Fix: add auth headers and body to multitenancy token request

[MonolithicMonk]

Description:

• Reference: Closes ACA-Py Multitenancy Token Request Fails with 401 Unauthorized #895
• Summary:
  • Modified MultiTenantAcapy.get_wallet_token to include Admin API key headers when configured.
  • Added wallet_key to the request body payload as required by the endpoint.
  • Refactored SingleTenantAcapy.get_headers to return an empty dict instead of None values when keys are missing.
  • Updated MultiTenantAcapy to raise Exception instead of AssertionError for better error handling.
  • Updated tests to reflect new implementation logic and error handling.
• Impact: Fixes 401 Unauthorized errors when the controller attempts to get a wallet token from a secured ACA-Py agent instance.

[coveralls]

Pull Request Test Coverage Report for Build 19772814756

Details

• 17 of 17 (100.0%) changed or added relevant lines in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.08%) to 87.711%

---

Totals
Change from base Build 19772812094:	0.08%
Covered Lines:	1927
Relevant Lines:	2197

---

💛 - Coveralls

[loneil]

rebased

[Copilot]

Pull request overview

This PR fixes a bug where the OIDC controller failed to authenticate with secured ACA-Py instances when requesting wallet tokens. The fix adds proper authentication headers and the required wallet_key parameter to the multitenancy token request endpoint.

Key Changes:

• Modified MultiTenantAcapy.get_wallet_token to include Admin API key headers when configured and add wallet_key to the request body
• Refactored error handling from assert statements to explicit Exception raising with improved logging
• Updated SingleTenantAcapy.get_headers to return empty dict instead of dict with None values when API key is not configured

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 9 comments.

File	Description
oidc-controller/api/core/acapy/config.py	Added authentication header logic and request body payload to get_wallet_token, improved error handling with explicit exceptions, and modified SingleTenantAcapy.get_headers to handle missing credentials gracefully
oidc-controller/api/core/acapy/tests/test_config.py	Added comprehensive tests for authenticated and unauthenticated scenarios, updated existing error test to expect Exception instead of AssertionError, and added test for SingleTenantAcapy with missing API key

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[loneil]

Tested out locally with our usual single tenant/no-key setup and that's still working for me. Some minor Copilot suggestions that could be looked at. Didn't try out any mult-tenant setup but implementation makes sense to me

[esune]

Tested locally, everything works as expected on a multi-tenant instance of ACA-Py. I think addressing the couple comments from Copilot is beneficial, then we can merge.