auth0 4.16.0 → 5.1.0

data/auth0.gemspec

@@ -19,19 +19,20 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'rest-client', '~> 2.0.0'
   s.add_runtime_dependency 'jwt', '~> 2.2.0'
   s.add_runtime_dependency 'zache', '~> 0.12.0'
+  s.add_runtime_dependency 'addressable', '~> 2.7.0'
 
+  s.add_development_dependency 'bundler'
   s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'fuubar', '~> 2.0'
   s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI']
   s.add_development_dependency 'dotenv-rails', '~> 2.0'
   s.add_development_dependency 'pry', '~> 0.10'
   s.add_development_dependency 'pry-nav', '~> 0.2.4'
-  s.add_development_dependency 'rspec', '~> 3.1', '>= 3.1.0'
+  s.add_development_dependency 'rspec', '~> 3.5'
   s.add_development_dependency 'rack-test', '~> 0.6'
   s.add_development_dependency 'rack', '~> 2.1.2'
   s.add_development_dependency 'simplecov', '~> 0.9'
-  s.add_development_dependency 'faker', '~> 1.4'
-  s.add_development_dependency 'yard', '~> 0.9.12'
+  s.add_development_dependency 'faker', '~> 2.0'
   s.add_development_dependency 'gem-release', '~> 0.7'
   s.license = 'MIT'
 end

data/examples/ruby-api/.gitignore

@@ -16,12 +16,6 @@
 .repl_history
 build/
 
-## Documentation cache and generated files:
-/.yardoc/
-/_yardoc/
-/doc/
-/rdoc/
-
 ## Environment normalisation:
 /.bundle/
 /vendor/bundle

data/lib/auth0/api/authentication_endpoints.rb

@@ -14,20 +14,25 @@ module Auth0
       # Request an API access token using a Client Credentials grant
       # @see https://auth0.com/docs/api-auth/tutorials/client-credentials
       # @param audience [string] API audience to use
+      # @param organization [string] Organization ID
       # @return [json] Returns the API token
       def api_token(
         client_id: @client_id,
         client_secret: @client_secret,
-        audience: "https://#{@domain}/api/v2/"
+        organization: @organization,
+        audience: nil
       )
+
         request_params = {
           grant_type: 'client_credentials',
           client_id: client_id,
           client_secret: client_secret,
-          audience: audience
+          audience: audience,
+          organization: organization
         }
+
         response = post('/oauth/token', request_params)
-        ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
+        ::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
       end
 
       # Get access and ID tokens using an Authorization Code.
@@ -37,7 +42,7 @@ module Auth0
       #   Required only if it was set at the GET /authorize endpoint
       # @param client_id [string] Client ID for the Application
       # @param client_secret [string] Client Secret for the Application.
-      # @return [AccessToken] Returns the access_token and id_token
+      # @return [Auth0::AccessToken] Returns the access_token and id_token
       def exchange_auth_code_for_tokens(
         code,
         redirect_uri: nil,
@@ -53,7 +58,7 @@ module Auth0
           code: code,
           redirect_uri: redirect_uri
         }
-        AccessToken.from_response post('/oauth/token', request_params)
+        ::Auth0::AccessToken.from_response post('/oauth/token', request_params)
       end
 
       # Get access and ID tokens using a refresh token.
@@ -64,7 +69,7 @@ module Auth0
       # @param client_secret [string] Client Secret for the Application.
       #   Required when the Application's Token Endpoint Authentication Method
       #   is Post or Basic.
-      # @return [AccessToken] Returns tokens allowed in the refresh_token
+      # @return [Auth0::AccessToken] Returns tokens allowed in the refresh_token
       def exchange_refresh_token(
         refresh_token,
         client_id: @client_id,
@@ -78,7 +83,7 @@ module Auth0
           client_secret: client_secret,
           refresh_token: refresh_token
         }
-        AccessToken.from_response post('/oauth/token', request_params)
+        ::Auth0::AccessToken.from_response post('/oauth/token', request_params)
       end
 
       # rubocop:disable Metrics/ParameterLists
@@ -118,7 +123,7 @@ module Auth0
           audience: audience,
           grant_type: realm ? 'http://auth0.com/oauth/grant-type/password-realm' : 'password'
         }
-        AccessToken.from_response post('/oauth/token', request_params)
+        ::Auth0::AccessToken.from_response post('/oauth/token', request_params)
       end
       # rubocop:enable Metrics/ParameterLists
 
@@ -220,7 +225,7 @@ module Auth0
       # Return an authorization URL.
       # @see https://auth0.com/docs/api/authentication#authorization-code-grant
       # @param redirect_uri [string] URL to redirect after authorization
-      # @param options [hash] Can contain response_type, connection, state and additional_parameters.
+      # @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
       # @return [url] Authorization URL.
       def authorization_url(redirect_uri, options = {})
         raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
@@ -231,7 +236,9 @@ module Auth0
           connection: options.fetch(:connection, nil),
           redirect_uri: redirect_uri,
           state: options.fetch(:state, nil),
-          scope: options.fetch(:scope, nil)
+          scope: options.fetch(:scope, nil),
+          organization: options.fetch(:organization, @organization),
+          invitation: options.fetch(:invitation, nil)
         }.merge(options.fetch(:additional_parameters, {}))
 
         URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
@@ -292,225 +299,11 @@ module Auth0
         )
       end
 
-      #
-      # DEPRECATED
-      #
-
-      # Retrieve an access token.
-      # @deprecated 4.6.0 - Use the api_token method instead.
-      # @see https://auth0.com/docs/api/authentication#client-credentials
-      # @param access_token [string] Social provider's access_token
-      # @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
-      # @return [json] Returns the access token
-      def obtain_access_token(access_token = nil, connection = 'facebook', scope = 'openid')
-        if access_token
-          request_params = { client_id: @client_id, access_token: access_token, connection: connection, scope: scope }
-          post('/oauth/access_token', request_params)['access_token']
-        else
-          request_params = { client_id: @client_id, client_secret: @client_secret, grant_type: 'client_credentials' }
-          post('/oauth/token', request_params)['access_token']
-        end
-      end
-
-      # Get access and ID tokens using an Authorization Code.
-      # @deprecated 4.6.0 - Use the exchange_auth_code_for_tokens method instead.
-      # @see https://auth0.com/docs/api/authentication#authorization-code
-      # @param code [string] The access code obtained through passive authentication
-      # @param redirect_uri [string] Url to redirect after authorization
-      # @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
-      # @param scope [string] Defaults to openid. Can be 'openid name email', 'openid offline_access'
-      # @return [json] Returns the access_token and id_token
-      def obtain_user_tokens(code, redirect_uri, connection = 'facebook', scope = 'openid')
-        raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
-        raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
-
-        request_params = {
-          client_id: @client_id,
-          client_secret: @client_secret,
-          connection: connection,
-          grant_type: 'authorization_code',
-          code: code,
-          scope: scope,
-          redirect_uri: redirect_uri
-        }
-        post('/oauth/token', request_params)
-      end
-
-      # Get access and ID tokens using Resource Owner Password.
-      # @deprecated 4.6.0 - Use the login_with_resource_owner method instead.
-      # @see https://auth0.com/docs/api/authentication#resource-owner-password
-      # @param username [string] Username or email
-      # @param password [string] Password
-      # @param id_token [string] Token's id
-      # @param connection_name [string] Connection name; use a database or
-      #    passwordless connection, Active Directory/LDAP, Windows Azure or ADF
-      # @param options [hash] Additional options - :scope, :grant_type, :device
-      # @return [json] Returns the access_token and id_token
-      def login(username, password, id_token = nil, connection_name = UP_AUTH, options = {})
-        raise Auth0::InvalidParameter, 'Must supply a valid username' if username.to_s.empty?
-        raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
-
-        request_params = {
-          client_id: @client_id,
-          client_secret: @client_secret,
-          username: username,
-          password: password,
-          scope: options.fetch(:scope, 'openid'),
-          connection: connection_name,
-          grant_type: options.fetch(:grant_type, 'password'),
-          id_token: id_token,
-          device: options.fetch(:device, nil)
-        }
-        post('/oauth/token', request_params)
-      end
-
-      # Return the user information based on the Auth0 access token.
-      # @deprecated 4.6.0 - Use the userinfo method instead.
-      # @see https://auth0.com/docs/api/authentication#get-user-info
-      # @return [json] User information based on the Auth0 access token
-      def user_info
-        get('/userinfo')
-      end
-
-      # Login using phone number + verification code.
-      # @deprecated 4.5.0 - Legacy authentication pipeline; use a Password Grant
-      #   instead - https://auth0.com/docs/api-auth/tutorials/password-grant
-      # @see https://auth0.com/docs/api/authentication#resource-owner
-      # @param phone_number [string] User's phone number.
-      # @param code [string] Verification code.
-      # @return [json] Returns the access token and id token
-      def phone_login(phone_number, code, scope = 'openid')
-        raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
-        raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
-
-        request_params = {
-          client_id: @client_id,
-          username: phone_number,
-          password: code,
-          scope: scope,
-          connection: 'sms',
-          grant_type: 'password'
-        }
-        post('/oauth/ro', request_params)
-      end
-
-      # Validate a JSON Web Token (signature and expiration).
-      # @deprecated 4.5.0 - Legacy endpoint, use /userinfo instead.
-      # @see https://auth0.com/docs/api/authentication#get-token-info
-      # @param id_token [string] ID Token to use
-      # @return User information associated with the user id (sub property) of the token.
-      def token_info(id_token)
-        raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
-
-        request_params = { id_token: id_token }
-        post('/tokeninfo', request_params)
-      end
-
-      # Refresh a delegation token.
-      # @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
-      #   https://auth0.com/docs/api-auth/tutorials/adoption/delegation
-      # @see https://auth0.com/docs/api/authentication#delegation
-      # @param refresh_token [string] Token to refresh
-      # @param target [string] Target to sign the new token.
-      # @param scope [string] Defaults to openid. Can be 'openid name email'.
-      # @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
-      #  salesforce_sandbox_api, sap_api or wams
-      # @param extra_parameters [hash] Extra parameters.
-      # @return [json] Returns the refreshed delegation token
-      def refresh_delegation(refresh_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
-        raise Auth0::InvalidParameter, 'Must supply a valid token to refresh' if refresh_token.to_s.empty?
-
-        request_params = {
-          client_id: @client_id,
-          grant_type: JWT_BEARER,
-          refresh_token: refresh_token,
-          target: target,
-          api_type: api_type,
-          scope: scope
-        }.merge(extra_parameters)
-        post('/delegation', request_params)
-      end
-
-      # Retrieve a delegation token.
-      # @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
-      #   https://auth0.com/docs/api-auth/tutorials/adoption/delegation
-      # @see https://auth0.com/docs/api/authentication#delegation
-      # @param id_token [string] Token's id.
-      # @param target [string] Target to sign the new token.
-      # @param scope [string] Defaults to openid. Can be 'openid name email'.
-      # @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
-      #  salesforce_sandbox_api, sap_api or wams
-      # @param extra_parameters [hash] Extra parameters.
-      # @return [json] Returns the refreshed delegation token
-      def delegation(id_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
-        raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
-
-        request_params = {
-          client_id: @client_id,
-          grant_type: JWT_BEARER,
-          id_token: id_token,
-          target: target,
-          api_type: api_type,
-          scope: scope
-        }.merge(extra_parameters)
-        post('/delegation', request_params)
-      end
-
-      # Retrieve an impersonation URL to login as another user.
-      # @deprecated 4.5.0 - Feature is disabled.
-      # @see https://auth0.com/docs/api/authentication#impersonation
-      # @param user_id [string] Impersonate user id
-      # @param app_client_id [string] Application client id
-      # @param impersonator_id [string] Impersonator user id id.
-      # @param options [string] Additional Parameters
-      # @return [string] Impersonation URL
-      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
-      def impersonate(user_id, app_client_id, impersonator_id, options)
-        raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
-        raise Auth0::InvalidParameter, 'Must supply a valid app_client_id' if app_client_id.to_s.empty?
-        raise Auth0::InvalidParameter, 'Must supply a valid impersonator_id' if impersonator_id.to_s.empty?
-        raise Auth0::MissingParameter, 'Must supply client_secret' if @client_secret.nil?
-
-        authorization_header obtain_access_token
-        request_params = {
-          protocol: options.fetch(:protocol, 'oauth2'),
-          impersonator_id: impersonator_id,
-          client_id: app_client_id,
-          additionalParameters: {
-            response_type: options.fetch(:response_type, 'code'),
-            state: options.fetch(:state, ''),
-            scope: options.fetch(:scope, 'openid'),
-            callback_url: options.fetch(:callback_url, '')
-          }
-        }
-        result = post("/users/#{user_id}/impersonate", request_params)
-        authorization_header @token
-        result
-      end
-      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
-
-      # Unlink a user's account from the identity provider.
-      # @deprecated 4.5.0 - Endpoint is disabled in favor of the Management API;
-      #   see https://auth0.com/docs/migrations/guides/account-linking
-      # @see https://auth0.com/docs/api/authentication#unlink
-      # @param access_token [string] Logged-in user access token
-      # @param user_id [string] User Id
-      def unlink_user(access_token, user_id)
-        raise Auth0::InvalidParameter, 'Must supply a valid access_token' if access_token.to_s.empty?
-        raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
-
-        request_params = {
-          access_token: access_token,
-          user_id: user_id
-        }
-        post('/unlink', request_params)
-      end
-
       # Validate an ID token (signature and expiration).
       # @see https://auth0.com/docs/tokens/guides/validate-id-tokens
       # @param id_token [string] The JWT to validate.
       # @param algorithm [JWKAlgorithm] The expected signing algorithm.
-      #   Defaults to +Auth0::Algorithm::RS256.jwks_url("https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json", lifetime: 10 * 60)+.
+
       # @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
       #   Must be a non-negative value. Defaults to *60 seconds*.
       # @param nonce [string] The nonce value sent during authentication.
@@ -520,8 +313,10 @@ module Auth0
       #   Defaults to +https://YOUR_AUTH0_DOMAIN/+.
       # @param audience [string] The expected audience claim value.
       #   Defaults to your *Auth0 Client ID*.
+      # @param organization [string] Organization ID
+      #   Defaults to your *Auth0 Organization ID*.
       # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
-      def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
+      def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization)
         context = {
           issuer: issuer || "https://#{@domain}/",
           audience: audience || @client_id,
@@ -531,6 +326,7 @@ module Auth0
 
