auth0 5.13.0 → 5.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb764cc8daf156b3d3736bff8c65c69c32db6d15757f2e450ea85eb0dca300c0
-  data.tar.gz: b0cfc02df42818062bc5cb609daaffd04806f9ea92f771caf58575b9faa781c8
+  metadata.gz: b34c959171acbebc0ef4f851232de93af1d70318bb762243903d5269275843fa
+  data.tar.gz: 2856980051e6dec9ede6569c185516ffd08d2dfa4918a96a5fc4d0f96e17d44c
 SHA512:
-  metadata.gz: 68c6502714f8c631aa92a0b29d387e662cf06b9ec4e18f4d12e3260a7068a5e754b1f29bc60a76b2defa54763919ee9b6e31ffb5181d1c0d38c584bf4d0186a3
-  data.tar.gz: 26a2e83b7aa49807d45cda688d857d8dc93177bdd4a47b92b0e952561a2dbda2a056a15c537b71a787d22ddebb5ebb4fddb9f7e83fb26ce7e769b1c23a49c221
+  metadata.gz: 9e551b02de8f4464e4c688259dc0840844aa3cc80111a78254a7082a67b76209e1a991cbe241d7fc3839fea0fac00bdaf0917863d306c54bd51def3db524cc79
+  data.tar.gz: '092c26e20e6b6a850fde55c8beb8f4535a31e20db4144dd001feada3ca4256223580d56e82176ab4264d9146dd0de42610eb77a0ebf7fce9002e489681f9b7ae'

data/.devcontainer/Dockerfile

@@ -1,7 +1,7 @@
 # See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/ruby/.devcontainer/base.Dockerfile
 
 # [Choice] Ruby version (use -bullseye variants on local arm64/Apple Silicon): 3, 3.1, 3.0, 2, 2.7, 3-bullseye, 3.1-bullseye, 3.0-bullseye, 2-bullseye, 2.7-bullseye, 3-buster, 3.1-buster, 3.0-buster, 2-buster, 2.7-buster
-ARG VARIANT="3.1-bullseye"
+ARG VARIANT="3.2-bullseye"
 FROM mcr.microsoft.com/vscode/devcontainers/ruby:0-${VARIANT}
 
 # [Choice] Node.js version: none, lts/*, 16, 14, 12, 10

data/.github/ISSUE_TEMPLATE/Bug Report.yml

@@ -0,0 +1,67 @@
+name: 🐞 Report a bug
+description: Have you found a bug or issue? Create a bug report for this library
+labels: ["bug"]
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        **Please do not report security vulnerabilities here**. The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
+
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      options:
+        - label: I have looked into the [Readme](https://github.com/auth0/ruby-auth0#readme) and [Examples](https://github.com/auth0/ruby-auth0/blob/master/EXAMPLES.md), and have not found a suitable solution or answer.
+          required: true
+        - label: I have looked into the [API documentation](https://www.rubydoc.info/gems/auth0) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [issues](https://github.com/auth0/ruby-auth0/issues) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [Auth0 Community](https://community.auth0.com) forums and have not found a suitable solution or answer.
+          required: true
+        - label: I agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Provide a clear and concise description of the issue, including what you expected to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Reproduction
+      description: Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is intermittent.
+      placeholder: |
+        1. Step 1...
+        2. Step 2...
+        3. ...
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional context
+      description: Other libraries that might be involved, or any other relevant information you think would be useful.
+    validations:
+      required: false
+
+  - type: input
+    id: environment-version
+    attributes:
+      label: ruby-auth0 version
+    validations:
+      required: true
+
+  - type: input
+    id: environment-ruby-version
+    attributes:
+      label: Ruby version
+    validations:
+      required: true

