Merchant-specific DNS names Support for access (#198)

armando-rodriguez-cko · david-ruiz-cko · web-flow · commit 7f22ac853421 · 2026-01-28T12:23:20.000+01:00
* Subdomain added for access validation endpoint

* fix: clean up whitespace in multiple files and update test assertion formatting

---------

Co-authored-by: david ruiz &lt;david.ruiz@checkout.com&gt;
diff --git a/checkout_sdk/environment_subdomain.py b/checkout_sdk/environment_subdomain.py
@@ -6,18 +6,30 @@
 
 class EnvironmentSubdomain:
     def __init__(self, environment: Environment, subdomain: str):
-        self.base_uri = self.add_subdomain_to_api_url_environment(environment, subdomain)
+        self.base_uri = self.create_url_with_subdomain(environment.base_uri, subdomain)
+        self.authorization_uri = self.create_url_with_subdomain(environment.authorization_uri, subdomain)
 
     @staticmethod
-    def add_subdomain_to_api_url_environment(environment: Environment, subdomain: str):
-        api_url = environment.base_uri
-        new_environment = api_url
+    def create_url_with_subdomain(original_url: str, subdomain: str):
+        """
+        Applies subdomain transformation to any given URL.
+        If the subdomain is valid (alphanumeric pattern), prepends it to the host.
+        Otherwise, returns the original URL unchanged.
+
+        Args:
+            original_url: the original URL to transform
+            subdomain: the subdomain to prepend
+
+        Returns:
+            the transformed URL with subdomain, or original URL if subdomain is invalid
+        """
+        new_environment = original_url
 
         regex = r'^[0-9a-z]+$'
         if re.match(regex, subdomain):
-            url_parts = urlparse(api_url)
+            url_parts = urlparse(original_url)
             if url_parts.port:
-                new_host = subdomain + '.' + url_parts.hostname + ':' + url_parts.port
+                new_host = subdomain + '.' + url_parts.hostname + ':' + str(url_parts.port)
             else:
                 new_host = subdomain + '.' + url_parts.hostname
 
diff --git a/checkout_sdk/oauth_sdk.py b/checkout_sdk/oauth_sdk.py
@@ -31,14 +31,24 @@ def scopes(self, scopes: list):
         return self
 
     def build(self):
+        # Determine the authorization URI based on subdomain configuration
+        if self._environment_subdomain is not None:
+            authorization_uri = self._environment_subdomain.authorization_uri
+        else:
+            authorization_uri = self._environment.authorization_uri
+
+        # Use custom authorization URI if explicitly provided
+        if self._authorization_uri:
+            authorization_uri = self._authorization_uri
+
         if self._environment_subdomain is not None:
             configuration = CheckoutConfiguration(
                 credentials=OAuthSdkCredentials.init(http_client=self._http_client,
                                                      environment=self._environment,
                                                      client_id=self._client_id,
                                                      client_secret=self._client_secret,
                                                      scopes=self._scopes,
-                                                     authorization_uri=self._authorization_uri),
+                                                     authorization_uri=authorization_uri),
                 environment=self._environment,
                 http_client=self._http_client,
                 environment_subdomain=self._environment_subdomain)
@@ -49,7 +59,7 @@ def build(self):
                                                      client_id=self._client_id,
                                                      client_secret=self._client_secret,
                                                      scopes=self._scopes,
-                                                     authorization_uri=self._authorization_uri),
+                                                     authorization_uri=authorization_uri),
                 environment=self._environment,
                 http_client=self._http_client)
         return CheckoutApi(configuration)
diff --git a/tests/checkout_configuration_test.py b/tests/checkout_configuration_test.py
@@ -61,6 +61,9 @@ def test_should_create_configuration_with_subdomain(subdomain, expected_url):
     assert configuration.environment.base_uri == Environment.sandbox().base_uri
     assert configuration.http_client == http_client
     assert configuration.environment_subdomain.base_uri == expected_url
+    assert configuration.environment_subdomain.authorization_uri == (
+        f"https://{subdomain}.access.sandbox.checkout.com/connect/token"
+    )
 
 
 @pytest.mark.parametrize(
@@ -94,3 +97,30 @@ def test_should_create_configuration_with_bad_subdomain(subdomain, expected_url)
     assert configuration.environment.base_uri == Environment.sandbox().base_uri
     assert configuration.http_client == http_client
     assert configuration.environment_subdomain.base_uri == expected_url
+    assert configuration.environment_subdomain.authorization_uri == "https://access.sandbox.checkout.com/connect/token"
+
+
+def test_should_create_configuration_with_subdomain_for_production():
+    subdomain = "1234prod"
+    credentials = DefaultKeysSdkCredentials(
+        os.environ.get("CHECKOUT_DEFAULT_SECRET_KEY"),
+        os.environ.get("CHECKOUT_DEFAULT_PUBLIC_KEY")
+    )
+    http_client = Mock(spec=HttpClientBuilderInterface)
+
+    environment_subdomain = EnvironmentSubdomain(Environment.production(), subdomain)
+
+    configuration = CheckoutConfiguration(
+        credentials=credentials,
+        environment=Environment.production(),
+        http_client=http_client,
+        environment_subdomain=environment_subdomain
+    )
+
+    assert configuration.credentials == credentials
+    assert configuration.environment.base_uri == Environment.production().base_uri
+    assert configuration.http_client == http_client
+    assert configuration.environment_subdomain.base_uri == f"https://{subdomain}.api.checkout.com/"
+    assert configuration.environment_subdomain.authorization_uri == (
+        f"https://{subdomain}.access.checkout.com/connect/token"
+    )
diff --git a/tests/oauth_integration_test.py b/tests/oauth_integration_test.py
@@ -43,3 +43,18 @@ def test_should_fail_init_authorization_invalid_credentials_and_host():
             .build()
     except CheckoutException as err:
         assert err.args[0] == 'Unable to establish connection to host: (https://test.checkout.com)'
+
+
+def test_should_fail_oauth_with_subdomain_invalid_credentials():
+    try:
+        CheckoutSdk \
+            .builder() \
+            .oauth() \
+            .client_credentials(client_id='fake_id',
+                                client_secret='fake_secret') \
+            .environment(Environment.sandbox()) \
+            .environment_subdomain('1234doma') \
+            .scopes([OAuthScopes.GATEWAY, OAuthScopes.VAULT]) \
+            .build()
+    except CheckoutException as err:
+        assert err.args[0] == 'OAuth client_credentials authentication failed with error: (invalid_client)'
