Impersonate with custom claims (#470)

* Impersonate with custom claims
And with selected tenant
related to descope/etc#8724

* Properly mark dict as optional

* fix test

Author: aviadl

README.md

@@ -1062,7 +1062,9 @@ The response would be a refresh JWT of the impersonated user
 refresh_jwt = descope_client.mgmt.jwt.impersonate(
     impersonator_id="<Login ID impersonator>",
     login_id="<Login ID of impersonated person>",
-    validate_consent=True
+    validate_consent=True,
+    custom_claims={"key1":"value1"},
+    tenant_id="<One of the tenants the impersonated user belongs to>"
 )
 ```
 
@@ -1126,8 +1128,8 @@ type org
 type folder
   relation parent: folder
   relation owner: user | org#member
-  relation editor: user 
-  relation viewer: user 
+  relation editor: user
+  relation viewer: user
 
   permission can_create: owner | parent.owner
   permission can_edit: editor | can_create
@@ -1136,8 +1138,8 @@ type folder
 type doc
   relation parent: folder
   relation owner: user | org#member
-  relation editor: user 
-  relation viewer: user 
+  relation editor: user
+  relation viewer: user
 
   permission can_create: owner | parent.owner
   permission can_edit: editor | can_create

descope/management/jwt.py

@@ -1,3 +1,5 @@
+from typing import Optional
+
 from descope._auth_base import AuthBase
 from descope.exceptions import ERROR_TYPE_INVALID_ARGUMENT, AuthException
 from descope.management.common import MgmtV1
@@ -27,7 +29,12 @@ def update_jwt(self, jwt: str, custom_claims: dict) -> str:
         return response.json().get("jwt", "")
 
     def impersonate(
-        self, impersonator_id: str, login_id: str, validate_consent: bool
+        self,
+        impersonator_id: str,
+        login_id: str,
+        validate_consent: bool,
+        custom_claims: Optional[dict] = None,
+        tenant_id: Optional[str] = None,
     ) -> str:
         """
         Impersonate to another user
@@ -36,6 +43,8 @@ def impersonate(
         impersonator_id (str): login id / user id of impersonator, must have "impersonation" permission.
         login_id (str): login id of the user whom to which to impersonate to.
         validate_consent (bool): Indicate whether to allow impersonation in any case or only if a consent to this operation was granted.
+        customClaims dict: Custom claims to add to JWT
+        tenant_id (str): tenant id to set on DCT claim.
 
         Return value (str): A JWT of the impersonated user
 
@@ -56,6 +65,8 @@ def impersonate(
                 "loginId": login_id,
                 "impersonatorId": impersonator_id,
                 "validateConsent": validate_consent,
+                "cusotmClaims": custom_claims,
+                "selectedTenant": tenant_id,
             },
             pswd=self._auth.management_key,
         )

tests/management/test_jwt.py

@@ -107,6 +107,8 @@ def test_impersonate(self):
                     "loginId": "imp2",
                     "impersonatorId": "imp1",
                     "validateConsent": True,
+                    "cusotmClaims": None,
+                    "selectedTenant": None,
                 },
                 allow_redirects=False,
                 verify=True,