auth0 4.0.0 → 4.1.0

data/examples/ruby-on-rails-api/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-agent: *
+# Disallow: /

data/examples/ruby-on-rails-api/test/ping_controller_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+# Ping Controller Tests
+class PingControllerTest < ActionController::TestCase
+  test 'responds with success' do
+    get :ping
+    assert_response :success
+  end
+end

data/examples/ruby-on-rails-api/test/secured_ping_controller_test.rb

@@ -0,0 +1,26 @@
+require 'test_helper'
+# Secure Ping Controller Test
+class SecuredPingControllerTest < ActionController::TestCase
+  def with_a_valid_token
+    @user = { id: 1 }
+    @token = Knock::AuthToken.new(payload: { sub: @user[:id] }).token
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  test 'responds with unauthorized' do
+    get :ping
+    assert_response :unauthorized
+  end
+
+  test 'responds with success when passing a valid token' do
+    with_a_valid_token
+    get :ping
+    assert_response :success
+  end
+
+  test '@current_user is set when passing a valid token' do
+    with_a_valid_token
+    get :ping
+    assert_equal @user[:id], @controller.current_user[:id]
+  end
+end

data/examples/ruby-on-rails-api/test/test_helper.rb

@@ -0,0 +1,16 @@
+ENV['RAILS_ENV'] ||= 'test'
+require File.expand_path('../../config/environment', __FILE__)
+require 'rails/test_help'
+# Active Support
+class ActiveSupport
+  # Test Case
+  class TestCase
+    # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
+    #
+    # Note: You'll currently still have to declare fixtures explicitly in integration tests
+    # -- they do not yet inherit this setting
+    fixtures :all
+
+    # Add more helper methods to be used by all tests here...
+  end
+end

data/lib/auth0/api/authentication_endpoints.rb

@@ -4,8 +4,8 @@ module Auth0
     # {https://auth0.com/docs/auth-api}
     # Methods to use the authentication endpoints
     module AuthenticationEndpoints
-      UP_AUTH = 'Username-Password-Authentication'
-      JWT_BEARER = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
+      UP_AUTH = 'Username-Password-Authentication'.freeze
+      JWT_BEARER = 'urn:ietf:params:oauth:grant-type:jwt-bearer'.freeze
 
       # Retrives an access token
       # @see https://auth0.com/docs/auth-api#!#post--oauth-access_token
@@ -22,6 +22,28 @@ module Auth0
         end
       end
 
+      # Gets the user tokens using the code obtained through passive authentication in the specified connection
+      # @see https://auth0.com/docs/auth-api#!#post--oauth-access_token
+      # @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
+      # @param scope [string] Defaults to openid. Can be 'openid name email', 'openid offline_access'
+      # @param redirect_uri [string] Url to redirect after authorization
+      # @param redirect_uri [string] The access code obtained through passive authentication
+      # @return [json] Returns the access_token and id_token
+      def obtain_user_tokens(code, redirect_uri, connection = 'facebook', scope = 'openid')
+        raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
+        request_params = {
+          client_id:     @client_id,
+          client_secret: @client_secret,
+          connection:    connection,
+          grant_type:    'authorization_code',
+          code:          code,
+          scope:         scope,
+          redirect_uri:  redirect_uri
+        }
+        post('/oauth/token', request_params)
+      end
+
       # Logins using username/password
       # @see https://auth0.com/docs/auth-api#!#post--oauth-ro
       # @param username [string] Username
@@ -32,8 +54,8 @@ module Auth0
       # Active Directory/LDAP, Windows Azure AD and ADF
       # @return [json] Returns the access token and id token
       def login(username, password, id_token = nil, connection_name = UP_AUTH, options = {})
-        fail Auth0::InvalidParameter, 'Must supply a valid username' if username.to_s.empty?
-        fail Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid username' if username.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
         request_params = {
           client_id:  @client_id,
           username:   username,
@@ -54,8 +76,8 @@ module Auth0
       # @param connection_name [string] Connection name. Works for database connections.
       # @return [json] Returns the created user
       def signup(email, password, connection_name = UP_AUTH)
-        fail Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
-        fail Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
         request_params = {
           client_id:  @client_id,
           email:      email,
@@ -72,7 +94,7 @@ module Auth0
       # @param password [string] User's new password
       # @param connection_name [string] Connection name. Works for database connections.
       def change_password(email, password, connection_name = UP_AUTH)
-        fail Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
         request_params = {
           client_id:  @client_id,
           email:      email,
@@ -88,12 +110,13 @@ module Auth0
       # @param send [string] Defaults to 'link'. Can be 'code'. You can then authenticate with this user opening the link
       # @param auth_params [hash] Append/override parameters to the link (like scope, redirect_uri, protocol, etc.)
       def start_passwordless_email_flow(email, send = 'link', auth_params = {})
-        fail Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
         request_params = {
-          client_id:    @client_id,
-          email:        email,
-          send:         send,
-          auth_params:  auth_params
+          client_id:   @client_id,
+          connection:  'email',
+          email:       email,
+          send:        send,
+          authParams:  auth_params
         }
         post('/passwordless/start', request_params)
       end
@@ -102,7 +125,7 @@ module Auth0
       # @see https://auth0.com/docs/auth-api#!#post--with_sms
       # @param phone_number [string] User's phone number.
       def start_passwordless_sms_flow(phone_number)
-        fail Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
         request_params = {
           client_id:    @client_id,
           connection:   'sms',
@@ -117,8 +140,8 @@ module Auth0
       # @param code [string] Verification code.
       # @return [json] Returns the access token and id token
       def phone_login(phone_number, code, scope = 'openid')
-        fail Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
-        fail Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
         request_params = {
           client_id:  @client_id,
           username:   phone_number,
@@ -132,11 +155,9 @@ module Auth0
 
       # Retrives the SAML 2.0 metadata
       # @see https://auth0.com/docs/auth-api#!#get--samlp--client_id-
-      # @param client_id [string] Client id
       # @return [xml] SAML 2.0 metadata
-      def saml_metadata(client_id)
-        fail Auth0::InvalidParameter, 'Must supply a valid client_id' if client_id.to_s.empty?
-        get("/samlp/metadata/#{client_id}")
+      def saml_metadata
+        get("/samlp/metadata/#{@client_id}")
       end
 
       # Retrives the WS-Federation metadata
@@ -151,7 +172,7 @@ module Auth0
       # @param id_token [string] Token's id.
       # @return User information associated with the user id (sub property) of the token.
       def token_info(id_token)
-        fail Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
         request_params = { id_token: id_token }
         post('/tokeninfo', request_params)
       end
@@ -166,7 +187,7 @@ module Auth0
       # @param extra_parameters [hash] Extra parameters.
       # @return [json] Returns the refreshed delegation token
       def refresh_delegation(refresh_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
-        fail Auth0::InvalidParameter, 'Must supply a valid token to refresh' if refresh_token.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid token to refresh' if refresh_token.to_s.empty?
         request_params = {
           client_id:      @client_id,
           grant_type:     JWT_BEARER,
@@ -188,7 +209,7 @@ module Auth0
       # @param extra_parameters [hash] Extra parameters.
       # @return [json] Returns the refreshed delegation token
       def delegation(id_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
-        fail Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
         request_params = {
           client_id:  @client_id,
           grant_type: JWT_BEARER,
@@ -207,8 +228,13 @@ module Auth0
       # @param impersonator_id [string] Impersonator user id id.
       # @param options [string] Additional Parameters
       # @return [string] Impersonation URL
+      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       def impersonate(user_id, app_client_id, impersonator_id, options)
-        fail Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid app_client_id' if app_client_id.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid impersonator_id' if impersonator_id.to_s.empty?
+        raise Auth0::MissingParameter, 'Must supply client_secret' if @client_secret.nil?
+        authorization_header obtain_access_token
         request_params = {
           protocol:         options.fetch(:protocol, 'oauth2'),
           impersonator_id:  impersonator_id,
@@ -220,7 +246,9 @@ module Auth0
             callback_url:   options.fetch(:callback_url, '')
           }
         }
-        post("/users/#{user_id}/impersonate", request_params)
+        result = post("/users/#{user_id}/impersonate", request_params)
+        authorization_header @token
+        result
       end
 
