feat: add IDPResponse to AuthenticationInfo for SSO exchange#321
Merged
feat: add IDPResponse to AuthenticationInfo for SSO exchange#321
Conversation
Add IDPResponse type with idpGroups, idpSAMLAttributes, and idpOIDCClaims fields. Wire through from JWTResponse to AuthenticationInfo so SDK consumers can access IDP data after SSO token exchange. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
🐕 Review complete — View session on Shuni Portal 🐾 |
![shuni-bot-dev[bot]](https://avatars.githubusercontent.com/u/97479186?s=60&v=4){kind=small}
There was a problem hiding this comment.
🐕 Shuni's Review
Adds IDPResponse model (groups, SAML attributes, OIDC claims) and wires it through JWTResponse → AuthenticationInfo so SDK consumers can access IDP data after SSO token exchange.
No issues found — good bones! Clean, minimal change that follows existing patterns. All AuthenticationInfo constructor call sites are updated, tests cover both OIDC and SAML scenarios. Woof!
There was a problem hiding this comment.
Pull request overview
This PR exposes IdP-provided data (groups + SAML/OIDC attributes/claims) to Java SDK consumers after an SSO token exchange by adding a new IDPResponse model and threading it through JWTResponse -> AuthenticationInfo.
Changes:
- Introduces
IDPResponsewithidpGroups,idpSAMLAttributes, andidpOIDCClaims. - Adds
idpResponsetoJWTResponseandAuthenticationInfo, and propagates it ingetAuthenticationInfo()/ JWT management flows. - Adds unit tests covering token exchange with IdP response data for both OAuth (OIDC claims) and SAML (SAML attributes).
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/main/java/com/descope/model/auth/IDPResponse.java | Adds new model to hold IdP groups and attribute/claim maps. |
| src/main/java/com/descope/model/jwt/response/JWTResponse.java | Adds idpResponse field to JWT exchange response DTO. |
| src/main/java/com/descope/model/auth/AuthenticationInfo.java | Adds idpResponse field so SDK consumers can access IdP data. |
| src/main/java/com/descope/sdk/auth/impl/AuthenticationsBase.java | Wires idpResponse from JWTResponse into returned AuthenticationInfo. |
| src/main/java/com/descope/sdk/mgmt/impl/JwtServiceImpl.java | Wires idpResponse through mgmt JWT sign-in/up flow. |
| src/main/java/com/descope/sdk/auth/impl/AuthenticationServiceImpl.java | Updates constructor call site to match new AuthenticationInfo signature. |
| src/test/java/com/descope/sdk/TestUtils.java | Updates mock JWT response construction for new JWTResponse field. |
| src/test/java/com/descope/sdk/auth/impl/OAuthServiceImplTest.java | Adds test validating OIDC claims/groups are exposed via AuthenticationInfo.idpResponse. |
| src/test/java/com/descope/sdk/auth/impl/SamlLinkServiceImplTest.java | Adds test validating SAML attributes/groups are exposed via AuthenticationInfo.idpResponse. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add explicit constructors with the previous parameter lists for AuthenticationInfo and JWTResponse to preserve binary/source compatibility for existing SDK consumers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add testExchangeTokenWithoutIDPResponse tests for both OAuth and SAML that use the old 8-arg JWTResponse constructor and verify idpResponse is null, exercising the backwards-compatible constructor overloads. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
IDPResponsetype withidpGroups,idpSAMLAttributes, andidpOIDCClaimsfieldsidpResponsefield toAuthenticationInfoandJWTResponsegetAuthenticationInfo()so SDK consumers can access IDP data after SSO token exchangeRelated PRs
feat/expose-idp-response-to-sdkTest plan
OAuthServiceImplTest.testExchangeTokenWithIDPResponse(OIDC claims)SamlLinkServiceImplTest.testExchangeTokenWithIDPResponse(SAML attributes)fixes: https://github.com/descope/etc/issues/15153
🤖 Generated with Claude Code