Skip to content

Add SDK method for agent sub organization auth #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
HasiniSama wants to merge 1 commit into from
Closed

Add SDK method for agent sub organization auth #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions packages/asgardeo-ai/src/asgardeo_ai/agent_auth_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -388,6 +388,41 @@ async def get_obo_token_with_ciba(
logger.error(f"CIBA OBO token exchange failed: {e}")
raise TokenError(f"CIBA OBO token exchange failed: {e}")

async def switch_token_to_organization(
self,
token: str,
switching_organization: str,
scopes: Optional[List[str]] = None
) -> OAuthToken:
"""Switch token to a sub-organization.

:param token: The current access token to be switched.
:param switching_organization: The ID or UUID of the target organization.
:param scopes: Optional list of scopes to request.
:return: OAuth token for the switched organization.
"""
if not token:
raise ValidationError("Token is required for organization switch.")
if not switching_organization:
raise ValidationError("switching_organization is required.")

scope_str = ' '.join(scopes) if scopes else "add"

try:
switched_token = await self.token_client.get_token(
'organization_switch',
token=token,
switching_organization=switching_organization,
scope=scope_str
)
return switched_token

except (TokenError, ValidationError):
raise
except Exception as e:
logger.error(f"Organization switch failed: {e}")
raise TokenError(f"Organization switch failed: {e}")

async def revoke_token(
self,
token: str,
Expand Down
12 changes: 12 additions & 0 deletions packages/asgardeo/src/asgardeo/auth/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,18 @@ async def get_token(self, grant_type: str, **kwargs: Any) -> OAuthToken:
scope = kwargs.get("scope")
if scope:
data["scope"] = scope
elif grant_type == "organization_switch":
token = kwargs.get("token")
switching_organization = kwargs.get("switching_organization")
if not token or not switching_organization:
raise ValidationError(
"token and switching_organization are required for 'organization_switch' grant type.",
)
data["token"] = token
data["switching_organization"] = switching_organization
scope = kwargs.get("scope")
if scope:
data["scope"] = scope
else:
raise ValidationError(f"Unsupported grant type: {grant_type}")

Expand Down
Loading
You are viewing a condensed version of this merge commit. You can view the full changes here.