auth0 5.0.1 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf18eaf917c7c8c5e3cccc4dad6a9824e50c921ea6b21612dc175ceb9dc447bc
-  data.tar.gz: 410e68beb033e30432bef49be72a04a14d65ecc63f5fd3dab784ca0bbf222f02
+  metadata.gz: 268e36ef0f352a266607bdad5435b4ebddfacc3b29dd4aa4d922966950ca0e46
+  data.tar.gz: 2190414d235036db1218c7560d67a1cb9a300f02495d2fdaa1c267398480d130
 SHA512:
-  metadata.gz: eb8c767fc4a1539b9d778893bfd1eda7ccbd5ca1194dba5f79f5d84a5563c6038fdf66d640a0be6150cc913e0ce7479f9b434fe6552eec5459e058b0e3cbab8e
-  data.tar.gz: f8f03fd5d1e0d5358874fee49e72024942825e38a74799cc732af2977fcc5a582eac211dfbe021e22d8d55992460fbfbf4e48b66511180bb12c4c1ede415cf4b
+  metadata.gz: 52706c2e0c0ed270a987ec83568e94cf37d9b4a951ef00f813fed275c6a0ddb15b87324111a399b34d09b3ee448446140d197670a003be6f2bcd930295f73867
+  data.tar.gz: 9f316b486484eb9af039b3f39670a259fc9d1e41b249e7faa4916d1b6345a54ba6233f2d2dc4daf4c55dc41756269062a5a7fb539b9c6285224a9b45140911eb

data/.circleci/config.yml

@@ -28,12 +28,10 @@ jobs:
     steps:
       - checkout
       - restore_cache:
-          keys:
-            - gems-v2-{{ checksum "Gemfile.lock" }}
-            - gems-v2-
-      - run: bundle check || bundle install
+          key: gems-v2-{{ checksum "Gemfile.lock" }}
+      - run: bundle check --path=vendor/bundle || bundle install --path=vendor/bundle
       - save_cache:
-          key: gems-v2--{{ checksum "Gemfile.lock" }}
+          key: gems-v2-{{ checksum "Gemfile.lock" }}
           paths:
             - vendor/bundle
       # Must define DOMAIN, CLIENT_ID, CLIENT_SECRET and MASTER_JWT env

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## [v5.1.0](https://github.com/auth0/ruby-auth0/tree/v5.1.0) (2021-04-09)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.0.1..v5.1.0)
+
+**Added**
+
+- Org idtoken validation guidance  [\#267](https://github.com/auth0/ruby-auth0/pull/267) ([davidpatrick](https://github.com/davidpatrick))
+- Adds Branding endpoints [\#266](https://github.com/auth0/ruby-auth0/pull/266) ([davidpatrick](https://github.com/davidpatrick))
+- Organizations feature [\#264](https://github.com/auth0/ruby-auth0/pull/264) ([davidpatrick](https://github.com/davidpatrick))
+- Add Organizations support to Authentication API Client [\#263](https://github.com/auth0/ruby-auth0/pull/263) ([davidpatrick](https://github.com/davidpatrick))
+- Add api_identifier as an accepted configurable [\#261](https://github.com/auth0/ruby-auth0/pull/261) ([QWYNBG](https://github.com/QWYNBG))
+- add name param to connections api [\#260](https://github.com/auth0/ruby-auth0/pull/260) ([QWYNBG](https://github.com/QWYNBG))
+
 ## [v5.0.1](https://github.com/auth0/ruby-auth0/tree/v5.0.1) (2021-02-02)
 
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.0.0..v5.0.1)

data/README.md

@@ -113,6 +113,61 @@ In addition to the Management API, this SDK also provides access to [Authenticat
 
 Please note that this module implements endpoints that might be deprecated for newer tenants. If you have any questions about how and when the endpoints should be used, consult the [documentation](https://auth0.com/docs/api/authentication) or ask in our [Community forums](https://community.auth0.com/tags/wordpress).
 
+### Organizations
+
+[Organizations](https://auth0.com/docs/organizations) is a set of features that provide better support for developers who build and maintain SaaS and Business-to-Business (B2B) applications.
+
+Using Organizations, you can:
+
+- Represent teams, business customers, partner companies, or any logical grouping of users that should have different ways of accessing your applications, as organizations.
+- Manage their membership in a variety of ways, including user invitation.
+- Configure branded, federated login flows for each organization.
+- Implement role-based access control, such that users can have different roles when authenticating in the context of different organizations.
+- Build administration capabilities into your products, using Organizations APIs, so that those businesses can manage their own organizations.
+
+Note that Organizations is currently only available to customers on our Enterprise and Startup subscription plans.
+
+#### Logging in with an Organization
+
+Configure the Authentication API client and pass your Organization ID to the authorize url:
+
+```ruby
+require 'auth0'
+
+@auth0_client ||= Auth0Client.new(
+  client_id: '{YOUR_APPLICATION_CLIENT_ID}',
+  client_secret: '{YOUR_APPLICATION_CLIENT_SECRET}',
+  domain: '{YOUR_TENANT}.auth0.com',
+  organization: "{YOUR_ORGANIZATION_ID}"
+)
+
+universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}")
+
+# redirect_to universal_login_url
+```
+
+#### Accepting user invitations
+
+Auth0 Organizations allow users to be invited using emailed links, which will direct a user back to your application. The URL the user will arrive at is based on your configured `Application Login URI`, which you can change from your Application's settings inside the Auth0 dashboard.  When they arrive at this URL, a `invitation` and `organization` query parameters will be provided
+
+```ruby
+require 'auth0'
+
+@auth0_client ||= Auth0Client.new(
+  client_id: '{YOUR_APPLICATION_CLIENT_ID}',
+  client_secret: '{YOUR_APPLICATION_CLIENT_ID}',
+  domain: '{YOUR_TENANT}.auth0.com',
+  organization: "{YOUR_ORGANIZATION_ID}"
+)
+
+universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}", {
+  organization: "{ORGANIZATION_QUERY_PARAM}", # You can override organization if needed
+  invitation: "{INVITATION_QUERY_PARAM}"
+})
+
+# redirect_to universal_login_url
+```
+
 ## ID Token Validation
 
 An ID token may be present in the credentials received after authentication. This token contains information associated with the user that has just logged in, provided the scope used contained `openid`. You can [read more about ID tokens here](https://auth0.com/docs/tokens/concepts/id-tokens).
@@ -137,6 +192,7 @@ The method takes the following optional keyword parameters:
 | `max_age`     | Integer        | The `max_age` value you sent in the call to `/authorize`, if any.  | `nil`  |
 | `issuer`      | String         | By default the `iss` claim will be checked against the URL of your **Auth0 Domain**. Use this parameter to override that. | `nil`  |
 | `audience`    | String         | By default the `aud` claim will be compared to your **Auth0 Client ID**. Use this parameter to override that.  | `nil`  |
+| `organization`| String         | By default the `org_id` claim will be compared to your **Organization ID**. Use this parameter to override that.  | `nil`  |
 
 You can check the signing algorithm value under **Advanced Settings > OAuth > JsonWebToken Signature Algorithm** in your Auth0 application settings panel. [We recommend](https://auth0.com/docs/tokens/concepts/signing-algorithms#our-recommendation) that you make use of asymmetric signing algorithms like `RS256` instead of symmetric ones like `HS256`.
 
@@ -158,6 +214,29 @@ rescue Auth0::InvalidIdToken => e
 end
 ```
 
+### Organization ID Token Validation
+
+If an org_id claim is present in the Access Token, then the claim should be validated by the API to ensure that the value received is expected or known.
+
+In particular:
+
+* The issuer (iss) claim should be checked to ensure the token was issued by Auth0
+
+* the org_id claim should be checked to ensure it is a value that is already known to the application. This could be validated against a known list of organization IDs, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token.
+
+Normally, validating the issuer would be enough to ensure that the token was issued by Auth0. In the case of organizations, additional checks should be made so that the organization within an Auth0 tenant is expected.
+
+If the claim cannot be validated, then the application should deem the token invalid.
