Added token management for outbound apps (#155)

slavikm · web-flow · commit 1952d9adfd2a · 2025-03-19T11:28:47.000-07:00
* Added token management for outbound apps

* style fixes

* fix test

* slight rename

* slight rename II

* slight rename III
diff --git a/src/main/java/com/descope/literals/Routes.java b/src/main/java/com/descope/literals/Routes.java
@@ -217,5 +217,10 @@ public static class ManagementEndPoints {
 
     // Password settings
     public static final String MANAGEMENT_PASSWORD_SETTINGS = "/v1/mgmt/password/settings";
+
+    // Outbound
+    public static final String MANAGEMENT_FETCH_OUTBOUND_APP_USER_TOKEN = "/v1/mgmt/outbound/app/user/token";
+    public static final String MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKEN_BY_ID = "/v1/mgmt/outbound/token";
+    public static final String MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKENS = "/v1/mgmt/outbound/tokens";
   }
 }
diff --git a/src/main/java/com/descope/model/mgmt/ManagementServices.java b/src/main/java/com/descope/model/mgmt/ManagementServices.java
@@ -6,6 +6,7 @@
 import com.descope.sdk.mgmt.FlowService;
 import com.descope.sdk.mgmt.GroupService;
 import com.descope.sdk.mgmt.JwtService;
+import com.descope.sdk.mgmt.OutboundAppsService;
 import com.descope.sdk.mgmt.PasswordSettingsService;
 import com.descope.sdk.mgmt.PermissionService;
 import com.descope.sdk.mgmt.ProjectService;
@@ -34,4 +35,5 @@ public class ManagementServices {
   AuthzService authzService;
   ProjectService projectService;
   PasswordSettingsService passwordSettingsService;
+  OutboundAppsService outboundAppsService;
 }
diff --git a/src/main/java/com/descope/model/outbound/DeleteOutboundAppUserTokensRequest.java b/src/main/java/com/descope/model/outbound/DeleteOutboundAppUserTokensRequest.java
@@ -0,0 +1,15 @@
+package com.descope.model.outbound;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class DeleteOutboundAppUserTokensRequest {
+  private String appId;
+  private String userId;
+}
diff --git a/src/main/java/com/descope/model/outbound/FetchOutboundAppTokenOptions.java b/src/main/java/com/descope/model/outbound/FetchOutboundAppTokenOptions.java
@@ -0,0 +1,15 @@
+package com.descope.model.outbound;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FetchOutboundAppTokenOptions {
+  private Boolean withRefreshToken;
+  private Boolean forceRefresh;
+}
diff --git a/src/main/java/com/descope/model/outbound/FetchOutboundAppUserTokenRequest.java b/src/main/java/com/descope/model/outbound/FetchOutboundAppUserTokenRequest.java
@@ -0,0 +1,18 @@
+package com.descope.model.outbound;
+
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FetchOutboundAppUserTokenRequest {
+  private String appId;
+  private String userId;
+  private List<String> scopes;
+  private FetchOutboundAppTokenOptions options;
+}
diff --git a/src/main/java/com/descope/model/outbound/FetchOutboundAppUserTokenResponse.java b/src/main/java/com/descope/model/outbound/FetchOutboundAppUserTokenResponse.java
@@ -0,0 +1,14 @@
+package com.descope.model.outbound;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FetchOutboundAppUserTokenResponse {
+  private OutboundAppToken token;
+}
diff --git a/src/main/java/com/descope/model/outbound/OutboundAppToken.java b/src/main/java/com/descope/model/outbound/OutboundAppToken.java
@@ -0,0 +1,31 @@
+package com.descope.model.outbound;
+
+import com.descope.utils.InstantToMillisSerializer;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import java.time.Instant;
