auth0 5.10.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +5 -4
  3. data/.devcontainer/devcontainer.json +1 -1
  4. data/.semgrepignore +6 -0
  5. data/CHANGELOG.md +29 -0
  6. data/DEVELOPMENT.md +35 -0
  7. data/EXAMPLES.md +220 -0
  8. data/Gemfile.lock +58 -66
  9. data/README.md +67 -253
  10. data/auth0.gemspec +0 -2
  11. data/examples/ruby-api/Gemfile.lock +5 -4
  12. data/examples/ruby-on-rails-api/README.md +0 -2
  13. data/lib/auth0/api/authentication_endpoints.rb +107 -13
  14. data/lib/auth0/api/v2/clients.rb +42 -0
  15. data/lib/auth0/api/v2/users.rb +116 -0
  16. data/lib/auth0/client_assertion.rb +45 -0
  17. data/lib/auth0/mixins/httpproxy.rb +5 -2
  18. data/lib/auth0/mixins/initializer.rb +2 -0
  19. data/lib/auth0/mixins/token_management.rb +1 -1
  20. data/lib/auth0/version.rb +1 -1
  21. data/opslevel.yml +5 -0
  22. data/spec/lib/auth0/api/authentication_endpoints_spec.rb +722 -0
  23. data/spec/lib/auth0/api/v2/clients_spec.rb +51 -0
  24. data/spec/lib/auth0/api/v2/users_spec.rb +218 -0
  25. data/spec/lib/auth0/mixins/httpproxy_spec.rb +38 -77
  26. data/spec/lib/auth0/mixins/initializer_spec.rb +79 -25
  27. data/spec/lib/auth0/mixins/token_management_spec.rb +45 -30
  28. data/spec/spec_helper.rb +0 -1
  29. data/spec/support/dummy_class_for_tokens.rb +3 -0
  30. metadata +9 -31
data/spec/lib/auth0/api/authentication_endpoints_spec.rb ADDED
@@ -0,0 +1,722 @@
1
+ require 'spec_helper'
2
+ require 'timecop'
3
+
4
+ describe Auth0::Api::AuthenticationEndpoints do
5
+ let(:client_id) { 'test-client-id' }
6
+ let(:client_secret) { 'test-client-secret' }
7
+ let(:api_identifier) { 'test-audience' }
8
+ let(:domain) { 'samples.auth0.com' }
9
+ let(:request_uri) { 'urn:ietf:params:oauth:request_uri:the.request.uri' }
10
+
11
+ let(:client_secret_config) { {
12
+ domain: domain,
13
+ client_id: client_id,
14
+ client_secret: client_secret,
15
+ token: 'test',
16
+ api_identifier: api_identifier
17
+ } }
18
+
19
+ let(:client_assertion_config) { {
20
+ domain: domain,
21
+ client_id: client_id,
22
+ client_assertion_signing_key: client_assertion_signing_key_pair[:private_key],
23
+ client_assertion_signing_alg: 'RS256',
24
+ token: 'test',
25
+ api_identifier: api_identifier
26
+ } }
27
+
28
+ let(:client_assertion_signing_key_pair) do
29
+ rsa_private = OpenSSL::PKey::RSA.generate 2048
30
+
31
+ {
32
+ public_key: rsa_private.public_key,
33
+ private_key: rsa_private
34
+ }
35
+ end
36
+
37
+ let(:client_secret_instance) { DummyClassForTokens.send(:include, described_class).new(client_secret_config) }
38
+ let(:client_assertion_instance) { DummyClassForTokens.send(:include, described_class).new(client_assertion_config) }
39
+ let(:time_now) { Time.now }
40
+
41
+ before :each do
42
+ Timecop.freeze(time_now)
43
+ end
44
+
45
+ after :each do
46
+ Timecop.return
47
+ end
48
+
49
+ context 'AuthenticationEndponts' do
50
+ context 'api_token' do
51
+ it 'requests a new token using client_secret' do
52
+ expect(RestClient::Request).to receive(:execute).with(hash_including(
53
+ method: :post,
54
+ url: 'https://samples.auth0.com/oauth/token',
55
+ payload: {
56
+ grant_type: 'client_credentials',
57
+ client_id: client_id,
58
+ audience: api_identifier,
59
+ client_secret: client_secret
60
+ }.to_json
61
+ ))
62
+ .and_return(StubResponse.new({
63
+ "access_token" => "test_response",
64
+ "expires_in" => 86400,
65
+ "scope" => "scope"},
66
+ true,
67
+ 200))
68
+
69
+ result = client_secret_instance.send :api_token, audience: api_identifier
70
+
71
+ expect(result).to be_a_kind_of(Auth0::ApiToken)
72
+ expect(result.access_token).not_to be_nil
73
+ expect(result.scope).not_to be_nil
74
+ expect(result.expires_in).not_to be_nil
75
+ end
76
+
77
+ it 'requests a new token using client_assertion' do
78
+ expect(RestClient::Request).to receive(:execute) do |arg|
79
+ expect(arg).to match(
80
+ include(
81
+ method: :post,
82
+ url: 'https://samples.auth0.com/oauth/token'
83
+ ))
84
+
85
+ payload = JSON.parse(arg[:payload], { symbolize_names: true })
86
+
87
+ expect(payload[:client_secret]).to be_nil
88
+ expect(payload[:client_assertion]).not_to be_nil
89
+ expect(payload[:client_assertion_type]).to eq(Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE)
90
+
91
+ StubResponse.new({
92
+ "access_token" => "test_response",
93
+ "expires_in" => 86400,
94
+ "scope" => "scope"},
95
+ true,
96
+ 200)
97
+ end
98
+
99
+ result = client_assertion_instance.send :api_token, audience: api_identifier
100
+
101
+ expect(result).to be_a_kind_of(Auth0::ApiToken)
102
+ expect(result.access_token).not_to be_nil
103
+ expect(result.scope).not_to be_nil
104
+ expect(result.expires_in).not_to be_nil
105
+ end
106
+ end
107
+
108
+ context 'exchange_auth_code_for_tokens' do
109
+ it 'requests a new token using client_secret' do
110
+ expect(RestClient::Request).to receive(:execute) do |arg|
111
+ expect(arg).to match(
112
+ include(
113
+ method: :post,
114
+ url: 'https://samples.auth0.com/oauth/token'
115
+ )
116
+ )
117
+
118
+ expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
119
+ grant_type: 'authorization_code',
120
+ client_id: client_id,
121
+ client_secret: client_secret,
122
+ code: 'the_auth_code',
123
+ redirect_uri: nil
124
+ })
125
+
126
+ StubResponse.new({
127
+ "id_token" => "id_token",
128
+ "access_token" => "test_access_token",
129
+ "expires_in" => 86400},
130
+ true,
131
+ 200)
132
+ end
133
+
134
+ result = client_secret_instance.send :exchange_auth_code_for_tokens, 'the_auth_code'
135
+
136
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
137
+ expect(result.id_token).not_to be_nil
138
+ expect(result.access_token).not_to be_nil
139
+ expect(result.expires_in).not_to be_nil
140
+ end
141
+
142
+ it 'requests a new token using client_assertion' do
143
+ expect(RestClient::Request).to receive(:execute) do |arg|
144
+ expect(arg).to match(
145
+ include(
146
+ method: :post,
147
+ url: 'https://samples.auth0.com/oauth/token',
148
+ )
149
+ )
150
+
151
+ payload = JSON.parse arg[:payload], symbolize_names: true
152
+
153
+ expect(payload[:client_secret]).to be_nil
154
+ expect(payload[:client_assertion]).not_to be_nil
155
+ expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
156
+
157
+ StubResponse.new({
158
+ "id_token" => "id_token",
159
+ "access_token" => "test_access_token",
160
+ "expires_in" => 86400},
161
+ true,
162
+ 200)
163
+ end
164
+
165
+ result = client_assertion_instance.send :exchange_auth_code_for_tokens, 'the_auth_code'
166
+
167
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
168
+ expect(result.id_token).not_to be_nil
169
+ expect(result.access_token).not_to be_nil
170
+ expect(result.expires_in).not_to be_nil
171
+ end
172
+ end
173
+
174
+ context 'exchange_refresh_token' do
175
+ it 'exchanges the refresh token using a client secret' do
176
+ expect(RestClient::Request).to receive(:execute) do |arg|
177
+ expect(arg).to match(
178
+ include(
179
+ method: :post,
180
+ url: 'https://samples.auth0.com/oauth/token'
181
+ )
182
+ )
183
+
184
+ expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
185
+ grant_type: 'refresh_token',
186
+ client_id: client_id,
187
+ client_secret: client_secret,
188
+ refresh_token: 'the_refresh_token'
189
+ })
190
+
191
+ StubResponse.new({
192
+ "id_token" => "id_token",
193
+ "access_token" => "test_access_token",
194
+ "expires_in" => 86400},
195
+ true,
196
+ 200)
197
+ end
198
+
199
+ result = client_secret_instance.send :exchange_refresh_token, 'the_refresh_token'
200
+
201
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
202
+ expect(result.id_token).not_to be_nil
203
+ expect(result.access_token).not_to be_nil
204
+ expect(result.expires_in).not_to be_nil
205
+ end
206
+
207
+ it 'exchanges the refresh token using client_assertion' do
208
+ expect(RestClient::Request).to receive(:execute) do |arg|
209
+ expect(arg).to match(
210
+ include(
211
+ method: :post,
212
+ url: 'https://samples.auth0.com/oauth/token'
213
+ )
214
+ )
215
+
216
+ payload = JSON.parse arg[:payload], symbolize_names: true
217
+
218
+ expect(payload[:grant_type]).to eq('refresh_token')
219
+ expect(payload[:refresh_token]).to eq('the_refresh_token')
220
+ expect(payload[:client_secret]).to be_nil
221
+ expect(payload[:client_assertion]).not_to be_nil
222
+ expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
223
+
224
+ StubResponse.new({
225
+ "id_token" => "id_token",
226
+ "access_token" => "test_access_token",
227
+ "expires_in" => 86400},
228
+ true,
229
+ 200)
230
+ end
231
+
232
+ result = client_assertion_instance.send :exchange_refresh_token, 'the_refresh_token'
233
+
234
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
235
+ expect(result.id_token).not_to be_nil
236
+ expect(result.access_token).not_to be_nil
237
+ expect(result.expires_in).not_to be_nil
238
+ end
239
+ end
240
+
241
+ context 'exchange_sms_otp_for_tokens' do
242
+ it 'requests the tokens using an OTP from SMS' do
243
+ expect(RestClient::Request).to receive(:execute) do |arg|
244
+ expect(arg).to match(
245
+ include(
246
+ method: :post,
247
+ url: 'https://samples.auth0.com/oauth/token'
248
+ )
249
+ )
250
+
251
+ payload = JSON.parse arg[:payload], symbolize_names: true
252
+
253
+ expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
254
+ expect(payload[:username]).to eq 'phone_number'
255
+ expect(payload[:realm]).to eq 'sms'
256
+ expect(payload[:otp]).to eq 'code'
257
+ expect(payload[:client_id]).to eq client_id
258
+ expect(payload[:client_secret]).to eq client_secret
259
+ expect(payload[:scope]).to eq 'openid profile email'
260
+ expect(payload[:audience]).to be_nil
261
+
262
+ StubResponse.new({
263
+ "id_token" => "id_token",
264
+ "access_token" => "test_access_token",
265
+ "expires_in" => 86400},
266
+ true,
267
+ 200)
268
+ end
269
+
270
+ result = client_secret_instance.send :exchange_sms_otp_for_tokens, 'phone_number', 'code'
271
+
272
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
273
+ expect(result.id_token).not_to be_nil
274
+ expect(result.access_token).not_to be_nil
275
+ expect(result.expires_in).not_to be_nil
276
+ end
277
+
278
+ it 'requests the tokens using OTP from SMS, and overrides scope and audience' do
279
+ expect(RestClient::Request).to receive(:execute) do |arg|
280
+ expect(arg).to match(
281
+ include(
282
+ method: :post,
283
+ url: 'https://samples.auth0.com/oauth/token'
284
+ )
