fastmcp 2.5.2__py3-none-any.whl → 2.6.1__py3-none-any.whl

fastmcp/client/oauth_callback.py

@@ -0,0 +1,310 @@
+"""
+OAuth callback server for handling authorization code flows.
+
+This module provides a reusable callback server that can handle OAuth redirects
+and display styled responses to users.
+"""
+
+from __future__ import annotations
+
+import asyncio
+from dataclasses import dataclass
+
+from starlette.applications import Starlette
+from starlette.requests import Request
+from starlette.responses import HTMLResponse
+from starlette.routing import Route
+from uvicorn import Config, Server
+
+from fastmcp.utilities.http import find_available_port
+from fastmcp.utilities.logging import get_logger
+
+logger = get_logger(__name__)
+
+
+def create_callback_html(
+    message: str,
+    is_success: bool = True,
+    title: str = "FastMCP OAuth",
+    server_url: str | None = None,
+) -> str:
+    """Create a styled HTML response for OAuth callbacks."""
+    status_emoji = "✅" if is_success else "❌"
+    status_color = "#10b981" if is_success else "#ef4444"  # emerald-500 / red-500
+
+    # Add server info for success cases
+    server_info = ""
+    if is_success and server_url:
+        server_info = f"""
+            <div class="server-info">
+                Connected to: <strong>{server_url}</strong>
+            </div>
+        """
+
+    return f"""
+    <!DOCTYPE html>
+    <html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>{title}</title>
+        <style>
+            body {{
+                font-family: 'SF Mono', 'Monaco', 'Consolas', 'Roboto Mono', monospace;
+                margin: 0;
+                padding: 0;
+                min-height: 100vh;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+                background: linear-gradient(135deg, #0f0f23 0%, #1a1a2e 25%, #16213e 50%, #0f0f23 100%);
+                color: #e2e8f0;
+                overflow: hidden;
+            }}
+            
+            body::before {{
+                content: '';
+                position: fixed;
+                top: 0;
+                left: 0;
+                width: 100%;
+                height: 100%;
+                background: 
+                    radial-gradient(circle at 20% 80%, rgba(120, 119, 198, 0.1) 0%, transparent 50%),
+                    radial-gradient(circle at 80% 20%, rgba(16, 185, 129, 0.1) 0%, transparent 50%),
+                    radial-gradient(circle at 40% 40%, rgba(14, 165, 233, 0.1) 0%, transparent 50%);
+                pointer-events: none;
+                z-index: -1;
+            }}
+            
+            .container {{
+                background: rgba(30, 41, 59, 0.9);
+                backdrop-filter: blur(10px);
+                border: 1px solid rgba(71, 85, 105, 0.3);
+                padding: 3rem 2rem;
+                border-radius: 1rem;
+                box-shadow: 
+                    0 25px 50px -12px rgba(0, 0, 0, 0.7),
+                    0 0 0 1px rgba(255, 255, 255, 0.05),
+                    inset 0 1px 0 0 rgba(255, 255, 255, 0.1);
+                text-align: center;
+                max-width: 500px;
+                margin: 1rem;
+                position: relative;
+            }}
+            
+            .container::before {{
+                content: '';
+                position: absolute;
+                top: 0;
+                left: 0;
+                right: 0;
+                height: 1px;
+                background: linear-gradient(90deg, transparent, rgba(16, 185, 129, 0.5), transparent);
+            }}
+            
+            .status-icon {{
+                font-size: 4rem;
+                margin-bottom: 1rem;
+                display: block;
+                filter: drop-shadow(0 0 20px currentColor);
+            }}
+            
+            .message {{
+                font-size: 1.25rem;
+                line-height: 1.6;
+                color: {status_color};
+                margin-bottom: 1.5rem;
+                font-weight: 600;
+                text-shadow: 0 0 10px rgba({
+        "16, 185, 129" if is_success else "239, 68, 68"
+    }, 0.3);
+            }}
+            
+            .server-info {{
+                background: rgba(6, 182, 212, 0.1);
+                border: 1px solid rgba(6, 182, 212, 0.3);
+                border-radius: 0.75rem;
+                padding: 1rem;
+                margin: 1rem 0;
+                font-size: 0.9rem;
+                color: #67e8f9;
+                font-family: 'SF Mono', 'Monaco', 'Consolas', 'Roboto Mono', monospace;
+                text-shadow: 0 0 10px rgba(103, 232, 249, 0.3);
+            }}
+            
+            .server-info strong {{
+                color: #22d3ee;
+                font-weight: 700;
+            }}
+            
+            .subtitle {{
+                font-size: 1rem;
+                color: #94a3b8;
+                margin-top: 1rem;
+            }}
+            
+            .close-instruction {{
+                background: rgba(51, 65, 85, 0.8);
+                border: 1px solid rgba(71, 85, 105, 0.4);
+                border-radius: 0.75rem;
+                padding: 1rem;
+                margin-top: 1.5rem;
+                font-size: 0.9rem;
+                color: #cbd5e1;
+                font-family: 'SF Mono', 'Monaco', 'Consolas', 'Roboto Mono', monospace;
+            }}
+            
+            @keyframes glow {{
+                0%, 100% {{ opacity: 1; }}
+                50% {{ opacity: 0.7; }}
+            }}
+            
+            .status-icon {{
+                animation: glow 2s ease-in-out infinite;
+            }}
+        </style>
+    </head>
+    <body>
+        <div class="container">
+            <span class="status-icon">{status_emoji}</span>
+            <div class="message">{message}</div>
+            {server_info}
+            <div class="close-instruction">
+                You can safely close this tab now.
+            </div>
+        </div>
+    </body>
+    </html>
+    """
+
+
+@dataclass
+class CallbackResponse:
+    code: str | None = None
+    state: str | None = None
+    error: str | None = None
+    error_description: str | None = None
+
+    @classmethod
+    def from_dict(cls, data: dict[str, str]) -> CallbackResponse:
+        return cls(**{k: v for k, v in data.items() if k in cls.__annotations__})
+
+    def to_dict(self) -> dict[str, str]:
+        return {k: v for k, v in self.__dict__.items() if v is not None}
+
+
+def create_oauth_callback_server(
+    port: int,
+    callback_path: str = "/callback",
+    server_url: str | None = None,
+    response_future: asyncio.Future | None = None,
+) -> Server:
+    """
+    Create an OAuth callback server.
+
+    Args:
+        port: The port to run the server on
+        callback_path: The path to listen for OAuth redirects on
+        server_url: Optional server URL to display in success messages
+        response_future: Optional future to resolve when OAuth callback is received
+
+    Returns:
+        Configured uvicorn Server instance (not yet running)
+    """
+
+    async def callback_handler(request: Request):
+        """Handle OAuth callback requests with proper HTML responses."""
+        query_params = dict(request.query_params)
+        callback_response = CallbackResponse.from_dict(query_params)
+
+        if callback_response.error:
+            error_desc = callback_response.error_description or "Unknown error"
+
+            # Resolve future with exception if provided
+            if response_future and not response_future.done():
+                response_future.set_exception(
+                    RuntimeError(
+                        f"OAuth error: {callback_response.error} - {error_desc}"
+                    )
+                )
+
+            return HTMLResponse(
+                create_callback_html(
+                    f"FastMCP OAuth Error: {callback_response.error}<br>{error_desc}",
+                    is_success=False,
+                ),
+                status_code=400,
+            )
+
+        if not callback_response.code:
+            # Resolve future with exception if provided
+            if response_future and not response_future.done():
+                response_future.set_exception(
+                    RuntimeError("OAuth callback missing authorization code")
+                )
+
+            return HTMLResponse(
+                create_callback_html(
+                    "FastMCP OAuth Error: No authorization code received",
+                    is_success=False,
+                ),
+                status_code=400,
+            )
+
+        # Success case
+        if response_future and not response_future.done():
+            response_future.set_result(
+                (callback_response.code, callback_response.state)
+            )
+
+        return HTMLResponse(
+            create_callback_html("FastMCP OAuth login complete!", server_url=server_url)
+        )
+
+    app = Starlette(routes=[Route(callback_path, callback_handler)])
+
+    return Server(
+        Config(
+            app=app,
+            host="127.0.0.1",
+            port=port,
+            lifespan="off",
+            log_level="warning",
+        )
+    )
+
+
+if __name__ == "__main__":
+    """Run a test server when executed directly."""
+    import webbrowser
+
+    import uvicorn
+
+    port = find_available_port()
+    print("🎭 OAuth Callback Test Server")
+    print("📍 Test URLs:")
+    print(f"  Success: http://localhost:{port}/callback?code=test123&state=xyz")
+    print(
+        f"  Error:   http://localhost:{port}/callback?error=access_denied&error_description=User%20denied"
+    )
+    print(f"  Missing: http://localhost:{port}/callback")
+    print("🛑 Press Ctrl+C to stop")
+    print()
+
+    # Create test server without future (just for testing HTML responses)
+    server = create_oauth_callback_server(
+        port=port, server_url="https://fastmcp-test-server.example.com"
+    )
+
+    # Open browser to success example
+    webbrowser.open(f"http://localhost:{port}/callback?code=test123&state=xyz")
+
+    # Run with uvicorn directly
+    uvicorn.run(
+        server.config.app,
+        host="127.0.0.1",
+        port=port,
+        log_level="warning",
+        access_log=False,
+    )

