From 7b6ea4c8ddf6634f73f327fe2a130b0306b0e50e Mon Sep 17 00:00:00 2001
From: Mostafa Rashed <17770919+mrashed-dev@users.noreply.github.com>
Date: Fri, 26 Jan 2024 00:32:34 +0400
Subject: [PATCH 1/2]  default to api key for token methods

---
 nylas/models/auth.py    | 8 ++++----
 nylas/resources/auth.py | 4 ++++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/nylas/models/auth.py b/nylas/models/auth.py
index 377a034d..27a0e4f1 100644
--- a/nylas/models/auth.py
+++ b/nylas/models/auth.py
@@ -61,14 +61,14 @@ class CodeExchangeRequest(TypedDict):
         redirect_uri: Should match the same redirect URI that was used for getting the code during the initial authorization request.
         code: OAuth 2.0 code fetched from the previous step.
         client_id: Client ID of the application.
-        client_secret: Client secret of the application.
+        client_secret: Client secret of the application. If not provided, the API Key will be used instead.
         code_verifier: The original plain text code verifier (code_challenge) used in the initial authorization request (PKCE).
     """
 
     redirect_uri: str
     code: str
     client_id: str
-    client_secret: str
+    client_secret: NotRequired[str]
     code_verifier: NotRequired[str]
 
 
@@ -80,13 +80,13 @@ class TokenExchangeRequest(TypedDict):
         redirect_uri: Should match the same redirect URI that was used for getting the code during the initial authorization request.
         refresh_token: Token to refresh/request your short-lived access token
         client_id: Client ID of the application.
-        client_secret: Client secret of the application.
+        client_secret: Client secret of the application. If not provided, the API Key will be used instead.
     """
 
     redirect_uri: str
     refresh_token: str
     client_id: str
-    client_secret: str
+    client_secret: NotRequired[str]
 
 
 @dataclass_json
diff --git a/nylas/resources/auth.py b/nylas/resources/auth.py
index e63b4ddd..b7d1e389 100644
--- a/nylas/resources/auth.py
+++ b/nylas/resources/auth.py
@@ -84,6 +84,8 @@ def exchange_code_for_token(
         Returns:
             Information about the Nylas application
         """
+        if "client_secret" not in request:
+            request["client_secret"] = self._http_client.api_key
 
         request_body = dict(request)
         request_body["grant_type"] = "authorization_code"
@@ -122,6 +124,8 @@ def refresh_access_token(
         Returns:
             The response containing the new access token.
         """
+        if "client_secret" not in request:
+            request["client_secret"] = self._http_client.api_key
 
         request_body = dict(request)
         request_body["grant_type"] = "refresh_token"

From 7b8d0e60c7f1bc65822330d2d6fbe25313776c41 Mon Sep 17 00:00:00 2001
From: Mostafa Rashed <17770919+mrashed-dev@users.noreply.github.com>
Date: Fri, 26 Jan 2024 00:33:15 +0400
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cdf44c12..f0209fe8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
 nylas-python Changelog
 ======================
 
+v6.0.0b9
+----------------
+* Changed `client_secret` to optional for token exchange methods; defaults to API Key now
+
 v6.0.0b8
 ----------------
 * **BREAKING CHANGES**: Moved grants API out of `Auth` to `NylasClient`