auth0 4.7.0 → 4.12.0

data/README.md

@@ -1,8 +1,8 @@
 # Auth0 - Ruby
 
-[![Build Status](https://travis-ci.org/auth0/ruby-auth0.svg?branch=master)](https://travis-ci.org/auth0/ruby-auth0)
+[![CircleCI](https://img.shields.io/circleci/project/github/auth0/ruby-auth0/master.svg)](https://circleci.com/gh/auth0/ruby-auth0)
 [![Gem Version](https://badge.fury.io/rb/auth0.svg)](http://badge.fury.io/rb/auth0)
-[![Coverage Status](https://coveralls.io/repos/auth0/ruby-auth0/badge.svg?branch=master)](https://coveralls.io/r/auth0/ruby-auth0?branch=master)
+[![codecov](https://codecov.io/gh/auth0/ruby-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/ruby-auth0)
 [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](http://www.rubydoc.info/github/auth0/ruby-auth0/master/frames)
 [![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/ruby-auth0/blob/master/LICENSE)
 
@@ -12,7 +12,7 @@ Ruby API client for the [Auth0](https://auth0.com) platform.
 
 This gem can be installed directly:
 
-``` bash
+```bash
 $ gem install auth0
 ```
 
@@ -26,7 +26,7 @@ bundle add auth0
 
 You can build the API documentation with the following:
 
-``` bash
+```bash
 bundle exec rake documentation
 ```
 
@@ -65,14 +65,23 @@ class AllUsersController < ApplicationController
     }
     @users = auth0_client.users @params
   end
-	
+
   private
-	
+
   # Setup the Auth0 API connection.
   def auth0_client
     @auth0_client ||= Auth0Client.new(
       client_id: ENV['AUTH0_RUBY_CLIENT_ID'],
-      token: ENV['AUTH0_RUBY_API_TOKEN'],
+      client_secret: ENV['AUTH0_RUBY_CLIENT_SECRET'],
+      # If you pass in a client_secret value, the SDK will automatically try to get a
+      # Management API token for this application. Make sure your Application can make a
+      # Client Credentials grant (Application settings in Auth0 > Advanced > Grant Types
+      # tab) and that the Application is authorized for the Management API:
+      # https://auth0.com/docs/api-auth/config/using-the-auth0-dashboard
+      #
+      # Otherwise, you can pass in a Management API token directly for testing or temporary
+      # access using the key below.
+      # token: ENV['AUTH0_RUBY_API_TOKEN'],
       domain: ENV['AUTH0_RUBY_DOMAIN'],
       api_version: 2,
       timeout: 15 # optional, defaults to 10
@@ -98,36 +107,116 @@ This should show the parameters passed to the `users` method and a list of users
 
 In addition to the Management API, this SDK also provides access to [Authentication API](https://auth0.com/docs/api/authentication) endpoints with the `Auth0::API::AuthenticationEndpoints` module. For basic login capability, we suggest using our OmniAuth stategy [detailed here](https://auth0.com/docs/quickstart/webapp/rails/01-login). Other authentication tasks currently supported are:
 
-* Register a new user with a database connection using the `signup` method.
-* Redirect a user to the universal login page for authentication using the `authorization_url` method.
-* Log a user into a highly trusted app with the [Resource Owner Password grant](https://auth0.com/docs/api-auth/tutorials/password-grant) using the `login` method.
-* Exchange an authorization code for an access token on callback using the `obtain_user_tokens` method (see the note on state validation below).
-* Send a change password email to a database connection user using the `change_password` method.
-* Log a user out of Auth0 with the `logout_url` method.
+- Register a new user with a database connection using the `signup` method.
+- Redirect a user to the universal login page for authentication using the `authorization_url` method.
+- Log a user into a highly trusted app with the [Resource Owner Password grant](https://auth0.com/docs/api-auth/tutorials/password-grant) using the `login` method.
+- Exchange an authorization code for an access token on callback using the `obtain_user_tokens` method (see the note on state validation below).
+- Send a change password email to a database connection user using the `change_password` method.
+- Log a user out of Auth0 with the `logout_url` method.
 
