auth0 4.16.0 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +29 -8
- data/.github/CODEOWNERS +1 -1
- data/.github/ISSUE_TEMPLATE/config.yml +8 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +39 -0
- data/.github/ISSUE_TEMPLATE/report_a_bug.md +55 -0
- data/.gitignore +1 -1
- data/.yardoc/checksums +22 -0
- data/.yardoc/complete +0 -0
- data/.yardoc/object_types +0 -0
- data/.yardoc/objects/root.dat +0 -0
- data/.yardoc/proxy_types +0 -0
- data/CHANGELOG.md +84 -0
- data/Gemfile +0 -1
- data/README.md +81 -8
- data/Rakefile +0 -22
- data/auth0.gemspec +4 -3
- data/examples/ruby-api/.gitignore +0 -6
- data/lib/auth0/api/authentication_endpoints.rb +22 -226
- data/lib/auth0/api/v2.rb +8 -4
- data/lib/auth0/api/v2/branding.rb +66 -0
- data/lib/auth0/api/v2/connections.rb +3 -0
- data/lib/auth0/api/v2/jobs.rb +3 -1
- data/lib/auth0/api/v2/organizations.rb +332 -0
- data/lib/auth0/api/v2/tickets.rb +14 -2
- data/lib/auth0/api/v2/users.rb +33 -8
- data/lib/auth0/exception.rb +4 -7
- data/lib/auth0/mixins.rb +0 -1
- data/lib/auth0/mixins/access_token_struct.rb +2 -2
- data/lib/auth0/mixins/api_token_struct.rb +2 -2
- data/lib/auth0/mixins/httpproxy.rb +3 -1
- data/lib/auth0/mixins/initializer.rb +4 -8
- data/lib/auth0/mixins/permission_struct.rb +2 -2
- data/lib/auth0/mixins/validation.rb +15 -1
- data/lib/auth0/version.rb +1 -1
- data/spec/integration/lib/auth0/api/api_authentication_spec.rb +1 -1
- data/spec/integration/lib/auth0/api/v2/api_jobs_spec.rb +1 -1
- data/spec/integration/lib/auth0/api/v2/api_roles_spec.rb +1 -1
- data/spec/integration/lib/auth0/api/v2/api_user_blocks_spec.rb +1 -1
- data/spec/integration/lib/auth0/api/v2/api_users_spec.rb +1 -1
- data/spec/lib/auth0/api/v2/branding_spec.rb +70 -0
- data/spec/lib/auth0/api/v2/connections_spec.rb +4 -0
- data/spec/lib/auth0/api/v2/jobs_spec.rb +11 -0
- data/spec/lib/auth0/api/v2/organizations_spec.rb +588 -0
- data/spec/lib/auth0/api/v2/roles_spec.rb +4 -4
- data/spec/lib/auth0/api/v2/tickets_spec.rb +55 -0
- data/spec/lib/auth0/api/v2/users_spec.rb +57 -11
- data/spec/lib/auth0/client_spec.rb +79 -9
- data/spec/lib/auth0/mixins/httpproxy_spec.rb +2 -2
- data/spec/lib/auth0/mixins/validation_spec.rb +32 -0
- data/spec/spec_helper.rb +6 -1
- data/spec/support/credentials.rb +0 -19
- metadata +49 -44
- data/.github/ISSUE_TEMPLATE.md +0 -39
- data/Gemfile.lock +0 -227
- data/deploy_documentation.sh +0 -29
- data/doc_config/templates/default/fulldoc/html/css/full_list.css +0 -79
- data/doc_config/templates/default/fulldoc/html/css/style.css +0 -546
- data/doc_config/templates/default/layout/html/breadcrumb.erb +0 -11
- data/doc_config/templates/default/layout/html/footer.erb +0 -115
- data/doc_config/templates/default/layout/html/headers.erb +0 -17
- data/doc_config/templates/default/layout/html/layout.erb +0 -27
- data/lib/auth0/api/v1.rb +0 -19
- data/lib/auth0/api/v1/clients.rb +0 -58
- data/lib/auth0/api/v1/connections.rb +0 -68
- data/lib/auth0/api/v1/logs.rb +0 -43
- data/lib/auth0/api/v1/rules.rb +0 -57
- data/lib/auth0/api/v1/users.rb +0 -227
- data/spec/lib/auth0/api/authentication_endpoints_spec.rb +0 -703
data/auth0.gemspec
CHANGED
@@ -19,19 +19,20 @@ Gem::Specification.new do |s|
|
|
19
19
|
s.add_runtime_dependency 'rest-client', '~> 2.0.0'
|
20
20
|
s.add_runtime_dependency 'jwt', '~> 2.2.0'
|
21
21
|
s.add_runtime_dependency 'zache', '~> 0.12.0'
|
22
|
+
s.add_runtime_dependency 'addressable', '~> 2.7.0'
|
22
23
|
|
24
|
+
s.add_development_dependency 'bundler'
|
23
25
|
s.add_development_dependency 'rake', '~> 13.0'
|
24
26
|
s.add_development_dependency 'fuubar', '~> 2.0'
|
25
27
|
s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI']
|
26
28
|
s.add_development_dependency 'dotenv-rails', '~> 2.0'
|
27
29
|
s.add_development_dependency 'pry', '~> 0.10'
|
28
30
|
s.add_development_dependency 'pry-nav', '~> 0.2.4'
|
29
|
-
s.add_development_dependency 'rspec', '~> 3.
