Metadata-Version: 2.4
Name: mcs-auth-oauth
Version: 0.3.0
Summary: OAuth 2.0 Authorization Code connector for the Model Context Standard.
Author-email: Danny Gerst <danny@dannygerst.de>
License-Expression: Apache-2.0
Project-URL: Homepage, https://www.modelcontextstandard.io
Project-URL: Source, https://github.com/modelcontextstandard/python-sdk
Keywords: mcs,modelcontextstandard,auth,oauth2,authorization-code
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Classifier: Typing :: Typed
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: mcs-auth>=0.2
Requires-Dist: mcs-adapter-http>=0.2
Dynamic: license-file

# mcs-auth-oauth

**OAuth 2.0 for AI agents.** Authorization Code Flow with PKCE connector
for the **Model Context Standard (MCS)**.

A 5-second localhost callback server and your agent has an OAuth token.
Works with any OAuth 2.0 provider -- Google, Auth0, Microsoft, GitHub,
you name it.

## Installation

```bash
pip install mcs-auth-oauth
```

## Quick start

```python
from mcs.auth.oauth import OAuthProvider

provider = OAuthProvider(
    authorize_url="https://accounts.google.com/o/oauth2/v2/auth",
    token_url="https://oauth2.googleapis.com/token",
    client_id="...",
    client_secret="...",
    scopes={"gmail": "https://mail.google.com/"},
)

# Opens browser, user logs in, token returned
token = provider.get_token("gmail")
```

## How it works

1. Agent calls `get_token("gmail")`
2. Browser opens with the provider's consent screen
3. User logs in and grants access
4. Localhost callback receives the authorization code
5. Code is exchanged for tokens (with PKCE)
6. Token returned to agent -- done

The entire flow happens in a single `get_token()` call. The localhost
server lives for exactly one request and shuts down immediately.

## Use with Auth0 Token Vault

```python
from mcs.auth.auth0 import Auth0Provider
from mcs.auth.oauth import OAuthConnector

provider = Auth0Provider(
    domain="my-tenant.auth0.com",
    client_id="...",
    client_secret="...",
    _auth=OAuthConnector(
        authorize_url="https://my-tenant.auth0.com/authorize",
        token_url="https://my-tenant.auth0.com/oauth/token",
        client_id="...",
        client_secret="...",
        extra_params={"connection": "google-oauth2", "audience": "..."},
    ),
)
```

## Links

- **Homepage:** <https://www.modelcontextstandard.io>
- **Source:** <https://github.com/modelcontextstandard/python-sdk>

## License

Apache-2.0
