Add CustomClaims to AccessKey creation (#36)

* Add CustomClaims to AccessKey creation * update doc * fix test * fix missing param
descope · Mar 5, 2024 · 3569b06 · 3569b06
1 parent 84dd33e
commit 3569b06
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -637,12 +637,14 @@ You can create, update, delete or load access keys, as well as search according
 ```ruby
 # An access key must have a name and expiration, other fields are optional.
 # Roles should be set directly if no tenants exist, otherwise set
-# on a per-tenant basis.
+# on a per-tenant basis. If custom_claims supplied they will be presented on the jwt.
+# If customClaims is supplied, then those claims will be present in the JWT returned by calls to ExchangeAccessKey.
 associated_tenants = [{ tenant_id: 'tenant_id1', role_names: %w[role_name1 role_name2] }]
 create_resp = descope_client.create_access_key(
     name: 'name',
     expire_time: 1677844931,
-    key_tenants: associated_tenants
+    key_tenants: associated_tenants,
+	custom_claims: {'k1': 'v1'}
 )
 key = create_resp['key']
 cleartext = create_resp['cleartext'] # make sure to save the returned cleartext securely. It will not be returned again.

diff --git a/lib/descope/api/v1/management/access_key.rb b/lib/descope/api/v1/management/access_key.rb
@@ -9,22 +9,23 @@ module AccessKey
           include Descope::Mixins::Validation
           include Descope::Api::V1::Management::Common
 
-          def create_access_key(name: nil, expire_time: nil, role_names: nil, key_tenants: nil)
+          def create_access_key(name: nil, expire_time: nil, role_names: nil, key_tenants: nil, custom_claims: nil)
             # Create a new access key.'
             # @see https://docs.descope.com/api/openapi/accesskeymanagement/operation/CreateAccessKey/
 
             role_names ||= []
             key_tenants ||= []
             validate_tenants(key_tenants)
-            post(ACCESS_KEY_CREATE_PATH, access_key_compose_create_body(name, expire_time, role_names, key_tenants))
+            post(ACCESS_KEY_CREATE_PATH, access_key_compose_create_body(name, expire_time, role_names, key_tenants, custom_claims))
           end
 
-          def access_key_compose_create_body(name, expire_time, role_names, key_tenants)
+          def access_key_compose_create_body(name, expire_time, role_names, key_tenants, custom_claims)
             {
               name:,
               expireTime: expire_time,
               roleNames: role_names,
-              keyTenants: associated_tenants_to_hash_array(key_tenants)
+              keyTenants: associated_tenants_to_hash_array(key_tenants),
+              customClaims: custom_claims
             }
           end
 

diff --git a/spec/lib.descope/api/v1/management/access_key_spec.rb b/spec/lib.descope/api/v1/management/access_key_spec.rb
@@ -22,7 +22,8 @@
           roleNames: ['test'],
           keyTenants: [
             { tenantId: 'test', roleNames: %w[test test2] }
-          ]
+          ],
+          customClaims: {'k1': 'v1'}
         }
       )
       expect do
@@ -32,7 +33,8 @@
           role_names: ['test'],
           key_tenants: [
             { tenant_id: 'test', role_names: %w[test test2] }
-          ]
+          ],
+          custom_claims: {'k1': 'v1'}
         )
       end.not_to raise_error
     end