auth0 5.5.0 → 5.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a3d59041ebfdd2dfcbc326ea1ea9e416796afd2818607014757d90266ed16c07
-  data.tar.gz: e9e950591d2027fc475fa437f144dea929a724eeea94bd9491b0a0af5095b271
+  metadata.gz: dd91396b4162ecec7d480c49ad4ab50568a7a116a0bd8be32edd188621d11793
+  data.tar.gz: d2584f0f09793611513c23334216237a8adbb923a08f1025683aa6a525e427b7
 SHA512:
-  metadata.gz: 4f6733b62fa9839d0c03f4a9b641c5f86ffd3a47b7961d76156881f95f34a5ca0cf63c765fccc124418affaca78f34d72e899d5592eddf690f18d4d939b3f9fe
-  data.tar.gz: b9bf5d5f1e570a595388fbd3555ca23d6964c6a445d150b233f51dd2a19da30ef4a906825567da350a6411adbdee0a2af562953a3034e41f0c714a0ad0a4d04a
+  metadata.gz: 30fac0340e6481da011ab2d99a1c87f9d4e66557357412d1a67d2dc34f4c1b18172af80ff5a04cfcf03ca2497470e7de51f8e5b3ba292ca44b17fbbcd0ab3e0f
+  data.tar.gz: f47a705a3223ba68fb4cd9857cb30817ff0c81981e97a9efd250e92f05b62bba37976a7ab7dd2ab666dd354822e032eb6873221f9e7d35ffaf3b59020518202c

data/CHANGELOG.md

@@ -1,5 +1,25 @@
 # Change Log
 
+## [v5.6.0](https://github.com/auth0/ruby-auth0/tree/v5.6.0) (2021-09-14)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.5.0..v5.6.0)
+
+**Added**
+
+- New Actions endpoints  CH: Added review:medium. [\#293](https://github.com/auth0/ruby-auth0/pull/293) ([davidpatrick](https://github.com/davidpatrick))
+
+- Updates rest-client to 2.1. [\#296](https://github.com/auth0/ruby-auth0/pull/296) ([davidpatrick](https://github.com/davidpatrick))
+
+- Add New Grants. [\#295](https://github.com/auth0/ruby-auth0/pull/295) ([Norio4](https://github.com/Norio4))
+
+- Add token cache and renew functionality for API requests [\#301](https://github.com/auth0/ruby-auth0/pull/295) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
+- Optional `client_id` parameter for `reset_password` [\#299](https://github.com/auth0/ruby-auth0/pull/295) ([DJRH](https://github.com/DJRH))
+
+**Deprecated**
+
+- Deprecate change_password in favor of reset_password. [\#297](https://github.com/auth0/ruby-auth0/pull/297) ([davidpatrick](https://github.com/davidpatrick))
+
 ## [v5.5.0](https://github.com/auth0/ruby-auth0/tree/v5.5.0) (2021-08-06)
 
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.4.0..v5.5.0)

data/Gemfile

@@ -15,4 +15,5 @@ group :test do
   gem 'vcr', require: false
   gem 'codecov', require: false
   gem 'simplecov'
+  gem 'timecop', require: false
 end

data/README.md

@@ -77,6 +77,10 @@ class AllUsersController < ApplicationController
       # Otherwise, you can pass in a Management API token directly for testing or temporary
       # access using the key below.
       # token: ENV['AUTH0_RUBY_API_TOKEN'],
+      #
+      # When passing a token, you can also specify when the token expires in seconds from epoch. Otherwise, expiry is set
+      # by default to an hour from now.
+      # token_expires_at: Time.now.to_i + 86400,
       domain: ENV['AUTH0_RUBY_DOMAIN'],
       api_version: 2,
       timeout: 15 # optional, defaults to 10
@@ -98,6 +102,12 @@ Finally, we'll add a view to display the results:
 
 This should show the parameters passed to the `users` method and a list of users that matched the query (or an empty array if none).
 
