Chris Coutinho
71e77e95bc
Resolves the token exchange implementation gap where get_session_client() was implemented but never used by tools. Unifies token acquisition into a single async get_client() method that handles both pass-through and token exchange modes transparently. Core Changes: - Make get_client() async and merge token exchange logic into it - Remove scopes parameter from token exchange (Nextcloud doesn't support OAuth scopes) - Update all 8 tool modules to use await get_client(ctx) - Fix provisioning decorator to skip checks in BasicAuth mode Token Acquisition Modes: 1. BasicAuth: Returns shared client (no token operations) 2. OAuth pass-through (default): Verifies and passes Flow 1 token to Nextcloud 3. OAuth token exchange (opt-in): Exchanges Flow 1 token for ephemeral token via RFC 8693 Key Architectural Clarifications: - Progressive Consent (Flow 1/2) = Authorization architecture - Token Exchange = Token acquisition pattern during tool execution - Refresh tokens from Flow 2 are NEVER used for tool calls (only background jobs) - Nextcloud scopes are "soft-scopes" enforced by MCP server, not IdP Documentation Updates: - ADR-004: Added comprehensive token acquisition patterns section - CRITICAL-TOKEN-EXCHANGE-PATTERN.md: Updated to reflect implementation status - CLAUDE.md: Updated architectural patterns with async get_client() Testing: - All 36 unit tests passing - All 4 smoke tests passing (BasicAuth mode) - Linting issues fixed (ruff) Configuration: ENABLE_TOKEN_EXCHANGE=false (default) - pass-through mode ENABLE_TOKEN_EXCHANGE=true (opt-in) - token exchange mode 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
91 lines
3.3 KiB
Python
91 lines
3.3 KiB
Python
import logging
|
|
|
|
from mcp.server.fastmcp import Context, FastMCP
|
|
|
|
from nextcloud_mcp_server.auth import require_scopes
|
|
from nextcloud_mcp_server.context import get_client
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def configure_contacts_tools(mcp: FastMCP):
|
|
# Contacts tools
|
|
@mcp.tool()
|
|
@require_scopes("contacts:read")
|
|
async def nc_contacts_list_addressbooks(ctx: Context):
|
|
"""List all addressbooks for the user."""
|
|
client = await get_client(ctx)
|
|
return await client.contacts.list_addressbooks()
|
|
|
|
@mcp.tool()
|
|
@require_scopes("contacts:read")
|
|
async def nc_contacts_list_contacts(ctx: Context, *, addressbook: str):
|
|
"""List all contacts in the specified addressbook."""
|
|
client = await get_client(ctx)
|
|
return await client.contacts.list_contacts(addressbook=addressbook)
|
|
|
|
@mcp.tool()
|
|
@require_scopes("contacts:write")
|
|
async def nc_contacts_create_addressbook(
|
|
ctx: Context, *, name: str, display_name: str
|
|
):
|
|
"""Create a new addressbook.
|
|
|
|
Args:
|
|
name: The name of the addressbook.
|
|
display_name: The display name of the addressbook.
|
|
"""
|
|
client = await get_client(ctx)
|
|
return await client.contacts.create_addressbook(
|
|
name=name, display_name=display_name
|
|
)
|
|
|
|
@mcp.tool()
|
|
@require_scopes("contacts:write")
|
|
async def nc_contacts_delete_addressbook(ctx: Context, *, name: str):
|
|
"""Delete an addressbook."""
|
|
client = await get_client(ctx)
|
|
return await client.contacts.delete_addressbook(name=name)
|
|
|
|
@mcp.tool()
|
|
@require_scopes("contacts:write")
|
|
async def nc_contacts_create_contact(
|
|
ctx: Context, *, addressbook: str, uid: str, contact_data: dict
|
|
):
|
|
"""Create a new contact.
|
|
|
|
Args:
|
|
addressbook: The name of the addressbook to create the contact in.
|
|
uid: The unique ID for the contact.
|
|
contact_data: A dictionary with the contact's details, e.g. {"fn": "John Doe", "email": "john.doe@example.com"}.
|
|
"""
|
|
client = await get_client(ctx)
|
|
return await client.contacts.create_contact(
|
|
addressbook=addressbook, uid=uid, contact_data=contact_data
|
|
)
|
|
|
|
@mcp.tool()
|
|
@require_scopes("contacts:write")
|
|
async def nc_contacts_delete_contact(ctx: Context, *, addressbook: str, uid: str):
|
|
"""Delete a contact."""
|
|
client = await get_client(ctx)
|
|
return await client.contacts.delete_contact(addressbook=addressbook, uid=uid)
|
|
|
|
@mcp.tool()
|
|
@require_scopes("contacts:write")
|
|
async def nc_contacts_update_contact(
|
|
ctx: Context, *, addressbook: str, uid: str, contact_data: dict, etag: str = ""
|
|
):
|
|
"""Update an existing contact while preserving all existing properties.
|
|
|
|
Args:
|
|
addressbook: The name of the addressbook containing the contact.
|
|
uid: The unique ID of the contact to update.
|
|
contact_data: A dictionary with the contact's updated details, e.g. {"fn": "Jane Doe", "email": "jane.doe@example.com"}.
|
|
etag: Optional ETag for optimistic concurrency control.
|
|
"""
|
|
client = await get_client(ctx)
|
|
return await client.contacts.update_contact(
|
|
addressbook=addressbook, uid=uid, contact_data=contact_data, etag=etag
|
|
)
|