Skip to content

feat(ciba): support RAR requests #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 15, 2025
Merged

feat(ciba): support RAR requests #38

merged 1 commit into from
May 15, 2025

Conversation

cristiandouce
Copy link
Contributor

This pull request introduces support for handling authorization_details in the CIBA (Client-Initiated Backchannel Authentication) authorization flow. The changes allow authorization_details to be specified as either a static list of dictionaries or a callable that resolves to such a list. Below are the key updates:

Enhancements to CIBA Authorization Flow:

  • Support for authorization_details in _get_authorize_params: Updated the _get_authorize_params method in ciba_authorizer_base.py to handle authorization_details dynamically. It checks whether authorization_details is a list, a coroutine function, or a callable, and processes it accordingly.

  • New authorization_details attribute in CIBAAuthorizerParams: Added the authorization_details attribute to the CIBAAuthorizerParams class in ciba_authorizer_params.py. This attribute can either be a list of dictionaries or a callable that resolves to such a list, providing more flexibility in specifying authorization details. [1] [2]

@cristiandouce cristiandouce requested a review from Copilot May 15, 2025 15:24
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for authorization_details in the CIBA flow, allowing static lists or callables to be resolved dynamically in authorization requests.

  • Introduces a new authorization_details field in CIBAAuthorizerParams
  • Updates _get_authorize_params to handle static lists, async callables, and sync callables for authorization details

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
packages/auth0-ai/auth0_ai/authorizers/ciba/ciba_authorizer_params.py Adds authorization_details to the TypedDict definition
packages/auth0-ai/auth0_ai/authorizers/ciba/ciba_authorizer_base.py Implements logic in _get_authorize_params to resolve authorization_details
Comments suppressed due to low confidence (2)

packages/auth0-ai/auth0_ai/authorizers/ciba/ciba_authorizer_base.py:132

  • Add unit tests covering cases where authorization_details is a static list, a synchronous callable, and an asynchronous callable to ensure correct resolution.
if isinstance(self.params.get("authorization_details"), list):

packages/auth0-ai/auth0_ai/authorizers/ciba/ciba_authorizer_base.py:129

  • Update the docstring for _get_authorize_params to describe the new authorization_details handling (static list, sync callable, async callable) so documentation matches behavior.
async def _get_authorize_params(self, *args: ToolInput.args, **kwargs: ToolInput

@@ -25,6 +30,7 @@ class CIBAAuthorizerParams(TypedDict, Generic[ToolInput]):
"""
scopes: list[str]
binding_message: Union[str, Callable[ToolInput, Awaitable[str]]]
authorization_details: Optional[Union[list[dict], Callable[ToolInput, Awaitable[list[dict]]]]]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: declare this arg after all mandatory args

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done 🎉

Comment on lines 14 to 18
authorization_details (Optional[Union[list[dict], Callable[..., Awaitable[list[dict]]]]]):
Authorization details that specify what the user is authorizing. Can be:
- A list of dictionaries with authorization details (e.g., [{ type: "custom_type", param: "example", ...}] details)
- A function that resolves to a list of dictionaries
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
authorization_details (Optional[Union[list[dict], Callable[..., Awaitable[list[dict]]]]]):
Authorization details that specify what the user is authorizing. Can be:
- A list of dictionaries with authorization details (e.g., [{ type: "custom_type", param: "example", ...}] details)
- A function that resolves to a list of dictionaries
authorization_details (Optional[Union[list[dict], Callable[..., list[dict]], Callable[..., Awaitable[list[dict]]]]]): The authorization requirements list (e.g., [{ type: "custom_type", param: "example", ...}]), or a function that resolves it. More info: https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authorization-with-ciba

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done! 🎉

@cristiandouce cristiandouce force-pushed the support-ciba-rar branch 2 times, most recently from 1d3f7c5 to 1791baf Compare May 15, 2025 20:15
@cristiandouce cristiandouce merged commit 036c45d into main May 15, 2025
1 check passed
@cristiandouce cristiandouce deleted the support-ciba-rar branch May 15, 2025 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants