Support fetching user provider token (#222)

* support get user provider token * align test
descope · May 30, 2023 · 40b014f · 40b014f
1 parent fc7e409
commit 40b014f
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/descope/management/common.py b/descope/management/common.py
@@ -15,6 +15,7 @@ class MgmtV1:
  user_delete_all_test_users_path = "/v1/mgmt/user/test/delete/all"
  user_load_path = "/v1/mgmt/user"
  users_search_path = "/v1/mgmt/user/search"
+ user_get_provider_token = "/v1/mgmt/user/provider/token"
  user_update_status_path = "/v1/mgmt/user/update/status"
  user_update_email_path = "/v1/mgmt/user/update/email"
  user_update_phone_path = "/v1/mgmt/user/update/phone"

diff --git a/descope/management/user.py b/descope/management/user.py
@@ -359,6 +359,35 @@ def search_all(
  )
  return response.json()
 
+ def get_provider_token(
+ self,
+ login_id: str,
+ provider: str,
+ ) -> dict:
+ """
+ Get the provider token for the given login ID.
+ Only users that sign-in using social providers will have token.
+ Note: The 'Manage tokens from provider' setting must be enabled.
+
+ Args:
+ login_id (str): The login ID of the user.
+ provider (str): The provider name (google, facebook, etc').
+
+ Return value (dict):
+ Return dict in the format
+ {"provider": "", "providerUserId": "", "accessToken": "", "expiration": "", "scopes": "[]"}
+ Containing the provider token of the given user and provider.
+
+ Raise:
+ AuthException: raised if the operation fails
+ """
+ response = self._auth.do_get(
+ MgmtV1.user_get_provider_token,
+ {"loginId": login_id, "provider": provider},
+ pswd=self._auth.management_key,
+ )
+ return response.json()
+
  def activate(
  self,
  login_id: str,

diff --git a/tests/management/test_user.py b/tests/management/test_user.py
@@ -453,6 +453,42 @@ def test_search_all(self):
  timeout=DEFAULT_TIMEOUT_SECONDS,
  )
 
+ def test_get_provider_token(self):
+ # Test failed flows
+ with patch("requests.get") as mock_post:
+ mock_post.return_value.ok = False
+ self.assertRaises(
+ AuthException,
+ self.client.mgmt.user.get_provider_token,
+ "valid-id",
+ "p1",
+ )
+ # Test success flow
+ with patch("requests.get") as mock_get:
+ network_resp = mock.Mock()
+ network_resp.ok = True
+ network_resp.json.return_value = json.loads(
+ """{"provider": "p1", "providerUserId": "puid", "accessToken": "access123", "expiration": "123123123", "scopes": ["s1", "s2"]}"""
+ )
+ mock_get.return_value = network_resp
+ resp = self.client.mgmt.user.get_provider_token("valid-id", "p1")
+ self.assertEqual(resp["provider"], "p1")
+ self.assertEqual(resp["providerUserId"], "puid")
+ self.assertEqual(resp["accessToken"], "access123")
+ self.assertEqual(resp["expiration"], "123123123")
+ self.assertEqual(resp["scopes"], ["s1", "s2"])
+ mock_get.assert_called_with(
+ f"{common.DEFAULT_BASE_URL}{MgmtV1.user_get_provider_token}",
+ headers={
+ **common.default_headers,
+ "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}",
+ },
+ params={"loginId": "valid-id", "provider": "p1"},
+ allow_redirects=None,
+ verify=True,
+ timeout=DEFAULT_TIMEOUT_SECONDS,
+ )
+
  def test_activate(self):
  # Test failed flows
  with patch("requests.post") as mock_post: