auth0 4.17.0 → 5.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.version +1 -0
- data/CHANGELOG.md +407 -22
- data/README.md +80 -178
- data/auth0.gemspec +10 -15
- data/lib/auth0/api/authentication_endpoints.rb +162 -249
- data/lib/auth0/api/v2/actions.rb +209 -0
- data/lib/auth0/api/v2/attack_protection.rb +79 -0
- data/lib/auth0/api/v2/branding.rb +65 -0
- data/lib/auth0/api/v2/client_grants.rb +27 -2
- data/lib/auth0/api/v2/clients.rb +42 -0
- data/lib/auth0/api/v2/connections.rb +14 -5
- data/lib/auth0/api/v2/device_credentials.rb +12 -7
- data/lib/auth0/api/v2/grants.rb +49 -0
- data/lib/auth0/api/v2/jobs.rb +18 -5
- data/lib/auth0/api/v2/logs.rb +2 -2
- data/lib/auth0/api/v2/organizations.rb +407 -0
- data/lib/auth0/api/v2/refresh_tokens.rb +34 -0
- data/lib/auth0/api/v2/roles.rb +7 -3
- data/lib/auth0/api/v2/sessions.rb +43 -0
- data/lib/auth0/api/v2/tickets.rb +14 -2
- data/lib/auth0/api/v2/users.rb +203 -12
- data/lib/auth0/api/v2.rb +18 -4
- data/lib/auth0/client_assertion.rb +45 -0
- data/lib/auth0/exception.rb +17 -8
- data/lib/auth0/mixins/access_token_struct.rb +2 -2
- data/lib/auth0/mixins/api_token_struct.rb +2 -3
- data/lib/auth0/mixins/httpproxy.rb +98 -36
- data/lib/auth0/mixins/initializer.rb +6 -9
- data/lib/auth0/mixins/permission_struct.rb +2 -2
- data/lib/auth0/mixins/token_management.rb +35 -0
- data/lib/auth0/mixins/validation.rb +33 -6
- data/lib/auth0/mixins.rb +2 -1
- data/lib/auth0/version.rb +1 -1
- metadata +58 -632
- data/.bundle/config +0 -4
- data/.circleci/config.yml +0 -23
- data/.env.example +0 -2
- data/.gemrelease +0 -2
- data/.github/CODEOWNERS +0 -1
- data/.github/ISSUE_TEMPLATE.md +0 -39
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -35
- data/.github/stale.yml +0 -20
- data/.gitignore +0 -14
- data/.rspec +0 -3
- data/.rubocop.yml +0 -10
- data/.rubocop_todo.yml +0 -5
- data/CODE_OF_CONDUCT.md +0 -3
- data/DEPLOYMENT.md +0 -61
- data/Dockerfile +0 -5
- data/Gemfile +0 -19
- data/Gemfile.lock +0 -227
- data/Guardfile +0 -37
- data/RUBYGEM.md +0 -9
- data/Rakefile +0 -53
- data/codecov.yml +0 -22
- data/deploy_documentation.sh +0 -29
- data/doc_config/templates/default/fulldoc/html/css/full_list.css +0 -79
- data/doc_config/templates/default/fulldoc/html/css/style.css +0 -546
- data/doc_config/templates/default/layout/html/breadcrumb.erb +0 -11
- data/doc_config/templates/default/layout/html/footer.erb +0 -115
- data/doc_config/templates/default/layout/html/headers.erb +0 -17
- data/doc_config/templates/default/layout/html/layout.erb +0 -27
- data/examples/ruby-api/.env.example +0 -2
- data/examples/ruby-api/.gitignore +0 -86
- data/examples/ruby-api/Gemfile +0 -8
- data/examples/ruby-api/README.md +0 -24
- data/examples/ruby-api/config.ru +0 -2
- data/examples/ruby-api/main.rb +0 -33
- data/examples/ruby-on-rails-api/.env.example +0 -2
- data/examples/ruby-on-rails-api/.gitignore +0 -18
- data/examples/ruby-on-rails-api/Gemfile +0 -48
- data/examples/ruby-on-rails-api/README.md +0 -27
- data/examples/ruby-on-rails-api/Rakefile +0 -6
- data/examples/ruby-on-rails-api/app/assets/images/.keep +0 -0
- data/examples/ruby-on-rails-api/app/assets/javascripts/application.js +0 -16
- data/examples/ruby-on-rails-api/app/assets/stylesheets/application.css +0 -15
- data/examples/ruby-on-rails-api/app/controllers/application_controller.rb +0 -8
- data/examples/ruby-on-rails-api/app/controllers/concerns/.keep +0 -0
- data/examples/ruby-on-rails-api/app/controllers/ping_controller.rb +0 -6
- data/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb +0 -11
- data/examples/ruby-on-rails-api/app/helpers/application_helper.rb +0 -3
- data/examples/ruby-on-rails-api/app/mailers/.keep +0 -0
- data/examples/ruby-on-rails-api/app/models/.keep +0 -0
- data/examples/ruby-on-rails-api/app/models/User.rb +0 -5
- data/examples/ruby-on-rails-api/app/models/concerns/.keep +0 -0
- data/examples/ruby-on-rails-api/app/views/layouts/application.html.erb +0 -14
- data/examples/ruby-on-rails-api/bin/bundle +0 -3
- data/examples/ruby-on-rails-api/bin/rails +0 -4
- data/examples/ruby-on-rails-api/bin/rake +0 -4
- data/examples/ruby-on-rails-api/bin/setup +0 -29
- data/examples/ruby-on-rails-api/config/application.rb +0 -23
- data/examples/ruby-on-rails-api/config/boot.rb +0 -4
- data/examples/ruby-on-rails-api/config/database.yml +0 -27
- data/examples/ruby-on-rails-api/config/environment.rb +0 -5
- data/examples/ruby-on-rails-api/config/environments/development.rb +0 -37
- data/examples/ruby-on-rails-api/config/environments/production.rb +0 -83
- data/examples/ruby-on-rails-api/config/environments/test.rb +0 -41
- data/examples/ruby-on-rails-api/config/initializers/backtrace_silencers.rb +0 -7
- data/examples/ruby-on-rails-api/config/initializers/cookies_serializer.rb +0 -3
- data/examples/ruby-on-rails-api/config/initializers/dotenv.rb +0 -4
- data/examples/ruby-on-rails-api/config/initializers/filter_parameter_logging.rb +0 -4
- data/examples/ruby-on-rails-api/config/initializers/inflections.rb +0 -16
- data/examples/ruby-on-rails-api/config/initializers/knock.rb +0 -35
- data/examples/ruby-on-rails-api/config/initializers/mime_types.rb +0 -4
- data/examples/ruby-on-rails-api/config/initializers/session_store.rb +0 -3
- data/examples/ruby-on-rails-api/config/initializers/wrap_parameters.rb +0 -14
- data/examples/ruby-on-rails-api/config/locales/en.yml +0 -23
- data/examples/ruby-on-rails-api/config/routes.rb +0 -58
- data/examples/ruby-on-rails-api/config/secrets.yml +0 -28
- data/examples/ruby-on-rails-api/config.ru +0 -4
- data/examples/ruby-on-rails-api/db/schema.rb +0 -15
- data/examples/ruby-on-rails-api/db/seeds.rb +0 -7
- data/examples/ruby-on-rails-api/lib/assets/.keep +0 -0
- data/examples/ruby-on-rails-api/lib/tasks/.keep +0 -0
- data/examples/ruby-on-rails-api/log/.keep +0 -0
- data/examples/ruby-on-rails-api/public/404.html +0 -67
- data/examples/ruby-on-rails-api/public/422.html +0 -67
- data/examples/ruby-on-rails-api/public/500.html +0 -66
- data/examples/ruby-on-rails-api/public/favicon.ico +0 -0
- data/examples/ruby-on-rails-api/public/robots.txt +0 -5
- data/examples/ruby-on-rails-api/test/controllers/.keep +0 -0
- data/examples/ruby-on-rails-api/test/fixtures/.keep +0 -0
- data/examples/ruby-on-rails-api/test/helpers/.keep +0 -0
- data/examples/ruby-on-rails-api/test/integration/.keep +0 -0
- data/examples/ruby-on-rails-api/test/mailers/.keep +0 -0
- data/examples/ruby-on-rails-api/test/models/.keep +0 -0
- data/examples/ruby-on-rails-api/test/ping_controller_test.rb +0 -8
- data/examples/ruby-on-rails-api/test/secured_ping_controller_test.rb +0 -26
- data/examples/ruby-on-rails-api/test/test_helper.rb +0 -16
- data/lib/auth0/api/v1/clients.rb +0 -58
- data/lib/auth0/api/v1/connections.rb +0 -68
- data/lib/auth0/api/v1/logs.rb +0 -43
- data/lib/auth0/api/v1/rules.rb +0 -57
- data/lib/auth0/api/v1/users.rb +0 -227
- data/lib/auth0/api/v1.rb +0 -19
- data/publish_rubygem.sh +0 -10
