RubyGems - auth0 - Versions diffs - 4.4.0 → 5.1.2 - Mend

auth0 4.4.0 → 5.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

data/spec/lib/auth0/mixins/validation_spec.rb ADDED Viewed

@@ -0,0 +1,498 @@
+# rubocop:disable Metrics/BlockLength
+require 'spec_helper'
+RSA_PUB_KEY_JWK_1 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-1' }.freeze
+RSA_PUB_KEY_JWK_2 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-2' }.freeze
+JWKS_RESPONSE_1 = { 'keys': [RSA_PUB_KEY_JWK_1] }.freeze
+JWKS_RESPONSE_2 = { 'keys': [RSA_PUB_KEY_JWK_2] }.freeze
+JWKS_URL = 'https://tokens-test.auth0.com/.well-known/jwks.json'.freeze
+HMAC_SHARED_SECRET = 'secret'.freeze
+LEEWAY = 60
+CLOCK = 1587592561 # Apr 22 2020 21:56:01 UTC
+CONTEXT = { algorithm: Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET), leeway: LEEWAY, audience: 'tokens-test-123', issuer: 'https://tokens-test.auth0.com/', clock: CLOCK }.freeze
+describe Auth0::Mixins::Validation::IdTokenValidator do
+  subject { @instance }
+  context 'instance' do
+    it 'is expected respond to :validate' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new({})
+      expect(instance).to respond_to(:validate)
+    end
+  end
+  context 'ID token decoding' do
+    expected_error = 'ID token could not be decoded'
+    instance = Auth0::Mixins::Validation::IdTokenValidator.new({})
+    it 'is expected to raise an error with a nil id_token' do
+      expect { instance.validate(nil) }.to raise_exception(expected_error)
+    end
+    it 'is expected to raise an error with an empty id_token' do
+      expect { instance.validate('') }.to raise_exception(expected_error)
+    end
+    it 'is expected to raise an error with an invalid format' do
+      expect { instance.validate('a.b') }.to raise_exception(expected_error)
+      expect { instance.validate('a.b.') }.to raise_exception(expected_error)
+      expect { instance.validate('a.b.c.d') }.to raise_exception(expected_error)
+    end
+    it 'is expected to raise an error with an invalid encoding' do
+      expect { instance.validate('a.b.c') }.to raise_exception(expected_error)
+    end
+  end
+  context 'algorithm verification' do
+    token = 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.Hn38QVtN_mWN0c-jOa-Fqq69kXpbBp0THsvE-CQ47Ps'
+    it 'is expected to raise an error with an unsupported algorithm' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new({ algorithm: 'ES256' })
+      expect { instance.validate(token) }.to raise_exception('Signature algorithm of "ES256" is not supported')
+    end
+    it 'is expected to raise an error when the algorithm does not match the alg header value' do
+      algorithm = Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET)
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new({ algorithm: algorithm })
+      expect { instance.validate(token) }.to raise_exception('Signature algorithm of "ES256" is not supported. Expected the ID token to be signed with "HS256"')
+    end
+  end
+  context 'HS256 signature verification' do
+    before :each do
+      algorithm = Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET)
+      @instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ algorithm: algorithm }))
+    end
+    it 'is expected not to raise an error with a valid signature' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.Hn38QVtN_mWN0c-jOa-Fqq69kXpbBp0THsvE-CQ47Ps'
+      expect { @instance.validate(token) }.not_to raise_exception
+    end
+    it 'is expected to raise an error with an invalid signature' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.invalidsignature'
+      expect { @instance.validate(token) }.to raise_exception('Invalid ID token signature')
+    end
+  end
+  context 'RS256 signature verification' do
+    before :each do
+      stub_jwks
+      algorithm = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      @instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ algorithm: algorithm }))
+    end
+    after :each do
+      Auth0::Algorithm::RS256.remove_jwks
+      WebMock.reset!
