feat: get current tenant (#1040)

## Related Issues

Fixes descope/etc#4901

## Description

add `getCurrentTenant` utility

packages/sdks/angular-sdk/README.md

@@ -398,6 +398,7 @@ You can also use the following helper methods on `DescopeAuthService` to assist
 - `isRefreshTokenExpired(token = getRefreshToken())` - Check whether the current refresh token is expired. Provide a refresh token if is not persisted.
 - `getJwtRoles(token = getSessionToken(), tenant = '')` - Get current roles from an existing session token. Provide tenant id for specific tenant roles.
 - `getJwtPermissions(token = getSessionToken(), tenant = '')` - Fet current permissions from an existing session token. Provide tenant id for specific tenant permissions.
+- `getCurrentTenant(token = getSessionToken())` - Get current tenant id from an existing session token (from the `dct` claim).
 
 ### Refresh token lifecycle
 

packages/sdks/core-js-sdk/src/sdk/helpers/index.ts

@@ -108,3 +108,7 @@ export async function transformResponse<
 
   return ret;
 }
+
+export function getCurrentTenant(token: string): string {
+  return parseJwt(token)?.[DESCOPE_CURRENT_TENANT_CLAIM] || '';
+}

packages/sdks/core-js-sdk/src/sdk/index.ts

@@ -7,6 +7,7 @@ import {
   getTenants,
   getJwtPermissions,
   getJwtRoles,
+  getCurrentTenant,
   isJwtExpired,
   transformResponse,
 } from './helpers';
@@ -161,5 +162,16 @@ export default (httpClient: HttpClient) => ({
    * @returns The list of roles specified in the given JWT
    */
   getJwtRoles: withJwtValidations(getJwtRoles),
+  /**
+   * Returns Descope current tenant from the given JWT but DOES NOT check for signature
+   * @param token A valid token
+   * @returns The current tenant from the given JWT
+   */
+  getCurrentTenant: withJwtValidations(getCurrentTenant),
+  /**
+   * Parses the given JWT token but DOES NOT check for signature
+   * @param token A valid token
+   * @returns The parsed JWT token
+   */
   httpClient,
 });

packages/sdks/core-js-sdk/test/sdk/sdk.test.ts

@@ -163,6 +163,22 @@ describe('sdk', () => {
     });
   });
 
+  describe('getCurrentTenant', () => {
+    it('should throw an error when token is not a string', () => {
+      expect(sdk.getCurrentTenant).toThrow('"token" must be a string');
+    });
+    it('should return the current tenant', () => {
+      (jwtDecode as jest.Mock).mockImplementation(() => ({
+        dct: 'current-tenant',
+      }));
+      expect(sdk.getCurrentTenant('jwt')).toBe('current-tenant');
+    });
+    it('should gracefully handle jwt decoding error', () => {
+      (jwtDecode as jest.Mock).mockImplementation(() => new Error('error'));
+      expect(sdk.getCurrentTenant('jwt')).toBeFalsy();
+    });
+  });
+
   describe('logout', () => {
     it('should throw an error when token is not a string', () => {
       expect(() => sdk.logout({ a: 'b' })).toThrow(

packages/sdks/nextjs-sdk/src/client/index.ts

@@ -12,5 +12,6 @@ export {
 	isRefreshTokenExpired,
 	getJwtPermissions,
 	getJwtRoles,
+	getCurrentTenant,
 	refresh
 } from '@descope/react-sdk';

packages/sdks/nextjs-sdk/test/index.test.ts

@@ -12,6 +12,7 @@ describe('index', () => {
 		expect(clientIndex).toHaveProperty('getRefreshToken');
 		expect(clientIndex).toHaveProperty('isSessionTokenExpired');
 		expect(clientIndex).toHaveProperty('isRefreshTokenExpired');
+		expect(clientIndex).toHaveProperty('getCurrentTenant');
 		expect(clientIndex).toHaveProperty('getJwtPermissions');
 		expect(clientIndex).toHaveProperty('getJwtRoles');
 		expect(clientIndex).toHaveProperty('refresh');

packages/sdks/react-sdk/README.md

@@ -394,6 +394,7 @@ You can also use the following functions to assist with various actions managing
 `isRefreshTokenExpired(token = getRefreshToken())` - Check whether the current refresh token is expired. Provide a refresh token if is not persisted (see [token persistence](#token-persistence)).
 `getJwtRoles(token = getSessionToken(), tenant = '')` - Get current roles from an existing session token. Provide tenant id for specific tenant roles.
 `getJwtPermissions(token = getSessionToken(), tenant = '')` - Fet current permissions from an existing session token. Provide tenant id for specific tenant permissions.
+`getCurrentTenant(token = getSessionToken())` - Get current tenant id from an existing session token (from the `dct` claim).
 