+
+```ruby
+begin
+  @auth0_client.validate_id_token 'YOUR_ID_TOKEN', organization: '{Expected org_id}'
+rescue Auth0::InvalidIdToken => e
+  # In this case the ID Token contents should not be trusted
+end
+
+For more information, please read [Work with Tokens and Organizations](https://auth0.com/docs/organizations/using-tokens) on Auth0 Docs.
+
 ## Development
 
 In order to set up the local environment you'd have to have Ruby installed and a few global gems used to run and record the unit tests. A working Ruby version can be taken from the [CI script](/.circleci/config.yml). At the moment of this writting we're using Ruby `2.5.7`.
@@ -231,4 +310,4 @@ If you find a bug or have a feature request, please report them in this reposito
 This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
 
 
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0?ref=badge_large)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0?ref=badge_large)

data/lib/auth0/api/authentication_endpoints.rb

@@ -14,18 +14,23 @@ module Auth0
       # Request an API access token using a Client Credentials grant
       # @see https://auth0.com/docs/api-auth/tutorials/client-credentials
       # @param audience [string] API audience to use
+      # @param organization [string] Organization ID
       # @return [json] Returns the API token
       def api_token(
         client_id: @client_id,
         client_secret: @client_secret,
-        audience: "https://#{@domain}/api/v2/"
+        organization: @organization,
+        audience: nil
       )
+
         request_params = {
           grant_type: 'client_credentials',
           client_id: client_id,
           client_secret: client_secret,
-          audience: audience
+          audience: audience,
+          organization: organization
         }
+
         response = post('/oauth/token', request_params)
         ::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
       end
@@ -220,7 +225,7 @@ module Auth0
       # Return an authorization URL.
       # @see https://auth0.com/docs/api/authentication#authorization-code-grant
       # @param redirect_uri [string] URL to redirect after authorization
-      # @param options [hash] Can contain response_type, connection, state and additional_parameters.
+      # @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
       # @return [url] Authorization URL.
       def authorization_url(redirect_uri, options = {})
         raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
@@ -231,7 +236,9 @@ module Auth0
           connection: options.fetch(:connection, nil),
           redirect_uri: redirect_uri,
           state: options.fetch(:state, nil),
-          scope: options.fetch(:scope, nil)
+          scope: options.fetch(:scope, nil),
+          organization: options.fetch(:organization, @organization),
+          invitation: options.fetch(:invitation, nil)
         }.merge(options.fetch(:additional_parameters, {}))
 
         URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
@@ -296,7 +303,7 @@ module Auth0
       # @see https://auth0.com/docs/tokens/guides/validate-id-tokens
       # @param id_token [string] The JWT to validate.
       # @param algorithm [JWKAlgorithm] The expected signing algorithm.
-      #   Defaults to +Auth0::Algorithm::RS256.jwks_url("https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json", lifetime: 10 * 60)+.
+
       # @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
       #   Must be a non-negative value. Defaults to *60 seconds*.
       # @param nonce [string] The nonce value sent during authentication.
@@ -306,8 +313,10 @@ module Auth0
       #   Defaults to +https://YOUR_AUTH0_DOMAIN/+.
       # @param audience [string] The expected audience claim value.
       #   Defaults to your *Auth0 Client ID*.
+      # @param organization [string] Organization ID
+      #   Defaults to your *Auth0 Organization ID*.
       # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
-      def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
+      def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization)
         context = {
           issuer: issuer || "https://#{@domain}/",
           audience: audience || @client_id,
@@ -317,6 +326,7 @@ module Auth0
 
         context[:nonce] = nonce unless nonce.nil?
         context[:max_age] = max_age unless max_age.nil?
+        context[:organization] = organization unless !organization
 
         Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
       end

data/lib/auth0/api/v2.rb

@@ -1,5 +1,6 @@
 require 'auth0/api/v2/anomaly'
 require 'auth0/api/v2/blacklists'
+require 'auth0/api/v2/branding'
 require 'auth0/api/v2/clients'
 require 'auth0/api/v2/client_grants'
 require 'auth0/api/v2/connections'
@@ -7,6 +8,7 @@ require 'auth0/api/v2/device_credentials'
 require 'auth0/api/v2/emails'
 require 'auth0/api/v2/jobs'
 require 'auth0/api/v2/prompts'
+require 'auth0/api/v2/organizations'
 require 'auth0/api/v2/rules'
 require 'auth0/api/v2/roles'
 require 'auth0/api/v2/stats'
@@ -26,25 +28,27 @@ module Auth0
     module V2
       include Auth0::Api::V2::Anomaly
       include Auth0::Api::V2::Blacklists
+      include Auth0::Api::V2::Branding
       include Auth0::Api::V2::Clients
       include Auth0::Api::V2::ClientGrants
       include Auth0::Api::V2::Connections
       include Auth0::Api::V2::DeviceCredentials
       include Auth0::Api::V2::Emails
+      include Auth0::Api::V2::Guardian
       include Auth0::Api::V2::Jobs
+      include Auth0::Api::V2::Logs
+      include Auth0::Api::V2::LogStreams
       include Auth0::Api::V2::Prompts
+      include Auth0::Api::V2::Organizations
       include Auth0::Api::V2::Rules
       include Auth0::Api::V2::Roles
       include Auth0::Api::V2::Stats
       include Auth0::Api::V2::Users
       include Auth0::Api::V2::UsersByEmail
       include Auth0::Api::V2::UserBlocks
+      include Auth0::Api::V2::ResourceServers
       include Auth0::Api::V2::Tenants
       include Auth0::Api::V2::Tickets
-      include Auth0::Api::V2::Logs
-      include Auth0::Api::V2::LogStreams
-      include Auth0::Api::V2::ResourceServers
-      include Auth0::Api::V2::Guardian
     end
   end
 end

data/lib/auth0/api/v2/branding.rb

@@ -0,0 +1,66 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the branding endpoints
+      module Branding
+        attr_reader :branding_path
+
+        # Retrieve branding settings.
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/get_branding
+        #
+        # @return [json] Returns branding settings.
+        def branding()
+          get(branding_path)
+        end
+        alias get_branding branding
+
+        # Update branding settings.
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/patch_branding
+        # @param body [hash] the branding settings to update
+        #
+        # @return [json] Returns branding settings.
+        def patch_branding(body = {})
+          patch(branding_path, body)
+        end
+        alias update_branding patch_branding
+
+        # Get template for New Universal Login Experience
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/get_universal_login
+        #
+        # @return [json] Returns branding settings.
+        def branding_templates_for_universal_login
+          get(templates_path)
+        end
+        alias get_branding_templates_for_universal_login branding_templates_for_universal_login
+
+        # Delete template for New Universal Login Experience
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/delete_universal_login
+        # @param rule_id [string] The id of the rule to delete.
+        def delete_branding_templates_for_universal_login
+          delete(templates_path)
+        end
+
+        # Set template for New Universal Login Experience
+        # @see https://auth0.com/docs/api/management/v2/#!/Branding/put_universal_login
+        # @param body [hash] the branding settings to update
+        #
+        # @return [json] Returns branding settings.
+        def put_branding_templates_for_universal_login(body = {})
+          put(templates_path, body)
+        end
+        alias set_branding_templates_for_universal_login put_branding_templates_for_universal_login
+
+        private
+
+        # Branding API path
+        def branding_path
+          @branding_path ||= '/api/v2/branding'
+        end
+
+        def templates_path
+          @templates_path ||= "#{branding_path}/templates/universal-login"
+        end
+      end
+    end
+  end
+end

data/lib/auth0/api/v2/connections.rb

@@ -9,6 +9,7 @@ module Auth0
         # being specified. Accepts a list of fields to include or exclude in the resulting list of connection objects.
         # @see https://auth0.com/docs/api/management/v2#!/Connections/get_connections
         # @param strategy [string] Strategy to filter connection results.
+        # @param name [string] Name to filter connection results.
         # @param fields [string] A comma separated list of fields to include or exclude from the result.
         # @param include_fields [boolean] True if the fields specified are to be included in the result, false otherwise.
         # @param page [int] Page number to get, 0-based.
@@ -16,6 +17,7 @@ module Auth0
         # @return [json] Returns the existing connections matching the strategy.
         def connections(
           strategy: nil,
+          name: nil,
           fields: nil,
           include_fields: nil,
           page: nil,
@@ -24,6 +26,7 @@ module Auth0
           include_fields = true if !fields.nil? && include_fields.nil?
           request_params = {
             strategy: strategy,
+            name: name,
             fields: fields.is_a?(Array) ? fields.join(',') : fields,
             include_fields: include_fields,
             page: !page.nil? ? page.to_i : nil,

data/lib/auth0/api/v2/jobs.rb

@@ -81,13 +81,15 @@ module Auth0
         # @param identity [hash] Used to verify secondary, federated, and passwordless-email identities.
         #   * :user_id [string] user_id of the identity.
         #   * :provider [string] provider of the identity.
+        # @param organization_id [string] organization id
         #
         # @return [json] Returns the job status and properties.
-        def send_verification_email(user_id, client_id = nil, identity: nil)
+        def send_verification_email(user_id, client_id = nil, identity: nil, organization_id: nil)
           raise Auth0::InvalidParameter, 'Must specify a user id' if user_id.to_s.empty?
 
           request_params = { user_id: user_id }
           request_params[:client_id] = client_id unless client_id.nil?
+          request_params[:organization_id] = organization_id unless organization_id.nil?
 
           if identity
             unless identity.is_a? Hash

data/lib/auth0/api/v2/organizations.rb

@@ -0,0 +1,332 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the organizations endpoints
+      module Organizations
+        include Auth0::Mixins::Validation
+
+        attr_reader :organizations_path
+
+        # Get all organizations.
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_organizations
+        # @param options [hash] The Hash options used to define the paging of rersults
+        #   * :per_page [integer] The amount of entries per page. Default: 50. Max value: 100.
+        #   * :page [integer] The page number. Zero based.
+        #   * :include_totals [boolean] True to include query summary in the result, false or nil otherwise.
+        # @return [json] All Organizations
+        def organizations(options = {})
+          request_params = {
+            per_page:       options.fetch(:per_page, nil),
+            page:           options.fetch(:page, nil),
+            include_totals: options.fetch(:include_totals, nil)
+          }
+          get(organizations_path, request_params)
+        end
+        alias get_organizations organizations
+
+        # Create a new organization.
+        # @see ttps://auth0.com/docs/api/management/v2/#!/Organizations/post_organizations
+        # @param options [hash] See https://auth0.com/docs/api/management/v2/#!/Organizations/post_organizations for available options
+        # @return [json] Returns the created organization.
+        def create_organization(options = {})
+          post(organizations_path, options)
+        end
+
+        # Get an organization by id. A token with read:organizations scope is required
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_organizations_by_id
+        # @param organization_id [string] The organization_id of the user to retrieve.
+        #
+        # @return [json] Returns the organization with the given organization_id if it exists.
+        def organization(organization_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          path = "#{organizations_path}/#{organization_id}"
+          get(path)
+        end
+
+        # Get an organization by name. A token with read:organizations scope is required.
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_name_by_name
+        # @param organization_name [string] The Organization name
+        #
+        # @return [json] Returns the organization with the given organization_name if it exists.
+        def organization_by_name(organization_name)
+          raise Auth0::InvalidParameter, 'Must supply a valid organization_name' if organization_name.to_s.empty?
+          path = "#{organizations_path}/name/#{organization_name}"
+          get(path)
+        end
+
+
+        # Deletes a single organization given its id
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/delete_organizations_by_id
+        # @param organization_id [string] The Organization ID
+        def delete_organization(organization_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          path = "#{organizations_path}/#{organization_id}"
+          delete(path)
+        end
+
+        # Update an existing organization.
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/patch_organizations_by_id
+        # @param organization_id [string] The Organization ID
+        # @param body [hash] The optional parameters to update.
+        #
+        # @return [json] Returns the updated user.
+        def patch_organization(organization_id, body)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty? || body.empty?