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_change_password/should_trigger_a_password_reset.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_incorrect_email.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_incorrect_password.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_invalid_audience.yml +0 -55
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_login_successfully_with_a_custom_audience.yml +0 -117
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_login_successfully_with_a_default_scope.yml +0 -119
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_saml_metadata/should_retrieve_SAML_metadata.yml +0 -57
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_userinfo/should_fail_as_not_authorized.yml +0 -55
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_userinfo/should_return_the_userinfo.yml +0 -118
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_wsfed_metadata/should_retrieve_WSFED_metadata.yml +0 -55
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/create_test_user.yml +0 -58
- data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/delete_test_user.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Anomaly/_check_if_ip_is_blocked/should_return_200_response_code.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Anomaly/_remove_ip_block/should_remove_an_IP_successfully.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Blacklists/_add_token_to_blacklist/should_add_a_token_to_the_blacklist.yml +0 -56
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Blacklists/_blacklisted_tokens/should_get_the_added_token_from_the_blacklist.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_at_least_1_result.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_the_first_page_of_one_result.yml +0 -66
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_the_test_client_grant.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_delete_client_grant/should_delete_the_test_client_grant.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_patch_client_grant/should_update_the_test_client_grant.yml +0 -64
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/create_test_client.yml +0 -118
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/create_test_client_grant.yml +0 -64
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/delete_test_client.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/delete_test_client_grant.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/_filters/should_exclude_and_include_fields_properly.yml +0 -91
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/_filters/should_include_the_specified_fields.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/should_get_the_test_client.yml +0 -92
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_exclude_fields_not_specified.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_exclude_the_specified_fields.yml +0 -132
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_include_the_specified_fields.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_paginate_results.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/should_get_at_least_one_client.yml +0 -132
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_delete_client/should_delete_the_test_client_without_an_error.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_patch_client/should_update_the_client_with_the_correct_attributes.yml +0 -94
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/create_test_client.yml +0 -118
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_exclude_the_fields_indicated.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_include_the_fields_indicated.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/should_find_the_correct_connection.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_include_previously-created_connection_when_filtered.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_exclude_the_fields_indicated_from_filtered_results.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_include_the_fields_indicated_from_filtered_results.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_include_the_previously_created_connection.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_not_be_empty.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection/should_delete_the_connection.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection_user/should_delete_the_user_created.yml +0 -110
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_update_connection/should_update_the_connection.yml +0 -66
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/create_test_connection.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/create_test_user.yml +0 -68
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_delete_device_credential/should_delete_the_test_credential_without_an_error.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/_filter_by_type/should_exclude_the_test_credential.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/should_have_at_least_1_entry.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/should_include_the_test_credential.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/create_test_credential.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/create_test_user.yml +0 -68
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/delete_test_credential.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/delete_test_user.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_configure_provider/should_configure_a_new_email_provider.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_delete_provider/should_delete_the_existing_email_provider_without_an_error.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_delete_provider/should_throw_an_error_trying_to_get_the_email_provider.yml +0 -51
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/_filters/should_get_the_existing_email_provider_with_specific_fields.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/_filters/should_get_the_existing_email_provider_without_specific_fields.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/should_get_the_existing_email_provider.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_update_provider/should_update_the_existing_email_provider.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/delete_existing_provider.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_export_users_and_get_job/should_create_an_export_users_job_successfully.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_export_users_and_get_job/should_get_the_export_users_job.yml +0 -117
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_import_users_and_get_job/should_create_an_import_users_job_successfully.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_import_users_and_get_job/should_get_the_import_users_job.yml +0 -116
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_create_a_new_verification_email_job.yml +0 -119
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_get_the_completed_verification_email.yml +0 -175
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_reject_an_invalid_client_id.yml +0 -109
