cycode 3.7.2.dev1__tar.gz → 3.7.2.dev2__tar.gz

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cycode
-Version: 3.7.2.dev1
+Version: 3.7.2.dev2
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 License-Expression: MIT
 License-File: LICENCE
@@ -144,7 +144,7 @@ To install the Cycode CLI application on your local machine, perform the followi
      ./cycode
      ```
 
-3. Finally authenticate the CLI. There are three methods to set the Cycode client ID and client secret:
+3. Finally authenticate the CLI. There are three methods to set the Cycode client ID and credentials (client secret or OIDC ID token):
 
    - [cycode auth](#using-the-auth-command) (**Recommended**)
    - [cycode configure](#using-the-configure-command)
@@ -207,11 +207,15 @@ To install the Cycode CLI application on your local machine, perform the followi
 
     `Cycode Client ID []: 7fe5346b-xxxx-xxxx-xxxx-55157625c72d`
 
-5. Enter your Cycode Client Secret value.
+5. Enter your Cycode Client Secret value (skip if you plan to use an OIDC ID token).
 
     `Cycode Client Secret []: c1e24929-xxxx-xxxx-xxxx-8b08c1839a2e`
 
-6. If the values were entered successfully, you'll see the following message:
+6. Enter your Cycode OIDC ID Token value (optional).
+
+    `Cycode ID Token []: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...`
+
+7. If the values were entered successfully, you'll see the following message:
 
     `Successfully configured CLI credentials!`
 
@@ -236,6 +240,12 @@ and
 export CYCODE_CLIENT_SECRET={your Cycode Secret Key}
 ```
 
+If your organization uses OIDC authentication, you can provide the ID token instead (or in addition):
+
+```bash
+export CYCODE_ID_TOKEN={your Cycode OIDC ID token}
+```
+
 #### On Windows
 
 1. From the Control Panel, navigate to the System menu:
@@ -250,7 +260,7 @@ export CYCODE_CLIENT_SECRET={your Cycode Secret Key}
 
    <img height="30" src="https://raw.githubusercontent.com/cycodehq/cycode-cli/main/images/image3.png" alt="environments variables button"/>
 
-4. Create `CYCODE_CLIENT_ID` and `CYCODE_CLIENT_SECRET` variables with values matching your ID and Secret Key, respectively:
+4. Create `CYCODE_CLIENT_ID` and `CYCODE_CLIENT_SECRET` variables with values matching your ID and Secret Key, respectively. If you authenticate via OIDC, add `CYCODE_ID_TOKEN` with your OIDC ID token value as well:
 
    <img height="100" src="https://raw.githubusercontent.com/cycodehq/cycode-cli/main/images/image4.png" alt="environment variables window"/>
 
@@ -364,6 +374,7 @@ The following are the options and commands available with the Cycode CLI applica
 | `-o`, `--output [rich\|text\|json\|table]`                        | Specify the output type. The default is `rich`.                                    |
 | `--client-id TEXT`                                                | Specify a Cycode client ID for this specific scan execution.                       |
 | `--client-secret TEXT`                                            | Specify a Cycode client secret for this specific scan execution.                   |
+| `--id-token TEXT`                                                 | Specify a Cycode OIDC ID token for this specific scan execution.                   |
 | `--install-completion`                                            | Install completion for the current shell..                                         |
 | `--show-completion           [bash\|zsh\|fish\|powershell\|pwsh]` | Show completion for the specified shell, to copy it or customize the installation. |
 | `-h`, `--help`                                                    | Show options for given command.                                                    |

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/README.md

@@ -101,7 +101,7 @@ To install the Cycode CLI application on your local machine, perform the followi
      ./cycode
      ```
 
-3. Finally authenticate the CLI. There are three methods to set the Cycode client ID and client secret:
+3. Finally authenticate the CLI. There are three methods to set the Cycode client ID and credentials (client secret or OIDC ID token):
 
    - [cycode auth](#using-the-auth-command) (**Recommended**)
    - [cycode configure](#using-the-configure-command)
@@ -164,11 +164,15 @@ To install the Cycode CLI application on your local machine, perform the followi
 
     `Cycode Client ID []: 7fe5346b-xxxx-xxxx-xxxx-55157625c72d`
 
-5. Enter your Cycode Client Secret value.
+5. Enter your Cycode Client Secret value (skip if you plan to use an OIDC ID token).
 
     `Cycode Client Secret []: c1e24929-xxxx-xxxx-xxxx-8b08c1839a2e`
 
-6. If the values were entered successfully, you'll see the following message:
+6. Enter your Cycode OIDC ID Token value (optional).
+
+    `Cycode ID Token []: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...`
+
+7. If the values were entered successfully, you'll see the following message:
 
     `Successfully configured CLI credentials!`
 
@@ -193,6 +197,12 @@ and
 export CYCODE_CLIENT_SECRET={your Cycode Secret Key}
 ```
 
