added files

lib/descope-auth.ts

@@ -195,35 +195,44 @@ export class DescopeAuth extends Construct implements sbt.IAuth {
         index: "index.py",
         handler: "handler",
         timeout: Duration.seconds(60),
-        layers: [descopeHelperLayer],
+        layers: lambdaFunctionsLayers,
         environment: environmentVariables,
       }
     );
     clientSecretSSMMgmtKey.grantRead(this.createMachineClientFunction);
 
-    // Define the custom resource provider
-    const provider = new Provider(this, "Provider", {
-      onEventHandler: this.createMachineClientFunction,
-    });
-
-    // Create the custom resource
-    const customResource = new CustomResource(
+    // // Define the custom resource provider
+    // const provider = new Provider(this, "Provider", {
+    //   onEventHandler: this.createMachineClientFunction,
+    // });
+
+    // // Create the custom resource
+    // const customResource = new CustomResource(
+    //   this,
+    //   "machineClientCustomResource",
+    //   {
+    //     serviceToken: provider.serviceToken,
+    //     properties: {
+    //       name: "SBT Access Key",
+    //       description: "Auto-generated Access Key for SBT",
+    //     },
+    //   }
+    // );
+
+    const machineClientResource = this.createMachineClient(
       this,
-      "machineClientCustomResource",
+      "MachineClient",
       {
-        serviceToken: provider.serviceToken,
-        properties: {
-          name: "SBT Access Key",
-          description: "Auto-generated Access Key for SBT",
-        },
+        name: "SBT Access Key",
+        description: "Auto-generated Access Key for SBT",
       }
     );
 
-    this.machineClientId = customResource.getAttString("ClientId");
+    this.machineClientId = machineClientResource.getAttString("clientId");
     new cdk.CfnOutput(this, "machineClientId", { value: this.machineClientId });
 
     this.machineClientSecret = cdk.SecretValue.resourceAttribute(
-      customResource.getAttString("ClientSecret")
+      machineClientResource.getAttString("clientSecret")
     );
 
     // Ensure the domain is valid or fallback to a generated default domain
@@ -302,6 +311,19 @@ export class DescopeAuth extends Construct implements sbt.IAuth {
       }
     );
   }
+  createMachineClient(
+    scope: Construct,
+    id: string,
+    props: CreateMachineClientProps
+  ): cdk.CustomResource {
+    return new CustomResource(scope, `createClientCustomResource-${id}*`, {
+      serviceToken: this.createMachineClientFunction.functionArn,
+      properties: {
+        Name: props.name ? props.name : id,
+        ...(props.description && { Description: props.description }),
+      },
+    });
+  }
   createAdminUser(scope: Construct, id: string, props: CreateAdminUserProps) {
     new CustomResource(scope, `createAdminUserCustomResource-v2-${id}`, {
       serviceToken: this.createAdminUserFunction.functionArn,

resources/functions/create-client/index.py

@@ -12,7 +12,7 @@
 
 # Retrieve Descope project credentials from environment variables or configuration
 project_id = os.environ.get("DescopeProjectId")
-descope_mgmt_key = os.environ.get("ManagementSSMKeyName")
+descope_mgmt_key_name = os.environ.get("ManagementSSMKeyName")
 
 
 @helper.create
@@ -26,7 +26,7 @@ def create_client(event, _):
     """
 
     # Initialize the Descope client
-    descope = get_descope_handler(project_id, descope_mgmt_key)
+    descope = get_descope_handler(project_id, descope_mgmt_key_name)
     request = event.get("ResourceProperties", {})
     name = request.get("name")
     description = request.get("description")
@@ -57,8 +57,8 @@ def create_client(event, _):
         # Return data to CloudFormation
         helper.Data.update(
             {
-                "ClientId": client_id,
-                "ClientSecret": client_secret,  # Returning both client ID and secret
+                "clientId": client_id,
+                "clientSecret": client_secret,  # Returning both client ID and secret
             }
         )
     except Exception as e: