Added support for additional Auth API:

* AuthClient has support for projects, policies, clients, scopes
  and user credentials
* NativeAppAuthClient has support for creating native app instances
* ConfidentialAppAuthClient has support for creating child clients

src/globus_sdk/_testing/data/auth/create_child_client.py

@@ -0,0 +1,110 @@
+import typing as t
+import uuid
+
+from responses.matchers import json_params_matcher
+
+from globus_sdk._testing.models import RegisteredResponse, ResponseSet
+
+_COMMON_RESPONSE_RECORD = {
+    "fqdns": [],
+    "links": {"privacy_policy": None, "terms_and_conditions": None},
+    "parent_client": None,
+    "preselect_idp": None,
+    "prompt_for_named_grant": True,
+    "redirect_uris": [],
+    "required_idp": None,
+    "scopes": [],
+    "userinfo_from_effective_identity": True,
+}
+
+PUBLIC_CLIENT_RESPONSE_RECORD = {
+    "client_type": "public_installed_client",
+    "grant_types": ["authorization_code", "refresh_token"],
+    **_COMMON_RESPONSE_RECORD,
+}
+
+PRIVATE_CLIENT_RESPONSE_RECORD = {
+    "client_type": "hybrid_confidential_client_resource_server",
+    "grant_types": [
+        "authorization_code",
+        "client_credentials",
+        "refresh_token",
+        "urn:globus:auth:grant_type:dependent_token",
+    ],
+    **_COMMON_RESPONSE_RECORD,
+}
+
+PUBLIC_CLIENT_REQUEST_ARGS = {
+    "name": "FOO",
+    "public_client": True,
+    "publicly_visible": True,
+}
+
+PUBLIC_CLIENT_REQUEST_BODY = {
+    "name": PUBLIC_CLIENT_REQUEST_ARGS["name"],
+    "public_client": PUBLIC_CLIENT_REQUEST_ARGS["public_client"],
+    "visibility": "public"
+    if PUBLIC_CLIENT_REQUEST_ARGS["publicly_visible"]
+    else "private",
+}
+
+
+def register_response(
+    args: t.Mapping[str, t.Any],
+) -> RegisteredResponse:
+    # Some name of args to create_client() have differenlty named fields.
+    body_fields: t.Dict[str, t.Any] = {}
+    for arg_name in args:
+        if arg_name == "publicly_visible":
+            body_fields["visibility"] = "public" if args[arg_name] else "private"
+        elif arg_name == "terms_and_conditions" or arg_name == "privacy_policy":
+            body_fields["links"] = {
+                arg_name: args[arg_name],
+                **body_fields.get("links", {}),
+            }
+        else:
+            body_fields[arg_name] = args[arg_name]
+
+    # Default to a public client response unless arg says otherwise
+    client_response_record = (
+        PUBLIC_CLIENT_RESPONSE_RECORD
+        if {**PUBLIC_CLIENT_REQUEST_ARGS, **args}["public_client"] is True
+        else PRIVATE_CLIENT_RESPONSE_RECORD
+    )
+
+    return RegisteredResponse(
+        service="auth",
+        method="POST",
+        path="/v2/api/clients",
+        json={"client": {**client_response_record, **body_fields}},
+        metadata={
+            # Test functions use 'args' to form request
+            "args": {**PUBLIC_CLIENT_REQUEST_ARGS, **args},
+            # Test functions use 'response' to verify response
+            "response": body_fields,
+        },
+        match=[
+            json_params_matcher(
+                {"client": {**PUBLIC_CLIENT_REQUEST_BODY, **body_fields}}
+            )
+        ],
+    )
+
+
+RESPONSES = ResponseSet(
+    default=register_response({}),
+    name=register_response({"name": str(uuid.uuid4()).replace("-", "")}),
+    public_client=register_response({"public_client": True}),
+    private_client=register_response({"public_client": False}),
+    publicly_visible=register_response({"publicly_visible": True}),
+    not_publicly_visible=register_response({"publicly_visible": False}),
+    redirect_uris=register_response({"redirect_uris": ["https://foo.com"]}),
+    links=register_response(
+        {
+            "terms_and_conditions": "https://foo.org",
+            "privacy_policy": "https://boo.org",
+        }
+    ),
+    required_idp=register_response({"required_idp": str(uuid.uuid1())}),
+    preselect_idp=register_response({"preselect_idp": str(uuid.uuid1())}),
+)

