auth0 5.0.1 → 5.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +3 -5
- data/CHANGELOG.md +46 -0
- data/README.md +81 -1
- data/auth0.gemspec +6 -6
- data/lib/auth0/api/authentication_endpoints.rb +16 -6
- data/lib/auth0/api/v2.rb +8 -4
- data/lib/auth0/api/v2/branding.rb +66 -0
- data/lib/auth0/api/v2/connections.rb +8 -2
- data/lib/auth0/api/v2/device_credentials.rb +3 -3
- data/lib/auth0/api/v2/jobs.rb +3 -1
- data/lib/auth0/api/v2/organizations.rb +335 -0
- data/lib/auth0/api/v2/tickets.rb +14 -2
- data/lib/auth0/api/v2/users.rb +12 -0
- data/lib/auth0/exception.rb +3 -1
- data/lib/auth0/mixins/httpproxy.rb +4 -1
- data/lib/auth0/mixins/initializer.rb +3 -1
- data/lib/auth0/mixins/validation.rb +14 -0
- data/lib/auth0/version.rb +1 -1
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_exclude_the_fields_indicated.yml +38 -26
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_include_the_fields_indicated.yml +38 -24
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/should_find_the_correct_connection.yml +38 -26
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_include_previously-created_connection_when_filtered.yml +41 -21
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_exclude_the_fields_indicated_from_filtered_results.yml +41 -21
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_include_the_fields_indicated_from_filtered_results.yml +41 -21
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_include_the_previously_created_connection.yml +41 -21
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_not_be_empty.yml +41 -21
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection/should_delete_the_connection.yml +45 -24
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection_user/should_delete_the_user_created.yml +75 -39
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_update_connection/should_update_the_connection.yml +39 -28
- data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/create_test_connection.yml +37 -25
- data/spec/lib/auth0/api/v2/branding_spec.rb +70 -0
- data/spec/lib/auth0/api/v2/connections_spec.rb +5 -1
- data/spec/lib/auth0/api/v2/device_credentials_spec.rb +2 -2
- data/spec/lib/auth0/api/v2/jobs_spec.rb +11 -0
- data/spec/lib/auth0/api/v2/organizations_spec.rb +593 -0
- data/spec/lib/auth0/api/v2/tickets_spec.rb +55 -0
- data/spec/lib/auth0/api/v2/users_spec.rb +19 -0
- data/spec/lib/auth0/client_spec.rb +79 -9
- data/spec/lib/auth0/mixins/httpproxy_spec.rb +8 -8
- data/spec/lib/auth0/mixins/validation_spec.rb +32 -0
- metadata +21 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b3563e4bf62c09fff26ea8b276131cbec25df91f0d25b85182490df7e71a6eea
|
4
|
+
data.tar.gz: 89cd204c4a5a0ef27ceec06f7bcb4af91328850013d0e6f8fa22b4cc718281af
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b99d7e3483904fce1d4e657c5b309ade0c94b8031e00b86afe65a4d7decb5fbdc034d08179d393b7427005f3295a8e496d6f027b8bbb9e3d432e3e9f419bdac4
|
7
|
+
data.tar.gz: 26dd85e196c16c135a6b78f933e7ddb30958f74c28bfc18f798ce0a3529e50b06bcd970df9439d704f665744365e80db00cfad37d22812a0e086afe6c2fdff71
|
data/.circleci/config.yml
CHANGED
@@ -28,12 +28,10 @@ jobs:
|
|
28
28
|
steps:
|
29
29
|
- checkout
|
30
30
|
- restore_cache:
|
31
|
-
|
32
|
-
|
33
|
-
- gems-v2-
|
34
|
-
- run: bundle check || bundle install
|
31
|
+
key: gems-v2-{{ checksum "Gemfile.lock" }}
|
32
|
+
- run: bundle check --path=vendor/bundle || bundle install --path=vendor/bundle
|
35
33
|
- save_cache:
|
36
|
-
key: gems-v2
|
34
|
+
key: gems-v2-{{ checksum "Gemfile.lock" }}
|
37
35
|
paths:
|
38
36
|
- vendor/bundle
|
39
37
|
# Must define DOMAIN, CLIENT_ID, CLIENT_SECRET and MASTER_JWT env
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,51 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
