From 3d7768e159aea1a31f6e96f4797bf518c8e2d86a Mon Sep 17 00:00:00 2001
From: Warren Parad <gpg@warrenparad.net>
Date: Tue, 5 Nov 2024 10:17:43 +0100
Subject: [PATCH] Prevent usage of set_token when service client access_token
 was set. fix #43

---
 authress/api/invites_api.py |  2 +-
 authress/authress_client.py |  7 ++++++-
 authress/http_client.py     | 13 ++++---------
 docs/EXAMPLES.md            |  7 ++-----
 4 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/authress/api/invites_api.py b/authress/api/invites_api.py
index b0bf77d..84749ed 100644
--- a/authress/api/invites_api.py
+++ b/authress/api/invites_api.py
@@ -590,7 +590,7 @@ def respond_to_invite_with_http_info(self, invite_id : Annotated[constr(strict=T
         _auth_settings = ['oauth2']  # noqa: E501
 
         _response_types_map = {
-            '200': "Account",
+            '200': None,
             '401': None,
             '403': None,
             '404': None,
diff --git a/authress/authress_client.py b/authress/authress_client.py
index ed2f83c..238c33e 100644
--- a/authress/authress_client.py
+++ b/authress/authress_client.py
@@ -26,12 +26,17 @@ class AuthressClient(object):
     def __init__(self, authress_api_url=None, service_client_access_key=None, user_agent=None):
         self._host = authress_api_url if authress_api_url.startswith('http') else f"https://{authress_api_url}"
         self._host = re.sub(r'/+$', '', self._host)
+        self._service_client_access_key = service_client_access_key
         
         self._http_client = HttpClient(host=self._host, access_key=service_client_access_key, user_agent=user_agent)
         self._token_verifier = token_verifier.TokenVerifier(http_client=self._http_client)
 
     def set_token(self, token: str):
-        self._http_client.set_token(token)
+        if self._service_client_access_key is None:
+            self._http_client.set_token(token)
+            return
+        
+        raise Exception("An AuthressClient cannot use set_token, when the client has been instantiated with a service client access key. It must either be used for User tokens or with Service Client Access Keys, but not both.")
 
     def get_client_token(self) -> str:
         """Generates a Service Client Machine JWT to be used for securing machine to machine requests."""
diff --git a/authress/http_client.py b/authress/http_client.py
index 2d74365..9b22a1e 100644
--- a/authress/http_client.py
+++ b/authress/http_client.py
@@ -65,14 +65,6 @@ def __init__(self, host=None, access_key=None, user_agent=None):
     def set_token(self, token):
         self.default_headers['Authorization'] = f'Bearer {token.replace("Bearer", "").strip()}'
 
-    def get_user_from_token(self):
-        token = self.default_headers['Authorization'].replace("Bearer", "").strip()
-        jwtData = jwt.decode(token, options={"verify_signature": False})
-        if 'aud' in jwtData and 'https://api.authress.io' in jwtData['aud']:
-          return f"Authress|{jwtData['sub']}"
-
-        return jwtData['sub']
-
     def __enter__(self):
         return self
 
@@ -762,4 +754,7 @@ def __deserialize_model(self, data, klass):
         return klass.from_dict(data)
 
     def _get_client_token(self) -> str:
-      return self.service_client_token_provider.get_client_token()
\ No newline at end of file
+        if self.service_client_token_provider is None:
+            return None
+
+        return self.service_client_token_provider.get_client_token()
\ No newline at end of file
diff --git a/docs/EXAMPLES.md b/docs/EXAMPLES.md
index 3519bb3..3d89eef 100644
--- a/docs/EXAMPLES.md
+++ b/docs/EXAMPLES.md
@@ -7,10 +7,7 @@ from authress import AuthressClient
 # create an instance of the API class during service initialization
 # Authress custom domain or if there isn't one yet, use the authress account specific url
 authress_api_url = "https://authress.yourdomain.com" # or "https://ACCOUNT_ID.api.authress.io"
-
-# The Service Client Access Key for your service client.
-service_client_access_key = "sc_key_001"
-authress_client = AuthressClient(authress_api_url=authress_api_url , service_client_access_key=service_client_access_key)
+authress_client = AuthressClient(authress_api_url=authress_api_url)
 
 # on api route
 from flask import request
@@ -46,7 +43,7 @@ authress_api_url = "https://authress.yourdomain.com" # or "https://ACCOUNT_ID.ap
 
 # Create a service client in the Authress management portal and past the access token here
 service_client_access_key = 'eyJrZXlJ....'
-authress_client = AuthressClient(authress_api_url=authress_api_url , service_client_access_key=service_client_access_key)
+authress_client = AuthressClient(authress_api_url=authress_api_url, service_client_access_key=service_client_access_key)
 
 # on api route
 from flask import request