descope · slavikm · Mar 6, 2024 · Mar 5, 2024 · Mar 6, 2024
diff --git a/src/main/java/com/descope/model/mgmt/AccessKeyRequest.java b/src/main/java/com/descope/model/mgmt/AccessKeyRequest.java
@@ -13,4 +13,5 @@ public class AccessKeyRequest {
   private List<String> roleNames;
   private List<Map<String, Object>> keyTenants;
   private String userId;
+  private Map<String, Object> customClaims;
 }
diff --git a/src/main/java/com/descope/sdk/mgmt/AccessKeyService.java b/src/main/java/com/descope/sdk/mgmt/AccessKeyService.java
@@ -5,15 +5,22 @@
 import com.descope.model.mgmt.AccessKeyResponse;
 import com.descope.model.mgmt.AccessKeyResponseList;
 import java.util.List;
+import java.util.Map;
 
 public interface AccessKeyService {
 
   AccessKeyResponse create(String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants)
       throws DescopeException;
 
+  AccessKeyResponse create(String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants,
+      Map<String, Object> customClaims) throws DescopeException;
+
   AccessKeyResponse create(String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants,
       String userId) throws DescopeException;
 
+  AccessKeyResponse create(String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants,
+      String userId, Map<String, Object> customClaims) throws DescopeException;
+
   AccessKeyResponse load(String id) throws DescopeException;
 
   AccessKeyResponseList searchAll(List<String> tenantIDs) throws DescopeException;

diff --git a/src/main/java/com/descope/sdk/mgmt/impl/AccessKeyServiceImpl.java b/src/main/java/com/descope/sdk/mgmt/impl/AccessKeyServiceImpl.java
@@ -33,25 +33,34 @@ class AccessKeyServiceImpl extends ManagementsBase implements AccessKeyService {
   public AccessKeyResponse create(
       String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants)
       throws DescopeException {
-    if (StringUtils.isBlank(name)) {
-      throw ServerCommonException.invalidArgument("Name");
-    }
-    AccessKeyRequest body = createAccessKeyBody(name, expireTime, roleNames, keyTenants, null);
-    ApiProxy apiProxy = getApiProxy();
-    return apiProxy.post(getUri(MANAGEMENT_ACCESS_KEY_CREATE_LINK), body, AccessKeyResponse.class);
+    return create(name, expireTime, roleNames, keyTenants, null, null);
+  }
+
+  @Override
+  public AccessKeyResponse create(
+      String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants,
+      Map<String, Object> customClaims) throws DescopeException {
+    return create(name, expireTime, roleNames, keyTenants, null, customClaims);    
   }
 
   @Override
   public AccessKeyResponse create(
       String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants, String userId)
       throws DescopeException {
-    if (StringUtils.isBlank(name)) {
-      throw ServerCommonException.invalidArgument("Name");
-    }
     if (StringUtils.isBlank(userId)) {
       throw ServerCommonException.invalidArgument("user id");
     }
-    AccessKeyRequest body = createAccessKeyBody(name, expireTime, roleNames, keyTenants, userId);
+    return create(name, expireTime, roleNames, keyTenants, userId, null);
+  }
+
+  @Override
+  public AccessKeyResponse create(
+      String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants, String userId,
+      Map<String, Object> customClaims) throws DescopeException {
+    if (StringUtils.isBlank(name)) {
+      throw ServerCommonException.invalidArgument("Name");
+    }
+    AccessKeyRequest body = createAccessKeyBody(name, expireTime, roleNames, keyTenants, userId, customClaims);
     ApiProxy apiProxy = getApiProxy();
     return apiProxy.post(getUri(MANAGEMENT_ACCESS_KEY_CREATE_LINK), body, AccessKeyResponse.class);
   }
@@ -123,14 +132,15 @@ public void delete(String id) throws DescopeException {
     apiProxy.post(getUri(MANAGEMENT_ACCESS_KEY_DELETE_LINK), request, Void.class);
   }
 
-  private AccessKeyRequest createAccessKeyBody(
-      String name, int expireTime, List<String> roleNames, List<AssociatedTenant> keyTenants, String userId) {
+  private AccessKeyRequest createAccessKeyBody(String name, int expireTime, List<String> roleNames,
+      List<AssociatedTenant> keyTenants, String userId, Map<String, Object> customClaims) {
     return AccessKeyRequest.builder()
         .name(name)
         .expireTime(expireTime)
         .roleNames(roleNames)
         .keyTenants(MgmtUtils.createAssociatedTenantList(keyTenants))
         .userId(userId)
+        .customClaims(customClaims)
         .build();
   }
 }
diff --git a/src/test/java/com/descope/sdk/auth/impl/AuthenticationServiceImplTest.java b/src/test/java/com/descope/sdk/auth/impl/AuthenticationServiceImplTest.java
@@ -133,13 +133,17 @@ void testFunctionalFullCycle() throws Exception {
   @RetryingTest(value = 3, suspendForMs = 30000, onExceptions = RateLimitExceededException.class)
   void testFunctionalExchangeToken() throws Exception {
     String name = TestUtils.getRandomName("ak-");
-    AccessKeyResponse resp = accessKeyService.create(name, 0, null, null);
+    AccessKeyResponse resp = accessKeyService.create(name, 0, null, null, null, mapOf("K1", "V1"));
     Token token = authenticationService.exchangeAccessKey(resp.getCleartext(),
         new AccessKeyLoginOptions(mapOf("kuku", "kiki")));
+
     // temporary
     @SuppressWarnings("unchecked")
+    // Validate the nsec claims (passed through the exchange method)
     Map<String, Object> nsecClaims = Map.class.cast(token.getClaims().get("nsec"));
     assertEquals("kiki", nsecClaims.get("kuku"));
+    // Validate the secured claims (passed through the Create method)
+    assertEquals("V1", token.getClaims().get("K1"));
     accessKeyService.delete(resp.getKey().getId());
   }
 }