Change exchange to POST (#63)

descope · Oct 20, 2022 · 8b460ac · 8b460ac
1 parent 96dce88
commit 8b460ac
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/descope/auth.py b/descope/auth.py
@@ -107,8 +107,8 @@ def exchange_token(self, uri, code: str) -> dict:
                 "exchange code is empty",
             )
 
-        params = Auth._compose_exchange_params(code)
-        response = self.do_get(uri, params, False)
+        body = Auth._compose_exchange_body(code)
+        response = self.do_post(uri, body)
         resp = response.json()
         jwt_response = self.generate_jwt_response(
             resp, response.cookies.get(REFRESH_SESSION_COOKIE_NAME, None)
@@ -234,7 +234,7 @@ def exchange_access_key(self, access_key: str) -> dict:
         return result
 
     @staticmethod
-    def _compose_exchange_params(code: str) -> dict:
+    def _compose_exchange_body(code: str) -> dict:
         return {"code": code}
 
     @staticmethod

diff --git a/tests/test_oauth.py b/tests/test_oauth.py
@@ -94,23 +94,23 @@ def test_exchange_token(self):
             self.assertRaises(AuthException, oauth.exchange_token, "c1")
 
         # Test success flow
-        with patch("requests.get") as mock_get:
+        with patch("requests.post") as mock_post:
             my_mock_response = mock.Mock()
             my_mock_response.ok = True
             my_mock_response.cookies = {}
             data = json.loads(
                 """{"jwts": ["eyJhbGciOiJFUzM4NCIsImtpZCI6IjJCdDVXTGNjTFVleTFEcDd1dHB0WmIzRng5SyIsInR5cCI6IkpXVCJ9.eyJjb29raWVEb21haW4iOiIiLCJjb29raWVFeHBpcmF0aW9uIjoxNjYwMzg4MDc4LCJjb29raWVNYXhBZ2UiOjI1OTE5OTksImNvb2tpZU5hbWUiOiJEU1IiLCJjb29raWVQYXRoIjoiLyIsImV4cCI6MTY2MDIxNTI3OCwiaWF0IjoxNjU3Nzk2MDc4LCJpc3MiOiIyQnQ1V0xjY0xVZXkxRHA3dXRwdFpiM0Z4OUsiLCJzdWIiOiIyQnRFSGtnT3UwMmxtTXh6UElleGRNdFV3MU0ifQ.oAnvJ7MJvCyL_33oM7YCF12JlQ0m6HWRuteUVAdaswfnD4rHEBmPeuVHGljN6UvOP4_Cf0559o39UHVgm3Fwb-q7zlBbsu_nP1-PRl-F8NJjvBgC5RsAYabtJq7LlQmh"], "user": {"externalIds": ["guyp@descope.com"], "name": "", "email": "guyp@descope.com", "phone": "", "verifiedEmail": true, "verifiedPhone": false}, "firstSeen": false}"""
             )
             my_mock_response.json.return_value = data
-            mock_get.return_value = my_mock_response
+            mock_post.return_value = my_mock_response
             oauth.exchange_token("c1")
-            mock_get.assert_called_with(
+            mock_post.assert_called_with(
                 f"{DEFAULT_BASE_URL}{EndpointsV1.oauthExchangeTokenPath}",
                 headers={
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
-                params={"code": "c1"},
+                data=json.dumps({"code": "c1"}),
                 allow_redirects=False,
                 verify=True,
             )

diff --git a/tests/test_saml.py b/tests/test_saml.py
@@ -76,23 +76,23 @@ def test_exchange_token(self):
             self.assertRaises(AuthException, saml.exchange_token, "c1")
 
         # Test success flow
-        with patch("requests.get") as mock_get:
+        with patch("requests.post") as mock_post:
             my_mock_response = mock.Mock()
             my_mock_response.ok = True
             my_mock_response.cookies = {}
             data = json.loads(
                 """{"jwts": ["eyJhbGciOiJFUzM4NCIsImtpZCI6IjJCdDVXTGNjTFVleTFEcDd1dHB0WmIzRng5SyIsInR5cCI6IkpXVCJ9.eyJjb29raWVEb21haW4iOiIiLCJjb29raWVFeHBpcmF0aW9uIjoxNjYwMzg4MDc4LCJjb29raWVNYXhBZ2UiOjI1OTE5OTksImNvb2tpZU5hbWUiOiJEU1IiLCJjb29raWVQYXRoIjoiLyIsImV4cCI6MTY2MDIxNTI3OCwiaWF0IjoxNjU3Nzk2MDc4LCJpc3MiOiIyQnQ1V0xjY0xVZXkxRHA3dXRwdFpiM0Z4OUsiLCJzdWIiOiIyQnRFSGtnT3UwMmxtTXh6UElleGRNdFV3MU0ifQ.oAnvJ7MJvCyL_33oM7YCF12JlQ0m6HWRuteUVAdaswfnD4rHEBmPeuVHGljN6UvOP4_Cf0559o39UHVgm3Fwb-q7zlBbsu_nP1-PRl-F8NJjvBgC5RsAYabtJq7LlQmh"], "user": {"externalIds": ["guyp@descope.com"], "name": "", "email": "guyp@descope.com", "phone": "", "verifiedEmail": true, "verifiedPhone": false}, "firstSeen": false}"""
             )
             my_mock_response.json.return_value = data
-            mock_get.return_value = my_mock_response
+            mock_post.return_value = my_mock_response
             saml.exchange_token("c1")
-            mock_get.assert_called_with(
+            mock_post.assert_called_with(
                 f"{DEFAULT_BASE_URL}{EndpointsV1.samlExchangeTokenPath}",
                 headers={
                     "Content-Type": "application/json",
                     "Authorization": f"Bearer {self.dummy_project_id}",
                 },
-                params={"code": "c1"},
+                data=json.dumps({"code": "c1"}),
                 allow_redirects=False,
                 verify=True,
             )