feat: fetch server confg utils

Author: gao-sun

.vscode/settings.json

@@ -1,3 +1,6 @@
 {
-  "python.analysis.typeCheckingMode": "strict"
+  "python.analysis.typeCheckingMode": "strict",
+  "python.analysis.extraPaths": [
+    "./typings"
+  ]
 }

mcpauth/exceptions.py

@@ -1,8 +1,8 @@
 from enum import Enum
 from pydantic import BaseModel
-from typing import Any, Optional, List, Dict, Union
+from typing import Optional, List, Dict, Union
+from .types import Record
 
-Record = Dict[str, Any]
 ExceptionCause = Optional[Union[Record, Exception]]
 
 

mcpauth/types.py

@@ -0,0 +1,4 @@
+from typing import Any, Dict
+
+
+Record = Dict[str, Any]

mcpauth/utils/fetch_server_config.py

@@ -0,0 +1,80 @@
+from enum import Enum
+from typing import Callable, Optional
+from urllib.parse import urlparse, urlunparse
+import aiohttp
+import pydantic
+from pathlib import Path
+
+from ..types import Record
+from ..models.oauth import AuthorizationServerMetadata
+from ..models.auth_server import AuthServerConfig, AuthServerType
+from ..exceptions import MCPAuthConfigException
+
+
+class ServerMetadataPaths(str, Enum):
+    """
+    Enum for server metadata paths.
+    This is used to define the standard paths for OAuth and OIDC well-known URLs.
+    """
+
+    OAUTH = "/.well-known/oauth-authorization-server"
+    OIDC = "/.well-known/openid-configuration"
+
+
+def smart_join(*args: str) -> str:
+    return Path("/".join(arg.strip("/") for arg in args)).as_posix()
+
+
+def get_oauth_well_known_url(issuer: str) -> str:
+    parsed_url = urlparse(issuer)
+    new_path = smart_join(ServerMetadataPaths.OAUTH.value, parsed_url.path)
+    return urlunparse(parsed_url._replace(path=new_path))
+
+
+def get_oidc_well_known_url(issuer: str) -> str:
+    parsed = urlparse(issuer)
+    new_path = smart_join(parsed.path, ServerMetadataPaths.OIDC.value)
+    return urlunparse(parsed._replace(path=new_path))
+
+
+async def fetch_server_config_by_well_known_url(
+    well_known_url: str,
+    type: AuthServerType,
+    transpile_data: Optional[Callable[[Record], Record]] = None,
+) -> AuthServerConfig:
+    try:
+        async with aiohttp.ClientSession() as session:
+            async with session.get(well_known_url) as response:
+                response.raise_for_status()
+                json = await response.json()
+                transpiled_data = transpile_data(json) if transpile_data else json
+                return AuthServerConfig(
+                    metadata=AuthorizationServerMetadata(**transpiled_data), type=type
+                )
+    except pydantic.ValidationError as e:
+        raise MCPAuthConfigException(
+            "invalid_server_metadata",
+            f"Invalid server metadata from {well_known_url}: {str(e)}",
+            cause=e,
+        ) from e
+    except Exception as e:
+        raise MCPAuthConfigException(
+            "fetch_server_config_error",
+            f"Failed to fetch server config from {well_known_url}: {str(e)}",
+            cause=e,
+        ) from e
+
+
+async def fetch_server_config(
+    issuer: str,
+    type: AuthServerType,
+    transpile_data: Optional[Callable[[Record], Record]] = None,
+) -> AuthServerConfig:
+    well_known_url = (
+        get_oauth_well_known_url(issuer)
+        if type == AuthServerType.OAUTH
+        else get_oidc_well_known_url(issuer)
+    )
+    return await fetch_server_config_by_well_known_url(
+        well_known_url, type, transpile_data
+    )

