Skip to content

feature:FGI-1575 Add ability to manage a users connected accounts #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kishore7snehil merged 18 commits into from
Feb 6, 2026
Merged

feature:FGI-1575 Add ability to manage a users connected accounts #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
a2a7d5c
Add support for getting and deleting connected accounts
sam-muncke Nov 14, 2025
ea85e80
Linting fixes
sam-muncke Nov 18, 2025
100ce13
Add some tests for new my account api methods
sam-muncke Nov 18, 2025
a8db5d5
Add tests for server_client behaviour
sam-muncke Nov 18, 2025
c764468
Add some docs about managing connected accounts
sam-muncke Nov 18, 2025
4f2e805
Add doc comments
sam-muncke Nov 18, 2025
9717a26
Claude review fixes
sam-muncke Dec 8, 2025
2957000
Claude doc fixes
sam-muncke Dec 8, 2025
8fb55b1
Rename from_token to from_param
sam-muncke Dec 9, 2025
6f46801
Add argument validation to new server_client methods
sam-muncke Dec 11, 2025
e672073
Add parameter validation to new my_account_api functions
sam-muncke Dec 11, 2025
4f77836
Rename ListConnectedAccountResponse -> ListConnectedAccountsResponse
sam-muncke Dec 11, 2025
6104d6c
Merge branch 'main' into FGI-1575_manage_connected_accounts
sam-muncke Jan 22, 2026
167475f
Restructure auth_types
sam-muncke Jan 22, 2026
f5245dc
Add doc comments to my account client
sam-muncke Jan 22, 2026
5273f38
fix example domain in comment
sam-muncke Jan 22, 2026
5588839
Add error handling section to the docs
sam-muncke Feb 4, 2026
833d4d0
Merge branch 'main' into FGI-1575_manage_connected_accounts
sam-muncke Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
125 changes: 124 additions & 1 deletion examples/ConnectedAccounts.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,129 @@ You can now call the API with your access token and the API can use [Access Toke
```python
access_token_for_google = await server_client.get_access_token_for_connection(
{ "connection": "google-oauth2" },
store_options=store_options
store_options={"request": request, "response": response}
)
```

## Managing Connected Accounts

`ServerClient` exposes three methods for managing a user's connected accounts

### List Available Connections

This method provides a list of connections that have been enabled for use with Connected Accounts for Token Vault that the user may use to connect accounts.

This method requires the My Account `read:me:connected_accounts` scope to be enabled for your application and configured for MRRT.

This method supports paging via optional the use of `take` parameter. Without this parameters, a default page size of 10 is used. Subsequent pages can be retrieved by also passing the `from_param` parameter with the token returned in the `next` property of the response

```python
available_connections = await client.list_connected_account_connections(
take= 5, # optional
from_param= "NEXT_VALUE_FROM_PREVIOUS_RESPONSE", # optional
store_options= {"request": request, "response": response}
)
```

### List Connected Accounts

This method provides a list of accounts that you have already connected.

This method requires the My Account `read:me:connected_accounts` scope to be enabled for your application and configured for MRRT.

An optional `connection` parameter can be used to filter the connected accounts for a specific connection, otherwise all connected accounts will be returns

This method supports paging via optional the use of `take` parameter. Without this parameters, a default page size of 10 is used. Subsequent pages can be retrieved by also passing the `from_param` parameter with the token returned in the `next` property of the response

```python
connected_accounts = await client.list_connected_accounts(
connection= "google-oauth2", # optional
take= 5, # optional
from_param= "NEXT_VALUE_FROM_PREVIOUS_RESPONSE", # optional
store_options= {"request": request, "response": response}
)
```

### Delete Connected Account

This method removes a connected account for the user.

This method requires the My Account `delete:me:connected_accounts` scope to be enabled for your application and configured for MRRT.

This method takes a `connected_account_id` parameter which can be obtained from `list_connected_accounts`.

```python
connected_accounts = await client.delete_connected_account(
connected_account_id= "CONNECTED_ACCOUNT_ID",
store_options= {"request": request, "response": response}
)
```

## Error Handling

All SDK errors inherit from `Auth0Error`. For most cases, catch `Auth0Error` to handle all errors uniformly. Only catch specific error types when you need to take different actions based on the error.

### Basic Error Handling (Recommended)

```python
from auth0_server_python.error import Auth0Error

try:
connect_url = await client.start_connect_account(
ConnectAccountOptions(connection="google-oauth2", redirect_uri="https://example.com/callback"),
store_options={"request": request, "response": response}
)
except Auth0Error as e:
print(f"Error: {str(e)}")
return {"error": "Failed to connect account"}
```

### Advanced Error Handling (When Specific Actions Required)

Catch specific types only when you need to handle different error conditions differently:

```python
from auth0_server_python.error import Auth0Error, MyAccountApiError

try:
connect_url = await client.start_connect_account(
ConnectAccountOptions(connection="google-oauth2", redirect_uri="https://example.com/callback"),
store_options={"request": request, "response": response}
)
except MyAccountApiError as e:
if e.status == 401:
return redirect_to_login() # Token expired
elif e.status == 403:
return {"error": "Missing required permission"} # Missing scope
elif e.status == 400 and e.validation_errors:
return {"error": "Validation failed", "details": e.validation_errors}
raise # Re-raise other cases
except Auth0Error as e:
return {"error": str(e)}
```

### Common Error Types

- **`Auth0Error`** (base): Catch this for general error handling
- **`MyAccountApiError`**: My Account API errors with `status`, `detail`, and optional `validation_errors`
- **`InvalidArgumentError`**: Invalid parameter value
- **`MissingRequiredArgumentError`**: Required parameter not provided

## A note about scopes

If multiple pieces of Connected Account functionality are intended to be used, it is recommended that you set the default `scope` for the My Account audience when creating you `ServerClient`. This will avoid multiple token requests as without it a new token will be requested for each scope used. This can be done by configuring the `scope` dictionary in the `authorization_params` when configuring the SDK. Each value in the dictionary corresponds to an `audience` and sets the `default` requested scopes for that audience.

```python
server_client = ServerClient(
domain="YOUR_AUTH0_DOMAIN",
client_id="YOUR_CLIENT_ID",
client_secret="YOUR_CLIENT_SECRET",
secret="YOUR_SECRET",
authorization_params={
"scope" {
"https://YOUR_AUTH0_DOMAIN/me/": "create:me:connected_accounts read:me:connected_accounts delete:me:connected_accounts", # scopes required for the My Account audience
# default scopes for custom API audiences can also be defined
}
}
)
```
Loading