data/.github/ISSUE_TEMPLATE/Feature Request.yml

@@ -0,0 +1,53 @@
+name: 🧩 Feature request
+description: Suggest an idea or a feature for this library
+labels: ["feature request"]
+
+body:
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      options:
+        - label: I have looked into the [Readme](https://github.com/auth0/ruby-auth0#readme) and [Examples](https://github.com/auth0/ruby-auth0/blob/master/EXAMPLES.md), and have not found a suitable solution or answer.
+          required: true
+        - label: I have looked into the [API documentation](https://www.rubydoc.info/gems/auth0) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [issues](https://github.com/auth0/ruby-auth0/issues) and have not found a suitable solution or answer.
+          required: true
+        - label: I have searched the [Auth0 Community](https://community.auth0.com) forums and have not found a suitable solution or answer.
+          required: true
+        - label: I agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the problem you'd like to have solved
+      description: A clear and concise description of what the problem is.
+      placeholder: I'm always frustrated when...
+    validations:
+      required: true
+
+  - type: textarea
+    id: ideal-solution
+    attributes:
+      label: Describe the ideal solution
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives-and-workarounds
+    attributes:
+      label: Alternatives and current workarounds
+      description: A clear and concise description of any alternatives you've considered or any workarounds that are currently in place.
+    validations:
+      required: false
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request here.
+    validations:
+      required: false

data/.github/ISSUE_TEMPLATE/config.yml

@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: Auth0 Community
-    url: https://community.auth0.com/c/sdks/5
+    url: https://community.auth0.com
     about: Discuss this SDK in the Auth0 Community forums
   - name: SDK API Documentation
     url: https://www.rubydoc.info/gems/auth0

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## [v5.14.0](https://github.com/auth0/ruby-auth0/tree/v5.14.0) (2023-07-13)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.13.0...v5.14.0)
+
+**Added**
+- [SDK-4386] Support Organization Name in Authorize [\#495](https://github.com/auth0/ruby-auth0/pull/495) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
 ## [v5.13.0](https://github.com/auth0/ruby-auth0/tree/v5.13.0) (2023-04-24)
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.12.0...v5.13.0)
 

data/EXAMPLES.md

@@ -85,7 +85,7 @@ Note that Organizations is currently only available to customers on our Enterpri
 
 ### Logging in with an Organization
 
-Configure the Authentication API client and pass your Organization ID to the authorize url:
+Configure the Authentication API client and pass your Organization ID or name to the authorize url:
 
 ```ruby
 require 'auth0'
@@ -94,7 +94,7 @@ require 'auth0'
   client_id: '{YOUR_APPLICATION_CLIENT_ID}',
   client_secret: '{YOUR_APPLICATION_CLIENT_SECRET}',
   domain: '{YOUR_TENANT}.auth0.com',
-  organization: "{YOUR_ORGANIZATION_ID}"
+  organization: "{YOUR_ORGANIZATION_ID_OR_NAME}"
 )
 
 universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}")
@@ -113,7 +113,7 @@ require 'auth0'
   client_id: '{YOUR_APPLICATION_CLIENT_ID}',
   client_secret: '{YOUR_APPLICATION_CLIENT_ID}',
   domain: '{YOUR_TENANT}.auth0.com',
-  organization: "{YOUR_ORGANIZATION_ID}"
+  organization: "{YOUR_ORGANIZATION_ID_OR_NAME}"
 )
 
 universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}", {
@@ -148,7 +148,7 @@ The method takes the following optional keyword parameters:
 | `max_age`      | Integer        | The `max_age` value you sent in the call to `/authorize`, if any.                                                         | `nil`                                                                                                                  |
 | `issuer`       | String         | By default the `iss` claim will be checked against the URL of your **Auth0 Domain**. Use this parameter to override that. | `nil`                                                                                                                  |
 | `audience`     | String         | By default the `aud` claim will be compared to your **Auth0 Client ID**. Use this parameter to override that.             | `nil`                                                                                                                  |
-| `organization` | String         | By default the `org_id` claim will be compared to your **Organization ID**. Use this parameter to override that.          | `nil`                                                                                                                  |
+| `organization` | String         | By default the `org_id` or `org_name` claims will be compared to the `organization` value specified at client creation. Use this parameter to override that.          | `nil`                                                                                                                  |
 
 You can check the signing algorithm value under **Advanced Settings > OAuth > JsonWebToken Signature Algorithm** in your Auth0 application settings panel. [We recommend](https://auth0.com/docs/tokens/concepts/signing-algorithms#our-recommendation) that you make use of asymmetric signing algorithms like `RS256` instead of symmetric ones like `HS256`.
 
@@ -170,15 +170,17 @@ rescue Auth0::InvalidIdToken => e
 end
 ```
 
