Skip to content

Commit

Permalink
Add issuer support as url (#85)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dorsha
dorsha committed Nov 27, 2022
1 parent f943f46 commit 00ecc61
Show file tree
Hide file tree
Showing 2 changed files with 88 additions and 2 deletions.
7 changes: 5 additions & 2 deletions descope/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,9 +346,12 @@ def adjust_properties(self, jwt_response: dict, user_jwt: bool):
)

# Save the projectID also in the dict top level
jwt_response["projectId"] = jwt_response.get(SESSION_TOKEN_NAME, {}).get(
issuer = jwt_response.get(SESSION_TOKEN_NAME, {}).get(
"iss", None
) or jwt_response.get(REFRESH_SESSION_TOKEN_NAME, {}).get("iss", None)
) or jwt_response.get(REFRESH_SESSION_TOKEN_NAME, {}).get("iss", "")
jwt_response["projectId"] = issuer.rsplit("/")[
-1
] # support both url issuer and project ID issuer

if user_jwt:
# Save the userID also in the dict top level
Expand Down
83 changes: 83 additions & 0 deletions tests/test_auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

from descope import AuthException, DeliveryMethod
from descope.auth import Auth
from descope.common import REFRESH_SESSION_TOKEN_NAME, SESSION_TOKEN_NAME


class TestAuth(unittest.TestCase):
Expand Down Expand Up @@ -265,6 +266,88 @@ def test_exchange_access_key(self):
self.assertEqual(jwt_response["keyId"], "U2Cu0j0WPw3YOiPISJb52L0wUVMg")
self.assertEqual(jwt_response["projectId"], "P2CtzUhdqpIF2ys9gg7ms06UvtC4")

def test_adjust_properties(self):
self.assertEqual(
Auth.adjust_properties(self, jwt_response={}, user_jwt={}),
{"keyId": None, "projectId": ""},
)

jwt_response = {
SESSION_TOKEN_NAME: {
"permissions": ["perm1"],
"roles": ["role1"],
"tenants": {"bla1": "bla1"},
"iss": "123456",
"sub": "user-id",
},
REFRESH_SESSION_TOKEN_NAME: {
"permissions": ["perm2"],
"roles": ["role2"],
"tenants": {"bla2": "bla2"},
},
}

self.assertEqual(
Auth.adjust_properties(self, jwt_response=jwt_response, user_jwt=True),
{
"permissions": ["perm1"],
"projectId": "123456",
"refreshSessionToken": {
"permissions": ["perm2"],
"roles": ["role2"],
"tenants": {"bla2": "bla2"},
},
"roles": ["role1"],
"sessionToken": {
"iss": "123456",
"permissions": ["perm1"],
"roles": ["role1"],
"sub": "user-id",
"tenants": {"bla1": "bla1"},
},
"tenants": {"bla1": "bla1"},
"userId": "user-id",
},
)

jwt_response = {
SESSION_TOKEN_NAME: {
"permissions": ["perm1"],
"roles": ["role1"],
"tenants": {"bla1": "bla1"},
"sub": "user-id",
},
REFRESH_SESSION_TOKEN_NAME: {
"permissions": ["perm2"],
"roles": ["role2"],
"tenants": {"bla2": "bla2"},
"iss": "https://descope.com/bla/123456",
},
}

self.assertEqual(
Auth.adjust_properties(self, jwt_response=jwt_response, user_jwt=False),
{
"permissions": ["perm1"],
"projectId": "123456",
"refreshSessionToken": {
"iss": "https://descope.com/bla/123456",
"permissions": ["perm2"],
"roles": ["role2"],
"tenants": {"bla2": "bla2"},
},
"roles": ["role1"],
"sessionToken": {
"permissions": ["perm1"],
"roles": ["role1"],
"sub": "user-id",
"tenants": {"bla1": "bla1"},
},
"tenants": {"bla1": "bla1"},
"keyId": "user-id",
},
)


if __name__ == "__main__":
unittest.main()

0 comments on commit 00ecc61

Please sign in to comment.