285
+ )
286
+
287
+ payload = JSON.parse arg[:payload], symbolize_names: true
288
+
289
+ expect(payload[:scope]).to eq 'openid'
290
+ expect(payload[:audience]).to eq api_identifier
291
+
292
+ StubResponse.new({
293
+ "id_token" => "id_token",
294
+ "access_token" => "test_access_token",
295
+ "expires_in" => 86400},
296
+ true,
297
+ 200)
298
+ end
299
+
300
+ result = client_secret_instance.send(:exchange_sms_otp_for_tokens, 'phone_number', 'code',
301
+ audience: api_identifier,
302
+ scope: 'openid'
303
+ )
304
+
305
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
306
+ expect(result.id_token).not_to be_nil
307
+ expect(result.access_token).not_to be_nil
308
+ expect(result.expires_in).not_to be_nil
309
+ end
310
+
311
+ it 'requests the tokens using an OTP from SMS using client assertion' do
312
+ expect(RestClient::Request).to receive(:execute) do |arg|
313
+ expect(arg).to match(
314
+ include(
315
+ method: :post,
316
+ url: 'https://samples.auth0.com/oauth/token'
317
+ )
318
+ )
319
+
320
+ payload = JSON.parse arg[:payload], symbolize_names: true
321
+
322
+ expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
323
+ expect(payload[:client_secret]).to be_nil
324
+ expect(payload[:client_assertion]).not_to be_nil
325
+ expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
326
+
327
+ StubResponse.new({
328
+ "id_token" => "id_token",
329
+ "access_token" => "test_access_token",
330
+ "expires_in" => 86400},
331
+ true,
332
+ 200)
333
+ end
334
+
335
+ client_assertion_instance.send :exchange_sms_otp_for_tokens, 'phone_number', 'code'
336
+ end
337
+ end
338
+
339
+ context 'exchange_email_otp_for_tokens' do
340
+ it 'requests the tokens using email OTP' do
341
+ expect(RestClient::Request).to receive(:execute) do |arg|
342
+ expect(arg).to match(
343
+ include(
344
+ method: :post,
345
+ url: 'https://samples.auth0.com/oauth/token'
346
+ )
347
+ )
348
+
349
+ payload = JSON.parse arg[:payload], symbolize_names: true
350
+
351
+ expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
352
+ expect(payload[:username]).to eq 'email_address'
353
+ expect(payload[:realm]).to eq 'email'
354
+ expect(payload[:otp]).to eq 'code'
355
+ expect(payload[:client_id]).to eq client_id
356
+ expect(payload[:client_secret]).to eq client_secret
357
+ expect(payload[:scope]).to eq 'openid profile email'
358
+ expect(payload[:audience]).to be_nil
359
+
360
+ StubResponse.new({
361
+ "id_token" => "id_token",
362
+ "access_token" => "test_access_token",
363
+ "expires_in" => 86400},
364
+ true,
365
+ 200)
366
+ end
367
+
368
+ result = client_secret_instance.send :exchange_email_otp_for_tokens, 'email_address', 'code'
369
+
370
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
371
+ expect(result.id_token).not_to be_nil
372
+ expect(result.access_token).not_to be_nil
373
+ expect(result.expires_in).not_to be_nil
374
+ end
375
+
376
+ it 'requests the tokens using OTP from email, and overrides scope and audience' do
377
+ expect(RestClient::Request).to receive(:execute) do |arg|
378
+ expect(arg).to match(
379
+ include(
380
+ method: :post,
381
+ url: 'https://samples.auth0.com/oauth/token'
382
+ )
383
+ )
384
+
385
+ payload = JSON.parse arg[:payload], symbolize_names: true
386
+
387
+ expect(payload[:scope]).to eq 'openid'
388
+ expect(payload[:audience]).to eq api_identifier
389
+
390
+ StubResponse.new({
391
+ "id_token" => "id_token",
392
+ "access_token" => "test_access_token",
393