src/globus_sdk/_testing/data/auth/create_client.py

@@ -0,0 +1,115 @@
+import typing as t
+import uuid
+
+from responses.matchers import json_params_matcher
+
+from globus_sdk._testing.models import RegisteredResponse, ResponseSet
+
+_COMMON_RESPONSE_RECORD = {
+    "fqdns": [],
+    "links": {"privacy_policy": None, "terms_and_conditions": None},
+    "parent_client": None,
+    "preselect_idp": None,
+    "prompt_for_named_grant": True,
+    "redirect_uris": [],
+    "required_idp": None,
+    "scopes": [],
+    "userinfo_from_effective_identity": True,
+}
+
+PUBLIC_CLIENT_RESPONSE_RECORD = {
+    "client_type": "public_installed_client",
+    "grant_types": ["authorization_code", "refresh_token"],
+    **_COMMON_RESPONSE_RECORD,
+}
+
+PRIVATE_CLIENT_RESPONSE_RECORD = {
+    "client_type": "hybrid_confidential_client_resource_server",
+    "grant_types": [
+        "authorization_code",
+        "client_credentials",
+        "refresh_token",
+        "urn:globus:auth:grant_type:dependent_token",
+    ],
+    **_COMMON_RESPONSE_RECORD,
+}
+
+PUBLIC_CLIENT_REQUEST_ARGS = {
+    "name": "FOO",
+    "public_client": True,
+    "project_id": str(uuid.uuid1()),
+    "publicly_visible": True,
+}
+
+PUBLIC_CLIENT_REQUEST_BODY = {
+    "name": PUBLIC_CLIENT_REQUEST_ARGS["name"],
+    "public_client": PUBLIC_CLIENT_REQUEST_ARGS["public_client"],
+    "project": PUBLIC_CLIENT_REQUEST_ARGS["project_id"],
+    "visibility": "public"
+    if PUBLIC_CLIENT_REQUEST_ARGS["publicly_visible"]
+    else "private",
+}
+
+
+def register_response(
+    args: t.Mapping[str, t.Any],
+) -> RegisteredResponse:
+    # Some name of args to create_client() have differenlty named fields.
+    body_fields: t.Dict[str, t.Any] = {}
+    for arg_name in args:
+        if arg_name == "project_id":
+            body_fields["project"] = args[arg_name]
+        elif arg_name == "publicly_visible":
+            body_fields["visibility"] = "public" if args[arg_name] else "private"
+        elif arg_name == "terms_and_conditions" or arg_name == "privacy_policy":
+            body_fields["links"] = {
+                arg_name: args[arg_name],
+                **body_fields.get("links", {}),
+            }
+        else:
+            body_fields[arg_name] = args[arg_name]
+
+    # Default to a public client response unless arg says otherwise
+    client_response_record = (
+        PUBLIC_CLIENT_RESPONSE_RECORD
+        if {**PUBLIC_CLIENT_REQUEST_ARGS, **args}["public_client"] is True
+        else PRIVATE_CLIENT_RESPONSE_RECORD
+    )
+
+    return RegisteredResponse(
+        service="auth",
+        method="POST",
+        path="/v2/api/clients",
+        json={"client": {**client_response_record, **body_fields}},
+        metadata={
+            # Test functions use 'args' to form request
+            "args": {**PUBLIC_CLIENT_REQUEST_ARGS, **args},
+            # Test functions use 'response' to verify response
+            "response": body_fields,
+        },
+        match=[
+            json_params_matcher(
+                {"client": {**PUBLIC_CLIENT_REQUEST_BODY, **body_fields}}
+            )
+        ],
+    )
+
+
+RESPONSES = ResponseSet(
+    default=register_response({}),
+    name=register_response({"name": str(uuid.uuid4()).replace("-", "")}),
+    public_client=register_response({"public_client": True}),
+    private_client=register_response({"public_client": False}),
+    project_id=register_response({"project_id": str(uuid.uuid1())}),
+    publicly_visible=register_response({"publicly_visible": True}),
+    not_publicly_visible=register_response({"publicly_visible": False}),
+    redirect_uris=register_response({"redirect_uris": ["https://foo.com"]}),
+    links=register_response(
+        {
+            "terms_and_conditions": "https://foo.org",
+            "privacy_policy": "https://boo.org",
+        }
+    ),
+    required_idp=register_response({"required_idp": str(uuid.uuid1())}),
+    preselect_idp=register_response({"preselect_idp": str(uuid.uuid1())}),
+)