+
## [v5.2.0](https://github.com/auth0/ruby-auth0/tree/v5.2.0) (2021-07-20)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.1.2..v5.2.0)
|
6
|
+
|
7
|
+
**Fixed**
|
8
|
+
|
9
|
+
- Ensure email param is properly encoded in delete_connection_user [\#280](https://github.com/auth0/ruby-auth0/pull/280) ([widcket](https://github.com/widcket))
|
10
|
+
|
11
|
+
**Added**
|
12
|
+
|
13
|
+
- Adds Rotating Refresh Token type to Device Credentials [\#275](https://github.com/auth0/ruby-auth0/pull/275) ([epintos](https://github.com/epintos))
|
14
|
+
|
15
|
+
**Changed**
|
16
|
+
|
17
|
+
- Do not lock dependencies to minor version [\#279](https://github.com/auth0/ruby-auth0/pull/279) ([athix](https://github.com/athix))
|
18
|
+
|
19
|
+
## [v5.1.2](https://github.com/auth0/ruby-auth0/tree/v5.1.2) (2021-07-15)
|
20
|
+
|
21
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.1.1..v5.1.2)
|
22
|
+
|
23
|
+
**Security**
|
24
|
+
|
25
|
+
- Bump addressable version per CVE-2021-32740 [\#276](https://github.com/auth0/ruby-auth0/pull/276) ([lostapathy](https://github.com/lostapathy))
|
26
|
+
|
27
|
+
## [v5.1.1](https://github.com/auth0/ruby-auth0/tree/v5.1.1) (2021-04-14)
|
28
|
+
|
29
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.1.0..v5.1.1)
|
30
|
+
|
31
|
+
**Fixed**
|
32
|
+
|
33
|
+
- Fixes create_organizations_enabled_connection [\#269](https://github.com/auth0/ruby-auth0/pull/269) ([davidpatrick](https://github.com/apps/davidpatrick))
|
34
|
+
|
35
|
+
|
36
|
+
## [v5.1.0](https://github.com/auth0/ruby-auth0/tree/v5.1.0) (2021-04-09)
|
37
|
+
|
38
|
+
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.0.1..v5.1.0)
|
39
|
+
|
40
|
+
**Added**
|
41
|
+
|
42
|
+
- Org idtoken validation guidance [\#267](https://github.com/auth0/ruby-auth0/pull/267) ([davidpatrick](https://github.com/davidpatrick))
|
43
|
+
- Adds Branding endpoints [\#266](https://github.com/auth0/ruby-auth0/pull/266) ([davidpatrick](https://github.com/davidpatrick))
|
44
|
+
- Organizations feature [\#264](https://github.com/auth0/ruby-auth0/pull/264) ([davidpatrick](https://github.com/davidpatrick))
|
45
|
+
- Add Organizations support to Authentication API Client [\#263](https://github.com/auth0/ruby-auth0/pull/263) ([davidpatrick](https://github.com/davidpatrick))
|
46
|
+
- Add api_identifier as an accepted configurable [\#261](https://github.com/auth0/ruby-auth0/pull/261) ([QWYNBG](https://github.com/QWYNBG))
|
47
|
+
- add name param to connections api [\#260](https://github.com/auth0/ruby-auth0/pull/260) ([QWYNBG](https://github.com/QWYNBG))
|
48
|
+
|
3
49
|
## [v5.0.1](https://github.com/auth0/ruby-auth0/tree/v5.0.1) (2021-02-02)
|
4
50
|
|
5
51
|
[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.0.0..v5.0.1)
|
data/README.md
CHANGED
@@ -113,6 +113,61 @@ In addition to the Management API, this SDK also provides access to [Authenticat
|
|
113
113
|
|
114
114
|
Please note that this module implements endpoints that might be deprecated for newer tenants. If you have any questions about how and when the endpoints should be used, consult the [documentation](https://auth0.com/docs/api/authentication) or ask in our [Community forums](https://community.auth0.com/tags/wordpress).
|
115
115
|
|
116
|
+
### Organizations
|
117
|
+
|
118
|
+
[Organizations](https://auth0.com/docs/organizations) is a set of features that provide better support for developers who build and maintain SaaS and Business-to-Business (B2B) applications.
|
119
|
+
|
120
|
+
Using Organizations, you can:
|
121
|
+
|
122
|
+
- Represent teams, business customers, partner companies, or any logical grouping of users that should have different ways of accessing your applications, as organizations.
|
123
|
+
- Manage their membership in a variety of ways, including user invitation.
|
124
|
+
- Configure branded, federated login flows for each organization.
|
125
|
+
- Implement role-based access control, such that users can have different roles when authenticating in the context of different organizations.
|
126
|
+
- Build administration capabilities into your products, using Organizations APIs, so that those businesses can manage their own organizations.
|
127
|
+
|
128
|
+
Note that Organizations is currently only available to customers on our Enterprise and Startup subscription plans.
|
129
|
+
|
130
|
+
#### Logging in with an Organization
|
131
|
+
|
132
|
+
Configure the Authentication API client and pass your Organization ID to the authorize url:
|
133
|
+
|
134
|
+
```ruby
|
135
|
+
require 'auth0'
|
136
|
+
|
137
|
+
@auth0_client ||= Auth0Client.new(
|
138
|
+
client_id: '{YOUR_APPLICATION_CLIENT_ID}',
|
139
|
+
client_secret: '{YOUR_APPLICATION_CLIENT_SECRET}',
|
140
|
+
domain: '{YOUR_TENANT}.auth0.com',
|
141
|
+
organization: "{YOUR_ORGANIZATION_ID}"
|
142
|
+
)
|
143
|
+
|
144
|
+
universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}")
|
145
|
+
|
146
|
+
# redirect_to universal_login_url
|
147
|
+
```
|
148
|
+
|
149
|
+
#### Accepting user invitations
|
150
|
+
|
151
|
+
Auth0 Organizations allow users to be invited using emailed links, which will direct a user back to your application. The URL the user will arrive at is based on your configured `Application Login URI`, which you can change from your Application's settings inside the Auth0 dashboard. When they arrive at this URL, a `invitation` and `organization` query parameters will be provided
|
152
|
+
|
153
|
+
```ruby
|
154
|
+
require 'auth0'
|
155
|
+
|
156
|
+
@auth0_client ||= Auth0Client.new(
|
157
|
+
client_id: '{YOUR_APPLICATION_CLIENT_ID}',
|
158
|
+
client_secret: '{YOUR_APPLICATION_CLIENT_ID}',
|
159
|
+
domain: '{YOUR_TENANT}.auth0.com',
|
160
|
+
organization: "{YOUR_ORGANIZATION_ID}"
|
161
|
+
)
|
162
|
+
|
163
|
+
universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}", {
|
164
|
+
organization: "{ORGANIZATION_QUERY_PARAM}", # You can override organization if needed
|
165
|
+
invitation: "{INVITATION_QUERY_PARAM}"
|
166
|
+
})
|
167
|
+
|
168
|
+
# redirect_to universal_login_url
|
169
|
+
```
|
170
|
+
|
116
171
|
## ID Token Validation
|
117
172
|
|
118
173
|
An ID token may be present in the credentials received after authentication. This token contains information associated with the user that has just logged in, provided the scope used contained `openid`. You can [read more about ID tokens here](https://auth0.com/docs/tokens/concepts/id-tokens).
|
@@ -137,6 +192,7 @@ The method takes the following optional keyword parameters:
|
|
137
192
|
| `max_age` | Integer | The `max_age` value you sent in the call to `/authorize`, if any. | `nil` |
|
138
193
|
| `issuer` | String | By default the `iss` claim will be checked against the URL of your **Auth0 Domain**. Use this parameter to override that. | `nil` |
|
139
194
|
| `audience` | String | By default the `aud` claim will be compared to your **Auth0 Client ID**. Use this parameter to override that. | `nil` |
|
195
|
+
| `organization`| String | By default the `org_id` claim will be compared to your **Organization ID**. Use this parameter to override that. | `nil` |
|
140
196
|
|
141
197
|
You can check the signing algorithm value under **Advanced Settings > OAuth > JsonWebToken Signature Algorithm** in your Auth0 application settings panel. [We recommend](https://auth0.com/docs/tokens/concepts/signing-algorithms#our-recommendation) that you make use of asymmetric signing algorithms like `RS256` instead of symmetric ones like `HS256`.
|
142
198
|
|
@@ -158,6 +214,30 @@ rescue Auth0::InvalidIdToken => e
|
|
158
214
|
end
|
159
215
|
```
|
160
216
|
|
217
|
+
### Organization ID Token Validation
|
218
|
+
|
219
|
+
If an org_id claim is present in the Access Token, then the claim should be validated by the API to ensure that the value received is expected or known.
|
220
|
+
|
221
|
+
In particular:
|
222
|
+
|
223
|
+
* The issuer (iss) claim should be checked to ensure the token was issued by Auth0
|
224
|
+
|
225
|
+
* the org_id claim should be checked to ensure it is a value that is already known to the application. This could be validated against a known list of organization IDs, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token.
|
226
|
+
|
227
|
+
Normally, validating the issuer would be enough to ensure that the token was issued by Auth0. In the case of organizations, additional checks should be made so that the organization within an Auth0 tenant is expected.
|
228
|
+
|
229
|
+
If the claim cannot be validated, then the application should deem the token invalid.
|
230
|
+
|
231
|
+
```ruby
|
232
|
+
begin
|
233
|
+
@auth0_client.validate_id_token 'YOUR_ID_TOKEN', organization: '{Expected org_id}'
|
234
|
+
rescue Auth0::InvalidIdToken => e
|
235
|
+
# In this case the ID Token contents should not be trusted
|
236
|
+
end
|
237
|
+
```
|
238
|
+
|
239
|
+
For more information, please read [Work with Tokens and Organizations](https://auth0.com/docs/organizations/using-tokens) on Auth0 Docs.
|
240
|
+
|
161
241
|
## Development
|
162
242
|
|
163
243
|
In order to set up the local environment you'd have to have Ruby installed and a few global gems used to run and record the unit tests. A working Ruby version can be taken from the [CI script](/.circleci/config.yml). At the moment of this writting we're using Ruby `2.5.7`.
|
@@ -231,4 +311,4 @@ If you find a bug or have a feature request, please report them in this reposito
|
|
231
311
|
This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
|
232
312
|
|
233
313
|
|
234
|
-
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0?ref=badge_large)
|
314
|
+
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fruby-auth0?ref=badge_large)
|
data/auth0.gemspec
CHANGED
@@ -16,10 +16,10 @@ Gem::Specification.new do |s|
|
|
16
16
|
s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
|
17
17
|
s.require_paths = ['lib']
|
18
18
|
|
19
|
-
s.add_runtime_dependency 'rest-client', '~> 2.0.0
|
20
|
-
s.add_runtime_dependency 'jwt', '~> 2.2
|
21
|
-
s.add_runtime_dependency 'zache', '~> 0.12
|
22
|
-
s.add_runtime_dependency 'addressable', '~> 2.
|
19
|
+
s.add_runtime_dependency 'rest-client', '~> 2.0.2' #2.1.0 has breaking changes
|
20
|
+
s.add_runtime_dependency 'jwt', '~> 2.2'
|
21
|
+
s.add_runtime_dependency 'zache', '~> 0.12'
|
22
|
+
s.add_runtime_dependency 'addressable', '~> 2.8'
|
23
23
|
|
24
24
|
s.add_development_dependency 'bundler'
|
25
25
|
s.add_development_dependency 'rake', '~> 13.0'
|
@@ -27,10 +27,10 @@ Gem::Specification.new do |s|
|
|
27
27
|
s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI']
|
28
28
|
s.add_development_dependency 'dotenv-rails', '~> 2.0'
|
29
29
|
s.add_development_dependency 'pry', '~> 0.10'
|
30
|
-
s.add_development_dependency 'pry-nav', '~> 0.2
|
30
|
+
s.add_development_dependency 'pry-nav', '~> 0.2'
|
31
31
|
s.add_development_dependency 'rspec', '~> 3.5'
|
32
32
|
s.add_development_dependency 'rack-test', '~> 0.6'
|
33
|
-
s.add_development_dependency 'rack', '~> 2.1
|
33
|
+
s.add_development_dependency 'rack', '~> 2.1'
|
34
34
|
s.add_development_dependency 'simplecov', '~> 0.9'
|
35
35
|
s.add_development_dependency 'faker', '~> 2.0'
|
36
36
|
s.add_development_dependency 'gem-release', '~> 0.7'
|
@@ -14,18 +14,23 @@ module Auth0
|
|
14
14
|
# Request an API access token using a Client Credentials grant
|
15
15
|
# @see https://auth0.com/docs/api-auth/tutorials/client-credentials
|
16
16
|
# @param audience [string] API audience to use
|
17
|
+
# @param organization [string] Organization ID
|
17
18
|
# @return [json] Returns the API token
|
18
19
|
def api_token(
|
19
20
|
client_id: @client_id,
|
20
21
|
client_secret: @client_secret,
|
21
|
-
|
22
|
+
organization: @organization,
|
23
|
+
audience: nil
|
22
24
|
)
|
25
|
+
|
23
26
|
request_params = {
|
24
27
|
grant_type: 'client_credentials',
|
25
28
|
client_id: client_id,
|
26
29
|
client_secret: client_secret,
|
27
|
-
audience: audience
|
30
|
+
audience: audience,
|
31
|
+
organization: organization
|
28
32
|
}
|
33
|
+
|
29
34
|
response = post('/oauth/token', request_params)
|
30
35
|
::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
|
31
36
|
end
|
@@ -220,7 +225,7 @@ module Auth0
|
|
220
225
|
# Return an authorization URL.
|
221
226
|
# @see https://auth0.com/docs/api/authentication#authorization-code-grant
|
222
227
|
# @param redirect_uri [string] URL to redirect after authorization
|
223
|
-
# @param options [hash] Can contain response_type, connection, state and additional_parameters.
|
228
|
+
# @param options [hash] Can contain response_type, connection, state, organization, invitation, and additional_parameters.
|
224
229
|
# @return [url] Authorization URL.
|
225
230
|
def authorization_url(redirect_uri, options = {})
|
226
231
|
raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty?
|
@@ -231,7 +236,9 @@ module Auth0
|
|
231
236
|
connection: options.fetch(:connection, nil),
|
232
237
|
redirect_uri: redirect_uri,
|
233
238
|
state: options.fetch(:state, nil),
|
234
|
-
scope: options.fetch(:scope, nil)
|
239
|
+
scope: options.fetch(:scope, nil),
|
240
|
+
organization: options.fetch(:organization, @organization),
|
241
|
+
invitation: options.fetch(:invitation, nil)
|
235
242
|
}.merge(options.fetch(:additional_parameters, {}))
|
236
243
|
|
237
244
|
URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params))
|
@@ -296,7 +303,7 @@ module Auth0
|
|
296
303
|
# @see https://auth0.com/docs/tokens/guides/validate-id-tokens
|
297
304
|
# @param id_token [string] The JWT to validate.
|
298
305
|
# @param algorithm [JWKAlgorithm] The expected signing algorithm.
|
299
|
-
|
306
|
+
|
300
307
|
# @param leeway [integer] The clock skew to accept when verifying date related claims in seconds.
|
301
308
|
# Must be a non-negative value. Defaults to *60 seconds*.
|
302
309
|
# @param nonce [string] The nonce value sent during authentication.
|
@@ -306,8 +313,10 @@ module Auth0
|
|
306
313
|
# Defaults to +https://YOUR_AUTH0_DOMAIN/+.
|
307
314
|
# @param audience [string] The expected audience claim value.
|
308
315
|
# Defaults to your *Auth0 Client ID*.
|
316
|
+
# @param organization [string] Organization ID
|
317
|
+
# Defaults to your *Auth0 Organization ID*.
|
309
318
|
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
|
310
|
-
def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil)
|
319
|
+
def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization)
|
311
320
|
context = {
|
312
321
|
issuer: issuer || "https://#{@domain}/",
|
313
322
|
audience: audience || @client_id,
|
@@ -317,6 +326,7 @@ module Auth0
|
|
317
326
|
|
318
327
|
context[:nonce] = nonce unless nonce.nil?
|
319
328
|
context[:max_age] = max_age unless max_age.nil?
|
329
|
+
context[:organization] = organization unless !organization
|
320
330
|
|
321
331
|
Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token)
|
322
332
|
end
|
data/lib/auth0/api/v2.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'auth0/api/v2/anomaly'
|
2
2
|
require 'auth0/api/v2/blacklists'
|
3
|
+
require 'auth0/api/v2/branding'
|
3
4
|
require 'auth0/api/v2/clients'
|
4
5
|
require 'auth0/api/v2/client_grants'
|
5
6
|
require 'auth0/api/v2/connections'
|
@@ -7,6 +8,7 @@ require 'auth0/api/v2/device_credentials'
|
|
7
8
|
require 'auth0/api/v2/emails'
|
8
9
|
require 'auth0/api/v2/jobs'
|
9
10
|
require 'auth0/api/v2/prompts'
|
11
|
+
require 'auth0/api/v2/organizations'
|
10
12
|
require 'auth0/api/v2/rules'
|
11
13
|
require 'auth0/api/v2/roles'
|
12
14
|
require 'auth0/api/v2/stats'
|
@@ -26,25 +28,27 @@ module Auth0
|
|
26
28
|
module V2
|
27
29
|
include Auth0::Api::V2::Anomaly
|
28
30
|
include Auth0::Api::V2::Blacklists
|
31
|
+
include Auth0::Api::V2::Branding
|
29
32
|
include Auth0::Api::V2::Clients
|
30
33
|
include Auth0::Api::V2::ClientGrants
|
31
34
|
include Auth0::Api::V2::Connections
|
32
35
|
include Auth0::Api::V2::DeviceCredentials
|
33
36
|
include Auth0::Api::V2::Emails
|
37
|
+
include Auth0::Api::V2::Guardian
|
34
38
|
include Auth0::Api::V2::Jobs
|
39
|
+
include Auth0::Api::V2::Logs
|
40
|
+
include Auth0::Api::V2::LogStreams
|
35
41
|
include Auth0::Api::V2::Prompts
|
42
|
+
include Auth0::Api::V2::Organizations
|
36
43
|
include Auth0::Api::V2::Rules
|
37
44
|
include Auth0::Api::V2::Roles
|
38
45
|
include Auth0::Api::V2::Stats
|
39
46
|
include Auth0::Api::V2::Users
|
40
47
|
include Auth0::Api::V2::UsersByEmail
|
41
48
|
include Auth0::Api::V2::UserBlocks
|
49
|
+
include Auth0::Api::V2::ResourceServers
|
42
50
|
include Auth0::Api::V2::Tenants
|
43
51
|
include Auth0::Api::V2::Tickets
|
44
|
-
include Auth0::Api::V2::Logs
|
45
|
-
include Auth0::Api::V2::LogStreams
|
46
|
-
include Auth0::Api::V2::ResourceServers
|
47
|
-
include Auth0::Api::V2::Guardian
|
48
52
|
end
|
49
53
|
end
|
50
54
|
end
|
@@ -0,0 +1,66 @@
|
|
1
|
+
module Auth0
|
2
|
+
module Api
|
3
|
+
module V2
|
4
|
+
# Methods to use the branding endpoints
|
5
|
+
module Branding
|
6
|
+
attr_reader :branding_path
|
7
|
+
|
8
|
+
# Retrieve branding settings.
|
9
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/get_branding
|
10
|
+
#
|
11
|
+
# @return [json] Returns branding settings.
|
12
|
+
def branding()
|
13
|
+
get(branding_path)
|
14
|
+
end
|
15
|
+
alias get_branding branding
|
16
|
+
|
17
|
+
# Update branding settings.
|
18
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/patch_branding
|
19
|
+
# @param body [hash] the branding settings to update
|
20
|
+
#
|
21
|
+
# @return [json] Returns branding settings.
|
22
|
+
def patch_branding(body = {})
|
23
|
+
patch(branding_path, body)
|
24
|
+
end
|
25
|
+
alias update_branding patch_branding
|
26
|
+
|
27
|
+
# Get template for New Universal Login Experience
|
28
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/get_universal_login
|
29
|
+
#
|
30
|
+
# @return [json] Returns branding settings.
|
31
|
+
def branding_templates_for_universal_login
|
32
|
+
get(templates_path)
|
33
|
+
end
|
34
|
+
alias get_branding_templates_for_universal_login branding_templates_for_universal_login
|
35
|
+
|
36
|
+
# Delete template for New Universal Login Experience
|
37
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/delete_universal_login
|
38
|
+
# @param rule_id [string] The id of the rule to delete.
|
39
|
+
def delete_branding_templates_for_universal_login
|
40
|
+
delete(templates_path)