+    end
+    it 'is expected not to raise an error with a valid signature' do
+      token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTEifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.jE00ARUiAwrKEoAMwbioKYj4bUZjmg31V7McDtIPsJJ16rYcvI-e5mtSSMgCmAom6t-WA7dsSWCJUlBCW2nAMvyCZ-hj8HG9Z0RmQEiwig9Fk22avoX94zdx65TwAeDfn2uMRaX_ps3TJcn4nymUtMp8Lps_vMw15eJerKThlSO4KuLTrvDDdRaCRamAd7jxuzhiwOt0mB0TVD55b5itA02pGuyapbjQXvvLYEx8OgpyIaAkB9Ry25abgjev0bSw2kjFZckG3lv9QgvZM85m9l3Rbrc6msNPGfMDFWGyT3Tu2ObqnSEA-57hZeuCbFrOya3vUwgSlc66rfvZj2xpzg'
+      expect { @instance.validate(token) }.not_to raise_exception
+    end
+    it 'is expected to raise an error with an invalid signature' do
+      token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTEifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.invalidsignature'
+      expect { @instance.validate(token) }.to raise_exception('Invalid ID token signature')
+    end
+    it 'is expected to raise an error when the public key cannot be found' do
+      token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTIifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.r2ksgiiM8zGJ6byea_Fq_zWWEmUdOnwQLVdb5JzgdBv1GUQFp-4LNaRhcga4FIrbKgxaPeewGLTq2VqfjmNJUNfARcE3QEacQ_JEHkC6zKZIiqcu4msHl8X9HXyHxOPHMTTjYMjauPzET7UH_oLxF68DDDQqvKX9VqLsncpyC-KdTCFTLGlFSq6pxmYt6gwrF2Uo15Gzc6qe2I9-MTXCYd44VW1zQi6GhNJNKbXH6U3bf7nof0ot1PSjBXXuLgf6d3qumTStECCjIUmdBb6FiEX4SSRI4MgHWj4q0LyN28baRpYwYPhVnjzUxOP7OLjKiHs45ORBhuAWhrJnuR_uBQ'
+      expect { @instance.validate(token) }.to raise_exception('Could not find a public key for Key ID (kid) "test-key-2"')
+    end
+    it 'is expected to fetch the JWK set from the url if the public key cannot be found and the cache is not empty' do
+      token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTIifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.r2ksgiiM8zGJ6byea_Fq_zWWEmUdOnwQLVdb5JzgdBv1GUQFp-4LNaRhcga4FIrbKgxaPeewGLTq2VqfjmNJUNfARcE3QEacQ_JEHkC6zKZIiqcu4msHl8X9HXyHxOPHMTTjYMjauPzET7UH_oLxF68DDDQqvKX9VqLsncpyC-KdTCFTLGlFSq6pxmYt6gwrF2Uo15Gzc6qe2I9-MTXCYd44VW1zQi6GhNJNKbXH6U3bf7nof0ot1PSjBXXuLgf6d3qumTStECCjIUmdBb6FiEX4SSRI4MgHWj4q0LyN28baRpYwYPhVnjzUxOP7OLjKiHs45ORBhuAWhrJnuR_uBQ'
+      Auth0::Algorithm::RS256.jwks_url(JWKS_URL).jwks
+      stub_jwks(JWKS_RESPONSE_2)
+      @instance.validate(token)
+      expect(a_request(:get, JWKS_URL)).to have_been_made.twice
+    end
+  end
+  context 'context validation' do
+    token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.Hn38QVtN_mWN0c-jOa-Fqq69kXpbBp0THsvE-CQ47Ps'
+    it 'is expected to raise an error with a non-integer leeway' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ leeway: '1' }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid leeway')
+    end
+    it 'is expected to raise an error with a negative leeway' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ leeway: -1 }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid leeway')
+    end
+    it 'is expected to raise an error with an empty nonce' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ nonce: '' }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid nonce')
+    end
+    it 'is expected to raise an error with an empty organization' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: '' }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid organization')
+    end
+    it 'is expected to raise an error with an empty issuer' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ issuer: '' }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid issuer')
+    end
+    it 'is expected to raise an error with an empty audience' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ audience: '' }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid audience')
+    end
+    it 'is expected to raise an error with a non-integer max_age' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: '1' }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid max_age')
+    end
+    it 'is expected to raise an error with a negative max_age' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: -1 }))
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid max_age')
+    end
+  end
+  context 'claims validation' do
+    before :all do
+      @instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT)
+    end
+    it 'is expected to raise an error with a missing iss' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.QL2B2tqJhlW9rc8HQ3PQKkjDufBeSvtRBtJmRPdQ5K8'
+      expect { @instance.validate(token) }.to raise_exception('Issuer (iss) claim must be a string present in the ID token')
+    end
+    it 'is expected to raise an error with a invalid iss' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb21ldGhpbmctZWxzZSIsInN1YiI6ImF1dGgwfDEyMzQ1Njc4OSIsImF1ZCI6WyJ0b2tlbnMtdGVzdC0xMjMiLCJleHRlcm5hbC10ZXN0LTk5OSJdLCJleHAiOjE1ODc3NjUzNjEsImlhdCI6MTU4NzU5MjU2MSwibm9uY2UiOiJhMWIyYzNkNGU1IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.AhMMouDlGMdxTYrY9Cn-p8svJ8ssKmsHeT6JNRVTh10'
+      expect { @instance.validate(token) }.to raise_exception("Issuer (iss) claim mismatch in the ID token; expected \"#{CONTEXT[:issuer]}\", found \"something-else\"")
+    end
+    it 'is expected to raise an error with a missing sub' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0._4sUXtAZYpGrO3QaYArXnk2JivCqixa7hgHhH3w4SlY'
+      expect { @instance.validate(token) }.to raise_exception('Subject (sub) claim must be a string present in the ID token')
+    end
+    it 'is expected to raise an error with a missing aud' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJleHAiOjE1ODc3NjUzNjEsImlhdCI6MTU4NzU5MjU2MSwibm9uY2UiOiJhMWIyYzNkNGU1IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.TlwnBmGUKe0SElSYKxPqsG1mujkK2t1CwDJGGiWRdXA'
+      expect { @instance.validate(token) }.to raise_exception('Audience (aud) claim must be a string or array of strings present in the ID token')
+    end
+    it 'is expected to raise an error with an invalid string aud' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOiJleHRlcm5hbC10ZXN0LTk5OSIsImV4cCI6MTU4Nzc2NTM2MSwiaWF0IjoxNTg3NTkyNTYxLCJub25jZSI6ImExYjJjM2Q0ZTUiLCJhenAiOiJ0b2tlbnMtdGVzdC0xMjMiLCJhdXRoX3RpbWUiOjE1ODc2Nzg5NjF9.-Tf5CIi2bZ51UdgqxFWQNXpJJmK5GgsetcVoVrQwHIA'
+      expect { @instance.validate(token) }.to raise_exception("Audience (aud) claim mismatch in the ID token; expected \"#{CONTEXT[:audience]}\", found \"external-test-999\"")
+    end
+    it 'is expected to raise an error with an invalid array aud' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsiZXh0ZXJuYWwtdGVzdC05OTgiLCJleHRlcm5hbC10ZXN0LTk5OSJdLCJleHAiOjE1ODc3NjUzNjEsImlhdCI6MTU4NzU5MjU2MSwibm9uY2UiOiJhMWIyYzNkNGU1IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.Q1GRVL5g3RLQqG5sEV_cc8WW_oiZzFIAfzRfBdxMW2s'
+      expect { @instance.validate(token) }.to raise_exception("Audience (aud) claim mismatch in the ID token; expected \"#{CONTEXT[:audience]}\" but was not one of \"external-test-998, external-test-999\"")
+    end