-### Organization ID Token Validation
+### Organization claim validation
 
-If an org_id claim is present in the Access Token, then the claim should be validated by the API to ensure that the value received is expected or known.
+If an `org_id` or `org_name` claim is present in the access   token, then the claim should be validated by the API to ensure that the value received is expected or known.
 
 In particular:
 
 - The issuer (iss) claim should be checked to ensure the token was issued by Auth0
 
-- the org_id claim should be checked to ensure it is a value that is already known to the application. This could be validated against a known list of organization IDs, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token.
+- the `org_id` or `org_name` claim should be checked to ensure it is a value that is already known to the application. Which claim you check depends on the organization value being validated: if it starts with `org_`, validate against the `org_id` claim. Otherwise, validate against `org_name`. Further, `org_name` validation should be done using a **case-insensitive** check, whereas `org_id` should be an exact case-sensitive match.
+
+This could be validated against a known list of organization IDs or names, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token.
 
 Normally, validating the issuer would be enough to ensure that the token was issued by Auth0. In the case of organizations, additional checks should be made so that the organization within an Auth0 tenant is expected.
 
@@ -186,7 +188,7 @@ If the claim cannot be validated, then the application should deem the token inv
 
 ```ruby
 begin
-  @auth0_client.validate_id_token 'YOUR_ID_TOKEN', organization: '{Expected org_id}'
+  @auth0_client.validate_id_token 'YOUR_ID_TOKEN', organization: '{Expected org_id or org_name}'
 rescue Auth0::InvalidIdToken => e
   # In this case the ID Token contents should not be trusted
 end

data/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: .
   specs:
-    auth0 (5.13.0)
+    auth0 (5.14.0)
       addressable (~> 2.8)
-      jwt (~> 2.5)
+      jwt (~> 2.7)
       rest-client (~> 2.1)
       retryable (~> 3.0)
       zache (~> 0.12)
@@ -11,20 +11,20 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.0.4.3)
-      actionview (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.0.6)
+      actionview (= 7.0.6)
+      activesupport (= 7.0.6)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionview (7.0.6)
+      activesupport (= 7.0.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.4.3)
+    activesupport (7.0.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -62,52 +62,56 @@ GEM
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    i18n (1.12.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     io-console (0.6.0)
-    irb (1.6.4)
-      reline (>= 0.3.0)
+    irb (1.7.3)
+      reline (>= 0.3.6)
     json (2.6.3)
-    jwt (2.7.0)
-    loofah (2.20.0)
+    jwt (2.7.1)
+    language_server-protocol (3.17.0.3)
+    loofah (2.21.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     method_source (1.0.0)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2023.0218.1)
-    minitest (5.18.0)
+    minitest (5.18.1)
     multi_json (1.15.0)
     netrc (0.11.0)
-    nokogiri (1.14.3-x86_64-linux)
+    nokogiri (1.15.3-x86_64-linux)
       racc (~> 1.4)
     parallel (1.23.0)
-    parser (3.2.2.1)
+    parser (3.2.2.3)
       ast (~> 2.4.1)
+      racc
     pp (0.4.0)
       prettyprint
     prettyprint (0.1.1)
-    public_suffix (5.0.1)
-    racc (1.6.2)
-    rack (2.2.6.4)
+    public_suffix (5.0.3)
+    racc (1.7.1)
+    rack (2.2.7)
     rack-test (0.8.3)
       rack (>= 1.0, < 3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.1.1)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.5.0)
-      loofah (~> 2.19, >= 2.19.1)
-    railties (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.0.6)
+      actionpack (= 7.0.6)
+      activesupport (= 7.0.6)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
-    regexp_parser (2.8.0)
-    reline (0.3.3)
+    regexp_parser (2.8.1)
+    reline (0.3.6)
       io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
@@ -125,23 +129,24 @@ GEM
     rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.5)
+    rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-support (3.12.0)
-    rubocop (1.50.2)
+    rspec-support (3.12.1)
+    rubocop (1.54.1)
       json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.2.2.3)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.28.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.28.0)
+    rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
-    rubocop-rails (2.19.1)
+    rubocop-rails (2.20.2)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
@@ -158,7 +163,7 @@ GEM
     sync (0.5.0)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
-    thor (1.2.1)
+    thor (1.2.2)
     timecop (0.9.6)
     tins (1.32.1)
       sync
@@ -168,13 +173,13 @@ GEM
       unf_ext
     unf_ext (0.0.8.2)
     unicode-display_width (2.4.2)
-    vcr (6.1.0)
+    vcr (6.2.0)
     webmock (3.18.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    zache (0.12.0)
-    zeitwerk (2.6.7)
+    zache (0.13.0)
+    zeitwerk (2.6.8)
 
 PLATFORMS
   x86_64-linux

data/auth0.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
 
   s.add_runtime_dependency 'rest-client', '~> 2.1'
-  s.add_runtime_dependency 'jwt', '~> 2.5'
+  s.add_runtime_dependency 'jwt', '~> 2.7'
   s.add_runtime_dependency 'zache', '~> 0.12'
   s.add_runtime_dependency 'addressable', '~> 2.8'
   s.add_runtime_dependency 'retryable', '~> 3.0'

data/lib/auth0/mixins/validation.rb

@@ -188,13 +188,26 @@ module Auth0
         end
 
         def validate_org(claims, expected)
-          unless claims.key?('org_id') && claims['org_id'].is_a?(String)
-            raise Auth0::InvalidIdToken, 'Organization Id (org_id) claim must be a string present in the ID token'
-          end
+          validate_as_id = expected.start_with? 'org_'
+
+          if validate_as_id
+            unless claims.key?('org_id') && claims['org_id'].is_a?(String)
+              raise Auth0::InvalidIdToken, 'Organization Id (org_id) claim must be a string present in the ID token'
+            end
 
-          unless expected == claims['org_id']
-            raise Auth0::InvalidIdToken, "Organization Id (org_id) claim value mismatch in the ID token; expected \"#{expected}\","\
-                                         " found \"#{claims['org_id']}\""
+            unless expected == claims['org_id']
+              raise Auth0::InvalidIdToken, "Organization Id (org_id) claim value mismatch in the ID token; expected \"#{expected}\","\
+                                          " found \"#{claims['org_id']}\""
+            end
+          else
+            unless claims.key?('org_name') && claims['org_name'].is_a?(String)
+              raise Auth0::InvalidIdToken, 'Organization Name (org_name) claim must be a string present in the ID token'
+            end
+
+            unless expected.downcase == claims['org_name'].downcase
+              raise Auth0::InvalidIdToken, "Organization Name (org_name) claim value mismatch in the ID token; expected \"#{expected}\","\
+                                          " found \"#{claims['org_name']}\""
+            end
           end
         end
 

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.13.0'.freeze
+  VERSION = '5.14.0'.freeze
 end

data/spec/lib/auth0/mixins/validation_spec.rb

@@ -1,5 +1,6 @@
 # rubocop:disable Metrics/BlockLength
 require 'spec_helper'
+require 'jwt'
 
 RSA_PUB_KEY_JWK_1 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-1' }.freeze
 RSA_PUB_KEY_JWK_2 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-2' }.freeze
@@ -13,8 +14,14 @@ LEEWAY = 60
 CLOCK = 1587592561 # Apr 22 2020 21:56:01 UTC
 CONTEXT = { algorithm: Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET), leeway: LEEWAY, audience: 'tokens-test-123', issuer: 'https://tokens-test.auth0.com/', clock: CLOCK }.freeze
 
+def build_id_token(payload = {})
+  default_payload = { iss: CONTEXT[:issuer], sub: 'user123', aud: CONTEXT[:audience], exp: CLOCK, iat: CLOCK }
+  JWT.encode(default_payload.merge(payload), HMAC_SHARED_SECRET, 'HS256')
+end
+
 describe Auth0::Mixins::Validation::IdTokenValidator do
   subject { @instance }
+  let (:minimal_id_token) { build_id_token }
 
   context 'instance' do
     it 'is expected respond to :validate' do
@@ -285,30 +292,73 @@ describe Auth0::Mixins::Validation::IdTokenValidator do
       expect { instance.validate(token) }.to raise_exception("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time \"#{clock}\" is after last auth at \"#{auth_time}\"")
     end
 
