auth0 5.14.0 → 5.14.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b34c959171acbebc0ef4f851232de93af1d70318bb762243903d5269275843fa
-  data.tar.gz: 2856980051e6dec9ede6569c185516ffd08d2dfa4918a96a5fc4d0f96e17d44c
+  metadata.gz: 97ee62870b22963b87275a7a9b6cb691f2353a3f10820d0b3a7f24300a538fec
+  data.tar.gz: dd9812af9eb9ab13724912ecec01497c9cdc204f462ef9c8a954abc0c54a2a97
 SHA512:
-  metadata.gz: 9e551b02de8f4464e4c688259dc0840844aa3cc80111a78254a7082a67b76209e1a991cbe241d7fc3839fea0fac00bdaf0917863d306c54bd51def3db524cc79
-  data.tar.gz: '092c26e20e6b6a850fde55c8beb8f4535a31e20db4144dd001feada3ca4256223580d56e82176ab4264d9146dd0de42610eb77a0ebf7fce9002e489681f9b7ae'
+  metadata.gz: aa6947cfb14277b47a255ca71b2ae7d560f6fe1e3f4d85007431024af96a38d880855a2e6a56b5807551838d9413ac90403c736601ff1e74531e64f92728c45c
+  data.tar.gz: cf0cee02c1fd5964d2a84e35de0264ec966e9b512f2dd613e94dafd349f5b062e8e4c5cf02396dffc969ad74e472b1d908803a2a586089d0d2ee7b7cdfde1481

data/.bundle/config

@@ -1,5 +1,4 @@
 ---
 BUNDLE_JOBS: "3"
 BUNDLE_BIN: "bin"
-BUNDLE_RETRY: "3"
-BUNDLE_PATH: "vendor/bundle"
+BUNDLE_RETRY: "3"

data/.circleci/config.yml

@@ -31,7 +31,6 @@ jobs:
     steps:
       - checkout
       - run: gem install bundler:2.3.22
-      - run: rm Gemfile.lock
       - restore_cache:
           key: gems-v2-{{ checksum "Gemfile.lock" }}
       - run: bundle check --path=vendor/bundle || bundle install --path=vendor/bundle

data/.github/actions/setup/action.yml

@@ -0,0 +1,32 @@
+name: Build package
+description: Build the SDK package
+
+inputs:
+  ruby:
+    description: The Ruby version to use
+    required: false
+    default: 3.2
+  bundle-path:
+    description: The path to the bundle cache
+    required: false
+    default: vendor/bundle
+  bundler-cache:
+    description: Whether to use the bundler cache
+    required: false
+    default: true
+
+runs:
+  using: composite
+
+  steps:
+    - name: Configure Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ inputs.ruby }}
+        bundler-cache: ${{ inputs.bundle-cache }}
+
+    - name: Install dependencies
+      run: bundle check || bundle install
+      shell: bash
+      env:
+        BUNDLE_PATH: ${{ inputs.bundle-path }}

data/.github/dependabot.yml

@@ -1,10 +1,13 @@
 version: 2
 updates:
-
-  - package-ecosystem: "bundler" 
-    directory: "/" 
+  - package-ecosystem: "bundler"
+    directory: "/"
     schedule:
       interval: "daily"
     ignore:
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'daily'

data/.github/workflows/codeql.yml

@@ -0,0 +1,53 @@
+name: CodeQL
+
+on:
+  merge_group:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: "37 10 * * 2"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
+
+jobs:
+  analyze:
+    name: Check for Vulnerabilities
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ruby]
+
+    steps:
+      - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
+        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"

data/.github/workflows/matrix.json

@@ -0,0 +1,7 @@
+{
+  "include": [
+    { "ruby": "3.0" },
+    { "ruby": "3.1" },
+    { "ruby": "3.2" }
+  ]
+}

data/.github/workflows/publish.yml

@@ -0,0 +1,37 @@
+name: Publish Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: The branch to release from.
+        required: true
+        default: master
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    name: Publish to RubyGems
+    runs-on: ubuntu-latest
+    environment: release
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Configure Ruby
+        uses: ./.github/actions/setup
+        with:
+          ruby: 3.2
+
+      - name: Publish to RubyGems
+        run: |
+          gem build *.gemspec
+          gem push *.gem
+        env:
+          GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}