+If your organization uses OIDC authentication, you can provide the ID token instead (or in addition):
+
+```bash
+export CYCODE_ID_TOKEN={your Cycode OIDC ID token}
+```
+
 #### On Windows
 
 1. From the Control Panel, navigate to the System menu:
@@ -207,7 +217,7 @@ export CYCODE_CLIENT_SECRET={your Cycode Secret Key}
 
    <img height="30" src="https://raw.githubusercontent.com/cycodehq/cycode-cli/main/images/image3.png" alt="environments variables button"/>
 
-4. Create `CYCODE_CLIENT_ID` and `CYCODE_CLIENT_SECRET` variables with values matching your ID and Secret Key, respectively:
+4. Create `CYCODE_CLIENT_ID` and `CYCODE_CLIENT_SECRET` variables with values matching your ID and Secret Key, respectively. If you authenticate via OIDC, add `CYCODE_ID_TOKEN` with your OIDC ID token value as well:
 
    <img height="100" src="https://raw.githubusercontent.com/cycodehq/cycode-cli/main/images/image4.png" alt="environment variables window"/>
 
@@ -321,6 +331,7 @@ The following are the options and commands available with the Cycode CLI applica
 | `-o`, `--output [rich\|text\|json\|table]`                        | Specify the output type. The default is `rich`.                                    |
 | `--client-id TEXT`                                                | Specify a Cycode client ID for this specific scan execution.                       |
 | `--client-secret TEXT`                                            | Specify a Cycode client secret for this specific scan execution.                   |
+| `--id-token TEXT`                                                 | Specify a Cycode OIDC ID token for this specific scan execution.                   |
 | `--install-completion`                                            | Install completion for the current shell..                                         |
 | `--show-completion           [bash\|zsh\|fish\|powershell\|pwsh]` | Show completion for the specified shell, to copy it or customize the installation. |
 | `-h`, `--help`                                                    | Show options for given command.                                                    |

cycode-3.7.2.dev2/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '3.7.2.dev2'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/cycode/cli/app.py

@@ -110,6 +110,13 @@ def app_callback(
             rich_help_panel=_AUTH_RICH_HELP_PANEL,
         ),
     ] = None,
+    id_token: Annotated[
+        Optional[str],
+        typer.Option(
+            help='Specify a Cycode OIDC ID token for this specific scan execution.',
+            rich_help_panel=_AUTH_RICH_HELP_PANEL,
+        ),
+    ] = None,
     _: Annotated[
         Optional[bool],
         typer.Option(
@@ -152,6 +159,7 @@ def app_callback(
 
     ctx.obj['client_id'] = client_id
     ctx.obj['client_secret'] = client_secret
+    ctx.obj['id_token'] = id_token
 
     ctx.obj['progress_bar'] = get_progress_bar(hidden=no_progress_meter, sections=SCAN_PROGRESS_BAR_SECTIONS)
 

