auth0 5.10.0 → 5.13.0

data/lib/auth0/api/v2/clients.rb

@@ -73,12 +73,54 @@ module Auth0
           patch(path, options)
         end
 
+        # Creates credentials for a client
+        # @param client_id [string] The Id of the client to update
+        # @param options [hash] The payload to send to the endpoint
+        def create_client_credentials(client_id, options)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must specify a valid body' if options.to_s.empty?
+          post(client_credentials_path(client_id), options)
+        end
+
+        # Gets the credentials for a client
+        # @param client_id [string] The Id of the client
+        # @return [hash] The client credentials 
+        def client_credentials(client_id)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          get(client_credentials_path(client_id))
+        end
+        alias get_client_credentials client_credentials
+
+        # Gets a client credential by ID
+        # @param client_id [string] The Id of the client
+        # @param credential_id [string] The Id of the credential to retrieve
+        # @return [hash] The credential
+        def client_credential(client_id, credential_id)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must specify a credential id' if credential_id.to_s.empty?
+          get("#{client_credentials_path(client_id)}/#{credential_id}")
+        end
+        alias get_client_credential client_credential
+
+        # Deletes a credential from the specified client
+        # @param client_id [string] The Id of the client
+        # @param credential_id [string] The Id of the credential to delete
+        def delete_client_credential(client_id, credential_id)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must specify a credential id' if credential_id.to_s.empty?
+          delete("#{client_credentials_path(client_id)}/#{credential_id}")
+        end
+
         private
 
         # Clients API path
         def clients_path
           @clients_path ||= '/api/v2/clients'
         end
+
+        def client_credentials_path(client_id)
+          "#{clients_path}/#{client_id}/credentials"
+        end
       end
     end
   end

data/lib/auth0/api/v2/users.rb

@@ -329,6 +329,122 @@ module Auth0
           get "#{users_path}/#{user_id}/organizations"
         end
 