mcpauth/utils/fetch_server_config_test.py

@@ -0,0 +1,239 @@
+import pytest
+from aresponses import ResponsesMockServer
+from aiohttp.web_response import Response
+
+from mcpauth.models.auth_server import AuthServerType
+from mcpauth.exceptions import MCPAuthConfigException
+from mcpauth.types import Record
+from mcpauth.utils.fetch_server_config import (
+    ServerMetadataPaths,
+    fetch_server_config,
+    fetch_server_config_by_well_known_url,
+)
+
+
+@pytest.mark.asyncio
+class TestFetchServerConfigByWellKnownUrl:
+    async def test_fetch_server_config_by_well_known_url_fetch_fails(
+        self, aresponses: ResponsesMockServer
+    ):
+        sample_issuer = "https://example.com"
+        sample_well_known_url = sample_issuer + ServerMetadataPaths.OAUTH.value
+
+        aresponses.add(
+            "example.com",
+            ServerMetadataPaths.OAUTH.value,
+            "GET",
+            Response(text="Internal Server Error", status=500),
+        )
+
+        with pytest.raises(MCPAuthConfigException) as exc_info:
+            await fetch_server_config_by_well_known_url(
+                sample_well_known_url, AuthServerType.OAUTH
+            )
+
+        assert "Failed to fetch server config" in str(exc_info.value)
+
+    async def test_fetch_server_config_by_well_known_url_invalid_metadata(
+        self, aresponses: ResponsesMockServer
+    ):
+        sample_issuer = "https://example.com"
+        sample_well_known_url = sample_issuer + ServerMetadataPaths.OAUTH.value
+
+        aresponses.add(
+            "example.com", ServerMetadataPaths.OAUTH.value, "GET", response={}
+        )
+
+        with pytest.raises(MCPAuthConfigException) as exc_info:
+            await fetch_server_config_by_well_known_url(
+                sample_well_known_url, AuthServerType.OAUTH
+            )
+
+        assert "Invalid server metadata" in str(exc_info.value)
+
+    async def test_fetch_server_config_by_well_known_url_malformed_metadata(
+        self, aresponses: ResponsesMockServer
+    ):
+        sample_issuer = "https://example.com"
+        sample_well_known_url = sample_issuer + ServerMetadataPaths.OAUTH.value
+
+        sample_response = {
+            "issuer": sample_issuer,
+            "authorization_endpoint": "https://example.com/oauth/authorize",
+            "token_endpoint": "https://example.com/oauth/token",
+        }
+
+        aresponses.add(
+            "example.com", ServerMetadataPaths.OAUTH.value, "GET", sample_response
+        )
+
+        with pytest.raises(MCPAuthConfigException) as exc_info:
+            await fetch_server_config_by_well_known_url(
+                sample_well_known_url, AuthServerType.OAUTH
+            )
+
+        assert "Invalid server metadata" in str(exc_info.value)
+
+    async def test_fetch_server_config_by_well_known_url_success_with_transpile(
+        self, aresponses: ResponsesMockServer
+    ):
+        sample_issuer = "https://example.com"
+        sample_well_known_url = sample_issuer + ServerMetadataPaths.OAUTH.value
+
+        sample_response = {
+            "issuer": sample_issuer,
+            "authorization_endpoint": "https://example.com/oauth/authorize",
+            "token_endpoint": "https://example.com/oauth/token",
+        }
+
+        def transpile(data: Record) -> Record:
+            return {**data, "response_types_supported": ["code"]}
+
+        aresponses.add(
+            "example.com",
+            ServerMetadataPaths.OAUTH.value,
+            "GET",
+            sample_response,
+        )
+
+        config = await fetch_server_config_by_well_known_url(
+            sample_well_known_url,
+            AuthServerType.OAUTH,
+            transpile_data=transpile,
+        )
+
+        assert config.type == AuthServerType.OAUTH
+        assert config.metadata.issuer == sample_issuer
+        assert (
+            config.metadata.authorization_endpoint
+            == "https://example.com/oauth/authorize"
+        )
+        assert config.metadata.token_endpoint == "https://example.com/oauth/token"
+        assert config.metadata.response_types_supported == ["code"]
+
+    async def test_fetch_server_config_oauth_success(
+        self, aresponses: ResponsesMockServer
+    ):
+        issuer = "https://example.com"
+        sample_response: Record = {
+            "issuer": issuer + "/",
+            "authorization_endpoint": "https://example.com/oauth/authorize",
+            "token_endpoint": "https://example.com/oauth/token",
+            "response_types_supported": ["code"],
+        }
+
+        aresponses.add(
+            "example.com",
+            ServerMetadataPaths.OAUTH.value,
+            "GET",
+            sample_response,
+        )
+
+        config = await fetch_server_config(issuer, AuthServerType.OAUTH)
+
+        assert config.type == AuthServerType.OAUTH
+        assert config.metadata.issuer == issuer + "/"
+        assert (
+            config.metadata.authorization_endpoint
+            == "https://example.com/oauth/authorize"
+        )
+        assert config.metadata.token_endpoint == "https://example.com/oauth/token"
+        assert config.metadata.response_types_supported == ["code"]
+
+    async def test_fetch_server_config_oauth_with_path_success(
+        self, aresponses: ResponsesMockServer
+    ):
+        issuer = "https://example.com/path"
+        sample_response: Record = {
+            "issuer": issuer,
+            "authorization_endpoint": "https://example.com/oauth/authorize",
+            "token_endpoint": "https://example.com/oauth/token",
+            "response_types_supported": ["code"],
+        }
+
+        aresponses.add(
+            "example.com",
+            ServerMetadataPaths.OAUTH.value + "/path",
+            "GET",
+            sample_response,
+        )
+
+        config = await fetch_server_config(issuer, AuthServerType.OAUTH)
+
+        assert config.type == AuthServerType.OAUTH
+        assert config.metadata.issuer == issuer
+        assert (
+            config.metadata.authorization_endpoint
+            == "https://example.com/oauth/authorize"
+        )
+        assert config.metadata.token_endpoint == "https://example.com/oauth/token"
+        assert config.metadata.response_types_supported == ["code"]
+
+    async def test_fetch_server_config_oidc_success(
+        self, aresponses: ResponsesMockServer
+    ):
+        issuer = "https://example.com"
+        sample_response: Record = {
+            "issuer": issuer + "/",
+            "authorization_endpoint": "https://example.com/authorize",
+            "token_endpoint": "https://example.com/token",
+            "response_types_supported": ["code"],
+        }
+
+        aresponses.add(
+            "example.com",
+            ServerMetadataPaths.OIDC.value,
+            "GET",
+            sample_response,
+        )
+
+        config = await fetch_server_config(issuer, AuthServerType.OIDC)
+
+        assert config.type == AuthServerType.OIDC
+        assert config.metadata.issuer == issuer + "/"
+        assert config.metadata.authorization_endpoint == "https://example.com/authorize"
+        assert config.metadata.token_endpoint == "https://example.com/token"
+        assert config.metadata.response_types_supported == ["code"]
+
+    async def test_fetch_server_config_oidc_with_path_success(
+        self, aresponses: ResponsesMockServer
+    ):
+        issuer = "https://example.com/path"
+        sample_response: Record = {
+            "issuer": issuer,
+            "authorization_endpoint": issuer + "/authorize",
+            "token_endpoint": issuer + "/token",
+            "response_types_supported": ["code"],
+        }
+
+        aresponses.add(
+            "example.com",
+            "/path/.well-known/openid-configuration",
+            "GET",
+            sample_response,
+        )
+
+        config = await fetch_server_config(issuer, AuthServerType.OIDC)
+
+        assert config.type == AuthServerType.OIDC
+        assert config.metadata.issuer == issuer
+        assert config.metadata.authorization_endpoint == issuer + "/authorize"
+        assert config.metadata.token_endpoint == issuer + "/token"
+        assert config.metadata.response_types_supported == ["code"]
+
+    async def test_fetch_server_config_oidc_failure(
+        self, aresponses: ResponsesMockServer
+    ):
+        issuer = "https://example.com"
+
+        aresponses.add(
+            "example.com",
+            ServerMetadataPaths.OIDC.value,
+            "GET",
+            Response(text="Internal Server Error", status=500),
+        )
+
+        with pytest.raises(MCPAuthConfigException) as exc_info:
+            await fetch_server_config(issuer, AuthServerType.OIDC)
+
+        assert "Failed to fetch server config" in str(exc_info.value)

