auth0 4.11.0 → 4.16.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +59 -0
- data/Gemfile.lock +56 -53
- data/README.md +49 -0
- data/auth0.gemspec +2 -0
- data/lib/auth0.rb +1 -0
- data/lib/auth0/algorithm.rb +5 -0
- data/lib/auth0/api/authentication_endpoints.rb +34 -0
- data/lib/auth0/api/v1/clients.rb +12 -2
- data/lib/auth0/api/v1/connections.rb +15 -0
- data/lib/auth0/api/v1/logs.rb +9 -0
- data/lib/auth0/api/v1/rules.rb +12 -0
- data/lib/auth0/api/v1/users.rb +63 -0
- data/lib/auth0/api/v2.rb +4 -0
- data/lib/auth0/api/v2/jobs.rb +11 -1
- data/lib/auth0/api/v2/log_streams.rb +78 -0
- data/lib/auth0/api/v2/prompts.rb +70 -0
- data/lib/auth0/api/v2/tickets.rb +12 -1
- data/lib/auth0/exception.rb +2 -0
- data/lib/auth0/mixins/httpproxy.rb +1 -1
- data/lib/auth0/mixins/validation.rb +307 -0
- data/lib/auth0/version.rb +1 -1
- data/spec/integration/lib/auth0/api/v2/api_jobs_spec.rb +12 -0
- data/spec/integration/lib/auth0/api/v2/api_tickets_spec.rb +7 -1
- data/spec/lib/auth0/api/authentication_endpoints_spec.rb +35 -10
- data/spec/lib/auth0/api/v2/jobs_spec.rb +17 -0
- data/spec/lib/auth0/api/v2/log_streams_spec.rb +84 -0
- data/spec/lib/auth0/api/v2/prompts_spec.rb +88 -0
- data/spec/lib/auth0/api/v2/tickets_spec.rb +17 -0
- data/spec/lib/auth0/mixins/validation_spec.rb +466 -0
- data/spec/spec_helper.rb +1 -0
- metadata +42 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c773de4346d595a93a87c037c195c59eaee818777201c8ee3bc291a3e49845bc
|
4
|
+
data.tar.gz: 647034c402dcbe84488ca6f472b7bfe451e3567b4b6d70ff7b79ec81cbb8a16b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d7a196b81295ac4657f4789239e328f68522a510608d2282614c975900f50b46355ad0277b51b50f5a75b02fe04601e8dc511cc016d6f40607520b24af4b0bd0
|
7
|
+
data.tar.gz: 303ac2f09a489a6727e73ce384fc3257bae9c872a2039fe732fea8bc853f8aa625d397d3da0e885f78eb96ee3f8bfca9d8bcc6adaddaf82335eaa7680ddd94ea
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,64 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
+
## [v4.16.0](https://github.com/auth0/ruby-auth0/tree/v4.16.0) (2020-10-02)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.15.0...v4.16.0)
|
6
|
+
|
7
|
+
**Added**
|
8
|
+
|
9
|
+
- New Email Verification Fields [\#237](https://github.com/auth0/ruby-auth0/pull/237) ([davidpatrick](https://github.com/davidpatrick))
|
10
|
+
|
11
|
+
**Security**
|
12
|
+
|
13
|
+
- Bump actionview from 6.0.3.2 to 6.0.3.3 [\#236](https://github.com/auth0/ruby-auth0/pull/236) ([dependabot[bot]](https://github.com/apps/dependabot))
|
14
|
+
|
15
|
+
## [v4.15.0](https://github.com/auth0/ruby-auth0/tree/v4.15.0) (2020-09-04)
|
16
|
+
|
17
|
+
**Added**
|
18
|
+
|
19
|
+
- Add log streaming endpoints [\#233](https://github.com/auth0/ruby-auth0/pull/233) ([davidpatrick](https://github.com/davidpatrick))
|
20
|
+
|
21
|
+
## [v4.14.0](https://github.com/auth0/ruby-auth0/tree/v4.14.0) (2020-07-20)
|
22
|
+
|
23
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.13.0...v4.14.0)
|
24
|
+
|
25
|
+
**Deprecated**
|
26
|
+
|
27
|
+
- Deprecate mgmt v1 calls [\#230](https://github.com/auth0/ruby-auth0/pull/230) ([davidpatrick](https://github.com/davidpatrick))
|
28
|
+
|
29
|
+
**Removed**
|
30
|
+
|
31
|
+
- Remove iat claim value check [\#229](https://github.com/auth0/ruby-auth0/pull/229) ([lbalmaceda](https://github.com/lbalmaceda))
|
32
|
+
|
33
|
+
**Fixed**
|
34
|
+
|
35
|
+
- Handle missing reset header [\#228](https://github.com/auth0/ruby-auth0/pull/228) ([Widcket](https://github.com/Widcket))
|
36
|
+
|
37
|
+
## [v4.13.0](https://github.com/auth0/ruby-auth0/tree/v4.13.0) (2020-06-18)
|
38
|
+
|
39
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.12.0...v4.13.0)
|
40
|
+
|
41
|
+
**Added**
|
42
|
+
|
43
|
+
- Add prompts endpoints [\#205](https://github.com/auth0/ruby-auth0/pull/205) ([unhappychoice](https://github.com/unhappychoice))
|
44
|
+
|
45
|
+
**Fixed**
|
46
|
+
|
47
|
+
- Fix missing to_json [\#212](https://github.com/auth0/ruby-auth0/pull/212) ([qortex](https://github.com/qortex))
|
48
|
+
|
49
|
+
## [v4.12.0](https://github.com/auth0/ruby-auth0/tree/v4.12.0) (2020-06-10)
|
50
|
+
|
51
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.11.0...v4.12.0)
|
52
|
+
|
53
|
+
**Added**
|
54
|
+
|
55
|
+
- Improve OIDC compliance [SDK-987] [\#225](https://github.com/auth0/ruby-auth0/pull/225) ([Widcket](https://github.com/Widcket))
|
56
|
+
|
57
|
+
**Security**
|
58
|
+
|
59
|
+
- Bump activesupport from 6.0.3 to 6.0.3.1 [\#221](https://github.com/auth0/ruby-auth0/pull/221) ([dependabot[bot]](https://github.com/apps/dependabot))
|
60
|
+
- Bump actionpack from 6.0.3 to 6.0.3.1 [\#220](https://github.com/auth0/ruby-auth0/pull/220) ([dependabot[bot]](https://github.com/apps/dependabot))
|
61
|
+
|
3
62
|
## [v4.11.0](https://github.com/auth0/ruby-auth0/tree/v4.11.0) (2020-05-06)
|
4
63
|
|
5
64
|
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.10.0...v4.11.0)
|
data/Gemfile.lock
CHANGED
@@ -1,26 +1,28 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
auth0 (4.
|
4
|
+
auth0 (4.16.0)
|
5
|
+
jwt (~> 2.2.0)
|
5
6
|
rest-client (~> 2.0.0)
|
7
|
+
zache (~> 0.12.0)
|
6
8
|
|
7
9
|
GEM
|
8
10
|
remote: https://rubygems.org/
|
9
11
|
specs:
|
10
|
-
actionpack (6.0.3)
|
11
|
-
actionview (= 6.0.3)
|
12
|
-
activesupport (= 6.0.3)
|
12
|
+
actionpack (6.0.3.3)
|
13
|
+
actionview (= 6.0.3.3)
|
14
|
+
activesupport (= 6.0.3.3)
|
13
15
|
rack (~> 2.0, >= 2.0.8)
|
14
16
|
rack-test (>= 0.6.3)
|
15
17
|
rails-dom-testing (~> 2.0)
|
16
18
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
17
|
-
actionview (6.0.3)
|
18
|
-
activesupport (= 6.0.3)
|
19
|
+
actionview (6.0.3.3)
|
20
|
+
activesupport (= 6.0.3.3)
|
19
21
|
builder (~> 3.1)
|
20
22
|
erubi (~> 1.4)
|
21
23
|
rails-dom-testing (~> 2.0)
|
22
24
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
23
|
-
activesupport (6.0.3)
|
25
|
+
activesupport (6.0.3.3)
|
24
26
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
25
27
|
i18n (>= 0.7, < 2)
|
26
28
|
minitest (~> 5.1)
|
@@ -28,35 +30,33 @@ GEM
|
|
28
30
|
zeitwerk (~> 2.2, >= 2.2.2)
|
29
31
|
addressable (2.7.0)
|
30
32
|
public_suffix (>= 2.0.2, < 5.0)
|
31
|
-
ast (2.4.