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class OutboundAppToken {
+  private String id;
+  private String appId;
+  private String userId;
+  private String tokenSub;
+  private String accessToken;
+  private String accessTokenType;
+  @JsonSerialize(using = InstantToMillisSerializer.class)
+  private Instant accessTokenExpiry;
+  private boolean hasRefreshToken;
+  private String refreshToken;
+  @JsonSerialize(using = InstantToMillisSerializer.class)
+  private Instant lastRefreshTime;
+  private String lastRefreshError;
+  private List<String> scopes;
+}
diff --git a/src/main/java/com/descope/model/user/request/UserSearchRequest.java b/src/main/java/com/descope/model/user/request/UserSearchRequest.java
@@ -29,6 +29,7 @@ public class UserSearchRequest {
   List<String> emails;
   List<String> phones;
   List<String> loginIds;
+  List<String> userIds;
   List<String> ssoAppIds;
   /** Retrieve only users created after the given time. */
   @JsonSerialize(using = InstantToMillisSerializer.class)
diff --git a/src/main/java/com/descope/sdk/mgmt/OutboundAppsService.java b/src/main/java/com/descope/sdk/mgmt/OutboundAppsService.java
@@ -0,0 +1,36 @@
+package com.descope.sdk.mgmt;
+
+import com.descope.exception.DescopeException;
+import com.descope.model.outbound.DeleteOutboundAppUserTokensRequest;
+import com.descope.model.outbound.FetchOutboundAppUserTokenRequest;
+import com.descope.model.outbound.FetchOutboundAppUserTokenResponse;
+
+/** Provides functions for managing outbound application tokens for a user in a project. */
+public interface OutboundAppsService {
+
+  /**
+   * Fetch the requested token (if exists) for the given user and outbound application.
+   *
+   * @param request The token details including the requested scopes
+   * @return The requested token
+   * @throws DescopeException in case of errors
+   */
+  FetchOutboundAppUserTokenResponse fetchOutboundAppUserToken(FetchOutboundAppUserTokenRequest request)
+      throws DescopeException;
+
+  /**
+   * Delete the outbound application token for the given ID.
+   *
+   * @param id required token ID
+   * @throws DescopeException in case of errors
+   */
+  void deleteOutboundAppTokenById(String id) throws DescopeException;
+
+  /**
+   * Delete all outbound application tokens for the given user.
+   *
+   * @param request required request containing user ID and app ID
+   * @throws DescopeException in case of errors
+   */
+  void deleteOutboundAppUserTokens(DeleteOutboundAppUserTokensRequest request) throws DescopeException;
+}
diff --git a/src/main/java/com/descope/sdk/mgmt/impl/ManagementServiceBuilder.java b/src/main/java/com/descope/sdk/mgmt/impl/ManagementServiceBuilder.java
@@ -22,6 +22,7 @@ public static ManagementServices buildServices(Client client) {
         .projectService(new ProjectServiceImpl(client))
         .passwordSettingsService(new PasswordSettingsServiceImpl(client))
         .ssoApplicationService(new SsoApplicationServiceImpl(client))
+        .outboundAppsService(new OutboundAppsServiceImpl(client))
         .build();
   }
 }
diff --git a/src/main/java/com/descope/sdk/mgmt/impl/OutboundAppsServiceImpl.java b/src/main/java/com/descope/sdk/mgmt/impl/OutboundAppsServiceImpl.java
@@ -0,0 +1,68 @@
+package com.descope.sdk.mgmt.impl;
+
+import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKENS;
+import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKEN_BY_ID;
+import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_FETCH_OUTBOUND_APP_USER_TOKEN;
