auth0 5.10.0 → 5.11.0

data/lib/auth0/client_assertion.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module Auth0
+  module ClientAssertion
+    CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'.freeze
+
+    # Adds keys into the supplied hash for either the client secret, or client assertion. If `client_assertion_signing_key` is not nil,
+    # it takes precedence over `client_secret`.
+    # @param [hash] The hash to add the keys to
+    # @param client_id [string] The client ID
+    # @param client_secret [string] The client secret
+    # @param client_assertion_signing_key [PKey] The key used to sign the client assertion JWT
+    # @param client_assertion_signing_alg [string] The algorithm used when signing the client assertion JWT
+    def populate_client_assertion_or_secret(hash, 
+      domain: @domain,
+      client_id: @client_id, 
+      client_secret: @client_secret,
+      client_assertion_signing_key: @client_assertion_signing_key,
+      client_assertion_signing_alg: @client_assertion_signing_alg)
+
+      if !client_assertion_signing_key.nil?
+        # Create JWT
+        now = Time.now.to_i
+
+        payload = {
+          iss: client_id,
+          sub: client_id,
+          aud: "https://#{domain}/",
+          iat: now,
+          exp: now + 180,
+          jti: SecureRandom.uuid
+        }
+
+        jwt = JWT.encode payload, client_assertion_signing_key, client_assertion_signing_alg
+
+        hash[:client_assertion] = jwt
+        hash[:client_assertion_type] = Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
+      else
+        hash[:client_secret] = client_secret
+      end
+    end
+  end
+end

data/lib/auth0/mixins/initializer.rb

@@ -16,6 +16,8 @@ module Auth0
         @headers = client_headers
         @timeout = options[:timeout] || 10
         @retry_count = options[:retry_count]
+        @client_assertion_signing_key = options[:client_assertion_signing_key]
+        @client_assertion_signing_alg = options[:client_assertion_signing_alg] || 'RS256';        
         extend Auth0::Api::AuthenticationEndpoints
         @client_id = options[:client_id]
         @client_secret = options[:client_secret]

data/lib/auth0/mixins/token_management.rb

@@ -17,7 +17,7 @@ module Auth0
         # pp @token_expires_at
         has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
         
-        if (@token.nil? || has_expired) && @client_id && @client_secret
+        if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
           response = api_token(audience: @audience)
           @token = response.token
           @token_expires_at = response.expires_in ? Time.now.to_i + response.expires_in : nil

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.10.0'.freeze
+  VERSION = '5.11.0'.freeze
 end

data/opslevel.yml

@@ -0,0 +1,5 @@
+---
+version: 1
+repository:
+  owner: dx_sdks
+  tags: