Coverage for /Users/antonigmitruk/golf/src/golf/auth/__init__.py: 0%
27 statements
« prev ^ index » next coverage.py v7.6.12, created at 2025-08-16 18:46 +0200
1"""Modern authentication for Golf MCP servers using FastMCP 2.11+ providers.
3This module provides authentication configuration and utilities for Golf servers,
4leveraging FastMCP's built-in authentication system with JWT verification,
5OAuth providers, and token management.
6"""
8from typing import Any
10# Modern auth provider configurations and factory functions
11from .providers import (
12 AuthConfig,
13 JWTAuthConfig,
14 StaticTokenConfig,
15 OAuthServerConfig,
16 RemoteAuthConfig,
17)
18from .factory import (
19 create_auth_provider,
20 create_simple_jwt_provider,
21 create_dev_token_provider,
22)
23from .registry import (
24 BaseProviderPlugin,
25 AuthProviderFactory,
26 get_provider_registry,
27 register_provider_factory,
28 register_provider_plugin,
29)
31# Re-export for backward compatibility
32from .api_key import configure_api_key, get_api_key_config, is_api_key_configured
33from .helpers import (
34 debug_api_key_context,
35 extract_token_from_header,
36 get_api_key,
37 get_provider_token,
38 set_api_key,
39)
41# Public API
42__all__ = [
43 # Main configuration functions
44 "configure_auth",
45 "configure_jwt_auth",
46 "configure_dev_auth",
47 "get_auth_config",
48 # Provider configurations
49 "AuthConfig",
50 "JWTAuthConfig",
51 "StaticTokenConfig",
52 "OAuthServerConfig",
53 "RemoteAuthConfig",
54 # Factory functions
55 "create_auth_provider",
56 "create_simple_jwt_provider",
57 "create_dev_token_provider",
58 # Provider registry and plugins
59 "BaseProviderPlugin",
60 "AuthProviderFactory",
61 "get_provider_registry",
62 "register_provider_factory",
63 "register_provider_plugin",
64 # API key functions (backward compatibility)
65 "configure_api_key",
66 "get_api_key_config",
67 "is_api_key_configured",
68 # Helper functions
69 "debug_api_key_context",
70 "extract_token_from_header",
71 "get_api_key",
72 "get_provider_token",
73 "set_api_key",
74]
76# Global storage for auth configuration
77_auth_config: AuthConfig | None = None
80def configure_auth(config: AuthConfig) -> None:
81 """Configure authentication for the Golf server.
83 This function should be called in auth.py to set up authentication
84 using FastMCP's modern auth providers.
86 Args:
87 config: Authentication configuration (JWT, OAuth, Static, or Remote)
88 The required_scopes should be specified in the config itself.
90 Examples:
91 # JWT authentication with Auth0
92 from golf.auth import configure_auth, JWTAuthConfig
94 configure_auth(
95 JWTAuthConfig(
96 jwks_uri="https://your-domain.auth0.com/.well-known/jwks.json",
97 issuer="https://your-domain.auth0.com/",
98 audience="https://your-api.example.com",
99 required_scopes=["read:data"],
100 )
101 )
103 # Development with static tokens
104 from golf.auth import configure_auth, StaticTokenConfig
106 configure_auth(
107 StaticTokenConfig(
108 tokens={
109 "dev-token-123": {
110 "client_id": "dev-client",
111 "scopes": ["read", "write"],
112 }
113 },
114 required_scopes=["read"],
115 )
116 )
118 # Full OAuth server
119 from golf.auth import configure_auth, OAuthServerConfig
121 configure_auth(
122 OAuthServerConfig(
123 base_url="https://your-server.example.com",
124 valid_scopes=["read", "write", "admin"],
125 default_scopes=["read"],
126 required_scopes=["read"],
127 )
128 )
129 """
130 global _auth_config
131 _auth_config = config
134def configure_jwt_auth(
135 *,
136 jwks_uri: str | None = None,
137 public_key: str | None = None,
138 issuer: str | None = None,
139 audience: str | list[str] | None = None,
140 required_scopes: list[str] | None = None,
141 **env_vars: str,
142) -> None:
143 """Convenience function to configure JWT authentication.
145 Args:
146 jwks_uri: JWKS URI for key fetching
147 public_key: Static public key (PEM format)
148 issuer: Expected issuer claim
149 audience: Expected audience claim(s)
150 required_scopes: Required scopes for all requests
151 **env_vars: Environment variable names (public_key_env_var,
152 jwks_uri_env_var, etc.)
153 """
154 config = JWTAuthConfig(
155 jwks_uri=jwks_uri,
156 public_key=public_key,
157 issuer=issuer,
158 audience=audience,
159 required_scopes=required_scopes or [],
160 **env_vars,
161 )
162 configure_auth(config)
165def configure_dev_auth(
166 tokens: dict[str, Any] | None = None,
167 required_scopes: list[str] | None = None,
168) -> None:
169 """Convenience function to configure development authentication.
171 Args:
172 tokens: Token dictionary or None for defaults
173 required_scopes: Required scopes for all requests
174 """
175 if tokens is None:
176 tokens = {
177 "dev-token-123": {
178 "client_id": "dev-client",
179 "scopes": ["read", "write"],
180 },
181 "admin-token-456": {
182 "client_id": "admin-client",
183 "scopes": ["read", "write", "admin"],
184 },
185 }
187 config = StaticTokenConfig(
188 tokens=tokens,
189 required_scopes=required_scopes or [],
190 )
191 configure_auth(config)
194def get_auth_config() -> AuthConfig | None:
195 """Get the current auth configuration.
197 Returns:
198 AuthConfig if configured, None otherwise
199 """
200 return _auth_config
203def is_auth_configured() -> bool:
204 """Check if authentication is configured.
206 Returns:
207 True if authentication is configured, False otherwise
208 """
209 return _auth_config is not None
212# Breaking change in Golf 0.2.x: Legacy auth system removed
213# Users must migrate to modern auth configurations
216def create_auth_provider_from_config() -> object | None:
217 """Create an auth provider from the current configuration.
219 Returns:
220 FastMCP AuthProvider instance or None if not configured
221 """
222 config = get_auth_config()
223 if not config:
224 return None
226 return create_auth_provider(config)