|
33
|
+
ast (2.4.1)
|
32
34
|
builder (3.2.4)
|
33
|
-
codecov (0.
|
35
|
+
codecov (0.2.11)
|
34
36
|
json
|
35
37
|
simplecov
|
36
|
-
|
37
|
-
|
38
|
-
concurrent-ruby (1.1.6)
|
38
|
+
coderay (1.1.3)
|
39
|
+
concurrent-ruby (1.1.7)
|
39
40
|
coveralls (0.7.1)
|
40
41
|
multi_json (~> 1.3)
|
41
42
|
rest-client
|
42
43
|
simplecov (>= 0.7)
|
43
44
|
term-ansicolor
|
44
45
|
thor
|
45
|
-
crack (0.4.
|
46
|
-
safe_yaml (~> 1.0.0)
|
46
|
+
crack (0.4.4)
|
47
47
|
crass (1.0.6)
|
48
|
-
diff-lcs (1.
|
48
|
+
diff-lcs (1.4.4)
|
49
49
|
docile (1.3.2)
|
50
50
|
domain_name (0.5.20190701)
|
51
51
|
unf (>= 0.0.5, < 1.0.0)
|
52
|
-
dotenv (2.7.
|
53
|
-
dotenv-rails (2.7.
|
54
|
-
dotenv (= 2.7.
|
55
|
-
railties (>= 3.2
|
52
|
+
dotenv (2.7.6)
|
53
|
+
dotenv-rails (2.7.6)
|
54
|
+
dotenv (= 2.7.6)
|
55
|
+
railties (>= 3.2)
|
56
56
|
erubi (1.9.0)
|
57
57
|
faker (1.9.6)
|
58
58
|
i18n (>= 0.7)
|
59
|
-
ffi (1.
|
59
|
+
ffi (1.13.1)
|
60
60
|
formatador (0.2.5)
|
61
61
|
fuubar (2.5.0)
|
62
62
|
rspec-core (~> 3.0)
|
@@ -79,42 +79,42 @@ GEM
|
|
79
79
|
hashdiff (1.0.1)
|
80
80
|
http-cookie (1.0.3)
|
81
81
|
domain_name (~> 0.5)
|
82
|
-
i18n (1.8.
|
82
|
+
i18n (1.8.5)
|
83
83
|
concurrent-ruby (~> 1.0)
|
84
|
-
|
85
|
-
|
84
|
+
json (2.3.1)
|
85
|
+
jwt (2.2.2)
|
86
86
|
listen (3.2.1)
|
87
87
|
rb-fsevent (~> 0.10, >= 0.10.3)
|
88
88
|
rb-inotify (~> 0.9, >= 0.9.10)
|
89
|
-
loofah (2.
|
89
|
+
loofah (2.7.0)
|
90
90
|
crass (~> 1.0.2)
|
91
91
|
nokogiri (>= 1.5.9)
|
92
|
-
lumberjack (1.2.
|
92
|
+
lumberjack (1.2.8)
|
93
93
|
method_source (0.8.2)
|
94
94
|
mime-types (3.3.1)
|
95
95
|
mime-types-data (~> 3.2015)
|
96
|
-
mime-types-data (3.2020.
|
96
|
+
mime-types-data (3.2020.0512)
|
97
97
|
mini_portile2 (2.4.0)
|
98
|
-
minitest (5.14.
|
99
|
-
multi_json (1.
|
98
|
+
minitest (5.14.2)
|
99
|
+
multi_json (1.15.0)
|
100
100
|
nenv (0.3.0)
|
101
101
|
netrc (0.11.0)
|
102
|
-
nokogiri (1.10.
|
102
|
+
nokogiri (1.10.10)
|
103
103
|
mini_portile2 (~> 2.4.0)
|
104
104
|
notiffany (0.1.3)
|
105
105
|
nenv (~> 0.1)
|
106
106
|
shellany (~> 0.0)
|
107
|
-
parallel (1.19.
|
108
|
-
parser (2.7.1.
|
109
|
-
ast (~> 2.4.
|
107
|
+
parallel (1.19.2)
|
108
|
+
parser (2.7.1.5)
|
109
|
+
ast (~> 2.4.1)
|
110
110
|
pry (0.10.4)
|
111
111
|
coderay (~> 1.1.0)
|
112
112
|
method_source (~> 0.8.1)
|
113
113
|
slop (~> 3.4)
|
114
114
|
pry-nav (0.2.4)
|
115
115
|
pry (>= 0.9.10, < 0.11.0)
|
116
|
-
public_suffix (4.0.
|
117
|
-
rack (2.1.
|
116
|
+
public_suffix (4.0.6)
|
117
|
+
rack (2.1.4)
|
118
118
|
rack-test (0.8.3)
|
119
119
|
rack (>= 1.0, < 3)
|
120
120
|
rails-dom-testing (2.0.3)
|
@@ -122,9 +122,9 @@ GEM
|
|
122
122
|
nokogiri (>= 1.6)
|
123
123
|
rails-html-sanitizer (1.3.0)
|
124
124
|
loofah (~> 2.3)
|
125
|
-
railties (6.0.3)
|
126
|
-
actionpack (= 6.0.3)
|
127
|
-
activesupport (= 6.0.3)
|
125
|
+
railties (6.0.3.3)
|
126
|
+
actionpack (= 6.0.3.3)
|
127
|
+
activesupport (= 6.0.3.3)
|
128
128
|
method_source
|
129
129
|
rake (>= 0.8.7)
|
130
130
|
thor (>= 0.20.3, < 2.0)
|
@@ -133,6 +133,7 @@ GEM
|
|
133
133
|
rb-fsevent (0.10.4)
|
134
134
|
rb-inotify (0.10.1)
|
135
135
|
ffi (~> 1.0)
|
136
|
+
regexp_parser (1.8.1)
|
136
137
|
rest-client (2.0.2)
|
137
138
|
http-cookie (>= 1.0.2, < 2.0)
|
138
139
|
mime-types (>= 1.16, < 4.0)
|
@@ -142,34 +143,36 @@ GEM
|
|
142
143
|
rspec-core (~> 3.9.0)
|
143
144
|
rspec-expectations (~> 3.9.0)
|
144
145
|
rspec-mocks (~> 3.9.0)
|
145
|
-
rspec-core (3.9.
|
146
|
+
rspec-core (3.9.3)
|
146
147
|
rspec-support (~> 3.9.3)
|
147
|
-
rspec-expectations (3.9.
|
148
|
+
rspec-expectations (3.9.2)
|
148
149
|
diff-lcs (>= 1.2.0, < 2.0)
|
149
150
|
rspec-support (~> 3.9.0)
|
150
151
|
rspec-mocks (3.9.1)
|
151
152
|
diff-lcs (>= 1.2.0, < 2.0)
|
152
153
|
rspec-support (~> 3.9.0)
|
153
154
|
rspec-support (3.9.3)
|
154
|
-
rubocop (0.
|
155
|
-
jaro_winkler (~> 1.5.1)
|
155
|
+
rubocop (0.92.0)
|
156
156
|
parallel (~> 1.10)
|
157
|
-
parser (>= 2.7.
|
157
|
+
parser (>= 2.7.1.5)
|
158
158
|
rainbow (>= 2.2.2, < 4.0)
|
159
|
+
regexp_parser (>= 1.7)
|
159
160
|
rexml
|
161
|
+
rubocop-ast (>= 0.5.0)
|
160
162
|
ruby-progressbar (~> 1.7)
|
161
163
|
unicode-display_width (>= 1.4.0, < 2.0)
|
162
|
-
rubocop-
|
163
|
-
|
164
|
+
rubocop-ast (0.7.1)
|
165
|
+
parser (>= 2.7.1.5)
|
166
|
+
rubocop-rails (2.8.1)
|
167
|
+
activesupport (>= 4.2.0)
|
164
168
|
rack (>= 1.1)
|
165
|
-
rubocop (>= 0.
|
169
|
+
rubocop (>= 0.87.0)
|
166
170
|
ruby-progressbar (1.10.1)
|
167
|
-
safe_yaml (1.0.5)
|
168
171
|
shellany (0.0.1)
|
169
|
-
simplecov (0.
