diff --git a/src/main/python/fusionauth/fusionauth_client.py b/src/main/python/fusionauth/fusionauth_client.py index fcadf20..3aa2c75 100644 --- a/src/main/python/fusionauth/fusionauth_client.py +++ b/src/main/python/fusionauth/fusionauth_client.py @@ -97,6 +97,18 @@ def approve_device(self, token, user_code, client_id=None, client_secret=None): .post() \ .go() + def approve_device_with_request(self, request): + """ + Approve a device grant. + + Attributes: + request: The request object containing the device approval information and optional tenantId. + """ + return self.start().uri('/oauth2/device/approve') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def cancel_action(self, action_id, request): """ Cancels the user action. @@ -266,6 +278,18 @@ def client_credentials_grant(self, client_id=None, client_secret=None, scope=Non .post() \ .go() + def client_credentials_grant_with_request(self, request): + """ + Make a Client Credentials grant request to obtain an access token. + + Attributes: + request: The client credentials grant request containing client authentication, scope and optional tenantId. + """ + return self.start_anonymous().uri('/oauth2/token') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def comment_on_user(self, request): """ Adds a comment to the user's account. @@ -1307,6 +1331,37 @@ def delete_webhook(self, webhook_id): .delete() \ .go() + def device_authorize(self, client_id, client_secret=None, scope=None): + """ + Start the Device Authorization flow using form-encoded parameters + + Attributes: + client_id: The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. + client_secret: (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header. + scope: (Optional) A space-delimited string of the requested scopes. Defaults to all scopes configured in the Application's OAuth configuration. + """ + body = { + "client_id": client_id, + "client_secret": client_secret, + "scope": scope, + } + return self.start_anonymous().uri('/oauth2/device_authorize') \ + .body_handler(FormDataBodyHandler(body)) \ + .post() \ + .go() + + def device_authorize_with_request(self, request): + """ + Start the Device Authorization flow using a request body + + Attributes: + request: The device authorization request containing client authentication, scope, and optional device metadata. + """ + return self.start_anonymous().uri('/oauth2/device_authorize') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def disable_two_factor(self, user_id, method_id, code): """ Disable two-factor authentication for a user. @@ -1401,6 +1456,32 @@ def exchange_o_auth_code_for_access_token_using_pkce(self, code, redirect_uri, c .post() \ .go() + def exchange_o_auth_code_for_access_token_using_pkce_with_request(self, request): + """ + Exchanges an OAuth authorization code and code_verifier for an access token. + Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token. + + Attributes: + request: The PKCE OAuth code access token exchange request. + """ + return self.start_anonymous().uri('/oauth2/token') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + + def exchange_o_auth_code_for_access_token_with_request(self, request): + """ + Exchanges an OAuth authorization code for an access token. + Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token. + + Attributes: + request: The OAuth code access token exchange request. + """ + return self.start_anonymous().uri('/oauth2/token') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def exchange_refresh_token_for_access_token(self, refresh_token, client_id=None, client_secret=None, scope=None, user_code=None): """ Exchange a Refresh Token for an Access Token. @@ -1427,6 +1508,19 @@ def exchange_refresh_token_for_access_token(self, refresh_token, client_id=None, .post() \ .go() + def exchange_refresh_token_for_access_token_with_request(self, request): + """ + Exchange a Refresh Token for an Access Token. + If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token. + + Attributes: + request: The refresh token access token exchange request. + """ + return self.start_anonymous().uri('/oauth2/token') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def exchange_refresh_token_for_jwt(self, request): """ Exchange a refresh token for a new JWT. @@ -1467,6 +1561,19 @@ def exchange_user_credentials_for_access_token(self, username, password, client_ .post() \ .go() + def exchange_user_credentials_for_access_token_with_request(self, request): + """ + Exchange User Credentials for a Token. + If you will be using the Resource Owner Password Credential Grant, you will make a request to the Token endpoint to exchange the user’s email and password for an access token. + + Attributes: + request: The user credentials access token exchange request. + """ + return self.start_anonymous().uri('/oauth2/token') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def forgot_password(self, request): """ Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password. @@ -1656,6 +1763,18 @@ def introspect_access_token(self, client_id, token): .post() \ .go() + def introspect_access_token_with_request(self, request): + """ + Inspect an access token issued as the result of the User based grant such as the Authorization Code Grant, Implicit Grant, the User Credentials Grant or the Refresh Grant. + + Attributes: + request: The access token introspection request. + """ + return self.start_anonymous().uri('/oauth2/introspect') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def introspect_client_credentials_access_token(self, token): """ Inspect an access token issued as the result of the Client Credentials Grant. @@ -1671,6 +1790,18 @@ def introspect_client_credentials_access_token(self, token): .post() \ .go() + def introspect_client_credentials_access_token_with_request(self, request): + """ + Inspect an access token issued as the result of the Client Credentials Grant. + + Attributes: + request: The client credentials access token. + """ + return self.start_anonymous().uri('/oauth2/introspect') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def issue_jwt(self, application_id, encoded_jwt, refresh_token=None): """ Issue a new access token (JWT) for the requested Application after ensuring the provided JWT is valid. A valid @@ -3521,6 +3652,36 @@ def retrieve_user_code_using_api_key(self, user_code): .get() \ .go() + def retrieve_user_code_using_api_key_with_request(self, request): + """ + Retrieve a user_code that is part of an in-progress Device Authorization Grant. + + This API is useful if you want to build your own login workflow to complete a device grant. + + This request will require an API key. + + Attributes: + request: The user code retrieval request including optional tenantId. + """ + return self.start_anonymous().uri('/oauth2/device/user-code') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + + def retrieve_user_code_with_request(self, request): + """ + Retrieve a user_code that is part of an in-progress Device Authorization Grant. + + This API is useful if you want to build your own login workflow to complete a device grant. + + Attributes: + request: The user code retrieval request. + """ + return self.start_anonymous().uri('/oauth2/device/user-code') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def retrieve_user_comments(self, user_id): """ Retrieves all the comments for the user with the given Id. @@ -4858,6 +5019,19 @@ def validate_device(self, user_code, client_id): .get() \ .go() + def validate_device_with_request(self, request): + """ + Validates the end-user provided user_code from the user-interaction of the Device Authorization Grant. + If you build your own activation form you should validate the user provided code prior to beginning the Authorization grant. + + Attributes: + request: The device validation request. + """ + return self.start_anonymous().uri('/oauth2/device/validate') \ + .body_handler(JSONBodyHandler(request)) \ + .post() \ + .go() + def validate_jwt(self, encoded_jwt): """ Validates the provided JWT (encoded JWT string) to ensure the token is valid. A valid access token is properly