       # Unlinks a User
@@ -228,8 +256,8 @@ module Auth0
       # @param access_token [string] Logged-in user access token
       # @param user_id [string] User Id
       def unlink_user(access_token, user_id)
-        fail Auth0::InvalidParameter, 'Must supply a valid access_token' if access_token.to_s.empty?
-        fail Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid access_token' if access_token.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
         request_params = {
           access_token:  access_token,
           user_id: user_id
@@ -250,13 +278,14 @@ module Auth0
       # @param options [hash] Can contain response_type, connection, state and additional_parameters.
       # @return [url] Authorization URL.
       def authorization_url(redirect_uri, options = {})
-        fail Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
+        raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
         request_params = {
           client_id: @client_id,
-          response_type: options.fetch(:connection, 'code'),
+          response_type: options.fetch(:response_type, 'code'),
           connection: options.fetch(:connection, nil),
-          redirect_url: redirect_uri,
-          state: options.fetch(:state, nil)
+          redirect_uri: redirect_uri,
+          state: options.fetch(:state, nil),
+          scope: options.fetch(:scope, nil)
         }.merge(options.fetch(:additional_parameters, {}))
 
         URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))

data/lib/auth0/api/v1/clients.rb

@@ -9,7 +9,7 @@ module Auth0
           get(path)
         end
 
-        alias_method :get_clients, :clients
+        alias get_clients clients
 
         # {https://auth0.com/docs/api#!#post--api-clients}
         def create_client(name, callbacks = '')

data/lib/auth0/api/v1/connections.rb

@@ -7,14 +7,14 @@ module Auth0
         def connections
           get('/api/connections')
         end
-        alias_method :get_connections, :connections
+        alias get_connections connections
 
         # {https://auth0.com/docs/api#!#get--api-connections--connection-name-}
         def connection(connection_name)
           path = "/api/connections/#{connection_name}"
           get(path)
         end
-        alias_method :get_connection, :connection
+        alias get_connection connection
 
         # {https://auth0.com/docs/api#!#delete--api-connections--connection-name-}
         def delete_connection(connection_name)
@@ -30,7 +30,8 @@ module Auth0
             strategy: strategy,
             options: {
               tenant_domain: tenant_domain,
-              domain_aliases: domain_aliases }
+              domain_aliases: domain_aliases
+            }
           }
           post(path, request_params)
         end

data/lib/auth0/api/v1/logs.rb

@@ -15,7 +15,7 @@ module Auth0
           get(path)
         end
 
-        alias_method :search_logs, :logs
+        alias search_logs logs
 
         # {https://auth0.com/docs/api#!#get--api-logs--_id-}
         def log(id)

data/lib/auth0/api/v1/rules.rb

@@ -9,7 +9,7 @@ module Auth0
           get(path)
         end
 
-        alias_method :get_rules, :rules
+        alias get_rules rules
 
         # https://auth0.com/docs/api#!#post--api-rules
         def create_rule(name, script, order = nil, status = true)

data/lib/auth0/api/v1/users.rb

@@ -13,8 +13,8 @@ module Auth0
           get(path)
         end
 
-        alias_method :users_search, :users
-        alias_method :get_users, :users
+        alias users_search users
+        alias get_users users
 
         # {https://auth0.com/docs/api#!#get--api-users--user_id-}
         def user(user_id)
@@ -22,7 +22,7 @@ module Auth0
           get(path)
         end
 
-        alias_method :get_user, :user
+        alias get_user user
 
         # {https://auth0.com/docs/api#!#get--api-users--user_id--devices}
         def user_devices(user_id)
@@ -38,7 +38,7 @@ module Auth0
           get(path)
         end
 
-        alias_method :search_connection_users, :connection_users
+        alias search_connection_users connection_users
 
         # {https://auth0.com/docs/api#!#get--api-enterpriseconnections-users-search--criteria-}
         def enterpriseconnections_users(search_criteria = nil, per_page = 500)
@@ -142,7 +142,7 @@ module Auth0
 
