SDK with custom host and optional Verify

descope/auth.py

@@ -30,7 +30,13 @@
 class Auth:
     ALGORITHM_KEY = "alg"
 
-    def __init__(self, project_id: str, public_key: str = None, base_uri: str = None):
+    def __init__(
+        self,
+        project_id: str,
+        public_key: str = None,
+        base_uri: str = None,
+        skip_verify: bool = False,
+    ):
         self.lock_public_keys = Lock()
         # validate project id
         if not project_id:
@@ -44,6 +50,10 @@ def __init__(self, project_id: str, public_key: str = None, base_uri: str = None
                 )
         self.project_id = project_id
 
+        self.secure = True
+        if skip_verify:
+            self.secure = False
+
         self.base_url = base_uri or DEFAULT_BASE_URL
 
         if not public_key:
@@ -68,6 +78,7 @@ def do_get(
             headers=self._get_default_headers(pswd),
             params=params,
             allow_redirects=allow_redirects,
+            verify=self.secure,
         )
         if not response.ok:
             raise AuthException(
@@ -80,6 +91,7 @@ def do_post(self, uri: str, body: dict, pswd: str = None) -> requests.Response:
             f"{self.base_url}{uri}",
             headers=self._get_default_headers(pswd),
             data=json.dumps(body),
+            verify=self.secure,
         )
         if not response.ok:
             raise AuthException(
@@ -228,6 +240,7 @@ def _fetch_public_keys(self) -> None:
         response = requests.get(
             f"{self.base_url}{EndpointsV1.publicKeyPath}/{self.project_id}",
             headers=self._get_default_headers(),
+            verify=self.secure,
         )
 
         if not response.ok:

descope/descope_client.py

@@ -15,8 +15,14 @@
 class DescopeClient:
     ALGORITHM_KEY = "alg"
 
-    def __init__(self, project_id: str, public_key: str = None, base_url: str = None):
-        auth = Auth(project_id, public_key, base_url)
+    def __init__(
+        self,
+        project_id: str,
+        public_key: str = None,
+        base_url: str = None,
+        skip_verify: bool = False,
+    ):
+        auth = Auth(project_id, public_key, base_url, skip_verify)
         self._auth = auth
         self._magiclink = MagicLink(auth)
         self._oauth = OAuth(auth)

samples/otp_web_sample_app.py

@@ -20,7 +20,9 @@
 PROJECT_ID = ""
 
 # init the DescopeClient
-descope_client = DescopeClient(PROJECT_ID, base_url="https://localhost:8443")
+descope_client = DescopeClient(
+    PROJECT_ID, base_url="https://172.17.0.1:8443", skip_verify=True
+)
 
 
 class Error(Exception):

tests/test_exchanger.py

@@ -55,6 +55,7 @@ def test_exchange_token(self):
                 },
                 params={"code": "c1"},
                 allow_redirects=False,
+                verify=True,
             )
 
 

tests/test_magiclink.py

@@ -258,6 +258,7 @@ def test_sign_in_cross_device(self):
                         "crossDevice": True,
                     }
                 ),
+                verify=True,
             )
             self.assertEqual(res["pendingRef"], "aaaa")
 
@@ -290,6 +291,7 @@ def test_sign_up_cross_device(self):
                         "email": "dummy@dummy.com",
                     }
                 ),
+                verify=True,
             )
             self.assertEqual(res["pendingRef"], "aaaa")
 
@@ -302,7 +304,9 @@ def test_sign_up_or_in_cross_device(self):
             my_mock_response.json.return_value = data
             mock_post.return_value = my_mock_response
             magiclink.sign_up_or_in_cross_device(
-                DeliveryMethod.EMAIL, "dummy@dummy.com", "http://test.me"
+                DeliveryMethod.EMAIL,
+                "dummy@dummy.com",
+                "http://test.me",
             )
             mock_post.assert_called_with(
                 f"{DEFAULT_BASE_URL}{EndpointsV1.signUpOrInAuthMagicLinkPath}/email",
@@ -317,6 +321,7 @@ def test_sign_up_or_in_cross_device(self):
                         "crossDevice": True,
                     }
                 ),
+                verify=True,
             )
 
     def test_verify(self):

tests/test_oauth.py

@@ -74,6 +74,7 @@ def test_oauth_start(self):
                 },
                 params={"provider": "facebook"},
                 allow_redirects=False,
+                verify=True,
             )
 
 

tests/test_saml.py

@@ -56,6 +56,7 @@ def test_saml_start(self):
                 },
                 params={"tenant": "tenant1", "redirectURL": "http://dummy.com"},
                 allow_redirects=None,
+                verify=True,
             )
 
 

tests/test_totp.py

@@ -123,5 +123,6 @@ def test_update_user(self):
                     "Authorization": "Basic ZHVtbXk6ZXlKaGJHY2lPaUpGVXpNNE5DSXNJbXRwWkNJNklqSkNkRFZYVEdOalRGVmxlVEZFY0RkMWRIQjBXbUl6Um5nNVN5SXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkWFJvYjNKcGVtVmtWR1Z1WVc1MGN5STZleUlpT201MWJHeDlMQ0pqYjI5cmFXVkViMjFoYVc0aU9pSWlMQ0pqYjI5cmFXVkZlSEJwY21GMGFXOXVJam94TmpZd05qYzVNakE0TENKamIyOXJhV1ZOWVhoQloyVWlPakkxT1RFNU9Ua3NJbU52YjJ0cFpVNWhiV1VpT2lKRVUxSWlMQ0pqYjI5cmFXVlFZWFJvSWpvaUx5SXNJbVY0Y0NJNk1qQTVNREE0TnpJd09Dd2lhV0YwSWpveE5qVTRNRGczTWpBNExDSnBjM01pT2lJeVFuUTFWMHhqWTB4VlpYa3hSSEEzZFhSd2RGcGlNMFo0T1VzaUxDSnpkV0lpT2lJeVF6VTFkbmw0ZHpCelVrdzJSbVJOTmpoeFVuTkRSR1JTVDFZaWZRLmNXUDV1cDRSNXhlSWwycW9HMk50ZkxIM1E1blJKVktkei1GRG9BWGN0T1FXOWczY2VaUWk2clpRLVRQQmFYTUt3NjhiaWpOM2JMSlRxeFdXNVdIenFSVWVvcGZ1elRjTVltQzB3UDJYR0prcmRGNkE4RDVRVzZhY1NHcWdsRmd1",
                 },
                 data=json.dumps({"externalId": "dummy@dummy.com"}),
+                verify=True,
             )
             self.assertEqual(res, valid_response)

tests/test_webauthn.py

@@ -99,6 +99,7 @@ def test_sign_up_start(self):
                 data=json.dumps(
                     {"user": {"externalId": "id1"}, "origin": "https://example.com"}
                 ),
+                verify=True,
             )
             self.assertEqual(res, valid_response)
 
@@ -136,6 +137,7 @@ def test_sign_up_finish(self):
                     "Authorization": "Basic ZHVtbXk6",
                 },
                 data=json.dumps({"transactionId": "t01", "response": "response01"}),
+                verify=True,
             )
             self.assertIsNotNone(webauthn.sign_up_finish("t01", "response01"))
 
@@ -181,8 +183,9 @@ def test_sign_in_start(self):
                     "Authorization": "Basic ZHVtbXk6",
                 },
                 data=json.dumps({"externalId": "id1", "origin": "https://example.com"}),
+                verify=True,
             )
-            self.assertEqual(res, valid_response)
+            self.assertEqual(res, valid_response),
 
     def test_sign_in_finish(self):
         webauthn = WebauthN(Auth(self.dummy_project_id, self.public_key_dict))
@@ -219,6 +222,7 @@ def test_sign_in_finish(self):
                     "Authorization": "Basic ZHVtbXk6",
                 },
                 data=json.dumps({"transactionId": "t01", "response": "response01"}),
+                verify=True,
             )
             self.assertIsNotNone(webauthn.sign_up_finish("t01", "response01"))
 
@@ -286,6 +290,7 @@ def test_add_device_start(self):
                 data=json.dumps(
                     {"externalId": "dummy@dummy.com", "origin": "https://example.com"}
                 ),
+                verify=True,
             )
             self.assertEqual(res, valid_response)
 
@@ -325,6 +330,7 @@ def test_add_device_finish(self):
                     "Authorization": "Basic ZHVtbXk6",
                 },
                 data=json.dumps({"transactionId": "t01", "response": "response01"}),
+                verify=True,
             )
             self.assertIsNotNone(webauthn.sign_up_finish("t01", "response01"))