Skip to content

Feat: Added audience override if contains Project ID #674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gaokevin1 merged 4 commits into from
Nov 4, 2025
Merged

Feat: Added audience override if contains Project ID #674

gaokevin1 merged 4 commits into from
Nov 4, 2025

Conversation

@gaokevin1
Copy link
Member

@gaokevin1 gaokevin1 commented Oct 22, 2025
edited
Loading

Related Issues

Fixes https://github.com/descope/etc/issues/12464

Related PRs

branch PR
service a PR Link to PR
service b PR Link to PR

Description

A few sentences describing the overall goals of the pull request's commits.

Must

  • Tests
  • Documentation (if applicable)

Copilot AI review requested due to automatic review settings October 22, 2025 18:13
@gaokevin1 gaokevin1 changed the title added audience override if contains project ID and tests Feat: Added audience override if contains project ID and tests Oct 22, 2025
@gaokevin1 gaokevin1 changed the title Feat: Added audience override if contains project ID and tests Feat: Added audience override if contains Project ID Oct 22, 2025
@gaokevin1 gaokevin1 requested review from aviadl, Copilot and guyp-descope and removed request for Copilot October 22, 2025 18:13
Copilot AI reviewed Oct 22, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements automatic audience detection for JWT validation when the token's audience claim matches the project ID. This allows tokens with project ID audiences to be validated without explicitly passing the audience parameter.

Key changes:

  • Added logic to auto-detect and use project ID as audience when token contains matching audience claim
  • Supports both single string and list audience formats in tokens
  • Added comprehensive test coverage for the new auto-detection behavior

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
descope/auth.py Added audience auto-detection logic in _validate_token method that decodes token without audience verification first, checks if audience matches project ID, and uses it for final validation
tests/test_auth.py Added 6 new test cases covering auto-detection scenarios: string audience, list audience, no match, explicit audience override, validate_and_refresh_session, and mismatch failure

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@github-actions
Copy link

github-actions bot commented Oct 22, 2025
edited
Loading

Coverage report

The coverage rate went from 98.2% to 98.21% ⬆️

100% of new lines are covered.

Diff Coverage details (click to unfold)

descope/auth.py

100% of new lines are covered (98.08% of the complete file).

@gaokevin1 gaokevin1 requested a review from dorsha November 4, 2025 06:09
@gaokevin1 gaokevin1 enabled auto-merge (squash) November 4, 2025 06:14
@gaokevin1 gaokevin1 merged commit 52b2a35 into main Nov 4, 2025
24 checks passed
@gaokevin1 gaokevin1 deleted the override-aud-check branch November 4, 2025 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dorsha dorsha dorsha approved these changes

@guyp-descope guyp-descope Awaiting requested review from guyp-descope

@aviadl aviadl Awaiting requested review from aviadl

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gaokevin1 @dorsha