cycode-3.7.2.dev2/cycode/cli/apps/auth/auth_common.py

@@ -0,0 +1,69 @@
+from typing import TYPE_CHECKING, Optional
+
+from cycode.cli.apps.auth.models import AuthInfo
+from cycode.cli.exceptions.custom_exceptions import HttpUnauthorizedError, RequestHttpError
+from cycode.cli.user_settings.credentials_manager import CredentialsManager
+from cycode.cli.utils.jwt_utils import get_user_and_tenant_ids_from_access_token
+from cycode.cyclient.cycode_oidc_based_client import CycodeOidcBasedClient
+from cycode.cyclient.cycode_token_based_client import CycodeTokenBasedClient
+
+if TYPE_CHECKING:
+    from typer import Context
+
+
+def get_authorization_info(ctx: 'Context') -> Optional[AuthInfo]:
+    printer = ctx.obj.get('console_printer')
+
+    client_id = ctx.obj.get('client_id')
+    client_secret = ctx.obj.get('client_secret')
+    id_token = ctx.obj.get('id_token')
+
+    credentials_manager = CredentialsManager()
+
+    auth_info = _try_oidc_authorization(ctx, printer, client_id, id_token)
+    if auth_info:
+        return auth_info
+
+    if not client_id or not client_secret:
+        stored_client_id, stored_id_token = credentials_manager.get_oidc_credentials()
+        auth_info = _try_oidc_authorization(ctx, printer, stored_client_id, stored_id_token)
+        if auth_info:
+            return auth_info
+
+        client_id, client_secret = credentials_manager.get_credentials()
+
+    if not client_id or not client_secret:
+        return None
+
+    try:
+        access_token = CycodeTokenBasedClient(client_id, client_secret).get_access_token()
+        if not access_token:
+            return None
+
+        user_id, tenant_id = get_user_and_tenant_ids_from_access_token(access_token)
+        return AuthInfo(user_id=user_id, tenant_id=tenant_id)
+    except (RequestHttpError, HttpUnauthorizedError):
+        if ctx:
+            printer.print_exception()
+
+        return None
+
+
+def _try_oidc_authorization(
+    ctx: 'Context', printer: any, client_id: Optional[str], id_token: Optional[str]
+) -> Optional[AuthInfo]:
+    if not client_id or not id_token:
+        return None
+
+    try:
+        access_token = CycodeOidcBasedClient(client_id, id_token).get_access_token()
+        if not access_token:
+            return None
+
+        user_id, tenant_id = get_user_and_tenant_ids_from_access_token(access_token)
+        return AuthInfo(user_id=user_id, tenant_id=tenant_id)
+    except (RequestHttpError, HttpUnauthorizedError):
+        if ctx:
+            printer.print_exception()
+
+        return None

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/cycode/cli/apps/configure/configure_command.py

@@ -7,6 +7,7 @@ from cycode.cli.apps.configure.prompts import (
     get_app_url_input,
     get_client_id_input,
     get_client_secret_input,
+    get_id_token_input,
 )
 from cycode.cli.console import console
 from cycode.cli.utils.sentry import add_breadcrumb
@@ -32,6 +33,7 @@ def configure_command() -> None:
     * APP URL: The base URL for Cycode's web application (for on-premise or EU installations)
     * Client ID: Your Cycode client ID for authentication
     * Client Secret: Your Cycode client secret for authentication
+    * ID Token: Your Cycode ID token for authentication
 
     Example usage:
     * `cycode configure`: Start interactive configuration
@@ -55,15 +57,22 @@ def configure_command() -> None:
         config_updated = True
 
     current_client_id, current_client_secret = CREDENTIALS_MANAGER.get_credentials_from_file()
+    _, current_id_token = CREDENTIALS_MANAGER.get_oidc_credentials_from_file()
     client_id = get_client_id_input(current_client_id)
     client_secret = get_client_secret_input(current_client_secret)
+    id_token = get_id_token_input(current_id_token)
 
     credentials_updated = False
     if _should_update_value(current_client_id, client_id) or _should_update_value(current_client_secret, client_secret):
         credentials_updated = True
         CREDENTIALS_MANAGER.update_credentials(client_id, client_secret)
 
+    oidc_credentials_updated = False
+    if _should_update_value(current_client_id, client_id) or _should_update_value(current_id_token, id_token):
+        oidc_credentials_updated = True
+        CREDENTIALS_MANAGER.update_oidc_credentials(client_id, id_token)
+
     if config_updated:
         console.print(get_urls_update_result_message())
-    if credentials_updated:
+    if credentials_updated or oidc_credentials_updated:
         console.print(get_credentials_update_result_message())

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/cycode/cli/apps/configure/prompts.py

@@ -46,3 +46,14 @@ def get_api_url_input(current_api_url: Optional[str]) -> str:
         default = current_api_url
 
     return typer.prompt(text=prompt_text, default=default, type=str)
+
+
+def get_id_token_input(current_id_token: Optional[str]) -> Optional[str]:
+    prompt_text = 'Cycode ID Token'
+
+    prompt_suffix = ' []: '
+    if current_id_token:
+        prompt_suffix = f' [{obfuscate_text(current_id_token)}]: '
+
+    new_id_token = typer.prompt(text=prompt_text, prompt_suffix=prompt_suffix, default='', show_default=False)
+    return new_id_token or current_id_token

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/cycode/cli/config.py

@@ -5,3 +5,4 @@ configuration_manager = ConfigurationManager()
 # env vars
 CYCODE_CLIENT_ID_ENV_VAR_NAME = 'CYCODE_CLIENT_ID'
 CYCODE_CLIENT_SECRET_ENV_VAR_NAME = 'CYCODE_CLIENT_SECRET'
+CYCODE_ID_TOKEN_ENV_VAR_NAME = 'CYCODE_ID_TOKEN'

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/cycode/cli/user_settings/credentials_manager.py

@@ -2,7 +2,11 @@ import os
 from pathlib import Path
 from typing import Optional
 
-from cycode.cli.config import CYCODE_CLIENT_ID_ENV_VAR_NAME, CYCODE_CLIENT_SECRET_ENV_VAR_NAME
+from cycode.cli.config import (
+    CYCODE_CLIENT_ID_ENV_VAR_NAME,
+    CYCODE_CLIENT_SECRET_ENV_VAR_NAME,
+    CYCODE_ID_TOKEN_ENV_VAR_NAME,
+)
 from cycode.cli.user_settings.base_file_manager import BaseFileManager
 from cycode.cli.user_settings.jwt_creator import JwtCreator
 from cycode.cli.utils.sentry import setup_scope_from_access_token
@@ -15,6 +19,7 @@ class CredentialsManager(BaseFileManager):
 
     CLIENT_ID_FIELD_NAME: str = 'cycode_client_id'
     CLIENT_SECRET_FIELD_NAME: str = 'cycode_client_secret'
+    ID_TOKEN_FIELD_NAME: str = 'cycode_id_token'
     ACCESS_TOKEN_FIELD_NAME: str = 'cycode_access_token'
     ACCESS_TOKEN_EXPIRES_IN_FIELD_NAME: str = 'cycode_access_token_expires_in'
     ACCESS_TOKEN_CREATOR_FIELD_NAME: str = 'cycode_access_token_creator'
@@ -38,6 +43,25 @@ class CredentialsManager(BaseFileManager):
         client_secret = file_content.get(self.CLIENT_SECRET_FIELD_NAME)
         return client_id, client_secret
 
