propublica-mcp

from typing import Optional from authlib.common.urls import add_params_to_uri from authlib.deprecate import deprecate from authlib.oauth2.rfc6749.grants import BaseGrant class IssuerParameter: def __call__(self, authorization_server): if isinstance(authorization_server, BaseGrant): deprecate( "IssueParameter should be used as an authorization server extension with 'authorization_server.register_extension(IssueParameter())'.", version="1.8", ) authorization_server.register_hook( "after_authorization_response", self.add_issuer_parameter, ) else: authorization_server.register_hook( "after_create_authorization_response", self.add_issuer_parameter, ) def add_issuer_parameter(self, authorization_server, response): if self.get_issuer() and response.location: # RFC9207 §2 # In authorization responses to the client, including error responses, # an authorization server supporting this specification MUST indicate # its identity by including the iss parameter in the response. new_location = add_params_to_uri( response.location, {"iss": self.get_issuer()} ) response.location = new_location def get_issuer(self) -> Optional[str]: """Return the issuer URL. Developers MAY implement this method if they want to support :rfc:`RFC9207 <9207>`:: def get_issuer(self) -> str: return "https://auth.example.org" """ return None