-    it 'is expected not to raise an error when org_id exsist in the token, but not required' do
-      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
-      expect { @instance.validate(token) }.not_to raise_exception
-    end
+    context 'Organization claims validation' do
+      it 'is expected not to raise an error when org_id exsist in the token, but not required' do
+        token = build_id_token org_id: 'org_123'
+        expect { @instance.validate(token) }.not_to raise_exception
+      end
 
-    it 'is expected to raise an error with a missing but required organization' do
-      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE4MTg1LCJpYXQiOjE2MTY0NDUzODUsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTc4NX0.UMo5pmgceXO9lIKzbk7X0ZhE5DOe0IP2LfMKdUj03zQ'
-      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' }))
+      it 'is expected not to raise an error when org_name exists in the token, but not required' do
+        token = build_id_token org_name: 'my-organization'
+        expect { @instance.validate(token) }.not_to raise_exception
+      end
 
-      expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim must be a string present in the ID token')
-    end
+      it 'is expected to raise an error with a missing but required organization ID' do
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_1234' }))
+        expect { instance.validate(minimal_id_token) }.to raise_exception('Organization Id (org_id) claim must be a string present in the ID token')
+      end
 
-    it 'is expected to raise an error with an invalid organization' do
-      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
-      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' }))
+      it 'is expected to raise an error with a missing but required organization name' do
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' }))
+        expect { instance.validate(minimal_id_token) }.to raise_exception('Organization Name (org_name) claim must be a string present in the ID token')
+      end
 
-      expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim value mismatch in the ID token; expected "a1b2c3d4e5", found "testOrg"')
-    end
+      it 'is expected to raise an error with an invalid organization ID' do
+        token = build_id_token org_id: 'org_1234'      
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_5678' }))
+
+        expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim value mismatch in the ID token; expected "org_5678", found "org_1234"')
+      end
+
+      it 'is expected to raise an error with an invalid organization name' do
+        token = build_id_token org_name: 'another-organization'
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' }))
+
+        expect { instance.validate(token) }.to raise_exception('Organization Name (org_name) claim value mismatch in the ID token; expected "my-organization", found "another-organization"')
+      end
+
+      it 'is expected to NOT raise an error with a valid organization ID' do
+        token = build_id_token org_id: 'org_1234'
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_1234' }))
+
+        expect { instance.validate(token) }.not_to raise_exception
+      end
+
+      it 'is expected to NOT raise an error with a valid organization name' do
+        token = build_id_token org_name: 'my-organization'
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' }))
+
+        expect { instance.validate(token) }.not_to raise_exception
+      end
+
+      it 'is expected to NOT raise an error with organization name in different casing' do
+        token = build_id_token org_name: 'MY-ORGANIZATION'
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' }))
+
+        expect { instance.validate(token) }.not_to raise_exception
+      end
 
-    it 'is expected to NOT raise an error with a valid organization' do
-      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
-      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'testOrg' }))
+      it 'validates org_id when both claims are present in the token' do
+        token = build_id_token org_name: 'my-organization', org_id: 'org_1234'
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_1234' }))
+        expect { instance.validate(token) }.not_to raise_exception        
+      end
 
-      expect { instance.validate(token) }.not_to raise_exception
