fix: add scopes to device auth (#599)

* feat: add scopes to device authorization * fix: add types --------- Co-authored-by: Marlene <[email protected]>
marcospereirampj · Oct 5, 2024 · 032418d · 032418d
1 parent d44ae42
commit 032418d
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/src/keycloak/keycloak_openid.py b/src/keycloak/keycloak_openid.py
@@ -822,7 +822,7 @@ def register_client(self, token: str, payload: dict):
         )
         return raise_error_from_response(data_raw, KeycloakPostError)
 
-    def device(self):
+    def device(self, scope: str = ""):
         """Get device authorization grant.
 
         The device endpoint is used to obtain a user code verification and user authentication.
@@ -837,11 +837,13 @@ def device(self):
         https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow
         https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it
 
+        :param scope: Scope of authorization request, split with the blank space
+        :type scope: str
         :returns: Device Authorization Response
         :rtype: dict
         """
         params_path = {"realm-name": self.realm_name}
-        payload = {"client_id": self.client_id}
+        payload = {"client_id": self.client_id, "scope": scope}
 
         payload = self._add_secret_key(payload)
         data_raw = self.connection.raw_post(URL_DEVICE.format(**params_path), data=payload)
@@ -1464,7 +1466,7 @@ async def a_register_client(self, token: str, payload: dict):
         )
         return raise_error_from_response(data_raw, KeycloakPostError)
 
-    async def a_device(self):
+    async def a_device(self, scope: str = ""):
         """Get device authorization grant asynchronously.
 
         The device endpoint is used to obtain a user code verification and user authentication.
@@ -1479,11 +1481,13 @@ async def a_device(self):
         https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow
         https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it
 
+        :param scope: Scope of authorization request, split with the blank space
+        :type scope: str
         :returns: Device Authorization Response
         :rtype: dict
         """
         params_path = {"realm-name": self.realm_name}
-        payload = {"client_id": self.client_id}
+        payload = {"client_id": self.client_id, "scope": scope}
 
         payload = self._add_secret_key(payload)
         data_raw = await self.connection.a_raw_post(URL_DEVICE.format(**params_path), data=payload)