+    def get_oidc_credentials_from_file(self) -> tuple[Optional[str], Optional[str]]:
+        file_content = self.read_file()
+        client_id = file_content.get(self.CLIENT_ID_FIELD_NAME)
+        id_token = file_content.get(self.ID_TOKEN_FIELD_NAME)
+        return client_id, id_token
+
+    def get_oidc_credentials(self) -> tuple[Optional[str], Optional[str]]:
+        client_id = os.getenv(CYCODE_CLIENT_ID_ENV_VAR_NAME)
+        id_token = os.getenv(CYCODE_ID_TOKEN_ENV_VAR_NAME)
+
+        if client_id is not None and id_token is not None:
+            return client_id, id_token
+
+        return self.get_oidc_credentials_from_file()
+
+    def update_oidc_credentials(self, client_id: str, id_token: str) -> None:
+        file_content_to_update = {self.CLIENT_ID_FIELD_NAME: client_id, self.ID_TOKEN_FIELD_NAME: id_token}
+        self.write_content_to_file(file_content_to_update)
+
     def update_credentials(self, client_id: str, client_secret: str) -> None:
         file_content_to_update = {self.CLIENT_ID_FIELD_NAME: client_id, self.CLIENT_SECRET_FIELD_NAME: client_secret}
         self.write_content_to_file(file_content_to_update)

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/cycode/cli/utils/get_api_client.py

@@ -14,8 +14,22 @@ if TYPE_CHECKING:
 
 
 def _get_cycode_client(
-    create_client_func: callable, client_id: Optional[str], client_secret: Optional[str], hide_response_log: bool
+    create_client_func: callable,
+    client_id: Optional[str],
+    client_secret: Optional[str],
+    hide_response_log: bool,
+    id_token: Optional[str] = None,
 ) -> Union['ScanClient', 'ReportClient']:
+    if client_id and id_token:
+        return create_client_func(client_id, None, hide_response_log, id_token)
+
+    if not client_id or not id_token:
+        oidc_client_id, oidc_id_token = _get_configured_oidc_credentials()
+        if oidc_client_id and oidc_id_token:
+            return create_client_func(oidc_client_id, None, hide_response_log, oidc_id_token)
+        if oidc_id_token and not oidc_client_id:
+            raise click.ClickException('Cycode client id needed for OIDC authentication.')
+
     if not client_id or not client_secret:
         client_id, client_secret = _get_configured_credentials()
         if not client_id:
@@ -23,28 +37,36 @@ def _get_cycode_client(
         if not client_secret:
             raise click.ClickException('Cycode client secret is needed.')
 
-    return create_client_func(client_id, client_secret, hide_response_log)
+    return create_client_func(client_id, client_secret, hide_response_log, None)
 
 
 def get_scan_cycode_client(ctx: 'typer.Context') -> 'ScanClient':
     client_id = ctx.obj.get('client_id')
     client_secret = ctx.obj.get('client_secret')
+    id_token = ctx.obj.get('id_token')
     hide_response_log = not ctx.obj.get('show_secret', False)
-    return _get_cycode_client(create_scan_client, client_id, client_secret, hide_response_log)
+    return _get_cycode_client(create_scan_client, client_id, client_secret, hide_response_log, id_token)
 
 
 def get_report_cycode_client(ctx: 'typer.Context', hide_response_log: bool = True) -> 'ReportClient':
     client_id = ctx.obj.get('client_id')
     client_secret = ctx.obj.get('client_secret')
-    return _get_cycode_client(create_report_client, client_id, client_secret, hide_response_log)
+    id_token = ctx.obj.get('id_token')
+    return _get_cycode_client(create_report_client, client_id, client_secret, hide_response_log, id_token)
 
 
 def get_import_sbom_cycode_client(ctx: 'typer.Context', hide_response_log: bool = True) -> 'ImportSbomClient':
     client_id = ctx.obj.get('client_id')
     client_secret = ctx.obj.get('client_secret')
-    return _get_cycode_client(create_import_sbom_client, client_id, client_secret, hide_response_log)
+    id_token = ctx.obj.get('id_token')
+    return _get_cycode_client(create_import_sbom_client, client_id, client_secret, hide_response_log, id_token)
 
 
 def _get_configured_credentials() -> tuple[str, str]:
     credentials_manager = CredentialsManager()
     return credentials_manager.get_credentials()
+
+
+def _get_configured_oidc_credentials() -> tuple[Optional[str], Optional[str]]:
+    credentials_manager = CredentialsManager()
+    return credentials_manager.get_oidc_credentials()

cycode-3.7.2.dev1/cycode/cyclient/cycode_token_based_client.py → cycode-3.7.2.dev2/cycode/cyclient/base_token_auth_client.py