+### Token management
+
+If `token` is omitted, the SDK will attempt to fetch a new token using the `client_credentials` grant, provided that `client_id` and `client_secret` are provided in the configuration. Once the token is about to expire (or has already expired), a new token will be fetched and cached for future calls.
+
+For this to work, ensure your application can make a Client Credentials grant (Application settings in Auth0 > Advanced > Grant Types tab) and that the application is authorized for the Management API: https://auth0.com/docs/api-auth/config/using-the-auth0-dashboard
+
 ## Authentication
 
 In addition to the Management API, this SDK also provides access to [Authentication API](https://auth0.com/docs/api/authentication) endpoints with the `Auth0::API::AuthenticationEndpoints` module. For basic login capability, we suggest using our OmniAuth stategy [detailed here](https://auth0.com/docs/quickstart/webapp/rails/01-login). Other authentication tasks currently supported are:
@@ -117,14 +127,6 @@ Please note that this module implements endpoints that might be deprecated for n
 
 [Organizations](https://auth0.com/docs/organizations) is a set of features that provide better support for developers who build and maintain SaaS and Business-to-Business (B2B) applications.
 
-Using Organizations, you can:
-
-- Represent teams, business customers, partner companies, or any logical grouping of users that should have different ways of accessing your applications, as organizations.
-- Manage their membership in a variety of ways, including user invitation.
-- Configure branded, federated login flows for each organization.
-- Implement role-based access control, such that users can have different roles when authenticating in the context of different organizations.
-- Build administration capabilities into your products, using Organizations APIs, so that those businesses can manage their own organizations.
-
 Note that Organizations is currently only available to customers on our Enterprise and Startup subscription plans.
 
 #### Logging in with an Organization

data/auth0.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'rest-client', '~> 2.0.2' #2.1.0 has breaking changes
+  s.add_runtime_dependency 'rest-client', '~> 2.1'
   s.add_runtime_dependency 'jwt', '~> 2.2'
   s.add_runtime_dependency 'zache', '~> 0.12'
   s.add_runtime_dependency 'addressable', '~> 2.8'

data/lib/auth0/api/authentication_endpoints.rb

@@ -22,16 +22,14 @@ module Auth0
         organization: @organization,
         audience: nil
       )
-
         request_params = {
           grant_type: 'client_credentials',
           client_id: client_id,
           client_secret: client_secret,
-          audience: audience,
-          organization: organization
+          audience: audience
         }
 
-        response = post('/oauth/token', request_params)
+        response = request_with_retry(:post, '/oauth/token', request_params)
         ::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in'])
       end
 
@@ -58,7 +56,7 @@ module Auth0
           code: code,
           redirect_uri: redirect_uri
         }
-        ::Auth0::AccessToken.from_response post('/oauth/token', request_params)
+        ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
       end
 
       # Get access and ID tokens using a refresh token.
@@ -83,7 +81,7 @@ module Auth0
           client_secret: client_secret,
           refresh_token: refresh_token
         }
-        ::Auth0::AccessToken.from_response post('/oauth/token', request_params)
+        ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
       end
 
       # rubocop:disable Metrics/ParameterLists
@@ -123,7 +121,7 @@ module Auth0
           audience: audience,
           grant_type: realm ? 'http://auth0.com/oauth/grant-type/password-realm' : 'password'
         }
-        ::Auth0::AccessToken.from_response post('/oauth/token', request_params)
+        ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params)
       end
       # rubocop:enable Metrics/ParameterLists
 
@@ -143,16 +141,18 @@ module Auth0
           connection: connection_name,
           client_id: @client_id
         }
-        post('/dbconnections/signup', request_params)
+
+        request_with_retry(:post, '/dbconnections/signup', request_params)
       end
 
       # Change a user's password or trigger a password reset email.
       # @see https://auth0.com/docs/api/authentication#change-password
       # @see https://auth0.com/docs/connections/database/password-change
       # @param email [string] User's current email
-      # @param password [string] User's new password; empty to trigger a
-      #   password reset email
+      # @param password [string] User's new password. This is only available
+      #   on legacy tenants with change password v1 flow enabled
       # @param connection_name [string] Database connection name
+      # @deprecated Use {#password_reset} instead.
       def change_password(email, password, connection_name = UP_AUTH)
         raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
 