|
31
|
+
s.add_development_dependency 'rspec', '~> 3.5'
|
30
32
|
s.add_development_dependency 'rack-test', '~> 0.6'
|
31
33
|
s.add_development_dependency 'rack', '~> 2.1.2'
|
32
34
|
s.add_development_dependency 'simplecov', '~> 0.9'
|
33
|
-
s.add_development_dependency 'faker', '~>
|
34
|
-
s.add_development_dependency 'yard', '~> 0.9.12'
|
35
|
+
s.add_development_dependency 'faker', '~> 2.0'
|
35
36
|
s.add_development_dependency 'gem-release', '~> 0.7'
|
36
37
|
s.license = 'MIT'
|
37
38
|
end
|
@@ -14,20 +14,25 @@ module Auth0
|
|
14
14
|
# Request an API access token using a Client Credentials grant
|
15
15
|
# @see https://auth0.com/docs/api-auth/tutorials/client-credentials
|
16
16
|
# @param audience [string] API audience to use
|
17
|
+
# @param organization [string] Organization ID
|
17
18
|
# @return [json] Returns the API token
|
18
19
|
def api_token(
|
19
20
|
client_id: @client_id,
|
20
21
|
client_secret: @client_secret,
|
21
|
-
|
22
|
+
organization: @organization,
|
23
|
+
audience: nil
|
22
24
|
)
|
25
|
+
|
23
26
|
request_params = {
|
24
27
|
grant_type: 'client_credentials',
|
25
28
|
client_id: client_id,
|
26
29
|
client_secret: client_secret,
|
27
|
-
audience: audience
|
30
|
+
audience: audience,
|
31
|
+
organization: organization
|
28
32
|
}
|
33
|
+
|
29
34
|
response = post('/oauth/token', request_params)
|
30
|
-
ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
|
35
|
+
::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
|
31
36
|
end
|
32
37
|
|
33
38
|
# Get access and ID tokens using an Authorization Code.
|
@@ -37,7 +42,7 @@ module Auth0
|
|
37
42
|
# Required only if it was set at the GET /authorize endpoint
|
38
43
|
# @param client_id [string] Client ID for the Application
|
39
44
|
# @param client_secret [string] Client Secret for the Application.
|
40
|
-
# @return [AccessToken] Returns the access_token and id_token
|
45
|
+
# @return [Auth0::AccessToken] Returns the access_token and id_token
|
41
46
|
def exchange_auth_code_for_tokens(
|
42
47
|
code,
|
43
48
|
redirect_uri: nil,
|
@@ -53,7 +58,7 @@ module Auth0
|
|
53
58
|
code: code,
|
54
59
|
redirect_uri: redirect_uri
|
55
60
|
}
|
56
|
-
AccessToken.from_response post('/oauth/token', request_params)
|
61
|
+
::Auth0::AccessToken.from_response post('/oauth/token', request_params)