+ "expires_in" => 86400},
394
+ true,
395
+ 200)
396
+ end
397
+
398
+ client_secret_instance.send(:exchange_email_otp_for_tokens, 'email_address', 'code',
399
+ audience: api_identifier,
400
+ scope: 'openid'
401
+ )
402
+ end
403
+
404
+ it 'requests the tokens using OTP from email using client assertion' do
405
+ expect(RestClient::Request).to receive(:execute) do |arg|
406
+ expect(arg).to match(
407
+ include(
408
+ method: :post,
409
+ url: 'https://samples.auth0.com/oauth/token'
410
+ )
411
+ )
412
+
413
+ payload = JSON.parse arg[:payload], symbolize_names: true
414
+
415
+ expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
416
+ expect(payload[:client_secret]).to be_nil
417
+ expect(payload[:client_assertion]).not_to be_nil
418
+ expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
419
+
420
+ StubResponse.new({
421
+ "id_token" => "id_token",
422
+ "access_token" => "test_access_token",
423
+ "expires_in" => 86400},
424
+ true,
425
+ 200)
426
+ end
427
+
428
+ client_assertion_instance.send(:exchange_email_otp_for_tokens, 'email_address', 'code',
429
+ audience: api_identifier,
430
+ scope: 'openid'
431
+ )
432
+ end
433
+ end
434
+
435
+ context 'login_with_resource_owner' do
436
+ it 'logs in using a client secret' do
437
+ expect(RestClient::Request).to receive(:execute) do |arg|
438
+ expect(arg).to match(
439
+ include(
440
+ method: :post,
441
+ url: 'https://samples.auth0.com/oauth/token'
442
+ )
443
+ )
444
+
445
+ expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
446
+ username: 'the_username',
447
+ password: 'the_password',
448
+ grant_type: 'password',
449
+ client_id: client_id,
450
+ client_secret: client_secret,
451
+ realm: nil,
452
+ audience: nil,
453
+ scope: 'openid'
454
+ })
455
+
456
+ StubResponse.new({
457
+ "id_token" => "id_token",
458
+ "access_token" => "test_access_token",
459
+ "expires_in" => 86400},
460
+ true,
461
+ 200)
462
+ end
463
+
464
+ result = client_secret_instance.send :login_with_resource_owner, 'the_username', 'the_password'
465
+
466
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
467
+ expect(result.id_token).not_to be_nil
468
+ expect(result.access_token).not_to be_nil
469
+ expect(result.expires_in).not_to be_nil
470
+ end
471
+
472
+ it 'logs in using a client secret, realm and audience' do
473
+ expect(RestClient::Request).to receive(:execute) do |arg|
474
+ expect(arg).to match(
475
+ include(
476
+ method: :post,
477
+ url: 'https://samples.auth0.com/oauth/token'
478
+ )
479
+ )
480
+
481
+ expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
482
+ username: 'the_username',
483
+ password: 'the_password',
484
+ grant_type: 'http://auth0.com/oauth/grant-type/password-realm',
485
+ client_id: client_id,
486
+ client_secret: client_secret,
487
+ realm: 'my-realm',
488
+ audience: api_identifier,
489
+ scope: 'openid'
490
+ })
491
+
492
+ StubResponse.new({
493
+ "id_token" => "id_token",
494
+ "access_token" => "test_access_token",
495
+ "expires_in" => 86400},
496
+ true,
497
+ 200)
498
+ end
499
+
500
+ result = client_secret_instance.send :login_with_resource_owner, 'the_username', 'the_password', realm: 'my-realm', audience: api_identifier
501
+
502
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
503
+ expect(result.id_token).not_to be_nil
504
+ expect(result.access_token).not_to be_nil
505
+ expect(result.expires_in).not_to be_nil
506
+ end
507
+
508
+ it 'logs in using client assertion' do
509
+ expect(RestClient::Request).to receive(:execute) do |arg|
510
+ expect(arg).to match(
511
+ include(
512
+ method: :post,
513
+ url: 'https://samples.auth0.com/oauth/token'
514
+ )
515
+ )
516
+
517
+ payload = JSON.parse arg[:payload], symbolize_names: true
518
+
519
+ expect(payload[:grant_type]).to eq('password')
520
+ expect(payload[:client_secret]).to be_nil
521
+ expect(payload[:client_assertion]).not_to be_nil
522
+ expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
523
+
524
+ StubResponse.new({
525
+ "id_token" => "id_token",
526
+ "access_token" => "test_access_token",
527
+ "expires_in" => 86400},
528
+ true,
529
+ 200)
530
+ end
531
+
532
+ result = client_assertion_instance.send :login_with_resource_owner, 'the_username', 'the_password'
533
+
534
+ expect(result).to be_a_kind_of(Auth0::AccessToken)
535
+ expect(result.id_token).not_to be_nil
536
+ expect(result.access_token).not_to be_nil
537
+ expect(result.expires_in).not_to be_nil
538
+ end
539
+ end
540
+
541
+ context 'start_passwordless_email_flow' do
542
+ it 'starts passwordless flow using a client secret' do
543
+ expect(RestClient::Request).to receive(:execute) do |arg|
544
+ expect(arg).to match(
545
+ include(
546
+ method: :post,
547
+ url: 'https://samples.auth0.com/passwordless/start'
548
+ )
549
+ )
550
+
551
+ expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
552
+ email: 'email@test.com',
553
+ send: 'link',
554
+ authParams: {},
555
+ connection: 'email',
556
+ client_id: client_id,
557
+ client_secret: client_secret
558
+ })
559
+
560
+ StubResponse.new({}, true, 200)
561
+ end
562
+
563
+ client_secret_instance.send :start_passwordless_email_flow, 'email@test.com'
564
+ end
565
+
566
+ it 'starts passwordless email flow using client assertion' do
567
+ expect(RestClient::Request).to receive(:execute) do |arg|
568
+ expect(arg).to match(
569
+ include(
570
+ method: :post,
571
+ url: 'https://samples.auth0.com/passwordless/start'
572
+ )
573
+ )
574
+
575
+ payload = JSON.parse arg[:payload], symbolize_names: true
576
+
577
+ expect(payload[:client_secret]).to be_nil
578
+ expect(payload[:client_assertion]).not_to be_nil
579
+ expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
580
+
581
+ StubResponse.new({}, true, 200)
582
+ end
583
+
584
+ client_assertion_instance.send :start_passwordless_email_flow, 'email@test.com'
585
+ end
586
+ end
587
+
588
+ context 'start_passwordless_sms_flow' do
589
+ it 'starts passwordless flow using a client secret' do
590
+ expect(RestClient::Request).to receive(:execute) do |arg|
591
+ expect(arg).to match(
592
+ include(
593
+ method: :post,
594
+ url: 'https://samples.auth0.com/passwordless/start'
595
+ )
596
+ )
597
+
598
+ expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
599
+ phone_number: '123456789',
600
+ connection: 'sms',
601
+ client_id: client_id,
602
+ client_secret: client_secret
603
+ })
604
+
605
+ StubResponse.new({}, true, 200)
606
+ end
607
+
608
+ client_secret_instance.send :start_passwordless_sms_flow, '123456789'
609
+ end
610
+
611
+ it 'starts passwordless email flow using client assertion' do
612
+ expect(RestClient::Request).to receive(:execute) do |arg|
613
+ expect(arg).to match(
614
+ include(
615
+ method: :post,
616
+ url: 'https://samples.auth0.com/passwordless/start'
617
+ )
618
+ )
619
+
620
+ payload = JSON.parse arg[:payload], symbolize_names: true
621
+
622
+ expect(payload[:client_secret]).to be_nil
623
+ expect(payload[:client_assertion]).not_to be_nil
