auth0 4.17.0 → 5.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (357) hide show
  1. checksums.yaml +4 -4
  2. data/.version +1 -0
  3. data/CHANGELOG.md +407 -22
  4. data/README.md +80 -178
  5. data/auth0.gemspec +10 -15
  6. data/lib/auth0/api/authentication_endpoints.rb +162 -249
  7. data/lib/auth0/api/v2/actions.rb +209 -0
  8. data/lib/auth0/api/v2/attack_protection.rb +79 -0
  9. data/lib/auth0/api/v2/branding.rb +65 -0
  10. data/lib/auth0/api/v2/client_grants.rb +27 -2
  11. data/lib/auth0/api/v2/clients.rb +42 -0
  12. data/lib/auth0/api/v2/connections.rb +14 -5
  13. data/lib/auth0/api/v2/device_credentials.rb +12 -7
  14. data/lib/auth0/api/v2/grants.rb +49 -0
  15. data/lib/auth0/api/v2/jobs.rb +18 -5
  16. data/lib/auth0/api/v2/logs.rb +2 -2
  17. data/lib/auth0/api/v2/organizations.rb +407 -0
  18. data/lib/auth0/api/v2/refresh_tokens.rb +34 -0
  19. data/lib/auth0/api/v2/roles.rb +7 -3
  20. data/lib/auth0/api/v2/sessions.rb +43 -0
  21. data/lib/auth0/api/v2/tickets.rb +14 -2
  22. data/lib/auth0/api/v2/users.rb +203 -12
  23. data/lib/auth0/api/v2.rb +18 -4
  24. data/lib/auth0/client_assertion.rb +45 -0
  25. data/lib/auth0/exception.rb +17 -8
  26. data/lib/auth0/mixins/access_token_struct.rb +2 -2
  27. data/lib/auth0/mixins/api_token_struct.rb +2 -3
  28. data/lib/auth0/mixins/httpproxy.rb +98 -36
  29. data/lib/auth0/mixins/initializer.rb +6 -9
  30. data/lib/auth0/mixins/permission_struct.rb +2 -2
  31. data/lib/auth0/mixins/token_management.rb +35 -0
  32. data/lib/auth0/mixins/validation.rb +33 -6
  33. data/lib/auth0/mixins.rb +2 -1
  34. data/lib/auth0/version.rb +1 -1
  35. metadata +58 -632
  36. data/.bundle/config +0 -4
  37. data/.circleci/config.yml +0 -23
  38. data/.env.example +0 -2
  39. data/.gemrelease +0 -2
  40. data/.github/CODEOWNERS +0 -1
  41. data/.github/ISSUE_TEMPLATE.md +0 -39
  42. data/.github/PULL_REQUEST_TEMPLATE.md +0 -35
  43. data/.github/stale.yml +0 -20
  44. data/.gitignore +0 -14
  45. data/.rspec +0 -3
  46. data/.rubocop.yml +0 -10
  47. data/.rubocop_todo.yml +0 -5
  48. data/CODE_OF_CONDUCT.md +0 -3
  49. data/DEPLOYMENT.md +0 -61
  50. data/Dockerfile +0 -5
  51. data/Gemfile +0 -19
  52. data/Gemfile.lock +0 -227
  53. data/Guardfile +0 -37
  54. data/RUBYGEM.md +0 -9
  55. data/Rakefile +0 -53
  56. data/codecov.yml +0 -22
  57. data/deploy_documentation.sh +0 -29
  58. data/doc_config/templates/default/fulldoc/html/css/full_list.css +0 -79
  59. data/doc_config/templates/default/fulldoc/html/css/style.css +0 -546
  60. data/doc_config/templates/default/layout/html/breadcrumb.erb +0 -11
  61. data/doc_config/templates/default/layout/html/footer.erb +0 -115
  62. data/doc_config/templates/default/layout/html/headers.erb +0 -17
  63. data/doc_config/templates/default/layout/html/layout.erb +0 -27
  64. data/examples/ruby-api/.env.example +0 -2
  65. data/examples/ruby-api/.gitignore +0 -86
  66. data/examples/ruby-api/Gemfile +0 -8
  67. data/examples/ruby-api/README.md +0 -24
  68. data/examples/ruby-api/config.ru +0 -2
  69. data/examples/ruby-api/main.rb +0 -33
  70. data/examples/ruby-on-rails-api/.env.example +0 -2
  71. data/examples/ruby-on-rails-api/.gitignore +0 -18
  72. data/examples/ruby-on-rails-api/Gemfile +0 -48
  73. data/examples/ruby-on-rails-api/README.md +0 -27
  74. data/examples/ruby-on-rails-api/Rakefile +0 -6
  75. data/examples/ruby-on-rails-api/app/assets/images/.keep +0 -0
  76. data/examples/ruby-on-rails-api/app/assets/javascripts/application.js +0 -16
  77. data/examples/ruby-on-rails-api/app/assets/stylesheets/application.css +0 -15
  78. data/examples/ruby-on-rails-api/app/controllers/application_controller.rb +0 -8
  79. data/examples/ruby-on-rails-api/app/controllers/concerns/.keep +0 -0
  80. data/examples/ruby-on-rails-api/app/controllers/ping_controller.rb +0 -6
  81. data/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb +0 -11
  82. data/examples/ruby-on-rails-api/app/helpers/application_helper.rb +0 -3
  83. data/examples/ruby-on-rails-api/app/mailers/.keep +0 -0
  84. data/examples/ruby-on-rails-api/app/models/.keep +0 -0
  85. data/examples/ruby-on-rails-api/app/models/User.rb +0 -5
  86. data/examples/ruby-on-rails-api/app/models/concerns/.keep +0 -0
  87. data/examples/ruby-on-rails-api/app/views/layouts/application.html.erb +0 -14
  88. data/examples/ruby-on-rails-api/bin/bundle +0 -3
  89. data/examples/ruby-on-rails-api/bin/rails +0 -4
  90. data/examples/ruby-on-rails-api/bin/rake +0 -4
  91. data/examples/ruby-on-rails-api/bin/setup +0 -29
  92. data/examples/ruby-on-rails-api/config/application.rb +0 -23
  93. data/examples/ruby-on-rails-api/config/boot.rb +0 -4
  94. data/examples/ruby-on-rails-api/config/database.yml +0 -27
  95. data/examples/ruby-on-rails-api/config/environment.rb +0 -5
  96. data/examples/ruby-on-rails-api/config/environments/development.rb +0 -37
  97. data/examples/ruby-on-rails-api/config/environments/production.rb +0 -83
  98. data/examples/ruby-on-rails-api/config/environments/test.rb +0 -41
  99. data/examples/ruby-on-rails-api/config/initializers/backtrace_silencers.rb +0 -7
  100. data/examples/ruby-on-rails-api/config/initializers/cookies_serializer.rb +0 -3
  101. data/examples/ruby-on-rails-api/config/initializers/dotenv.rb +0 -4
  102. data/examples/ruby-on-rails-api/config/initializers/filter_parameter_logging.rb +0 -4
  103. data/examples/ruby-on-rails-api/config/initializers/inflections.rb +0 -16
  104. data/examples/ruby-on-rails-api/config/initializers/knock.rb +0 -35
  105. data/examples/ruby-on-rails-api/config/initializers/mime_types.rb +0 -4
  106. data/examples/ruby-on-rails-api/config/initializers/session_store.rb +0 -3
  107. data/examples/ruby-on-rails-api/config/initializers/wrap_parameters.rb +0 -14
  108. data/examples/ruby-on-rails-api/config/locales/en.yml +0 -23
  109. data/examples/ruby-on-rails-api/config/routes.rb +0 -58
  110. data/examples/ruby-on-rails-api/config/secrets.yml +0 -28
  111. data/examples/ruby-on-rails-api/config.ru +0 -4
  112. data/examples/ruby-on-rails-api/db/schema.rb +0 -15
  113. data/examples/ruby-on-rails-api/db/seeds.rb +0 -7
  114. data/examples/ruby-on-rails-api/lib/assets/.keep +0 -0
  115. data/examples/ruby-on-rails-api/lib/tasks/.keep +0 -0
  116. data/examples/ruby-on-rails-api/log/.keep +0 -0
  117. data/examples/ruby-on-rails-api/public/404.html +0 -67
  118. data/examples/ruby-on-rails-api/public/422.html +0 -67
  119. data/examples/ruby-on-rails-api/public/500.html +0 -66
  120. data/examples/ruby-on-rails-api/public/favicon.ico +0 -0
  121. data/examples/ruby-on-rails-api/public/robots.txt +0 -5
  122. data/examples/ruby-on-rails-api/test/controllers/.keep +0 -0
  123. data/examples/ruby-on-rails-api/test/fixtures/.keep +0 -0
  124. data/examples/ruby-on-rails-api/test/helpers/.keep +0 -0
  125. data/examples/ruby-on-rails-api/test/integration/.keep +0 -0
  126. data/examples/ruby-on-rails-api/test/mailers/.keep +0 -0
  127. data/examples/ruby-on-rails-api/test/models/.keep +0 -0
  128. data/examples/ruby-on-rails-api/test/ping_controller_test.rb +0 -8
  129. data/examples/ruby-on-rails-api/test/secured_ping_controller_test.rb +0 -26
  130. data/examples/ruby-on-rails-api/test/test_helper.rb +0 -16
  131. data/lib/auth0/api/v1/clients.rb +0 -58
  132. data/lib/auth0/api/v1/connections.rb +0 -68
  133. data/lib/auth0/api/v1/logs.rb +0 -43
  134. data/lib/auth0/api/v1/rules.rb +0 -57
  135. data/lib/auth0/api/v1/users.rb +0 -227
  136. data/lib/auth0/api/v1.rb +0 -19
  137. data/publish_rubygem.sh +0 -10
  138. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_change_password/should_trigger_a_password_reset.yml +0 -63
  139. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_incorrect_email.yml +0 -54
  140. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_incorrect_password.yml +0 -54
  141. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_invalid_audience.yml +0 -55
  142. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_login_successfully_with_a_custom_audience.yml +0 -117
  143. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_login_successfully_with_a_default_scope.yml +0 -119
  144. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_saml_metadata/should_retrieve_SAML_metadata.yml +0 -57
  145. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_userinfo/should_fail_as_not_authorized.yml +0 -55
  146. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_userinfo/should_return_the_userinfo.yml +0 -118
  147. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_wsfed_metadata/should_retrieve_WSFED_metadata.yml +0 -55
  148. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/create_test_user.yml +0 -58
  149. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/delete_test_user.yml +0 -54
  150. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Anomaly/_check_if_ip_is_blocked/should_return_200_response_code.yml +0 -65
  151. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Anomaly/_remove_ip_block/should_remove_an_IP_successfully.yml +0 -60
  152. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Blacklists/_add_token_to_blacklist/should_add_a_token_to_the_blacklist.yml +0 -56
  153. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Blacklists/_blacklisted_tokens/should_get_the_added_token_from_the_blacklist.yml +0 -59
  154. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_at_least_1_result.yml +0 -62
  155. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_the_first_page_of_one_result.yml +0 -66
  156. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_the_test_client_grant.yml +0 -62
  157. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_delete_client_grant/should_delete_the_test_client_grant.yml +0 -54
  158. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_patch_client_grant/should_update_the_test_client_grant.yml +0 -64
  159. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/create_test_client.yml +0 -118
  160. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/create_test_client_grant.yml +0 -64
  161. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/delete_test_client.yml +0 -54
  162. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/delete_test_client_grant.yml +0 -54
  163. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/_filters/should_exclude_and_include_fields_properly.yml +0 -91
  164. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/_filters/should_include_the_specified_fields.yml +0 -63
  165. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/should_get_the_test_client.yml +0 -92
  166. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_exclude_fields_not_specified.yml +0 -60
  167. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_exclude_the_specified_fields.yml +0 -132
  168. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_include_the_specified_fields.yml +0 -63
  169. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_paginate_results.yml +0 -65
  170. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/should_get_at_least_one_client.yml +0 -132
  171. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_delete_client/should_delete_the_test_client_without_an_error.yml +0 -54
  172. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_patch_client/should_update_the_client_with_the_correct_attributes.yml +0 -94
  173. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/create_test_client.yml +0 -118
  174. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_exclude_the_fields_indicated.yml +0 -63
  175. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_include_the_fields_indicated.yml +0 -61
  176. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/should_find_the_correct_connection.yml +0 -63
  177. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_include_previously-created_connection_when_filtered.yml +0 -59
  178. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_exclude_the_fields_indicated_from_filtered_results.yml +0 -59
  179. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_include_the_fields_indicated_from_filtered_results.yml +0 -59
  180. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_include_the_previously_created_connection.yml +0 -59
  181. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_not_be_empty.yml +0 -59
  182. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection/should_delete_the_connection.yml +0 -54
  183. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection_user/should_delete_the_user_created.yml +0 -110
  184. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_update_connection/should_update_the_connection.yml +0 -66
  185. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/create_test_connection.yml +0 -65
  186. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/create_test_user.yml +0 -68
  187. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_delete_device_credential/should_delete_the_test_credential_without_an_error.yml +0 -54
  188. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/_filter_by_type/should_exclude_the_test_credential.yml +0 -59
  189. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/should_have_at_least_1_entry.yml +0 -62
  190. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/should_include_the_test_credential.yml +0 -62
  191. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/create_test_credential.yml +0 -62
  192. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/create_test_user.yml +0 -68
  193. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/delete_test_credential.yml +0 -54
  194. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/delete_test_user.yml +0 -54
  195. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_configure_provider/should_configure_a_new_email_provider.yml +0 -63
  196. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_delete_provider/should_delete_the_existing_email_provider_without_an_error.yml +0 -54
  197. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_delete_provider/should_throw_an_error_trying_to_get_the_email_provider.yml +0 -51
  198. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/_filters/should_get_the_existing_email_provider_with_specific_fields.yml +0 -60
  199. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/_filters/should_get_the_existing_email_provider_without_specific_fields.yml +0 -61
  200. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/should_get_the_existing_email_provider.yml +0 -61
  201. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_update_provider/should_update_the_existing_email_provider.yml +0 -63
  202. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/delete_existing_provider.yml +0 -54
  203. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_export_users_and_get_job/should_create_an_export_users_job_successfully.yml +0 -61
  204. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_export_users_and_get_job/should_get_the_export_users_job.yml +0 -117
  205. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_import_users_and_get_job/should_create_an_import_users_job_successfully.yml +0 -60
  206. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_import_users_and_get_job/should_get_the_import_users_job.yml +0 -116
  207. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_create_a_new_verification_email_job.yml +0 -119
  208. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_get_the_completed_verification_email.yml +0 -175
  209. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_reject_an_invalid_client_id.yml +0 -109
  210. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/delete_imported_user.yml +0 -110
  211. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/search_for_connection_id.yml +0 -59
  212. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_log/should_match_the_created_log_entry.yml +0 -265
  213. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_log/should_not_be_empty.yml +0 -265
  214. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_exclude_fields_not_specified.yml +0 -61
  215. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_exclude_the_specified_fields.yml +0 -75
  216. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_have_one_log_entry.yml +0 -76
  217. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_include_the_specified_fields.yml +0 -62
  218. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_from/should_take_one_log_entry.yml +0 -258
  219. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/create_test_user.yml +0 -68
  220. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_disabled_rule.yml +0 -54
  221. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_enabled_rule.yml +0 -54
  222. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_user.yml +0 -54
  223. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_delete_resource_server/should_delete_the_test_server_without_an_error.yml +0 -54
  224. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_patch_resource_server/should_update_the_resource_server_with_the_correct_attributes.yml +0 -61
  225. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_server/should_get_the_test_server.yml +0 -59
  226. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_get_the_test_server.yml +0 -59
  227. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_return_at_least_1_result.yml +0 -59
  228. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_return_the_first_page_of_one_result.yml +0 -64
  229. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/create_test_server.yml +0 -61
  230. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/delete_test_server.yml +0 -54
  231. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_add_role_permissions/should_add_a_Permission_to_the_Role_successfully.yml +0 -69
  232. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_add_role_users/should_add_a_User_to_the_Role_successfully.yml +0 -69
  233. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_delete_role/should_delete_the_Role_successfully.yml +0 -62
  234. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role/should_get_the_Role_successfully.yml +0 -67
  235. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_permissions/should_get_exactly_1_Permission.yml +0 -67
  236. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_permissions/should_get_the_added_Permission_from_the_Role_successfully.yml +0 -67
  237. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_users/should_get_exactly_1_User.yml +0 -67
  238. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_users/should_get_the_added_User_from_the_Role_successfully.yml +0 -67
  239. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_roles/should_get_the_Role_successfully.yml +0 -67
  240. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_remove_role_permissions/should_remove_a_Permission_from_the_Role_successfully.yml +0 -64
  241. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_update_role/should_update_the_Role_successfully.yml +0 -69
  242. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_api.yml +0 -69
  243. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_role.yml +0 -69
  244. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_user.yml +0 -69
  245. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/delete_test_api.yml +0 -62
  246. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/delete_test_user.yml +0 -62
  247. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_delete_rule/should_delete_the_test_disabled_rule_without_an_error.yml +0 -54
  248. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_delete_rule/should_delete_the_test_enabled_rule_without_an_error.yml +0 -54
  249. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_exclude_the_fields_not_specified.yml +0 -62
  250. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_exclude_the_specified_fields.yml +0 -62
  251. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_include_the_specified_fields.yml +0 -61
  252. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/should_get_a_specific_rule.yml +0 -62
  253. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_exclude_fields_not_specified.yml +0 -60
  254. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_include_the_specified_fields.yml +0 -61
  255. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_at_least_1_disabled_rule.yml +0 -63
  256. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_at_least_1_enabled_rule.yml +0 -62
  257. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_paginated_results.yml +0 -128
  258. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/should_return_at_least_1_rule.yml +0 -64
  259. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_update_rule/should_update_the_disabled_rule_to_be_enabled.yml +0 -64
  260. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/create_test_disabled_rule.yml +0 -65
  261. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/create_test_enabled_rule.yml +0 -65
  262. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Stats/_active_users/should_have_at_least_one_active_user.yml +0 -59
  263. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Stats/_daily_stats/should_have_at_least_one_stats_entry_for_the_timeframe.yml +0 -63
  264. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings/should_get_the_tenant_settings.yml +0 -95
  265. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings_with_specific_fields/should_exclude_a_field_not_requested.yml +0 -61
  266. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings_with_specific_fields/should_include_the_field_requested.yml +0 -61
  267. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_revert_the_tenant_name.yml +0 -96
  268. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_update_the_tenant_settings_with_a_new_tenant_name.yml +0 -96
  269. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/_post_email_verification/should_create_an_email_verification_ticket.yml +0 -63
  270. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/_post_password_change/should_create_a_password_change_ticket.yml +0 -63
  271. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/create_test_user.yml +0 -68
  272. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/delete_test_user.yml +0 -54
  273. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_permissions/should_add_a_Permissions_for_a_User_successfully.yml +0 -67
  274. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_roles/should_add_a_Role_to_a_User_successfully.yml +0 -62
  275. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user/should_delete_the_User_successfully.yml +0 -60
  276. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user/should_delete_the_secondary_User_successfully.yml +0 -60
  277. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user_provider/should_attempt_to_delete_the_MFA_provider_for_the_User.yml +0 -60
  278. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_enrollments/should_get_Enrollments_for_a_User_successfully.yml +0 -65
  279. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_permissions/should_get_exactly_1_Permission_for_a_User_successfully.yml +0 -65
  280. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_permissions/should_get_the_correct_Permission_for_a_User_successfully.yml +0 -65
  281. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_roles/should_get_Roles_for_a_User_successfully.yml +0 -65
  282. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_invalidate_browsers/should_invalidate_MFA_browsers_for_the_User_successfully.yml +0 -62
  283. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_link_user_account/should_link_two_Users_successfully.yml +0 -67
  284. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_patch_user/should_patch_the_User_successfully.yml +0 -68
  285. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_remove_user_permissions/should_remove_a_Permission_from_a_User_successfully.yml +0 -62
  286. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_remove_user_roles/should_remove_a_Role_from_a_User_successfully.yml +0 -62
  287. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_unlink_user_account/should_unlink_two_Users_successfully.yml +0 -65
  288. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_exclude_fields_not_indicated.yml +0 -65
  289. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_exclude_the_fields_indicated.yml +0 -65
  290. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_include_the_fields_indicated.yml +0 -65
  291. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/should_retrieve_the_created_user.yml +0 -65
  292. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user_logs/should_get_Logs_for_a_User_successfully.yml +0 -69
  293. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/is_expected_to_find_a_user_with_a_v2_search_engine_query.yml +0 -65
  294. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/is_expected_to_find_a_user_with_a_v3_search_engine_query.yml +0 -65
  295. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_exclude_the_indicated_fields_when_paginated.yml +0 -65
  296. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_include_the_indicated_fields_when_paginated.yml +0 -65
  297. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_not_include_other_fields_when_paginated.yml +0 -65
  298. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_return_the_correct_number_of_results_when_paginated.yml +0 -65
  299. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/should_have_at_least_one_user.yml +0 -65
  300. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_secondary_test_user.yml +0 -67
  301. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_api.yml +0 -67
  302. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_role.yml +0 -67
  303. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_user.yml +0 -67
  304. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/delete_test_api.yml +0 -60
  305. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/delete_test_role.yml +0 -60
  306. data/spec/integration/lib/auth0/api/api_authentication_spec.rb +0 -120
  307. data/spec/integration/lib/auth0/api/v2/api_anomaly_spec.rb +0 -17
  308. data/spec/integration/lib/auth0/api/v2/api_blacklist_spec.rb +0 -27
  309. data/spec/integration/lib/auth0/api/v2/api_client_grants_spec.rb +0 -75
  310. data/spec/integration/lib/auth0/api/v2/api_clients_spec.rb +0 -166
  311. data/spec/integration/lib/auth0/api/v2/api_connections_spec.rb +0 -159
  312. data/spec/integration/lib/auth0/api/v2/api_device_credentials_spec.rb +0 -128
  313. data/spec/integration/lib/auth0/api/v2/api_email_spec.rb +0 -117
  314. data/spec/integration/lib/auth0/api/v2/api_jobs_spec.rb +0 -124
  315. data/spec/integration/lib/auth0/api/v2/api_logs_spec.rb +0 -91
  316. data/spec/integration/lib/auth0/api/v2/api_resource_servers_spec.rb +0 -130
  317. data/spec/integration/lib/auth0/api/v2/api_roles_spec.rb +0 -145
  318. data/spec/integration/lib/auth0/api/v2/api_rules_spec.rb +0 -177
  319. data/spec/integration/lib/auth0/api/v2/api_stats_spec.rb +0 -22
  320. data/spec/integration/lib/auth0/api/v2/api_tenants_spec.rb +0 -59
  321. data/spec/integration/lib/auth0/api/v2/api_tickets_spec.rb +0 -59
  322. data/spec/integration/lib/auth0/api/v2/api_user_blocks_spec.rb +0 -73
  323. data/spec/integration/lib/auth0/api/v2/api_users_spec.rb +0 -300
  324. data/spec/integration/lib/auth0/auth0_client_spec.rb +0 -90
  325. data/spec/lib/auth0/api/authentication_endpoints_spec.rb +0 -703
  326. data/spec/lib/auth0/api/v2/anomaly_spec.rb +0 -26
  327. data/spec/lib/auth0/api/v2/blacklists_spec.rb +0 -25
  328. data/spec/lib/auth0/api/v2/client_grants_spec.rb +0 -76
  329. data/spec/lib/auth0/api/v2/clients_spec.rb +0 -104
  330. data/spec/lib/auth0/api/v2/connections_spec.rb +0 -140
  331. data/spec/lib/auth0/api/v2/device_credentials_spec.rb +0 -73
  332. data/spec/lib/auth0/api/v2/emails_spec.rb +0 -47
  333. data/spec/lib/auth0/api/v2/guardian_spec.rb +0 -154
  334. data/spec/lib/auth0/api/v2/jobs_spec.rb +0 -128
  335. data/spec/lib/auth0/api/v2/log_streams_spec.rb +0 -84
  336. data/spec/lib/auth0/api/v2/logs_spec.rb +0 -48
  337. data/spec/lib/auth0/api/v2/prompts_spec.rb +0 -88
  338. data/spec/lib/auth0/api/v2/resource_servers_spec.rb +0 -86
  339. data/spec/lib/auth0/api/v2/roles_spec.rb +0 -362
  340. data/spec/lib/auth0/api/v2/rules_spec.rb +0 -95
  341. data/spec/lib/auth0/api/v2/stats_spec.rb +0 -22
  342. data/spec/lib/auth0/api/v2/tenants_spec.rb +0 -26
  343. data/spec/lib/auth0/api/v2/tickets_spec.rb +0 -63
  344. data/spec/lib/auth0/api/v2/user_blocks_spec.rb +0 -52
  345. data/spec/lib/auth0/api/v2/users_by_email_spec.rb +0 -21
  346. data/spec/lib/auth0/api/v2/users_spec.rb +0 -542
  347. data/spec/lib/auth0/client_spec.rb +0 -153
  348. data/spec/lib/auth0/mixins/httpproxy_spec.rb +0 -304
  349. data/spec/lib/auth0/mixins/initializer_spec.rb +0 -30
  350. data/spec/lib/auth0/mixins/validation_spec.rb +0 -466
  351. data/spec/spec_helper.rb +0 -63
  352. data/spec/support/credentials.rb +0 -30
  353. data/spec/support/dummy_class.rb +0 -18
  354. data/spec/support/dummy_class_for_proxy.rb +0 -5
  355. data/spec/support/dummy_class_for_restclient.rb +0 -2
  356. data/spec/support/import_users.json +0 -13
  357. data/spec/support/stub_response.rb +0 -1
@@ -2,42 +2,53 @@
2
2
  # rubocop:disable Metrics/ModuleLength
3
3
 