|
172
|
+
simplecov (0.19.0)
|
170
173
|
docile (~> 1.1)
|
171
174
|
simplecov-html (~> 0.11)
|
172
|
-
simplecov-html (0.12.
|
175
|
+
simplecov-html (0.12.3)
|
173
176
|
slop (3.6.0)
|
174
177
|
sync (0.5.0)
|
175
178
|
term-ansicolor (1.7.1)
|
@@ -177,7 +180,7 @@ GEM
|
|
177
180
|
terminal-notifier-guard (1.7.0)
|
178
181
|
thor (1.0.1)
|
179
182
|
thread_safe (0.3.6)
|
180
|
-
tins (1.
|
183
|
+
tins (1.25.0)
|
181
184
|
sync
|
182
185
|
tzinfo (1.2.7)
|
183
186
|
thread_safe (~> 0.1)
|
@@ -185,14 +188,14 @@ GEM
|
|
185
188
|
unf_ext
|
186
189
|
unf_ext (0.0.7.7)
|
187
190
|
unicode-display_width (1.7.0)
|
188
|
-
|
189
|
-
|
190
|
-
webmock (3.8.3)
|
191
|
+
vcr (6.0.0)
|
192
|
+
webmock (3.9.1)
|
191
193
|
addressable (>= 2.3.6)
|
192
194
|
crack (>= 0.3.2)
|
193
195
|
hashdiff (>= 0.4.0, < 2.0.0)
|
194
196
|
yard (0.9.25)
|
195
|
-
|
197
|
+
zache (0.12.0)
|
198
|
+
zeitwerk (2.4.0)
|
196
199
|
|
197
200
|
PLATFORMS
|
198
201
|
ruby
|
data/README.md
CHANGED
@@ -5,6 +5,7 @@
|
|
5
5
|
[![codecov](https://codecov.io/gh/auth0/ruby-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/ruby-auth0)
|
6
6
|
[![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](http://www.rubydoc.info/github/auth0/ruby-auth0/master/frames)
|
7
7
|
[![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/ruby-auth0/blob/master/LICENSE)
|
8
|
+
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0?ref=badge_shield)
|
8
9
|
|
9
10
|
Ruby API client for the [Auth0](https://auth0.com) platform.
|
10
11
|
|
@@ -118,6 +119,51 @@ In addition to the Management API, this SDK also provides access to [Authenticat
|
|
118
119
|
|
119
120
|
Please note that this module implements endpoints that might be deprecated for newer tenants. If you have any questions about how and when the endpoints should be used, consult the [documentation](https://auth0.com/docs/api/authentication) or ask in our [Community forums](https://community.auth0.com/tags/wordpress).
|
120
121
|
|
122
|
+
## ID Token Validation
|
123
|
+
|
124
|
+
An ID token may be present in the credentials received after authentication. This token contains information associated with the user that has just logged in, provided the scope used contained `openid`. You can [read more about ID tokens here](https://auth0.com/docs/tokens/concepts/id-tokens).
|
125
|
+
|
126
|
+
Before accessing its contents, you must first validate the ID token to ensure it has not been tampered with and that it is meant for your application to consume. Use the `validate_id_token` method to do so:
|
127
|
+
|
128
|
+
```ruby
|
129
|
+
begin
|
130
|
+
@auth0_client.validate_id_token 'YOUR_ID_TOKEN'
|
131
|
+
rescue Auth0::InvalidIdToken => e
|
132
|
+
# In this case the ID Token contents should not be trusted
|
133
|
+
end
|
134
|
+
```
|
135
|
+
|
136
|
+
The method takes the following optional keyword parameters:
|
137
|
+
|
138
|
+
| Parameter | Type | Description | Default value |
|
139
|
+
| ------------- | -------------- | ------------- | ------------------------- |
|
140
|
+
| `algorithm` | `JWTAlgorithm` | The [signing algorithm](https://auth0.com/docs/tokens/concepts/signing-algorithms) used by your Auth0 application. | `Auth0::Algorithm::RS256` (using the [JWKS URL](https://auth0.com/docs/tokens/concepts/jwks) of your **Auth0 Domain**) |
|
141
|
+
| `leeway` | Integer | Number of seconds to account for clock skew when validating the `exp`, `iat` and `azp` claims. | `60` |
|
142
|
+
| `nonce` | String | The `nonce` value you sent in the call to `/authorize`, if any. | `nil` |
|
143
|
+
| `max_age` | Integer | The `max_age` value you sent in the call to `/authorize`, if any. | `nil` |
|
144
|
+
| `issuer` | String | By default the `iss` claim will be checked against the URL of your **Auth0 Domain**. Use this parameter to override that. | `nil` |
|
145
|
+
| `audience` | String | By default the `aud` claim will be compared to your **Auth0 Client ID**. Use this parameter to override that. | `nil` |
|
146
|
+
|
147
|
+
You can check the signing algorithm value under **Advanced Settings > OAuth > JsonWebToken Signature Algorithm** in your Auth0 application settings panel. [We recommend](https://auth0.com/docs/tokens/concepts/signing-algorithms#our-recommendation) that you make use of asymmetric signing algorithms like `RS256` instead of symmetric ones like `HS256`.
