Skip to content

feat(outbound): add token/api-key upload and connection-status list methods#1591

Merged
dorsha merged 2 commits into
mainfrom
feat/outbound-token-methods
Jun 27, 2026
Merged

feat(outbound): add token/api-key upload and connection-status list methods#1591
dorsha merged 2 commits into
mainfrom
feat/outbound-token-methods

Conversation

@dorsha

@dorsha dorsha commented Jun 27, 2026
edited
Loading

Copy link
Copy Markdown
Member

Description

The outbound-application management REST API already ships these endpoints, but the Python SDK didn't wrap them. This adds them to mgmt.outbound_application on both the sync and async clients:

Upload / migrate credentials (descope/etc#16568)

  • upload_user_api_key(app_id, user_id, api_key, tenant_id=None) / upload_tenant_api_key(app_id, tenant_id, api_key) — store a static API key on an apikey-type app
  • upload_user_token(...) / upload_tenant_token(...) — migrate an existing OAuth token without re-running the flow
  • batch_upload_user_tokens(tokens) / batch_upload_tenant_tokens(tokens) — all-or-nothing batch (returns per-item failures)

Connection-status read (descope/etc#16569)

  • list_apps_with_user_token(user_id, tenant_id=None) — the app IDs a user holds a valid token for; replaces calling fetch_token once per app and sniffing a not-found error code

The shared _compose_oauth_upload_body helper lives on OutboundApplicationBase so sync and async reuse it. Request bodies match the backend proto messages field-for-field (API-key field is apiKey; verify_refresh is single-upload only).

Verified locally: full suite 864 passed, ruff check clean, mypy clean.

Incidental lock fix

main's lock was already unsatisfiable: #1584 (renovate) bumped the python_version < '3.10' pin to pytest-asyncio==1.4.0, but 1.4.0 dropped Python 3.9 support, so uv sync --locked failed CI's install step on every PR. Reverted that entry to ==1.2.0 (last release supporting 3.9) and regenerated uv.lock; uv sync --all-extras --locked succeeds again.

Must

  • Tests — sync + async cases for every new method (tests/management/test_outbound_application.py)
  • Documentation — README "Manage Outbound Applications" section updated

🤖 Generated with Claude Code

@dorsha @claude
feat(outbound): add token/api-key upload and connection-status list m…
790d148 
…ethods

Wrap the outbound-application management REST endpoints that the SDK didn't expose,
on mgmt.outbound_application (both sync and async clients):

- upload_user_api_key / upload_tenant_api_key (apikey-type apps)
- upload_user_token / upload_tenant_token + batch_upload_{user,tenant}_tokens (oauth-type migration)
- list_apps_with_user_token (connection-status read, replaces N fetch_token calls)

The shared _compose_oauth_upload_body helper lives on OutboundApplicationBase so both
the sync and async clients reuse it.

Closes descope/etc#16568
Closes descope/etc#16569

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@shuni-bot-dev

shuni-bot-dev Bot commented Jun 27, 2026
edited
Loading

Copy link
Copy Markdown

🐕 Review complete — View session on Shuni Portal 🐾

@shuni-bot-dev

shuni-bot-dev Bot commented Jun 27, 2026

Copy link
Copy Markdown

🐕 Suggested Reviewers

The reviewers were selected based on recent activity in relevant files, coverage of different aspects of the codebase, and familiarity with outbound application and API integrations.

Reviewer Reason
LioriE Recently modified multiple files related to outbound application and shared common code, indicating familiarity with the new endpoint integrations.
orios123 Contributed to common.py, suggesting understanding of core components and overall structure relevant to the new methods.
gaokevin1 Worked on outbound_application.py and related tests, making them well-positioned to review the implementation of new API wrapper methods.
cemiekee Contributed to common.py and has recent activity on test files, suitable for reviewing both code changes and test coverage.
ruvenzx Has recent commits in shared files like common.py and README.md, providing broad perspective on the overall project and documentation updates.

Suggested by Shuni based on git history and PR context. Names are not @-mentioned to avoid notifying anyone — request a review from whoever fits best.

shuni-bot-dev[bot]
shuni-bot-dev Bot reviewed Jun 27, 2026
View reviewed changes

@shuni-bot-dev shuni-bot-dev Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐕 Shuni's Review

Wraps the outbound-application token/api-key upload and connection-status endpoints on both the sync and async management clients, reusing a shared _compose_oauth_upload_body helper.

No issues found — good bones! Thin REST wrappers that match the existing patterns, sync/async parity is exact, the helper's positional arg order (granted_by then verify_refresh) lines up with the call sites, and tests cover the new methods. Woof!

@dorsha dorsha requested review from LioriE, aviadl and talaharoni June 27, 2026 08:07
@dorsha dorsha enabled auto-merge (squash) June 27, 2026 08:07
@dorsha @claude
build(deps): restore pytest-asyncio==1.2.0 on python < 3.10
4af723c 
#1584 (renovate) bumped the python_version < '3.10' pin to pytest-asyncio==1.4.0,
but 1.4.0 dropped Python 3.9 support, so `uv sync --locked` / `uv lock --check`
became unsatisfiable for the 3.9 split and CI's install step failed on every PR.
Revert that entry to ==1.2.0 (the last release supporting 3.9) and regenerate the
lock. `uv sync --all-extras --locked` succeeds again.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dorsha dorsha force-pushed the feat/outbound-token-methods branch from 9e5b0ef to 4af723c Compare June 27, 2026 08:07
@github-actions

github-actions Bot commented Jun 27, 2026

Copy link
Copy Markdown

Coverage report

The coverage rate went from 98.31% to 98.04% ⬇️

93.68% of new lines are covered.

Diff Coverage details (click to unfold)

descope/management/outbound_application_async.py

96.96% of new lines are covered (99.15% of the complete file).
Missing lines: 613

descope/management/outbound_application.py

96.96% of new lines are covered (99.14% of the complete file).
Missing lines: 613

descope/management/_outbound_application_base.py

81.81% of new lines are covered (93.1% of the complete file).
Missing lines: 92, 96, 98, 100

descope/management/common.py

100% of new lines are covered (99.74% of the complete file).

@dorsha dorsha requested a review from omercnet June 27, 2026 08:26
@dorsha dorsha merged commit 2a2a090 into main Jun 27, 2026
34 checks passed
@dorsha dorsha deleted the feat/outbound-token-methods branch June 27, 2026 08:26
@descope-release-bot descope-release-bot Bot mentioned this pull request Jun 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shuni-bot-dev shuni-bot-dev[bot] shuni-bot-dev[bot] left review comments
@omercnet omercnet omercnet approved these changes
@aviadl aviadl Awaiting requested review from aviadl
@LioriE LioriE Awaiting requested review from LioriE
@talaharoni talaharoni Awaiting requested review from talaharoni

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dorsha @omercnet