+import static com.descope.utils.CollectionUtils.mapOf;
+
+import com.descope.exception.DescopeException;
+import com.descope.exception.ServerCommonException;
+import com.descope.model.client.Client;
+import com.descope.model.outbound.DeleteOutboundAppUserTokensRequest;
+import com.descope.model.outbound.FetchOutboundAppUserTokenRequest;
+import com.descope.model.outbound.FetchOutboundAppUserTokenResponse;
+import com.descope.proxy.ApiProxy;
+import com.descope.sdk.mgmt.OutboundAppsService;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+
+public class OutboundAppsServiceImpl extends ManagementsBase implements OutboundAppsService {
+
+  OutboundAppsServiceImpl(Client client) {
+    super(client);
+  }
+
+  @Override
+  public FetchOutboundAppUserTokenResponse fetchOutboundAppUserToken(FetchOutboundAppUserTokenRequest request)
+      throws DescopeException {
+    if (request == null) {
+      throw ServerCommonException.invalidArgument("request");
+    }
+    if (StringUtils.isBlank(request.getAppId())) {
+      throw ServerCommonException.invalidArgument("appId");
+    }
+    if (StringUtils.isBlank(request.getUserId())) {
+      throw ServerCommonException.invalidArgument("userId");
+    }
+    if (CollectionUtils.isEmpty(request.getScopes())) {
+      throw ServerCommonException.invalidArgument("scopes");
+    }
+    ApiProxy apiProxy = getApiProxy();
+    return apiProxy.post(getUri(MANAGEMENT_FETCH_OUTBOUND_APP_USER_TOKEN), request, 
+      FetchOutboundAppUserTokenResponse.class);
+  }
+
+  @Override
+  public void deleteOutboundAppTokenById(String id) throws DescopeException {
+    if (StringUtils.isBlank(id)) {
+      throw ServerCommonException.invalidArgument("id");
+    }
+    ApiProxy apiProxy = getApiProxy();
+    apiProxy.delete(getUri(MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKEN_BY_ID), mapOf("id", id), Void.class);
+  }
+
+  @Override
+  public void deleteOutboundAppUserTokens(DeleteOutboundAppUserTokensRequest request) throws DescopeException {
+    if (request == null) {
+      throw ServerCommonException.invalidArgument("request");
+    }
+    if (StringUtils.isBlank(request.getAppId())) {
+      throw ServerCommonException.invalidArgument("appId");
+    }
+    if (StringUtils.isBlank(request.getUserId())) {
+      throw ServerCommonException.invalidArgument("userId");
+    }
+    ApiProxy apiProxy = getApiProxy();
+    apiProxy.delete(getUri(MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKENS), request, Void.class);
+  }
+}
diff --git a/src/test/java/com/descope/model/user/request/UserSearchRequestTest.java b/src/test/java/com/descope/model/user/request/UserSearchRequestTest.java
@@ -30,8 +30,9 @@ public void testInstantSerialization() throws JsonProcessingException {
     String expectedJson = String.format(
         "{\"tenantIds\":[\"tenant1\"],\"roles\":[\"role1\"],\"limit\":0,\"page\":0,\"withTestUser\":null,"
         + "\"testUsersOnly\":null,\"customAttributes\":null,\"statuses\":null,\"emails\":null,\"phones\":null,"
-        + "\"loginIds\":null,\"ssoAppIds\":null,\"fromCreatedTime\":%d,\"toCreatedTime\":%d,\"fromModifiedTime\":%d,"
-        + "\"toModifiedTime\":%d}", expectedMillis, expectedMillis, expectedMillis, expectedMillis);
+        + "\"loginIds\":null,\"userIds\":null,\"ssoAppIds\":null,\"fromCreatedTime\":%d,\"toCreatedTime\":%d,"
+        + "\"fromModifiedTime\":%d,\"toModifiedTime\":%d}",
+        expectedMillis, expectedMillis, expectedMillis, expectedMillis);
 