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/delete_imported_user.yml +0 -110
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/search_for_connection_id.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_log/should_match_the_created_log_entry.yml +0 -265
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_log/should_not_be_empty.yml +0 -265
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_exclude_fields_not_specified.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_exclude_the_specified_fields.yml +0 -75
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_have_one_log_entry.yml +0 -76
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_include_the_specified_fields.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_from/should_take_one_log_entry.yml +0 -258
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/create_test_user.yml +0 -68
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_disabled_rule.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_enabled_rule.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_user.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_delete_resource_server/should_delete_the_test_server_without_an_error.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_patch_resource_server/should_update_the_resource_server_with_the_correct_attributes.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_server/should_get_the_test_server.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_get_the_test_server.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_return_at_least_1_result.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_return_the_first_page_of_one_result.yml +0 -64
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/create_test_server.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/delete_test_server.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_add_role_permissions/should_add_a_Permission_to_the_Role_successfully.yml +0 -69
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_add_role_users/should_add_a_User_to_the_Role_successfully.yml +0 -69
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_delete_role/should_delete_the_Role_successfully.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role/should_get_the_Role_successfully.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_permissions/should_get_exactly_1_Permission.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_permissions/should_get_the_added_Permission_from_the_Role_successfully.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_users/should_get_exactly_1_User.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_users/should_get_the_added_User_from_the_Role_successfully.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_roles/should_get_the_Role_successfully.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_remove_role_permissions/should_remove_a_Permission_from_the_Role_successfully.yml +0 -64
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_update_role/should_update_the_Role_successfully.yml +0 -69
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_api.yml +0 -69
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_role.yml +0 -69
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_user.yml +0 -69
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/delete_test_api.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/delete_test_user.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_delete_rule/should_delete_the_test_disabled_rule_without_an_error.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_delete_rule/should_delete_the_test_enabled_rule_without_an_error.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_exclude_the_fields_not_specified.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_exclude_the_specified_fields.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_include_the_specified_fields.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/should_get_a_specific_rule.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_exclude_fields_not_specified.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_include_the_specified_fields.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_at_least_1_disabled_rule.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_at_least_1_enabled_rule.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_paginated_results.yml +0 -128
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/should_return_at_least_1_rule.yml +0 -64
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_update_rule/should_update_the_disabled_rule_to_be_enabled.yml +0 -64
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/create_test_disabled_rule.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/create_test_enabled_rule.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Stats/_active_users/should_have_at_least_one_active_user.yml +0 -59
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Stats/_daily_stats/should_have_at_least_one_stats_entry_for_the_timeframe.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings/should_get_the_tenant_settings.yml +0 -95
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings_with_specific_fields/should_exclude_a_field_not_requested.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings_with_specific_fields/should_include_the_field_requested.yml +0 -61
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_revert_the_tenant_name.yml +0 -96
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_update_the_tenant_settings_with_a_new_tenant_name.yml +0 -96
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/_post_email_verification/should_create_an_email_verification_ticket.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/_post_password_change/should_create_a_password_change_ticket.yml +0 -63
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/create_test_user.yml +0 -68
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/delete_test_user.yml +0 -54
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_permissions/should_add_a_Permissions_for_a_User_successfully.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_roles/should_add_a_Role_to_a_User_successfully.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user/should_delete_the_User_successfully.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user/should_delete_the_secondary_User_successfully.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user_provider/should_attempt_to_delete_the_MFA_provider_for_the_User.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_enrollments/should_get_Enrollments_for_a_User_successfully.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_permissions/should_get_exactly_1_Permission_for_a_User_successfully.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_permissions/should_get_the_correct_Permission_for_a_User_successfully.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_roles/should_get_Roles_for_a_User_successfully.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_invalidate_browsers/should_invalidate_MFA_browsers_for_the_User_successfully.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_link_user_account/should_link_two_Users_successfully.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_patch_user/should_patch_the_User_successfully.yml +0 -68
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_remove_user_permissions/should_remove_a_Permission_from_a_User_successfully.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_remove_user_roles/should_remove_a_Role_from_a_User_successfully.yml +0 -62
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_unlink_user_account/should_unlink_two_Users_successfully.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_exclude_fields_not_indicated.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_exclude_the_fields_indicated.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_include_the_fields_indicated.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/should_retrieve_the_created_user.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user_logs/should_get_Logs_for_a_User_successfully.yml +0 -69
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/is_expected_to_find_a_user_with_a_v2_search_engine_query.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/is_expected_to_find_a_user_with_a_v3_search_engine_query.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_exclude_the_indicated_fields_when_paginated.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_include_the_indicated_fields_when_paginated.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_not_include_other_fields_when_paginated.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_return_the_correct_number_of_results_when_paginated.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/should_have_at_least_one_user.yml +0 -65
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_secondary_test_user.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_api.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_role.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_user.yml +0 -67
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/delete_test_api.yml +0 -60
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/delete_test_role.yml +0 -60
- data/spec/integration/lib/auth0/api/api_authentication_spec.rb +0 -120
- data/spec/integration/lib/auth0/api/v2/api_anomaly_spec.rb +0 -17
- data/spec/integration/lib/auth0/api/v2/api_blacklist_spec.rb +0 -27
- data/spec/integration/lib/auth0/api/v2/api_client_grants_spec.rb +0 -75
- data/spec/integration/lib/auth0/api/v2/api_clients_spec.rb +0 -166
- data/spec/integration/lib/auth0/api/v2/api_connections_spec.rb +0 -159
- data/spec/integration/lib/auth0/api/v2/api_device_credentials_spec.rb +0 -128
- data/spec/integration/lib/auth0/api/v2/api_email_spec.rb +0 -117
- data/spec/integration/lib/auth0/api/v2/api_jobs_spec.rb +0 -124
- data/spec/integration/lib/auth0/api/v2/api_logs_spec.rb +0 -91
- data/spec/integration/lib/auth0/api/v2/api_resource_servers_spec.rb +0 -130
- data/spec/integration/lib/auth0/api/v2/api_roles_spec.rb +0 -145
- data/spec/integration/lib/auth0/api/v2/api_rules_spec.rb +0 -177
- data/spec/integration/lib/auth0/api/v2/api_stats_spec.rb +0 -22
- data/spec/integration/lib/auth0/api/v2/api_tenants_spec.rb +0 -59
- data/spec/integration/lib/auth0/api/v2/api_tickets_spec.rb +0 -59
- data/spec/integration/lib/auth0/api/v2/api_user_blocks_spec.rb +0 -73
- data/spec/integration/lib/auth0/api/v2/api_users_spec.rb +0 -300
- data/spec/integration/lib/auth0/auth0_client_spec.rb +0 -90
- data/spec/lib/auth0/api/authentication_endpoints_spec.rb +0 -703
- data/spec/lib/auth0/api/v2/anomaly_spec.rb +0 -26
- data/spec/lib/auth0/api/v2/blacklists_spec.rb +0 -25
- data/spec/lib/auth0/api/v2/client_grants_spec.rb +0 -76
- data/spec/lib/auth0/api/v2/clients_spec.rb +0 -104
- data/spec/lib/auth0/api/v2/connections_spec.rb +0 -140
- data/spec/lib/auth0/api/v2/device_credentials_spec.rb +0 -73
- data/spec/lib/auth0/api/v2/emails_spec.rb +0 -47
- data/spec/lib/auth0/api/v2/guardian_spec.rb +0 -154
- data/spec/lib/auth0/api/v2/jobs_spec.rb +0 -128
- data/spec/lib/auth0/api/v2/log_streams_spec.rb +0 -84
- data/spec/lib/auth0/api/v2/logs_spec.rb +0 -48
- data/spec/lib/auth0/api/v2/prompts_spec.rb +0 -88
- data/spec/lib/auth0/api/v2/resource_servers_spec.rb +0 -86
- data/spec/lib/auth0/api/v2/roles_spec.rb +0 -362
- data/spec/lib/auth0/api/v2/rules_spec.rb +0 -95
- data/spec/lib/auth0/api/v2/stats_spec.rb +0 -22
- data/spec/lib/auth0/api/v2/tenants_spec.rb +0 -26
- data/spec/lib/auth0/api/v2/tickets_spec.rb +0 -63
- data/spec/lib/auth0/api/v2/user_blocks_spec.rb +0 -52
- data/spec/lib/auth0/api/v2/users_by_email_spec.rb +0 -21
- data/spec/lib/auth0/api/v2/users_spec.rb +0 -542
- data/spec/lib/auth0/client_spec.rb +0 -153
- data/spec/lib/auth0/mixins/httpproxy_spec.rb +0 -304
- data/spec/lib/auth0/mixins/initializer_spec.rb +0 -30
- data/spec/lib/auth0/mixins/validation_spec.rb +0 -466
- data/spec/spec_helper.rb +0 -63
- data/spec/support/credentials.rb +0 -30
- data/spec/support/dummy_class.rb +0 -18
- data/spec/support/dummy_class_for_proxy.rb +0 -5
- data/spec/support/dummy_class_for_restclient.rb +0 -2
- data/spec/support/import_users.json +0 -13
- data/spec/support/stub_response.rb +0 -1
|
@@ -2,42 +2,53 @@
|
|
|
2
2
|
# rubocop:disable Metrics/ModuleLength
|
|
3
3
|
|
|
4
4
|
require 'jwt'
|
|
5
|
+
require_relative '../client_assertion'
|
|
5
6
|
|
|
6
7
|
module Auth0
|
|
7
8
|
module Api
|
|
8
9
|
# {https://auth0.com/docs/api/authentication}
|
|
9
10
|
# Methods to use the Authentication API
|
|
10
11
|
module AuthenticationEndpoints
|
|
12
|
+
include Auth0::ClientAssertion
|
|
13
|
+
|
|
11
14
|
UP_AUTH = 'Username-Password-Authentication'.freeze
|
|
12
15
|
JWT_BEARER = 'urn:ietf:params:oauth:grant-type:jwt-bearer'.freeze
|
|
16
|
+
GRANT_TYPE_PASSWORDLESS_OPT = 'http://auth0.com/oauth/grant-type/passwordless/otp'.freeze
|
|
13
17
|
|
|
14
18
|
# Request an API access token using a Client Credentials grant
|
|
15
19
|
# @see https://auth0.com/docs/api-auth/tutorials/client-credentials
|
|
20
|
+
# @param client_id [string] Client ID for the application
|
|
21
|
+
# @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
|
|
16
22
|
# @param audience [string] API audience to use
|
|
23
|
+
# @param organization [string] Organization ID
|
|
17
24
|
# @return [json] Returns the API token
|
|
18
25
|
def api_token(
|
|
19
26
|
client_id: @client_id,
|
|
20
27
|
client_secret: @client_secret,
|
|
21
|
-
|
|
28
|
+
organization: @organization,
|
|
29
|
+
audience: nil
|
|
22
30
|
)
|
|
23
31
|
request_params = {
|
|
24
32
|
grant_type: 'client_credentials',
|
|
25
33
|
client_id: client_id,
|
|
26
|
-
|
|
27
|
-
|
|
34
|
+
audience: audience,
|
|
35
|
+
organization: organization
|
|
28
36
|
}
|
|
29
|
-
|
|
30
|
-
|
|
37
|
+
|
|
38
|
+
populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
|
|
39
|
+
|
|
40
|
+
response = request_with_retry(:post, '/oauth/token', request_params)
|
|
41
|
+
::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
|
|
31
42
|
end
|
|
32
43
|
|
|
33
44
|
# Get access and ID tokens using an Authorization Code.
|
|
34
45
|
# @see https://auth0.com/docs/api/authentication#authorization-code
|
|
35
46
|
# @param code [string] The authentication code obtained from /authorize
|
|
36
47
|
# @param redirect_uri [string] URL to redirect to after authorization.
|
|
48
|
+
# @param client_id [string] Client ID for the application
|
|
49
|
+
# @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
|
|
37
50
|
# Required only if it was set at the GET /authorize endpoint
|
|
38
|
-
# @
|
|
39
|
-
# @param client_secret [string] Client Secret for the Application.
|
|
40
|
-
# @return [AccessToken] Returns the access_token and id_token
|
|
51
|
+
# @return [Auth0::AccessToken] Returns the access_token and id_token
|
|
41
52
|
def exchange_auth_code_for_tokens(
|
|
42
53
|
code,
|
|
43
54
|
redirect_uri: nil,
|
|
@@ -48,23 +59,25 @@ module Auth0
|
|
|
48
59
|
|
|
49
60
|
request_params = {
|
|
50
61
|
grant_type: 'authorization_code',
|
|
51
|
-
client_id: client_id,
|
|
52
|
-
client_secret: client_secret,
|
|
62
|
+
client_id: client_id,
|
|
53
63
|
code: code,
|
|
54
64
|
redirect_uri: redirect_uri
|
|
55
65
|
}
|
|
56
|
-
|
|
66
|
+
|
|
67
|
+
populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
|
|
68
|
+
|
|
69
|
+
::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
|
|
57
70
|
end
|
|
58
71
|
|
|
59
72
|
# Get access and ID tokens using a refresh token.
|
|
60
73
|
# @see https://auth0.com/docs/api/authentication#refresh-token
|
|
61
74
|
# @param refresh_token [string] Refresh token to use. Request this with
|
|
62
75
|
# the offline_access scope when logging in.
|
|
63
|
-
# @param client_id [string] Client ID for the
|
|
64
|
-
# @param client_secret [string] Client
|
|
76
|
+
# @param client_id [string] Client ID for the application
|
|
77
|
+
# @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
|
|
65
78
|
# Required when the Application's Token Endpoint Authentication Method
|
|
66
79
|
# is Post or Basic.
|
|
67
|
-
# @return [AccessToken] Returns tokens allowed in the refresh_token
|
|
80
|
+
# @return [Auth0::AccessToken] Returns tokens allowed in the refresh_token
|
|
68
81
|
def exchange_refresh_token(
|
|
69
82
|
refresh_token,
|
|
70
83
|
client_id: @client_id,
|
|
@@ -75,10 +88,54 @@ module Auth0
|
|
|
75
88
|
request_params = {
|
|
76
89
|
grant_type: 'refresh_token',
|
|
77
90
|
client_id: client_id,
|
|
78
|
-
client_secret: client_secret,
|
|
79
91
|
refresh_token: refresh_token
|
|
80
92
|
}
|
|
81
|
-
|
|
93
|
+
|
|
94
|
+
populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
|
|
95
|
+
|
|
96
|
+
::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
# Exchange an OTP recieved through SMS for ID and access tokens
|
|
100
|
+
# @param phone_number [string] The user's phone number used to receive the OTP
|
|
101
|
+
# @param otp [string] The OTP contained in the SMS
|
|
102
|
+
# @param audience [string] The audience for the access token (defaults to nil)
|
|
103
|
+
# @param scope [string] The scope (defaults to 'openid profile email')
|
|
104
|
+
def exchange_sms_otp_for_tokens(phone_number, otp, audience: nil, scope: nil)
|
|
105
|
+
request_params = {
|
|
106
|
+
grant_type: GRANT_TYPE_PASSWORDLESS_OPT,
|
|
107
|
+
client_id: @client_id,
|
|
108
|
+
username: phone_number,
|
|
109
|
+
otp: otp,
|
|
110
|
+
realm: 'sms',
|
|
111
|
+
audience: audience,
|
|
112
|
+
scope: scope || 'openid profile email'
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
populate_client_assertion_or_secret(request_params)
|
|
116
|
+
|
|
117
|
+
::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
# Exchange an OTP recieved through email for ID and access tokens
|
|
121
|
+
# @param email_address [string] The user's email address used to receive the OTP
|
|
122
|
+
# @param otp [string] The OTP contained in the email
|
|
123
|
+
# @param audience [string] The audience for the access token (defaults to nil)
|
|
124
|
+
# @param scope [string] The scope (defaults to 'openid profile email')
|
|
125
|
+
def exchange_email_otp_for_tokens(email_address, otp, audience: nil, scope: nil)
|
|
126
|
+
request_params = {
|
|
127
|
+
grant_type: GRANT_TYPE_PASSWORDLESS_OPT,
|
|
128
|
+
client_id: @client_id,
|
|
129
|
+
username: email_address,
|
|
130
|
+
otp: otp,
|
|
131
|
+
realm: 'email',
|
|
132
|
+
audience: audience,
|
|
133
|
+
scope: scope || 'openid profile email'
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
populate_client_assertion_or_secret(request_params)
|
|
137
|
+
|
|
138
|
+
::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
|
|
82
139
|
end
|
|
83
140
|
|
|
84
141
|
# rubocop:disable Metrics/ParameterLists
|
|
@@ -87,8 +144,8 @@ module Auth0
|
|
|
87
144
|
# @see https://auth0.com/docs/api/authentication#resource-owner-password
|
|
88
145
|
# @param login_name [string] Email or username for the connection
|
|
89
146
|
# @param password [string] Password
|
|
90
|
-
# @param client_id [string] Client ID
|
|
91
|
-
# @param client_secret [string] Client
|
|
147
|
+
# @param client_id [string] Client ID for the application
|
|
148
|
+
# @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
|
|
92
149
|
# @param realm [string] Specific realm to authenticate against
|
|
93
150
|
# @param audience [string] API audience
|
|
94
151
|
# @param scope [string] Scope(s) requested
|
|
@@ -112,13 +169,15 @@ module Auth0
|
|
|
112
169
|
username: login_name,
|
|
113
170
|
password: password,
|
|
114
171
|
client_id: client_id,
|
|
115
|
-
client_secret: client_secret,
|
|
116
172
|
realm: realm,
|
|
117
173
|
scope: scope,
|
|
118
174
|
audience: audience,
|
|
119
175
|
grant_type: realm ? 'http://auth0.com/oauth/grant-type/password-realm' : 'password'
|
|
120
176
|
}
|
|
121
|
-
|
|
177
|
+
|
|
178
|
+
populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
|
|
179
|
+
|
|
180
|
+
::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
|
|
122
181
|
end
|
|
123
182
|
# rubocop:enable Metrics/ParameterLists
|
|
124
183
|
|
|
@@ -138,16 +197,18 @@ module Auth0
|
|
|
138
197
|
connection: connection_name,
|
|
139
198
|
client_id: @client_id
|
|
140
199
|
}
|
|
141
|
-
|
|
200
|
+
|
|
201
|
+
request_with_retry(:post, '/dbconnections/signup', request_params)
|
|
142
202
|
end
|
|
143
203
|
|
|
144
204
|
# Change a user's password or trigger a password reset email.
|
|
145
205
|
# @see https://auth0.com/docs/api/authentication#change-password
|
|
146
206
|
# @see https://auth0.com/docs/connections/database/password-change
|
|
147
207
|
# @param email [string] User's current email
|
|
148
|
-
# @param password [string] User's new password
|
|
149
|
-
# password
|
|
208
|
+
# @param password [string] User's new password. This is only available
|
|
209
|
+
# on legacy tenants with change password v1 flow enabled
|
|
150
210
|
# @param connection_name [string] Database connection name
|
|
211
|
+
# @deprecated Use {#reset_password} instead.
|
|
151
212
|
def change_password(email, password, connection_name = UP_AUTH)
|
|
152
213
|
raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
|
|
153
214
|
|
|
@@ -157,7 +218,27 @@ module Auth0
|
|
|
157
218
|
connection: connection_name,
|
|
158
219
|
client_id: @client_id
|
|
159
220
|
}
|
|
160
|
-
|
|
221
|
+
|
|
222
|
+
request_with_retry(:post, '/dbconnections/change_password', request_params)
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
# Trigger a password reset email.
|
|
226
|
+
# @see https://auth0.com/docs/api/authentication#change-password
|
|
227
|
+
# @see https://auth0.com/docs/connections/database/password-change
|
|
228
|
+
# @param email [string] User's current email
|
|
229
|
+
# @param connection_name [string] Database connection name
|
|
230
|
+
# @param client_id [string] Client ID override (to allow forwarding
|
|
231
|
+
# to a different application's login URI on password reset success page)
|
|
232
|
+
def reset_password(email, connection_name = UP_AUTH, client_id = @client_id)
|
|
233
|
+
raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
|
|
234
|
+
|
|
235
|
+
request_params = {
|
|
236
|
+
email: email,
|
|
237
|
+
connection: connection_name,
|
|
238
|
+
client_id: client_id
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
request_with_retry(:post, '/dbconnections/change_password', request_params)
|
|
161
242
|
end
|
|
162
243
|
|
|
163
244
|
# Start Passwordless email login flow.
|
|
@@ -175,9 +256,11 @@ module Auth0
|
|
|
175
256
|
authParams: auth_params,
|
|
176
257
|
connection: 'email',
|
|
177
258
|
client_id: @client_id,
|
|
178
|
-
client_secret: @client_secret
|
|
179
259
|
}
|
|
180
|
-
|
|
260
|
+
|
|
261
|
+
populate_client_assertion_or_secret(request_params)
|
|
262
|
+
|
|
263
|
+
request_with_retry(:post, '/passwordless/start', request_params)
|
|
181
264
|
end
|
|
182
265
|
|
|
183
266
|
# Start Passwordless SMS login flow.
|
|
@@ -191,36 +274,38 @@ module Auth0
|
|
|
191
274
|
phone_number: phone_number,
|
|
192
275
|
connection: 'sms',
|
|
193
276
|
client_id: @client_id,
|
|
194
|
-
client_secret: @client_secret
|
|
195
277
|
}
|
|
196
|
-
|
|
278
|
+
|
|
279
|
+
populate_client_assertion_or_secret(request_params)
|
|
280
|
+
|
|
281
|
+
request_with_retry(:post, '/passwordless/start', request_params)
|
|
197
282
|
end
|
|
198
283
|
|
|
199
284
|
# Retrive SAML 2.0 metadata XML for an Application.
|
|
200
285
|
# @see https://auth0.com/docs/api/authentication#get-metadata
|
|
201
286
|
# @return [xml] SAML 2.0 metadata
|
|
202
287
|
def saml_metadata
|
|
203
|
-
get
|
|
288
|
+
request_with_retry(:get, "/samlp/metadata/#{@client_id}")
|
|
204
289
|
end
|
|
205
290
|
|
|
206
291
|
# Retrieve WS-Federation metadata XML for a tenant.
|
|
207
292
|
# @see https://auth0.com/docs/api/authentication#get-metadata36
|
|
208
293
|
# @return [xml] WS-Federation metadata
|
|
209
294
|
def wsfed_metadata
|
|
210
|
-
get
|
|
295
|
+
request_with_retry(:get, '/wsfed/FederationMetadata/2007-06/FederationMetadata.xml')
|
|
211
296
|
end
|
|
212
297
|
|
|
213
298
|
# Return the user information based on the Auth0 access token.
|
|
214
299
|
# @see https://auth0.com/docs/api/authentication#get-user-info
|
|
215
300
|
# @return [json] User information based on the Auth0 access token
|
|
216
301
|
def userinfo(access_token)
|
|
217
|
-
get
|
|
302
|
+
request_with_retry(:get, '/userinfo', {}, 'Authorization' => "Bearer #{access_token}")
|
|
218
303
|
end
|
|
219
304
|
|
|
220
305
|
# Return an authorization URL.
|
|
221
306
|
# @see https://auth0.com/docs/api/authentication#authorization-code-grant
|
|
222
307
|
# @param redirect_uri [string] URL to redirect after authorization
|
|
223
|
-
# @param options [hash] Can contain response_type, connection, state and additional_parameters.
|
|
308
|
+
# @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
|
|
224
309
|
# @return [url] Authorization URL.
|
|
225
310
|
def authorization_url(redirect_uri, options = {})
|
|
226
311
|
raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
|
|
@@ -231,12 +316,29 @@ module Auth0
|
|
|
231
316
|
connection: options.fetch(:connection, nil),
|
|
232
317
|
redirect_uri: redirect_uri,
|
|
233
318
|
state: options.fetch(:state, nil),
|
|
234
|
-
scope: options.fetch(:scope, nil)
|
|
319
|
+
scope: options.fetch(:scope, nil),
|
|
320
|
+
organization: options.fetch(:organization, @organization),
|
|
321
|
+
invitation: options.fetch(:invitation, nil)
|
|
235
322
|
}.merge(options.fetch(:additional_parameters, {}))
|
|
236
323
|
|
|
237
324
|
URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
|
|
238
325
|
end
|
|
239
326
|
|
|
327
|
+
# Return an authorization URL for PAR requests
|
|
328
|
+
# @see https://www.rfc-editor.org/rfc/rfc9126.html
|
|
329
|
+
# @param request_uri [string] The request_uri as obtained by calling `pushed_authorization_request`
|
|
330
|
+
# @param additional_parameters Any additional parameters to send
|
|
331
|
+
def par_authorization_url(request_uri)
|
|
332
|
+
raise Auth0::InvalidParameter, 'Must supply a valid request_uri' if request_uri.to_s.empty?
|
|
333
|
+
|
|
334
|
+
request_params = {
|
|
335
|
+
client_id: @client_id,
|
|
336
|
+
request_uri: request_uri,
|
|
337
|
+
}
|
|
338
|
+
|
|
339
|
+
URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
|
|
340
|
+
end
|
|
341
|
+
|
|
240
342
|
# Returns an Auth0 logout URL with a return URL.
|
|
241
343
|
# @see https://auth0.com/docs/api/authentication#logout
|
|
242
344
|
# @see https://auth0.com/docs/logout
|
|
@@ -258,6 +360,28 @@ module Auth0
|
|
|
258
360
|
)
|
|
259
361
|
end
|
|
260
362
|
|
|
363
|
+
# Make a request to the PAR endpoint and receive a `request_uri` to send to the '/authorize' endpoint.
|
|
364
|
+
# @see https://auth0.com/docs/api/authentication#authorization-code-grant
|
|
365
|
+
# @param redirect_uri [string] URL to redirect after authorization
|
|
366
|
+
# @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
|
|
367
|
+
# @return [url] Authorization URL.
|
|
368
|
+
def pushed_authorization_request(parameters = {})
|
|
369
|
+
request_params = {
|
|
370
|
+
client_id: @client_id,
|
|
371
|
+
response_type: parameters.fetch(:response_type, 'code'),
|
|
372
|
+
connection: parameters.fetch(:connection, nil),
|
|
373
|
+
redirect_uri: parameters.fetch(:redirect_uri, nil),
|
|
374
|
+
state: parameters.fetch(:state, nil),
|
|
375
|
+
scope: parameters.fetch(:scope, nil),
|
|
376
|
+
organization: parameters.fetch(:organization, nil),
|
|
377
|
+
invitation: parameters.fetch(:invitation, nil)
|
|
378
|
+
}.merge(parameters.fetch(:additional_parameters, {}))
|
|
379
|
+
|
|
380
|
+
populate_client_assertion_or_secret(request_params)
|
|
381
|
+
|
|
382
|
+
request_with_retry(:post_form, '/oauth/par', request_params, {})
|
|
383
|
+
end
|
|
384
|
+
|
|
261
385
|
# Return a SAMLP URL.
|
|
262
386
|
# The SAML Request AssertionConsumerServiceURL will be used to POST back
|
|
263
387
|
# the assertion and it must match with the application callback URL.
|
|
@@ -292,225 +416,11 @@ module Auth0
|
|
|
292
416
|
)
