descope · shilgapira · Sep 29, 2022 · Sep 29, 2022 · Sep 29, 2022
diff --git a/descope/auth.py b/descope/auth.py
@@ -222,6 +222,22 @@ def refresh_token(self, refresh_token: str) -> dict:
         resp = response.json()
         return self._generate_auth_info(resp, refresh_token)
 
+    def exchange_access_key(self, access_key: str) -> dict:
+        uri = Auth._compose_exchange_access_key_url()
+        server_response = self.do_get(uri, None, None, access_key)
+
+        json = server_response.json()
+        response = {
+            "keyId": json.get("keyId", ""),
+            "exp": json.get("expiration", 0),
+        }
+
+        jwt = json.get("sessionJwt", "")
+        if jwt:
+            response[SESSION_TOKEN_NAME] = self._validate_token(jwt)
+
+        return response
+
     @staticmethod
     def _compose_exchange_params(code: str) -> dict:
         return {"code": code}
@@ -460,3 +476,7 @@ def _validate_and_load_tokens(self, session_token: str, refresh_token: str) -> d
     @staticmethod
     def _compose_refresh_token_url() -> str:
         return EndpointsV1.refreshTokenPath
+
+    @staticmethod
+    def _compose_exchange_access_key_url() -> str:
+        return EndpointsV1.exchangeAuthAccessKeyPath
diff --git a/descope/common.py b/descope/common.py
@@ -20,6 +20,9 @@ class EndpointsV1:
     logoutPath = "/v1/auth/logoutall"
     mePath = "/v1/auth/me"
 
+    # accesskey
+    exchangeAuthAccessKeyPath = "/v1/auth/accesskey/exchange"
+
     # otp
     signUpAuthOTPPath = "/v1/auth/otp/signup"
     signInAuthOTPPath = "/v1/auth/otp/signin"

diff --git a/descope/descope_client.py b/descope/descope_client.py
@@ -145,3 +145,18 @@ def refresh_token(self, refresh_token: str) -> dict:
         AuthException: Exception is raised if session is not authorized or another error occurs
         """
         return self._auth.refresh_token(refresh_token)
+
+    def exchange_access_key(self, access_key: str) -> dict:
+        """
+        Return a new session token for the given access key
+
+        Args:
+        access_key (str): The access key
+
+        Return value (dict): returns the session token from the server together with the expiry and key id
+            (sessionToken:dict, keyId:str, expiration:int)
+
+        Raise:
+        AuthException: Exception is raised if access key is not valid or another error occurs
+        """
+        return self._auth.exchange_access_key(access_key)
diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -239,6 +239,19 @@ def test_refresh_token(self):
                 dummy_refresh_token,
             )
 
+    def test_exchange_access_key(self):
+        dummy_access_key = "dummy access key"
+        auth = Auth(self.dummy_project_id, self.public_key_dict)
+
+        # Test fail flow
+        with patch("requests.get") as mock_request:
+            mock_request.return_value.ok = False
+            self.assertRaises(
+                AuthException,
+                auth.exchange_access_key,
+                dummy_access_key,
+            )
+
 
 if __name__ == "__main__":
     unittest.main()