+    it 'is expected to raise an error with a missing exp' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiaWF0IjoxNTg3NTkyNTYxLCJub25jZSI6ImExYjJjM2Q0ZTUiLCJhenAiOiJ0b2tlbnMtdGVzdC0xMjMiLCJhdXRoX3RpbWUiOjE1ODc2Nzg5NjF9.aoLiQX3sHsf1bEbc0axbjJ9qV6hhomtEzJq-FT8OGF0'
+      expect { @instance.validate(token) }.to raise_exception('Expiration Time (exp) claim must be a number present in the ID token')
+    end
+    it 'is expected to raise an error with a invalid exp' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NTkyNTYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.A8Pc0vlCG5Ufez7VIoRqXTYpJehalTEgGX9cR2xJLkU'
+      clock = CLOCK + LEEWAY + 1
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ clock: clock }))
+      expect { instance.validate(token) }.to raise_exception("Expiration Time (exp) claim mismatch in the ID token; current time \"#{clock}\" is after expiration time \"1587592621\"")
+    end
+    it 'is expected to raise an error with a missing iat' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJub25jZSI6ImExYjJjM2Q0ZTUiLCJhenAiOiJ0b2tlbnMtdGVzdC0xMjMiLCJhdXRoX3RpbWUiOjE1ODc2Nzg5NjF9.Jea6UVJsAK7Hnb494f_WIQCIbaLTnnCvMenSY1Y2toc'
+      expect { @instance.validate(token) }.to raise_exception('Issued At (iat) claim must be a number present in the ID token')
+    end
+    it 'is expected not to raise an error with a missing but not required nonce' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.-o5grnyODbBdRgzcrn7Sf9Hb6eOC0x_U2i3YjVgHN0U'
+      expect { @instance.validate(token) }.not_to raise_exception
+    end
+    it 'is expected to raise an error with a missing but required nonce' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.-o5grnyODbBdRgzcrn7Sf9Hb6eOC0x_U2i3YjVgHN0U'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ nonce: 'a1b2c3d4e5' }))
+      expect { instance.validate(token) }.to raise_exception('Nonce (nonce) claim must be a string present in the ID token')
+    end
+    it 'is expected to raise an error with an invalid nonce' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiMDAwOTk5IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.XqQPdFN4m5kmTUQQi_mAJu0LQOeUTS9lF2J_xWc_j-0'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ nonce: 'a1b2c3d4e5' }))
+      expect { instance.validate(token) }.to raise_exception('Nonce (nonce) claim mismatch in the ID token; expected "a1b2c3d4e5", found "000999"')
+    end
+    it 'is expected to raise an error with a missing azp' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.LrgYkIbWrxMq6jvvkL1lxWL237ii1IBhtN2o_tDxFns'
+      expect { @instance.validate(token) }.to raise_exception('Authorized Party (azp) claim must be a string present in the ID token')
+    end
+    it 'is expected to raise an error with an invalid azp' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6ImV4dGVybmFsLXRlc3QtOTk5IiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.3DX-LY3B4UngDML-9nv11Sv89ECJpRpOLeWnkF1vAFY'
+      expect { @instance.validate(token) }.to raise_exception("Authorized Party (azp) claim mismatch in the ID token; expected \"tokens-test-123\", found \"external-test-999\"")
+    end
+    it 'is expected to raise an error with a missing auth_time' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyJ9.JqUotnjHbGW0FcHz1s1YsRkce9Sbpsv2AEBDMpcUhp8'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: 120 }))
+      expect { instance.validate(token) }.to raise_exception('Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified')
+    end
+    it 'is expected to raise an error with a invalid auth_time' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzU5MjU2MX0.B7eWHJPHjhOh0ALjIQi0ro6zVsqGIeHd0gpRZsv6Hg8'
+      max_age = 120
+      auth_time = CLOCK + LEEWAY + max_age
+      clock = auth_time + 1
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: max_age, clock: clock }))
+      expect { instance.validate(token) }.to raise_exception("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time \"#{clock}\" is after last auth at \"#{auth_time}\"")
+    end
+    it 'is expected not to raise an error when org_id exsist in the token, but not required' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
+      expect { @instance.validate(token) }.not_to raise_exception
+    end
+    it 'is expected to raise an error with a missing but required organization' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE4MTg1LCJpYXQiOjE2MTY0NDUzODUsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTc4NX0.UMo5pmgceXO9lIKzbk7X0ZhE5DOe0IP2LfMKdUj03zQ'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' }))
+      expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim must be a string present in the ID token')
+    end
+    it 'is expected to raise an error with an invalid organization' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' }))
+      expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim value mismatch in the ID token; expected "a1b2c3d4e5", found "testOrg"')
+    end
+    it 'is expected to NOT raise an error with a valid organization' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'testOrg' }))
+      expect { instance.validate(token) }.not_to raise_exception
+    end
+  end
+end
+describe Auth0::Algorithm::HS256 do
+  context 'class' do
+    it 'is expected to respond to :secret' do
+      expect(Auth0::Algorithm::HS256).to respond_to(:secret)
+    end
+    it 'is expected not to respond to :new' do
+      expect(Auth0::Algorithm::HS256).not_to respond_to(:new)
+    end
+  end
+  context 'instance' do
+    it 'is expected to respond to :secret' do
+      instance = Auth0::Algorithm::HS256.secret('secret')
+      expect(instance).to respond_to(:secret)
+    end
+    it 'is expected to return the secret' do
+      instance = Auth0::Algorithm::HS256.secret('secret')
+      expect(instance.secret).to eq('secret')
+    end
+    it 'is expected to return the algorithm name' do
+      instance = Auth0::Algorithm::HS256.secret('secret')
+      expect(instance.name).to eq('HS256')
+    end
+  end
+  context 'parameters' do
+    expected_error = 'Must supply a valid secret'
+    it 'is expected to raise an error with a nil secret' do
+      expect { Auth0::Algorithm::HS256.secret(nil) }.to raise_exception(expected_error)
+    end
+    it 'is expected to raise an error with an empty secret' do
+      expect { Auth0::Algorithm::HS256.secret('') }.to raise_exception(expected_error)
+    end
+  end
+end
+describe Auth0::Algorithm::RS256 do
+  before :each do
+    stub_jwks
+  end
+  after :each do
+    Auth0::Algorithm::RS256.remove_jwks
+    WebMock.reset!
+  end
+  context 'class' do
+    it 'is expected to respond to :jwks_url' do
+      expect(Auth0::Algorithm::RS256).to respond_to(:jwks_url)
+    end
+    it 'is expected not to respond to :new' do
+      expect(Auth0::Algorithm::RS256).not_to respond_to(:new)
+    end
+  end
+  context 'instance' do
+    it 'is expected to respond to :jwks' do
+      instance = Auth0::Algorithm::RS256.jwks_url('jwks url')
+      expect(instance).to respond_to(:jwks)
+    end
+    it 'is expected to respond to :fetched_jwks?' do
+      instance = Auth0::Algorithm::RS256.jwks_url('jwks url')
+      expect(instance).to respond_to(:fetched_jwks?)
+    end
+    it 'is expected to return a jwks' do
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      expect(instance.jwks).to have_key('keys') and contain_exactly(a_hash_including(kid: 'test-key-1'))
+    end
+    it 'is expected to return if the jwks was fetched from the url' do
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      instance.jwks
+      expect(instance.fetched_jwks?).to eq(true)
+    end
+    it 'is expected to return if the jwks was fetched from the cache' do
+      Auth0::Algorithm::RS256.jwks_url(JWKS_URL).jwks
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      instance.jwks
+      expect(instance.fetched_jwks?).to eq(false)
+    end
+    it 'is expected to return the algorithm name' do
+      instance = Auth0::Algorithm::RS256.jwks_url('jwks url')
+      expect(instance.name).to eq('RS256')
+    end
+  end
+  context 'parameters' do
+    it 'is expected to raise an error with a nil jwks_url' do
+      expect { Auth0::Algorithm::RS256.jwks_url(nil) }.to raise_exception('Must supply a valid jwks_url')
+    end
+    it 'is expected to raise an error with an empty jwks_url' do
+      expect { Auth0::Algorithm::RS256.jwks_url('') }.to raise_exception('Must supply a valid jwks_url')
+    end
+    it 'is expected to raise an error with a non-integer lifetime' do
+      expect { Auth0::Algorithm::RS256.jwks_url('jwks url', lifetime: '1') }.to raise_exception('Must supply a valid lifetime')
+    end
+    it 'is expected to raise an error with a negative lifetime' do
+      expect { Auth0::Algorithm::RS256.jwks_url('jwks url', lifetime: -1) }.to raise_exception('Must supply a valid lifetime')
+    end
+  end
+  context 'cache' do
+    it 'is expected to fetch the jwks from the url when the cache is empty' do
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      instance.jwks
+      expect(a_request(:get, JWKS_URL)).to have_been_made.once
+    end
+    it 'is expected to fetch the jwks from the url when the cache is expired' do
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL, lifetime: 0)
+      instance.jwks
+      instance.jwks
+      expect(a_request(:get, JWKS_URL)).to have_been_made.twice
+    end
+    it 'is not expected to fetch the jwks from the url when there is a value cached' do
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      instance.jwks
+      instance.jwks
+      expect(a_request(:get, JWKS_URL)).to have_been_made.once
+    end
+    it 'is expected to forcibly fetch the jwks from the url' do
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      instance.jwks
+      instance.jwks(force: true)
+      expect(a_request(:get, JWKS_URL)).to have_been_made.twice
+    end
+    it 'is expected to forcibly fetch the jwks from the url and cache it' do
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      instance.jwks(force: true)
+      instance.jwks
+      expect(a_request(:get, JWKS_URL)).to have_been_made.once
+    end
+    it 'is expected to return the last cached value if the jwks could not be fetched' do
+      Auth0::Algorithm::RS256.jwks_url(JWKS_URL).jwks
+      stub_request(:get, JWKS_URL).to_return(body: 'invalid')
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      expect(instance.jwks).to have_key('keys') and contain_exactly(a_hash_including(kid: 'test-key-1'))
+    end
+    it 'is expected to raise an error if the jwks could not be fetched and the cache is empty' do
+      stub_request(:get, JWKS_URL).to_return(body: 'invalid')
+      instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
+      expect { instance.jwks }.to raise_exception('Could not fetch the JWK set')
+    end
+  end
+end
+# rubocop:enable Metrics/BlockLength
+def stub_jwks(stub = JWKS_RESPONSE_1)
+  stub_request(:get, JWKS_URL).to_return(body: stub.to_json)
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,25 +1,68 @@
-require 'dotenv'
+require 'pry'
+require 'rack/test'
+require 'faker'
+require 'json'
+require 'auth0'
+if RUBY_VERSION >= '2.7.2'
+  # NOTE: https://bugs.ruby-lang.org/issues/17000
+  Warning[:deprecated] = true
+end
+require 'simplecov'
+SimpleCov.start
+if ENV['CI'] == 'true'
+  require 'codecov'
+  SimpleCov.formatter = SimpleCov::Formatter::Codecov
+end
+require 'dotenv'
 Dotenv.load
-mode = ENV['MODE'] || 'unit'
+require 'webmock/rspec'
+WebMock.allow_net_connect!
+require 'vcr'
+VCR.configure do |config|
+  # Uncomment the line below to record new VCR cassettes.
+  # When this is commented out, VCR will reject all outbound HTTP calls.
+  config.allow_http_connections_when_no_cassette = true
+  config.cassette_library_dir = 'spec/fixtures/vcr_cassettes'
+  config.configure_rspec_metadata!
+  config.hook_into :webmock
+  config.filter_sensitive_data('CLIENT_SECRET') { ENV['CLIENT_SECRET'] }
+  config.filter_sensitive_data('API_TOKEN') { ENV['MASTER_JWT'] }
+  ENV['DOMAIN'] = 'auth0-sdk-tests.auth0.com'
+  ENV['CLIENT_ID'] = '2cnWuug6zaFX1j0ge1P99jAUn0F4XSuI'
+end
 $LOAD_PATH.unshift File.expand_path('..', __FILE__)
 $LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
-require 'rspec'
-require 'rack/test'
-require 'faker'
-require 'auth0'
-Dir['./lib/**/*.rb'].each { |f| require f }
+Dir['./lib/*.rb'].each { |f| require f }
+Dir['./lib/api/**/*.rb'].each { |f| require f }
 Dir['./spec/support/**/*.rb'].each { |f| require f }
 Dir['./spec/support/*.rb'].each { |f| require f }
+require 'rspec'
+RSpec.configure do |config|
+  config.filter_run focus: true
+  config.run_all_when_everything_filtered = true
+  config.include Credentials
+end
+def wait(time, increment = 5, elapsed_time = 0, &block)
+  yield
+rescue RSpec::Expectations::ExpectationNotMetError => e
+  raise e if elapsed_time >= time
+  sleep increment
+  wait(time, increment, elapsed_time + increment, &block)
+end
 def entity_suffix
-  (ENV['TRAVIS_JOB_ID'] || 'local').delete('_')
+  'rubytest'
 end
 puts "Entity suffix is #{entity_suffix}"
-require_relative "spec_helper_#{mode}"

data/spec/support/credentials.rb CHANGED Viewed

@@ -1,23 +1,11 @@
 module Credentials
   module_function
-  def v1_creds
-    { client_id: ENV['CLIENT_ID'],
-      client_secret: ENV['CLIENT_SECRET'],
-      domain: ENV['DOMAIN'],
-      api_version: 1 }
-  end
-  def v1_global_creds
-    { client_id: ENV['GLOBAL_CLIENT_ID'],
-      client_secret: ENV['GLOBAL_CLIENT_SECRET'],
-      domain: ENV['DOMAIN'],
-      api_version: 1 }
-  end
   def v2_creds
-    { client_id: ENV['CLIENT_ID'],
-      token: ENV['MASTER_JWT'],
-      domain: ENV['DOMAIN'] }
+    {
+      domain: ENV.fetch( 'DOMAIN', 'DOMAIN' ),
+      client_id: ENV.fetch( 'CLIENT_ID', 'CLIENT_ID' ),
+      client_secret: ENV.fetch( 'CLIENT_SECRET', 'TEST_CLIENT_SECRET' ),
+      token: ENV.fetch( 'MASTER_JWT', 'TEST_MASTER_JWT' )
+    }
   end
 end

data/spec/support/dummy_class.rb CHANGED Viewed

@@ -1,12 +1,16 @@
 class DummyClass
-  attr_reader :domain, :client_id, :client_secret
+  include Auth0::Mixins::Headers
+  attr_reader :domain, :client_id, :client_secret, :audience
   def initialize
     @domain = 'test.auth0.com'
-    @client_id = 'NyW50o8Qt8I1VhMVlTlfVwWLGzBIPuxb'
+    @client_id = '__test_client_id__'
+    @client_secret = '__test_client_secret__'
+    @audience = "https://#{@domain}/api/v2/"
   end
-  %i(get post put patch delete).each do |method|
+  %i(get post put patch delete delete_with_body).each do |method|
     define_method(method) do |_path, _body = {}|
       true
     end

data/spec/support/dummy_class_for_proxy.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 class DummyClassForProxy
   include Auth0::Mixins::HTTPProxy
+  include Auth0::Mixins::Headers
   @base_uri = 'http://auth0.com'
 end

data/spec/support/stub_response.rb CHANGED Viewed

	@@ -1 +1 @@
1	- StubResponse = Struct.new(:body, :success?, :code)
1	+ StubResponse = Struct.new(:body, :success?, :code, :headers)