jason/google-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

successful client to server flow, not passing through. overcomplicated. need to refactor based on new fastmcp oauth wrapper

Browse Source
This commit is contained in:
Taylor Wilsdon
2025-08-02 10:38:11 -04:00
parent dad52829f8
commit b2f5ec1052
5 changed files with 168 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
auth/oauth21/compat.py
View File

@@ -295,6 +295,44 @@ class AuthCompatibilityLayer:
except Exception as e:
logger.error(f"Failed to bridge legacy credentials to OAuth 2.1: {e}")
def get_credentials_from_oauth2_session(
self,
session_id: str,
user_email: Optional[str] = None,
) -> Optional[Credentials]:
"""
Get Google credentials from OAuth 2.1 session.
Args:
session_id: OAuth 2.1 session ID
user_email: Optional user email for validation
Returns:
Google Credentials object or None
"""
if not self.oauth2_handler:
return None
try:
session = self.oauth2_handler.session_store.get_session(session_id)
if not session:
logger.debug(f"No OAuth 2.1 session found for {session_id}")
return None
# Validate user if provided
if user_email and session.user_id != user_email:
logger.warning(
f"Session user {session.user_id} doesn't match requested user {user_email}"
)
return None
# Convert to Google credentials
return self._convert_oauth2_to_credentials(session.token_info)
except Exception as e:
logger.error(f"Failed to get credentials from OAuth 2.1 session: {e}")
return None
def create_enhanced_middleware(self):
"""Create middleware that supports both OAuth 2.1 and legacy auth."""

18
auth/oauth21/handler.py
View File

@@ -186,6 +186,24 @@ class OAuth2Handler:
session = self.session_store.get_session(session_id)
logger.info(f"Created session {session_id} for user {user_id}")
# Store in global OAuth 2.1 session store for Google services
try:
from auth.oauth21_session_store import get_oauth21_session_store
store = get_oauth21_session_store()
store.store_session(
user_email=user_id,
access_token=access_token,
refresh_token=token_response.get("refresh_token"),
token_uri=token_response.get("token_uri", "https://oauth2.googleapis.com/token"),
client_id=self.config.client_id,
client_secret=self.config.client_secret,
scopes=token_info.get("scopes", []),
expiry=token_info.get("expires_at"),
session_id=session_id,
)
except Exception as e:
logger.error(f"Failed to store session in global store: {e}")
return session_id, session

79
auth/service_decorator.py
View File

@@ -6,6 +6,16 @@ from datetime import datetime, timedelta
from google.auth.exceptions import RefreshError
from auth.google_auth import get_authenticated_google_service, GoogleAuthenticationError
# Try to import OAuth 2.1 integration
try:
from auth.oauth21_integration import get_authenticated_google_service_oauth21
from auth.session_context import get_session_context
OAUTH21_INTEGRATION_AVAILABLE = True
except ImportError:
OAUTH21_INTEGRATION_AVAILABLE = False
get_authenticated_google_service_oauth21 = None
get_session_context = None
from auth.scopes import (
GMAIL_READONLY_SCOPE, GMAIL_SEND_SCOPE, GMAIL_COMPOSE_SCOPE, GMAIL_MODIFY_SCOPE, GMAIL_LABELS_SCOPE,
DRIVE_READONLY_SCOPE, DRIVE_FILE_SCOPE,
@@ -256,13 +266,41 @@ def require_google_service(
if service is None:
try:
tool_name = func.__name__
service, actual_user_email = await get_authenticated_google_service(
service_name=service_name,
version=service_version,
tool_name=tool_name,
user_google_email=user_google_email,
required_scopes=resolved_scopes,
)
# Try OAuth 2.1 integration first if available
session_ctx = get_session_context() if OAUTH21_INTEGRATION_AVAILABLE else None
# Also check if user has credentials in OAuth 2.1 store
has_oauth21_creds = False
if OAUTH21_INTEGRATION_AVAILABLE:
try:
from auth.oauth21_session_store import get_oauth21_session_store
store = get_oauth21_session_store()
has_oauth21_creds = store.has_session(user_google_email)
except:
pass
logger.debug(f"OAuth 2.1 available: {OAUTH21_INTEGRATION_AVAILABLE}, Session context: {session_ctx}, Has OAuth21 creds: {has_oauth21_creds}")
if OAUTH21_INTEGRATION_AVAILABLE and (session_ctx or has_oauth21_creds):
logger.info(f"Using OAuth 2.1 authentication for {tool_name}")
service, actual_user_email = await get_authenticated_google_service_oauth21(
service_name=service_name,
version=service_version,
tool_name=tool_name,
user_google_email=user_google_email,
required_scopes=resolved_scopes,
)
else:
# Fall back to legacy authentication
service, actual_user_email = await get_authenticated_google_service(
service_name=service_name,
version=service_version,
tool_name=tool_name,
user_google_email=user_google_email,
required_scopes=resolved_scopes,
)
if cache_enabled:
cache_key = _get_cache_key(user_google_email, service_name, service_version, resolved_scopes)
_cache_service(cache_key, service, actual_user_email)
@@ -340,13 +378,26 @@ def require_multiple_services(service_configs: List[Dict[str, Any]]):
try:
tool_name = func.__name__
service, _ = await get_authenticated_google_service(
service_name=service_name,
version=service_version,
tool_name=tool_name,
user_google_email=user_google_email,
required_scopes=resolved_scopes,
)
# Try OAuth 2.1 integration first if available
if OAUTH21_INTEGRATION_AVAILABLE and get_session_context():
logger.debug(f"Attempting OAuth 2.1 authentication for {tool_name} ({service_type})")
service, _ = await get_authenticated_google_service_oauth21(
service_name=service_name,
version=service_version,
tool_name=tool_name,
user_google_email=user_google_email,
required_scopes=resolved_scopes,
)
else:
# Fall back to legacy authentication
service, _ = await get_authenticated_google_service(
service_name=service_name,
version=service_version,
tool_name=tool_name,
user_google_email=user_google_email,
required_scopes=resolved_scopes,
)
# Inject service with specified parameter name
kwargs[param_name] = service