fix dependency

ihrpr · ihrpr · commit 99e1db254948 · 2025-06-20T14:45:42.000+01:00
diff --git a/README.md b/README.md
@@ -429,7 +429,7 @@ MCP servers can use authentication by providing an implementation of the `TokenV
 
 ```python
 from mcp import FastMCP
-from mcp.server.auth.verifier import TokenVerifier
+from mcp.server.auth.provider import TokenVerifier
 from mcp.server.auth.settings import AuthSettings
 
 class MyTokenVerifier(TokenVerifier):
@@ -455,7 +455,7 @@ For a complete example with separate Authorization Server and Resource Server im
 - **Resource Server (RS)**: Your MCP server that validates tokens and serves protected resources
 - **Client**: Discovers AS through RFC 9728, obtains tokens, and uses them with the MCP server
 
-See [TokenVerifier](src/mcp/server/auth/verifier.py) for more details on implementing token validation.
+See [TokenVerifier](src/mcp/server/auth/provider.py) for more details on implementing token validation.
 
 ## Running Your Server
 
diff --git a/examples/servers/simple-auth/mcp_simple_auth/token_verifier.py b/examples/servers/simple-auth/mcp_simple_auth/token_verifier.py
@@ -2,8 +2,7 @@
 
 import logging
 
-from mcp.server.auth.provider import AccessToken
-from mcp.server.auth.token_verifier import TokenVerifier
+from mcp.server.auth.provider import AccessToken, TokenVerifier
 
 logger = logging.getLogger(__name__)
 
diff --git a/src/mcp/server/auth/middleware/bearer_auth.py b/src/mcp/server/auth/middleware/bearer_auth.py
@@ -7,8 +7,7 @@
 from starlette.requests import HTTPConnection
 from starlette.types import Receive, Scope, Send
 
-from mcp.server.auth.provider import AccessToken
-from mcp.server.auth.token_verifier import TokenVerifier
+from mcp.server.auth.provider import AccessToken, TokenVerifier
 
 
 class AuthenticatedUser(SimpleUser):
diff --git a/src/mcp/server/auth/provider.py b/src/mcp/server/auth/provider.py
@@ -4,7 +4,6 @@
 
 from pydantic import AnyUrl, BaseModel
 
-from mcp.server.auth.token_verifier import TokenVerifier
 from mcp.shared.auth import OAuthClientInformationFull, OAuthToken
 
 
@@ -87,6 +86,13 @@ class TokenError(Exception):
     error_description: str | None = None
 
 
+class TokenVerifier(Protocol):
+    """Protocol for verifying bearer tokens."""
+
+    async def verify_token(self, token: str) -> AccessToken | None:
+        """Verify a bearer token and return access info if valid."""
+
+
 # NOTE: FastMCP doesn't render any of these types in the user response, so it's
 # OK to add fields to subclasses which should not be exposed externally.
 AuthorizationCodeT = TypeVar("AuthorizationCodeT", bound=AuthorizationCode)
diff --git a/src/mcp/server/auth/token_verifier.py b/src/mcp/server/auth/token_verifier.py
diff --git a/src/mcp/server/fastmcp/server.py b/src/mcp/server/fastmcp/server.py
@@ -30,9 +30,8 @@
     BearerAuthBackend,
     RequireAuthMiddleware,
 )
-from mcp.server.auth.provider import OAuthAuthorizationServerProvider, ProviderTokenVerifier
+from mcp.server.auth.provider import OAuthAuthorizationServerProvider, ProviderTokenVerifier, TokenVerifier
 from mcp.server.auth.settings import AuthSettings
-from mcp.server.auth.token_verifier import TokenVerifier
 from mcp.server.elicitation import ElicitationResult, ElicitSchemaModelT, elicit_with_validation
 from mcp.server.fastmcp.exceptions import ResourceError
 from mcp.server.fastmcp.prompts import Prompt, PromptManager
