auth0 5.10.0 → 5.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +5 -4
- data/.devcontainer/devcontainer.json +1 -1
- data/.semgrepignore +6 -0
- data/CHANGELOG.md +29 -0
- data/DEVELOPMENT.md +35 -0
- data/EXAMPLES.md +220 -0
- data/Gemfile.lock +58 -66
- data/README.md +67 -253
- data/auth0.gemspec +0 -2
- data/examples/ruby-api/Gemfile.lock +5 -4
- data/examples/ruby-on-rails-api/README.md +0 -2
- data/lib/auth0/api/authentication_endpoints.rb +107 -13
- data/lib/auth0/api/v2/clients.rb +42 -0
- data/lib/auth0/api/v2/users.rb +116 -0
- data/lib/auth0/client_assertion.rb +45 -0
- data/lib/auth0/mixins/httpproxy.rb +5 -2
- data/lib/auth0/mixins/initializer.rb +2 -0
- data/lib/auth0/mixins/token_management.rb +1 -1
- data/lib/auth0/version.rb +1 -1
- data/opslevel.yml +5 -0
- data/spec/lib/auth0/api/authentication_endpoints_spec.rb +722 -0
- data/spec/lib/auth0/api/v2/clients_spec.rb +51 -0
- data/spec/lib/auth0/api/v2/users_spec.rb +218 -0
- data/spec/lib/auth0/mixins/httpproxy_spec.rb +38 -77
- data/spec/lib/auth0/mixins/initializer_spec.rb +79 -25
- data/spec/lib/auth0/mixins/token_management_spec.rb +45 -30
- data/spec/spec_helper.rb +0 -1
- data/spec/support/dummy_class_for_tokens.rb +3 -0
- metadata +9 -31
@@ -0,0 +1,722 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'timecop'
|
3
|
+
|
4
|
+
describe Auth0::Api::AuthenticationEndpoints do
|
5
|
+
let(:client_id) { 'test-client-id' }
|
6
|
+
let(:client_secret) { 'test-client-secret' }
|
7
|
+
let(:api_identifier) { 'test-audience' }
|
8
|
+
let(:domain) { 'samples.auth0.com' }
|
9
|
+
let(:request_uri) { 'urn:ietf:params:oauth:request_uri:the.request.uri' }
|
10
|
+
|
11
|
+
let(:client_secret_config) { {
|
12
|
+
domain: domain,
|
13
|
+
client_id: client_id,
|
14
|
+
client_secret: client_secret,
|
15
|
+
token: 'test',
|
16
|
+
api_identifier: api_identifier
|
17
|
+
} }
|
18
|
+
|
19
|
+
let(:client_assertion_config) { {
|
20
|
+
domain: domain,
|
21
|
+
client_id: client_id,
|
22
|
+
client_assertion_signing_key: client_assertion_signing_key_pair[:private_key],
|
23
|
+
client_assertion_signing_alg: 'RS256',
|
24
|
+
token: 'test',
|
25
|
+
api_identifier: api_identifier
|
26
|
+
} }
|
27
|
+
|
28
|
+
let(:client_assertion_signing_key_pair) do
|
29
|
+
rsa_private = OpenSSL::PKey::RSA.generate 2048
|
30
|
+
|
31
|
+
{
|
32
|
+
public_key: rsa_private.public_key,
|
33
|
+
private_key: rsa_private
|
34
|
+
}
|
35
|
+
end
|
36
|
+
|
37
|
+
let(:client_secret_instance) { DummyClassForTokens.send(:include, described_class).new(client_secret_config) }
|
38
|
+
let(:client_assertion_instance) { DummyClassForTokens.send(:include, described_class).new(client_assertion_config) }
|
39
|
+
let(:time_now) { Time.now }
|
40
|
+
|
41
|
+
before :each do
|
42
|
+
Timecop.freeze(time_now)
|
43
|
+
end
|
44
|
+
|
45
|
+
after :each do
|
46
|
+
Timecop.return
|
47
|
+
end
|
48
|
+
|
49
|
+
context 'AuthenticationEndponts' do
|
50
|
+
context 'api_token' do
|
51
|
+
it 'requests a new token using client_secret' do
|
52
|
+
expect(RestClient::Request).to receive(:execute).with(hash_including(
|
53
|
+
method: :post,
|
54
|
+
url: 'https://samples.auth0.com/oauth/token',
|
55
|
+
payload: {
|
56
|
+
grant_type: 'client_credentials',
|
57
|
+
client_id: client_id,
|
58
|
+
audience: api_identifier,
|
59
|
+
client_secret: client_secret
