Revert "Revert embedded link (#262)" (#269)

This reverts commit b544883.

Author: aviadl

.vscode/settings.json

@@ -3,9 +3,4 @@
     "python.testing.pytestArgs": [
         "tests"
     ],
-    "workbench.colorCustomizations": {
-        "activityBar.background": "#4D1C3B",
-        "titleBar.activeBackground": "#6B2752",
-        "titleBar.activeForeground": "#FDF8FB"
-    },
 }

README.md

@@ -852,6 +852,10 @@ pending_ref = resp["pendingRef"]
 
 # Note 1: The generate code/link functions, work only for test users, will not work for regular users.
 # Note 2: In case of testing sign-in / sign-up operations with test users, need to make sure to generate the code prior calling the sign-in / sign-up operations.
+
+# Embedded links can be created to directly receive a verifiable token without sending it.
+# This token can then be verified using the magic link 'verify' function, either directly or through a flow.
+token, err = descope_client.mgmt.user.generate_embedded_link("[email protected]", {"key1":"value1"})
 ```
 
 ## API Rate Limits

descope/management/common.py

@@ -33,6 +33,7 @@ class MgmtV1:
     user_generate_otp_for_test_path = "/v1/mgmt/tests/generate/otp"
     user_generate_magic_link_for_test_path = "/v1/mgmt/tests/generate/magiclink"
     user_generate_enchanted_link_for_test_path = "/v1/mgmt/tests/generate/enchantedlink"
+    user_generate_embedded_link_path = "/v1/mgmt/user/signin/embeddedlink"
 
     # access key
     access_key_create_path = "/v1/mgmt/accesskey/create"

descope/management/user.py

@@ -923,6 +923,28 @@ def generate_enchanted_link_for_test_user(
         )
         return response.json()
 
+    def generate_embedded_link(self, login_id: str, custom_claims: dict = None) -> str:
+        """
+        Generate Embedded Link for the given user login ID.
+        The return value is a token that can be verified via magic link, or using flows
+
+        Args:
+        login_id (str): The login ID of the user to authenticate with.
+        custom_claims (dict): Additional claims to place on the jwt after verification
+
+        Return value (str):
+        Return the token to be used in verification process
+
+        Raise:
+        AuthException: raised if the operation fails
+        """
+        response = self._auth.do_post(
+            MgmtV1.user_generate_embedded_link_path,
+            {"loginId": login_id, "customClaims": custom_claims},
+            pswd=self._auth.management_key,
+        )
+        return response.json()["token"]
+
     @staticmethod
     def _compose_create_body(
         login_id: str,

tests/management/test_user.py

@@ -1230,3 +1230,37 @@ def test_generate_enchanted_link_for_test_user(self):
                 verify=True,
                 timeout=DEFAULT_TIMEOUT_SECONDS,
             )
+
+    def test_generate_embedded_link(self):
+        # Test failed flows
+        with patch("requests.post") as mock_post:
+            mock_post.return_value.ok = False
+            self.assertRaises(
+                AuthException, self.client.mgmt.user.generate_embedded_link, "login-id"
+            )
+
+        # Test success flow
+        with patch("requests.post") as mock_post:
+            network_resp = mock.Mock()
+            network_resp.ok = True
+            network_resp.json.return_value = json.loads("""{"token": "some-token"}""")
+            mock_post.return_value = network_resp
+            resp = self.client.mgmt.user.generate_embedded_link(
+                "login-id", {"k1": "v1"}
+            )
+            self.assertEqual(resp, "some-token")
+            mock_post.assert_called_with(
+                f"{common.DEFAULT_BASE_URL}{MgmtV1.user_generate_embedded_link_path}",
+                headers={
+                    **common.default_headers,
+                    "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}",
+                },
+                json={
+                    "loginId": "login-id",
+                    "customClaims": {"k1": "v1"},
+                },
+                allow_redirects=False,
+                verify=True,
+                params=None,
+                timeout=DEFAULT_TIMEOUT_SECONDS,
+            )