 ### Refresh token lifecycle
 

packages/sdks/react-sdk/src/flows.ts

@@ -17,6 +17,7 @@ export {
   getSessionToken,
   isSessionTokenExpired,
   isRefreshTokenExpired,
+  getCurrentTenant,
 } from './sdk';
 
 // Export ref to baseHeaders so it can be overridden

packages/sdks/react-sdk/src/sdk.ts

@@ -74,6 +74,10 @@ export const getJwtRoles = wrapInTry(
     globalSdk?.getJwtRoles(token, tenant),
 );
 
+export const getCurrentTenant = wrapInTry(
+  (token = getSessionToken()) => globalSdk?.getCurrentTenant(token),
+);
+
 export const refresh = (token = getRefreshToken()) => globalSdk?.refresh(token);
 
 export const getGlobalSdk = () => globalSdk;

packages/sdks/react-sdk/test/utilityFunctions.test.ts

@@ -6,6 +6,7 @@ import createSdk, {
   getSessionToken,
   isSessionTokenExpired,
   isRefreshTokenExpired,
+  getCurrentTenant,
 } from '../src/sdk';
 
 jest.mock('@descope/web-js-sdk', () => () => ({
@@ -14,6 +15,7 @@ jest.mock('@descope/web-js-sdk', () => () => ({
   isJwtExpired: jest.fn(),
   getJwtPermissions: jest.fn(),
   getJwtRoles: jest.fn(),
+  getCurrentTenant: jest.fn(),
   refresh: jest.fn(),
 }));
 
@@ -115,12 +117,19 @@ describe('utility functions', () => {
     expect(sdk.getJwtRoles).toHaveBeenCalledWith('session', undefined);
   });
 
-  it('should call getJwtRoles with the session token when not provided', () => {
+  it('should log error when calling getJwtRoles when the function throws error', () => {
     jest.spyOn(console, 'error').mockImplementation(() => {});
     jest.spyOn(sdk, 'getJwtRoles').mockImplementation(() => {
       throw new Error('session token');
     });
     getJwtRoles();
     expect(console.error).toHaveBeenCalled(); // eslint-disable-line no-console
   });
+
+  it('should call getCurrentTenant with the session token when not provided', () => {
+    (sdk.getSessionToken as jest.Mock).mockReturnValueOnce('session-token');
+    jest.spyOn(sdk, 'getCurrentTenant').mockReturnValueOnce('t-1');
+    expect(getCurrentTenant()).toBe('t-1');
+    expect(sdk.getCurrentTenant).toHaveBeenCalledWith('session-token');
+  });
 });

packages/sdks/vue-sdk/README.md

@@ -254,6 +254,7 @@ You can also use the following functions to assist with various actions managing
 `isRefreshTokenExpired(token = getRefreshToken())` - Check whether the current refresh token is expired. Provide a refresh token if is not persisted.
 `getJwtRoles(token = getSessionToken(), tenant = '')` - Get current roles from an existing session token. Provide tenant id for specific tenant roles.
 `getJwtPermissions(token = getSessionToken(), tenant = '')` - Fet current permissions from an existing session token. Provide tenant id for specific tenant permissions.
+`getCurrentTenant(token = getSessionToken())` - Get current tenant id from an existing session token (from the `dct` claim).
 
 ### Refresh token lifecycle
 

packages/sdks/vue-sdk/src/index.ts

@@ -14,4 +14,5 @@ export {
   getSessionToken,
   isSessionTokenExpired,
   isRefreshTokenExpired,
+  getCurrentTenant,
 } from './sdk';

packages/sdks/vue-sdk/src/sdk.ts

@@ -66,6 +66,10 @@ export const getJwtRoles = wrapInTry(
     globalSdk?.getJwtRoles(token, tenant),
 );
 
+export const getCurrentTenant = wrapInTry(
+  (token = getSessionToken()) => globalSdk?.getCurrentTenant(token),
+);
+
 export const refresh = (token = getRefreshToken()) => globalSdk?.refresh(token);
 
 export const getGlobalSdk = () => globalSdk;

packages/sdks/vue-sdk/tests/utilityFunctions.test.ts

@@ -6,6 +6,7 @@ import createSdk, {
   getSessionToken,
   isSessionTokenExpired,
   isRefreshTokenExpired,
+  getCurrentTenant,
 } from '../src/sdk';
 
 jest.mock('@descope/web-js-sdk', () => () => ({
@@ -14,6 +15,7 @@ jest.mock('@descope/web-js-sdk', () => () => ({
   isJwtExpired: jest.fn(),
   getJwtPermissions: jest.fn(),
   getJwtRoles: jest.fn(),
+  getCurrentTenant: jest.fn(),
   refresh: jest.fn(),
 }));
 
@@ -115,12 +117,19 @@ describe('utility functions', () => {
     expect(sdk.getJwtRoles).toHaveBeenCalledWith('session', undefined);
   });
 
-  it('should call getJwtRoles with the session token when not provided', () => {
+  it('should log error when calling getJwtRoles when the function throws error', () => {
     jest.spyOn(console, 'error').mockImplementation(() => {}); // eslint-disable-line @typescript-eslint/no-empty-function
     jest.spyOn(sdk, 'getJwtRoles').mockImplementation(() => {
       throw new Error('session token');
     });
     getJwtRoles();
     expect(console.error).toHaveBeenCalled(); // eslint-disable-line no-console
   });
+
+  it('should call getCurrentTenant with the session token when not provided', () => {
+    (sdk.getSessionToken as jest.Mock).mockReturnValueOnce('session-token');
+    jest.spyOn(sdk, 'getCurrentTenant').mockReturnValueOnce('t-1');
+    expect(getCurrentTenant()).toBe('t-1');
+    expect(sdk.getCurrentTenant).toHaveBeenCalledWith('session-token');
+  });
 });