+      it 'validates org_name when both claims are present in the token' do
+        token = build_id_token org_name: 'my-organization', org_id: 'org_1234'
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' }))
+        expect { instance.validate(token) }.not_to raise_exception        
+      end
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auth0
 version: !ruby/object:Gem::Version
-  version: 5.13.0
+  version: 5.14.0
 platform: ruby
 authors:
 - Auth0
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-24 00:00:00.000000000 Z
+date: 2023-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -33,14 +33,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.5'
+        version: '2.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.5'
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: zache
   requirement: !ruby/object:Gem::Requirement
@@ -237,9 +237,9 @@ files:
 - ".env.example"
 - ".gemrelease"
 - ".github/CODEOWNERS"
+- ".github/ISSUE_TEMPLATE/Bug Report.yml"
+- ".github/ISSUE_TEMPLATE/Feature Request.yml"
 - ".github/ISSUE_TEMPLATE/config.yml"
-- ".github/ISSUE_TEMPLATE/feature_request.md"
-- ".github/ISSUE_TEMPLATE/report_a_bug.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/dependabot.yml"
 - ".github/stale.yml"

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,39 +0,0 @@
----
-name: Feature request
-about: Suggest an idea or a feature for this project
-title: ''
-labels: feature request
-assignees: ''
----
-
-<!--
-**Please do not report security vulnerabilities here**. The Responsible Disclosure Program (https://auth0.com/whitehat) details the procedure for disclosing security issues.
-
-Thank you in advance for helping us to improve this library! Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community (https://community.auth0.com/) or Auth0 Support (https://support.auth0.com/). Finally, to avoid duplicates, please search existing Issues before submitting one here.
-
-By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct (https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
--->
-
-### Describe the problem you'd like to have solved
-
-<!--
-> A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
--->
-
-### Describe the ideal solution
-
-<!--
-> A clear and concise description of what you want to happen.
--->
-
-## Alternatives and current work-arounds
-
-<!--
-> A clear and concise description of any alternatives you've considered or any work-arounds that are currently in place.
--->
-
-### Additional information, if any
-
-<!--
-> Add any other context or screenshots about the feature request here.
--->

data/.github/ISSUE_TEMPLATE/report_a_bug.md

@@ -1,55 +0,0 @@
----
-name: Report a bug
-about: Have you found a bug or issue? Create a bug report for this SDK
-title: ''
-labels: bug report
-assignees: ''
----
-
-<!--
-**Please do not report security vulnerabilities here**. The Responsible Disclosure Program (https://auth0.com/whitehat) details the procedure for disclosing security issues.
-
-Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community (https://community.auth0.com/) or Auth0 Support (https://support.auth0.com/). Finally, to avoid duplicates, please search existing Issues before submitting one here.
-
-By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct (https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
--->
-
-### Describe the problem
-
-<!--
-> Provide a clear and concise description of the issue
--->
-
-### What was the expected behavior?
-
-<!--
-> Tell us about the behavior you expected to see
--->
-
-### Reproduction
-<!--
-> Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is intermittent.
-> **Note**: If clear, reproducable steps or the smallest sample app demonstrating misbehavior cannot be provided, we may not be able to follow up on this bug report.
-
-> Where possible, please include:
->
-> - The smallest possible sample app that reproduces the undesirable behavior
-> - Log files (redact/remove sensitive information)
-> - Application settings (redact/remove sensitive information)
-> - Screenshots
--->
-
-- Step 1..
-- Step 2..
-- ...
-
-### Environment
-
-<!--
-> Please provide the following:
--->
-
-- **Version of this library used:**
-- **Which framework are you using, if applicable:**
-- **Other modules/plugins/libraries that might be involved:**
-- **Any other relevant information you think would be useful:**