4
4
  require 'jwt'
5
+ require_relative '../client_assertion'
5
6
 
6
7
  module Auth0
7
8
  module Api
8
9
  # {https://auth0.com/docs/api/authentication}
9
10
  # Methods to use the Authentication API
10
11
  module AuthenticationEndpoints
12
+ include Auth0::ClientAssertion
13
+
11
14
  UP_AUTH = 'Username-Password-Authentication'.freeze
12
15
  JWT_BEARER = 'urn:ietf:params:oauth:grant-type:jwt-bearer'.freeze
16
+ GRANT_TYPE_PASSWORDLESS_OPT = 'http://auth0.com/oauth/grant-type/passwordless/otp'.freeze
13
17
 
14
18
  # Request an API access token using a Client Credentials grant
15
19
  # @see https://auth0.com/docs/api-auth/tutorials/client-credentials
20
+ # @param client_id [string] Client ID for the application
21
+ # @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
16
22
  # @param audience [string] API audience to use
23
+ # @param organization [string] Organization ID
17
24
  # @return [json] Returns the API token
18
25
  def api_token(
19
26
  client_id: @client_id,
20
27
  client_secret: @client_secret,
21
- audience: "https://#{@domain}/api/v2/"
28
+ organization: @organization,
29
+ audience: nil
22
30
  )
23
31
  request_params = {
24
32
  grant_type: 'client_credentials',
25
33
  client_id: client_id,
26
- client_secret: client_secret,
27
- audience: audience
34
+ audience: audience,
35
+ organization: organization
28
36
  }
29
- response = post('/oauth/token', request_params)
30
- ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
37
+
38
+ populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
39
+
40
+ response = request_with_retry(:post, '/oauth/token', request_params)
41
+ ::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
31
42
  end
32
43
 
33
44
  # Get access and ID tokens using an Authorization Code.
34
45
  # @see https://auth0.com/docs/api/authentication#authorization-code
35
46
  # @param code [string] The authentication code obtained from /authorize
36
47
  # @param redirect_uri [string] URL to redirect to after authorization.
48
+ # @param client_id [string] Client ID for the application
49
+ # @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
37
50
  # Required only if it was set at the GET /authorize endpoint
38
- # @param client_id [string] Client ID for the Application
39
- # @param client_secret [string] Client Secret for the Application.
40
- # @return [AccessToken] Returns the access_token and id_token
51
+ # @return [Auth0::AccessToken] Returns the access_token and id_token
41
52
  def exchange_auth_code_for_tokens(
42
53
  code,
43
54
  redirect_uri: nil,
@@ -48,23 +59,25 @@ module Auth0
48
59
 
49
60
  request_params = {
50
61
  grant_type: 'authorization_code',
51
- client_id: client_id,
52
- client_secret: client_secret,
62
+ client_id: client_id,
53
63
  code: code,
54
64
  redirect_uri: redirect_uri
55
65
  }
56
- AccessToken.from_response post('/oauth/token', request_params)
66
+
67
+ populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
68
+
69
+ ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
57
70
  end
58
71
 
59
72
  # Get access and ID tokens using a refresh token.
60
73
  # @see https://auth0.com/docs/api/authentication#refresh-token
61
74
  # @param refresh_token [string] Refresh token to use. Request this with
62
75
  # the offline_access scope when logging in.
63
- # @param client_id [string] Client ID for the Application
64
- # @param client_secret [string] Client Secret for the Application.
76
+ # @param client_id [string] Client ID for the application
77
+ # @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
65
78
  # Required when the Application's Token Endpoint Authentication Method
66
79
  # is Post or Basic.
67
- # @return [AccessToken] Returns tokens allowed in the refresh_token
80
+ # @return [Auth0::AccessToken] Returns tokens allowed in the refresh_token
68
81
  def exchange_refresh_token(
69
82
  refresh_token,
70
83
  client_id: @client_id,
@@ -75,10 +88,54 @@ module Auth0
75
88
  request_params = {
76
89
  grant_type: 'refresh_token',
77
90
  client_id: client_id,
78
- client_secret: client_secret,
79
91
  refresh_token: refresh_token
80
92
  }
81
- AccessToken.from_response post('/oauth/token', request_params)
93
+
94
+ populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
95
+
96
+ ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
97
+ end
98
+
99
+ # Exchange an OTP recieved through SMS for ID and access tokens
100
+ # @param phone_number [string] The user's phone number used to receive the OTP
101
+ # @param otp [string] The OTP contained in the SMS
102
+ # @param audience [string] The audience for the access token (defaults to nil)
103
+ # @param scope [string] The scope (defaults to 'openid profile email')
104
+ def exchange_sms_otp_for_tokens(phone_number, otp, audience: nil, scope: nil)
105
+ request_params = {
106
+ grant_type: GRANT_TYPE_PASSWORDLESS_OPT,
107
+ client_id: @client_id,
108
+ username: phone_number,
109
+ otp: otp,
110
+ realm: 'sms',
111
+ audience: audience,
112
+ scope: scope || 'openid profile email'
113
+ }
114
+
115
+ populate_client_assertion_or_secret(request_params)
116
+
117
+ ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
118
+ end
119
+
120
+ # Exchange an OTP recieved through email for ID and access tokens
121
+ # @param email_address [string] The user's email address used to receive the OTP
122
+ # @param otp [string] The OTP contained in the email
123
+ # @param audience [string] The audience for the access token (defaults to nil)
124
+ # @param scope [string] The scope (defaults to 'openid profile email')
125
+ def exchange_email_otp_for_tokens(email_address, otp, audience: nil, scope: nil)
126
+ request_params = {
127
+ grant_type: GRANT_TYPE_PASSWORDLESS_OPT,
128
+ client_id: @client_id,
129
+ username: email_address,
130
+ otp: otp,
131
+ realm: 'email',
132
+ audience: audience,
133
+ scope: scope || 'openid profile email'
134
+ }
135
+
136
+ populate_client_assertion_or_secret(request_params)
137
+
138
+ ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
82
139
  end
83
140
 
84
141
  # rubocop:disable Metrics/ParameterLists
@@ -87,8 +144,8 @@ module Auth0
87
144
  # @see https://auth0.com/docs/api/authentication#resource-owner-password
88
145
  # @param login_name [string] Email or username for the connection
89
146
  # @param password [string] Password
90
- # @param client_id [string] Client ID from Application settings
91
- # @param client_secret [string] Client Secret from Application settings
147
+ # @param client_id [string] Client ID for the application
148
+ # @param client_secret [string] Client secret for the application. Ignored if using Client Assertion
92
149
  # @param realm [string] Specific realm to authenticate against
93
150
  # @param audience [string] API audience
94
151
  # @param scope [string] Scope(s) requested
@@ -112,13 +169,15 @@ module Auth0
112
169
  username: login_name,
113
170
  password: password,
114
171
  client_id: client_id,
115
- client_secret: client_secret,
116
172
  realm: realm,
117
173
  scope: scope,
118
174
  audience: audience,
119
175
  grant_type: realm ? 'http://auth0.com/oauth/grant-type/password-realm' : 'password'
120
176
  }
121
- AccessToken.from_response post('/oauth/token', request_params)
177
+
178
+ populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret)
179
+
180
+ ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
122
181
  end
123
182
  # rubocop:enable Metrics/ParameterLists
124
183
 
@@ -138,16 +197,18 @@ module Auth0
138
197
  connection: connection_name,
139
198
  client_id: @client_id
140
199
  }
141
- post('/dbconnections/signup', request_params)
200
+
201
+ request_with_retry(:post, '/dbconnections/signup', request_params)
142
202
  end
143
203
 
144
204
  # Change a user's password or trigger a password reset email.
145
205
  # @see https://auth0.com/docs/api/authentication#change-password
146
206
  # @see https://auth0.com/docs/connections/database/password-change
147
207
  # @param email [string] User's current email
148
- # @param password [string] User's new password; empty to trigger a
149
- # password reset email
208
+ # @param password [string] User's new password. This is only available
209
+ # on legacy tenants with change password v1 flow enabled
150
210
  # @param connection_name [string] Database connection name
211
+ # @deprecated Use {#reset_password} instead.
151
212
  def change_password(email, password, connection_name = UP_AUTH)
152
213
  raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
153
214
 
@@ -157,7 +218,27 @@ module Auth0
157
218
  connection: connection_name,
158
219
  client_id: @client_id
159
220
  }
160
- post('/dbconnections/change_password', request_params)
221
+
222
+ request_with_retry(:post, '/dbconnections/change_password', request_params)
223
+ end
224
+
225
+ # Trigger a password reset email.
226
+ # @see https://auth0.com/docs/api/authentication#change-password
227
+ # @see https://auth0.com/docs/connections/database/password-change
228
+ # @param email [string] User's current email
229
+ # @param connection_name [string] Database connection name
230
+ # @param client_id [string] Client ID override (to allow forwarding
231
+ # to a different application's login URI on password reset success page)
232
+ def reset_password(email, connection_name = UP_AUTH, client_id = @client_id)
233
+ raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
234
+
235
+ request_params = {
236
+ email: email,
237
+ connection: connection_name,
238
+ client_id: client_id
239
+ }
240
+
241
+ request_with_retry(:post, '/dbconnections/change_password', request_params)
161
242
  end
162
243
 
163
244
  # Start Passwordless email login flow.
@@ -175,9 +256,11 @@ module Auth0
175
256
  authParams: auth_params,
176
257
  connection: 'email',
177
258
  client_id: @client_id,
178
- client_secret: @client_secret
179
259
  }
180
- post('/passwordless/start', request_params)
260
+
261
+ populate_client_assertion_or_secret(request_params)
262
+
263
+ request_with_retry(:post, '/passwordless/start', request_params)
181
264
  end
182
265
 
183
266
  # Start Passwordless SMS login flow.
@@ -191,36 +274,38 @@ module Auth0
191
274
  phone_number: phone_number,
192
275
  connection: 'sms',
193
276
  client_id: @client_id,
194
- client_secret: @client_secret
195
277
  }
196
- post('/passwordless/start', request_params)
278
+
279
+ populate_client_assertion_or_secret(request_params)
280
+
281
+ request_with_retry(:post, '/passwordless/start', request_params)
197
282
  end
198
283
 
199
284
  # Retrive SAML 2.0 metadata XML for an Application.
200
285
  # @see https://auth0.com/docs/api/authentication#get-metadata
201
286
  # @return [xml] SAML 2.0 metadata
202
287
  def saml_metadata
203
- get("/samlp/metadata/#{@client_id}")
288
+ request_with_retry(:get, "/samlp/metadata/#{@client_id}")
204
289
  end
205
290
 
206
291
  # Retrieve WS-Federation metadata XML for a tenant.
207
292
  # @see https://auth0.com/docs/api/authentication#get-metadata36
208
293
  # @return [xml] WS-Federation metadata
209
294
  def wsfed_metadata
210
- get('/wsfed/FederationMetadata/2007-06/FederationMetadata.xml')
295
+ request_with_retry(:get, '/wsfed/FederationMetadata/2007-06/FederationMetadata.xml')
211
296
  end
212
297
 
213
298
  # Return the user information based on the Auth0 access token.
214
299
  # @see https://auth0.com/docs/api/authentication#get-user-info
215
300
  # @return [json] User information based on the Auth0 access token
216
301
  def userinfo(access_token)
217
- get('/userinfo', {}, 'Authorization' => "Bearer #{access_token}")
302
+ request_with_retry(:get, '/userinfo', {}, 'Authorization' => "Bearer #{access_token}")
218
303
  end
219
304
 
220
305
  # Return an authorization URL.
221
306
  # @see https://auth0.com/docs/api/authentication#authorization-code-grant
222
307
  # @param redirect_uri [string] URL to redirect after authorization
223
- # @param options [hash] Can contain response_type, connection, state and additional_parameters.
308
+ # @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
224
309
  # @return [url] Authorization URL.
225
310
  def authorization_url(redirect_uri, options = {})
226
311
  raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
@@ -231,12 +316,29 @@ module Auth0
231
316
  connection: options.fetch(:connection, nil),
232
317
  redirect_uri: redirect_uri,
233
318
  state: options.fetch(:state, nil),
234
- scope: options.fetch(:scope, nil)
319
+ scope: options.fetch(:scope, nil),
320
+ organization: options.fetch(:organization, @organization),
321
+ invitation: options.fetch(:invitation, nil)
235
322
  }.merge(options.fetch(:additional_parameters, {}))
236
323
 
237
324
  URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
238
325
  end
239
326
 
327
+ # Return an authorization URL for PAR requests
328
+ # @see https://www.rfc-editor.org/rfc/rfc9126.html
329
+ # @param request_uri [string] The request_uri as obtained by calling `pushed_authorization_request`
330
+ # @param additional_parameters Any additional parameters to send
331
+ def par_authorization_url(request_uri)
332
+ raise Auth0::InvalidParameter, 'Must supply a valid request_uri' if request_uri.to_s.empty?
333
+
334
+ request_params = {
335
+ client_id: @client_id,
336
+ request_uri: request_uri,
337
+ }
338
+
339
+ URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
340
+ end
341
+
240
342
  # Returns an Auth0 logout URL with a return URL.
241
343
  # @see https://auth0.com/docs/api/authentication#logout
242
344
  # @see https://auth0.com/docs/logout
@@ -258,6 +360,28 @@ module Auth0
258
360
  )
259
361
  end
260
362
 
363
+ # Make a request to the PAR endpoint and receive a `request_uri` to send to the '/authorize' endpoint.
364
+ # @see https://auth0.com/docs/api/authentication#authorization-code-grant
365
+ # @param redirect_uri [string] URL to redirect after authorization
366
+ # @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
367
+ # @return [url] Authorization URL.
368
+ def pushed_authorization_request(parameters = {})
369
+ request_params = {
370
+ client_id: @client_id,
371
+ response_type: parameters.fetch(:response_type, 'code'),
372
+ connection: parameters.fetch(:connection, nil),
373
+ redirect_uri: parameters.fetch(:redirect_uri, nil),
374
+ state: parameters.fetch(:state, nil),
375
+ scope: parameters.fetch(:scope, nil),
376
+ organization: parameters.fetch(:organization, nil),
377
+ invitation: parameters.fetch(:invitation, nil)
378
+ }.merge(parameters.fetch(:additional_parameters, {}))
379
+
380
+ populate_client_assertion_or_secret(request_params)
381
+
382
+ request_with_retry(:post_form, '/oauth/par', request_params, {})
383
+ end
384
+
261
385
  # Return a SAMLP URL.
262
386
  # The SAML Request AssertionConsumerServiceURL will be used to POST back
263
387
  # the assertion and it must match with the application callback URL.
@@ -292,225 +416,11 @@ module Auth0
292
416
  )
293
417
  end
294
418
 
