Fix oauth/saml start to be POST with query params

descope/auth.py

@@ -87,13 +87,16 @@ def do_get(
             )
         return response
 
-    def do_post(self, uri: str, body: dict, pswd: str = None) -> requests.Response:
+    def do_post(
+        self, uri: str, body: dict, params=None, pswd: str = None
+    ) -> requests.Response:
         response = requests.post(
             f"{self.base_url}{uri}",
             headers=self._get_default_headers(pswd),
             data=json.dumps(body),
             allow_redirects=False,
             verify=self.secure,
+            params=params,
         )
         if not response.ok:
             raise AuthException(
@@ -116,7 +119,7 @@ def exchange_token(
             )
 
         body = Auth._compose_exchange_body(code, loginOptions)
-        response = self.do_post(uri, body, refreshToken)
+        response = self.do_post(uri, body, None, refreshToken)
         resp = response.json()
         jwt_response = self.generate_jwt_response(
             resp, response.cookies.get(REFRESH_SESSION_COOKIE_NAME, None)
@@ -225,14 +228,14 @@ def validate_phone(method: DeliveryMethod, phone: str):
 
     def refresh_token(self, refresh_token: str) -> dict:
         uri = Auth._compose_refresh_token_url()
-        response = self.do_post(uri, {}, refresh_token)
+        response = self.do_post(uri, {}, None, refresh_token)
 
         resp = response.json()
         return self.generate_jwt_response(resp, refresh_token)
 
     def exchange_access_key(self, access_key: str) -> dict:
         uri = Auth._compose_exchange_access_key_url()
-        server_response = self.do_post(uri, {}, access_key)
+        server_response = self.do_post(uri, {}, None, access_key)
         json = server_response.json()
         result = {
             SESSION_TOKEN_NAME: self._validate_token(json.get("sessionJwt", "")),

descope/authmethod/magiclink.py

@@ -55,7 +55,7 @@ def get_session(
     ) -> dict:
         uri = EndpointsV1.getSessionMagicLinkAuthPath
         body = MagicLink._compose_get_session_body(pending_ref, loginOptions)
-        response = self._auth.do_post(uri, body, refreshToken)
+        response = self._auth.do_post(uri, body, None, refreshToken)
 
         resp = response.json()
         jwt_response = self._auth.generate_jwt_response(
@@ -68,7 +68,7 @@ def verify(
     ) -> dict:
         uri = EndpointsV1.verifyMagicLinkAuthPath
         body = MagicLink._compose_verify_body(token, loginOptions)
-        response = self._auth.do_post(uri, body, refreshToken)
+        response = self._auth.do_post(uri, body, None, refreshToken)
         resp = response.json()
         jwt_response = self._auth.generate_jwt_response(
             resp, response.cookies.get(REFRESH_SESSION_COOKIE_NAME, None)
@@ -112,7 +112,7 @@ def _sign_in(
         body = MagicLink._compose_signin_body(identifier, uri, cross_device)
         uri = MagicLink._compose_signin_url(method)
 
-        return self._auth.do_post(uri, body)
+        return self._auth.do_post(uri, body, None)
 
     def _sign_up(
         self,
@@ -133,15 +133,15 @@ def _sign_up(
             method, identifier, uri, cross_device, user
         )
         uri = MagicLink._compose_signup_url(method)
-        return self._auth.do_post(uri, body)
+        return self._auth.do_post(uri, body, None)
 
     def _sign_up_or_in(
         self, method: DeliveryMethod, identifier: str, uri: str, cross_device: bool
     ) -> requests.Response:
 
         body = MagicLink._compose_signin_body(identifier, uri, cross_device)
         uri = MagicLink._compose_sign_up_or_in_url(method)
-        return self._auth.do_post(uri, body)
+        return self._auth.do_post(uri, body, None)
 
     def _update_user_email(
         self, identifier: str, email: str, refresh_token: str, cross_device: bool
@@ -157,7 +157,7 @@ def _update_user_email(
             identifier, email, cross_device
         )
         uri = EndpointsV1.updateUserEmailOTPPath
-        return self._auth.do_post(uri, body, refresh_token)
+        return self._auth.do_post(uri, body, None, refresh_token)
 
     def _update_user_phone(
         self,
@@ -178,7 +178,7 @@ def _update_user_phone(
             identifier, phone, cross_device
         )
         uri = EndpointsV1.updateUserPhoneOTPPath
-        return self._auth.do_post(uri, body, refresh_token)
+        return self._auth.do_post(uri, body, None, refresh_token)
 
