descope · dorsha · Oct 25, 2022 · Oct 25, 2022 · Oct 25, 2022 · Oct 25, 2022
diff --git a/descope/authmethod/saml.py b/descope/authmethod/saml.py
@@ -24,8 +24,8 @@ def start(self, tenant: str, return_url: str = None) -> dict:
             )
 
         uri = EndpointsV1.authSAMLStart
-        params = SAML._compose_start_params(tenant, return_url)
-        response = self._auth.do_get(uri, params)
+        body = SAML._compose_start_body(tenant, return_url)
+        response = self._auth.do_post(uri, body)
 
         return response.json()
 
@@ -36,7 +36,7 @@ def exchange_token(
         return self._auth.exchange_token(uri, code, loginOptions, refreshToken)
 
     @staticmethod
-    def _compose_start_params(tenant: str, return_url: str) -> dict:
+    def _compose_start_body(tenant: str, return_url: str) -> dict:
         res = {"tenant": tenant}
         if return_url is not None and return_url != "":
             res["redirectURL"] = return_url

diff --git a/tests/test_saml.py b/tests/test_saml.py
@@ -22,9 +22,9 @@ def setUp(self) -> None:
             "y": "N5n5jKZA5Wu7_b4B36KKjJf-VRfJ-XqczfCSYy9GeQLqF-b63idfE0SYaYk9cFqg",
         }
 
-    def test_compose_start_params(self):
+    def test_compose_start_body(self):
         self.assertEqual(
-            SAML._compose_start_params("tenant1", "http://dummy.com"),
+            SAML._compose_start_body("tenant1", "http://dummy.com"),
             {"tenant": "tenant1", "redirectURL": "http://dummy.com"},
         )
 
@@ -37,27 +37,29 @@ def test_saml_start(self):
         self.assertRaises(AuthException, saml.start, "tenant1", "")
         self.assertRaises(AuthException, saml.start, "tenant1", None)
 
-        with patch("requests.get") as mock_get:
-            mock_get.return_value.ok = False
+        with patch("requests.post") as mock_post:
+            mock_post.return_value.ok = False
             self.assertRaises(AuthException, saml.start, "tenant1", "http://dummy.com")
 
         # Test success flow
-        with patch("requests.get") as mock_get:
-            mock_get.return_value.ok = True
+        with patch("requests.post") as mock_post:
+            mock_post.return_value.ok = True
             self.assertIsNotNone(saml.start("tenant1", "http://dummy.com"))
 
-        with patch("requests.get") as mock_get:
-            mock_get.return_value.ok = True
+        with patch("requests.post") as mock_post:
+            mock_post.return_value.ok = True
             saml.start("tenant1", "http://dummy.com")
             expected_uri = f"{DEFAULT_BASE_URL}{EndpointsV1.authSAMLStart}"
-            mock_get.assert_called_with(
+            mock_post.assert_called_with(
                 expected_uri,
                 headers={
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
-                params={"tenant": "tenant1", "redirectURL": "http://dummy.com"},
-                allow_redirects=None,
+                data=json.dumps(
+                    {"tenant": "tenant1", "redirectURL": "http://dummy.com"}
+                ),
+                allow_redirects=False,
                 verify=True,
             )