auth0 5.18.0 → 5.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6bc03a5197ed3cf51db9076e4d7429e56a418f94eb440b7f69c1542f1014a7cf
-  data.tar.gz: bb4f921acd2af07f5139b0920064265a539e61862827dac10e5f39988297fbf4
+  metadata.gz: b8ae1bb70a0b39ac31708c2fdf869efddacfff7f068db020ea65c4a5039b4ff8
+  data.tar.gz: ca7b78cb1d13e258c4881575a672b5ed2ea9d41d66c408839deedb7ae993c632
 SHA512:
-  metadata.gz: '08beebcb81144352182b6af63c5745d55abcf22ef30fee4928141a89c24f61cd5d81414f63f76f6cf6bd9935b5c49d5fe83b92b29298800fefd4a5bd1a2efa87'
-  data.tar.gz: ac02d18db80d57720502db87c88ab4c3f8d07ef00d2f9792e8e41ae383d5d28082523f2d7cd735cfb2b6f7ec94d39ab8a42856b86fae151b838ad0569cc82dcb
+  metadata.gz: f7f19b4eef6c03108c991ed6db9bdfe6c8c1237685ff2d3651e594c9fde0ac499785fc1b2db2e702c3dfc0b49d386966b482d42f69e7179ab04eb5914fcbd877
+  data.tar.gz: f6b3d618c83c9a0fed4edc11b5046a9170921ad2762bb4c5479558540f20f64367e3fa62bb8a3cd2769da7f22be338cddbfff29c57f9b94862b9c096acef5e65

data/.version

@@ -1 +1 @@
-v5.18.0
+v5.19.0

data/CHANGELOG.md

@@ -1,5 +1,29 @@
 # Change Log
 
+## [v5.19.0](https://github.com/auth0/ruby-auth0/tree/v5.19.0) (2026-05-08)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.18.1...v5.19.0)
+
+**Added**
+- Make Auth0::Client#get_token public [\#725](https://github.com/auth0/ruby-auth0/pull/725) ([ttstarck](https://github.com/ttstarck))
+
+**Fixed**
+- Ship only runtime files in packaged gem to eliminate scanner false positives [\#721](https://github.com/auth0/ruby-auth0/pull/721) ([tmertens](https://github.com/tmertens))
+
+## [v5.18.1](https://github.com/auth0/ruby-auth0/tree/v5.18.1) (2026-03-13)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.18.0...v5.18.1)
+
+**Changed**
+- chore(deps): bump zache from 0.15.0 to 0.15.2 [\#691](https://github.com/auth0/ruby-auth0/pull/691) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump jwt from 2.9.3 to 2.10.2 [\#682](https://github.com/auth0/ruby-auth0/pull/682) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump addressable from 2.8.7 to 2.8.8 [\#686](https://github.com/auth0/ruby-auth0/pull/686) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump zache from 0.13.2 to 0.15.0 [\#649](https://github.com/auth0/ruby-auth0/pull/649) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+**Fixed**
+- fix deleting array content when passing an array as payload [\#697](https://github.com/auth0/ruby-auth0/pull/697) ([carlastabile](https://github.com/carlastabile))
+
+**Security**
+- fix(deps): upgrade dev dependencies to resolve Snyk security vulnerab… [\#704](https://github.com/auth0/ruby-auth0/pull/704) ([arpit-jn](https://github.com/arpit-jn))
+
 ## [v5.18.0](https://github.com/auth0/ruby-auth0/tree/v5.18.0) (2024-11-25)
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.17.0...v5.18.0)
 

data/README.md

@@ -7,11 +7,23 @@ Ruby API client for the [Auth0](https://auth0.com) platform.
 [![codecov](https://codecov.io/gh/auth0/ruby-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/ruby-auth0)
 [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](http://www.rubydoc.info/github/auth0/ruby-auth0/master/frames)
 [![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/ruby-auth0/blob/master/LICENSE)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/auth0/ruby-auth0)
 