@@ -162,7 +162,29 @@ module Auth0
           connection: connection_name,
           client_id: @client_id
         }
-        post('/dbconnections/change_password', request_params)
+
+        request_with_retry(:post, '/dbconnections/change_password', request_params)
+      end
+
+      # Trigger a password reset email.
+      # @see https://auth0.com/docs/api/authentication#change-password
+      # @see https://auth0.com/docs/connections/database/password-change
+      # @param email [string] User's current email
+      # @param password [string] User's new password; empty to trigger a
+      #   password reset email
+      # @param connection_name [string] Database connection name
+      # @param client_id [string] Client ID override (to allow forwarding
+      #   to a different application's login URI on password reset success page)
+      def reset_password(email, connection_name = UP_AUTH, client_id = @client_id)
+        raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
+
+        request_params = {
+          email: email,
+          connection: connection_name,
+          client_id: client_id
+        }
+
+        request_with_retry(:post, '/dbconnections/change_password', request_params)
       end
 
       # Start Passwordless email login flow.
@@ -182,7 +204,8 @@ module Auth0
           client_id: @client_id,
           client_secret: @client_secret
         }
-        post('/passwordless/start', request_params)
+
+        request_with_retry(:post, '/passwordless/start', request_params)
       end
 
       # Start Passwordless SMS login flow.
@@ -198,28 +221,29 @@ module Auth0
           client_id: @client_id,
           client_secret: @client_secret
         }
-        post('/passwordless/start', request_params)
+
+        request_with_retry(:post, '/passwordless/start', request_params)
       end
 
       # Retrive SAML 2.0 metadata XML for an Application.
       # @see https://auth0.com/docs/api/authentication#get-metadata
       # @return [xml] SAML 2.0 metadata
       def saml_metadata
-        get("/samlp/metadata/#{@client_id}")
+        request_with_retry(:get, "/samlp/metadata/#{@client_id}")
       end
 
       # Retrieve WS-Federation metadata XML for a tenant.
       # @see https://auth0.com/docs/api/authentication#get-metadata36
       # @return [xml] WS-Federation metadata
       def wsfed_metadata
-        get('/wsfed/FederationMetadata/2007-06/FederationMetadata.xml')
+        request_with_retry(:get, '/wsfed/FederationMetadata/2007-06/FederationMetadata.xml')
       end
 
       # Return the user information based on the Auth0 access token.
       # @see https://auth0.com/docs/api/authentication#get-user-info
       # @return [json] User information based on the Auth0 access token
       def userinfo(access_token)
-        get('/userinfo', {}, 'Authorization' => "Bearer #{access_token}")
+        request_with_retry(:get, '/userinfo', {}, 'Authorization' => "Bearer #{access_token}")
       end
 