+          path = "#{organizations_path}/#{organization_id}"
+          patch(path, body)
+        end
+        alias update_organization patch_organization
+
+        ### Organization Enabled Connections
+
+        # Get enabled connections in an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_enabled_connections
+        # @param organization_id [string] The Organization ID
+        #
+        # @return [json] Returns the enabled connections for the given organization
+        def get_organizations_enabled_connections(organization_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          path = "#{organizations_enabled_connections_path(organization_id)}"
+          get(path)
+        end
+
+        # Get enabled connection by id in an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_enabled_connections_by_connectionId
+        # @param organization_id [string] The Organization ID
+        # @param connection_id [string] The Connection id
+        #
+        # @return [json] Returns the connection for the given organization
+        def get_organizations_enabled_connection(organization_id, connection_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid connection id' if connection_id.to_s.empty?
+          path = "#{organizations_enabled_connections_path(organization_id)}/#{connection_id}"
+          get(path)
+        end
+
+        # Update an eanbled connection in an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/patch_enabled_connections_by_connectionId
+        # @param organization_id [string] The Organization ID
+        # @param connection_id [string] The Connection id
+        # @param assign_membership_on_login [boolean] flag to allow assign membership on login
+        #
+        # @return [json] Returns the connection for the given organization
+        def patch_organizations_enabled_connection(organization_id, connection_id, assign_membership_on_login: nil)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid connection id' if connection_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid assign_membership_on_login value' if assign_membership_on_login.nil?
+          path = "#{organizations_enabled_connections_path(organization_id)}/#{connection_id}"
+
+          body = {}
+          body[:assign_membership_on_login] = assign_membership_on_login
+
+          patch(path, body)
+        end
+        alias update_organizations_enabled_connection patch_organizations_enabled_connection
+
+        # Add an enabled connection for an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/post_enabled_connections
+        # @param organization_id [string] The Organization ID
+        # @param assign_membership_on_login [boolean] flag to allow assign membership on login
+        #
+        # @return [json] Returns the connection for the given organization
+        def create_organizations_enabled_connection(organization_id, assign_membership_on_login: false)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          path = "#{organizations_enabled_connections_path(organization_id)}"
+          
+          body = {}
+          body[:assign_membership_on_login] = assign_membership_on_login
+
+          post(path, body)
+        end
+        alias add_organizations_enabled_connection create_organizations_enabled_connection
+
+        # Remove an enabled connection from an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/delete_enabled_connections_by_connectionId
+        # @param organization_id [string] The Organization ID
+        # @param connection_id [string] The Connection id
+        def delete_organizations_enabled_connection(organization_id, connection_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid connection id' if connection_id.to_s.empty?
+          path = "#{organizations_enabled_connections_path(organization_id)}/#{connection_id}"
+          delete(path)
+        end
+        alias remove_organizations_enabled_connection delete_organizations_enabled_connection
+
+        ### Organization Invites
+
+        # Get invites in an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_invitations
+        # @param organization_id [string] The Organization ID
+        #
+        # @return [json] Returns the invites for the given organization
+        def get_organizations_invites(organization_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          path = "#{organizations_invitations_path(organization_id)}"
+          get(path)
+        end
+
+        # Get invite by id in an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_invitations_by_invitation_id
+        # @param organization_id [string] The Organization ID
+        # @param invitation_id [string] The invitation id
+        #
+        # @return [json] Returns the invitation for the given organization
+        def get_organizations_invite(organization_id, invitation_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid invitation id' if invitation_id.to_s.empty?
+          path = "#{organizations_invitations_path(organization_id)}/#{invitation_id}"
+          get(path)
+        end
+
+        # Create an invitation in an organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/post_invitations
+        # @param organization_id [string] The Organization ID
+        # @param options [hash] See https://auth0.com/docs/api/management/v2/#!/Organizations/post_invitations
+        # @return [json] Returns the invitation for the given organization
+        def create_organizations_invite(organization_id, options = {})
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          path = "#{organizations_invitations_path(organization_id)}"
+          
+          post(path, options)
+        end
+        alias add_organizations_invite create_organizations_invite
+
+        # Delete an invitation to organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/delete_invitations_by_invitation_id
+        # @param organization_id [string] The Organization ID
+        # @param invitation_id [string] The Invitation id
+        def delete_organizations_invite(organization_id, invitation_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid invitation id' if invitation_id.to_s.empty?
