auth0 5.10.0 → 5.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +2 -2
- data/.devcontainer/devcontainer.json +1 -1
- data/CHANGELOG.md +11 -0
- data/DEVELOPMENT.md +35 -0
- data/EXAMPLES.md +220 -0
- data/Gemfile.lock +52 -60
- data/README.md +68 -253
- data/auth0.gemspec +0 -2
- data/examples/ruby-api/Gemfile.lock +5 -4
- data/examples/ruby-on-rails-api/README.md +0 -2
- data/lib/auth0/api/authentication_endpoints.rb +70 -13
- data/lib/auth0/api/v2/clients.rb +42 -0
- data/lib/auth0/client_assertion.rb +45 -0
- data/lib/auth0/mixins/initializer.rb +2 -0
- data/lib/auth0/mixins/token_management.rb +1 -1
- data/lib/auth0/version.rb +1 -1
- data/opslevel.yml +5 -0
- data/spec/lib/auth0/api/authentication_endpoints_spec.rb +632 -0
- data/spec/lib/auth0/api/v2/clients_spec.rb +51 -0
- data/spec/lib/auth0/mixins/initializer_spec.rb +79 -25
- data/spec/lib/auth0/mixins/token_management_spec.rb +45 -30
- data/spec/spec_helper.rb +0 -1
- data/spec/support/dummy_class_for_tokens.rb +2 -0
- metadata +8 -31
@@ -0,0 +1,45 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'jwt'
|
4
|
+
|
5
|
+
module Auth0
|
6
|
+
module ClientAssertion
|
7
|
+
CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'.freeze
|
8
|
+
|
9
|
+
# Adds keys into the supplied hash for either the client secret, or client assertion. If `client_assertion_signing_key` is not nil,
|
10
|
+
# it takes precedence over `client_secret`.
|
11
|
+
# @param [hash] The hash to add the keys to
|
12
|
+
# @param client_id [string] The client ID
|
13
|
+
# @param client_secret [string] The client secret
|
14
|
+
# @param client_assertion_signing_key [PKey] The key used to sign the client assertion JWT
|
15
|
+
# @param client_assertion_signing_alg [string] The algorithm used when signing the client assertion JWT
|
16
|
+
def populate_client_assertion_or_secret(hash,
|
17
|
+
domain: @domain,
|
18
|
+
client_id: @client_id,
|
19
|
+
client_secret: @client_secret,
|
20
|
+
client_assertion_signing_key: @client_assertion_signing_key,
|
21
|
+
client_assertion_signing_alg: @client_assertion_signing_alg)
|
22
|
+
|
23
|
+
if !client_assertion_signing_key.nil?
|
24
|
+
# Create JWT
|
25
|
+
now = Time.now.to_i
|
26
|
+
|
27
|
+
payload = {
|
28
|
+
iss: client_id,
|
29
|
+
sub: client_id,
|
30
|
+
aud: "https://#{domain}/",
|
31
|
+
iat: now,
|
32
|
+
exp: now + 180,
|
33
|
+
jti: SecureRandom.uuid
|
34
|
+
}
|
35
|
+
|
36
|
+
jwt = JWT.encode payload, client_assertion_signing_key, client_assertion_signing_alg
|
37
|
+
|
38
|
+
hash[:client_assertion] = jwt
|
39
|
+
hash[:client_assertion_type] = Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
40
|
+
else
|
41
|
+
hash[:client_secret] = client_secret
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -16,6 +16,8 @@ module Auth0
|
|
16
16
|
@headers = client_headers
|
17
17
|
@timeout = options[:timeout] || 10
|
18
18
|
@retry_count = options[:retry_count]
|
19
|
+
@client_assertion_signing_key = options[:client_assertion_signing_key]
|
20
|
+
@client_assertion_signing_alg = options[:client_assertion_signing_alg] || 'RS256';
|
19
21
|
extend Auth0::Api::AuthenticationEndpoints
|
20
22
|
@client_id = options[:client_id]
|
21
23
|
@client_secret = options[:client_secret]
|
@@ -17,7 +17,7 @@ module Auth0
|
|
17
17
|
# pp @token_expires_at
|
18
18
|
has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
|
19
19
|
|
20
|
-
if (@token.nil? || has_expired) && @client_id && @client_secret
|
20
|
+
if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
|
21
21
|
response = api_token(audience: @audience)
|
22
22
|
@token = response.token
|
23
23
|
@token_expires_at = response.expires_in ? Time.now.to_i + response.expires_in : nil
|
data/lib/auth0/version.rb
CHANGED