diff --git a/src/main/java/com/descope/model/mgmt/AccessKeyRequest.java b/src/main/java/com/descope/model/mgmt/AccessKeyRequest.java index 75512035..6734e593 100644 --- a/src/main/java/com/descope/model/mgmt/AccessKeyRequest.java +++ b/src/main/java/com/descope/model/mgmt/AccessKeyRequest.java @@ -13,4 +13,5 @@ public class AccessKeyRequest { private List roleNames; private List> keyTenants; private String userId; + private Map customClaims; } diff --git a/src/main/java/com/descope/sdk/mgmt/AccessKeyService.java b/src/main/java/com/descope/sdk/mgmt/AccessKeyService.java index dcab6884..62b8a771 100644 --- a/src/main/java/com/descope/sdk/mgmt/AccessKeyService.java +++ b/src/main/java/com/descope/sdk/mgmt/AccessKeyService.java @@ -5,15 +5,22 @@ import com.descope.model.mgmt.AccessKeyResponse; import com.descope.model.mgmt.AccessKeyResponseList; import java.util.List; +import java.util.Map; public interface AccessKeyService { AccessKeyResponse create(String name, int expireTime, List roleNames, List keyTenants) throws DescopeException; + AccessKeyResponse create(String name, int expireTime, List roleNames, List keyTenants, + Map customClaims) throws DescopeException; + AccessKeyResponse create(String name, int expireTime, List roleNames, List keyTenants, String userId) throws DescopeException; + AccessKeyResponse create(String name, int expireTime, List roleNames, List keyTenants, + String userId, Map customClaims) throws DescopeException; + AccessKeyResponse load(String id) throws DescopeException; AccessKeyResponseList searchAll(List tenantIDs) throws DescopeException; diff --git a/src/main/java/com/descope/sdk/mgmt/impl/AccessKeyServiceImpl.java b/src/main/java/com/descope/sdk/mgmt/impl/AccessKeyServiceImpl.java index 31161b7b..ac3d5f40 100644 --- a/src/main/java/com/descope/sdk/mgmt/impl/AccessKeyServiceImpl.java +++ b/src/main/java/com/descope/sdk/mgmt/impl/AccessKeyServiceImpl.java @@ -33,25 +33,34 @@ class AccessKeyServiceImpl extends ManagementsBase implements AccessKeyService { public AccessKeyResponse create( String name, int expireTime, List roleNames, List keyTenants) throws DescopeException { - if (StringUtils.isBlank(name)) { - throw ServerCommonException.invalidArgument("Name"); - } - AccessKeyRequest body = createAccessKeyBody(name, expireTime, roleNames, keyTenants, null); - ApiProxy apiProxy = getApiProxy(); - return apiProxy.post(getUri(MANAGEMENT_ACCESS_KEY_CREATE_LINK), body, AccessKeyResponse.class); + return create(name, expireTime, roleNames, keyTenants, null, null); + } + + @Override + public AccessKeyResponse create( + String name, int expireTime, List roleNames, List keyTenants, + Map customClaims) throws DescopeException { + return create(name, expireTime, roleNames, keyTenants, null, customClaims); } @Override public AccessKeyResponse create( String name, int expireTime, List roleNames, List keyTenants, String userId) throws DescopeException { - if (StringUtils.isBlank(name)) { - throw ServerCommonException.invalidArgument("Name"); - } if (StringUtils.isBlank(userId)) { throw ServerCommonException.invalidArgument("user id"); } - AccessKeyRequest body = createAccessKeyBody(name, expireTime, roleNames, keyTenants, userId); + return create(name, expireTime, roleNames, keyTenants, userId, null); + } + + @Override + public AccessKeyResponse create( + String name, int expireTime, List roleNames, List keyTenants, String userId, + Map customClaims) throws DescopeException { + if (StringUtils.isBlank(name)) { + throw ServerCommonException.invalidArgument("Name"); + } + AccessKeyRequest body = createAccessKeyBody(name, expireTime, roleNames, keyTenants, userId, customClaims); ApiProxy apiProxy = getApiProxy(); return apiProxy.post(getUri(MANAGEMENT_ACCESS_KEY_CREATE_LINK), body, AccessKeyResponse.class); } @@ -123,14 +132,15 @@ public void delete(String id) throws DescopeException { apiProxy.post(getUri(MANAGEMENT_ACCESS_KEY_DELETE_LINK), request, Void.class); } - private AccessKeyRequest createAccessKeyBody( - String name, int expireTime, List roleNames, List keyTenants, String userId) { + private AccessKeyRequest createAccessKeyBody(String name, int expireTime, List roleNames, + List keyTenants, String userId, Map customClaims) { return AccessKeyRequest.builder() .name(name) .expireTime(expireTime) .roleNames(roleNames) .keyTenants(MgmtUtils.createAssociatedTenantList(keyTenants)) .userId(userId) + .customClaims(customClaims) .build(); } } diff --git a/src/test/java/com/descope/sdk/auth/impl/AuthenticationServiceImplTest.java b/src/test/java/com/descope/sdk/auth/impl/AuthenticationServiceImplTest.java index f2c9f21d..f4fbe706 100644 --- a/src/test/java/com/descope/sdk/auth/impl/AuthenticationServiceImplTest.java +++ b/src/test/java/com/descope/sdk/auth/impl/AuthenticationServiceImplTest.java @@ -133,13 +133,17 @@ void testFunctionalFullCycle() throws Exception { @RetryingTest(value = 3, suspendForMs = 30000, onExceptions = RateLimitExceededException.class) void testFunctionalExchangeToken() throws Exception { String name = TestUtils.getRandomName("ak-"); - AccessKeyResponse resp = accessKeyService.create(name, 0, null, null); + AccessKeyResponse resp = accessKeyService.create(name, 0, null, null, null, mapOf("K1", "V1")); Token token = authenticationService.exchangeAccessKey(resp.getCleartext(), new AccessKeyLoginOptions(mapOf("kuku", "kiki"))); + // temporary @SuppressWarnings("unchecked") + // Validate the nsec claims (passed through the exchange method) Map nsecClaims = Map.class.cast(token.getClaims().get("nsec")); assertEquals("kiki", nsecClaims.get("kuku")); + // Validate the secured claims (passed through the Create method) + assertEquals("V1", token.getClaims().get("K1")); accessKeyService.delete(resp.getKey().getId()); } }