     assertEquals(expectedJson, json);
   }
diff --git a/src/test/java/com/descope/sdk/mgmt/impl/OutboundAppsServiceImplTest.java b/src/test/java/com/descope/sdk/mgmt/impl/OutboundAppsServiceImplTest.java
@@ -0,0 +1,122 @@
+package com.descope.sdk.mgmt.impl;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+
+import com.descope.exception.ServerCommonException;
+import com.descope.model.client.Client;
+import com.descope.model.outbound.DeleteOutboundAppUserTokensRequest;
+import com.descope.model.outbound.FetchOutboundAppUserTokenRequest;
+import com.descope.model.outbound.FetchOutboundAppUserTokenResponse;
+import com.descope.model.outbound.OutboundAppToken;
+import com.descope.proxy.ApiProxy;
+import com.descope.proxy.impl.ApiProxyBuilder;
+import com.descope.sdk.TestUtils;
+import com.descope.sdk.mgmt.OutboundAppsService;
+import java.time.Instant;
+import java.util.Arrays;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+
+class OutboundAppsServiceImplTest {
+
+  private final Instant mockInstant = Instant.now();
+  private final OutboundAppToken mockToken = 
+      OutboundAppToken.builder()
+        .id("someId")
+        .appId("someAppId")
+        .userId("someUserId")
+        .lastRefreshTime(mockInstant)
+        .build();
+  private final FetchOutboundAppUserTokenResponse fetchOutboundAppUserTokenResponse = 
+      FetchOutboundAppUserTokenResponse.builder()
+        .token(mockToken)
+        .build();
+  private OutboundAppsService outboundAppsService;
+
+  @BeforeEach
+  void setUp() {
+    Client client = TestUtils.getClient();
+    this.outboundAppsService =
+        ManagementServiceBuilder.buildServices(client).getOutboundAppsService();
+  }
+
+  @Test
+  void testFetchForMissingRequestParts() {
+    ServerCommonException thrown =
+        assertThrows(ServerCommonException.class, () -> outboundAppsService.fetchOutboundAppUserToken(null));
+    assertNotNull(thrown);
+    assertEquals("The request argument is invalid", thrown.getMessage());
+    thrown =
+        assertThrows(ServerCommonException.class,
+          () -> outboundAppsService.fetchOutboundAppUserToken(new FetchOutboundAppUserTokenRequest()));
+    assertNotNull(thrown);
+    assertEquals("The appId argument is invalid", thrown.getMessage());
+    thrown =
+      assertThrows(ServerCommonException.class,
+        () -> outboundAppsService.fetchOutboundAppUserToken(
+          new FetchOutboundAppUserTokenRequest("appId", "", null, null)));
+    assertNotNull(thrown);
+    assertEquals("The userId argument is invalid", thrown.getMessage());
+    thrown =
+      assertThrows(ServerCommonException.class,
+        () -> outboundAppsService.fetchOutboundAppUserToken(
+          new FetchOutboundAppUserTokenRequest("appId", "userId", null, null)));
+    assertNotNull(thrown);
+    assertEquals("The scopes argument is invalid", thrown.getMessage());
+  }
+
+  @Test
+  void testFetchForSuccess() {
+    ApiProxy apiProxy = mock(ApiProxy.class);
+    doReturn(fetchOutboundAppUserTokenResponse).when(apiProxy).post(any(), any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+        () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      FetchOutboundAppUserTokenResponse response = outboundAppsService.fetchOutboundAppUserToken(
+          FetchOutboundAppUserTokenRequest.builder()
+          .appId("someAppId")
+          .userId("someUserId")
+          .scopes(Arrays.asList("scope1"))
+          .build());
+      assertNotNull(response.getToken());
+      assertEquals("someUserId", response.getToken().getUserId());
+      assertEquals("someAppId", response.getToken().getAppId());
+      assertEquals("someId", response.getToken().getId());
+      assertEquals(mockInstant, response.getToken().getLastRefreshTime());
+    }
+  }
+
+  @Test
+  void testDeleteByIdForMissingRequestParts() {
+    ServerCommonException thrown =
+        assertThrows(ServerCommonException.class, () -> outboundAppsService.deleteOutboundAppTokenById(null));
+    assertNotNull(thrown);
+    assertEquals("The id argument is invalid", thrown.getMessage());
+  }
+
+  @Test
+  void testDeleteAllForMissingRequestParts() {
+    ServerCommonException thrown =
+        assertThrows(ServerCommonException.class, () -> outboundAppsService.deleteOutboundAppUserTokens(null));
+    assertNotNull(thrown);
+    assertEquals("The request argument is invalid", thrown.getMessage());
+    thrown =
+        assertThrows(ServerCommonException.class,
+          () -> outboundAppsService.deleteOutboundAppUserTokens(new DeleteOutboundAppUserTokensRequest()));
+    assertNotNull(thrown);
+    assertEquals("The appId argument is invalid", thrown.getMessage());
+    thrown =
+      assertThrows(ServerCommonException.class,
+        () -> outboundAppsService.deleteOutboundAppUserTokens(
+          new DeleteOutboundAppUserTokensRequest("appId", "")));
+    assertNotNull(thrown);
+    assertEquals("The userId argument is invalid", thrown.getMessage());
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -217,5 +217,10 @@ public static class ManagementEndPoints {`
`217`	`217`
`218`	`218`	`// Password settings`
`219`	`219`	`public static final String MANAGEMENT_PASSWORD_SETTINGS = "/v1/mgmt/password/settings";`
	`220`	`+`
	`221`	`+ // Outbound`
	`222`	`+ public static final String MANAGEMENT_FETCH_OUTBOUND_APP_USER_TOKEN = "/v1/mgmt/outbound/app/user/token";`
	`223`	`+ public static final String MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKEN_BY_ID = "/v1/mgmt/outbound/token";`
	`224`	`+ public static final String MANAGEMENT_DELETE_OUTBOUND_APP_USER_TOKENS = "/v1/mgmt/outbound/tokens";`
`220`	`225`	`}`
`221`	`226`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ public static ManagementServices buildServices(Client client) {`
`22`	`22`	`.projectService(new ProjectServiceImpl(client))`
`23`	`23`	`.passwordSettingsService(new PasswordSettingsServiceImpl(client))`
`24`	`24`	`.ssoApplicationService(new SsoApplicationServiceImpl(client))`
	`25`	`+ .outboundAppsService(new OutboundAppsServiceImpl(client))`
`25`	`26`	`.build();`
`26`	`27`	`}`
`27`	`28`	`}`