Add fetching outbound token by using inbound app token + fix linting

Author: guyp-descope

README.md

@@ -1425,6 +1425,46 @@ latest_tenant_token = descope_client.mgmt.outbound_application.fetch_tenant_toke
 )
 ```
 
+Fetch outbound application tokens using an inbound application token that includes the "outbound.token.fetch" scope (no management key required)
+
+```python
+# Fetch user token with specific scopes
+user_token = descope_client.mgmt.outbound_application_by_token.fetch_token_by_scopes(
+	"inbound-app-token",
+    "my-app-id",
+    "user-id",
+    ["read", "write"],
+    {"refreshToken": True},  # Optional
+    "tenant-id"  # Optional
+)
+
+# Fetch latest user token
+latest_user_token = descope_client.mgmt.outbound_application_by_token.fetch_token(
+	"inbound-app-token",
+    "my-app-id",
+    "user-id",
+    "tenant-id",  # Optional
+    {"forceRefresh": True}  # Optional
+)
+
+# Fetch tenant token with specific scopes
+tenant_token = descope_client.mgmt.outbound_application_by_token.fetch_tenant_token_by_scopes(
+	"inbound-app-token",
+    "my-app-id",
+    "tenant-id",
+    ["read", "write"],
+    {"refreshToken": True}  # Optional
+)
+
+# Fetch latest tenant token
+latest_tenant_token = descope_client.mgmt.outbound_application_by_token.fetch_tenant_token(
+	"inbound-app-token",
+    "my-app-id",
+    "tenant-id",
+    {"forceRefresh": True}  # Optional
+)
+```
+
 ### Utils for your end to end (e2e) tests and integration tests
 
 To ease your e2e tests, we exposed dedicated management methods,

descope/auth.py

@@ -120,7 +120,7 @@ def _raise_rate_limit_exception(self, response):
             )
         except RateLimitException:
             raise
-        except Exception as e:
+        except Exception:
             raise RateLimitException(
                 status_code=HTTPStatus.TOO_MANY_REQUESTS,
                 error_type=ERROR_TYPE_API_RATE_LIMIT,

descope/authmethod/enchantedlink.py

@@ -118,8 +118,13 @@ def update_user_email(
         Auth.validate_email(email)
 
         body = EnchantedLink._compose_update_user_email_body(
-            login_id, email, add_to_login_ids, on_merge_use_existing,
-            template_options, template_id, provider_id
+            login_id,
+            email,
+            add_to_login_ids,
+            on_merge_use_existing,
+            template_options,
+            template_id,
+            provider_id,
         )
         uri = EndpointsV1.update_user_email_enchantedlink_path
         response = self._auth.do_post(uri, body, None, refresh_token)

descope/authmethod/magiclink.py

@@ -117,8 +117,13 @@ def update_user_email(
         Auth.validate_email(email)
 
         body = MagicLink._compose_update_user_email_body(
-            login_id, email, add_to_login_ids, on_merge_use_existing, 
-            template_options, template_id, provider_id
+            login_id,
+            email,
+            add_to_login_ids,
+            on_merge_use_existing,
+            template_options,
+            template_id,
+            provider_id,
         )
         uri = EndpointsV1.update_user_email_magiclink_path
         response = self._auth.do_post(uri, body, None, refresh_token)
@@ -144,8 +149,13 @@ def update_user_phone(
         Auth.validate_phone(method, phone)
 
         body = MagicLink._compose_update_user_phone_body(
-            login_id, phone, add_to_login_ids, on_merge_use_existing, 
-            template_options, template_id, provider_id
+            login_id,
+            phone,
+            add_to_login_ids,
+            on_merge_use_existing,
+            template_options,
+            template_id,
+            provider_id,
         )
         uri = EndpointsV1.update_user_phone_magiclink_path
         response = self._auth.do_post(uri, body, None, refresh_token)

descope/authmethod/otp.py

@@ -198,8 +198,13 @@ def update_user_email(
 
         uri = EndpointsV1.update_user_email_otp_path
         body = OTP._compose_update_user_email_body(
-            login_id, email, add_to_login_ids, on_merge_use_existing,
-            template_options, template_id, provider_id
+            login_id,
+            email,
+            add_to_login_ids,
+            on_merge_use_existing,
+            template_options,
+            template_id,
+            provider_id,
         )
         response = self._auth.do_post(uri, body, None, refresh_token)
         return Auth.extract_masked_address(response.json(), DeliveryMethod.EMAIL)
@@ -241,8 +246,13 @@ def update_user_phone(
 
         uri = OTP._compose_update_phone_url(method)
         body = OTP._compose_update_user_phone_body(
-            login_id, phone, add_to_login_ids, on_merge_use_existing,
-            template_options, template_id, provider_id
+            login_id,
+            phone,
+            add_to_login_ids,
+            on_merge_use_existing,
+            template_options,
+            template_id,
+            provider_id,
         )
         response = self._auth.do_post(uri, body, None, refresh_token)
         return Auth.extract_masked_address(response.json(), method)

descope/descope_client.py

@@ -53,10 +53,6 @@ def __init__(
 
     @property
     def mgmt(self):
-        if not self._auth.management_key:
-            raise AuthException(
-                400, ERROR_TYPE_INVALID_ARGUMENT, "management_key cannot be empty"
-            )
         return self._mgmt
 
     @property

descope/flask/__init__.py

@@ -4,7 +4,7 @@
 import uuid
 from functools import wraps
 
-from flask import Response, redirect, request, g
+from flask import Response, g, redirect, request
 
 from .. import (
     COOKIE_DATA_NAME,

descope/management/common.py

@@ -1,5 +1,5 @@
-from typing import List, Optional, Dict, Any
 from enum import Enum
+from typing import List, Optional
 
 
 class AccessType(Enum):

descope/management/fga.py

@@ -1,5 +1,4 @@
-from datetime import datetime, timezone
-from typing import Any, List, Optional
+from typing import List
 
 from descope._auth_base import AuthBase
 from descope.management.common import MgmtV1

descope/management/jwt.py

@@ -87,7 +87,7 @@ def impersonate(
             pswd=self._auth.management_key,
         )
         return response.json().get("jwt", "")
-    
+
     def stop_impersonation(
         self,
         jwt: str,
@@ -109,9 +109,7 @@ def stop_impersonation(
         AuthException: raised if update failed
         """
         if not jwt or jwt == "":
-            raise AuthException(
-                400, ERROR_TYPE_INVALID_ARGUMENT, "jwt cannot be empty"
-            )
+            raise AuthException(400, ERROR_TYPE_INVALID_ARGUMENT, "jwt cannot be empty")
 
         response = self._auth.do_post(
             MgmtV1.stop_impersonation_path,