feat: auto discover audience for token exchange when multiple associations exist for connect api integrations

Author: mconflitti-pbc

src/posit/connect/client.py

@@ -12,7 +12,7 @@
 from .groups import Groups
 from .metrics.metrics import Metrics
 from .oauth.oauth import OAuth
-from .oauth.types import OAuthTokenType
+from .oauth.types import OAuthIntegrationType, OAuthTokenType
 from .resources import _PaginatedResourceSequence, _ResourceSequence
 from .sessions import Session
 from .system import System
@@ -198,6 +198,10 @@ def with_user_session_token(
         ----------
         token : str
             The user session token.
+        audience : str, optional
+            The audience for the token exchange. This is the integration GUID of the Connect API integration
+            that is associate with the content. If not provided when there are multiple integrations, the
+            function will attempt to determine the audience from the current content associations.
 
         Returns
         -------
@@ -260,6 +264,18 @@ def user_profile():
         if token is None or token == "":
             raise ValueError("token must be set to non-empty string.")
 
+        # If the audience is not provided and there are multiple associations,
+        # we will try to find the Connect API integration GUID from the content resource.
+        current_content_associations = self.content.get().oauth.associations.find()
+        if audience is None and len(current_content_associations) > 1:
+            connect_api_integration_guids = [
+                a["oauth_integration_guid"]
+                for a in current_content_associations
+                if a.get("oauth_integration_template") == OAuthIntegrationType.CONNECT
+            ]
+            if len(connect_api_integration_guids) == 1:
+                audience = connect_api_integration_guids[0]
+
         visitor_credentials = self.oauth.get_credentials(
             token,
             requested_token_type=OAuthTokenType.API_KEY,

tests/posit/connect/__api__/v1/content/f2f37341-e21d-3d80-c698-a935ad614066/oauth/integrations/associations.json

@@ -12,7 +12,7 @@
     "oauth_integration_guid": "00000000-a27b-4118-ad06-e24459b05126",
     "oauth_integration_name": "another integration",
     "oauth_integration_description": "another description",
-    "oauth_integration_template": "custom",
+    "oauth_integration_template": "connect",
     "created_time": "2024-10-02T18:16:09Z"
   }
 ]

tests/posit/connect/oauth/test_associations.py

@@ -220,9 +220,9 @@ def test(self):
         assert found["oauth_integration_name"] == "keycloak integration"  # first one
 
         # by multiple criteria
-        found = associations.find_by(integration_type="custom", name="another integration")
+        found = associations.find_by(integration_type="connect", name="another integration")
         assert found is not None
-        assert found["oauth_integration_template"] == "custom"
+        assert found["oauth_integration_template"] == "connect"
         assert found["oauth_integration_name"] == "another integration"
 
         # no match