+        # Get the available authentication methods for a user.
+        #
+        # @param user_id [string] The user ID of the authentication methods to get
+        # @param options [hash] A hash of options for getting permissions
+        #   * :per_page [integer] The amount of permissions per page. (optional)
+        #   * :page [integer]  The page number. Zero based. (optional)
+        #   * :include_totals [boolean] True if a query summary must be included in the result. (optional)
+        # @return [json] The user's authentication methods
+        # @see https://auth0.com/docs/api/management/v2#!/Users/get_authentication_methods
+        def user_authentication_methods(user_id, options = {})
+          raise Auth0::MissingUserId, 'Must supply a valid user_id' if user_id.to_s.empty?
+
+          request_params = {
+            per_page: options.fetch(:per_page, nil),
+            page: options.fetch(:page, nil),
+            include_totals: options.fetch(:include_totals, nil)
+          }
+
+          get "#{users_path}/#{user_id}/authentication-methods", request_params
+        end
+        alias get_user_authentication_methods user_authentication_methods
+
+        # Get a specific authentication method for a user.
+        #
+        # @param user_id [string] The user ID of the authentication methods to get
+        # @param authentication_method_id [string] The ID of the authentication method
+        # @return [json] The user authentication method
+        # @see https://auth0.com/docs/api/management/v2#!/Users/get_authentication_methods_by_authentication_method_id
+        def user_authentication_method(user_id, authentication_method_id)
+          raise Auth0::MissingUserId, 'Must supply a valid user_id' if user_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must supply a valid authentication_method_id' if authentication_method_id.to_s.empty?
+
+          get "#{users_path}/#{user_id}/authentication-methods/#{authentication_method_id}"
+        end
+        alias get_user_authentication_method user_authentication_method
+
+        # Create an authentication method for a user
+        #
+        # @param user_id [string] The user ID of the authentication methods to get
+        # @param body [hash] The post body content
+        #   * :type [string] "phone" or "email" or "totp" or "webauthn-roaming"
+        #   * :name [string] A human-readable label to identify the authentication method (optional)
+        #   * :totp_secret [string] Base32 encoded secret for TOTP generation (optional)
+        #   * :phone_number [string] Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice (optional)
+        #   * :email [string] Applies to email authentication methods only. The email address used to send verification messages (optional)
+        #   * :preferred_authentication_method [string] Preferred phone authentication method (optional)
+        #   * :key_id [string] Applies to email webauthn authenticators only. The id of the credential (optional)
+        #   * :public_key [string] Applies to email webauthn authenticators only. The public key (optional)
+        #   * :relying_party_identifier [string] Applies to email webauthn authenticators only. The relying party identifier (optional)
+        # @see https://auth0.com/docs/api/management/v2#!/Users/post_authentication_methods
+        def post_user_authentication_method(user_id, body)
+          raise Auth0::MissingUserId, 'Must supply a valid user_id' if user_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must supply a body' if body.to_s.empty?
+
+          post "#{users_path}/#{user_id}/authentication-methods", body
+        end
+        alias create_user_authentication_method post_user_authentication_method
+
+        # Updates all authentication methods by replacing them with the given ones
+        #
+        # @param user_id [string] The user ID of the authentication methods to get
+        # @param body [hash array] The mehods to update
+        #   * :type [string] "phone" or "email" or "totp" or "webauthn-roaming"
+        #   * :name [string] A human-readable label to identify the authentication method (optional)
+        #   * :totp_secret [string] Base32 encoded secret for TOTP generation (optional)
+        #   * :phone_number [string] Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice (optional)
+        #   * :email [string] Applies to email authentication methods only. The email address used to send verification messages (optional)
+        #   * :preferred_authentication_method [string] Preferred phone authentication method (optional)
+        # @see https://auth0.com/docs/api/management/v2#!/Users/put_authentication_methods
+        def put_all_user_authentication_methods(user_id, body)
+          raise Auth0::MissingUserId, 'Must supply a valid user_id' if user_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must supply a body' if body.to_s.empty?
+
+          put "#{users_path}/#{user_id}/authentication-methods", body
+        end
+        alias update_all_user_authentication_methods put_all_user_authentication_methods
+
+        # Updates a user authentication method
+        #
+        # @param user_id [string] The user ID of the authentication methods to get
+        # @param body [hash array] The mehods to update
+        #   * :name [string] A human-readable label to identify the authentication method (optional)
+        #   * :preferred_authentication_method [string] Preferred phone authentication method (optional)
+        # @see https://auth0.com/docs/api/management/v2#!/Users/put_authentication_methods
+        def patch_user_authentication_method(user_id, authentication_method_id, body)
+          raise Auth0::MissingUserId, 'Must supply a valid user_id' if user_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must supply an authentication_method_id' if authentication_method_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must supply a body' if body.to_s.empty?
+
+          patch "#{users_path}/#{user_id}/authentication-methods/#{authentication_method_id}", body
+        end
+        alias update_user_authentication_method patch_user_authentication_method
+
+        # Deletes all of the user's authentication methods
+        #
+        # @param user_id [string] The user ID
+        # @see https://auth0.com/docs/api/management/v2#!/Users/delete_authentication_methods
+        def delete_user_authentication_methods(user_id)
+          raise Auth0::MissingUserId, 'Must supply a valid user_id' if user_id.to_s.empty?
+
+          delete "#{users_path}/#{user_id}/authentication-methods"          
+        end
+ 
+        
+        # Deletes the user's authentication method specified by authentication_method_id
+        #
+        # @param user_id [string] The user ID
+        # @param authentication_method_id [string] The ID of the authentication method
+        # @see https://auth0.com/docs/api/management/v2#!/Users/delete_authentication_methods_by_authentication_method_id
+        def delete_user_authentication_method(user_id, authentication_method_id)
+          raise Auth0::MissingUserId, 'Must supply a valid user_id' if user_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must supply an authentication_method_id' if authentication_method_id.to_s.empty?
+
+          delete "#{users_path}/#{user_id}/authentication-methods/#{authentication_method_id}"
+        end
+
         private
 