         # {https://auth0.com/docs/api#!#delete--api-users--user_id-}
         def delete_user(user_id)
-          fail Auth0::MissingUserId, 'if you want to remove all users use delete_users method' if user_id.to_s.empty?
+          raise Auth0::MissingUserId, 'if you want to remove all users use delete_users method' if user_id.to_s.empty?
           path = "/api/users/#{user_id}"
           delete(path)
         end

data/lib/auth0/api/v2.rb

@@ -1,13 +1,18 @@
 require 'auth0/api/v2/blacklists'
 require 'auth0/api/v2/clients'
+require 'auth0/api/v2/client_grants'
 require 'auth0/api/v2/connections'
+require 'auth0/api/v2/device_credentials'
 require 'auth0/api/v2/emails'
 require 'auth0/api/v2/jobs'
 require 'auth0/api/v2/rules'
 require 'auth0/api/v2/stats'
 require 'auth0/api/v2/users'
+require 'auth0/api/v2/user_blocks'
 require 'auth0/api/v2/tenants'
 require 'auth0/api/v2/tickets'
+require 'auth0/api/v2/logs'
+require 'auth0/api/v2/resource_servers'
 
 module Auth0
   module Api
@@ -15,14 +20,19 @@ module Auth0
     module V2
       include Auth0::Api::V2::Blacklists
       include Auth0::Api::V2::Clients
+      include Auth0::Api::V2::ClientGrants
       include Auth0::Api::V2::Connections
+      include Auth0::Api::V2::DeviceCredentials
       include Auth0::Api::V2::Emails
       include Auth0::Api::V2::Jobs
       include Auth0::Api::V2::Rules
       include Auth0::Api::V2::Stats
       include Auth0::Api::V2::Users
+      include Auth0::Api::V2::UserBlocks
       include Auth0::Api::V2::Tenants
       include Auth0::Api::V2::Tickets
+      include Auth0::Api::V2::Logs
+      include Auth0::Api::V2::ResourceServers
     end
   end
 end

data/lib/auth0/api/v2/blacklists.rb

@@ -25,7 +25,7 @@ module Auth0
         # @return [json] Returns the blacklisted token
         #
         def add_token_to_blacklist(jti, aud = nil)
-          fail Auth0::MissingParameter, 'Must specify a valid JTI' if jti.to_s.empty?
+          raise Auth0::MissingParameter, 'Must specify a valid JTI' if jti.to_s.empty?
           request_params = {
             jti: jti,
             aud: aud

data/lib/auth0/api/v2/client_grants.rb

@@ -0,0 +1,57 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the client grants endpoints
+      module ClientGrants
+        attr_reader :client_grants_path
+
+        # Retrieves a list of all client grants.
+        # @see https://auth0.com/docs/api/management/v2#!/client_grants/get_client_grants
+        #
+        # @return [json] Returns the client grants.
+        def client_grants
+          get(client_grants_path)
+        end
+        alias get_all_client_grants client_grants
+
+        # Creates a new client grant.
+        # @see https://auth0.com/docs/api/management/v2#!/client_grants/post_client_grants
+        # @param options [hash] The Hash options used to define the client grant's properties.
+        #
+        # @return [json] Returns the created client grant.
+        def create_client_grant(options = {})
+          request_params = Hash[options.map { |(k, v)| [k.to_sym, v] }]
+          post(client_grants_path, request_params)
+        end
+
+        # Deletes a client grant given its id.
+        # @see https://auth0.com/docs/api/management/v2#!/client_grants/delete_client_grants_by_id
+        # @param client_id [string] The id of the client grant to delete.
+        def delete_client_grant(client_grant_id)
+          raise Auth0::InvalidParameter, 'Must specify a client grant id' if client_grant_id.to_s.empty?
+          path = "#{client_grants_path}/#{client_grant_id}"
+          delete(path)
+        end
+
+        # Updates a client grant.
+        # @see https://auth0.com/docs/api/management/v2#!/client_grants/patch_client_grants_by_id
+        # @param client_id [string] The id of the client grant to update.
+        # @param options [hash] The Hash options used to define the client grant's properties.
+        def patch_client_grant(client_grant_id, options)
+          raise Auth0::InvalidParameter, 'Must specify a client grant id' if client_grant_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must specify a valid body' if options.to_s.empty?
+          path = "#{client_grants_path}/#{client_grant_id}"
+          patch(path, options)
+        end
+        alias update_client_grant patch_client_grant
+
+        private
+
+        # Client Grants API path
+        def client_grants_path
+          @client_grants_path ||= '/api/v2/client-grants'
+        end
+      end
+    end
+  end
+end