Merge pull request #44 from Authress/prevent-set-token

Prevent usage of set_token when service client access_token was set. …

Author: wparad

authress/api/invites_api.py

@@ -590,7 +590,7 @@ def respond_to_invite_with_http_info(self, invite_id : Annotated[constr(strict=T
         _auth_settings = ['oauth2']  # noqa: E501
 
         _response_types_map = {
-            '200': "Account",
+            '200': None,
             '401': None,
             '403': None,
             '404': None,

authress/authress_client.py

@@ -26,12 +26,17 @@ class AuthressClient(object):
     def __init__(self, authress_api_url=None, service_client_access_key=None, user_agent=None):
         self._host = authress_api_url if authress_api_url.startswith('http') else f"https://{authress_api_url}"
         self._host = re.sub(r'/+$', '', self._host)
+        self._service_client_access_key = service_client_access_key
 
         self._http_client = HttpClient(host=self._host, access_key=service_client_access_key, user_agent=user_agent)
         self._token_verifier = token_verifier.TokenVerifier(http_client=self._http_client)
 
     def set_token(self, token: str):
-        self._http_client.set_token(token)
+        if self._service_client_access_key is None:
+            self._http_client.set_token(token)
+            return
+        
+        raise Exception("An AuthressClient cannot use set_token, when the client has been instantiated with a service client access key. It must either be used for User tokens or with Service Client Access Keys, but not both.")
 
     def get_client_token(self) -> str:
         """Generates a Service Client Machine JWT to be used for securing machine to machine requests."""

authress/http_client.py

@@ -65,14 +65,6 @@ def __init__(self, host=None, access_key=None, user_agent=None):
     def set_token(self, token):
         self.default_headers['Authorization'] = f'Bearer {token.replace("Bearer", "").strip()}'
 
-    def get_user_from_token(self):
-        token = self.default_headers['Authorization'].replace("Bearer", "").strip()
-        jwtData = jwt.decode(token, options={"verify_signature": False})
-        if 'aud' in jwtData and 'https://api.authress.io' in jwtData['aud']:
-          return f"Authress|{jwtData['sub']}"
-
-        return jwtData['sub']
-
     def __enter__(self):
         return self
 
@@ -762,4 +754,7 @@ def __deserialize_model(self, data, klass):
         return klass.from_dict(data)
 
     def _get_client_token(self) -> str:
-      return self.service_client_token_provider.get_client_token()
+        if self.service_client_token_provider is None:
+            return None
+
+        return self.service_client_token_provider.get_client_token()

docs/EXAMPLES.md

@@ -7,10 +7,7 @@ from authress import AuthressClient
 # create an instance of the API class during service initialization
 # Authress custom domain or if there isn't one yet, use the authress account specific url
 authress_api_url = "https://authress.yourdomain.com" # or "https://ACCOUNT_ID.api.authress.io"
-
-# The Service Client Access Key for your service client.
-service_client_access_key = "sc_key_001"
-authress_client = AuthressClient(authress_api_url=authress_api_url , service_client_access_key=service_client_access_key)
+authress_client = AuthressClient(authress_api_url=authress_api_url)
 
 # on api route
 from flask import request
@@ -46,7 +43,7 @@ authress_api_url = "https://authress.yourdomain.com" # or "https://ACCOUNT_ID.ap
 
 # Create a service client in the Authress management portal and past the access token here
 service_client_access_key = 'eyJrZXlJ....'
-authress_client = AuthressClient(authress_api_url=authress_api_url , service_client_access_key=service_client_access_key)
+authress_client = AuthressClient(authress_api_url=authress_api_url, service_client_access_key=service_client_access_key)
 
 # on api route
 from flask import request