       # Return an authorization URL.

data/lib/auth0/api/v2/actions.rb

@@ -0,0 +1,210 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the actions endpoints
+      module Actions
+        include Auth0::Mixins::Validation
+
+        attr_reader :actions_path
+
+        # Get all actions.
+        # @see https://auth0.com/docs/api/management/v2#!/Actions/get_actions
+        # @param trigger_id [string] An actions extensibility point.
+        # @param action_name [string] The name of the action to retrieve.
+        # @param deployed [boolean] filter to only retrieve actions that are deployed.
+        # @param per_page [integer] The amount of entries per page. Default: 50. Max value: 100.
+        # @param page [integer] The page number. Zero based.
+        # @param installed [boolean] When true, return only installed actions. When false, return only custom actions. Returns all actions by default.
+        # @return [json] Actions and pagination info
+        def actions(trigger_id, action_name, deployed: nil, per_page: nil, page: nil, installed: nil)
+          raise Auth0::MissingTriggerId, 'Must supply a valid trigger_id' if trigger_id.to_s.empty?
+          raise Auth0::MissingActionName, 'Must supply a valid action_name' if action_name.to_s.empty?
+
+          request_params = {
+            trigger_id: trigger_id,
+            action_name: action_name,
+            deployed: deployed,
+            per_page: per_page,
+            page: page,
+            installed: installed
+          }
+          path = "#{actions_path}/actions"
+          get(path, request_params)
+        end
+        alias get_actions actions
+
+        # Create a new action.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/post_action
+        # @param body [hash] See https://auth0.com/docs/api/management/v2/#!/actions/post_action for available options
+        # @return [json] Returns the created action.
+        def create_action(body = {})
+          post(actions_path, body)
+        end
+
+        # Retrieve the set of triggers currently available within actions. A trigger is an extensibility point to which actions can be bound.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/get_triggers
+        #
+        # @return [json] Returns triggers of the action
+        def actions_triggers
+          path = "#{actions_path}/triggers"
+          get(path)
+        end
+
+        # Get an action by id.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/get_action
+        # @param action_id [string] The action_id of the user to retrieve.
+        #
+        # @return [json] Returns the action with the given action_id if it exists.
+        def action(action_id)
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          path = "#{actions_path}/actions/#{action_id}"
+          get(path)
+        end
+        alias get_action action
+
+
+        # Deletes a single action given its id
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/delete_action
+        # @param action_id [string] The action ID
+        # @param force [boolean] Force action deletion detaching bindings (defaults to false)
+        def delete_action(action_id, force=false)
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          path = "#{actions_path}/actions/#{action_id}"
+          delete(path, { force: force })
+        end
+
+        # Update an existing action.
+        # @see https://auth0.com/docs/api/management/v2/#!/Actions/patch_action
+        # @param action_id [string] The action ID
+        # @param body [hash] The optional parameters to update.
+        #
+        # @return [json] Returns the updated user.
+        def patch_action(action_id, body)
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty? || body.empty?
+          path = "#{actions_path}/actions/#{action_id}"
+          patch(path, body)
+        end
+        alias update_action patch_action
+
+        # Retrieve information about a specific execution of a trigger.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/get_action
+        # @param execution_id [string] The ID of the exeution to retrieve.
+        #
+        # @return [json] Returns the action with the given execution_id if it exists.
+        def execution(execution_id)
+          raise Auth0::MissingExecutionId, 'Must supply a valid execution_id' if execution_id.to_s.empty?
+          path = "#{actions_path}/executions/#{execution_id}"
+          get(path)
+        end
+        alias get_execution execution
+
+        # Retrieve all of an action's versions.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/versions
+        # @param action_id [string] The ID of the action.
+        # @param per_page [integer] The amount of entries per page. Default: 50. Max value: 100.
+        # @param page [integer] The page number. Zero based
+        #
+        # @return [json] Returns the action with the given execution_id if it exists.
+        def actions_versions(action_id, page: nil, per_page: nil)
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          path = "#{actions_path}/actions/#{action_id}/versions"
+          request_params = {
+            per_page: per_page,
+            page: page
+          }
+
+          get(path, request_params)
+        end
+        alias get_actions_versions actions_versions
+
+        # Retrieve the actions that are bound to a trigger.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/get_bindings
+        # @param trigger_id [string] An actions extensibility point.
+        # @param per_page [integer] The amount of entries per page. Default: 50. Max value: 100.
+        # @param page [integer] The page number. Zero based
+        #
+        # @return [json] Returns the action with the given trigger_id if it exists.
+        def trigger_bindings(trigger_id, page: nil, per_page: nil)
+          raise Auth0::MissingTriggerId, 'Must supply a valid trigger_id' if trigger_id.to_s.empty?
+          path = "#{actions_path}/triggers/#{trigger_id}/bindings"
+          request_params = {
+            per_page: per_page,
+            page: page
+          }
+
+          get(path, request_params)
+        end
+        alias get_trigger_bindings trigger_bindings
+
+        # Update the actions that are bound (i.e. attached) to a trigger.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/patch_bindings
+        # @param trigger_id [string] An actions extensibility point.
+        # @param body [hash] The optional parameters to update.
+        #
+        # @return [json] Returns the bindings that were updated.
+        def patch_trigger_bindings(trigger_id, body = nil)
+          raise Auth0::MissingTriggerId, 'Must supply a valid trigger_id' if trigger_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty? || body.empty?
+          path = "#{actions_path}/triggers/#{trigger_id}/bindings"
+          patch(path, body)
+        end
+        alias update_trigger_bindings patch_trigger_bindings
+
+        # Retrieve a specific version of an action
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/get_action_version
+        # @param action_id [string]  The ID of the action.
+        # @param version_id [string]  The ID of the action version.
+        #
+        # @return [json] Returns the action.
+        def action_by_version(action_id, version_id)
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          raise Auth0::MissingVersionId, 'Must supply a valid version_id' if version_id.to_s.empty?
+          path = "#{actions_path}/actions/#{action_id}/versions/#{version_id}"
+          get(path)
+        end
+        alias get_action_by_version action_by_version 
+
+        # Deploy an action.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/post_deploy_action
+        # @param action_id [string]  The ID of the action.
+        # @return [json] Returns the created action.
+        def deploy_action(action_id)
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          path = "#{actions_path}/actions/#{action_id}/deploy"
+          post(path)
+        end
+
+        # Test an action.
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/post_test_action
+        # @param action_id [string]  The ID of the action.
+        # @param body [hash] See https://auth0.com/docs/api/management/v2/#!/actions/post_test_action for available options
+        # @return [json] Returns the created action.
+        def test_action(action_id, body = {})
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must supply a valid body' if body.to_s.empty? || body.empty?
+          path = "#{actions_path}/actions/#{action_id}/test"
+          post(path, body)
+        end
+
+        # Performs the equivalent of a roll-back of an action to an earlier, specified version. 
+        # @see https://auth0.com/docs/api/management/v2/#!/actions/post_deploy_draft_version
+        # @param action_id [string]  The ID of the action.
+        # @param version_id [string]  The ID of the action version.
+        # @return [json] Returns the created action.
+        def rollback_action(action_id, version_id)
+          raise Auth0::MissingActionId, 'Must supply a valid action_id' if action_id.to_s.empty?
+          raise Auth0::MissingVersionId, 'Must supply a valid version_id' if version_id.to_s.empty?
+          path = "#{actions_path}/actions/#{action_id}/versions/#{version_id}/deploy"
+          post(path)
+        end
+
+        private
+        # actions API path
+        def actions_path
+          @actions_path ||= '/api/v2/actions'
+        end
+      end
+    end
+  end
+end

