chore: add GTID to default IAS claims

Author: LucasAlvesSoares

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "sap-cloud-sdk"
-version = "0.10.0"
+version = "0.10.1"
 description = "SAP Cloud SDK for Python"
 readme = "README.md"
 license = "Apache-2.0"

src/sap_cloud_sdk/ias/_claims.py

@@ -24,6 +24,7 @@ class _IASClaim(str, Enum):
     NAME = "name"
     NONCE = "nonce"
     PREFERRED_USERNAME = "preferred_username"
+    SAP_GTID = "sap_gtid"
     SAP_ID_TYPE = "sap_id_type"
     SCIM_ID = "scim_id"
     SID = "sid"

src/sap_cloud_sdk/ias/_token.py

@@ -56,6 +56,10 @@ class IASClaims:
         nonce: String associated with the client session to mitigate replay
             attacks.
         preferred_username: Human-readable display name / username of the user.
+        sap_gtid: SAP claim carrying the GTID of the application. Included in
+            access tokens when a GTID is configured on the app or app reference,
+            allowing downstream services to identify the originating application
+            tenant without a full SCI lookup.
         sap_id_type: SAP claim identifying the type of token.
             ``"app"`` for application credentials, ``"user"`` for user
             credentials.
@@ -89,6 +93,7 @@ class IASClaims:
     name: Optional[str] = None
     nonce: Optional[str] = None
     preferred_username: Optional[str] = None
+    sap_gtid: Optional[str] = None
     sap_id_type: Optional[str] = None
     scim_id: Optional[str] = None
     sid: Optional[str] = None
@@ -157,6 +162,7 @@ def parse_token(token: str) -> IASClaims:
         name=payload.get(_IASClaim.NAME),
         nonce=payload.get(_IASClaim.NONCE),
         preferred_username=payload.get(_IASClaim.PREFERRED_USERNAME),
+        sap_gtid=payload.get(_IASClaim.SAP_GTID),
         sap_id_type=payload.get(_IASClaim.SAP_ID_TYPE),
         scim_id=payload.get(_IASClaim.SCIM_ID),
         sid=payload.get(_IASClaim.SID),

tests/ias/unit/test_token.py

@@ -34,6 +34,7 @@ def test_all_claims_mapped(self):
             "name": "Jane Marie Doe",
             "nonce": "random-nonce",
             "preferred_username": "jane.doe",
+            "sap_gtid": "app-gtid-value",
             "sap_id_type": "user",
             "scim_id": "scim-user-id-xyz",
             "sid": "session-id-123",
@@ -62,6 +63,7 @@ def test_all_claims_mapped(self):
         assert claims.name == "Jane Marie Doe"
         assert claims.nonce == "random-nonce"
         assert claims.preferred_username == "jane.doe"
+        assert claims.sap_gtid == "app-gtid-value"
         assert claims.sap_id_type == "user"
         assert claims.scim_id == "scim-user-id-xyz"
         assert claims.sid == "session-id-123"
@@ -115,6 +117,10 @@ def test_ias_apis_as_string(self):
         claims = parse_token(_make_token({"ias_apis": "ALL"}))
         assert claims.ias_apis == "ALL"
 
+    def test_sap_gtid_mapped(self):
+        claims = parse_token(_make_token({"sap_gtid": "gtid-12345"}))
+        assert claims.sap_gtid == "gtid-12345"
+
     def test_sap_id_type_app(self):
         claims = parse_token(_make_token({"sap_id_type": "app"}))
         assert claims.sap_id_type == "app"