data/.github/workflows/semgrep.yml

@@ -1,28 +1,49 @@
 name: Semgrep
 
 on:
-  pull_request: {}
-
+  merge_group:
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
   push:
     branches:
       - master
-      - main
-
   schedule:
-    - cron: '0 * * * *'
+    - cron: '30 0 1,15 * *'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
 jobs:
-  semgrep:
-    name: Scan
+  authorize:
+    name: Authorize
+    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
     runs-on: ubuntu-latest
+    steps:
+      - run: true
+
+  run:
+    needs: authorize # Require approval before running on forked pull requests
+
+    name: Check for Vulnerabilities
+    runs-on: ubuntu-latest
+
     container:
       image: returntocorp/semgrep
-    if: (github.repository_owner == 'auth0')
-    
+
     steps:
-      - uses: actions/checkout@v3
+      - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
+        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
-      - if: github.event.pull_request.draft == false && github.actor != 'dependabot[bot]'
-        run: semgrep ci
+      - run: semgrep ci
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

data/.github/workflows/snyk.yml

@@ -0,0 +1,47 @@
+name: Snyk
+
+on:
+  merge_group:
+  workflow_dispatch:
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: '30 0 1,15 * *'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
+
+jobs:
+  authorize:
+    name: Authorize
+    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
+    runs-on: ubuntu-latest
+    steps:
+      - run: true
+
+  check:
+    needs: authorize
+
+    name: Check for Vulnerabilities
+    runs-on: ubuntu-latest
+
+    steps:
+      - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
+        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.ref }}
+
+      - uses: snyk/actions/php@b98d498629f1c368650224d6d212bf7dfa89e4bf # pin@0.4.0
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

data/.github/workflows/test.yml

@@ -0,0 +1,69 @@
+name: Build and Test
+
+on:
+  merge_group:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
+
+env:
+  CACHE_KEY: "${{ github.ref }}-${{ github.run_id }}-${{ github.run_attempt }}"
+
+jobs:
+  configure:
+    name: Configure Build Matrix
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.ref }}
+
+      - id: set-matrix
+        run: echo "matrix=$(jq -c . < ./.github/workflows/matrix.json)" >> $GITHUB_OUTPUT
+
+  unit:
+    needs: configure
+
+    name: Run Unit Tests
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix: ${{ fromJson(needs.configure.outputs.matrix) }}
+
+    env:
+      DOMAIN: example.auth0.dev
+      CLIENT_ID: example-client
+      CLIENT_SECRET: example-secret
+      MASTER_JWT: example-jwt
+      BUNDLE_PATH: vendor/bundle
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure Ruby
+        uses: ./.github/actions/setup
+        with:
+          ruby: ${{ matrix.ruby }}
+
+      - name: Run tests
+        run: bundle exec rake test
+
+      - name: Upload coverage
+        if: matrix.ruby == '3.2'
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # pin@3.1.4

data/.snyk

@@ -0,0 +1,11 @@
+ignore:
+  SNYK-RUBY-RACK-1061917:
+    - rubocop-rails > rack:
+      reason: No direct upgrade available
+      expires: "2023-11-02T12:00:00.000Z"
+    - dotenv-rails > railties > actionpack > rack:
+        reason: No direct upgrade available
+        expires: "2023-11-02T12:00:00.000Z"
+    - dotenv-rails > railties > actionpack > rack-test:
+        reason: No direct upgrade available
+        expires: "2023-11-02T12:00:00.000Z"

data/CHANGELOG.md

@@ -1,61 +1,95 @@
 # Change Log
 
+## [v5.14.2](https://github.com/auth0/ruby-auth0/tree/v5.14.2) (2023-10-03)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.14.1...v5.14.2)
+
+**Fixed**
+
+- [API] `trigger_id` and `action_name` parameters for `create_action` endpoint are now optional [\#478](https://github.com/auth0/ruby-auth0/pull/478) [rapito](https://github.com/rapito)
+
+## [v5.14.1](https://github.com/auth0/ruby-auth0/tree/v5.14.1) (2023-07-19)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.14.0...v5.14.1)
+
+**Fixed**
+
+- chore: should not lowercase org_name claim [\#499](https://github.com/auth0/ruby-auth0/pull/499) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
 ## [v5.14.0](https://github.com/auth0/ruby-auth0/tree/v5.14.0) (2023-07-13)
+
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.13.0...v5.14.0)
 
 **Added**
+
 - [SDK-4386] Support Organization Name in Authorize [\#495](https://github.com/auth0/ruby-auth0/pull/495) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 ## [v5.13.0](https://github.com/auth0/ruby-auth0/tree/v5.13.0) (2023-04-24)
+
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.12.0...v5.13.0)
 
 **Added**
+
 - [SDK-4142] Add support for /oauth/par [\#470](https://github.com/auth0/ruby-auth0/pull/470) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 **Deprecated**
+
 - Drop support for 2.7 in CI build [\#467](https://github.com/auth0/ruby-auth0/pull/467) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 ## [v5.12.0](https://github.com/auth0/ruby-auth0/tree/v5.12.0) (2023-03-13)
+
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.11.0...v5.12.0)
 
 **Added**
+
 - [SDK-4014] User Authentication Method management API support [\#450](https://github.com/auth0/ruby-auth0/pull/450) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 **Fixed**
+
 - Remove broken FAQ link from README [\#441](https://github.com/auth0/ruby-auth0/pull/441) ([joxxoxo](https://github.com/joxxoxo))
 
 ## [v5.11.0](https://github.com/auth0/ruby-auth0/tree/v5.11.0) (2023-01-27)
+
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.10.0...v5.11.0)
 
 **Added**
+
 - feat: support exchanging OTP codes for tokens [\#438](https://github.com/auth0/ruby-auth0/pull/438) ([stevehobbsdev](https://github.com/stevehobbsdev))
 - [SDK-3869] Support client credentials in management client [\#437](https://github.com/auth0/ruby-auth0/pull/437) ([stevehobbsdev](https://github.com/stevehobbsdev))
 - [SDK-3863] Add support for Client Assertion in authentication endpoints [\#434](https://github.com/auth0/ruby-auth0/pull/434) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 **Changed**
+
 - ci: include Ruby 3.2 in test matrix [\#436](https://github.com/auth0/ruby-auth0/pull/436) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 ## [v5.10.0](https://github.com/auth0/ruby-auth0/tree/v5.10.0) (2022-10-10)
+
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.9.0...v5.10.0)
 
 **Changed**
+
 - Update jwt ~2.5 [\#384](https://github.com/auth0/ruby-auth0/pull/384) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 **Fixed**
+
 - Stop :get, :delete parameters from bleeding into subsequent requests [\#388](https://github.com/auth0/ruby-auth0/pull/388) ([stevehobbsdev](https://github.com/stevehobbsdev))
 - Support complex field names in export_users [\#387](https://github.com/auth0/ruby-auth0/pull/387) ([stevehobbsdev](https://github.com/stevehobbsdev))
 - Reconfigure rate limiting exponential backoff [\#386](https://github.com/auth0/ruby-auth0/pull/386) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 ## [v5.9.0](https://github.com/auth0/ruby-auth0/tree/v5.9.0) (2022-08-24)
+
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.8.1...v5.9.0)
 
 **Added**
+
 - Add Delete All Authenticators API for Users [\#375](https://github.com/auth0/ruby-auth0/pull/375) ([phongnh](https://github.com/phongnh))
 
 **Changed**
+
 - Add include_totals to get connections options [\#357](https://github.com/auth0/ruby-auth0/pull/357) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 **Fixed**
+
 - Fix typo and remove param that is not used [\#365](https://github.com/auth0/ruby-auth0/pull/365) ([MatthewRDodds](https://github.com/MatthewRDodds))
 - correct remove_user_roles doc: roles param is ids, not names [\#359](https://github.com/auth0/ruby-auth0/pull/359) ([gbirchmeier](https://github.com/gbirchmeier))
 

data/EXAMPLES.md

@@ -178,7 +178,7 @@ In particular:
 
 - The issuer (iss) claim should be checked to ensure the token was issued by Auth0
 
-- the `org_id` or `org_name` claim should be checked to ensure it is a value that is already known to the application. Which claim you check depends on the organization value being validated: if it starts with `org_`, validate against the `org_id` claim. Otherwise, validate against `org_name`. Further, `org_name` validation should be done using a **case-insensitive** check, whereas `org_id` should be an exact case-sensitive match.
+- the `org_id` or `org_name` claim should be checked to ensure it is a value that is already known to the application. Which claim you check depends on the organization value being validated: if it starts with `org_`, validate against the `org_id` claim. Otherwise, validate against `org_name`. Further, the value of the `org_name` claim will always be lowercase. To aid the developer experience, you may also lowercase the input organization name when checking against the `org_name`, but do not modify the `org_name` claim value.
 
 This could be validated against a known list of organization IDs or names, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token.
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    auth0 (5.14.0)
+    auth0 (5.14.2)
       addressable (~> 2.8)
       jwt (~> 2.7)
       rest-client (~> 2.1)
@@ -11,28 +11,30 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.0.6)
-      actionview (= 7.0.6)
-      activesupport (= 7.0.6)
+    actionpack (7.0.8)
+      actionview (= 7.0.8)
+      activesupport (= 7.0.8)
       rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.6)
-      activesupport (= 7.0.6)
+    actionview (7.0.8)
+      activesupport (= 7.0.8)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.6)
+    activesupport (7.0.8)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    addressable (2.8.4)
+    addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
+    base64 (0.1.1)
     builder (3.2.4)
+    coderay (1.1.3)
     concurrent-ruby (1.2.2)
     coveralls (0.7.1)
       multi_json (~> 1.3)
@@ -54,10 +56,25 @@ GEM
     erubi (1.12.0)
     faker (2.23.0)
       i18n (>= 1.8.11, < 2)
+    ffi (1.16.2)
+    formatador (1.1.0)
     fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
-    gem-release (0.7.4)
+    guard (2.18.1)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.13.0)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
     hashdiff (1.0.1)
     http-accept (1.7.0)
     http-cookie (1.0.5)
@@ -65,23 +82,38 @@ GEM
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     io-console (0.6.0)
-    irb (1.7.3)
-      reline (>= 0.3.6)
+    irb (1.8.1)
+      rdoc
+      reline (>= 0.3.8)
     json (2.6.3)
     jwt (2.7.1)
     language_server-protocol (3.17.0.3)
+    listen (3.8.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
     loofah (2.21.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
+    lumberjack (1.2.9)
     method_source (1.0.0)
-    mime-types (3.4.1)
+    mime-types (3.5.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.0218.1)
-    minitest (5.18.1)
+    mime-types-data (3.2023.0808)
+    minitest (5.20.0)
     multi_json (1.15.0)
+    nenv (0.3.0)
     netrc (0.11.0)
-    nokogiri (1.15.3-x86_64-linux)
+    nokogiri (1.15.4-aarch64-linux)
       racc (~> 1.4)
+    nokogiri (1.15.4-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.15.4-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.15.4-x86_64-linux)
+      racc (~> 1.4)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
     parallel (1.23.0)
     parser (3.2.2.3)
       ast (~> 2.4.1)
@@ -89,29 +121,39 @@ GEM
     pp (0.4.0)
       prettyprint
     prettyprint (0.1.1)
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    psych (5.1.0)
+      stringio
     public_suffix (5.0.3)
     racc (1.7.1)
-    rack (2.2.7)
-    rack-test (0.8.3)
-      rack (>= 1.0, < 3)
-    rails-dom-testing (2.1.1)
+    rack (2.2.8)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.0.6)
-      actionpack (= 7.0.6)
-      activesupport (= 7.0.6)
+    railties (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    rdoc (6.5.0)
+      psych (>= 4.0.0)
     regexp_parser (2.8.1)
-    reline (0.3.6)
+    reline (0.3.8)
       io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
@@ -119,7 +161,7 @@ GEM
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     retryable (3.0.5)
-    rexml (3.2.5)
+    rexml (3.2.6)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
@@ -133,7 +175,8 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.1)
-    rubocop (1.54.1)
+    rubocop (1.56.4)
+      base64 (~> 0.1.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
@@ -141,16 +184,17 @@ GEM
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.0, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
-    rubocop-rails (2.20.2)
+    rubocop-rails (2.21.2)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
     ruby-progressbar (1.13.0)
+    shellany (0.0.1)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -160,11 +204,13 @@ GEM
       simplecov (~> 0.19)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
+    stringio (3.0.8)
     sync (0.5.0)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
+    terminal-notifier-guard (1.7.0)
     thor (1.2.2)
-    timecop (0.9.6)
+    timecop (0.9.8)
     tins (1.32.1)
       sync
     tzinfo (2.0.6)
@@ -172,16 +218,20 @@ GEM
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8.2)
-    unicode-display_width (2.4.2)
+    unicode-display_width (2.5.0)
     vcr (6.2.0)
-    webmock (3.18.1)
+    webmock (3.19.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    zache (0.13.0)
-    zeitwerk (2.6.8)
+    zache (0.13.1)
+    zeitwerk (2.6.12)
 