data/lib/auth0/api/v2/grants.rb

@@ -0,0 +1,49 @@
+module Auth0
+  module Api
+    module V2
+      module Grants
+        attr_reader :grants_path
+
+        # Retrieve the grants associated with your account.
+        # @see https://auth0.com/docs/api/management/v2#!/Grants/get_grants
+        # @param client_id [string] The client_id of the grants to retrieve.
+        # @param user_id [string]  The user_id of the grants to retrieve.
+        # @param audience [string] The audience of the grants to retrieve.
+        # @param page [int] The page index of the results to return. First page is 0.
+        # @param per_page [int] The number of results per page. Paging is disabled if parameter not sent.
+        # @param include_totals [boolean] Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).
+        # @return [json] Returns the grants.
+        def grants(client_id: nil, user_id: nil, audience: nil, page: nil, per_page: nil, include_totals: nil)
+          request_params = {
+            client_id: client_id,
+            user_id: user_id,
+            audience: audience,
+            page: page,
+            per_page: per_page,
+            include_totals: include_totals
+          }
+          get(grants_path, request_params)
+        end
+        alias get_all_grants grants
+
+        # Delete a grant associated with your account.
+        # @see https://auth0.com/docs/api/management/v2#!/Grants/delete_grants_by_id
+        # @param id [string] The id of the grant to delete.
+        # @param user_id [string] The user_id of the grant to delete.
+        def delete_grant(id, user_id)
+          raise Auth0::InvalidParameter, 'Must specify a grant id as id' if id.to_s.empty?
+          raise Auth0::InvalidParameter, 'Must specify a user id' if user_id.to_s.empty?
+          path = "#{grants_path}/#{id}?user_id=#{user_id}"
+          delete(path)
+        end
+
+        private
+
+        # Grants API path
+        def grants_path
+          @grants_path ||= '/api/v2/grants'
+        end
+      end
+    end
+  end
+end

data/lib/auth0/api/v2.rb

@@ -1,3 +1,5 @@
+require 'auth0/api/v2/grants'
+require 'auth0/api/v2/actions'
 require 'auth0/api/v2/anomaly'
 require 'auth0/api/v2/blacklists'
 require 'auth0/api/v2/branding'
@@ -26,6 +28,8 @@ module Auth0
   module Api
     # https://auth0.com/docs/apiv2
     module V2
+      include Auth0::Api::V2::Grants
+      include Auth0::Api::V2::Actions
       include Auth0::Api::V2::Anomaly
       include Auth0::Api::V2::Blacklists
       include Auth0::Api::V2::Branding