|
57
62
|
end
|
58
63
|
|
59
64
|
# Get access and ID tokens using a refresh token.
|
@@ -64,7 +69,7 @@ module Auth0
|
|
64
69
|
# @param client_secret [string] Client Secret for the Application.
|
65
70
|
# Required when the Application's Token Endpoint Authentication Method
|
66
71
|
# is Post or Basic.
|
67
|
-
# @return [AccessToken] Returns tokens allowed in the refresh_token
|
72
|
+
# @return [Auth0::AccessToken] Returns tokens allowed in the refresh_token
|
68
73
|
def exchange_refresh_token(
|
69
74
|
refresh_token,
|
70
75
|
client_id: @client_id,
|
@@ -78,7 +83,7 @@ module Auth0
|
|
78
83
|
client_secret: client_secret,
|
79
84
|
refresh_token: refresh_token
|
80
85
|
}
|
81
|
-
AccessToken.from_response post('/oauth/token', request_params)
|
86
|
+
::Auth0::AccessToken.from_response post('/oauth/token', request_params)
|
82
87
|
end
|
83
88
|
|
84
89
|
# rubocop:disable Metrics/ParameterLists
|
@@ -118,7 +123,7 @@ module Auth0
|
|
118
123
|
audience: audience,
|
119
124
|
grant_type: realm ? 'http://auth0.com/oauth/grant-type/password-realm' : 'password'
|
120
125
|
}
|
121
|
-
AccessToken.from_response post('/oauth/token', request_params)
|
126
|
+
::Auth0::AccessToken.from_response post('/oauth/token', request_params)
|
122
127
|
end
|
123
128
|
# rubocop:enable Metrics/ParameterLists
|
124
129
|
|
@@ -220,7 +225,7 @@ module Auth0
|
|
220
225
|
# Return an authorization URL.
|
221
226
|
# @see https://auth0.com/docs/api/authentication#authorization-code-grant
|
222
227
|
# @param redirect_uri [string] URL to redirect after authorization
|
223
|
-
# @param options [hash] Can contain response_type, connection, state and additional_parameters.
|
228
|
+
# @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
|
224
229
|
# @return [url] Authorization URL.
|
225
230
|
def authorization_url(redirect_uri, options = {})
|
226
231
|
raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
|
@@ -231,7 +236,9 @@ module Auth0
|
|
231
236
|
connection: options.fetch(:connection, nil),
|
232
237
|
redirect_uri: redirect_uri,
|
233
238
|
state: options.fetch(:state, nil),
|
234
|
-
scope: options.fetch(:scope, nil)
|
239
|
+
scope: options.fetch(:scope, nil),
|
240
|
+
organization: options.fetch(:organization, @organization),
|
241
|
+
invitation: options.fetch(:invitation, nil)
|
235
242
|
}.merge(options.fetch(:additional_parameters, {}))
|
236
243
|
|
237
244
|
URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
|
@@ -292,225 +299,11 @@ module Auth0
|
|
292
299
|
)
|
293
300
|
end
|
294
301
|
|
295
|
-
#
|
296
|
-
# DEPRECATED
|
297
|
-
#
|
298
|
-
|
299
|
-
# Retrieve an access token.
|
300
|
-
# @deprecated 4.6.0 - Use the api_token method instead.
|
301
|
-
# @see https://auth0.com/docs/api/authentication#client-credentials
|
302
|
-
# @param access_token [string] Social provider's access_token
|
303
|
-
# @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
|
304
|
-
# @return [json] Returns the access token
|
305
|
-
def obtain_access_token(access_token = nil, connection = 'facebook', scope = 'openid')
|
306
|
-
if access_token
|
307
|
-
request_params = { client_id: @client_id, access_token: access_token, connection: connection, scope: scope }
|
308
|
-
post('/oauth/access_token', request_params)['access_token']
|
309
|
-
else
|
310
|
-
request_params = { client_id: @client_id, client_secret: @client_secret, grant_type: 'client_credentials' }
|
311
|
-
post('/oauth/token', request_params)['access_token']
