Skip to content

add support for provider_scopes query param #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stacurry merged 2 commits into from
May 29, 2025
Merged

add support for provider_scopes query param #454

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3c068f1
add support for provider_scopes query param
stacurry May 29, 2025
a4e6739
fix formatting
stacurry May 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions tests/test_user_management.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,29 @@ def test_authorization_url_has_expected_query_params_with_screen_hint(self):
"provider": "authkit",
}

def test_authorization_url_has_expected_query_params_with_provider_scopes(self):
provider = "GoogleOAuth"
provider_scopes = [
"https://www.googleapis.com/auth/calendar",
"https://www.googleapis.com/auth/admin.directory.group",
]
redirect_uri = "https://localhost/auth/callback"
authorization_url = self.user_management.get_authorization_url(
provider=provider,
provider_scopes=provider_scopes,
redirect_uri=redirect_uri,
)

parsed_url = urlparse(authorization_url)
assert parsed_url.path == "/user_management/authorize"
assert dict(parse_qsl(str(parsed_url.query))) == {
"provider": provider,
"provider_scopes": ",".join(provider_scopes),
"client_id": self.http_client.client_id,
"redirect_uri": redirect_uri,
"response_type": RESPONSE_TYPE_CODE,
}

def test_get_jwks_url(self):
expected = "%ssso/jwks/%s" % (
self.http_client.base_url,
Expand Down
4 changes: 4 additions & 0 deletions workos/user_management.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,7 @@ def get_authorization_url(
login_hint: Optional[str] = None,
state: Optional[str] = None,
provider: Optional[UserManagementProviderType] = None,
provider_scopes: Optional[Sequence[str]] = None,
connection_id: Optional[str] = None,
organization_id: Optional[str] = None,
code_challenge: Optional[str] = None,
Expand All @@ -379,6 +380,7 @@ def get_authorization_url(
The value of this parameter should be a WorkOS Organization ID. (Optional)
provider (UserManagementProviderType): The provider connection selector is used to initiate SSO using an OAuth-compatible provider.
Currently, the supported values for provider are 'authkit', 'AppleOAuth', 'GitHubOAuth, 'GoogleOAuth', and 'MicrosoftOAuth'. (Optional)
provider_scopes (Sequence[str]): Can be used to specify additional scopes that will be requested when initiating SSO using an OAuth provider. (Optional)
domain_hint (str): Can be used to pre-fill the domain field when initiating authentication with Microsoft OAuth,
or with a GoogleSAML connection type. (Optional)
login_hint (str): Can be used to pre-fill the username/email address field of the IdP sign-in page for the user,
Expand Down Expand Up @@ -412,6 +414,8 @@ def get_authorization_url(
params["organization_id"] = organization_id
if provider is not None:
params["provider"] = provider
if provider_scopes is not None:
params["provider_scopes"] = ",".join(provider_scopes)
if domain_hint is not None:
params["domain_hint"] = domain_hint
if login_hint is not None:
Expand Down