feat: add OAuth2 scopes parameter support to CredentialConfiguration by SoulPancake · Pull Request #213

feat: add OAuth2 scopes parameter support to CredentialConfiguration by SoulPancake · Pull Request #213 · openfga/python-sdk

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds optional OAuth2 scopes to CredentialConfiguration and includes the scope parameter in OAuth2 client_credentials token requests (async and sync). Updates tests to cover scopes provided as list or string.

Changes

Cohort / File(s)	Summary
Credential configuration: scopes support `openfga_sdk/credentials.py`	Add scopes to constructor (str
OAuth2 token request (async) `openfga_sdk/oauth2.py`	Include scope in token request body when configuration.scopes is set; join list with spaces or pass string as-is.
OAuth2 token request (sync) `openfga_sdk/sync/oauth2.py`	Same as async: conditionally add scope to client_credentials request body.
Unit tests: credentials `test/credentials_test.py`	Add tests ensuring scopes accepted as list or string in client_credentials configuration.
Unit tests: OAuth2 token acquisition `test/sync/oauth2_test.py`	Add tests verifying scope serialized to form body ("read write admin") and token handling unaffected.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant App
  participant OAuth2Client
  participant AuthServer as OAuth2 Token Endpoint

  App->>OAuth2Client: get_authentication() with client_credentials
  OAuth2Client->>OAuth2Client: Build form: client_id, client_secret, audience, grant_type
  alt scopes provided
    OAuth2Client->>OAuth2Client: If list -> join with spaces; else use string
    OAuth2Client->>AuthServer: POST /oauth/token (form incl. scope)
  else no scopes
    OAuth2Client->>AuthServer: POST /oauth/token (form without scope)
  end
  AuthServer-->>OAuth2Client: 200 OK { access_token, expires_in }
  OAuth2Client-->>App: Authorization: Bearer <token>

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Support passing scopes in CredentialConfiguration for client_credentials (#207)	✅
Serialize scopes (list or string) into space-delimited scope parameter (#207)	✅
Include scope in OAuth2 client_credentials token request (async/sync) (#207)	✅

✨ Finishing Touches

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

Visit our Status Page to check the current availability of CodeRabbit.
Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.