fix projectId init by env var + lint fixes (#685)

Author: guyp-descope

descope/auth.py

@@ -9,7 +9,6 @@
 from typing import Iterable, Optional
 
 import jwt
-import requests
 from email_validator import EmailNotValidError, validate_email
 from jwt import ExpiredSignatureError, ImmatureSignatureError
 
@@ -53,8 +52,7 @@ def __init__(
         http_client: HTTPClient,
     ):
         self.lock_public_keys = Lock()
-        # validate project id
-        project_id = project_id or os.getenv("DESCOPE_PROJECT_ID", "")
+
         if not project_id:
             raise AuthException(
                 400,
@@ -451,7 +449,7 @@ def _validate_token(
                     leeway=self.jwt_validation_leeway,
                 )
                 token_audience = unverified_claims.get("aud")
-                
+
                 # If token has audience claim and it matches our project ID, use it
                 if token_audience and self.project_id:
                     if isinstance(token_audience, list):

descope/descope_client.py

@@ -35,6 +35,18 @@ def __init__(
         auth_management_key: Optional[str] = None,
         fga_cache_url: Optional[str] = None,
     ):
+        # validate project id
+        project_id = project_id or os.getenv("DESCOPE_PROJECT_ID", "")
+        if not project_id:
+            raise AuthException(
+                400,
+                ERROR_TYPE_INVALID_ARGUMENT,
+                (
+                    "Unable to init DescopeClient because project_id cannot be empty. "
+                    "Set environment variable DESCOPE_PROJECT_ID or pass your Project ID to the init function."
+                ),
+            )
+
         # Auth Initialization
         auth_http_client = HTTPClient(
             project_id=project_id,

descope/http_client.py

@@ -21,6 +21,7 @@
 from descope.exceptions import (
     API_RATE_LIMIT_RETRY_AFTER_HEADER,
     ERROR_TYPE_API_RATE_LIMIT,
+    ERROR_TYPE_INVALID_ARGUMENT,
     ERROR_TYPE_SERVER_ERROR,
     AuthException,
     RateLimitException,
@@ -55,8 +56,11 @@ def __init__(
         if not project_id:
             raise AuthException(
                 400,
-                ERROR_TYPE_SERVER_ERROR,
-                "Project ID is required to initialize HTTP client",
+                ERROR_TYPE_INVALID_ARGUMENT,
+                (
+                    "Project ID is required to initialize HTTP client"
+                    "Set environment variable DESCOPE_PROJECT_ID or pass your Project ID to the init function."
+                ),
             )
 
         # Prefer explicitly provided base_url, then env var, then computed default

descope/management/common.py

@@ -1,17 +1,20 @@
 from enum import Enum
 from typing import List, Optional
 
+
 class SessionExpirationUnit(Enum):
     MINUTES = "minutes"
     HOURS = "hours"
     DAYS = "days"
     WEEKS = "weeks"
 
+
 class TenantAuthType(Enum):
     NONE = "none"
     SAML = "saml"
     OIDC = "oidc"
 
+
 class AccessType(Enum):
     OFFLINE = "offline"
     ONLINE = "online"
@@ -303,6 +306,7 @@ def associated_tenants_to_dict(associated_tenants: List[AssociatedTenant]) -> li
             )
     return associated_tenant_list
 
+
 class SAMLIDPAttributeMappingInfo:
     """
     Represents a SAML IDP attribute mapping object. use this class for mapping Descope attribute

descope/management/tenant.py

@@ -1,7 +1,7 @@
 from typing import Any, List, Optional
 
 from descope._http_base import HTTPBase
-from descope.management.common import MgmtV1, TenantAuthType, SessionExpirationUnit
+from descope.management.common import MgmtV1, SessionExpirationUnit, TenantAuthType
 
 
 class Tenant(HTTPBase):
@@ -108,7 +108,7 @@ def update_settings(
         enable_inactivity: Optional[bool] = None,
         inactivity_time: Optional[int] = None,
         inactivity_time_unit: Optional[SessionExpirationUnit] = None,
-        JITDisabled: Optional[bool] = None
+        JITDisabled: Optional[bool] = None,
     ):
         """
         Update an existing tenant's session settings.
@@ -150,14 +150,10 @@ def update_settings(
             "inactivityTimeUnit": inactivity_time_unit,
             "JITDisabled": JITDisabled,
         }
-        
+
         body = {k: v for k, v in body.items() if v is not None}
 
-        self._http.post(
-            MgmtV1.tenant_settings_path,
-            body=body,
-            params=None
-        )
+        self._http.post(MgmtV1.tenant_settings_path, body=body, params=None)
 
     def delete(
         self,
@@ -201,7 +197,7 @@ def load(
             params={"id": id},
         )
         return response.json()
-    
+
     def load_settings(
         self,
         id: str,

tests/management/test_tenant.py

@@ -389,7 +389,13 @@ def test_update_settings(self):
         with patch("requests.post") as mock_post:
             mock_post.return_value.ok = True
             self.assertIsNone(
-                client.mgmt.tenant.update_settings("t1", self_provisioning_domains=["domain1.com"], domains=["domain1.com", "domain2.com"], auth_type="oidc", session_settings_enabled=True)
+                client.mgmt.tenant.update_settings(
+                    "t1",
+                    self_provisioning_domains=["domain1.com"],
+                    domains=["domain1.com", "domain2.com"],
+                    auth_type="oidc",
+                    session_settings_enabled=True,
+                )
             )
             mock_post.assert_called_with(
                 f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_settings_path}",
@@ -403,7 +409,7 @@ def test_update_settings(self):
                     "selfProvisioningDomains": ["domain1.com"],
                     "domains": ["domain1.com", "domain2.com"],
                     "authType": "oidc",
-                    "enabled": True
+                    "enabled": True,
                 },
                 allow_redirects=False,
                 params=None,