624
+ expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
625
+
626
+ StubResponse.new({}, true, 200)
627
+ end
628
+
629
+ client_assertion_instance.send :start_passwordless_sms_flow, '123456789'
630
+ end
631
+ end
632
+
633
+ context 'par_authorization_url' do
634
+ it 'throws an exception if request_uri is nil' do
635
+ expect { client_secret_instance.send :par_authorization_url, nil}.to raise_error Auth0::InvalidParameter
636
+ end
637
+
638
+ it 'throws an exception if request_uri is empty' do
639
+ expect { client_secret_instance.send :par_authorization_url, ''}.to raise_error Auth0::InvalidParameter
640
+ end
641
+
642
+ it 'builds a URL containing the request_uri' do
643
+ url = client_secret_instance.send :par_authorization_url, request_uri
644
+ expect(CGI.unescape(url.to_s)).to eq("https://samples.auth0.com/authorize?client_id=#{client_id}&request_uri=#{request_uri}")
645
+ end
646
+ end
647
+
648
+ context 'pushed_authorization_request' do
649
+ it 'sends the request as a form post' do
650
+ expect(RestClient::Request).to receive(:execute) do |arg|
651
+ expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
652
+ expect(arg[:method]).to eq(:post)
653
+
654
+ expect(arg[:payload]).to eq({
655
+ client_id: client_id,
656
+ client_secret: client_secret,
657
+ response_type: 'code',
658
+ })
659
+
660
+ StubResponse.new({}, true, 200)
661
+ end
662
+
663
+ client_secret_instance.send :pushed_authorization_request
664
+ end
665
+
666
+ it 'allows the RestClient to handle the correct header defaults' do
667
+ expect(RestClient::Request).to receive(:execute) do |arg|
668
+ expect(arg[:headers]).not_to have_key('Content-Type')
669
+
670
+ StubResponse.new({}, true, 200)
671
+ end
672
+
673
+ client_secret_instance.headers['Content-Type'] = 'application/x-www-form-urlencoded'
674
+ client_secret_instance.send :pushed_authorization_request
675
+ end
676
+
677
+ it 'sends the request as a form post with all known overrides' do
678
+ expect(RestClient::Request).to receive(:execute) do |arg|
679
+ expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
680
+ expect(arg[:method]).to eq(:post)
681
+
682
+ expect(arg[:payload]).to eq({
683
+ client_id: client_id,
684
+ client_secret: client_secret,
685
+ connection: 'google-oauth2',
686
+ organization: 'org_id',
687
+ invitation: 'http://invite.url',
688
+ redirect_uri: 'http://localhost:3000',
689
+ response_type: 'id_token',
690
+ scope: 'openid',
691
+ state: 'random_value'
692
+ })
693
+
694
+ StubResponse.new({}, true, 200)
695
+ end
696
+
697
+ client_secret_instance.send(:pushed_authorization_request,
698
+ response_type: 'id_token',
699
+ redirect_uri: 'http://localhost:3000',
700
+ organization: 'org_id',
701
+ invitation: 'http://invite.url',
702
+ scope: 'openid',
703
+ state: 'random_value',
704
+ connection: 'google-oauth2')
705
+ end
706
+
707
+ it 'sends the request as a form post using client assertion' do
708
+ expect(RestClient::Request).to receive(:execute) do |arg|
709
+ expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
710
+ expect(arg[:method]).to eq(:post)
711
+ expect(arg[:payload][:client_secret]).to be_nil
712
+ expect(arg[:payload][:client_assertion]).not_to be_nil
713
+ expect(arg[:payload][:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
714
+
715
+ StubResponse.new({}, true, 200)
716
+ end
717
+
718
+ client_assertion_instance.send :pushed_authorization_request
719
+ end
720
+ end
721
+ end
722
+ end