+          path = "#{organizations_invitations_path(organization_id)}/#{invitation_id}"
+          delete(path)
+        end
+        alias remove_organizations_invite delete_organizations_invite
+
+        ### Organization Member
+
+        # Get Members in a Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_members
+        # @param organization_id [string] The Organization ID
+        # @param user_id [string] The User ID
+        #
+        # @return [json] Returns the members for the given organization
+        def get_organizations_members(organization_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          path = "#{organizations_members_path(organization_id)}"
+          get(path)
+        end
+
+        # Add members in an organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/post_members
+        # @param organization_id [string] The Organization ID
+        # @param members [array] Array of user IDs.
+        #
+        # @return [json] Returns the invitation for the given organization
+        def create_organizations_members(organization_id, members = [])
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply an array of member ids' if members.empty?
+          path = "#{organizations_members_path(organization_id)}"
+          
+          body = {}
+          body[:members] = members
+
+          post(path, body)
+        end
+        alias add_organizations_members create_organizations_members
+
+        # Remove members from an organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/delete_members
+        # @param organization_id [string] The Organization ID
+        # @param members [array] Array of user IDs.
+        def delete_organizations_members(organization_id, members = [])
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply an array of member ids' if members.empty?
+          path = "#{organizations_members_path(organization_id)}"
+
+          body = {}
+          body[:members] = members
+
+          delete(path, body)
+        end
+        alias remove_organizations_members delete_organizations_members
+
+        ### Organization Member Roles
+
+        # Get Roles assigned to a Member in an Organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_organization_member_roles
+        # @param organization_id [string] The Organization ID
+        # @param user_id [string] The User ID
+        #
+        # @return [json] Returns the member_roles for the given organization
+        def get_organizations_member_roles(organization_id, user_id)
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid user id' if user_id.to_s.empty?
+          path = "#{organizations_member_roles_path(organization_id, user_id)}"
+          get(path)
+        end
+
+        # Assign roles to a member in an organization
+        # @see https://auth0.com/docs/api/management/v2/#!/Organizations/post_organization_member_roles
+        # @param organization_id [string] The Organization ID
+        # @param user_id [string] The User ID
+        # @param roles [array] Array of role IDs.
+        #
+        # @return [json] Returns the invitation for the given organization
+        def create_organizations_member_roles(organization_id, user_id, roles = [])
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid user id' if user_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply an array of role ids' if roles.empty?
+          path = "#{organizations_member_roles_path(organization_id, user_id)}"
+          
+          body = {}
+          body[:roles] = roles
+
+          post(path, body)
+        end
+        alias add_organizations_member_roles create_organizations_member_roles
+
+        # Remove roles from a Member of an organization
+        # @https://auth0.com/docs/api/management/v2/#!/Organizations/delete_organization_member_roles
+        # @param organization_id [string] The Organization ID
+        # @param user_id [string] The User ID
+        # @param roles [array] Array of role IDs.
+        def delete_organizations_member_roles(organization_id, user_id, roles = [])
+          raise Auth0::MissingOrganizationId, 'Must supply a valid organization_id' if organization_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid user id' if user_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply an array of role ids' if roles.empty?
+          path = "#{organizations_member_roles_path(organization_id, user_id)}"
+                    
+          body = {}
+          body[:roles] = roles
+
+          delete(path, body)
+        end
+        alias remove_organizations_member_roles delete_organizations_member_roles
+
+        private
+        # Organizations API path
+        def organizations_path
+          @organizations_path ||= '/api/v2/organizations'
+        end
+
+        def organizations_enabled_connections_path(org_id)
+          "#{organizations_path}/#{org_id}/enabled_connections"
+        end
+
+        def organizations_members_path(org_id)
+          "#{organizations_path}/#{org_id}/members"
+        end
+
+        def organizations_member_roles_path(org_id, user_id)
+          "#{organizations_path}/#{org_id}/members/#{user_id}/roles"
+        end
+
+        def organizations_invitations_path(org_id)
+          "#{organizations_path}/#{org_id}/invitations"
+        end
+      end
+    end
+  end
+end