src/globus_sdk/_testing/data/auth/create_client_credential.py

@@ -0,0 +1,43 @@
+import uuid
+
+from globus_sdk._testing.models import RegisteredResponse, ResponseSet
+
+NEW_CREDENTIAL_NAME = str(uuid.uuid4()).replace("-", "")
+
+CREDENTIAL = {
+    "name": "foo",
+    "id": str(uuid.uuid1()),
+    "created": "2023-10-21T22:46:15.845937+00:00",
+    "client": str(uuid.uuid1()),
+    "secret": "abc123",
+}
+
+
+RESPONSES = ResponseSet(
+    default=RegisteredResponse(
+        service="auth",
+        method="POST",
+        path=f"/v2/api/clients/{CREDENTIAL['client']}/credentials",
+        json={"credential": CREDENTIAL},
+        metadata={
+            "credential_id": CREDENTIAL["id"],
+            "client_id": CREDENTIAL["client"],
+            "name": CREDENTIAL["name"],
+        },
+    ),
+    name=RegisteredResponse(
+        service="auth",
+        method="POST",
+        path=f"/v2/api/clients/{CREDENTIAL['client']}/credentials",
+        json={
+            "credential": {
+                **CREDENTIAL,
+                "name": NEW_CREDENTIAL_NAME,
+            }
+        },
+        metadata={
+            "name": NEW_CREDENTIAL_NAME,
+            "client_id": CREDENTIAL["client"],
+        },
+    ),
+)

src/globus_sdk/_testing/data/auth/create_native_app_instance.py

@@ -0,0 +1,86 @@
+import typing as t
+import uuid
+
+from responses.matchers import json_params_matcher
+
+from globus_sdk._testing.models import RegisteredResponse, ResponseSet
+
+APP_REQUEST_ARGS = {
+    "template_id": str(uuid.uuid1()),
+    "name": str(uuid.uuid1()).replace("-", ""),
+}
+
+
+def make_app_request_body(request_args: t.Dict[str, t.Any]) -> t.Dict[str, t.Any]:
+    request_body = request_args.copy()
+    request_body["template_id"] = str(request_args["template_id"])
+    return request_body
+
+
+def make_app_response_body(request_args: t.Mapping[str, t.Any]) -> t.Dict[str, t.Any]:
+    return {
+        "client": {
+            "fqdns": [],
+            "name": request_args["name"],
+            "id": "e634cc2a-d528-494e-8dda-92ec54a883c9",
+            "public_client": False,
+            "scopes": [],
+            "required_idp": None,
+            "grant_types": [
+                "authorization_code",
+                "client_credentials",
+                "refresh_token",
+            ],
+            "userinfo_from_effective_identity": True,
+            "client_type": "confidential_client",
+            "prompt_for_named_grant": False,
+            "links": {"privacy_policy": None, "terms_and_conditions": None},
+            "visibility": "private",
+            "preselect_idp": None,
+            "parent_client": str(request_args["template_id"]),
+            "project": None,
+            "redirect_uris": [],
+        },
+        "included": {
+            "client_credential": {
+                "name": "Auto-created at client creation",
+                "id": "b4840855-2de8-4035-b1b4-4e7c8f518943",
+                "client": "e634cc2a-d528-494e-8dda-92ec54a883c9",
+                "secret": "cgK1HG9Y0DcZw79YlQEJpZCF4CMxIbaFf5sohWxjcfY=",
+            }
+        },
+    }
+
+
+def register_response(
+    args: t.Mapping[str, t.Any],
+) -> RegisteredResponse:
+    request_args = {**APP_REQUEST_ARGS, **args}
+    request_body = make_app_request_body(request_args)
+    response_body = make_app_response_body(request_args)
+
+    return RegisteredResponse(
+        service="auth",
+        method="POST",
+        path="/v2/api/clients",
+        json={"client": response_body},
+        metadata={
+            # Test functions use 'args' to form request
+            "args": request_args,
+            # Test functions use 'response' to verify response
+            "response": response_body,
+        },
+        match=[
+            json_params_matcher(
+                {"client": request_body},
+            )
+        ],
+    )
+
+
+RESPONSES = ResponseSet(
+    default=register_response({}),
+    template_id_str=register_response({"template_id": str(uuid.uuid1())}),
+    template_id_uuid=register_response({"template_id": uuid.uuid1()}),
+    name=register_response({"name": str(uuid.uuid1()).replace("-", "")}),
+)