@@ -1,5 +1,6 @@
+from abc import ABC, abstractmethod
 from threading import Lock
-from typing import Optional
+from typing import Any, Optional
 
 import arrow
 from requests import Response
@@ -15,12 +16,11 @@ _NGINX_PLAIN_ERRORS = [
 ]
 
 
-class CycodeTokenBasedClient(CycodeClient):
-    """Send requests with JWT."""
+class BaseTokenAuthClient(CycodeClient, ABC):
+    """Base client for token-based authentication flows with cached JWTs."""
 
-    def __init__(self, client_id: str, client_secret: str) -> None:
+    def __init__(self, client_id: str) -> None:
         super().__init__()
-        self.client_secret = client_secret
         self.client_id = client_id
 
         self._credentials_manager = CredentialsManager()
@@ -28,7 +28,8 @@ class CycodeTokenBasedClient(CycodeClient):
         access_token, expires_in, creator = self._credentials_manager.get_access_token()
 
         self._access_token = self._expires_in = None
-        if creator == JwtCreator.create(client_id, client_secret):
+        expected_creator = self._create_jwt_creator()
+        if creator == expected_creator:
             # we must be sure that cached access token is created using the same client id and client secret.
             # because client id and client secret could be passed via command, via env vars or via config file.
             # we must not use cached access token if client id or client secret was changed.
@@ -54,18 +55,12 @@ class CycodeTokenBasedClient(CycodeClient):
             self.refresh_access_token()
 
     def refresh_access_token(self) -> None:
-        auth_response = self.post(
-            url_path='api/v1/auth/api-token',
-            body={'clientId': self.client_id, 'secret': self.client_secret},
-            without_auth=True,
-            hide_response_content_log=True,
-        )
-        auth_response_data = auth_response.json()
-
-        self._access_token = auth_response_data['token']
-        self._expires_in = arrow.utcnow().shift(seconds=auth_response_data['expires_in'] * 0.8)
-
-        jwt_creator = JwtCreator.create(self.client_id, self.client_secret)
+        auth_response = self._request_new_access_token()
+        self._access_token = auth_response['token']
+
+        self._expires_in = arrow.utcnow().shift(seconds=auth_response['expires_in'] * 0.8)
+
+        jwt_creator = self._create_jwt_creator()
         self._credentials_manager.update_access_token(self._access_token, self._expires_in.timestamp(), jwt_creator)
 
     def get_request_headers(self, additional_headers: Optional[dict] = None, without_auth: bool = False) -> dict:
@@ -95,3 +90,11 @@ class CycodeTokenBasedClient(CycodeClient):
             response = super()._execute(*args, **kwargs)
 
         return response
+
+    @abstractmethod
+    def _create_jwt_creator(self) -> JwtCreator:
+        """Create a JwtCreator instance for the current credential type."""
+
+    @abstractmethod
+    def _request_new_access_token(self) -> dict[str, Any]:
+        """Return the authentication payload with token and expires_in."""

cycode-3.7.2.dev2/cycode/cyclient/client_creator.py

@@ -0,0 +1,51 @@
+from typing import Optional
+
+from cycode.cyclient.config import dev_mode
+from cycode.cyclient.config_dev import DEV_CYCODE_API_URL
+from cycode.cyclient.cycode_dev_based_client import CycodeDevBasedClient
+from cycode.cyclient.cycode_oidc_based_client import CycodeOidcBasedClient
+from cycode.cyclient.cycode_token_based_client import CycodeTokenBasedClient
+from cycode.cyclient.import_sbom_client import ImportSbomClient
+from cycode.cyclient.report_client import ReportClient
+from cycode.cyclient.scan_client import ScanClient
+from cycode.cyclient.scan_config_base import DefaultScanConfig, DevScanConfig
+
+
+def create_scan_client(
+    client_id: str, client_secret: Optional[str] = None, hide_response_log: bool = False, id_token: Optional[str] = None
+) -> ScanClient:
+    if dev_mode:
+        client = CycodeDevBasedClient(DEV_CYCODE_API_URL)
+        scan_config = DevScanConfig()
+    else:
+        if id_token:
+            client = CycodeOidcBasedClient(client_id, id_token)
+        else:
+            client = CycodeTokenBasedClient(client_id, client_secret)
+        scan_config = DefaultScanConfig()
+
+    return ScanClient(client, scan_config, hide_response_log)
+
+
+def create_report_client(
+    client_id: str, client_secret: Optional[str] = None, _: bool = False, id_token: Optional[str] = None
+) -> ReportClient:
+    if dev_mode:
+        client = CycodeDevBasedClient(DEV_CYCODE_API_URL)
+    elif id_token:
+        client = CycodeOidcBasedClient(client_id, id_token)
+    else:
+        client = CycodeTokenBasedClient(client_id, client_secret)
+    return ReportClient(client)
+
+
+def create_import_sbom_client(
+    client_id: str, client_secret: Optional[str] = None, _: bool = False, id_token: Optional[str] = None
+) -> ImportSbomClient:
+    if dev_mode:
+        client = CycodeDevBasedClient(DEV_CYCODE_API_URL)
+    elif id_token:
+        client = CycodeOidcBasedClient(client_id, id_token)
+    else:
+        client = CycodeTokenBasedClient(client_id, client_secret)
+    return ImportSbomClient(client)

cycode-3.7.2.dev2/cycode/cyclient/cycode_oidc_based_client.py

@@ -0,0 +1,24 @@
+from typing import Any
+
+from cycode.cli.user_settings.jwt_creator import JwtCreator
+from cycode.cyclient.base_token_auth_client import BaseTokenAuthClient
+
+
+class CycodeOidcBasedClient(BaseTokenAuthClient):
+    """Send requests with JWT obtained via OIDC ID token."""
+
+    def __init__(self, client_id: str, id_token: str) -> None:
+        self.id_token = id_token
+        super().__init__(client_id)
+
+    def _request_new_access_token(self) -> dict[str, Any]:
+        auth_response = self.post(
+            url_path='api/v1/auth/oidc/api-token',
+            body={'client_id': self.client_id, 'id_token': self.id_token},
+            without_auth=True,
+            hide_response_content_log=True,
+        )
+        return auth_response.json()
+
+    def _create_jwt_creator(self) -> JwtCreator:
+        return JwtCreator.create(self.client_id, self.id_token)

cycode-3.7.2.dev2/cycode/cyclient/cycode_token_based_client.py

@@ -0,0 +1,24 @@
+from typing import Any
+
+from cycode.cli.user_settings.jwt_creator import JwtCreator
+from cycode.cyclient.base_token_auth_client import BaseTokenAuthClient
+
+
+class CycodeTokenBasedClient(BaseTokenAuthClient):
+    """Send requests with JWT."""
+
+    def __init__(self, client_id: str, client_secret: str) -> None:
+        self.client_secret = client_secret
+        super().__init__(client_id)
+
+    def _request_new_access_token(self) -> dict[str, Any]:
+        auth_response = self.post(
+            url_path='api/v1/auth/api-token',
+            body={'clientId': self.client_id, 'secret': self.client_secret},
+            without_auth=True,
+            hide_response_content_log=True,
+        )
+        return auth_response.json()
+
+    def _create_jwt_creator(self) -> JwtCreator:
+        return JwtCreator.create(self.client_id, self.client_secret)