 <div>
 📚 <a href="#documentation">Documentation</a> - 🚀 <a href="#getting-started">Getting started</a> - 💻 <a href="#api-reference">API reference</a> - 💬 <a href="#feedback">Feedback</a>
 </div>
 
+> [!NOTE]
+> **[v6.0.0.beta.0](https://github.com/auth0/ruby-auth0/releases/tag/v6.0.0.beta.0) is now available!** This release features a completely rewritten Management API client, auto-generated from the Auth0 OpenAPI spec using [Fern](https://buildwithfern.com/), with strongly-typed responses, built-in pagination, and automatic token management.
+>
+> ```bash
+> gem install auth0 --pre
+> ```
+>
+> We'd love your feedback - please [open an issue](https://github.com/auth0/ruby-auth0/issues/new) if you encounter any problems.
+>
+> 📖 [Migration Guide](https://github.com/auth0/ruby-auth0/blob/v6/v6_MIGRATION_GUIDE.md) ・ [Changelog](https://github.com/auth0/ruby-auth0/blob/v6/CHANGELOG.md) ・ [API Reference](https://github.com/auth0/ruby-auth0/blob/v6/reference.md)
+
 ## Documentation
 
 - [API documentation](https://www.rubydoc.info/gems/auth0) - documentation auto-generated from the code comments that explains all the available features
@@ -127,4 +139,4 @@ Please do not report security vulnerabilities on the public GitHub issue tracker
 </p>
 <p align="center">
   This project is licensed under the MIT license. See the <a href="https://github.com/auth0/ruby-auth0/blob/master/LICENSE"> LICENSE</a> file for more info.
-</p>
+</p>

data/auth0.gemspec

@@ -11,9 +11,7 @@ Gem::Specification.new do |s|
   s.summary     = 'Auth0 API Client'
   s.description = 'Ruby toolkit for Auth0 API https://auth0.com.'
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.files         = Dir['lib/**/*.rb'] + %w[LICENSE README.md CHANGELOG.md auth0.gemspec .version]
   s.require_paths = ['lib']
 
   s.add_runtime_dependency 'rest-client', '~> 2.1'
@@ -26,7 +24,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'fuubar', '~> 2.0'
   s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI']
-  s.add_development_dependency 'dotenv-rails', '~> 2.0'
+  s.add_development_dependency 'dotenv', '~> 3.0'
   s.add_development_dependency 'rspec', '~> 3.11'
   s.add_development_dependency 'simplecov', '~> 0.9'
   s.add_development_dependency 'faker', '~> 2.0'

data/lib/auth0/api/v2/users.rb

@@ -1,7 +1,7 @@
 module Auth0
   module Api
     module V2
-      # Methods to use the users endpoints
+      # Methods to use the users' endpoints
       module Users
         include Auth0::Mixins::Validation
 
@@ -94,10 +94,10 @@ module Auth0
         # Some considerations:
         # The properties of the new object will replace the old ones.
         # The metadata fields are an exception to this rule (user_metadata and app_metadata). These properties are
-        # merged instead of being replaced but be careful, the merge only occurs on the first level.
+        # merged instead of being replaced, but be careful, the merge only occurs on the first level.
         # If you are updating email_verified, phone_verified, username or password you need to specify the connection
         # property too.
-        # If your are updating email or phone_number you need to specify the connection and the client_id properties.
+        # If you are updating email or phone_number you need to specify the connection and the client_id properties.
         # @see https://auth0.com/docs/api/v2#!/Users/patch_users_by_id
         # @param user_id [string] The user_id of the user to update.
         # @param body [hash] The optional parameters to update.
@@ -137,7 +137,7 @@ module Auth0
         # update:current_user_identities scope. In this case only the link_with param is required in the body,
         # containing the JWT obtained upon the secondary account's authentication.
         # 2. With an API V2 generated token with update:users scope. In this case you need to send provider and user_id
-        # in the body. Optionally you can also send the connection_id param which is suitable for identifying a
+        # in the body. Optionally, you can also send the connection_id param, which is suitable for identifying a
         # particular database connection for the 'auth0' provider.
         # @see https://auth0.com/docs/api/v2#!/Users/post_identities
         # @param user_id [string] The user_id of the primary identity where you are linking the secondary account to.

