handle opt args better, fix linting

paalvibeknowit · paalvibeknowit · commit db94c1257dcd · 2025-05-22T11:53:12.000+02:00
diff --git a/python/delta_sharing/_internal_auth.py b/python/delta_sharing/_internal_auth.py
@@ -198,8 +198,8 @@ def __init__(
         self.key_id = key_id
         self.private_key = private_key
         self.issuer = issuer
-        self.resource = resource
         self.scope = scope
+        self.resource = resource
         if algorithm is None:
             algorithm = "RS256"
         self.algorithm = algorithm
@@ -210,12 +210,14 @@ def client_credentials(self) -> OAuthClientCredentials:
         jwt_claims = {
             "aud": self.issuer,
             "iss": self.client_id,
-            "scope": self.scope,
-            "resource": self.resource,  # In OAuth 2 spec audience is called resource
             "iat": timestamp,
             "exp": timestamp + 120,
             "jti": str(uuid.uuid4()),
         }
+        if self.scope:
+            jwt_claims["scope"] = self.scope
+        if self.resource:
+            jwt_claims["resource"] = self.resource  # In OAuth 2 spec audience is called resource
         signed_jwt = self._signed_jwt(jwt_header, jwt_claims)
         body = {
             "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
diff --git a/python/delta_sharing/tests/test_oauth_client.py b/python/delta_sharing/tests/test_oauth_client.py
@@ -111,7 +111,10 @@ def test_oauth_client_should_handle_401_unauthorized_response(mock_server):
             "pk-test-access-token",
         ),
         (
-            '{"access_token": "pk-test-access-token", "expires_in": "3600", "token_type": "bearer"}',
+            (
+                '{"access_token": "pk-test-access-token", "expires_in": "3600", '
+                '"token_type": "bearer"}'
+            ),
             3600,
             "pk-test-access-token",
         ),
@@ -152,8 +155,6 @@ def test_private_key_oauth_client_should_parse_token_response_correctly(
         assert claims_arg.get("scope") == "scope"
 
 
-# @mock.patch("_internal_auth.PrivateKeyOAuthClient._signed_jwt", return_value="signed-jwt-dummy-val")
-# @mock.patch("PrivateKeyOAuthClient._signed_jwt", return_value="signed-jwt-dummy-val")
 def test_private_key_oauth_client_should_handle_401_unauthorized_response(mock_server):
 
     with patch.object(PrivateKeyOAuthClient, "_signed_jwt") as _signed_jwt_mock:
