Merge pull request #45 from kinde-oss/rai/add-state-login

Added ability to pass state to the login and register urls

Author: rairaman

kinde_sdk/kinde_api_client.py

@@ -73,14 +73,14 @@ def __init__(
             "scope": self.scope,
             "token_endpoint": self.token_endpoint,
         }
-        create_authorization_url_params = {}
+        self.create_authorization_url_params = {}
         if self.grant_type == GrantType.AUTHORIZATION_CODE_WITH_PKCE:
             if self.code_verifier is None:
                 raise KindeConfigurationException(
                     '"code_verifier" parameter is required when a grant_type is AUTHORIZATION_CODE_WITH_PKCE.'
                 )
             auth_session_params["code_challenge_method"] = "S256"
-            create_authorization_url_params["code_verifier"] = self.code_verifier
+            self.create_authorization_url_params["code_verifier"] = self.code_verifier
 
         self.client = OAuth2Session(
             self.client_id,
@@ -89,29 +89,35 @@ def __init__(
             **auth_session_params,
         )
 
+        self.login_url = ""
+        self.registration_url = ""
+
+        self.jwks_client = PyJWKClient(
+            uri=f"{self.domain}/.well-known/jwks.json",
+            cache_keys=True,
+        )
+
+    def _get_auth_url(self, state: str = None):
         self.login_url, self.state = self.client.create_authorization_url(
-            self.authorization_endpoint, **create_authorization_url_params
+            self.authorization_endpoint, **self.create_authorization_url_params, state=state
         )
 
         if self.audience:
             self.login_url = f"{self.login_url}&audience={self.audience}"
         if self.org_code:
             self.login_url = f"{self.login_url}&org_code={self.org_code}"
 
-        self.registration_url = f"{self.login_url}&start_page=registration"
-        self.create_org_url = f"{self.registration_url}&is_create_org=true"
-        self.jwks_client = PyJWKClient(
-            uri=f"{self.domain}/.well-known/jwks.json",
-            cache_keys=True,
-        )
-
+    def get_login_url(self, additional_params: Optional[Dict[str, str]] = None, state: str = None) -> str:
+        self._get_auth_url(state=state)
 
-    def get_login_url(self, additional_params: Optional[Dict[str, str]] = None) -> str:
         if additional_params:
             return self._add_additional_params(self.login_url, additional_params=additional_params)
         return self.login_url
 
-    def get_register_url(self, additional_params: Optional[Dict[str, str]] = None) -> str:
+    def get_register_url(self, additional_params: Optional[Dict[str, str]] = None, state: str = None) -> str:
+        self._get_auth_url(state=state)
+        self.registration_url = f"{self.login_url}&start_page=registration"
+
         if additional_params:
             return self._add_additional_params(self.registration_url, additional_params=additional_params)
         return self.registration_url
@@ -129,7 +135,7 @@ def is_authenticated(self) -> bool:
         return False
 
     def create_org(self) -> str:
-        return self.create_org_url
+        return f"{self.registration_url}&is_create_org=true"
 
     def get_claim(self, key: str, token_name: str = "access_token") -> Any:
         if token_name not in self.TOKEN_NAMES:

kinde_sdk/test/test_kinde_api_client.py

@@ -2,6 +2,7 @@
 from unittest.mock import patch, MagicMock
 from kinde_sdk.kinde_api_client import KindeApiClient, GrantType
 from kinde_sdk import __version__
+from urllib.parse import urlparse, parse_qs
 
 class TestKindeApiClient(unittest.TestCase):
 
@@ -164,5 +165,43 @@ def test_fetch_token_headers_with_PKCE(self):
         self.assertIn('code_verifier', call_kwargs)
         self.assertEqual(call_kwargs['code_verifier'], '1234')
 
+
+
+class TestKindeApiClientAdditional(unittest.TestCase):
+    def setUp(self):
+        self.domain = "https://example.kinde.com"
+        self.callback_url = "https://example.com/callback"
+        self.client_id = "test_client_id"
+        self.client_secret = "test_client_secret"
+
+    def _create_kinde_client(self, grant_type, code_verifier=None):
+        return KindeApiClient(
+            domain=self.domain,
+            callback_url=self.callback_url,
+            client_id=self.client_id,
+            client_secret=self.client_secret,
+            grant_type=grant_type,
+            code_verifier = code_verifier
+        )
+            
+    def test_get_login_url_state(self):
+        client = self._create_kinde_client(GrantType.AUTHORIZATION_CODE)
+        login_url = client.get_login_url(state="hello")
+
+        url_parts = urlparse(login_url)
+        query = parse_qs(url_parts.query)
+
+        self.assertEqual(query['state'][0], "hello")
+
+    def test_get_register_url_state(self):
+        client = self._create_kinde_client(GrantType.AUTHORIZATION_CODE)
+        register_url = client.get_register_url(state="regis")
+        
+        url_parts = urlparse(register_url)
+        query = parse_qs(url_parts.query)
+
+        self.assertEqual(query['state'][0], "regis")
+        self.assertEqual(query['start_page'][0], "registration")
+
 if __name__ == '__main__':
     unittest.main()

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "kinde-python-sdk"
-version = "1.2.5"
+version = "1.2.6"
 authors = [
     { name = "Kinde Engineering", email = "engineering@kinde.com" },
 ]