fix mgmt oken validation function (#703)

guyp-descope · web-flow · commit e5e560267189 · 2025-12-07T16:38:43.000+02:00
diff --git a/descope/auth.py b/descope/auth.py
@@ -383,6 +383,12 @@ def generate_jwt_response(
             token_validator=self._validate_token,
         )
 
+    # public method to validate a token from the management class
+    def validate_token(
+        self, token: str, audience: str | None | Iterable[str] = None
+    ) -> dict:
+        return self._validate_token(token, audience)
+
     # Validate a token and load the public key if needed
     def _validate_token(
         self, token: str, audience: str | None | Iterable[str] = None
diff --git a/descope/descope_client.py b/descope/descope_client.py
@@ -84,6 +84,7 @@ def __init__(
         )
         self._mgmt = MGMT(
             http_client=mgmt_http_client,
+            auth=self._auth,
             fga_cache_url=fga_cache_url,
         )
 
diff --git a/descope/management/jwt.py b/descope/management/jwt.py
@@ -1,6 +1,7 @@
 from typing import Optional
 
 from descope._http_base import HTTPBase
+from descope.auth import Auth
 from descope.exceptions import ERROR_TYPE_INVALID_ARGUMENT, AuthException
 from descope.jwt_common import generate_jwt_response
 from descope.management.common import (
@@ -13,6 +14,12 @@
 
 
 class JWT(HTTPBase):
+    _auth: Auth
+
+    def __init__(self, http_client, auth: Auth):
+        super().__init__(http_client)
+        self._auth = auth
+
     def update_jwt(
         self, jwt: str, custom_claims: dict, refresh_duration: int = 0
     ) -> str:
@@ -160,7 +167,9 @@ def sign_in(
             params=None,
         )
         resp = response.json()
-        jwt_response = generate_jwt_response(resp, None, None)
+        jwt_response = generate_jwt_response(
+            resp, None, None, self._auth.validate_token
+        )
         return jwt_response
 
     def sign_up(
@@ -232,7 +241,9 @@ def _sign_up_internal(
             params=None,
         )
         resp = response.json()
-        jwt_response = generate_jwt_response(resp, None, None)
+        jwt_response = generate_jwt_response(
+            resp, None, None, self._auth.validate_token
+        )
         return jwt_response
 
     def anonymous(
@@ -259,7 +270,9 @@ def anonymous(
             params=None,
         )
         resp = response.json()
-        jwt_response = generate_jwt_response(resp, None, None)
+        jwt_response = generate_jwt_response(
+            resp, None, None, self._auth.validate_token
+        )
         del jwt_response["firstSeen"]
         del jwt_response["user"]
         return jwt_response
diff --git a/descope/mgmt.py b/descope/mgmt.py
@@ -1,5 +1,6 @@
 from typing import Optional
 
+from descope.auth import Auth
 from descope.exceptions import ERROR_TYPE_INVALID_ARGUMENT, AuthException
 from descope.http_client import HTTPClient
 from descope.management.access_key import AccessKey
@@ -27,7 +28,9 @@
 class MGMT:
     _http: HTTPClient
 
-    def __init__(self, http_client: HTTPClient, fga_cache_url: Optional[str] = None):
+    def __init__(
+        self, http_client: HTTPClient, auth: Auth, fga_cache_url: Optional[str] = None
+    ):
         """Create a management API facade.
 
         Args:
@@ -40,7 +43,7 @@ def __init__(self, http_client: HTTPClient, fga_cache_url: Optional[str] = None)
         self._fga = FGA(http_client, fga_cache_url=fga_cache_url)
         self._flow = Flow(http_client)
         self._group = Group(http_client)
-        self._jwt = JWT(http_client)
+        self._jwt = JWT(http_client, auth=auth)
         self._outbound_application = OutboundApplication(http_client)
         self._outbound_application_by_token = OutboundApplicationByToken(http_client)
         self._permission = Permission(http_client)

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ def __init__(`
`84`	`84`	`)`
`85`	`85`	`self._mgmt = MGMT(`
`86`	`86`	`http_client=mgmt_http_client,`
	`87`	`+ auth=self._auth,`
`87`	`88`	`fga_cache_url=fga_cache_url,`
`88`	`89`	`)`
`89`	`90`