Add support for logging in to an organization with client credentials

auth0 · Nov 8, 2023 · 84b49e7 · 84b49e7
1 parent dc8bbd8
commit 84b49e7
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 0 deletions.
diff --git a/authentication/oauth.go b/authentication/oauth.go
@@ -150,6 +150,10 @@ func (o *OAuth) LoginWithClientCredentials(ctx context.Context, body oauth.Login
 		"audience": []string{body.Audience},
 	}
 
+	if body.Organization != "" {
+		data.Set("organization", body.Organization)
+	}
+
 	err = o.addClientAuthentication(body.ClientAuthentication, data, true)
 
 	if err != nil {

diff --git a/authentication/oauth/oauth.go b/authentication/oauth/oauth.go
@@ -83,6 +83,8 @@ type LoginWithClientCredentialsRequest struct {
 	Audience string
 	// Extra parameters to be merged into the request body. Values set here will override any existing values.
 	ExtraParameters map[string]string
+	// And organization name or ID. When included the access token will include the org_id or org_name claim.
+	Organization string
 }
 
 // RefreshTokenRequest defines the request body for logging in with Authorization Code grant.

diff --git a/authentication/oauth_test.go b/authentication/oauth_test.go
@@ -253,6 +253,22 @@ func TestLoginWithClientCredentials(t *testing.T) {
 
 		assert.ErrorContains(t, err, "Unsupported client assertion algorithm \"invalid-alg\" provided")
 	})
+
+	t.Run("Should support passing an organization", func(t *testing.T) {
+		configureHTTPTestRecordings(t)
+
+		tokenSet, err := authAPI.OAuth.LoginWithClientCredentials(context.Background(), oauth.LoginWithClientCredentialsRequest{
+			ClientAuthentication: oauth.ClientAuthentication{
+				ClientSecret: clientSecret,
+			},
+			Audience:     "my-api",
+			Organization: "org_test",
+		}, oauth.IDTokenValidationOptions{})
+
+		assert.NoError(t, err)
+		assert.NotEmpty(t, tokenSet.AccessToken)
+		assert.Equal(t, "Bearer", tokenSet.TokenType)
+	})
 }
 
 func TestRefreshToken(t *testing.T) {

diff --git a/...authentication/TestLoginWithClientCredentials/Should_support_passing_an_organization.yaml b/...authentication/TestLoginWithClientCredentials/Should_support_passing_an_organization.yaml
@@ -0,0 +1,46 @@
+---
+version: 2
+interactions:
+    - id: 0
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 201
+        transfer_encoding: []
+        trailer: {}
+        host: go-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: audience=my-api&client_id=test-client_id&client_secret=test-client_secret&grant_type=client_credentials&organization=org_test
+        form:
+            audience:
+                - my-api
+            client_id:
+                - test-client_id
+            client_secret:
+                - test-client_secret
+            grant_type:
+                - client_credentials
+            organization:
+                - org_test
+        headers:
+            Content-Type:
+                - application/x-www-form-urlencoded
+        url: https://go-auth0-dev.eu.auth0.com/oauth/token
+        method: POST
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: -1
+        uncompressed: true
+        body: '{"access_token":"test-access-token","expires_in":86400,"token_type":"Bearer"}'
+        headers:
+            Content-Type:
+                - application/json
+        status: 200 OK
+        code: 200
+        duration: 487.449709ms