|
|
293
417
|
end
|
|
294
418
|
|
|
295
|
-
#
|
|
296
|
-
# DEPRECATED
|
|
297
|
-
#
|
|
298
|
-
|
|
299
|
-
# Retrieve an access token.
|
|
300
|
-
# @deprecated 4.6.0 - Use the api_token method instead.
|
|
301
|
-
# @see https://auth0.com/docs/api/authentication#client-credentials
|
|
302
|
-
# @param access_token [string] Social provider's access_token
|
|
303
|
-
# @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
|
|
304
|
-
# @return [json] Returns the access token
|
|
305
|
-
def obtain_access_token(access_token = nil, connection = 'facebook', scope = 'openid')
|
|
306
|
-
if access_token
|
|
307
|
-
request_params = { client_id: @client_id, access_token: access_token, connection: connection, scope: scope }
|
|
308
|
-
post('/oauth/access_token', request_params)['access_token']
|
|
309
|
-
else
|
|
310
|
-
request_params = { client_id: @client_id, client_secret: @client_secret, grant_type: 'client_credentials' }
|
|
311
|
-
post('/oauth/token', request_params)['access_token']
|
|
312
|
-
end
|
|
313
|
-
end
|
|
314
|
-
|
|
315
|
-
# Get access and ID tokens using an Authorization Code.
|
|
316
|
-
# @deprecated 4.6.0 - Use the exchange_auth_code_for_tokens method instead.
|
|
317
|
-
# @see https://auth0.com/docs/api/authentication#authorization-code
|
|
318
|
-
# @param code [string] The access code obtained through passive authentication
|
|
319
|
-
# @param redirect_uri [string] Url to redirect after authorization
|
|
320
|
-
# @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
|
|
321
|
-
# @param scope [string] Defaults to openid. Can be 'openid name email', 'openid offline_access'
|
|
322
|
-
# @return [json] Returns the access_token and id_token
|
|
323
|
-
def obtain_user_tokens(code, redirect_uri, connection = 'facebook', scope = 'openid')
|
|
324
|
-
raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
|
|
325
|
-
raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
|
|
326
|
-
|
|
327
|
-
request_params = {
|
|
328
|
-
client_id: @client_id,
|
|
329
|
-
client_secret: @client_secret,
|
|
330
|
-
connection: connection,
|
|
331
|
-
grant_type: 'authorization_code',
|
|
332
|
-
code: code,
|
|
333
|
-
scope: scope,
|
|
334
|
-
redirect_uri: redirect_uri
|
|
335
|
-
}
|
|
336
|
-
post('/oauth/token', request_params)
|
|
337
|
-
end
|
|
338
|
-
|
|
339
|
-
# Get access and ID tokens using Resource Owner Password.
|
|
340
|
-
# @deprecated 4.6.0 - Use the login_with_resource_owner method instead.
|
|
341
|
-
# @see https://auth0.com/docs/api/authentication#resource-owner-password
|
|
342
|
-
# @param username [string] Username or email
|
|
343
|
-
# @param password [string] Password
|
|
344
|
-
# @param id_token [string] Token's id
|
|
345
|
-
# @param connection_name [string] Connection name; use a database or
|
|
346
|
-
# passwordless connection, Active Directory/LDAP, Windows Azure or ADF
|
|
347
|
-
# @param options [hash] Additional options - :scope, :grant_type, :device
|
|
348
|
-
# @return [json] Returns the access_token and id_token
|
|
349
|
-
def login(username, password, id_token = nil, connection_name = UP_AUTH, options = {})
|
|
350
|
-
raise Auth0::InvalidParameter, 'Must supply a valid username' if username.to_s.empty?
|
|
351
|
-
raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
|
|
352
|
-
|
|
353
|
-
request_params = {
|
|
354
|
-
client_id: @client_id,
|
|
355
|
-
client_secret: @client_secret,
|
|
356
|
-
username: username,
|
|
357
|
-
password: password,
|
|
358
|
-
scope: options.fetch(:scope, 'openid'),
|
|
359
|
-
connection: connection_name,
|
|
360
|
-
grant_type: options.fetch(:grant_type, 'password'),
|
|
361
|
-
id_token: id_token,
|
|
362
|
-
device: options.fetch(:device, nil)
|
|
363
|
-
}
|
|
364
|
-
post('/oauth/token', request_params)
|
|
365
|
-
end
|
|
366
|
-
|
|
367
|
-
# Return the user information based on the Auth0 access token.
|
|
368
|
-
# @deprecated 4.6.0 - Use the userinfo method instead.
|
|
369
|
-
# @see https://auth0.com/docs/api/authentication#get-user-info
|
|
370
|
-
# @return [json] User information based on the Auth0 access token
|
|
371
|
-
def user_info
|
|
372
|
-
get('/userinfo')
|
|
373
|
-
end
|
|
374
|
-
|
|
375
|
-
# Login using phone number + verification code.
|
|
376
|
-
# @deprecated 4.5.0 - Legacy authentication pipeline; use a Password Grant
|
|
377
|
-
# instead - https://auth0.com/docs/api-auth/tutorials/password-grant
|
|
378
|
-
# @see https://auth0.com/docs/api/authentication#resource-owner
|
|
379
|
-
# @param phone_number [string] User's phone number.
|
|
380
|
-
# @param code [string] Verification code.
|
|
381
|
-
# @return [json] Returns the access token and id token
|
|
382
|
-
def phone_login(phone_number, code, scope = 'openid')
|
|
383
|
-
raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
|
|
384
|
-
raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
|
|
385
|
-
|
|
386
|
-
request_params = {
|
|
387
|
-
client_id: @client_id,
|
|
388
|
-
username: phone_number,
|
|
389
|
-
password: code,
|
|
390
|
-
scope: scope,
|
|
391
|
-
connection: 'sms',
|
|
392
|
-
grant_type: 'password'
|
|
393
|
-
}
|
|
394
|
-
post('/oauth/ro', request_params)
|
|
395
|
-
end
|
|
396
|
-
|
|
397
|
-
# Validate a JSON Web Token (signature and expiration).
|
|
398
|
-
# @deprecated 4.5.0 - Legacy endpoint, use /userinfo instead.
|
|
399
|
-
# @see https://auth0.com/docs/api/authentication#get-token-info
|
|
400
|
-
# @param id_token [string] ID Token to use
|
|
401
|
-
# @return User information associated with the user id (sub property) of the token.
|
|
402
|
-
def token_info(id_token)
|
|
403
|
-
raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
|
|
404
|
-
|
|
405
|
-
request_params = { id_token: id_token }
|
|
406
|
-
post('/tokeninfo', request_params)
|
|
407
|
-
end
|
|
408
|
-
|
|
409
|
-
# Refresh a delegation token.
|
|
410
|
-
# @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
|
|
411
|
-
# https://auth0.com/docs/api-auth/tutorials/adoption/delegation
|
|
412
|
-
# @see https://auth0.com/docs/api/authentication#delegation
|
|
413
|
-
# @param refresh_token [string] Token to refresh
|
|
414
|
-
# @param target [string] Target to sign the new token.
|
|
415
|
-
# @param scope [string] Defaults to openid. Can be 'openid name email'.
|
|
416
|
-
# @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
|
|
417
|
-
# salesforce_sandbox_api, sap_api or wams
|
|
418
|
-
# @param extra_parameters [hash] Extra parameters.
|
|
419
|
-
# @return [json] Returns the refreshed delegation token
|
|
420
|
-
def refresh_delegation(refresh_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
|
|
421
|
-
raise Auth0::InvalidParameter, 'Must supply a valid token to refresh' if refresh_token.to_s.empty?