data/lib/auth0/exception.rb

@@ -40,8 +40,20 @@ module Auth0
   class MissingClientId < Auth0::Exception; end
   # exception for unset organization_id
   class MissingOrganizationId < Auth0::Exception; end
+  # exception for unset trigger_id
+  class MissingTriggerId < Auth0::Exception; end
+  # exception for unset action_name
+  class MissingActionName < Auth0::Exception; end
+  # exception for unset action_id
+  class MissingActionId < Auth0::Exception; end
+  # exception for unset execution_id
+  class MissingExecutionId < Auth0::Exception; end
+  # exception for unset trigger_id
+  class MissingTriggerId < Auth0::Exception; end
   # exception for an unset parameter
   class MissingParameter < Auth0::Exception; end
+  # exception for unset version_id
+  class MissingVersionId < Auth0::Exception; end
   # Api v2 access denied
   class AccessDenied < Auth0::HTTPError; end
   # Invalid parameter passed, e.g. empty where ID is required

data/lib/auth0/mixins/api_token_struct.rb

@@ -1,5 +1,4 @@
 Auth0::ApiToken = Struct.new :access_token, :scope, :expires_in do
-
   def token
     access_token
   end

data/lib/auth0/mixins/httpproxy.rb

@@ -18,10 +18,9 @@ module Auth0
       %i(get post post_file put patch delete delete_with_body).each do |method|
         define_method(method) do |uri, body = {}, extra_headers = {}|
           body = body.delete_if { |_, v| v.nil? }
-
-          Retryable.retryable(retry_options) do
-            request(method, uri, body, extra_headers)
-          end
+          token = get_token()
+          authorization_header(token) unless token.nil?
+          request_with_retry(method, uri, body, extra_headers)
         end
       end
 
@@ -65,7 +64,13 @@ module Auth0
         body
       end
 
-      def request(method, uri, body, extra_headers)
+      def request_with_retry(method, uri, body = {}, extra_headers = {})
+        Retryable.retryable(retry_options) do
+          request(method, uri, body, extra_headers)
+        end
+      end
+
+      def request(method, uri, body = {}, extra_headers = {})
         result = if method == :get
           # Mutate the headers property to add parameters.
           add_headers({params: body})

data/lib/auth0/mixins/initializer.rb

@@ -59,9 +59,7 @@ module Auth0
 
       def initialize_v2(options)
         extend Auth0::Api::V2
-        @token = options[:access_token] || options[:token]
-        api_identifier = options[:api_identifier] || "https://#{@domain}/api/v2/"
-        @token = api_token(audience: api_identifier).token if @token.nil? && @client_id && @client_secret
+        initialize_token(options)
       end
 
       def api_v2?(options)

data/lib/auth0/mixins/token_management.rb

@@ -0,0 +1,32 @@
+module Auth0
+  module Mixins
+    module TokenManagement
+      
+      private
+
+      def initialize_token(options)
+        @token = options[:access_token] || options[:token]
+        
+        # default expiry to an hour if a token was given but no expires_at
+        @token_expires_at = @token ? options[:token_expires_at] || Time.now.to_i + 3600 : nil 
+
+        @audience = options[:api_identifier] || "https://#{@domain}/api/v2/"
+        get_token() if @token.nil?
+      end
+
+      def get_token
+        has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
+        
+        if (@token.nil? || has_expired) && @client_id && @client_secret
+          response = api_token(audience: @audience)
+          @token = response.token
+          @token_expires_at = response.expires_in ? Time.now.to_i + response.expires_in : nil
+
+          @token
+        else
+          @token
+        end
+      end
+    end
+  end
+end

data/lib/auth0/mixins/validation.rb

@@ -335,7 +335,7 @@ module Auth0
           private
 
           def fetch_jwks
-            result = get(@jwks_url)
+            result = request_with_retry(:get, @jwks_url, {}, {})
             @did_fetch_jwks = result.is_a?(Hash) && result.key?('keys')
             result if @did_fetch_jwks
           end

data/lib/auth0/mixins.rb

@@ -9,6 +9,7 @@ require 'auth0/mixins/httpproxy'
 require 'auth0/mixins/initializer'
 require 'auth0/mixins/permission_struct'
 require 'auth0/mixins/validation'
+require 'auth0/mixins/token_management'
 
 require 'auth0/api/authentication_endpoints'
 require 'auth0/api/v2'
@@ -17,6 +18,7 @@ module Auth0
   # Collecting dependencies here
   module Mixins
     include Auth0::Mixins::Headers
+    include Auth0::Mixins::TokenManagement
     include Auth0::Mixins::HTTPProxy
     include Auth0::Mixins::Initializer
   end

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.5.0'.freeze
+  VERSION = '5.6.0'.freeze
 end