saroshfarhan
diff --git a/‎tests/test_access_token.py
Lines changed: 17 additions & 28 deletions b/‎tests/test_access_token.py
Lines changed: 17 additions & 28 deletions
diff --git a/‎twilio/access_token.py
Lines changed: 58 additions & 41 deletions b/‎twilio/access_token.py
Lines changed: 58 additions & 41 deletions
@@ -2,7 +2,7 @@
 
 from nose.tools import assert_equal
 from twilio.jwt import decode
-from twilio.access_token import AccessToken
+from twilio.access_token import AccessToken, ConversationGrant, IpMessagingGrant
 
 ACCOUNT_SID = 'AC123'
 SIGNING_KEY_SID = 'SK123'
@@ -28,54 +28,43 @@ def _validate_claims(self, payload):
     def test_empty_grants(self):
         scat = AccessToken(SIGNING_KEY_SID, ACCOUNT_SID, 'secret')
         token = str(scat)
-        assert_is_not_none(token)
-        payload = decode(token, 'secret')
-        self._validate_claims(payload)
-        assert_equal([], payload['grants'])
 
-    def test_single_grant(self):
-        scat = AccessToken(SIGNING_KEY_SID, ACCOUNT_SID, 'secret')
-        scat.add_grant('https://api.twilio.com/**')
-        token = str(scat)
         assert_is_not_none(token)
         payload = decode(token, 'secret')
         self._validate_claims(payload)
-        assert_equal(1, len(payload['grants']))
-        assert_equal('https://api.twilio.com/**', payload['grants'][0]['res'])
-        assert_equal(['*'], payload['grants'][0]['act'])
+        assert_equal({}, payload['grants'])
 
-    def test_endpoint_grant(self):
+    def test_conversations_grant(self):
         scat = AccessToken(SIGNING_KEY_SID, ACCOUNT_SID, 'secret')
-        scat.add_endpoint_grant('bob')
+        scat.add_grant(ConversationGrant())
+
         token = str(scat)
         assert_is_not_none(token)
         payload = decode(token, 'secret')
         self._validate_claims(payload)
         assert_equal(1, len(payload['grants']))
-        assert_equal('sip:bob@AC123.endpoint.twilio.com',
-                     payload['grants'][0]['res'])
-        assert_equal(['listen', 'invite'], payload['grants'][0]['act'])
+        assert_equal({}, payload['grants']['rtc'])
 
-    def test_rest_grant(self):
+    def test_ip_messaging_grant(self):
         scat = AccessToken(SIGNING_KEY_SID, ACCOUNT_SID, 'secret')
-        scat.add_rest_grant('/Apps')
+        scat.add_grant(IpMessagingGrant())
+
         token = str(scat)
         assert_is_not_none(token)
         payload = decode(token, 'secret')
         self._validate_claims(payload)
         assert_equal(1, len(payload['grants']))
-        assert_equal('https://api.twilio.com/2010-04-01/Accounts/AC123/Apps',
-                     payload['grants'][0]['res'])
-        assert_equal(['*'], payload['grants'][0]['act'])
+        assert_equal({}, payload['grants']['ip_messaging'])
 
-    def test_enable_nts(self):
+    def test_grants(self):
         scat = AccessToken(SIGNING_KEY_SID, ACCOUNT_SID, 'secret')
-        scat.enable_nts()
+        scat.add_grant(ConversationGrant())
         scat.add_grant(IpMessagingGrant())
+
         token = str(scat)
         assert_is_not_none(token)
         payload = decode(token, 'secret')
         self._validate_claims(payload)
-        assert_equal(1, len(payload['grants']))
-        assert_equal('https://api.twilio.com/2010-04-01/Accounts/AC123/Tokens.json',
-                     payload['grants'][0]['res'])
-        assert_equal(['POST'], payload['grants'][0]['act'])
+        assert_equal(2, len(payload['grants']))
+        assert_equal({}, payload['grants']['rtc'])
+        assert_equal({}, payload['grants']['ip_messaging'])
@@ -1,67 +1,84 @@
 import time
 import jwt
 
-ALL = '*'
 
-# HTTP Actions
-HTTP_DELETE = 'DELETE'
-HTTP_GET = 'GET'
-HTTP_POST = 'POST'
-HTTP_PUT = 'PUT'
+class IpMessagingGrant(object):
+    def __init__(self, service_sid=None, endpoint_id=None,
+                 role_sid=None, credential_sid=None):
+        self.service_sid = service_sid
+        self.endpoint_id = endpoint_id
+        self.role_sid = role_sid
+        self.credential_sid = credential_sid
 
-# Client Actions
-CLIENT_LISTEN = 'listen'
-CLIENT_INVITE = 'invite'
+    @property
+    def key(self):
+        return "ip_messaging"
+
+    def to_payload(self):
+        grant = {}
+        if self.service_sid:
+            grant['service_sid'] = self.service_sid
+        if self.endpoint_id:
+            grant['endpoint_id'] = self.endpoint_id
+        if self.role_sid:
+            grant['deployment_role_sid'] = self.role_sid
+        if self.credential_sid:
+            grant['push_credential_sid'] = self.credential_sid
+
+        return grant
+
+
+class ConversationGrant(object):
+    def __init__(self, configuration_profile_sid=None):
+        self.configuration_profile_sid = configuration_profile_sid
+
+    @property
+    def key(self):
+        return "rtc"
+
+    def to_payload(self):
+        grant = {}
+        if self.configuration_profile_sid:
+            grant['configuration_profile_sid'] = self.configuration_profile_sid
+
+        return grant
 
 
 class AccessToken(object):
-    def __init__(self, signing_key_sid, account_sid, secret, ttl=3600):
+    def __init__(self, signing_key_sid, account_sid, secret,
+                 identity=None, ttl=3600):
         self.signing_key_sid = signing_key_sid
         self.account_sid = account_sid
         self.secret = secret
+
+        self.identity = identity
         self.ttl = ttl
         self.grants = []
 
-    def add_grant(self, resource, actions=ALL):
-        if not isinstance(actions, list):
-            actions = [actions]
-
-        self.grants.append({
-            'res': resource,
-            'act': actions,
-        })
-        return self
-
-    def add_rest_grant(self, uri, actions=ALL):
-        resource = 'https://api.twilio.com/2010-04-01/Accounts/{0}/{1}'.format(
-            self.account_sid,
-            uri.lstrip('/'),
-        )
-        return self.add_grant(resource, actions)
-
-    def add_endpoint_grant(self, endpoint, actions=None):
-        actions = actions or [CLIENT_LISTEN, CLIENT_INVITE]
-        resource = 'sip:{0}@{1}.endpoint.twilio.com'.format(
-            endpoint,
-            self.account_sid
-        )
-        return self.add_grant(resource, actions)
-
-    def enable_nts(self):
-        return self.add_rest_grant('/Tokens.json', HTTP_POST)
-
-    def to_jwt(self):
+    def add_grant(self, grant):
+        self.grants.append(grant)
+
+    def to_jwt(self, algorithm='HS256'):
         now = int(time.time())
         headers = {
-            "cty": "twilio-sat;v=1"
+            "typ": "JWT",
+            "cty": "twilio-sat;v=2"
         }
+
+        grants = {}
+        if self.identity:
+            grants["identity"] = self.identity
+
+        for grant in self.grants:
+            grants[grant.key] = grant.to_payload()
+
         payload = {
             "jti": '{0}-{1}'.format(self.signing_key_sid, now),
             "iss": self.signing_key_sid,
             "sub": self.account_sid,
             "nbf": now,
             "exp": now + self.ttl,
-            "grants": self.grants
+            "grants": grants
         }
 
         return jwt.encode(payload, self.secret, headers=headers)