data/lib/auth0/mixins/httpproxy.rb

@@ -1,6 +1,8 @@
-require "addressable/uri"
-require "retryable"
-require_relative "../exception.rb"
+# frozen_string_literal: true
+
+require 'addressable/uri'
+require 'retryable'
+require_relative '../exception'
 
 module Auth0
   module Mixins
@@ -8,6 +10,7 @@ module Auth0
     # for now, if you want to feel free to use your own http client
     module HTTPProxy
       attr_accessor :headers, :base_uri, :timeout, :retry_count
+
       DEFAULT_RETRIES = 3
       MAX_ALLOWED_RETRIES = 10
       MAX_REQUEST_RETRY_JITTER = 250
@@ -16,10 +19,10 @@ module Auth0
       BASE_DELAY = 100
 
       # proxying requests from instance methods to HTTP class methods
-      %i(get post post_file post_form put patch delete delete_with_body).each do |method|
+      %i[get post post_file post_form put patch delete delete_with_body].each do |method|
         define_method(method) do |uri, body = {}, extra_headers = {}|
-          body = body.delete_if { |_, v| v.nil? }
-          token = get_token()
+          body = safe_merge_body(body, extra_headers)
+          token = get_token
           authorization_header(token) unless token.nil?
           request_with_retry(method, uri, body, extra_headers)
         end
@@ -27,8 +30,8 @@ module Auth0
 
       def retry_options
         sleep_timer = lambda do |attempt|
-          wait = BASE_DELAY * (2**attempt-1) # Exponential delay with each subsequent request attempt.
-          wait += rand(wait+1..wait+MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
+          wait = BASE_DELAY * (2**attempt - 1) # Exponential delay with each subsequent request attempt.
+          wait += rand(wait + 1..wait + MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
           wait = [MAX_REQUEST_RETRY_DELAY, wait].min # Cap delay at MAX_REQUEST_RETRY_DELAY.
           wait = [MIN_REQUEST_RETRY_DELAY, wait].max # Ensure delay is no less than MIN_REQUEST_RETRY_DELAY.
           wait / 1000.to_f.round(2) # convert ms to seconds
@@ -55,6 +58,7 @@ module Auth0
 
       def add_headers(h = {})
         raise ArgumentError, 'Headers must be an object which responds to #to_hash' unless h.respond_to?(:to_hash)
+
         @headers ||= {}
         @headers.merge!(h.to_hash)
       end
@@ -72,28 +76,29 @@ module Auth0
       end
 