|
41
|
+
end
|
42
|
+
|
43
|
+
# Set template for New Universal Login Experience
|
44
|
+
# @see https://auth0.com/docs/api/management/v2/#!/Branding/put_universal_login
|
45
|
+
# @param body [hash] the branding settings to update
|
46
|
+
#
|
47
|
+
# @return [json] Returns branding settings.
|
48
|
+
def put_branding_templates_for_universal_login(body = {})
|
49
|
+
put(templates_path, body)
|
50
|
+
end
|
51
|
+
alias set_branding_templates_for_universal_login put_branding_templates_for_universal_login
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
# Branding API path
|
56
|
+
def branding_path
|
57
|
+
@branding_path ||= '/api/v2/branding'
|
58
|
+
end
|
59
|
+
|
60
|
+
def templates_path
|
61
|
+
@templates_path ||= "#{branding_path}/templates/universal-login"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
@@ -9,6 +9,7 @@ module Auth0
|
|
9
9
|
# being specified. Accepts a list of fields to include or exclude in the resulting list of connection objects.
|
10
10
|
# @see https://auth0.com/docs/api/management/v2#!/Connections/get_connections
|
11
11
|
# @param strategy [string] Strategy to filter connection results.
|
12
|
+
# @param name [string] Name to filter connection results.
|
12
13
|
# @param fields [string] A comma separated list of fields to include or exclude from the result.
|
13
14
|
# @param include_fields [boolean] True if the fields specified are to be included in the result, false otherwise.
|
14
15
|
# @param page [int] Page number to get, 0-based.
|
@@ -16,6 +17,7 @@ module Auth0
|
|
16
17
|
# @return [json] Returns the existing connections matching the strategy.
|
17
18
|
def connections(
|
18
19
|
strategy: nil,
|
20
|
+
name: nil,
|
19
21
|
fields: nil,
|
20
22
|
include_fields: nil,
|
21
23
|
page: nil,
|
@@ -24,6 +26,7 @@ module Auth0
|
|
24
26
|
include_fields = true if !fields.nil? && include_fields.nil?
|
25
27
|
request_params = {
|
26
28
|
strategy: strategy,
|
29
|
+
name: name,
|
27
30
|
fields: fields.is_a?(Array) ? fields.join(',') : fields,
|
28
31
|
include_fields: include_fields,
|
29
32
|
page: !page.nil? ? page.to_i : nil,
|
@@ -78,8 +81,11 @@ module Auth0
|
|
78
81
|
def delete_connection_user(connection_id, user_email)
|
79
82
|
raise Auth0::InvalidParameter, 'Must supply a valid connection id' if connection_id.to_s.empty?
|
80
83
|
raise Auth0::InvalidParameter, 'Must supply a valid user email' if user_email.to_s.empty?
|
81
|
-
path = "#{connections_path}/#{connection_id}/users
|
82
|
-
|
84
|
+
path = "#{connections_path}/#{connection_id}/users"
|
85
|
+
request_params = {
|
86
|
+
email: user_email
|
87
|
+
}
|
88
|
+
delete(path, request_params)
|
83
89
|
end
|
84
90
|
|
85
91
|
# Updates a connection. Updates the fields specified in the body parameter.
|
@@ -12,7 +12,7 @@ module Auth0
|
|
12
12
|
# * :fields [string] A comma separated list of fields to include or exclude from the result.
|
13
13
|
# * :include_fields [boolean] True if the fields specified are to be included in the result, false otherwise.
|
14
14
|
# * :user_id [string] The user_id of the devices to retrieve.
|
15
|
-
# * :type [string]
|
15
|
+
# * :type [string] Type of credentials to retrieve. Must be 'public_key', 'refresh_token' or 'rotating_refresh_token'
|
16
16
|
#
|
17
17
|
# @return [json] Returns the list of existing devices for the specified client_id.
|
18
18
|
# rubocop:disable Metrics/AbcSize
|
@@ -25,8 +25,8 @@ module Auth0
|
|
25
25
|
type: options.fetch(:type, nil)
|
26
26
|
}
|
27
27
|
raise Auth0::InvalidParameter, 'Must supply a valid client_id' if client_id.to_s.empty?
|
28
|
-
if !request_params[:type].nil? && !%w(public_key refresh_token).include?(request_params[:type])
|
29
|
-
raise Auth0::InvalidParameter, 'Type must be one of \'public_key\', \'refresh_token\''
|
28
|
+
if !request_params[:type].nil? && !%w(public_key refresh_token rotating_refresh_token).include?(request_params[:type])
|
29
|
+
raise Auth0::InvalidParameter, 'Type must be one of \'public_key\', \'refresh_token\', \'rotating_refresh_token\''
|
30
30
|
end
|
31
31
|
get(device_credentials_path, request_params)
|
32
32
|
end
|