auth/oauth_types.py

"""
Type definitions for OAuth authentication.

This module provides structured types for OAuth-related parameters,
improving code maintainability and type safety.
"""

from dataclasses import dataclass
from typing import Optional, List, Dict, Any

from fastmcp.server.auth import AccessToken


class WorkspaceAccessToken(AccessToken):
    """AccessToken extended with workspace-specific fields."""

    session_id: Optional[str] = None
    sub: Optional[str] = None
    email: Optional[str] = None


@dataclass
class OAuth21ServiceRequest:
    """
    Encapsulates parameters for OAuth 2.1 service authentication requests.

    This parameter object pattern reduces function complexity and makes
    it easier to extend authentication parameters in the future.
    """

    service_name: str
    version: str
    tool_name: str
    user_google_email: str
    required_scopes: List[str]
    session_id: Optional[str] = None
    auth_token_email: Optional[str] = None
    allow_recent_auth: bool = False
    context: Optional[Dict[str, Any]] = None

    def to_legacy_params(self) -> dict:
        """Convert to legacy parameter format for backward compatibility."""
        return {
            "service_name": self.service_name,
            "version": self.version,
            "tool_name": self.tool_name,
            "user_google_email": self.user_google_email,
            "required_scopes": self.required_scopes,
        }


@dataclass
class OAuthVersionDetectionParams:
    """
    Parameters used for OAuth version detection.

    Encapsulates the various signals we use to determine
    whether a client supports OAuth 2.1 or needs OAuth 2.0.
    """

    client_id: Optional[str] = None
    client_secret: Optional[str] = None
    code_challenge: Optional[str] = None
    code_challenge_method: Optional[str] = None
    code_verifier: Optional[str] = None
    authenticated_user: Optional[str] = None
    session_id: Optional[str] = None

    @classmethod
    def from_request(
        cls, request_params: Dict[str, Any]
    ) -> "OAuthVersionDetectionParams":
        """Create from raw request parameters."""
        return cls(
            client_id=request_params.get("client_id"),
            client_secret=request_params.get("client_secret"),
            code_challenge=request_params.get("code_challenge"),
            code_challenge_method=request_params.get("code_challenge_method"),
            code_verifier=request_params.get("code_verifier"),
            authenticated_user=request_params.get("authenticated_user"),
            session_id=request_params.get("session_id"),
        )

    @property
    def has_pkce(self) -> bool:
        """Check if PKCE parameters are present."""
        return bool(self.code_challenge or self.code_verifier)

    @property
    def is_public_client(self) -> bool:
        """Check if this appears to be a public client (no secret)."""
        return bool(self.client_id and not self.client_secret)
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`"""`
			`Type definitions for OAuth authentication.`

			`This module provides structured types for OAuth-related parameters,`
			`improving code maintainability and type safety.`
			`"""`

			`from dataclasses import dataclass`
			`from typing import Optional, List, Dict, Any`

fix: subclass AccessToken with custom fields 2026-01-29 16:06:00 -05:00			`from fastmcp.server.auth import AccessToken`


			`class WorkspaceAccessToken(AccessToken):`
			`"""AccessToken extended with workspace-specific fields."""`

			`session_id: Optional[str] = None`
			`sub: Optional[str] = None`
			`email: Optional[str] = None`

refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00
			`@dataclass`
			`class OAuth21ServiceRequest:`
			`"""`
			`Encapsulates parameters for OAuth 2.1 service authentication requests.`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`This parameter object pattern reduces function complexity and makes`
			`it easier to extend authentication parameters in the future.`
			`"""`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`service_name: str`
			`version: str`
			`tool_name: str`
			`user_google_email: str`
			`required_scopes: List[str]`
			`session_id: Optional[str] = None`
			`auth_token_email: Optional[str] = None`
			`allow_recent_auth: bool = False`
			`context: Optional[Dict[str, Any]] = None`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`def to_legacy_params(self) -> dict:`
			`"""Convert to legacy parameter format for backward compatibility."""`
			`return {`
			`"service_name": self.service_name,`
			`"version": self.version,`
			`"tool_name": self.tool_name,`
			`"user_google_email": self.user_google_email,`
			`"required_scopes": self.required_scopes,`
			`}`


			`@dataclass`
			`class OAuthVersionDetectionParams:`
			`"""`
			`Parameters used for OAuth version detection.`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`Encapsulates the various signals we use to determine`
			`whether a client supports OAuth 2.1 or needs OAuth 2.0.`
			`"""`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`client_id: Optional[str] = None`
			`client_secret: Optional[str] = None`
			`code_challenge: Optional[str] = None`
			`code_challenge_method: Optional[str] = None`
			`code_verifier: Optional[str] = None`
			`authenticated_user: Optional[str] = None`
			`session_id: Optional[str] = None`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`@classmethod`
apply ruff formatting 2025-12-13 13:49:28 -08:00			`def from_request(`
			`cls, request_params: Dict[str, Any]`
			`) -> "OAuthVersionDetectionParams":`
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`"""Create from raw request parameters."""`
			`return cls(`
			`client_id=request_params.get("client_id"),`
			`client_secret=request_params.get("client_secret"),`
			`code_challenge=request_params.get("code_challenge"),`
			`code_challenge_method=request_params.get("code_challenge_method"),`
			`code_verifier=request_params.get("code_verifier"),`
			`authenticated_user=request_params.get("authenticated_user"),`
			`session_id=request_params.get("session_id"),`
			`)`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`@property`
			`def has_pkce(self) -> bool:`
			`"""Check if PKCE parameters are present."""`
			`return bool(self.code_challenge or self.code_verifier)`
apply ruff formatting 2025-12-13 13:49:28 -08:00
refactor to centralize, move to desktop type 2025-08-09 10:46:31 -04:00			`@property`
			`def is_public_client(self) -> bool:`
			`"""Check if this appears to be a public client (no secret)."""`
apply ruff formatting 2025-12-13 13:49:28 -08:00			`return bool(self.client_id and not self.client_secret)`