{cycode-3.7.2.dev1 → cycode-3.7.2.dev2}/pyproject.toml

@@ -21,7 +21,7 @@ classifiers = [
     "Programming Language :: Python :: 3.14",
 ]
 dynamic = ["dependencies"]
-version = "3.7.2.dev1"
+version = "3.7.2.dev2"
 
 [project.scripts]
 cycode = "cycode.cli.app:app"

cycode-3.7.2.dev1/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '3.7.2.dev1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

cycode-3.7.2.dev1/cycode/cli/apps/auth/auth_common.py

@@ -1,34 +0,0 @@
-from typing import TYPE_CHECKING, Optional
-
-from cycode.cli.apps.auth.models import AuthInfo
-from cycode.cli.exceptions.custom_exceptions import HttpUnauthorizedError, RequestHttpError
-from cycode.cli.user_settings.credentials_manager import CredentialsManager
-from cycode.cli.utils.jwt_utils import get_user_and_tenant_ids_from_access_token
-from cycode.cyclient.cycode_token_based_client import CycodeTokenBasedClient
-
-if TYPE_CHECKING:
-    from typer import Context
-
-
-def get_authorization_info(ctx: 'Context') -> Optional[AuthInfo]:
-    printer = ctx.obj.get('console_printer')
-
-    client_id, client_secret = ctx.obj.get('client_id'), ctx.obj.get('client_secret')
-    if not client_id or not client_secret:
-        client_id, client_secret = CredentialsManager().get_credentials()
-
-    if not client_id or not client_secret:
-        return None
-
-    try:
-        access_token = CycodeTokenBasedClient(client_id, client_secret).get_access_token()
-        if not access_token:
-            return None
-
-        user_id, tenant_id = get_user_and_tenant_ids_from_access_token(access_token)
-        return AuthInfo(user_id=user_id, tenant_id=tenant_id)
-    except (RequestHttpError, HttpUnauthorizedError):
-        if ctx:
-            printer.print_exception()
-
-        return None

cycode-3.7.2.dev1/cycode/cyclient/client_creator.py

@@ -1,29 +0,0 @@
-from cycode.cyclient.config import dev_mode
-from cycode.cyclient.config_dev import DEV_CYCODE_API_URL
-from cycode.cyclient.cycode_dev_based_client import CycodeDevBasedClient
-from cycode.cyclient.cycode_token_based_client import CycodeTokenBasedClient
-from cycode.cyclient.import_sbom_client import ImportSbomClient
-from cycode.cyclient.report_client import ReportClient
-from cycode.cyclient.scan_client import ScanClient
-from cycode.cyclient.scan_config_base import DefaultScanConfig, DevScanConfig
-
-
-def create_scan_client(client_id: str, client_secret: str, hide_response_log: bool) -> ScanClient:
-    if dev_mode:
-        client = CycodeDevBasedClient(DEV_CYCODE_API_URL)
-        scan_config = DevScanConfig()
-    else:
-        client = CycodeTokenBasedClient(client_id, client_secret)
-        scan_config = DefaultScanConfig()
-
-    return ScanClient(client, scan_config, hide_response_log)
-
-
-def create_report_client(client_id: str, client_secret: str, _: bool) -> ReportClient:
-    client = CycodeDevBasedClient(DEV_CYCODE_API_URL) if dev_mode else CycodeTokenBasedClient(client_id, client_secret)
-    return ReportClient(client)
-
-
-def create_import_sbom_client(client_id: str, client_secret: str, _: bool) -> ImportSbomClient:
-    client = CycodeDevBasedClient(DEV_CYCODE_API_URL) if dev_mode else CycodeTokenBasedClient(client_id, client_secret)
-    return ImportSbomClient(client)