     @staticmethod
     def _compose_signin_url(method: DeliveryMethod) -> str:

descope/authmethod/oauth.py

@@ -19,8 +19,8 @@ def start(self, provider: str, return_url: str = "") -> dict:
             )
 
         uri = EndpointsV1.oauthStart
-        body = OAuth._compose_start_body(provider, return_url)
-        response = self._auth.do_post(uri, body)
+        params = OAuth._compose_start_params(provider, return_url)
+        response = self._auth.do_post(uri, {}, params)
 
         return response.json()
 
@@ -41,7 +41,7 @@ def _verify_provider(oauth_provider: str) -> str:
             return False
 
     @staticmethod
-    def _compose_start_body(provider: str, returnURL: str) -> dict:
+    def _compose_start_params(provider: str, returnURL: str) -> dict:
         res = {"provider": provider}
         if returnURL:
             res["redirectURL"] = returnURL

descope/authmethod/otp.py

@@ -121,7 +121,7 @@ def verify_code(
 
         uri = OTP._compose_verify_code_url(method)
         body = OTP._compose_verify_code_body(identifier, code, loginOptions)
-        response = self._auth.do_post(uri, body, refreshToken)
+        response = self._auth.do_post(uri, body, None, refreshToken)
 
         resp = response.json()
         jwt_response = self._auth.generate_jwt_response(
@@ -153,7 +153,7 @@ def update_user_email(
 
         uri = EndpointsV1.updateUserEmailOTPPath
         body = OTP._compose_update_user_email_body(identifier, email)
-        self._auth.do_post(uri, body, refresh_token)
+        self._auth.do_post(uri, body, None, refresh_token)
 
     def update_user_phone(
         self, method: DeliveryMethod, identifier: str, phone: str, refresh_token: str
@@ -180,7 +180,7 @@ def update_user_phone(
 
         uri = OTP._compose_update_phone_url(method)
         body = OTP._compose_update_user_phone_body(identifier, phone)
-        self._auth.do_post(uri, body, refresh_token)
+        self._auth.do_post(uri, body, None, refresh_token)
 
     @staticmethod
     def _compose_signup_url(method: DeliveryMethod) -> str:

descope/authmethod/saml.py

@@ -24,8 +24,8 @@ def start(self, tenant: str, return_url: str = None) -> dict:
             )
 
         uri = EndpointsV1.authSAMLStart
-        body = SAML._compose_start_body(tenant, return_url)
-        response = self._auth.do_post(uri, body)
+        params = SAML._compose_start_params(tenant, return_url)
+        response = self._auth.do_post(uri, {}, params)
 
         return response.json()
 
@@ -36,7 +36,7 @@ def exchange_token(
         return self._auth.exchange_token(uri, code, loginOptions, refreshToken)
 
     @staticmethod
-    def _compose_start_body(tenant: str, return_url: str) -> dict:
+    def _compose_start_params(tenant: str, return_url: str) -> dict:
         res = {"tenant": tenant}
         if return_url is not None and return_url != "":
             res["redirectURL"] = return_url

descope/authmethod/totp.py

@@ -53,7 +53,7 @@ def sign_in_code(
 
         uri = EndpointsV1.verifyTOTPPath
         body = TOTP._compose_signin_body(identifier, code, loginOptions)
-        response = self._auth.do_post(uri, body, refreshToken)
+        response = self._auth.do_post(uri, body, None, refreshToken)
 
         resp = response.json()
         jwt_response = self._auth.generate_jwt_response(
@@ -78,7 +78,7 @@ def update_user(self, identifier: str, refresh_token: str) -> None:
 
         uri = EndpointsV1.updateTOTPPath
         body = TOTP._compose_update_user_body(identifier)
-        response = self._auth.do_post(uri, body, refresh_token)
+        response = self._auth.do_post(uri, body, None, refresh_token)
 
         return response.json()
         # Response should have these schema:

descope/authmethod/webauthn.py

@@ -53,7 +53,7 @@ def sign_up_finish(
         body = WebauthN._compose_sign_up_in_finish_body(
             transactionID, response, loginOptions
         )
-        response = self._auth.do_post(uri, body, refreshToken)
+        response = self._auth.do_post(uri, body, None, refreshToken)
 
         resp = response.json()
         jwt_response = self._auth.generate_jwt_response(
@@ -105,7 +105,7 @@ def sign_in_finish(
         body = WebauthN._compose_sign_up_in_finish_body(
             transaction_id, response, loginOptions
         )
-        response = self._auth.do_post(uri, body, refreshToken)
+        response = self._auth.do_post(uri, body, None, refreshToken)
 
