diff --git a/src/main/java/com/descope/client/Config.java b/src/main/java/com/descope/client/Config.java index a8f4216e..2f4bd898 100644 --- a/src/main/java/com/descope/client/Config.java +++ b/src/main/java/com/descope/client/Config.java @@ -30,6 +30,13 @@ public class Config { // fail. private String managementKey; + // AuthManagementKey (optional, "") - used to provide a management key to use + // with Authentication APIs whose public access has been disabled. + // If empty, this value is retrieved from the DESCOPE_AUTH_MANAGEMENT_KEY + // environment variable instead. If neither values are set then any disabled + // authentication methods API calls will fail. + private String authManagementKey; + // PublicKey (optional, "") - used to override or implicitly use a dedicated public key in order // to decrypt and validate the JWT tokens during ValidateSessionRequest(). // If empty, will attempt to fetch all public keys from the specified project id. @@ -73,4 +80,11 @@ public String initializeManagementKey() { } return this.managementKey; } + + public String initializeAuthManagementKey() { + if (StringUtils.isBlank(this.authManagementKey)) { + this.authManagementKey = EnvironmentUtils.getAuthManagementKey(); + } + return this.authManagementKey; + } } diff --git a/src/main/java/com/descope/client/DescopeClient.java b/src/main/java/com/descope/client/DescopeClient.java index d47c5dbc..73d9c442 100644 --- a/src/main/java/com/descope/client/DescopeClient.java +++ b/src/main/java/com/descope/client/DescopeClient.java @@ -49,6 +49,7 @@ public DescopeClient(Config config) throws DescopeException { log.debug("Provided public key is set, forcing only provided public key validation"); } config.initializeManagementKey(); + config.initializeAuthManagementKey(); config.initializeBaseURL(); Client client = getClient(config); @@ -69,6 +70,7 @@ private static Client getClient(Config config) { .uri(StringUtils.isBlank(config.getDescopeBaseUrl()) ? baseUrl : config.getDescopeBaseUrl()) .projectId(projectId) .managementKey(config.getManagementKey()) + .authManagementKey(config.getAuthManagementKey()) .headers( Collections.isEmpty(config.getCustomDefaultHeaders()) ? new HashMap<>() : new HashMap<>(config.getCustomDefaultHeaders())) diff --git a/src/main/java/com/descope/literals/AppConstants.java b/src/main/java/com/descope/literals/AppConstants.java index 5909c6ae..287bbd8e 100644 --- a/src/main/java/com/descope/literals/AppConstants.java +++ b/src/main/java/com/descope/literals/AppConstants.java @@ -7,6 +7,7 @@ public class AppConstants { public static final String PROJECT_ID_ENV_VAR = "DESCOPE_PROJECT_ID"; public static final String PUBLIC_KEY_ENV_VAR = "DESCOPE_PUBLIC_KEY"; public static final String MANAGEMENT_KEY_ENV_VAR = "DESCOPE_MANAGEMENT_KEY"; + public static final String AUTH_MANAGEMENT_KEY_ENV_VAR = "DESCOPE_AUTH_MANAGEMENT_KEY"; public static final String BASE_URL_ENV_VAR = "DESCOPE_BASE_URL"; public static final String AUTHORIZATION_HEADER_NAME = "Authorization"; public static final String BEARER_AUTHORIZATION_PREFIX = "Bearer "; diff --git a/src/main/java/com/descope/model/client/Client.java b/src/main/java/com/descope/model/client/Client.java index a8723d57..c05a526b 100644 --- a/src/main/java/com/descope/model/client/Client.java +++ b/src/main/java/com/descope/model/client/Client.java @@ -18,6 +18,7 @@ public class Client { private String uri; private String projectId; private String managementKey; + private String authManagementKey; private Map headers; private SdkInfo sdkInfo; private Key providedKey; diff --git a/src/main/java/com/descope/sdk/auth/impl/AuthenticationsBase.java b/src/main/java/com/descope/sdk/auth/impl/AuthenticationsBase.java index ad36605e..2a648aed 100644 --- a/src/main/java/com/descope/sdk/auth/impl/AuthenticationsBase.java +++ b/src/main/java/com/descope/sdk/auth/impl/AuthenticationsBase.java @@ -37,7 +37,11 @@ abstract class AuthenticationsBase extends SdkServicesBase implements Authentica ApiProxy getApiProxy() { String projectId = client.getProjectId(); + String authManagementKey = client.getAuthManagementKey(); if (StringUtils.isNotBlank(projectId)) { + if (StringUtils.isNotBlank(authManagementKey)) { + return ApiProxyBuilder.buildProxy(() -> String.format("Bearer %s:%s", projectId, authManagementKey), client); + } return ApiProxyBuilder.buildProxy(() -> "Bearer " + projectId, client); } return ApiProxyBuilder.buildProxy(client.getSdkInfo()); @@ -49,7 +53,13 @@ ApiProxy getApiProxy(String refreshToken) { return getApiProxy(); } - String token = String.format("Bearer %s:%s", projectId, refreshToken); + String authManagementKey = client.getAuthManagementKey(); + String token; + if (StringUtils.isNotBlank(authManagementKey)) { + token = String.format("Bearer %s:%s:%s", projectId, refreshToken, authManagementKey); + } else { + token = String.format("Bearer %s:%s", projectId, refreshToken); + } return ApiProxyBuilder.buildProxy(() -> token, client); } diff --git a/src/main/java/com/descope/utils/EnvironmentUtils.java b/src/main/java/com/descope/utils/EnvironmentUtils.java index 3e6448a6..c08616bc 100644 --- a/src/main/java/com/descope/utils/EnvironmentUtils.java +++ b/src/main/java/com/descope/utils/EnvironmentUtils.java @@ -1,5 +1,6 @@ package com.descope.utils; +import static com.descope.literals.AppConstants.AUTH_MANAGEMENT_KEY_ENV_VAR; import static com.descope.literals.AppConstants.BASE_URL_ENV_VAR; import static com.descope.literals.AppConstants.MANAGEMENT_KEY_ENV_VAR; import static com.descope.literals.AppConstants.PROJECT_ID_ENV_VAR; @@ -27,4 +28,8 @@ public static String getPublicKey() { public static String getManagementKey() { return dotenv.get(MANAGEMENT_KEY_ENV_VAR); } + + public static String getAuthManagementKey() { + return dotenv.get(AUTH_MANAGEMENT_KEY_ENV_VAR); + } }