fastmcp/client/transports.py

@@ -6,10 +6,20 @@ import os
 import shutil
 import sys
 import warnings
-from collections.abc import AsyncIterator
+from collections.abc import AsyncIterator, Callable
 from pathlib import Path
-from typing import TYPE_CHECKING, Any, TypedDict, TypeVar, cast, overload
+from typing import (
+    TYPE_CHECKING,
+    Any,
+    Literal,
+    TypedDict,
+    TypeVar,
+    cast,
+    overload,
+)
 
+import anyio
+import httpx
 from mcp import ClientSession, StdioServerParameters
 from mcp.client.session import (
     ListRootsFnT,
@@ -26,7 +36,7 @@ from mcp.shared.memory import create_connected_server_and_client_session
 from pydantic import AnyUrl
 from typing_extensions import Unpack
 
-from fastmcp.server import FastMCP as FastMCPServer
+from fastmcp.client.auth.oauth import OAuth
 from fastmcp.server.dependencies import get_http_headers
 from fastmcp.server.server import FastMCP
 from fastmcp.utilities.logging import get_logger
@@ -40,6 +50,20 @@ logger = get_logger(__name__)
 # TypeVar for preserving specific ClientTransport subclass types
 ClientTransportT = TypeVar("ClientTransportT", bound="ClientTransport")
 
+__all__ = [
+    "ClientTransport",
+    "SSETransport",
+    "StreamableHttpTransport",
+    "StdioTransport",
+    "PythonStdioTransport",
+    "FastMCPStdioTransport",
+    "NodeStdioTransport",
+    "UvxStdioTransport",
+    "NpxStdioTransport",
+    "FastMCPTransport",
+    "infer_transport",
+]
+
 
 class SessionKwargs(TypedDict, total=False):
     """Keyword arguments for the MCP ClientSession constructor."""
@@ -92,6 +116,10 @@ class ClientTransport(abc.ABC):
         """Close the transport."""
         pass
 
+    def _set_auth(self, auth: httpx.Auth | Literal["oauth"] | str | None):
+        if auth is not None:
+            raise ValueError("This transport does not support auth")
+
 
 class WSTransport(ClientTransport):
     """Transport implementation that connects to an MCP server via WebSockets."""
@@ -131,7 +159,9 @@ class SSETransport(ClientTransport):
         self,
         url: str | AnyUrl,
         headers: dict[str, str] | None = None,
+        auth: httpx.Auth | Literal["oauth"] | str | None = None,
         sse_read_timeout: datetime.timedelta | float | int | None = None,
+        httpx_client_factory: Callable[[], httpx.AsyncClient] | None = None,
     ):
         if isinstance(url, AnyUrl):
             url = str(url)
@@ -139,11 +169,21 @@ class SSETransport(ClientTransport):
             raise ValueError("Invalid HTTP/S URL provided for SSE.")
         self.url = url
         self.headers = headers or {}
+        self._set_auth(auth)
+        self.httpx_client_factory = httpx_client_factory
 
         if isinstance(sse_read_timeout, int | float):
             sse_read_timeout = datetime.timedelta(seconds=sse_read_timeout)
         self.sse_read_timeout = sse_read_timeout
 
+    def _set_auth(self, auth: httpx.Auth | Literal["oauth"] | str | None):
+        if auth == "oauth":
+            auth = OAuth(self.url)
+        elif isinstance(auth, str):
+            self.headers["Authorization"] = auth
+            auth = None
+        self.auth = auth
+
     @contextlib.asynccontextmanager
     async def connect_session(
         self, **session_kwargs: Unpack[SessionKwargs]
@@ -165,7 +205,10 @@ class SSETransport(ClientTransport):
             )
             client_kwargs["timeout"] = read_timeout_seconds.total_seconds()
 
-        async with sse_client(self.url, **client_kwargs) as transport:
+        if self.httpx_client_factory is not None:
+            client_kwargs["httpx_client_factory"] = self.httpx_client_factory
+
+        async with sse_client(self.url, auth=self.auth, **client_kwargs) as transport:
             read_stream, write_stream = transport
             async with ClientSession(
                 read_stream, write_stream, **session_kwargs
@@ -183,7 +226,9 @@ class StreamableHttpTransport(ClientTransport):
         self,
         url: str | AnyUrl,
         headers: dict[str, str] | None = None,
+        auth: httpx.Auth | Literal["oauth"] | str | None = None,
         sse_read_timeout: datetime.timedelta | float | int | None = None,
+        httpx_client_factory: Callable[[], httpx.AsyncClient] | None = None,
     ):
         if isinstance(url, AnyUrl):
             url = str(url)
@@ -191,11 +236,21 @@ class StreamableHttpTransport(ClientTransport):
             raise ValueError("Invalid HTTP/S URL provided for Streamable HTTP.")
         self.url = url
         self.headers = headers or {}
+        self._set_auth(auth)
+        self.httpx_client_factory = httpx_client_factory
 
         if isinstance(sse_read_timeout, int | float):
             sse_read_timeout = datetime.timedelta(seconds=sse_read_timeout)
         self.sse_read_timeout = sse_read_timeout
 
+    def _set_auth(self, auth: httpx.Auth | Literal["oauth"] | str | None):
+        if auth == "oauth":
+            auth = OAuth(self.url)
+        elif isinstance(auth, str):
+            self.headers["Authorization"] = auth
+            auth = None
+        self.auth = auth
+
     @contextlib.asynccontextmanager
     async def connect_session(
         self, **session_kwargs: Unpack[SessionKwargs]
@@ -214,7 +269,14 @@ class StreamableHttpTransport(ClientTransport):
         if session_kwargs.get("read_timeout_seconds", None) is not None:
             client_kwargs["timeout"] = session_kwargs.get("read_timeout_seconds")
 
-        async with streamablehttp_client(self.url, **client_kwargs) as transport:
+        if self.httpx_client_factory is not None:
+            client_kwargs["httpx_client_factory"] = self.httpx_client_factory
+
+        async with streamablehttp_client(
+            self.url,
+            auth=self.auth,
+            **client_kwargs,
+        ) as transport:
             read_stream, write_stream, _ = transport
             async with ClientSession(
                 read_stream, write_stream, **session_kwargs
@@ -264,8 +326,8 @@ class StdioTransport(ClientTransport):
 
         self._session: ClientSession | None = None
         self._connect_task: asyncio.Task | None = None
-        self._ready_event = asyncio.Event()
-        self._stop_event = asyncio.Event()
+        self._ready_event = anyio.Event()
+        self._stop_event = anyio.Event()
 
     @contextlib.asynccontextmanager
     async def connect_session(
@@ -328,8 +390,8 @@ class StdioTransport(ClientTransport):
 
         # reset variables and events for potential future reconnects
         self._connect_task = None
-        self._stop_event = asyncio.Event()
-        self._ready_event = asyncio.Event()
+        self._stop_event = anyio.Event()
+        self._ready_event = anyio.Event()
 
     async def close(self):
         await self.disconnect()
@@ -592,7 +654,7 @@ class FastMCPTransport(ClientTransport):
     tests or scenarios where client and server run in the same runtime.
     """
 
-    def __init__(self, mcp: FastMCPServer | FastMCP1Server):
+    def __init__(self, mcp: FastMCP | FastMCP1Server):
         """Initialize a FastMCPTransport from a FastMCP server instance."""
 
         # Accept both FastMCP 2.x and FastMCP 1.0 servers. Both expose a
@@ -706,7 +768,7 @@ def infer_transport(transport: ClientTransportT) -> ClientTransportT: ...
 
 
 @overload
-def infer_transport(transport: FastMCPServer) -> FastMCPTransport: ...
+def infer_transport(transport: FastMCP) -> FastMCPTransport: ...
 
 
 @overload
@@ -741,7 +803,7 @@ def infer_transport(transport: Path) -> PythonStdioTransport | NodeStdioTranspor
 
 def infer_transport(
     transport: ClientTransport
-    | FastMCPServer
+    | FastMCP
     | FastMCP1Server
     | AnyUrl
     | Path
@@ -758,7 +820,7 @@ def infer_transport(
 
     The function supports these input types:
     - ClientTransport: Used directly without modification
-    - FastMCPServer or FastMCP1Server: Creates an in-memory FastMCPTransport
+    - FastMCP or FastMCP1Server: Creates an in-memory FastMCPTransport
     - Path or str (file path): Creates PythonStdioTransport (.py) or NodeStdioTransport (.js)
     - AnyUrl or str (URL): Creates StreamableHttpTransport (default) or SSETransport (for /sse endpoints)
     - MCPConfig or dict: Creates MCPConfigTransport, potentially connecting to multiple servers
@@ -796,7 +858,7 @@ def infer_transport(
         return transport
 
     # the transport is a FastMCP server (2.x or 1.0)
-    elif isinstance(transport, FastMCPServer | FastMCP1Server):
+    elif isinstance(transport, FastMCP | FastMCP1Server):
         inferred_transport = FastMCPTransport(mcp=transport)
 
     # the transport is a path to a script

fastmcp/server/auth/__init__.py

@@ -0,0 +1,4 @@
+from .providers.bearer import BearerAuthProvider
+
+
+__all__ = ["BearerAuthProvider"]

fastmcp/server/auth/auth.py

@@ -0,0 +1,45 @@
+from mcp.server.auth.provider import (
+    AccessToken,
+    AuthorizationCode,
+    OAuthAuthorizationServerProvider,
+    RefreshToken,
+)
+from mcp.server.auth.settings import (
+    ClientRegistrationOptions,
+    RevocationOptions,
+)
+from pydantic import AnyHttpUrl
+
+
+class OAuthProvider(
+    OAuthAuthorizationServerProvider[AuthorizationCode, RefreshToken, AccessToken]
+):
+    def __init__(
+        self,
+        issuer_url: AnyHttpUrl | str,
+        service_documentation_url: AnyHttpUrl | str | None = None,
+        client_registration_options: ClientRegistrationOptions | None = None,
+        revocation_options: RevocationOptions | None = None,
+        required_scopes: list[str] | None = None,
+    ):
+        """
+        Initialize the OAuth provider.
+
+        Args:
+            issuer_url: The URL of the OAuth issuer.
+            service_documentation_url: The URL of the service documentation.
+            client_registration_options: The client registration options.
+            revocation_options: The revocation options.
+            required_scopes: Scopes that are required for all requests.
+        """
+        super().__init__()
+        if isinstance(issuer_url, str):
+            issuer_url = AnyHttpUrl(issuer_url)
+        if isinstance(service_documentation_url, str):
+            service_documentation_url = AnyHttpUrl(service_documentation_url)
+
+        self.issuer_url = issuer_url
+        self.service_documentation_url = service_documentation_url
+        self.client_registration_options = client_registration_options
+        self.revocation_options = revocation_options
+        self.required_scopes = required_scopes