Add Users.authenticate_with_code() (#198)

* Add `Users.authenticate_with_token()` method * Rename method * Fix test
workos · Aug 22, 2023 · 4212609 · 4212609
1 parent 94eb707
commit 4212609
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 0 deletions.
diff --git a/tests/test_users.py b/tests/test_users.py
@@ -253,3 +253,29 @@ def test_authenticate_with_password(
         assert request["json"]["client_id"] == "client_b27needthisforssotemxo"
         assert request["json"]["client_secret"] == "sk_abdsomecharactersm284"
         assert request["json"]["grant_type"] == "password"
+
+    def test_authenticate_with_code(self, capture_and_mock_request, mock_auth_response):
+        code = "test_code"
+        expires_in = 3600
+        user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
+        ip_address = "192.0.0.1"
+
+        url, request = capture_and_mock_request("post", mock_auth_response, 200)
+
+        response = self.users.authenticate_with_code(
+            code=code,
+            expires_in=expires_in,
+            user_agent=user_agent,
+            ip_address=ip_address,
+        )
+
+        assert url[0].endswith("users/session/token")
+        assert response["user"]["id"] == "user_01H7ZGXFP5C6BBQY6Z7277ZCT0"
+        assert response["session"]["id"] == "session_01E4ZCR3C56J083X43JQXF3JK5"
+        assert request["json"]["code"] == code
+        assert request["json"]["user_agent"] == user_agent
+        assert request["json"]["expires_in"] == expires_in
+        assert request["json"]["ip_address"] == ip_address
+        assert request["json"]["client_id"] == "client_b27needthisforssotemxo"
+        assert request["json"]["client_secret"] == "sk_abdsomecharactersm284"
+        assert request["json"]["grant_type"] == "authorization_code"
diff --git a/workos/users.py b/workos/users.py
@@ -289,3 +289,52 @@ def authenticate_with_password(
         )
 
         return WorkOSAuthenticationResponse.construct_from_response(response).to_dict()
+
+    def authenticate_with_code(
+        self,
+        code,
+        expires_in=None,
+        ip_address=None,
+        user_agent=None,
+    ):
+        """Authenticates an OAuth user or a managed SSO user that is logging in through SSO,
+            and optionally creates a session.
+
+        Kwargs:
+            code (str): The authorization value which was passed back as a query parameter in the callback to the Redirect URI.
+            expires_in (int): The length of the session in minutes. Defaults to 1 day, 1440. (Optional)
+            ip_address (str): The IP address of the request from the user who is attempting to authenticate. (Optional)
+            user_agent (str): The user agent of the request from the user who is attempting to authenticate. (Optional)
+
+        Returns:
+            (dict): Authentication response from WorkOS.
+                [user] (dict): User response from WorkOS
+                [session] (dict): Session response from WorkOS
+        """
+
+        headers = {}
+
+        payload = {
+            "client_id": workos.client_id,
+            "client_secret": workos.api_key,
+            "code": code,
+            "grant_type": "authorization_code",
+        }
+
+        if expires_in:
+            payload["expires_in"] = expires_in
+
+        if ip_address:
+            payload["ip_address"] = ip_address
+
+        if user_agent:
+            payload["user_agent"] = user_agent
+
+        response = self.request_helper.request(
+            USER_SESSION_TOKEN,
+            method=REQUEST_METHOD_POST,
+            headers=headers,
+            params=payload,
+        )
+
+        return WorkOSAuthenticationResponse.construct_from_response(response).to_dict()