295
- #
296
- # DEPRECATED
297
- #
298
-
299
- # Retrieve an access token.
300
- # @deprecated 4.6.0 - Use the api_token method instead.
301
- # @see https://auth0.com/docs/api/authentication#client-credentials
302
- # @param access_token [string] Social provider's access_token
303
- # @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
304
- # @return [json] Returns the access token
305
- def obtain_access_token(access_token = nil, connection = 'facebook', scope = 'openid')
306
- if access_token
307
- request_params = { client_id: @client_id, access_token: access_token, connection: connection, scope: scope }
308
- post('/oauth/access_token', request_params)['access_token']
309
- else
310
- request_params = { client_id: @client_id, client_secret: @client_secret, grant_type: 'client_credentials' }
311
- post('/oauth/token', request_params)['access_token']
312
- end
313
- end
314
-
315
- # Get access and ID tokens using an Authorization Code.
316
- # @deprecated 4.6.0 - Use the exchange_auth_code_for_tokens method instead.
317
- # @see https://auth0.com/docs/api/authentication#authorization-code
318
- # @param code [string] The access code obtained through passive authentication
319
- # @param redirect_uri [string] Url to redirect after authorization
320
- # @param connection [string] Currently, this endpoint only works for Facebook, Google, Twitter and Weibo
321
- # @param scope [string] Defaults to openid. Can be 'openid name email', 'openid offline_access'
322
- # @return [json] Returns the access_token and id_token
323
- def obtain_user_tokens(code, redirect_uri, connection = 'facebook', scope = 'openid')
324
- raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
325
- raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
326
-
327
- request_params = {
328
- client_id: @client_id,
329
- client_secret: @client_secret,
330
- connection: connection,
331
- grant_type: 'authorization_code',
332
- code: code,
333
- scope: scope,
334
- redirect_uri: redirect_uri
335
- }
336
- post('/oauth/token', request_params)
337
- end
338
-
339
- # Get access and ID tokens using Resource Owner Password.
340
- # @deprecated 4.6.0 - Use the login_with_resource_owner method instead.
341
- # @see https://auth0.com/docs/api/authentication#resource-owner-password
342
- # @param username [string] Username or email
343
- # @param password [string] Password
344
- # @param id_token [string] Token's id
345
- # @param connection_name [string] Connection name; use a database or
346
- # passwordless connection, Active Directory/LDAP, Windows Azure or ADF
347
- # @param options [hash] Additional options - :scope, :grant_type, :device
348
- # @return [json] Returns the access_token and id_token
349
- def login(username, password, id_token = nil, connection_name = UP_AUTH, options = {})
350
- raise Auth0::InvalidParameter, 'Must supply a valid username' if username.to_s.empty?
351
- raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
352
-
353
- request_params = {
354
- client_id: @client_id,
355
- client_secret: @client_secret,
356
- username: username,
357
- password: password,
358
- scope: options.fetch(:scope, 'openid'),
359
- connection: connection_name,
360
- grant_type: options.fetch(:grant_type, 'password'),
361
- id_token: id_token,
362
- device: options.fetch(:device, nil)
363
- }
364
- post('/oauth/token', request_params)
365
- end
366
-
367
- # Return the user information based on the Auth0 access token.
368
- # @deprecated 4.6.0 - Use the userinfo method instead.
369
- # @see https://auth0.com/docs/api/authentication#get-user-info
370
- # @return [json] User information based on the Auth0 access token
371
- def user_info
372
- get('/userinfo')
373
- end
374
-
375
- # Login using phone number + verification code.
376
- # @deprecated 4.5.0 - Legacy authentication pipeline; use a Password Grant
377
- # instead - https://auth0.com/docs/api-auth/tutorials/password-grant
378
- # @see https://auth0.com/docs/api/authentication#resource-owner
379
- # @param phone_number [string] User's phone number.
380
- # @param code [string] Verification code.
381
- # @return [json] Returns the access token and id token
382
- def phone_login(phone_number, code, scope = 'openid')
383
- raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty?
384
- raise Auth0::InvalidParameter, 'Must supply a valid code' if code.to_s.empty?
385
-
386
- request_params = {
387
- client_id: @client_id,
388
- username: phone_number,
389
- password: code,
390
- scope: scope,
391
- connection: 'sms',
392
- grant_type: 'password'
393
- }
394
- post('/oauth/ro', request_params)
395
- end
396
-
397
- # Validate a JSON Web Token (signature and expiration).
398
- # @deprecated 4.5.0 - Legacy endpoint, use /userinfo instead.
399
- # @see https://auth0.com/docs/api/authentication#get-token-info
400
- # @param id_token [string] ID Token to use
401
- # @return User information associated with the user id (sub property) of the token.
402
- def token_info(id_token)
403
- raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
404
-
405
- request_params = { id_token: id_token }
406
- post('/tokeninfo', request_params)
407
- end
408
-
409
- # Refresh a delegation token.
410
- # @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
411
- # https://auth0.com/docs/api-auth/tutorials/adoption/delegation
412
- # @see https://auth0.com/docs/api/authentication#delegation
413
- # @param refresh_token [string] Token to refresh
414
- # @param target [string] Target to sign the new token.
415
- # @param scope [string] Defaults to openid. Can be 'openid name email'.
416
- # @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
417
- # salesforce_sandbox_api, sap_api or wams
418
- # @param extra_parameters [hash] Extra parameters.
419
- # @return [json] Returns the refreshed delegation token
420
- def refresh_delegation(refresh_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
421
- raise Auth0::InvalidParameter, 'Must supply a valid token to refresh' if refresh_token.to_s.empty?
422
-
423
- request_params = {
424
- client_id: @client_id,
425
- grant_type: JWT_BEARER,
426
- refresh_token: refresh_token,
427
- target: target,
428
- api_type: api_type,
429
- scope: scope
430
- }.merge(extra_parameters)
431
- post('/delegation', request_params)
432
- end
433
-
434
- # Retrieve a delegation token.
435
- # @deprecated 4.5.0 - Feature is disabled, no replacement currently; see
436
- # https://auth0.com/docs/api-auth/tutorials/adoption/delegation
437
- # @see https://auth0.com/docs/api/authentication#delegation
438
- # @param id_token [string] Token's id.
439
- # @param target [string] Target to sign the new token.
440
- # @param scope [string] Defaults to openid. Can be 'openid name email'.
441
- # @param api_type [string] Defaults to app. Can be aws, azure_sb, azure_blob, firebase, layer, salesforce_api,
442
- # salesforce_sandbox_api, sap_api or wams
443
- # @param extra_parameters [hash] Extra parameters.
444
- # @return [json] Returns the refreshed delegation token
445
- def delegation(id_token, target, scope = 'openid', api_type = 'app', extra_parameters = {})
446
- raise Auth0::InvalidParameter, 'Must supply a valid id_token' if id_token.to_s.empty?
447
-
448
- request_params = {
449
- client_id: @client_id,
450
- grant_type: JWT_BEARER,
451
- id_token: id_token,
452
- target: target,
453
- api_type: api_type,
454
- scope: scope
455
- }.merge(extra_parameters)
456
- post('/delegation', request_params)
457
- end
458
-
459
- # Retrieve an impersonation URL to login as another user.
460
- # @deprecated 4.5.0 - Feature is disabled.
461
- # @see https://auth0.com/docs/api/authentication#impersonation
462
- # @param user_id [string] Impersonate user id
463
- # @param app_client_id [string] Application client id
464
- # @param impersonator_id [string] Impersonator user id id.
465
- # @param options [string] Additional Parameters
466
- # @return [string] Impersonation URL
467
- # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
468
- def impersonate(user_id, app_client_id, impersonator_id, options)
469
- raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
470
- raise Auth0::InvalidParameter, 'Must supply a valid app_client_id' if app_client_id.to_s.empty?
471
- raise Auth0::InvalidParameter, 'Must supply a valid impersonator_id' if impersonator_id.to_s.empty?
472
- raise Auth0::MissingParameter, 'Must supply client_secret' if @client_secret.nil?
473
-
474
- authorization_header obtain_access_token
475
- request_params = {
476
- protocol: options.fetch(:protocol, 'oauth2'),
477
- impersonator_id: impersonator_id,
478
- client_id: app_client_id,
479
- additionalParameters: {
480
- response_type: options.fetch(:response_type, 'code'),
481
- state: options.fetch(:state, ''),
482
- scope: options.fetch(:scope, 'openid'),
483
- callback_url: options.fetch(:callback_url, '')
484
- }
485
- }
486
- result = post("/users/#{user_id}/impersonate", request_params)
487
- authorization_header @token
488
- result
489
- end
490
- # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
491
-
492
- # Unlink a user's account from the identity provider.
493
- # @deprecated 4.5.0 - Endpoint is disabled in favor of the Management API;
494
- # see https://auth0.com/docs/migrations/guides/account-linking
495
- # @see https://auth0.com/docs/api/authentication#unlink
496
- # @param access_token [string] Logged-in user access token
497
- # @param user_id [string] User Id
498
- def unlink_user(access_token, user_id)
499
- raise Auth0::InvalidParameter, 'Must supply a valid access_token' if access_token.to_s.empty?
500
- raise Auth0::InvalidParameter, 'Must supply a valid user_id' if user_id.to_s.empty?
501
-
502
- request_params = {
503
- access_token: access_token,
504
- user_id: user_id
505
- }
506
- post('/unlink', request_params)
507
- end
508
-
509
419
  # Validate an ID token (signature and expiration).
510
420
  # @see https://auth0.com/docs/tokens/guides/validate-id-tokens
511
421
  # @param id_token [string] The JWT to validate.
512
422
  # @param algorithm [JWKAlgorithm] The expected signing algorithm.
513
- # Defaults to +Auth0::Algorithm::RS256.jwks_url("https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json", lifetime: 10 * 60)+.
423
+
514
424
  # @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
515
425
  # Must be a non-negative value. Defaults to *60 seconds*.
516
426
  # @param nonce [string] The nonce value sent during authentication.
@@ -520,8 +430,10 @@ module Auth0
520
430
  # Defaults to +https://YOUR_AUTH0_DOMAIN/+.
521
431
  # @param audience [string] The expected audience claim value.
522
432
  # Defaults to your *Auth0 Client ID*.
433
+ # @param organization [string] Organization ID
434
+ # Defaults to your *Auth0 Organization ID*.
523
435
  # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
524
- def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
436
+ def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization)
525
437
  context = {
526
438
  issuer: issuer || "https://#{@domain}/",
527
439
  audience: audience || @client_id,
@@ -531,6 +443,7 @@ module Auth0
531
443
 
532
444
  context[:nonce] = nonce unless nonce.nil?
533
445
  context[:max_age] = max_age unless max_age.nil?
446
+ context[:organization] = organization unless !organization
534
447
 
535
448
  Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
536
449
  end