add config.py

Author: patrickkang

examples/example-fastmcp-mcp/.env.example

@@ -3,4 +3,5 @@ AUTH0_DOMAIN=your-tenant.auth0.com
 AUTH0_AUDIENCE=https://api.example.com
 MCP_SERVER_URL=http://localhost:3001
 PORT=3001
-DEBUG=false
+DEBUG=false
+CORS_ORIGINS=*

examples/example-fastmcp-mcp/src/auth0/__init__.py

@@ -8,7 +8,6 @@
 from __future__ import annotations
 
 import logging
-import os
 from collections.abc import Callable
 
 from mcp.server.auth.routes import create_protected_resource_routes
@@ -25,10 +24,11 @@
 
 
 class Auth0Mcp:
-    def __init__(self, name: str, audience: str, domain: str):
+    def __init__(self, name: str, audience: str, domain: str, mcp_server_url: str | None = None):
         self.name = name
         self.audience = audience
         self.domain = domain
+        self.mcp_server_url = mcp_server_url
         if not self.audience or not self.domain:
             raise RuntimeError("audience and domain must be provided")
         self.mcp = FastMCP(
@@ -113,9 +113,8 @@ def _build_www_authenticate_header(self, error_code: str, description: str, incl
         Build WWW-Authenticate header according to RFC 9728 Section 5.1.
         """
         www_auth_params = [f'error="{error_code}"', f'error_description="{description}"']
-        metadata_url = os.getenv('MCP_SERVER_URL')
-        if include_resource_metadata and metadata_url:
-            metadata_url = metadata_url.rstrip("/") + "/.well-known/oauth-protected-resource"
+        if include_resource_metadata and self.mcp_server_url:
+            metadata_url = self.mcp_server_url.rstrip("/") + "/.well-known/oauth-protected-resource"
             www_auth_params.append(f'resource_metadata="{metadata_url}"')
 
         return f"Bearer {', '.join(www_auth_params)}"

examples/example-fastmcp-mcp/src/config.py

@@ -0,0 +1,33 @@
+from __future__ import annotations
+
+import os
+from dataclasses import dataclass, field
+
+from dotenv import load_dotenv
+
+
+@dataclass(frozen=True)
+class Config:
+    auth0_domain: str
+    auth0_audience: str
+    mcp_server_url: str
+    port: int = 3001
+    debug: bool = True
+    cors_origins: list[str] = field(default_factory=lambda: ["*"])
+
+    @classmethod
+    def from_env(cls) -> Config:
+        return cls(
+            auth0_domain=os.environ["AUTH0_DOMAIN"],
+            auth0_audience=os.environ["AUTH0_AUDIENCE"],
+            mcp_server_url=os.getenv("MCP_SERVER_URL", "http://localhost:3001"),
+            port=int(os.getenv("PORT", "3001")),
+            debug=os.getenv("DEBUG", "false").lower() == "true",
+            cors_origins=os.getenv("CORS_ORIGINS", "*").split(","),
+        )
+
+
+def get_config() -> Config:
+    """Get application configuration."""
+    load_dotenv()
+    return Config.from_env()

examples/example-fastmcp-mcp/src/server.py

@@ -2,27 +2,27 @@
 
 import contextlib
 import logging
-import os
 from collections.abc import AsyncIterator
 
-from dotenv import load_dotenv
 from starlette.applications import Starlette
 from starlette.middleware.cors import CORSMiddleware
 from starlette.routing import Mount
 
 from .auth0 import Auth0Mcp
+from .config import get_config
 from .tools import register_tools
 
-load_dotenv()
+config = get_config()
 
 # Configure logging
 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)
 
 auth0_mcp = Auth0Mcp(
     name="Example FastMCP Server",
-    audience=os.getenv("AUTH0_AUDIENCE"),
-    domain=os.getenv("AUTH0_DOMAIN")
+    audience=config.auth0_audience,
+    domain=config.auth0_domain,
+    mcp_server_url=config.mcp_server_url
 )
 register_tools(auth0_mcp)
 
@@ -33,7 +33,7 @@ async def lifespan(app: Starlette) -> AsyncIterator[None]:
         yield
 
 starlette_app = Starlette(
-    debug=os.getenv("DEBUG", "true").lower() == "true",
+    debug=config.debug,
     routes=[
         # Add discovery metadata route
         *auth0_mcp.auth_metadata_router().routes,
@@ -51,13 +51,14 @@ async def lifespan(app: Starlette) -> AsyncIterator[None]:
 
 # Wrap ASGI application with CORS middleware to expose Mcp-Session-Id header
 # for browser-based clients (ensures 500 errors get proper CORS headers)
+
 app = CORSMiddleware(
     starlette_app,
-    allow_origins=["*"], # Adjust as needed for production
+    allow_origins=config.cors_origins,
     allow_methods=["GET", "POST", "DELETE"], # MCP streamable HTTP methods
     expose_headers=["Mcp-Session-Id"],
 )
 
 if __name__ == "__main__":
     import uvicorn
-    uvicorn.run(app, port=int(os.getenv("PORT", "3001")))
+    uvicorn.run(app, port=config.port)