         resp = response.json()
         jwt_response = self._auth.generate_jwt_response(
@@ -129,7 +129,7 @@ def update_start(self, identifier: str, refresh_token: str, origin: str):
 
         uri = EndpointsV1.updateAuthWebauthnStart
         body = WebauthN._compose_update_start_body(identifier, origin)
-        response = self._auth.do_post(uri, body, refresh_token)
+        response = self._auth.do_post(uri, body, None, refresh_token)
 
         return response.json()
 

descope/descope_client.py

@@ -197,7 +197,7 @@ def logout(self, refresh_token: str) -> requests.Response:
             )
 
         uri = EndpointsV1.logoutPath
-        return self._auth.do_post(uri, {}, refresh_token)
+        return self._auth.do_post(uri, {}, None, refresh_token)
 
     def me(self, refresh_token: str) -> dict:
         """

tests/test_magiclink.py

@@ -263,6 +263,7 @@ def test_sign_in_cross_device(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps(
                     {
                         "externalId": "dummy@dummy.com",
@@ -295,6 +296,7 @@ def test_sign_up_cross_device(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps(
                     {
                         "externalId": "dummy@dummy.com",
@@ -328,6 +330,7 @@ def test_sign_up_or_in_cross_device(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps(
                     {
                         "externalId": "dummy@dummy.com",

tests/test_oauth.py

@@ -24,7 +24,7 @@ def setUp(self) -> None:
 
     def test_compose_start_params(self):
         self.assertEqual(
-            OAuth._compose_start_body("google", "http://example.com"),
+            OAuth._compose_start_params("google", "http://example.com"),
             {"provider": "google", "redirectURL": "http://example.com"},
         )
 
@@ -74,7 +74,8 @@ def test_oauth_start(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
-                data=json.dumps({"provider": "facebook"}),
+                params={"provider": "facebook"},
+                data=json.dumps({}),
                 allow_redirects=False,
                 verify=True,
             )
@@ -114,6 +115,7 @@ def test_exchange_token(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps(
                     {
                         "code": "c1",

tests/test_saml.py

@@ -22,9 +22,9 @@ def setUp(self) -> None:
             "y": "N5n5jKZA5Wu7_b4B36KKjJf-VRfJ-XqczfCSYy9GeQLqF-b63idfE0SYaYk9cFqg",
         }
 
-    def test_compose_start_body(self):
+    def test_compose_start_params(self):
         self.assertEqual(
-            SAML._compose_start_body("tenant1", "http://dummy.com"),
+            SAML._compose_start_params("tenant1", "http://dummy.com"),
             {"tenant": "tenant1", "redirectURL": "http://dummy.com"},
         )
 
@@ -56,9 +56,8 @@ def test_saml_start(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
-                data=json.dumps(
-                    {"tenant": "tenant1", "redirectURL": "http://dummy.com"}
-                ),
+                params={"tenant": "tenant1", "redirectURL": "http://dummy.com"},
+                data=json.dumps({}),
                 allow_redirects=False,
                 verify=True,
             )
@@ -96,6 +95,7 @@ def test_exchange_token(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps({"code": "c1", "loginOptions": {}}),
                 allow_redirects=False,
                 verify=True,

tests/test_totp.py

@@ -122,6 +122,7 @@ def test_update_user(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}:{valid_jwt_token}",
                 },
+                params=None,
                 data=json.dumps({"externalId": "dummy@dummy.com"}),
                 allow_redirects=False,
                 verify=True,

tests/test_webauthn.py

@@ -96,6 +96,7 @@ def test_sign_up_start(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps(
                     {"user": {"externalId": "id1"}, "origin": "https://example.com"}
                 ),
@@ -145,6 +146,7 @@ def test_sign_up_finish(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps(
                     {
                         "transactionId": "t01",
@@ -198,6 +200,7 @@ def test_sign_in_start(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps({"externalId": "id1", "origin": "https://example.com"}),
                 allow_redirects=False,
                 verify=True,
@@ -240,6 +243,7 @@ def test_sign_in_finish(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps(
                     {
                         "transactionId": "t01",
@@ -313,6 +317,7 @@ def test_update_start(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}:asdasd",
                 },
+                params=None,
                 data=json.dumps(
                     {"externalId": "dummy@dummy.com", "origin": "https://example.com"}
                 ),
@@ -354,6 +359,7 @@ def test_update_finish(self):
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
+                params=None,
                 data=json.dumps({"transactionId": "t01", "response": "response01"}),
                 allow_redirects=False,
                 verify=True,