 PLATFORMS
+  aarch64-linux
+  arm64-darwin-21
+  arm64-darwin-22
+  x86_64-darwin-21
   x86_64-linux
 
 DEPENDENCIES
@@ -191,20 +241,19 @@ DEPENDENCIES
   dotenv-rails (~> 2.0)
   faker (~> 2.0)
   fuubar (~> 2.0)
-  gem-release (~> 0.7)
+  guard-rspec (~> 4.5)
   irb
   pp
-  rack (~> 2.1)
-  rack-test (~> 0.6)
   rake (~> 13.0)
   rspec (~> 3.11)
   rubocop
   rubocop-rails
   simplecov (~> 0.9)
   simplecov-cobertura
+  terminal-notifier-guard
   timecop
   vcr
   webmock
 
 BUNDLED WITH
-   2.4.10
+   2.3.7

data/auth0.gemspec

@@ -28,10 +28,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI']
   s.add_development_dependency 'dotenv-rails', '~> 2.0'
   s.add_development_dependency 'rspec', '~> 3.11'
-  s.add_development_dependency 'rack-test', '~> 0.6'
-  s.add_development_dependency 'rack', '~> 2.1'
   s.add_development_dependency 'simplecov', '~> 0.9'
   s.add_development_dependency 'faker', '~> 2.0'
-  s.add_development_dependency 'gem-release', '~> 0.7'
   s.license = 'MIT'
 end

data/examples/ruby-api/Gemfile.lock

@@ -5,8 +5,8 @@ GEM
     jwt (2.5.0)
     mustermann (2.0.2)
       ruby2_keywords (~> 0.0.1)
-    nio4r (2.5.8)
-    puma (5.6.5)
+    nio4r (2.5.9)
+    puma (5.6.7)
       nio4r (~> 2.0)
     rack (2.2.6.4)
     rack-protection (2.2.3)

data/lib/auth0/api/v2/actions.rb

@@ -16,18 +16,16 @@ module Auth0
         # @param page [integer] The page number. Zero based.
         # @param installed [boolean] When true, return only installed actions. When false, return only custom actions. Returns all actions by default.
         # @return [json] Actions and pagination info
-        def actions(trigger_id, action_name, deployed: nil, per_page: nil, page: nil, installed: nil)
-          raise Auth0::MissingTriggerId, 'Must supply a valid trigger_id' if trigger_id.to_s.empty?
-          raise Auth0::MissingActionName, 'Must supply a valid action_name' if action_name.to_s.empty?
-
+        def actions(trigger_id = nil, action_name = nil, deployed: nil, per_page: nil, page: nil, installed: nil)
           request_params = {
-            trigger_id: trigger_id,
-            action_name: action_name,
+            triggerId: trigger_id,
+            actionName: action_name,
             deployed: deployed,
             per_page: per_page,
             page: page,
             installed: installed
           }
+          
           path = "#{actions_path}/actions"
           get(path, request_params)
         end
@@ -38,7 +36,8 @@ module Auth0
         # @param body [hash] See https://auth0.com/docs/api/management/v2/#!/actions/post_action for available options
         # @return [json] Returns the created action.
         def create_action(body = {})
-          post(actions_path, body)
+          path = "#{actions_path}/actions"
+          post(path, body)
         end
 
         # Retrieve the set of triggers currently available within actions. A trigger is an extensibility point to which actions can be bound.

data/lib/auth0/mixins/validation.rb

@@ -204,7 +204,7 @@ module Auth0
               raise Auth0::InvalidIdToken, 'Organization Name (org_name) claim must be a string present in the ID token'
             end
 
-            unless expected.downcase == claims['org_name'].downcase
+            unless expected.downcase == claims['org_name']
               raise Auth0::InvalidIdToken, "Organization Name (org_name) claim value mismatch in the ID token; expected \"#{expected}\","\
                                           " found \"#{claims['org_name']}\""
             end

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.14.0'.freeze
+  VERSION = '5.14.2'.freeze
 end

data/spec/lib/auth0/api/v2/actions_spec.rb

@@ -15,11 +15,28 @@ describe Auth0::Api::V2::Actions do
       expect(@instance).to respond_to(:get_actions)
     end
 
+    it 'is expected to support all optional arguments' do
+      expect(@instance).to receive(:get).with(
+        '/api/v2/actions/actions', {
+          triggerId: nil,
+          actionName: nil,
+          deployed: nil,
+          per_page: nil,
+          page: nil,
+          installed: nil
+        }
+      )
+
+      expect do
+        @instance.actions()
+      end.not_to raise_error
+    end
+
     it 'is expected to get /api/v2/actions with custom parameters' do
       expect(@instance).to receive(:get).with(
         '/api/v2/actions/actions', {
-        trigger_id: 'post-login',
-        action_name: 'loginHandler',
+        triggerId: 'post-login',
+        actionName: 'loginHandler',
         deployed: true,
         per_page: 10,
         page: 1,
@@ -37,13 +54,6 @@ describe Auth0::Api::V2::Actions do
       end.not_to raise_error
     end
 
-    it 'is expected to raise an exception when the trigger id is empty' do
-      expect { @instance.actions(nil, nil) }.to raise_exception(Auth0::MissingTriggerId)
-    end
-
-    it 'is expected to raise an exception when the action name is empty' do
-      expect { @instance.actions(1, nil) }.to raise_exception(Auth0::MissingActionName)
-    end
   end
 
   context '.action' do
@@ -71,7 +81,7 @@ describe Auth0::Api::V2::Actions do
 
     it 'is expected to post to /api/v2/actions' do
       expect(@instance).to receive(:post).with(
-        '/api/v2/actions', {
+        '/api/v2/actions/actions', {
           name: 'test_org'
         })
       expect do

data/spec/lib/auth0/mixins/validation_spec.rb

@@ -342,8 +342,8 @@ describe Auth0::Mixins::Validation::IdTokenValidator do
       end
 
       it 'is expected to NOT raise an error with organization name in different casing' do
-        token = build_id_token org_name: 'MY-ORGANIZATION'
-        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' }))
+        token = build_id_token org_name: 'my-organization'
+        instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'MY-ORGANIZATION' }))
 
         expect { instance.validate(token) }.not_to raise_exception
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auth0
 version: !ruby/object:Gem::Version
-  version: 5.14.0
+  version: 5.14.2
 platform: ruby
 authors:
 - Auth0
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-07-13 00:00:00.000000000 Z
+date: 2023-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -126,61 +126,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: dotenv-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: rspec
+  name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.11'
+        version: '4.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.11'
+        version: '4.5'
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: dotenv-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: rack
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '3.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '3.11'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -209,20 +195,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: gem-release
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.7'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.7'
 description: Ruby toolkit for Auth0 API https://auth0.com.
 email:
 - support@auth0.com
@@ -235,21 +207,27 @@ files:
 - ".devcontainer/Dockerfile"
 - ".devcontainer/devcontainer.json"
 - ".env.example"
-- ".gemrelease"
 - ".github/CODEOWNERS"
 - ".github/ISSUE_TEMPLATE/Bug Report.yml"
 - ".github/ISSUE_TEMPLATE/Feature Request.yml"
 - ".github/ISSUE_TEMPLATE/config.yml"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/actions/setup/action.yml"
 - ".github/dependabot.yml"
 - ".github/stale.yml"
+- ".github/workflows/codeql.yml"
+- ".github/workflows/matrix.json"
+- ".github/workflows/publish.yml"
 - ".github/workflows/semgrep.yml"
+- ".github/workflows/snyk.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
 - ".semgrepignore"
 - ".shiprc"
+- ".snyk"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - DEPLOYMENT.md

data/.gemrelease

@@ -1,2 +0,0 @@
-bump:
-  tag: true