|
60
|
+
}.to_json
|
61
|
+
))
|
62
|
+
.and_return(StubResponse.new({
|
63
|
+
"access_token" => "test_response",
|
64
|
+
"expires_in" => 86400,
|
65
|
+
"scope" => "scope"},
|
66
|
+
true,
|
67
|
+
200))
|
68
|
+
|
69
|
+
result = client_secret_instance.send :api_token, audience: api_identifier
|
70
|
+
|
71
|
+
expect(result).to be_a_kind_of(Auth0::ApiToken)
|
72
|
+
expect(result.access_token).not_to be_nil
|
73
|
+
expect(result.scope).not_to be_nil
|
74
|
+
expect(result.expires_in).not_to be_nil
|
75
|
+
end
|
76
|
+
|
77
|
+
it 'requests a new token using client_assertion' do
|
78
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
79
|
+
expect(arg).to match(
|
80
|
+
include(
|
81
|
+
method: :post,
|
82
|
+
url: 'https://samples.auth0.com/oauth/token'
|
83
|
+
))
|
84
|
+
|
85
|
+
payload = JSON.parse(arg[:payload], { symbolize_names: true })
|
86
|
+
|
87
|
+
expect(payload[:client_secret]).to be_nil
|
88
|
+
expect(payload[:client_assertion]).not_to be_nil
|
89
|
+
expect(payload[:client_assertion_type]).to eq(Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE)
|
90
|
+
|
91
|
+
StubResponse.new({
|
92
|
+
"access_token" => "test_response",
|
93
|
+
"expires_in" => 86400,
|
94
|
+
"scope" => "scope"},
|
95
|
+
true,
|
96
|
+
200)
|
97
|
+
end
|
98
|
+
|
99
|
+
result = client_assertion_instance.send :api_token, audience: api_identifier
|
100
|
+
|
101
|
+
expect(result).to be_a_kind_of(Auth0::ApiToken)
|
102
|
+
expect(result.access_token).not_to be_nil
|
103
|
+
expect(result.scope).not_to be_nil
|
104
|
+
expect(result.expires_in).not_to be_nil
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
context 'exchange_auth_code_for_tokens' do
|
109
|
+
it 'requests a new token using client_secret' do
|
110
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
111
|
+
expect(arg).to match(
|
112
|
+
include(
|
113
|
+
method: :post,
|
114
|
+
url: 'https://samples.auth0.com/oauth/token'
|
115
|
+
)
|
116
|
+
)
|
117
|
+
|
118
|
+
expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
|
119
|
+
grant_type: 'authorization_code',
|
120
|
+
client_id: client_id,
|
121
|
+
client_secret: client_secret,
|
122
|
+
code: 'the_auth_code',
|
123
|
+
redirect_uri: nil
|
124
|
+
})
|
125
|
+
|
126
|
+
StubResponse.new({
|
127
|
+
"id_token" => "id_token",
|
128
|
+
"access_token" => "test_access_token",
|
129
|
+
"expires_in" => 86400},
|
130
|
+
true,
|
131
|
+
200)
|
132
|
+
end
|
133
|
+
|
134
|
+
result = client_secret_instance.send :exchange_auth_code_for_tokens, 'the_auth_code'
|
135
|
+
|
136
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
137
|
+
expect(result.id_token).not_to be_nil
|
138
|
+
expect(result.access_token).not_to be_nil
|
139
|
+
expect(result.expires_in).not_to be_nil
|
140
|
+
end
|
141
|
+
|
142
|
+
it 'requests a new token using client_assertion' do
|
143
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
144
|
+
expect(arg).to match(
|
145
|
+
include(
|
146
|
+
method: :post,
|
147
|
+
url: 'https://samples.auth0.com/oauth/token',
|
148
|
+
)
|
149
|
+
)
|
150
|
+
|
151
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
152
|
+
|
153
|
+
expect(payload[:client_secret]).to be_nil
|
154
|
+
expect(payload[:client_assertion]).not_to be_nil
|
155
|
+
expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
156
|
+
|
157
|
+
StubResponse.new({
|
158
|
+
"id_token" => "id_token",
|
159
|
+
"access_token" => "test_access_token",
|
160
|
+
"expires_in" => 86400},
|
161
|
+
true,
|
162
|
+
200)
|
163
|
+
end
|
164
|
+
|
165
|
+
result = client_assertion_instance.send :exchange_auth_code_for_tokens, 'the_auth_code'
|
166
|
+
|
167
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
168
|
+
expect(result.id_token).not_to be_nil
|
169
|
+
expect(result.access_token).not_to be_nil
|
170
|
+
expect(result.expires_in).not_to be_nil
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
context 'exchange_refresh_token' do
|
175
|
+
it 'exchanges the refresh token using a client secret' do
|
176
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
177
|
+
expect(arg).to match(
|
178
|
+
include(
|
179
|
+
method: :post,
|
180
|
+
url: 'https://samples.auth0.com/oauth/token'
|
181
|
+
)
|
182
|
+
)
|
183
|
+
|
184
|
+
expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
|
185
|
+
grant_type: 'refresh_token',
|
186
|
+
client_id: client_id,
|
187
|
+
client_secret: client_secret,
|
188
|
+
refresh_token: 'the_refresh_token'
|
189
|
+
})
|
190
|
+
|
191
|
+
StubResponse.new({
|
192
|
+
"id_token" => "id_token",
|
193
|
+
"access_token" => "test_access_token",
|
194
|
+
"expires_in" => 86400},
|
195
|
+
true,
|
196
|
+
200)
|
197
|
+
end
|
198
|
+
|
199
|
+
result = client_secret_instance.send :exchange_refresh_token, 'the_refresh_token'
|
200
|
+
|
201
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
202
|
+
expect(result.id_token).not_to be_nil
|
203
|
+
expect(result.access_token).not_to be_nil
|
204
|
+
expect(result.expires_in).not_to be_nil
|
205
|
+
end
|
206
|
+
|
207
|
+
it 'exchanges the refresh token using client_assertion' do
|
208
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
209
|
+
expect(arg).to match(
|
210
|
+
include(
|
211
|
+
method: :post,
|
212
|
+
url: 'https://samples.auth0.com/oauth/token'
|
213
|
+
)
|
214
|
+
)
|
215
|
+
|
216
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
217
|
+
|
218
|
+
expect(payload[:grant_type]).to eq('refresh_token')
|
219
|
+
expect(payload[:refresh_token]).to eq('the_refresh_token')
|
220
|
+
expect(payload[:client_secret]).to be_nil
|
221
|
+
expect(payload[:client_assertion]).not_to be_nil
|
222
|
+
expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
223
|
+
|
224
|
+
StubResponse.new({
|
225
|
+
"id_token" => "id_token",
|
226
|
+
"access_token" => "test_access_token",
|
227
|
+
"expires_in" => 86400},
|
228
|
+
true,
|
229
|
+
200)
|
230
|
+
end
|
231
|
+
|
232
|
+
result = client_assertion_instance.send :exchange_refresh_token, 'the_refresh_token'
|
233
|
+
|
234
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
235
|
+
expect(result.id_token).not_to be_nil
|
236
|
+
expect(result.access_token).not_to be_nil
|
237
|
+
expect(result.expires_in).not_to be_nil
|
238
|
+
end
|
239
|
+
end
|
240
|
+
|
241
|
+
context 'exchange_sms_otp_for_tokens' do
|
242
|
+
it 'requests the tokens using an OTP from SMS' do
|
243
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
244
|
+
expect(arg).to match(
|
245
|
+
include(
|
246
|
+
method: :post,
|
247
|
+
url: 'https://samples.auth0.com/oauth/token'
|
248
|
+
)
|
249
|
+
)
|
250
|
+
|
251
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
252
|
+
|
253
|
+
expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
|
254
|
+
expect(payload[:username]).to eq 'phone_number'
|
255
|
+
expect(payload[:realm]).to eq 'sms'
|
256
|
+
expect(payload[:otp]).to eq 'code'
|
257
|
+
expect(payload[:client_id]).to eq client_id
|
258
|
+
expect(payload[:client_secret]).to eq client_secret
|
259
|
+
expect(payload[:scope]).to eq 'openid profile email'
|
260
|
+
expect(payload[:audience]).to be_nil
|
261
|
+
|
262
|
+
StubResponse.new({
|
263
|
+
"id_token" => "id_token",
|
264
|
+
"access_token" => "test_access_token",
|
265
|
+
"expires_in" => 86400},
|
266
|
+
true,
|
267
|
+
200)
|
268
|
+
end
|
269
|
+
|
270
|
+
result = client_secret_instance.send :exchange_sms_otp_for_tokens, 'phone_number', 'code'
|
271
|
+
|
272
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
273
|
+
expect(result.id_token).not_to be_nil
|
274
|
+
expect(result.access_token).not_to be_nil
|
275
|
+
expect(result.expires_in).not_to be_nil
|
276
|
+
end
|
277
|
+
|
278
|
+
it 'requests the tokens using OTP from SMS, and overrides scope and audience' do
|
279
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
280
|
+
expect(arg).to match(
|
281
|
+
include(
|
282
|
+
method: :post,
|
283
|
+
url: 'https://samples.auth0.com/oauth/token'
|
284
|
+
)
|
285
|
+
)
|
286
|
+
|
287
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
288
|
+
|
289
|
+
expect(payload[:scope]).to eq 'openid'
|
290
|
+
expect(payload[:audience]).to eq api_identifier
|
291
|
+
|
292
|
+
StubResponse.new({
|
293
|
+
"id_token" => "id_token",
|
294
|
+
"access_token" => "test_access_token",
|
295
|
+
"expires_in" => 86400},
|
296
|
+
true,
|
297
|
+
200)
|
298
|
+
end
|
299
|
+
|
300
|
+
result = client_secret_instance.send(:exchange_sms_otp_for_tokens, 'phone_number', 'code',
|
301
|
+
audience: api_identifier,
|
302
|
+
scope: 'openid'
|
303
|
+
)
|
304
|
+
|
305
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
306
|
+
expect(result.id_token).not_to be_nil
|
307
|
+
expect(result.access_token).not_to be_nil
|
308
|
+
expect(result.expires_in).not_to be_nil
|
309
|
+
end
|
310
|
+
|
311
|
+
it 'requests the tokens using an OTP from SMS using client assertion' do
|
312
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
313
|
+
expect(arg).to match(
|
314
|
+
include(
|
315
|
+
method: :post,
|
316
|
+
url: 'https://samples.auth0.com/oauth/token'
|
317
|
+
)
|
318
|
+
)
|
319
|
+
|
320
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
321
|
+
|
322
|
+
expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
|
323
|
+
expect(payload[:client_secret]).to be_nil
|
324
|
+
expect(payload[:client_assertion]).not_to be_nil
|
325
|
+
expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
326
|
+
|
327
|
+
StubResponse.new({
|
328
|
+
"id_token" => "id_token",
|
329
|
+
"access_token" => "test_access_token",
|
330
|
+
"expires_in" => 86400},
|
331
|
+
true,
|
332
|
+
200)
|
333
|
+
end
|
334
|
+
|
335
|
+
client_assertion_instance.send :exchange_sms_otp_for_tokens, 'phone_number', 'code'
|
336
|
+
end
|
337
|
+
end
|
338
|
+
|
339
|
+
context 'exchange_email_otp_for_tokens' do
|
340
|
+
it 'requests the tokens using email OTP' do
|
341
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
342
|
+
expect(arg).to match(
|
343
|
+
include(
|
344
|
+
method: :post,
|
345
|
+
url: 'https://samples.auth0.com/oauth/token'
|
346
|
+
)
|
347
|
+
)
|
348
|
+
|
349
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
350
|
+
|
351
|
+
expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
|
352
|
+
expect(payload[:username]).to eq 'email_address'
|
353
|
+
expect(payload[:realm]).to eq 'email'
|
354
|
+
expect(payload[:otp]).to eq 'code'
|
355
|
+
expect(payload[:client_id]).to eq client_id
|
356
|
+
expect(payload[:client_secret]).to eq client_secret
|
357
|
+
expect(payload[:scope]).to eq 'openid profile email'
|
358
|
+
expect(payload[:audience]).to be_nil
|
359
|
+
|
360
|
+
StubResponse.new({
|
361
|
+
"id_token" => "id_token",
|
362
|
+
"access_token" => "test_access_token",
|
363
|
+
"expires_in" => 86400},
|
364
|
+
true,
|
365
|
+
200)
|
366
|
+
end
|
367
|
+
|
368
|
+
result = client_secret_instance.send :exchange_email_otp_for_tokens, 'email_address', 'code'
|
369
|
+
|
370
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
371
|
+
expect(result.id_token).not_to be_nil
|
372
|
+
expect(result.access_token).not_to be_nil
|
373
|
+
expect(result.expires_in).not_to be_nil
|
374
|
+
end
|
375
|
+
|
376
|
+
it 'requests the tokens using OTP from email, and overrides scope and audience' do
|
377
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
378
|
+
expect(arg).to match(
|
379
|
+
include(
|
380
|
+
method: :post,
|
381
|
+
url: 'https://samples.auth0.com/oauth/token'
|
382
|
+
)
|
383
|
+
)
|
384
|
+
|
385
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
386
|
+
|
387
|
+
expect(payload[:scope]).to eq 'openid'
|
388
|
+
expect(payload[:audience]).to eq api_identifier
|
389
|
+
|
390
|
+
StubResponse.new({
|
391
|
+
"id_token" => "id_token",
|
392
|
+
"access_token" => "test_access_token",
|
393
|
+
"expires_in" => 86400},
|
394
|
+
true,
|
395
|
+
200)
|
396
|
+
end
|
397
|
+
|
398
|
+
client_secret_instance.send(:exchange_email_otp_for_tokens, 'email_address', 'code',
|
399
|
+
audience: api_identifier,
|
400
|
+
scope: 'openid'
|
401
|
+
)
|
402
|
+
end
|
403
|
+
|
404
|
+
it 'requests the tokens using OTP from email using client assertion' do
|
405
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
406
|
+
expect(arg).to match(
|
407
|
+
include(
|
408
|
+
method: :post,
|
409
|
+
url: 'https://samples.auth0.com/oauth/token'
|
410
|
+
)
|
411
|
+
)
|
412
|
+
|
413
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
414
|
+
|
415
|
+
expect(payload[:grant_type]).to eq 'http://auth0.com/oauth/grant-type/passwordless/otp'
|
416
|
+
expect(payload[:client_secret]).to be_nil
|
417
|
+
expect(payload[:client_assertion]).not_to be_nil
|
418
|
+
expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
419
|
+
|
420
|
+
StubResponse.new({
|
421
|
+
"id_token" => "id_token",
|
422
|
+
"access_token" => "test_access_token",
|
423
|
+
"expires_in" => 86400},
|
424
|
+
true,
|
425
|
+
200)
|
426
|
+
end
|
427
|
+
|
428
|
+
client_assertion_instance.send(:exchange_email_otp_for_tokens, 'email_address', 'code',
|
429
|
+
audience: api_identifier,
|
430
|
+
scope: 'openid'
|
431
|
+
)
|
432
|
+
end
|
433
|
+
end
|
434
|
+
|
435
|
+
context 'login_with_resource_owner' do
|
436
|
+
it 'logs in using a client secret' do
|
437
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
438
|
+
expect(arg).to match(
|
439
|
+
include(
|
440
|
+
method: :post,
|
441
|
+
url: 'https://samples.auth0.com/oauth/token'
|
442
|
+
)
|
443
|
+
)
|
444
|
+
|
445
|
+
expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
|
446
|
+
username: 'the_username',
|
447
|
+
password: 'the_password',
|
448
|
+
grant_type: 'password',
|
449
|
+
client_id: client_id,
|
450
|
+
client_secret: client_secret,
|
451
|
+
realm: nil,
|
452
|
+
audience: nil,
|
453
|
+
scope: 'openid'
|
454
|
+
})
|
455
|
+
|
456
|
+
StubResponse.new({
|
457
|
+
"id_token" => "id_token",
|
458
|
+
"access_token" => "test_access_token",
|
459
|
+
"expires_in" => 86400},
|
460
|
+
true,
|
461
|
+
200)
|
462
|
+
end
|
463
|
+
|
464
|
+
result = client_secret_instance.send :login_with_resource_owner, 'the_username', 'the_password'
|
465
|
+
|
466
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
467
|
+
expect(result.id_token).not_to be_nil
|
468
|
+
expect(result.access_token).not_to be_nil
|
469
|
+
expect(result.expires_in).not_to be_nil
|
470
|
+
end
|
471
|
+
|
472
|
+
it 'logs in using a client secret, realm and audience' do
|
473
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
474
|
+
expect(arg).to match(
|
475
|
+
include(
|
476
|
+
method: :post,
|
477
|
+
url: 'https://samples.auth0.com/oauth/token'
|
478
|
+
)
|
479
|
+
)
|
480
|
+
|
481
|
+
expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
|
482
|
+
username: 'the_username',
|
483
|
+
password: 'the_password',
|
484
|
+
grant_type: 'http://auth0.com/oauth/grant-type/password-realm',
|
485
|
+
client_id: client_id,
|
486
|
+
client_secret: client_secret,
|
487
|
+
realm: 'my-realm',
|
488
|
+
audience: api_identifier,
|
489
|
+
scope: 'openid'
|
490
|
+
})
|
491
|
+
|
492
|
+
StubResponse.new({
|
493
|
+
"id_token" => "id_token",
|
494
|
+
"access_token" => "test_access_token",
|
495
|
+
"expires_in" => 86400},
|
496
|
+
true,
|
497
|
+
200)
|
498
|
+
end
|
499
|
+
|
500
|
+
result = client_secret_instance.send :login_with_resource_owner, 'the_username', 'the_password', realm: 'my-realm', audience: api_identifier
|
501
|
+
|
502
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
503
|
+
expect(result.id_token).not_to be_nil
|
504
|
+
expect(result.access_token).not_to be_nil
|
505
|
+
expect(result.expires_in).not_to be_nil
|
506
|
+
end
|
507
|
+
|
508
|
+
it 'logs in using client assertion' do
|
509
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
510
|
+
expect(arg).to match(
|
511
|
+
include(
|
512
|
+
method: :post,
|
513
|
+
url: 'https://samples.auth0.com/oauth/token'
|
514
|
+
)
|
515
|
+
)
|
516
|
+
|
517
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
518
|
+
|
519
|
+
expect(payload[:grant_type]).to eq('password')
|
520
|
+
expect(payload[:client_secret]).to be_nil
|
521
|
+
expect(payload[:client_assertion]).not_to be_nil
|
522
|
+
expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
523
|
+
|
524
|
+
StubResponse.new({
|
525
|
+
"id_token" => "id_token",
|
526
|
+
"access_token" => "test_access_token",
|
527
|
+
"expires_in" => 86400},
|
528
|
+
true,
|
529
|
+
200)
|
530
|
+
end
|
531
|
+
|
532
|
+
result = client_assertion_instance.send :login_with_resource_owner, 'the_username', 'the_password'
|
533
|
+
|
534
|
+
expect(result).to be_a_kind_of(Auth0::AccessToken)
|
535
|
+
expect(result.id_token).not_to be_nil
|
536
|
+
expect(result.access_token).not_to be_nil
|
537
|
+
expect(result.expires_in).not_to be_nil
|
538
|
+
