From 047e748cbd990347deac1808c6504e92b9295cee Mon Sep 17 00:00:00 2001 From: guyp-descope Date: Sun, 7 Dec 2025 16:27:30 +0200 Subject: [PATCH] fix mgmt oken validation function --- descope/auth.py | 6 ++++++ descope/descope_client.py | 1 + descope/management/jwt.py | 19 ++++++++++++++++--- descope/mgmt.py | 7 +++++-- 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/descope/auth.py b/descope/auth.py index 831f48224..dbb9969ec 100644 --- a/descope/auth.py +++ b/descope/auth.py @@ -383,6 +383,12 @@ def generate_jwt_response( token_validator=self._validate_token, ) + # public method to validate a token from the management class + def validate_token( + self, token: str, audience: str | None | Iterable[str] = None + ) -> dict: + return self._validate_token(token, audience) + # Validate a token and load the public key if needed def _validate_token( self, token: str, audience: str | None | Iterable[str] = None diff --git a/descope/descope_client.py b/descope/descope_client.py index 0877635b0..00852d974 100644 --- a/descope/descope_client.py +++ b/descope/descope_client.py @@ -84,6 +84,7 @@ def __init__( ) self._mgmt = MGMT( http_client=mgmt_http_client, + auth=self._auth, fga_cache_url=fga_cache_url, ) diff --git a/descope/management/jwt.py b/descope/management/jwt.py index 0a573b857..2625706ec 100644 --- a/descope/management/jwt.py +++ b/descope/management/jwt.py @@ -1,6 +1,7 @@ from typing import Optional from descope._http_base import HTTPBase +from descope.auth import Auth from descope.exceptions import ERROR_TYPE_INVALID_ARGUMENT, AuthException from descope.jwt_common import generate_jwt_response from descope.management.common import ( @@ -13,6 +14,12 @@ class JWT(HTTPBase): + _auth: Auth + + def __init__(self, http_client, auth: Auth): + super().__init__(http_client) + self._auth = auth + def update_jwt( self, jwt: str, custom_claims: dict, refresh_duration: int = 0 ) -> str: @@ -160,7 +167,9 @@ def sign_in( params=None, ) resp = response.json() - jwt_response = generate_jwt_response(resp, None, None) + jwt_response = generate_jwt_response( + resp, None, None, self._auth.validate_token + ) return jwt_response def sign_up( @@ -232,7 +241,9 @@ def _sign_up_internal( params=None, ) resp = response.json() - jwt_response = generate_jwt_response(resp, None, None) + jwt_response = generate_jwt_response( + resp, None, None, self._auth.validate_token + ) return jwt_response def anonymous( @@ -259,7 +270,9 @@ def anonymous( params=None, ) resp = response.json() - jwt_response = generate_jwt_response(resp, None, None) + jwt_response = generate_jwt_response( + resp, None, None, self._auth.validate_token + ) del jwt_response["firstSeen"] del jwt_response["user"] return jwt_response diff --git a/descope/mgmt.py b/descope/mgmt.py index b7f1de5b9..b1c36088c 100644 --- a/descope/mgmt.py +++ b/descope/mgmt.py @@ -1,5 +1,6 @@ from typing import Optional +from descope.auth import Auth from descope.exceptions import ERROR_TYPE_INVALID_ARGUMENT, AuthException from descope.http_client import HTTPClient from descope.management.access_key import AccessKey @@ -27,7 +28,9 @@ class MGMT: _http: HTTPClient - def __init__(self, http_client: HTTPClient, fga_cache_url: Optional[str] = None): + def __init__( + self, http_client: HTTPClient, auth: Auth, fga_cache_url: Optional[str] = None + ): """Create a management API facade. Args: @@ -40,7 +43,7 @@ def __init__(self, http_client: HTTPClient, fga_cache_url: Optional[str] = None) self._fga = FGA(http_client, fga_cache_url=fga_cache_url) self._flow = Flow(http_client) self._group = Group(http_client) - self._jwt = JWT(http_client) + self._jwt = JWT(http_client, auth=auth) self._outbound_application = OutboundApplication(http_client) self._outbound_application_by_token = OutboundApplicationByToken(http_client) self._permission = Permission(http_client)