|
148
|
+
|
149
|
+
```ruby
|
150
|
+
# HS256
|
151
|
+
|
152
|
+
begin
|
153
|
+
@auth0_client.validate_id_token 'YOUR_ID_TOKEN', algorithm: Auth0::Algorithm::HS256.secret('YOUR_SECRET')
|
154
|
+
rescue Auth0::InvalidIdToken => e
|
155
|
+
# Handle error
|
156
|
+
end
|
157
|
+
|
158
|
+
# RS256 with a custom JWKS URL
|
159
|
+
|
160
|
+
begin
|
161
|
+
@auth0_client.validate_id_token 'YOUR_ID_TOKEN', algorithm: Auth0::Algorithm::RS256.jwks_url('YOUR_URL')
|
162
|
+
rescue Auth0::InvalidIdToken => e
|
163
|
+
# Handle error
|
164
|
+
end
|
165
|
+
```
|
166
|
+
|
121
167
|
## Development
|
122
168
|
|
123
169
|
In order to set up the local environment you'd have to have Ruby installed and a few global gems used to run and record the unit tests. A working Ruby version can be taken from the [CI script](/.circleci/config.yml). At the moment of this writting we're using Ruby `2.5.7`.
|
@@ -189,3 +235,6 @@ If you find a bug or have a feature request, please report them in this reposito
|
|
189
235
|
## License
|
190
236
|
|
191
237
|
This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
|
238
|
+
|
239
|
+
|
240
|
+
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0?ref=badge_large)
|
data/auth0.gemspec
CHANGED
@@ -17,6 +17,8 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.require_paths = ['lib']
|
18
18
|
|
19
19
|
s.add_runtime_dependency 'rest-client', '~> 2.0.0'
|
20
|
+
s.add_runtime_dependency 'jwt', '~> 2.2.0'
|
21
|
+
s.add_runtime_dependency 'zache', '~> 0.12.0'
|
20
22
|
|
21
23
|
s.add_development_dependency 'rake', '~> 13.0'
|
22
24
|
s.add_development_dependency 'fuubar', '~> 2.0'
|
data/lib/auth0.rb
CHANGED
@@ -1,4 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
# rubocop:disable Metrics/ModuleLength
|
3
|
+
|
4
|
+
require 'jwt'
|
5
|
+
|
2
6
|
module Auth0
|
3
7
|
module Api
|
4
8
|
# {https://auth0.com/docs/api/authentication}
|
@@ -502,6 +506,36 @@ module Auth0
|
|
502
506
|
post('/unlink', request_params)
|
503
507
|
end
|
504
508
|
|
509
|
+
# Validate an ID token (signature and expiration).
|
510
|
+
# @see https://auth0.com/docs/tokens/guides/validate-id-tokens
|
511
|
+
# @param id_token [string] The JWT to validate.
|
512
|
+
# @param algorithm [JWKAlgorithm] The expected signing algorithm.
|
513
|
+
# Defaults to +Auth0::Algorithm::RS256.jwks_url("https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json", lifetime: 10 * 60)+.
|
514
|
+
# @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
|
515
|
+
# Must be a non-negative value. Defaults to *60 seconds*.
|
516
|
+
# @param nonce [string] The nonce value sent during authentication.
|
517
|
+
# @param max_age [integer] The max_age value sent during authentication.
|
518
|
+
# Must be a non-negative value.
|
519
|
+
# @param issuer [string] The expected issuer claim value.
|
520
|
+
# Defaults to +https://YOUR_AUTH0_DOMAIN/+.
|
521
|
+
# @param audience [string] The expected audience claim value.
|
522
|
+
# Defaults to your *Auth0 Client ID*.
|
523
|
+
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
|
524
|
+
def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
|
525
|
+
context = {
|
526
|
+
issuer: issuer || "https://#{@domain}/",
|
527
|
+
audience: audience || @client_id,
|
528
|
+
algorithm: algorithm || Auth0::Algorithm::RS256.jwks_url("https://#{@domain}/.well-known/jwks.json"),
|
529
|
+
leeway: leeway
|
530
|
+
}
|
531
|
+
|
532
|
+
context[:nonce] = nonce unless nonce.nil?
|
533
|
+
context[:max_age] = max_age unless max_age.nil?
|
534
|
+
|
535
|
+
Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
|
536
|
+
end
|
537
|
+
# rubocop:enable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
|
538
|
+
|
505
539
|
private
|
506
540
|
|
507
541
|
# Build a URL query string from a hash.
|
data/lib/auth0/api/v1/clients.rb
CHANGED
@@ -4,7 +4,10 @@ module Auth0
|
|
4
4
|
# {https://auth0.com/docs/api#applications}
|
5
5
|
module Clients
|
6
6
|
# {https://auth0.com/docs/api#!#get--api-clients}
|
7
|
+
# @deprecated - 4.14.0, please use Auth0::Api::V2::Clients
|
8
|
+
# @see - https://auth0.com/docs/migrations/guides/management-api-v1-v2
|
7
9
|
def clients
|
10
|
+
warn "[DEPRECATION] Api::V1 is deprecated please use Api::V2"
|
8
11
|
path = '/api/clients'
|
9
12
|
get(path)
|
10
13
|
end
|
@@ -12,7 +15,10 @@ module Auth0
|
|
12
15
|
alias get_clients clients
|
13
16
|
|
14
17
|
# {https://auth0.com/docs/api#!#post--api-clients}
|
18
|
+
# @deprecated - 4.14.0, please use Auth0::Api::V2::Clients
|
19
|
+
# @see - https://auth0.com/docs/migrations/guides/management-api-v1-v2
|
15
20
|
def create_client(name, callbacks = '')
|
21
|
+
warn "[DEPRECATION] Api::V1 is deprecated please use Api::V2"
|
16
22
|
path = '/api/clients'
|
17
23
|
request_params = {
|
18
24
|
name: name,
|
@@ -21,10 +27,11 @@ module Auth0
|
|
21
27
|
post(path, request_params)
|
22
28
|
end
|
23
29
|
|
24
|
-
# @deprecated use {#patch_client}
|
25
30
|
# {https://auth0.com/docs/api#!#put--api-clients--client-id-}
|
31
|
+
# @deprecated - 4.14.0, please use Auth0::Api::V2::Clients
|
32
|
+
# @see - https://auth0.com/docs/migrations/guides/management-api-v1-v2
|
26
33
|
def update_client(name, callbacks = '', client_id = @client_id)
|
27
|
-
warn
|
34
|
+
warn "[DEPRECATION] Api::V1 is deprecated please use Api::V2"
|
28
35
|
path = "/api/clients/#{client_id}"
|
29
36
|
request_params = {
|
30
37
|
name: name,
|
@@ -34,7 +41,10 @@ module Auth0
|
|
34
41
|
end
|
35
42
|
|
36
43
|
# {https://auth0.com/docs/api#!#patch--api-clients--client-id-}
|
44
|
+
# @deprecated - 4.14.0, please use Auth0::Api::V2::Clients
|
45
|
+
# @see - https://auth0.com/docs/migrations/guides/management-api-v1-v2
|
37
46
|
def patch_client(name, callbacks = '', client_id = @client_id)
|
47
|
+
warn "[DEPRECATION] Api::V1 is deprecated please use Api::V2"
|
38
48
|
path = "/api/clients/#{client_id}"
|
39
49
|
request_params = {
|
40
50
|
name: name,
|