-**Important note on state validation**: If you choose to implement a login flow callback yourself, it is important to generate and store a `state` value, pass that value to Auth0 in the `authorization_url` method, and validate it in your callback URL before calling `obtain_user_tokens`. For more information on state validation, [please see our documentation](https://auth0.com/docs/protocols/oauth2/oauth-state). 
+**Important note on state validation**: If you choose to implement a login flow callback yourself, it is important to generate and store a `state` value, pass that value to Auth0 in the `authorization_url` method, and validate it in your callback URL before calling `obtain_user_tokens`. For more information on state validation, [please see our documentation](https://auth0.com/docs/protocols/oauth2/oauth-state).
 
 Please note that this module implements endpoints that might be deprecated for newer tenants. If you have any questions about how and when the endpoints should be used, consult the [documentation](https://auth0.com/docs/api/authentication) or ask in our [Community forums](https://community.auth0.com/tags/wordpress).
 
+## ID Token Validation
+
+An ID token may be present in the credentials received after authentication. This token contains information associated with the user that has just logged in, provided the scope used contained `openid`. You can [read more about ID tokens here](https://auth0.com/docs/tokens/concepts/id-tokens).
+
+Before accessing its contents, you must first validate the ID token to ensure it has not been tampered with and that it is meant for your application to consume. Use the `validate_id_token` method to do so:
+
+```ruby
+begin
+  @auth0_client.validate_id_token 'YOUR_ID_TOKEN'
+rescue Auth0::InvalidIdToken => e
+  # In this case the ID Token contents should not be trusted
+end
+```
+
+The method takes the following optional keyword parameters:
+
+| Parameter     | Type           | Description   | Default value             |
+| ------------- | -------------- | ------------- | ------------------------- |
+| `algorithm`   | `JWTAlgorithm` | The [signing algorithm](https://auth0.com/docs/tokens/concepts/signing-algorithms) used by your Auth0 application.  | `Auth0::Algorithm::RS256` (using the [JWKS URL](https://auth0.com/docs/tokens/concepts/jwks) of your **Auth0 Domain**) |
+| `leeway`      | Integer        | Number of seconds to account for clock skew when validating the `exp`, `iat` and `azp` claims.  | `60`  |
+| `nonce`       | String         | The `nonce` value you sent in the call to `/authorize`, if any.  | `nil`  |
+| `max_age`     | Integer        | The `max_age` value you sent in the call to `/authorize`, if any.  | `nil`  |
+| `issuer`      | String         | By default the `iss` claim will be checked against the URL of your **Auth0 Domain**. Use this parameter to override that. | `nil`  |
+| `audience`    | String         | By default the `aud` claim will be compared to your **Auth0 Client ID**. Use this parameter to override that.  | `nil`  |
+
+You can check the signing algorithm value under **Advanced Settings > OAuth > JsonWebToken Signature Algorithm** in your Auth0 application settings panel. [We recommend](https://auth0.com/docs/tokens/concepts/signing-algorithms#our-recommendation) that you make use of asymmetric signing algorithms like `RS256` instead of symmetric ones like `HS256`.
+
+```ruby
+# HS256
+
+begin
+  @auth0_client.validate_id_token 'YOUR_ID_TOKEN', algorithm: Auth0::Algorithm::HS256.secret('YOUR_SECRET')
+rescue Auth0::InvalidIdToken => e
+  # Handle error
+end
+
+# RS256 with a custom JWKS URL
+
+begin
+  @auth0_client.validate_id_token 'YOUR_ID_TOKEN', algorithm: Auth0::Algorithm::RS256.jwks_url('YOUR_URL')
+rescue Auth0::InvalidIdToken => e
+  # Handle error
+end
+```
+
+## Development
+
+In order to set up the local environment you'd have to have Ruby installed and a few global gems used to run and record the unit tests. A working Ruby version can be taken from the [CI script](/.circleci/config.yml). At the moment of this writting we're using Ruby `2.5.7`.
+
+> It is expected that every Pull Request introducing a fix, change or feature contains enough test coverage to assert the new behavior.
+
+### Running the tests
+
+Install the gems required for this project.
+
+```bash
+bundle install
+```
+
+Finally, run the tests.
+
+```bash
+bundle exec rake test
+```
+
+#### Running only unit tests
+
+You can run only the unit tests and ignore the integration tests by running the following:
+
+```bash
+bundle exec rake spec
+```
+
+#### Running only integration tests
+
+You can run only the unit tests and ignore the integration tests by running the following:
+
+```bash
+bundle exec rake integration
+```
 
 ## More Information
 
-* [Login using OmniAuth](https://auth0.com/docs/quickstart/webapp/rails/01-login)
-* [API authentication in Ruby](https://auth0.com/docs/quickstart/backend/ruby)
-* [API authentication in Rails](https://auth0.com/docs/quickstart/backend/rails)
-* [Managing authentication with Auth0 (blog)](https://auth0.com/blog/rails-5-with-auth0/)
-* [Ruby on Rails workflow with Docker (blog)](https://auth0.com/blog/ruby-on-rails-killer-workflow-with-docker-part-1/)
+- [Login using OmniAuth](https://auth0.com/docs/quickstart/webapp/rails/01-login)
+- [API authentication in Ruby](https://auth0.com/docs/quickstart/backend/ruby)
+- [API authentication in Rails](https://auth0.com/docs/quickstart/backend/rails)
+- [Managing authentication with Auth0 (blog)](https://auth0.com/blog/rails-5-with-auth0/)
+- [Ruby on Rails workflow with Docker (blog)](https://auth0.com/blog/ruby-on-rails-killer-workflow-with-docker-part-1/)
 
 ## What is Auth0?
 
 Auth0 helps you to:
 
-* Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders), either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce** among others, or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**.
-* Add authentication through more traditional **[username/password databases](https://docs.auth0.com/mysql-connection-tutorial)**.
-* Add support for **[linking different user accounts](https://docs.auth0.com/link-accounts)** with the same user.
-* Support for generating signed [JSON Web Tokens](https://docs.auth0.com/jwt) to call your APIs and **flow the user identity** securely.
-* Analytics of how, when, and where users are logging in.
-* Pull data from other sources and add it to the user profile with [JavaScript rules](https://docs.auth0.com/rules).
+- Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders), either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce** among others, or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**.
+- Add authentication through more traditional **[username/password databases](https://docs.auth0.com/mysql-connection-tutorial)**.
+- Add support for **[linking different user accounts](https://docs.auth0.com/link-accounts)** with the same user.
+- Support for generating signed [JSON Web Tokens](https://docs.auth0.com/jwt) to call your APIs and **flow the user identity** securely.
+- Analytics of how, when, and where users are logging in.
+- Pull data from other sources and add it to the user profile with [JavaScript rules](https://docs.auth0.com/rules).
 
 ## Create a free Auth0 Account
 

data/auth0.gemspec

@@ -11,24 +11,24 @@ Gem::Specification.new do |s|
   s.summary     = 'Auth0 API Client'
   s.description = 'Ruby toolkit for Auth0 API https://auth0.com.'
 
-  s.rubyforge_project = 'auth0'
-
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'rest-client', '~> 2.0'
+  s.add_runtime_dependency 'rest-client', '~> 2.0.0'
+  s.add_runtime_dependency 'jwt', '~> 2.2.0'
+  s.add_runtime_dependency 'zache', '~> 0.12.0'
 
-  s.add_development_dependency 'rake', '~> 10.4'
+  s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'fuubar', '~> 2.0'
-  s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['TRAVIS']
+  s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI']
   s.add_development_dependency 'dotenv-rails', '~> 2.0'
   s.add_development_dependency 'pry', '~> 0.10'
   s.add_development_dependency 'pry-nav', '~> 0.2.4'
   s.add_development_dependency 'rspec', '~> 3.1', '>= 3.1.0'
   s.add_development_dependency 'rack-test', '~> 0.6'
-  s.add_development_dependency 'rack', '~> 1.6.4'
+  s.add_development_dependency 'rack', '~> 2.1.2'
   s.add_development_dependency 'simplecov', '~> 0.9'
   s.add_development_dependency 'faker', '~> 1.4'
   s.add_development_dependency 'yard', '~> 0.9.12'

data/codecov.yml

@@ -0,0 +1,22 @@
+coverage:
+  precision: 2
+  round: down
+  range: "60...100"
+  status:
+    project:
+      default:
+        enabled: true
+        target: auto
+        threshold: 5%
+        if_no_uploads: error
+    patch:
+      default:
+        enabled: true
+        target: 80%
+        threshold: 30%
+        if_no_uploads: error
+    changes:
+      default:
+        enabled: true
+        if_no_uploads: error
+comment: false 

data/deploy_documentation.sh

@@ -14,7 +14,7 @@ cd doc
 git init
 
 # inside this git repo we'll pretend to be a new user
-git config user.name "Travis CI"
+git config user.name "Circle CI"
 git config user.email "build-documentation@auth0.com"
 
 # The first and only commit to this new Git repo contains all the

data/lib/auth0.rb

@@ -1,6 +1,7 @@
 require 'auth0/version'
 require 'auth0/mixins'
 require 'auth0/exception'
+require 'auth0/algorithm'
 require 'auth0/client'
 require 'auth0_client'
 # Namespace for ruby-auth0 logic

data/lib/auth0/algorithm.rb

@@ -0,0 +1,5 @@
+module Auth0
+  module Algorithm
+    include Auth0::Mixins::Validation::Algorithm
+  end
+end

data/lib/auth0/api/authentication_endpoints.rb

@@ -1,4 +1,8 @@
+# frozen_string_literal: true
 # rubocop:disable Metrics/ModuleLength
+
+require 'jwt'
+
 module Auth0
   module Api
     # {https://auth0.com/docs/api/authentication}
@@ -170,7 +174,8 @@ module Auth0
           send: send,
           authParams: auth_params,
           connection: 'email',
-          client_id: @client_id
+          client_id: @client_id,
+          client_secret: @client_secret
         }
         post('/passwordless/start', request_params)
       end
@@ -185,7 +190,8 @@ module Auth0
         request_params = {
           phone_number: phone_number,
           connection: 'sms',
-          client_id: @client_id
+          client_id: @client_id,
+          client_secret: @client_secret
         }
         post('/passwordless/start', request_params)
       end
@@ -500,6 +506,36 @@ module Auth0
         post('/unlink', request_params)
       end
 
+      # Validate an ID token (signature and expiration).
+      # @see https://auth0.com/docs/tokens/guides/validate-id-tokens
+      # @param id_token [string] The JWT to validate.
+      # @param algorithm [JWKAlgorithm] The expected signing algorithm.
+      #   Defaults to +Auth0::Algorithm::RS256.jwks_url("https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json", lifetime: 10 * 60)+.
+      # @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
+      #   Must be a non-negative value. Defaults to *60 seconds*.
+      # @param nonce [string] The nonce value sent during authentication.
+      # @param max_age [integer] The max_age value sent during authentication.
+      #   Must be a non-negative value.
+      # @param issuer [string] The expected issuer claim value.
+      #   Defaults to +https://YOUR_AUTH0_DOMAIN/+.
+      # @param audience [string] The expected audience claim value.
+      #   Defaults to your *Auth0 Client ID*.
+      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
+      def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
+        context = {
+          issuer: issuer || "https://#{@domain}/",
+          audience: audience || @client_id,
+          algorithm: algorithm || Auth0::Algorithm::RS256.jwks_url("https://#{@domain}/.well-known/jwks.json"),
+          leeway: leeway
+        }
+
+        context[:nonce] = nonce unless nonce.nil?
+        context[:max_age] = max_age unless max_age.nil?
+
+        Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
+
       private
 
       # Build a URL query string from a hash.

data/lib/auth0/api/v2.rb

@@ -1,3 +1,4 @@
+require 'auth0/api/v2/anomaly'
 require 'auth0/api/v2/blacklists'
 require 'auth0/api/v2/clients'
 require 'auth0/api/v2/client_grants'
@@ -6,6 +7,7 @@ require 'auth0/api/v2/device_credentials'
 require 'auth0/api/v2/emails'
 require 'auth0/api/v2/jobs'
 require 'auth0/api/v2/rules'
+require 'auth0/api/v2/roles'
 require 'auth0/api/v2/stats'
 require 'auth0/api/v2/users'
 require 'auth0/api/v2/users_by_email'
@@ -14,11 +16,13 @@ require 'auth0/api/v2/tenants'
 require 'auth0/api/v2/tickets'
 require 'auth0/api/v2/logs'
 require 'auth0/api/v2/resource_servers'
+require 'auth0/api/v2/guardian'
 
 module Auth0
   module Api
     # https://auth0.com/docs/apiv2
     module V2
+      include Auth0::Api::V2::Anomaly
       include Auth0::Api::V2::Blacklists
       include Auth0::Api::V2::Clients
       include Auth0::Api::V2::ClientGrants
@@ -27,6 +31,7 @@ module Auth0
       include Auth0::Api::V2::Emails
       include Auth0::Api::V2::Jobs
       include Auth0::Api::V2::Rules
+      include Auth0::Api::V2::Roles
       include Auth0::Api::V2::Stats
       include Auth0::Api::V2::Users
       include Auth0::Api::V2::UsersByEmail
@@ -35,6 +40,7 @@ module Auth0
       include Auth0::Api::V2::Tickets
       include Auth0::Api::V2::Logs
       include Auth0::Api::V2::ResourceServers
+      include Auth0::Api::V2::Guardian
     end
   end
 end

data/lib/auth0/api/v2/anomaly.rb

@@ -0,0 +1,36 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the anomaly endpoints
+      module Anomaly
+        # Use this route to determine if a given IP is currently blocked
+        # by the failed login to multiple user accounts trigger.
+        # @see https://auth0.com/docs/api/management/v2#!/Anomaly/get_ips_by_id
+        # @param ip [string] The IP to check.
+        def check_if_ip_is_blocked(ip)
+          raise Auth0::InvalidParameter, 'Must specify an IP' if ip.to_s.empty?
+
+          path = "#{anomaly_path}/#{ip}"
+          get(path)
+        end
+
+        # Resets an IP that is currently blocked by the failed login to multiple user accounts trigger.
+        # @see https://auth0.com/docs/api/management/v2#!/Anomaly/delete_ips_by_id
+        # @param ip [string] The IP to remove block.
+        def remove_ip_block(ip)
+          raise Auth0::InvalidParameter, 'Must specify an IP' if ip.to_s.empty?
+
+          path = "#{anomaly_path}/#{ip}"
+          delete(path)
+        end
+
+        private
+
+        # Anomaly API path
+        def anomaly_path
+          @anomaly_path ||= '/api/v2/anomaly/blocks/ips'
+        end
+      end
+    end
+  end
+end

data/lib/auth0/api/v2/client_grants.rb

@@ -7,11 +7,15 @@ module Auth0
 
         # Retrieves a list of all client grants.
         # @see https://auth0.com/docs/api/management/v2#!/client_grants/get_client_grants
+        # @param client_id [string] The client_id of the client grant to retrieve.
+        # @param audience [string] The audience of the client grant to retrieve.
         # @param page [int] Page number to get, 0-based.
         # @param per_page [int] Results per page if also passing a page number.
         # @return [json] Returns the client grants.
-        def client_grants (page: nil, per_page: nil)
+        def client_grants (client_id: nil, audience: nil, page: nil, per_page: nil)
           request_params = {
+            client_id: client_id,
+            audience: audience,
             page: page,
             per_page: per_page
           }

data/lib/auth0/api/v2/guardian.rb

@@ -0,0 +1,142 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the guardian endpoints
+      module Guardian
+        include Auth0::Mixins::Validation
+
+        # Retrieves a list of Guardian factors.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/get_factors
+        # @return [json] Returns the list of all Guardian factors.
+        def guardian_factors
+          get(guardian_factors_path)
+        end
+        alias get_guardian_factors guardian_factors
+
+        # Retrieves a single Guardian enrollment.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/get_enrollments_by_id
+        # @param enrollment_id [string] The enrollment_id of the Guardian enrollment to delete.
+        # @return [json] Returns details of the Guardian enrollment.
+        def guardian_enrollment(enrollment_id)
+          raise Auth0::MissingParameter, 'Must supply a valid enrollment_id' if enrollment_id.to_s.empty?
+
+          path = "#{guardian_enrollments_path}/#{enrollment_id}"
+          get(path)
+        end
+        alias get_guardian_enrollment guardian_enrollment
+
+        # Deletes a single Guardian enrollment given its id.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/delete_enrollments_by_id
+        # @param enrollment_id [string] The enrollment_id of the Guardian enrollment to delete.
+        def delete_guardian_enrollment(enrollment_id)
+          raise Auth0::MissingParameter, 'Must supply a valid enrollment_id' if enrollment_id.to_s.empty?
+
+          path = "#{guardian_enrollments_path}/#{enrollment_id}"
+          delete(path)
+        end
+
+        # Retrieves SMS enrollment and verification templates.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/get_templates
+        # @return [json] Returns enrollment and verification templates.
+        def guardian_sms_templates
+          path = "#{guardian_factors_path}/sms/templates"
+          get(path)
+        end
+        alias get_guardian_sms_templates guardian_sms_templates
+
+        # Updates SMS enrollment and verification SMS templates.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/put_templates
+        # @param body [hash] The parameters to update.
+        #
+        # @return [json] Returns updated SMS enrollment and verification templates.
+        def guardian_update_enrollment_verification_templates(body)
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty?
+
+          path = "#{guardian_factors_path}/sms/templates"
+          put(path, body)
+        end
+
+        # Retrieves provider configuration for AWS SNS.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/get_sns
+        # @return [json] Returns provider configuration for AWS SNS.
+        def guardian_sns_provider_config
+          path = "#{guardian_factors_path}/push-notification/providers/sns"
+          get(path)
+        end
+        alias get_guardian_sns_provider_config guardian_sns_provider_config
+
+        # Updates provider configuration for AWS SNS.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/put_sns
+        # @param body [hash] The parameters to update.
+        #
+        # @return [json] Returns updated provider configuration for AWS SNS.
+        def guardian_update_sns_provider_config(body)
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty?
+
+          path = "#{guardian_factors_path}/push-notification/providers/sns"
+          put(path, body)
+        end
+
+        # Retrieves provider configuration for Twilio.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/get_twilio
+        # @return [json] Returns provider configuration for Twilio.
+        def guardian_twillo_provider_config
+          path = "#{guardian_factors_path}/sms/providers/twilio"
+          get(path)
+        end
+        alias get_guardian_twillo_provider_config guardian_twillo_provider_config
+
+        # Updates provider configuration for Twilio.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/put_twilio
+        # @param body [hash] The parameters to update.
+        #
+        # @return [json] Returns updated provider configuration for Twilio.
+        def guardian_update_twillo_provider_config(body)
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty?
+
+          path = "#{guardian_factors_path}/sms/providers/twilio"
+          put(path, body)
+        end
+
+        # Creates a Guardian enrollment ticket.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/post_ticket
+        # @param body [hash] User details to create enrollment ticket for.
+        # @return [json] Returns details of created enrollment ticket.
+        def guardian_create_enrollment_ticket(body)
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty?
+
+          path = "#{guardian_enrollments_path}/ticket"
+          post(path, body)
+        end
+
+        # Updates a Guardian factor.
+        # @see https://auth0.com/docs/api/management/v2#!/Guardian/put_factors_by_name
+        # @param name [string] Name of Guardian factor to update.
+        # @param body [hash] The parameters to update.
+        # @return [json] Returns details of updated Guardian factor.
+        def guardian_update_factor(name, body)
+          raise Auth0::MissingParameter, 'Must supply a valid name' if name.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty?
+
+          path = "#{guardian_factors_path}/#{name}"
+          put(path, body)
+        end
+
+        private
+
+        # Guardian API path
+        def guardian_path
+          @guardian_path ||= '/api/v2/guardian'
+        end
+
+        def guardian_enrollments_path
+          @guardian_enrollments_path ||= "#{guardian_path}/enrollments"
+        end
+
+        def guardian_factors_path
+          @guardian_factors_path ||= "#{guardian_path}/factors"
+        end
+      end
+    end
+  end
+end