revert refactor of pkce generation

Author: maxisbey

src/mcp/client/auth/oauth2.py

@@ -4,8 +4,11 @@
 Implements authorization code flow with PKCE and automatic token refresh.
 """
 
+import base64
+import hashlib
 import logging
 import secrets
+import string
 import time
 from collections.abc import AsyncGenerator, Awaitable, Callable
 from dataclasses import dataclass, field
@@ -42,7 +45,6 @@
 from mcp.shared.auth_utils import (
     calculate_token_expiry,
     check_resource_allowed,
-    generate_pkce_parameters,
     resource_url_from_server_url,
 )
 
@@ -57,8 +59,10 @@ class PKCEParameters(BaseModel):
 
     @classmethod
     def generate(cls) -> "PKCEParameters":
-        """Generate new PKCE parameters using shared util function."""
-        code_verifier, code_challenge = generate_pkce_parameters(verifier_length=128)
+        """Generate new PKCE parameters."""
+        code_verifier = "".join(secrets.choice(string.ascii_letters + string.digits + "-._~") for _ in range(128))
+        digest = hashlib.sha256(code_verifier.encode()).digest()
+        code_challenge = base64.urlsafe_b64encode(digest).decode().rstrip("=")
         return cls(code_verifier=code_verifier, code_challenge=code_challenge)
 
 

src/mcp/shared/auth_utils.py

@@ -1,9 +1,5 @@
 """Utilities for OAuth 2.0 Resource Indicators (RFC 8707) and PKCE (RFC 7636)."""
 
-import base64
-import hashlib
-import secrets
-import string
 import time
 from urllib.parse import urlparse, urlsplit, urlunsplit
 
@@ -74,38 +70,6 @@ def check_resource_allowed(requested_resource: str, configured_resource: str) ->
     return requested_path.startswith(configured_path)
 
 
-def generate_pkce_parameters(verifier_length: int = 128) -> tuple[str, str]:
-    """Generate PKCE verifier and challenge per RFC 7636.
-
-    Generates cryptographically secure code_verifier and code_challenge
-    for OAuth 2.0 PKCE (Proof Key for Code Exchange).
-
-    Args:
-        verifier_length: Length of code_verifier (43-128 chars per RFC 7636, default 128)
-
-    Returns:
-        Tuple of (code_verifier, code_challenge)
-
-    Raises:
-        ValueError: If verifier_length is not between 43 and 128
-    """
-    if not 43 <= verifier_length <= 128:
-        raise ValueError("verifier_length must be between 43 and 128 per RFC 7636")  # pragma: no cover
-
-    # Generate code_verifier using unreserved characters per RFC 7636 Section 4.1
-    # unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
-    code_verifier = "".join(
-        secrets.choice(string.ascii_letters + string.digits + "-._~") for _ in range(verifier_length)
-    )
-
-    # Generate code_challenge using S256 method per RFC 7636 Section 4.2
-    # code_challenge = BASE64URL(SHA256(ASCII(code_verifier)))
-    digest = hashlib.sha256(code_verifier.encode("ascii")).digest()
-    code_challenge = base64.urlsafe_b64encode(digest).decode("ascii").rstrip("=")
-
-    return code_verifier, code_challenge
-
-
 def calculate_token_expiry(expires_in: int | str | None) -> float | None:
     """Calculate token expiry timestamp from expires_in seconds.