|
312
|
-
end
|
313
|
-
end
|
314
|
-
|
315
|
-
# Get access and ID tokens using an Authorization Code.
|
316
|
-
# @deprecated 4.6.0 - Use the exchange_auth_code_for_tokens method instead.
|
317
|
-
# @see https://auth0.com/docs/api/authentication#authorization-code
|
318
|
-
# @param code [string] The access code obtained through passive authentication
|
319
|
-
# @param redirect_uri [string] Url to redirect after authorization
|
320
|
-
# @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
|
321
|
-
# @param scope [string] Defaults to openid. Can be 'openid name email', 'openid offline_access'
|
322
|
-
# @return [json] Returns the access_token and id_token
|
323
|
-
def obtain_user_tokens(code, redirect_uri, connection = 'facebook', scope = 'openid')
|
324
|
-
raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
|
325
|
-
raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
|
326
|
-
|
327
|
-
request_params = {
|
328
|
-
client_id: @client_id,
|
329
|
-
client_secret: @client_secret,
|
330
|
-
connection: connection,
|
331
|
-
grant_type: 'authorization_code',
|
332
|
-
code: code,
|
333
|
-
scope: scope,
|
334
|
-
redirect_uri: redirect_uri
|
335
|
-
}
|
336
|
-
post('/oauth/token', request_params)
|
337
|
-
end
|
338
|
-
|
339
|
-
# Get access and ID tokens using Resource Owner Password.
|
340
|
-
# @deprecated 4.6.0 - Use the login_with_resource_owner method instead.
|
341
|
-
# @see https://auth0.com/docs/api/authentication#resource-owner-password
|
342
|
-
# @param username [string] Username or email
|
343
|
-
# @param password [string] Password
|
344
|
-
# @param id_token [string] Token's id
|
345
|
-
# @param connection_name [string] Connection name; use a database or
|
346
|
-
# passwordless connection, Active Directory/LDAP, Windows Azure or ADF
|
347
|
-
# @param options [hash] Additional options - :scope, :grant_type, :device
|
348
|
-
# @return [json] Returns the access_token and id_token
|
349
|
-
def login(username, password, id_token = nil, connection_name = UP_AUTH, options = {})
|
350
|
-
raise Auth0::InvalidParameter, 'Must supply a valid username' if username.to_s.empty?
|
351
|
-
raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
|
352
|
-
|
353
|
-
request_params = {
|
354
|
-
client_id: @client_id,
|
355
|
-
client_secret: @client_secret,
|
356
|
-
username: username,
|
357
|
-
password: password,
|
358
|
-
scope: options.fetch(:scope, 'openid'),
|
359
|
-
connection: connection_name,
|
360
|
-
grant_type: options.fetch(:grant_type, 'password'),
|
361
|
-
id_token: id_token,
|
362
|
-
device: options.fetch(:device, nil)
|
363
|
-
}
|
364
|
-
post('/oauth/token', request_params)
|
365
|
-
end
|
366
|
-
|
367
|
-
# Return the user information based on the Auth0 access token.
|
368
|
-
# @deprecated 4.6.0 - Use the userinfo method instead.
|
369
|
-
# @see https://auth0.com/docs/api/authentication#get-user-info
|
370
|
-
# @return [json] User information based on the Auth0 access token
|
371
|
-
def user_info
|
372
|
-
get('/userinfo')
|
373
|
-
end
|
374
|
-
|
375
|
-
# Login using phone number + verification code.
|
376
|
-
# @deprecated 4.5.0 - Legacy authentication pipeline; use a Password Grant
|
377
|
-
# instead - https://auth0.com/docs/api-auth/tutorials/password-grant
|
378
|
-
# @see https://auth0.com/docs/api/authentication#resource-owner
|
379
|
-
# @param phone_number [string] User's phone number.
|
380
|
-
# @param code [string] Verification code.
|
381
|
-
# @return [json] Returns the access token and id token
|
382
|
-
def phone_login(phone_number, code, scope = 'openid')
|
383
|
-
raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
|
384
|
-
raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
|
385
|
-
|
386
|
-
request_params = {
|
387
|
-
client_id: @client_id,
|
388
|
-
username: phone_number,
|
389
|
-
password: code,
|
390
|
-
scope: scope,
|
391
|
-
connection: 'sms',
|
392
|
-
grant_type: 'password'
|
393
|
-
}
|
394
|
-
post('/oauth/ro', request_params)
|
395
|
-
end
|
396
|
-
|
397
|
-
# Validate a JSON Web Token (signature and expiration).
|
398
|
-
# @deprecated 4.5.0 - Legacy endpoint, use /userinfo instead.
|
399
|
-
# @see https://auth0.com/docs/api/authentication#get-token-info
|
400
|
-
# @param id_token [string] ID Token to use
|
401
|
-
# @return User information associated with the user id (sub property) of the token.
|
402
|
-
def token_info(id_token)
|
403
|
-
raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
|
404
|
-
|
405
|
-
request_params = { id_token: id_token }
|
406
|
-
post('/tokeninfo', request_params)
|
407
|
-
end
|
408
|
-
|
409
|
-
# Refresh a delegation token.
|
410
|
-
# @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
|
411
|
-
# https://auth0.com/docs/api-auth/tutorials/adoption/delegation
|
412
|
-
# @see https://auth0.com/docs/api/authentication#delegation
|
413
|
-
# @param refresh_token [string] Token to refresh
|
414
|
-
# @param target [string] Target to sign the new token.
|
415
|
-
# @param scope [string] Defaults to openid. Can be 'openid name email'.
|
416
|
-
# @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
|
417
|
-
# salesforce_sandbox_api, sap_api or wams
|
418
|
-
# @param extra_parameters [hash] Extra parameters.
|
419
|
-
# @return [json] Returns the refreshed delegation token
|
420
|
-
def refresh_delegation(refresh_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
|
421
|
-
raise Auth0::InvalidParameter, 'Must supply a valid token to refresh' if refresh_token.to_s.empty?
|
422
|
-
|
423
|
-
request_params = {
|
424
|
-
client_id: @client_id,
|
425
|
-
grant_type: JWT_BEARER,
|
426
|
-
refresh_token: refresh_token,
|
427
|
-
target: target,
|
428
|
-
api_type: api_type,
|
429
|
-
scope: scope
|
430
|
-
}.merge(extra_parameters)
|
431
|
-
post('/delegation', request_params)
|
432
|
-
end
|
433
|
-
|
434
|
-
# Retrieve a delegation token.
|
435
|
-
# @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
|
436
|
-
# https://auth0.com/docs/api-auth/tutorials/adoption/delegation
|
437
|
-
# @see https://auth0.com/docs/api/authentication#delegation
|
438
|
-
# @param id_token [string] Token's id.
|
439
|
-
# @param target [string] Target to sign the new token.
|
440
|
-
# @param scope [string] Defaults to openid. Can be 'openid name email'.
|
441
|
-
# @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
|
442
|
-
# salesforce_sandbox_api, sap_api or wams
|
443
|
-
# @param extra_parameters [hash] Extra parameters.
|
444
|
-
# @return [json] Returns the refreshed delegation token
|
445
|
-
def delegation(id_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
|
446
|
-
raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
|
447
|
-
|
448
|
-
request_params = {
|
449
|
-
client_id: @client_id,
|
450
|
-
grant_type: JWT_BEARER,
|
451
|
-
id_token: id_token,
|
452
|
-
target: target,
|
453
|
-
api_type: api_type,
|
454
|
-
scope: scope
|
455
|
-
}.merge(extra_parameters)
|
456
|
-
post('/delegation', request_params)
|
457
|
-
end
|
458
|
-
|
459
|
-
# Retrieve an impersonation URL to login as another user.
|
460
|
-
# @deprecated 4.5.0 - Feature is disabled.
|
461
|
-
# @see https://auth0.com/docs/api/authentication#impersonation
|
462
|
-
# @param user_id [string] Impersonate user id
|
463
|
-
# @param app_client_id [string] Application client id
|
464
|
-
# @param impersonator_id [string] Impersonator user id id.
|
465
|
-
# @param options [string] Additional Parameters
|
466
|
-
# @return [string] Impersonation URL
|
467
|
-
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
468
|
-
def impersonate(user_id, app_client_id, impersonator_id, options)
|
469
|
-
raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
|
470
|
-
raise Auth0::InvalidParameter, 'Must supply a valid app_client_id' if app_client_id.to_s.empty?
|
471
|
-
raise Auth0::InvalidParameter, 'Must supply a valid impersonator_id' if impersonator_id.to_s.empty?
|
472
|
-
raise Auth0::MissingParameter, 'Must supply client_secret' if @client_secret.nil?