         # Users API path

data/lib/auth0/client_assertion.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module Auth0
+  module ClientAssertion
+    CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'.freeze
+
+    # Adds keys into the supplied hash for either the client secret, or client assertion. If `client_assertion_signing_key` is not nil,
+    # it takes precedence over `client_secret`.
+    # @param [hash] The hash to add the keys to
+    # @param client_id [string] The client ID
+    # @param client_secret [string] The client secret
+    # @param client_assertion_signing_key [PKey] The key used to sign the client assertion JWT
+    # @param client_assertion_signing_alg [string] The algorithm used when signing the client assertion JWT
+    def populate_client_assertion_or_secret(hash, 
+      domain: @domain,
+      client_id: @client_id, 
+      client_secret: @client_secret,
+      client_assertion_signing_key: @client_assertion_signing_key,
+      client_assertion_signing_alg: @client_assertion_signing_alg)
+
+      if !client_assertion_signing_key.nil?
+        # Create JWT
+        now = Time.now.to_i
+
+        payload = {
+          iss: client_id,
+          sub: client_id,
+          aud: "https://#{domain}/",
+          iat: now,
+          exp: now + 180,
+          jti: SecureRandom.uuid
+        }
+
+        jwt = JWT.encode payload, client_assertion_signing_key, client_assertion_signing_alg
+
+        hash[:client_assertion] = jwt
+        hash[:client_assertion_type] = Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
+      else
+        hash[:client_secret] = client_secret
+      end
+    end
+  end
+end

data/lib/auth0/mixins/httpproxy.rb

@@ -16,7 +16,7 @@ module Auth0
       BASE_DELAY = 100
 
       # proxying requests from instance methods to HTTP class methods
-      %i(get post post_file put patch delete delete_with_body).each do |method|
+      %i(get post post_file post_form put patch delete delete_with_body).each do |method|
         define_method(method) do |uri, body = {}, extra_headers = {}|
           body = body.delete_if { |_, v| v.nil? }
           token = get_token()
@@ -85,9 +85,12 @@ module Auth0
         elsif method == :post_file
           body.merge!(multipart: true)
           # Ignore the default Content-Type headers and let the HTTP client define them
-          post_file_headers = headers.slice(*headers.keys - ['Content-Type'])
+          post_file_headers = headers.except('Content-Type') if headers != nil
           # Actual call with the altered headers
           call(:post, encode_uri(uri), timeout, post_file_headers, body)
+        elsif method == :post_form
+          form_post_headers = headers.except('Content-Type') if headers != nil
+          call(:post, encode_uri(uri), timeout, form_post_headers, body.compact)
         else
           call(method, encode_uri(uri), timeout, headers, body.to_json)
         end

data/lib/auth0/mixins/initializer.rb

@@ -16,6 +16,8 @@ module Auth0
         @headers = client_headers
         @timeout = options[:timeout] || 10
         @retry_count = options[:retry_count]
+        @client_assertion_signing_key = options[:client_assertion_signing_key]
+        @client_assertion_signing_alg = options[:client_assertion_signing_alg] || 'RS256';        
         extend Auth0::Api::AuthenticationEndpoints
         @client_id = options[:client_id]
         @client_secret = options[:client_secret]

data/lib/auth0/mixins/token_management.rb

@@ -17,7 +17,7 @@ module Auth0
         # pp @token_expires_at
         has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
         
-        if (@token.nil? || has_expired) && @client_id && @client_secret
+        if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
           response = api_token(audience: @audience)
           @token = response.token
           @token_expires_at = response.expires_in ? Time.now.to_i + response.expires_in : nil

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.10.0'.freeze
+  VERSION = '5.13.0'.freeze
 end

data/opslevel.yml

@@ -0,0 +1,5 @@
+---
+version: 1
+repository:
+  owner: dx_sdks
+  tags: