M2M Manual methods #152
M2M Manual methods #152
Conversation
vincent-stytch
changed the title
stytch/b2b/api/sessions.py
Outdated
| def authenticate_jwt_local( | ||
| self, | ||
| session_jwt: str, | ||
| max_token_age_seconds: Optional[int] = None, | ||
| leeway: int = 0, | ||
| ) -> Optional[MemberSession]: | ||
| ) -> Optional[Tuple[Dict[str, Any], Dict[str, Any]]]: |
There was a problem hiding this comment.
Generally I don't really care for Tuple because it's such a weak type (you have to just know what the ordering of returned items means).
Furthermore, you're changing the return type of the public interface, so this will break someone's flow. I think it's okay if you make some other helper function (you could consider a shared/ folder like we do for stytch-node), but this interface should not change.
stytch/b2b/api/sessions.py
Outdated
| # ENDMANUAL(authenticate_jwt_local) | ||
|
|
||
| # MANUAL(authenticate_m2m_jwt_local)(SERVICE_METHOD) | ||
| # ADDIMPORT: import time |
There was a problem hiding this comment.
[sand] import time isn't used in this function
stytch/b2b/models/sessions.py
Outdated
| def __init__(self, sub, scope, custom_claims): | ||
| self.sub = sub | ||
| self.scope = scope | ||
| self.custom_claims = custom_claims |
There was a problem hiding this comment.
- Add typing for everything
- But this method is unnecessary -- anything inheriting from
pydantic.BaseModelwill automatically be parseable and get an__init__method for free - But also this isn't a
ResponseBase-- you're not going to have astatus_codeorrequest_id. Make this inherit frompydantic.BaseModelinstead
stytch/consumer/api/m2m.py
Outdated
| client_secret: str, | ||
| scopes: Optional[List[str]] = None, | ||
| ) -> Optional[GetTokenResponse]: | ||
| """Rtrieves an access token for the given M2M Client. |
There was a problem hiding this comment.
[dust] spelling
| """Rtrieves an access token for the given M2M Client. | |
| """Retrieves an access token for the given M2M Client. |
stytch/consumer/api/m2m.py
Outdated
| data["scope"] = " ".join(scopes) | ||
|
|
||
| url = self.api_base.url_for( | ||
| "/v1/public/" + self.project_id + "/oauth2/token", data |
stytch/consumer/api/m2m.py
Outdated
| if required_scopes: | ||
| missing_scopes = filter(lambda scope: scope not in scopes, required_scopes) | ||
| if missing_scopes: | ||
| return None |
There was a problem hiding this comment.
Use comprehensions instead of map/filter/reduce. Also, this can all be simplified.
One more nit-picky thing: I prefer to be really explicit with conditionals instead of relying on "truthy" values
required_scopes = required_scopes or []
missing_scopes = [scope for scope in scopes if scope not in required_scopes]
if len(missing_scopes) != 0:
return None
stytch/consumer/api/sessions.py
Outdated
| def authenticate_jwt_local( | ||
| self, | ||
| session_jwt: str, | ||
| max_token_age_seconds: Optional[int] = None, | ||
| leeway: int = 0, | ||
| ) -> Optional[Session]: | ||
| ) -> Optional[Tuple[Dict[str, Any], Dict[str, Any]]]: |
There was a problem hiding this comment.
- Not a fan of tuples
- This breaks a public interface; let's create a shared helper
stytch/consumer/models/m2m.py
Outdated
| def __init__(self, client_id, scopes, custom_claims): | ||
| self.client_id = client_id | ||
| self.scopes = scopes | ||
| self.custom_claims = custom_claims |
stytch/consumer/models/sessions.py
Outdated
| def __init__(self, sub, scope, custom_claims): | ||
| self.sub = sub | ||
| self.scope = scope | ||
| self.custom_claims = custom_claims |
There was a problem hiding this comment.
Approving to unblock. Remaining comments are really minor. Two things, though:
- You need to bump
version.py - Please add a screenshot of you manually testing M2M auth + sessions auth since we've refactored local authentication logic
a. And related, add a Linear ticket (you can assign to me) for adding new automated tests
stytch/b2b/api/sessions.py
Outdated
|
|
||
| # Unpack the session claim to match the detached session format. | ||
| claim = payload[_session_claim] | ||
| ) # Unpack the session claim to match the detached session format. |
There was a problem hiding this comment.
This comment is outdated -- just remove it
stytch/consumer/api/m2m.py
Outdated
| self.clients = Clients(api_base, sync_client, async_client) | ||
|
|
||
| # MANUAL(m2m.token)(SERVICE_METHOD) | ||
| # ADDIMPORT: from typing import Any, Dict, List |
There was a problem hiding this comment.
You also use Optional here
stytch/consumer/api/m2m.py
Outdated
| Fields: | ||
| - client_id: The ID of the client. | ||
| - client_secret: The secret of the client. | ||
| - scopes: An array scopes requested. If omitted, all scopes assigned to the client will be returned. |
There was a problem hiding this comment.
[sand] missing of in description
| - scopes: An array scopes requested. If omitted, all scopes assigned to the client will be returned. | |
| - scopes: An array of scopes requested. If omitted, all scopes assigned to the client will be returned. |
stytch/consumer/api/sessions.py
Outdated
|
|
||
| # Unpack the session claim to match the detached session format. | ||
| claim = payload[_session_claim] | ||
| ) # Unpack the session claim to match the detached session format. |
There was a problem hiding this comment.
This comment is outdated -- just remove it
stytch/consumer/api/sessions.py
Outdated
| @@ -279,76 +280,33 @@ async def authenticate_jwt_async( | |||
| # MANUAL(authenticate_jwt_local)(SERVICE_METHOD) | |||
| # ADDIMPORT: import time | |||
There was a problem hiding this comment.
This import is no longer used
|
|
||
| # ENDMANUAL(GetTokenResponse) | ||
|
|
||
| # MANUAL(M2MJWTClaims)(TYPES) |
There was a problem hiding this comment.
add imports for any, dict, list, and optional
| def authenticate_jwt_local( | ||
| *, | ||
| jwks_client: pyjwt.PyJWKClient, | ||
| project_id: str, | ||
| jwt: str, | ||
| max_token_age_seconds: Optional[int] = None, | ||
| leeway: int = 0, | ||
| ) -> Optional[GenericClaims]: |
There was a problem hiding this comment.
You know, it would be really cool if we had a stytch/shared/test/test_jwt_helpers.py file :)
I think I'm empathetic if you don't want to do that right now, but could you at least go back and add a test in this PR summary to show that m2m auth + sessions auth are working as expected?
Add M2M Manual methods