|
473
|
-
|
474
|
-
authorization_header obtain_access_token
|
475
|
-
request_params = {
|
476
|
-
protocol: options.fetch(:protocol, 'oauth2'),
|
477
|
-
impersonator_id: impersonator_id,
|
478
|
-
client_id: app_client_id,
|
479
|
-
additionalParameters: {
|
480
|
-
response_type: options.fetch(:response_type, 'code'),
|
481
|
-
state: options.fetch(:state, ''),
|
482
|
-
scope: options.fetch(:scope, 'openid'),
|
483
|
-
callback_url: options.fetch(:callback_url, '')
|
484
|
-
}
|
485
|
-
}
|
486
|
-
result = post("/users/#{user_id}/impersonate", request_params)
|
487
|
-
authorization_header @token
|
488
|
-
result
|
489
|
-
end
|
490
|
-
# rubocop:enable Metrics/MethodLength, Metrics/AbcSize
|
491
|
-
|
492
|
-
# Unlink a user's account from the identity provider.
|
493
|
-
# @deprecated 4.5.0 - Endpoint is disabled in favor of the Management API;
|
494
|
-
# see https://auth0.com/docs/migrations/guides/account-linking
|
495
|
-
# @see https://auth0.com/docs/api/authentication#unlink
|
496
|
-
# @param access_token [string] Logged-in user access token
|
497
|
-
# @param user_id [string] User Id
|
498
|
-
def unlink_user(access_token, user_id)
|
499
|
-
raise Auth0::InvalidParameter, 'Must supply a valid access_token' if access_token.to_s.empty?
|
500
|
-
raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
|
501
|
-
|
502
|
-
request_params = {
|
503
|
-
access_token: access_token,
|
504
|
-
user_id: user_id
|
505
|
-
}
|
506
|
-
post('/unlink', request_params)
|
507
|
-
end
|
508
|
-
|
509
302
|
# Validate an ID token (signature and expiration).
|
510
303
|
# @see https://auth0.com/docs/tokens/guides/validate-id-tokens
|
511
304
|
# @param id_token [string] The JWT to validate.
|
512
305
|
# @param algorithm [JWKAlgorithm] The expected signing algorithm.
|
513
|
-
|
306
|
+
|
514
307
|
# @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
|
515
308
|
# Must be a non-negative value. Defaults to *60 seconds*.
|
516
309
|
# @param nonce [string] The nonce value sent during authentication.
|
@@ -520,8 +313,10 @@ module Auth0
|
|
520
313
|
# Defaults to +https://YOUR_AUTH0_DOMAIN/+.
|
521
314
|
# @param audience [string] The expected audience claim value.
|
522
315
|
# Defaults to your *Auth0 Client ID*.
|
316
|
+
# @param organization [string] Organization ID
|
317
|
+
# Defaults to your *Auth0 Organization ID*.
|
523
318
|
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
|
524
|
-
def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
|
319
|
+
def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization)
|
525
320
|
context = {
|
526
321
|
issuer: issuer || "https://#{@domain}/",
|
527
322
|
audience: audience || @client_id,
|
@@ -531,6 +326,7 @@ module Auth0
|
|
531
326
|
|
532
327
|
context[:nonce] = nonce unless nonce.nil?
|
533
328
|
context[:max_age] = max_age unless max_age.nil?
|
329
|
+
context[:organization] = organization unless !organization
|
534
330
|
|
535
331
|
Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
|
536
332
|
end
|
data/lib/auth0/api/v2.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'auth0/api/v2/anomaly'
|
2
2
|
require 'auth0/api/v2/blacklists'
|
3
|
+
require 'auth0/api/v2/branding'
|
3
4
|
require 'auth0/api/v2/clients'
|
4
5
|
require 'auth0/api/v2/client_grants'
|
5
6
|
require 'auth0/api/v2/connections'
|
@@ -7,6 +8,7 @@ require 'auth0/api/v2/device_credentials'
|
|
7
8
|
require 'auth0/api/v2/emails'
|
8
9
|
require 'auth0/api/v2/jobs'
|
9
10
|
require 'auth0/api/v2/prompts'
|
11
|
+
require 'auth0/api/v2/organizations'
|
10
12
|
require 'auth0/api/v2/rules'
|
11
13
|
require 'auth0/api/v2/roles'
|
12
14
|
require 'auth0/api/v2/stats'
|
@@ -26,25 +28,27 @@ module Auth0
|
|
26
28
|
module V2
|
27
29
|
include Auth0::Api::V2::Anomaly
|
28
30
|
include Auth0::Api::V2::Blacklists
|
31
|
+
include Auth0::Api::V2::Branding
|
29
32
|
include Auth0::Api::V2::Clients
|
30
33
|
include Auth0::Api::V2::ClientGrants
|
31
34
|
include Auth0::Api::V2::Connections
|
32
35
|
include Auth0::Api::V2::DeviceCredentials
|
33
36
|
include Auth0::Api::V2::Emails
|
37
|
+
include Auth0::Api::V2::Guardian
|
34
38
|
include Auth0::Api::V2::Jobs
|
39
|
+
include Auth0::Api::V2::Logs
|
40
|
+
include Auth0::Api::V2::LogStreams
|
35
41
|
include Auth0::Api::V2::Prompts
|
42
|
+
include Auth0::Api::V2::Organizations
|
36
43
|
include Auth0::Api::V2::Rules
|
37
44
|
include Auth0::Api::V2::Roles
|
38
45
|
include Auth0::Api::V2::Stats
|
39
46
|
include Auth0::Api::V2::Users
|
40
47
|
include Auth0::Api::V2::UsersByEmail
|
41
48
|
include Auth0::Api::V2::UserBlocks
|
49
|
+
include Auth0::Api::V2::ResourceServers
|
42
50
|
include Auth0::Api::V2::Tenants
|
43
51
|
include Auth0::Api::V2::Tickets
|
44
|
-
include Auth0::Api::V2::Logs
|
45
|
-
include Auth0::Api::V2::LogStreams
|
46
|
-
include Auth0::Api::V2::ResourceServers
|
47
|
-
include Auth0::Api::V2::Guardian
|
48
52
|
end
|
49
53
|
end
|
50
54
|
end
|
@@ -0,0 +1,66 @@
|
|
1
|
+
module Auth0
|
2
|
+
module Api
|
3
|
+
module V2
|
4
|
+
# Methods to use the branding endpoints
|
5
|
+
module Branding
|
6
|
+
attr_reader :branding_path
|
7
|
+
|
8
|
+
# Retrieve branding settings.
|
9
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/get_branding
|
10
|
+
#
|
11
|
+
# @return [json] Returns branding settings.
|
12
|
+
def branding()
|
13
|
+
get(branding_path)
|
14
|
+
end
|
15
|
+
alias get_branding branding
|
16
|
+
|
17
|
+
# Update branding settings.
|
18
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/patch_branding
|
19
|
+
# @param body [hash] the branding settings to update
|
20
|
+
#
|
21
|
+
# @return [json] Returns branding settings.
|
22
|
+
def patch_branding(body = {})
|
23
|
+
patch(branding_path, body)
|
24
|
+
end
|
25
|
+
alias update_branding patch_branding
|
26
|
+
|
27
|
+
# Get template for New Universal Login Experience
|
28
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/get_universal_login
|
29
|
+
#
|
30
|
+
# @return [json] Returns branding settings.
|
31
|
+
def branding_templates_for_universal_login
|
32
|
+
get(templates_path)
|
33
|
+
end
|
34
|
+
alias get_branding_templates_for_universal_login branding_templates_for_universal_login
|
35
|
+
|
36
|
+
# Delete template for New Universal Login Experience
|
37
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/delete_universal_login
|
38
|
+
# @param rule_id [string] The id of the rule to delete.
|
39
|
+
def delete_branding_templates_for_universal_login
|
40
|
+
delete(templates_path)
|
41
|
+
end
|
42
|
+
|
43
|
+
# Set template for New Universal Login Experience
|
44
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/put_universal_login
|
45
|
+
# @param body [hash] the branding settings to update
|
46
|
+
#
|
47
|
+
# @return [json] Returns branding settings.
|
48
|
+
def put_branding_templates_for_universal_login(body = {})
|
49
|
+
put(templates_path, body)
|
50
|
+
end
|
51
|
+
alias set_branding_templates_for_universal_login put_branding_templates_for_universal_login
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
# Branding API path
|
56
|
+
def branding_path
|
57
|
+
@branding_path ||= '/api/v2/branding'
|
58
|
+
end
|
59
|
+
|
60
|
+
def templates_path
|
61
|
+
@templates_path ||= "#{branding_path}/templates/universal-login"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|