|
|
422
|
-
|
|
423
|
-
request_params = {
|
|
424
|
-
client_id: @client_id,
|
|
425
|
-
grant_type: JWT_BEARER,
|
|
426
|
-
refresh_token: refresh_token,
|
|
427
|
-
target: target,
|
|
428
|
-
api_type: api_type,
|
|
429
|
-
scope: scope
|
|
430
|
-
}.merge(extra_parameters)
|
|
431
|
-
post('/delegation', request_params)
|
|
432
|
-
end
|
|
433
|
-
|
|
434
|
-
# Retrieve a delegation token.
|
|
435
|
-
# @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
|
|
436
|
-
# https://auth0.com/docs/api-auth/tutorials/adoption/delegation
|
|
437
|
-
# @see https://auth0.com/docs/api/authentication#delegation
|
|
438
|
-
# @param id_token [string] Token's id.
|
|
439
|
-
# @param target [string] Target to sign the new token.
|
|
440
|
-
# @param scope [string] Defaults to openid. Can be 'openid name email'.
|
|
441
|
-
# @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
|
|
442
|
-
# salesforce_sandbox_api, sap_api or wams
|
|
443
|
-
# @param extra_parameters [hash] Extra parameters.
|
|
444
|
-
# @return [json] Returns the refreshed delegation token
|
|
445
|
-
def delegation(id_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
|
|
446
|
-
raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
|
|
447
|
-
|
|
448
|
-
request_params = {
|
|
449
|
-
client_id: @client_id,
|
|
450
|
-
grant_type: JWT_BEARER,
|
|
451
|
-
id_token: id_token,
|
|
452
|
-
target: target,
|
|
453
|
-
api_type: api_type,
|
|
454
|
-
scope: scope
|
|
455
|
-
}.merge(extra_parameters)
|
|
456
|
-
post('/delegation', request_params)
|
|
457
|
-
end
|
|
458
|
-
|
|
459
|
-
# Retrieve an impersonation URL to login as another user.
|
|
460
|
-
# @deprecated 4.5.0 - Feature is disabled.
|
|
461
|
-
# @see https://auth0.com/docs/api/authentication#impersonation
|
|
462
|
-
# @param user_id [string] Impersonate user id
|
|
463
|
-
# @param app_client_id [string] Application client id
|
|
464
|
-
# @param impersonator_id [string] Impersonator user id id.
|
|
465
|
-
# @param options [string] Additional Parameters
|
|
466
|
-
# @return [string] Impersonation URL
|
|
467
|
-
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
|
468
|
-
def impersonate(user_id, app_client_id, impersonator_id, options)
|
|
469
|
-
raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
|
|
470
|
-
raise Auth0::InvalidParameter, 'Must supply a valid app_client_id' if app_client_id.to_s.empty?
|
|
471
|
-
raise Auth0::InvalidParameter, 'Must supply a valid impersonator_id' if impersonator_id.to_s.empty?
|
|
472
|
-
raise Auth0::MissingParameter, 'Must supply client_secret' if @client_secret.nil?
|
|
473
|
-
|
|
474
|
-
authorization_header obtain_access_token
|
|
475
|
-
request_params = {
|
|
476
|
-
protocol: options.fetch(:protocol, 'oauth2'),
|
|
477
|
-
impersonator_id: impersonator_id,
|
|
478
|
-
client_id: app_client_id,
|
|
479
|
-
additionalParameters: {
|
|
480
|
-
response_type: options.fetch(:response_type, 'code'),
|
|
481
|
-
state: options.fetch(:state, ''),
|
|
482
|
-
scope: options.fetch(:scope, 'openid'),
|
|
483
|
-
callback_url: options.fetch(:callback_url, '')
|
|
484
|
-
}
|
|
485
|
-
}
|
|
486
|
-
result = post("/users/#{user_id}/impersonate", request_params)
|
|
487
|
-
authorization_header @token
|
|
488
|
-
result
|
|
489
|
-
end
|
|
490
|
-
# rubocop:enable Metrics/MethodLength, Metrics/AbcSize
|
|
491
|
-
|
|
492
|
-
# Unlink a user's account from the identity provider.
|
|
493
|
-
# @deprecated 4.5.0 - Endpoint is disabled in favor of the Management API;
|
|
494
|
-
# see https://auth0.com/docs/migrations/guides/account-linking
|
|
495
|
-
# @see https://auth0.com/docs/api/authentication#unlink
|
|
496
|
-
# @param access_token [string] Logged-in user access token
|
|
497
|
-
# @param user_id [string] User Id
|
|
498
|
-
def unlink_user(access_token, user_id)
|
|
499
|
-
raise Auth0::InvalidParameter, 'Must supply a valid access_token' if access_token.to_s.empty?
|
|
500
|
-
raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
|
|
501
|
-
|
|
502
|
-
request_params = {
|
|
503
|
-
access_token: access_token,
|
|
504
|
-
user_id: user_id
|
|
505
|
-
}
|
|
506
|
-
post('/unlink', request_params)
|
|
507
|
-
end
|
|
508
|
-
|
|
509
419
|
# Validate an ID token (signature and expiration).
|
|
510
420
|
# @see https://auth0.com/docs/tokens/guides/validate-id-tokens
|
|
511
421
|
# @param id_token [string] The JWT to validate.
|
|
512
422
|
# @param algorithm [JWKAlgorithm] The expected signing algorithm.
|
|
513
|
-
|
|
423
|
+
|
|
514
424
|
# @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
|
|
515
425
|
# Must be a non-negative value. Defaults to *60 seconds*.
|
|
516
426
|
# @param nonce [string] The nonce value sent during authentication.
|
|
@@ -520,8 +430,10 @@ module Auth0
|
|
|
520
430
|
# Defaults to +https://YOUR_AUTH0_DOMAIN/+.
|
|
521
431
|
# @param audience [string] The expected audience claim value.
|
|
522
432
|
# Defaults to your *Auth0 Client ID*.
|
|
433
|
+
# @param organization [string] Organization ID
|
|
434
|
+
# Defaults to your *Auth0 Organization ID*.
|
|
523
435
|
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
|
|
524
|
-
def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
|
|
436
|
+
def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization)
|
|
525
437
|
context = {
|
|
526
438
|
issuer: issuer || "https://#{@domain}/",
|
|
527
439
|
audience: audience || @client_id,
|
|
@@ -531,6 +443,7 @@ module Auth0
|
|
|
531
443
|
|
|
532
444
|
context[:nonce] = nonce unless nonce.nil?
|
|
533
445
|
context[:max_age] = max_age unless max_age.nil?
|
|
446
|
+
context[:organization] = organization unless !organization
|
|
534
447
|
|
|
535
448
|
Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
|
|
536
449
|
end
|