end
|
539
|
+
end
|
540
|
+
|
541
|
+
context 'start_passwordless_email_flow' do
|
542
|
+
it 'starts passwordless flow using a client secret' do
|
543
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
544
|
+
expect(arg).to match(
|
545
|
+
include(
|
546
|
+
method: :post,
|
547
|
+
url: 'https://samples.auth0.com/passwordless/start'
|
548
|
+
)
|
549
|
+
)
|
550
|
+
|
551
|
+
expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
|
552
|
+
email: 'email@test.com',
|
553
|
+
send: 'link',
|
554
|
+
authParams: {},
|
555
|
+
connection: 'email',
|
556
|
+
client_id: client_id,
|
557
|
+
client_secret: client_secret
|
558
|
+
})
|
559
|
+
|
560
|
+
StubResponse.new({}, true, 200)
|
561
|
+
end
|
562
|
+
|
563
|
+
client_secret_instance.send :start_passwordless_email_flow, 'email@test.com'
|
564
|
+
end
|
565
|
+
|
566
|
+
it 'starts passwordless email flow using client assertion' do
|
567
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
568
|
+
expect(arg).to match(
|
569
|
+
include(
|
570
|
+
method: :post,
|
571
|
+
url: 'https://samples.auth0.com/passwordless/start'
|
572
|
+
)
|
573
|
+
)
|
574
|
+
|
575
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
576
|
+
|
577
|
+
expect(payload[:client_secret]).to be_nil
|
578
|
+
expect(payload[:client_assertion]).not_to be_nil
|
579
|
+
expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
580
|
+
|
581
|
+
StubResponse.new({}, true, 200)
|
582
|
+
end
|
583
|
+
|
584
|
+
client_assertion_instance.send :start_passwordless_email_flow, 'email@test.com'
|
585
|
+
end
|
586
|
+
end
|
587
|
+
|
588
|
+
context 'start_passwordless_sms_flow' do
|
589
|
+
it 'starts passwordless flow using a client secret' do
|
590
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
591
|
+
expect(arg).to match(
|
592
|
+
include(
|
593
|
+
method: :post,
|
594
|
+
url: 'https://samples.auth0.com/passwordless/start'
|
595
|
+
)
|
596
|
+
)
|
597
|
+
|
598
|
+
expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq({
|
599
|
+
phone_number: '123456789',
|
600
|
+
connection: 'sms',
|
601
|
+
client_id: client_id,
|
602
|
+
client_secret: client_secret
|
603
|
+
})
|
604
|
+
|
605
|
+
StubResponse.new({}, true, 200)
|
606
|
+
end
|
607
|
+
|
608
|
+
client_secret_instance.send :start_passwordless_sms_flow, '123456789'
|
609
|
+
end
|
610
|
+
|
611
|
+
it 'starts passwordless email flow using client assertion' do
|
612
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
613
|
+
expect(arg).to match(
|
614
|
+
include(
|
615
|
+
method: :post,
|
616
|
+
url: 'https://samples.auth0.com/passwordless/start'
|
617
|
+
)
|
618
|
+
)
|
619
|
+
|
620
|
+
payload = JSON.parse arg[:payload], symbolize_names: true
|
621
|
+
|
622
|
+
expect(payload[:client_secret]).to be_nil
|
623
|
+
expect(payload[:client_assertion]).not_to be_nil
|
624
|
+
expect(payload[:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
625
|
+
|
626
|
+
StubResponse.new({}, true, 200)
|
627
|
+
end
|
628
|
+
|
629
|
+
client_assertion_instance.send :start_passwordless_sms_flow, '123456789'
|
630
|
+
end
|
631
|
+
end
|
632
|
+
|
633
|
+
context 'par_authorization_url' do
|
634
|
+
it 'throws an exception if request_uri is nil' do
|
635
|
+
expect { client_secret_instance.send :par_authorization_url, nil}.to raise_error Auth0::InvalidParameter
|
636
|
+
end
|
637
|
+
|
638
|
+
it 'throws an exception if request_uri is empty' do
|
639
|
+
expect { client_secret_instance.send :par_authorization_url, ''}.to raise_error Auth0::InvalidParameter
|
640
|
+
end
|
641
|
+
|
642
|
+
it 'builds a URL containing the request_uri' do
|
643
|
+
url = client_secret_instance.send :par_authorization_url, request_uri
|
644
|
+
expect(CGI.unescape(url.to_s)).to eq("https://samples.auth0.com/authorize?client_id=#{client_id}&request_uri=#{request_uri}")
|
645
|
+
end
|
646
|
+
end
|
647
|
+
|
648
|
+
context 'pushed_authorization_request' do
|
649
|
+
it 'sends the request as a form post' do
|
650
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
651
|
+
expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
|
652
|
+
expect(arg[:method]).to eq(:post)
|
653
|
+
|
654
|
+
expect(arg[:payload]).to eq({
|
655
|
+
client_id: client_id,
|
656
|
+
client_secret: client_secret,
|
657
|
+
response_type: 'code',
|
658
|
+
})
|
659
|
+
|
660
|
+
StubResponse.new({}, true, 200)
|
661
|
+
end
|
662
|
+
|
663
|
+
client_secret_instance.send :pushed_authorization_request
|
664
|
+
end
|
665
|
+
|
666
|
+
it 'allows the RestClient to handle the correct header defaults' do
|
667
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
668
|
+
expect(arg[:headers]).not_to have_key('Content-Type')
|
669
|
+
|
670
|
+
StubResponse.new({}, true, 200)
|
671
|
+
end
|
672
|
+
|
673
|
+
client_secret_instance.headers['Content-Type'] = 'application/x-www-form-urlencoded'
|
674
|
+
client_secret_instance.send :pushed_authorization_request
|
675
|
+
end
|
676
|
+
|
677
|
+
it 'sends the request as a form post with all known overrides' do
|
678
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
679
|
+
expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
|
680
|
+
expect(arg[:method]).to eq(:post)
|
681
|
+
|
682
|
+
expect(arg[:payload]).to eq({
|
683
|
+
client_id: client_id,
|
684
|
+
client_secret: client_secret,
|
685
|
+
connection: 'google-oauth2',
|
686
|
+
organization: 'org_id',
|
687
|
+
invitation: 'http://invite.url',
|
688
|
+
redirect_uri: 'http://localhost:3000',
|
689
|
+
response_type: 'id_token',
|
690
|
+
scope: 'openid',
|
691
|
+
state: 'random_value'
|
692
|
+
})
|
693
|
+
|
694
|
+
StubResponse.new({}, true, 200)
|
695
|
+
end
|
696
|
+
|
697
|
+
client_secret_instance.send(:pushed_authorization_request,
|
698
|
+
response_type: 'id_token',
|
699
|
+
redirect_uri: 'http://localhost:3000',
|
700
|
+
organization: 'org_id',
|
701
|
+
invitation: 'http://invite.url',
|
702
|
+
scope: 'openid',
|
703
|
+
state: 'random_value',
|
704
|
+
connection: 'google-oauth2')
|
705
|
+
end
|
706
|
+
|
707
|
+
it 'sends the request as a form post using client assertion' do
|
708
|
+
expect(RestClient::Request).to receive(:execute) do |arg|
|
709
|
+
expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
|
710
|
+
expect(arg[:method]).to eq(:post)
|
711
|
+
expect(arg[:payload][:client_secret]).to be_nil
|
712
|
+
expect(arg[:payload][:client_assertion]).not_to be_nil
|
713
|
+
expect(arg[:payload][:client_assertion_type]).to eq Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
714
|
+
|
715
|
+
StubResponse.new({}, true, 200)
|
716
|
+
end
|
717
|
+
|
718
|
+
client_assertion_instance.send :pushed_authorization_request
|
719
|
+
end
|
720
|
+
end
|
721
|
+
end
|
722
|
+
end
|