         context[:nonce] = nonce unless nonce.nil?
         context[:max_age] = max_age unless max_age.nil?
+        context[:organization] = organization unless !organization
 
         Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
       end

data/lib/auth0/api/v2.rb

@@ -1,5 +1,6 @@
 require 'auth0/api/v2/anomaly'
 require 'auth0/api/v2/blacklists'
+require 'auth0/api/v2/branding'
 require 'auth0/api/v2/clients'
 require 'auth0/api/v2/client_grants'
 require 'auth0/api/v2/connections'
@@ -7,6 +8,7 @@ require 'auth0/api/v2/device_credentials'
 require 'auth0/api/v2/emails'
 require 'auth0/api/v2/jobs'
 require 'auth0/api/v2/prompts'
+require 'auth0/api/v2/organizations'
 require 'auth0/api/v2/rules'
 require 'auth0/api/v2/roles'
 require 'auth0/api/v2/stats'
@@ -26,25 +28,27 @@ module Auth0
     module V2
       include Auth0::Api::V2::Anomaly
       include Auth0::Api::V2::Blacklists
+      include Auth0::Api::V2::Branding
       include Auth0::Api::V2::Clients
       include Auth0::Api::V2::ClientGrants
       include Auth0::Api::V2::Connections
       include Auth0::Api::V2::DeviceCredentials
       include Auth0::Api::V2::Emails
+      include Auth0::Api::V2::Guardian
       include Auth0::Api::V2::Jobs
+      include Auth0::Api::V2::Logs
+      include Auth0::Api::V2::LogStreams
       include Auth0::Api::V2::Prompts
+      include Auth0::Api::V2::Organizations
       include Auth0::Api::V2::Rules
       include Auth0::Api::V2::Roles
       include Auth0::Api::V2::Stats
       include Auth0::Api::V2::Users
       include Auth0::Api::V2::UsersByEmail
       include Auth0::Api::V2::UserBlocks
+      include Auth0::Api::V2::ResourceServers
       include Auth0::Api::V2::Tenants
       include Auth0::Api::V2::Tickets
-      include Auth0::Api::V2::Logs
-      include Auth0::Api::V2::LogStreams
-      include Auth0::Api::V2::ResourceServers
-      include Auth0::Api::V2::Guardian
     end
   end
 end

data/lib/auth0/api/v2/branding.rb

@@ -0,0 +1,66 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the branding endpoints
+      module Branding
+        attr_reader :branding_path
+
+        # Retrieve branding settings.
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/get_branding
+        #
+        # @return [json] Returns branding settings.
+        def branding()
+          get(branding_path)
+        end
+        alias get_branding branding
+
+        # Update branding settings.
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/patch_branding
+        # @param body [hash] the branding settings to update
+        #
+        # @return [json] Returns branding settings.
+        def patch_branding(body = {})
+          patch(branding_path, body)
+        end
+        alias update_branding patch_branding
+
+        # Get template for New Universal Login Experience
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/get_universal_login
+        #
+        # @return [json] Returns branding settings.
+        def branding_templates_for_universal_login
+          get(templates_path)
+        end
+        alias get_branding_templates_for_universal_login branding_templates_for_universal_login
+
+        # Delete template for New Universal Login Experience
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/delete_universal_login
+        # @param rule_id [string] The id of the rule to delete.
+        def delete_branding_templates_for_universal_login
+          delete(templates_path)
+        end
+
+        # Set template for New Universal Login Experience
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/put_universal_login
+        # @param body [hash] the branding settings to update
+        #
+        # @return [json] Returns branding settings.
+        def put_branding_templates_for_universal_login(body = {})
+          put(templates_path, body)
+        end
+        alias set_branding_templates_for_universal_login put_branding_templates_for_universal_login
+
+        private
+
+        # Branding API path
+        def branding_path
+          @branding_path ||= '/api/v2/branding'
+        end
+
+        def templates_path
+          @templates_path ||= "#{branding_path}/templates/universal-login"
+        end
+      end
+    end
+  end
+end