        auth: Optional authentication provider (AuthProvider)
         debug: Whether to enable debug mode
         routes: Optional list of custom routes
         middleware: Optional list of middleware
@@ -174,28 +136,43 @@ def create_sse_app(
             )
         return Response()
 
-    # Get auth middleware and routes
-
-    # Add SSE routes with or without auth
+    # Set up auth if enabled
     if auth:
-        auth_middleware, auth_routes, required_scopes = (
-            setup_auth_middleware_and_routes(auth)
-        )
+        # Create auth middleware
+        auth_middleware = [
+            Middleware(
+                AuthenticationMiddleware,
+                backend=BearerAuthBackend(auth),
+            ),
+            Middleware(AuthContextMiddleware),
+        ]
+
+        # Get auth routes and scopes
+        auth_routes = auth.get_routes()
+        required_scopes = getattr(auth, "required_scopes", None) or []
+
+        # Get resource metadata URL for WWW-Authenticate header
+        resource_metadata_url = auth.get_resource_metadata_url()
 
         server_routes.extend(auth_routes)
         server_middleware.extend(auth_middleware)
+
         # Auth is enabled, wrap endpoints with RequireAuthMiddleware
         server_routes.append(
             Route(
                 sse_path,
-                endpoint=RequireAuthMiddleware(handle_sse, required_scopes),
+                endpoint=RequireAuthMiddleware(
+                    handle_sse, required_scopes, resource_metadata_url
+                ),
                 methods=["GET"],
             )
         )
         server_routes.append(
             Mount(
                 message_path,
-                app=RequireAuthMiddleware(sse.handle_post_message, required_scopes),
+                app=RequireAuthMiddleware(
+                    sse.handle_post_message, required_scopes, resource_metadata_url
+                ),
             )
         )
     else:
@@ -243,7 +220,7 @@ def create_streamable_http_app(
     server: FastMCP[LifespanResultT],
     streamable_http_path: str,
     event_store: EventStore | None = None,
-    auth: OAuthProvider | None = None,
+    auth: AuthProvider | None = None,
     json_response: bool = False,
     stateless_http: bool = False,
     debug: bool = False,
@@ -256,7 +233,7 @@ def create_streamable_http_app(
         server: The FastMCP server instance
         streamable_http_path: Path for StreamableHTTP connections
         event_store: Optional event store for session management
-        auth: Optional auth provider
+        auth: Optional authentication provider (AuthProvider)
         json_response: Whether to use JSON response format
         stateless_http: Whether to use stateless mode (new transport per request)
         debug: Whether to enable debug mode
@@ -307,9 +284,21 @@ def create_streamable_http_app(
 
     # Add StreamableHTTP routes with or without auth
     if auth:
-        auth_middleware, auth_routes, required_scopes = (
-            setup_auth_middleware_and_routes(auth)
-        )
+        # Create auth middleware
+        auth_middleware = [
+            Middleware(
+                AuthenticationMiddleware,
+                backend=BearerAuthBackend(cast(TokenVerifierProtocol, auth)),
+            ),
+            Middleware(AuthContextMiddleware),
+        ]
+
+        # Get auth routes and scopes
+        auth_routes = auth.get_routes()
+        required_scopes = getattr(auth, "required_scopes", None) or []
+
+        # Get resource metadata URL for WWW-Authenticate header
+        resource_metadata_url = auth.get_resource_metadata_url()
 
         server_routes.extend(auth_routes)
         server_middleware.extend(auth_middleware)
@@ -318,7 +307,9 @@ def create_streamable_http_app(
         server_routes.append(
             Mount(
                 streamable_http_path,
-                app=RequireAuthMiddleware(handle_streamable_http, required_scopes),
+                app=RequireAuthMiddleware(
+                    handle_streamable_http, required_scopes, resource_metadata_url
+                ),
             )
         )
     else:

fastmcp/server/middleware/middleware.py

@@ -20,7 +20,7 @@ import mcp.types as mt
 from fastmcp.prompts.prompt import Prompt
 from fastmcp.resources.resource import Resource
 from fastmcp.resources.template import ResourceTemplate
-from fastmcp.tools.tool import Tool
+from fastmcp.tools.tool import Tool, ToolResult
 
 if TYPE_CHECKING:
     from fastmcp.server.context import Context
@@ -43,26 +43,6 @@ class CallNext(Protocol[T, R]):
     def __call__(self, context: MiddlewareContext[T]) -> Awaitable[R]: ...
 
 
-ServerResultT = TypeVar(
-    "ServerResultT",
-    bound=mt.EmptyResult
-    | mt.InitializeResult
-    | mt.CompleteResult
-    | mt.GetPromptResult
-    | mt.ListPromptsResult
-    | mt.ListResourcesResult
-    | mt.ListResourceTemplatesResult
-    | mt.ReadResourceResult
-    | mt.CallToolResult
-    | mt.ListToolsResult,
-)
-
-
-@runtime_checkable
-class ServerResultProtocol(Protocol[ServerResultT]):
-    root: ServerResultT
-
-
 @dataclass(kw_only=True, frozen=True)
 class MiddlewareContext(Generic[T]):
     """
@@ -167,8 +147,8 @@ class Middleware:
     async def on_call_tool(
         self,
         context: MiddlewareContext[mt.CallToolRequestParams],
-        call_next: CallNext[mt.CallToolRequestParams, mt.CallToolResult],
-    ) -> mt.CallToolResult:
+        call_next: CallNext[mt.CallToolRequestParams, ToolResult],
+    ) -> ToolResult:
         return await call_next(context)
 
     async def on_read_resource(

fastmcp/server/openapi.py

@@ -892,7 +892,7 @@ class FastMCPOpenAPI(FastMCP):
 
         # Extract output schema from OpenAPI responses
         output_schema = extract_output_schema_from_responses(
-            route.responses, route.schema_definitions
+            route.responses, route.schema_definitions, route.openapi_version
         )
 
         # Get a unique tool name