pyproject.toml

@@ -13,7 +13,7 @@ keywords = [
   "oauth2",
   "openid-connect",
 ]
-dependencies = ["pydantic>=2.11.3", "pyjwt[crypto]>=2.9.0"]
+dependencies = ["aiohttp>=3.11.18", "pydantic>=2.11.3", "pyjwt[crypto]>=2.9.0"]
 
 [project.urls]
 homepage = "https://mcp-auth.dev"
@@ -22,7 +22,9 @@ documentation = "https://mcp-auth.dev/docs"
 
 [dependency-groups]
 dev = [
-    "black>=24.8.0",
- "pytest>=8.3.5",
- "pytest-cov>=6.1.1",
+  "aresponses>=3.0.0",
+  "black>=24.8.0",
+  "pytest>=8.3.5",
+  "pytest-asyncio>=0.26.0",
+  "pytest-cov>=6.1.1",
 ]

typings/aresponses/__init__.pyi

@@ -0,0 +1,17 @@
+# Created by ChatGPT, edited for precision
+
+from typing import Any, Union
+from aiohttp.web_response import Response
+
+class ResponsesMockServer:
+    def add(
+        self,
+        host: str,
+        path: str,
+        method: str,
+        response: Union[Response, Any],
+    ) -> None: ...
+    async def start(self) -> None: ...
+    async def close(self) -> None: ...
+    def __aenter__(self) -> "ResponsesMockServer": ...
+    async def __aexit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None: ...