       def request(method, uri, body = {}, extra_headers = {})
-        result = if method == :get
-          @headers ||= {}
-          get_headers = @headers.merge({params: body}).merge(extra_headers)
-          call(:get, encode_uri(uri), timeout, get_headers)
-        elsif method == :delete
-          @headers ||= {}
-          delete_headers = @headers.merge({ params: body })
-          call(:delete, encode_uri(uri), timeout, delete_headers)
-        elsif method == :delete_with_body
-          call(:delete, encode_uri(uri), timeout, headers, body.to_json)
-        elsif method == :post_file
-          body.merge!(multipart: true)
-          # Ignore the default Content-Type headers and let the HTTP client define them
-          post_file_headers = headers.except('Content-Type') if headers != nil
-          # Actual call with the altered headers
-          call(:post, encode_uri(uri), timeout, post_file_headers, body)
-        elsif method == :post_form
-          form_post_headers = headers.except('Content-Type') if headers != nil
-          call(:post, encode_uri(uri), timeout, form_post_headers, body.compact)
-        else
-          call(method, encode_uri(uri), timeout, headers, body.to_json)
-        end
+        result = case method
+                 when :get
+                   @headers ||= {}
+                   get_headers = @headers.merge({ params: body }).merge(extra_headers)
+                   call(:get, encode_uri(uri), timeout, get_headers)
+                 when :delete
+                   @headers ||= {}
+                   delete_headers = @headers.merge({ params: body })
+                   call(:delete, encode_uri(uri), timeout, delete_headers)
+                 when :delete_with_body
+                   call(:delete, encode_uri(uri), timeout, headers, body.to_json)
+                 when :post_file
+                   body.merge!(multipart: true)
+                   # Ignore the default Content-Type headers and let the HTTP client define them
+                   post_file_headers = headers.except('Content-Type') unless headers.nil?
+                   # Actual call with the altered headers
+                   call(:post, encode_uri(uri), timeout, post_file_headers, body)
+                 when :post_form
+                   form_post_headers = headers.except('Content-Type') unless headers.nil?
+                   call(:post, encode_uri(uri), timeout, form_post_headers, body.compact)
+                 else
+                   call(method, encode_uri(uri), timeout, headers, body.to_json)
+                 end
 
         case result.code
         when 200...226 then safe_parse_json(result.body)
@@ -101,7 +106,8 @@ module Auth0
         when 401       then raise Auth0::Unauthorized.new(result.body, code: result.code, headers: result.headers)
         when 403       then raise Auth0::AccessDenied.new(result.body, code: result.code, headers: result.headers)
         when 404       then raise Auth0::NotFound.new(result.body, code: result.code, headers: result.headers)
-        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.code, headers: result.headers)
+        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.code,
+                                                                               headers: result.headers)
         when 500       then raise Auth0::ServerError.new(result.body, code: result.code, headers: result.headers)
         else           raise Auth0::Unsupported.new(result.body, code: result.code, headers: result.headers)
         end
@@ -118,11 +124,19 @@ module Auth0
       rescue RestClient::Exception => e
         case e
         when RestClient::RequestTimeout
-          raise Auth0::RequestTimeout.new(e.message)
+          raise Auth0::RequestTimeout, e.message
         else
-          return e.response
+          e.response
         end
       end
+
+      private
+      
+      def safe_merge_body(body, extra = {})
+        return body unless body.is_a?(Hash)
+        merged = extra.any? ? body.merge(extra) : body
+        merged.compact
+      end
     end
   end
 end

data/lib/auth0/mixins/token_management.rb

@@ -1,22 +1,14 @@
 module Auth0
   module Mixins
     module TokenManagement
-      
-      private
-
-      def initialize_token(options)
-        @token = options[:access_token] || options[:token]
-        # default expiry to an hour if a token was given but no expires_at
-        @token_expires_at = @token ? options[:token_expires_at] || Time.now.to_i + 3600 : nil 
-
-        @audience = options[:api_identifier] || "https://#{@domain}/api/v2/"
-        get_token() if @token.nil?
-      end
 
+      # Get the Client's api token (or generate a new one if it has expired).
+      #
+      # @note This method may perform a network request to refresh an expired token. It is not thread-safe.
+      # @return [String] the api token
       def get_token
-        # pp @token_expires_at
         has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
-        
+
         if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
           response = api_token(audience: @audience)
           @token = response.token
@@ -27,6 +19,17 @@ module Auth0
           @token
         end
       end
+
+      private
+
+      def initialize_token(options)
+        @token = options[:access_token] || options[:token]
+        # default expiry to an hour if a token was given but no expires_at
+        @token_expires_at = @token ? options[:token_expires_at] || Time.now.to_i + 3600 : nil
+
+        @audience = options[:api_identifier] || "https://#{@domain}/api/v2/"
+        get_token() if @token.nil?
+      end
     end
   end
-end
+end

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.18.0'.freeze
+  VERSION = '5.19.0'.freeze
 end