auth0 5.9.0 → 5.11.0

data/lib/auth0/api/v2/clients.rb

@@ -73,12 +73,54 @@ module Auth0
           patch(path, options)
         end
 
+        # Creates credentials for a client
+        # @param client_id [string] The Id of the client to update
+        # @param options [hash] The payload to send to the endpoint
+        def create_client_credentials(client_id, options)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must specify a valid body' if options.to_s.empty?
+          post(client_credentials_path(client_id), options)
+        end
+
+        # Gets the credentials for a client
+        # @param client_id [string] The Id of the client
+        # @return [hash] The client credentials 
+        def client_credentials(client_id)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          get(client_credentials_path(client_id))
+        end
+        alias get_client_credentials client_credentials
+
+        # Gets a client credential by ID
+        # @param client_id [string] The Id of the client
+        # @param credential_id [string] The Id of the credential to retrieve
+        # @return [hash] The credential
+        def client_credential(client_id, credential_id)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must specify a credential id' if credential_id.to_s.empty?
+          get("#{client_credentials_path(client_id)}/#{credential_id}")
+        end
+        alias get_client_credential client_credential
+
+        # Deletes a credential from the specified client
+        # @param client_id [string] The Id of the client
+        # @param credential_id [string] The Id of the credential to delete
+        def delete_client_credential(client_id, credential_id)
+          raise Auth0::MissingClientId, 'Must specify a client id' if client_id.to_s.empty?
+          raise Auth0::MissingParameter, 'Must specify a credential id' if credential_id.to_s.empty?
+          delete("#{client_credentials_path(client_id)}/#{credential_id}")
+        end
+
         private
 
         # Clients API path
         def clients_path
           @clients_path ||= '/api/v2/clients'
         end
+
+        def client_credentials_path(client_id)
+          "#{clients_path}/#{client_id}/credentials"
+        end
       end
     end
   end

data/lib/auth0/api/v2/jobs.rb

@@ -60,6 +60,9 @@ module Auth0
         #   :format [string] The format of the file. Valid values are: "json" and "csv".
         #   :limit [integer] Limit the number of users to export.
         #   :fields [array] A list of fields to be included in the CSV.
+        #     This can either be an array of strings representing field names, or an object.
+        #     If it's a string, it is mapped to the correct { name: '<field name>' } object required by the endpoint.
+        #     If it's an object, it is passed through as-is to the endpoint.
         #     If omitted, a set of predefined fields will be exported.
         #
         # @return [json] Returns the job status and properties.
@@ -109,14 +112,22 @@ module Auth0
           @jobs_path ||= '/api/v2/jobs'
         end
 
-        # Map array of field names for export to array of objects
-        # @param fields [array] Field names to be included in the export
-
+        # Map array of fields for export to array of objects
+        # @param fields [array] Fields to be included in the export
+        #     This can either be an array of strings representing field names, or an object.
+        #     If it's a string, it is mapped to the correct { name: '<field name>' } object required by the endpoint.
+        #     If it's an object, it is passed through as-is to the endpoint.
         # @return [array] Returns the fields mapped as array of objects for the export_users endpoint
         def fields_for_export(fields)
           return nil if fields.to_s.empty?
 
-          fields.map { |field| { name: field } }
+          fields.map { |field|             
+            if field.is_a? String
+              { name: field }
+            else
+              field
+            end
+          }
         end
       end
     end

data/lib/auth0/api/v2/organizations.rb

@@ -9,7 +9,7 @@ module Auth0
 
         # Get all organizations.
         # @see https://auth0.com/docs/api/management/v2/#!/Organizations/get_organizations
-        # @param options [hash] The Hash options used to define the paging of rersults
+        # @param options [hash] The Hash options used to define the paging of results
         #   * :per_page [integer] The amount of entries per page. Default: 50. Max value: 100.
         #   * :page [integer] The page number. Zero based.
         #   * :from [string] For checkpoint pagination, the ID from which to start selection from.

data/lib/auth0/client_assertion.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module Auth0
+  module ClientAssertion
+    CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'.freeze
+
+    # Adds keys into the supplied hash for either the client secret, or client assertion. If `client_assertion_signing_key` is not nil,
+    # it takes precedence over `client_secret`.
+    # @param [hash] The hash to add the keys to
+    # @param client_id [string] The client ID
+    # @param client_secret [string] The client secret
+    # @param client_assertion_signing_key [PKey] The key used to sign the client assertion JWT
+    # @param client_assertion_signing_alg [string] The algorithm used when signing the client assertion JWT
+    def populate_client_assertion_or_secret(hash, 
+      domain: @domain,
+      client_id: @client_id, 
+      client_secret: @client_secret,
+      client_assertion_signing_key: @client_assertion_signing_key,
+      client_assertion_signing_alg: @client_assertion_signing_alg)
+
+      if !client_assertion_signing_key.nil?
+        # Create JWT
+        now = Time.now.to_i
+
+        payload = {
+          iss: client_id,
+          sub: client_id,
+          aud: "https://#{domain}/",
+          iat: now,
+          exp: now + 180,
+          jti: SecureRandom.uuid
+        }
+
+        jwt = JWT.encode payload, client_assertion_signing_key, client_assertion_signing_alg
+
+        hash[:client_assertion] = jwt
+        hash[:client_assertion_type] = Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
+      else
+        hash[:client_secret] = client_secret
+      end
+    end
+  end
+end

data/lib/auth0/mixins/httpproxy.rb

@@ -8,11 +8,12 @@ module Auth0
     # for now, if you want to feel free to use your own http client
     module HTTPProxy
       attr_accessor :headers, :base_uri, :timeout, :retry_count
-      DEAFULT_RETRIES = 3
+      DEFAULT_RETRIES = 3
       MAX_ALLOWED_RETRIES = 10
       MAX_REQUEST_RETRY_JITTER = 250
       MAX_REQUEST_RETRY_DELAY = 1000
-      MIN_REQUEST_RETRY_DELAY = 100
+      MIN_REQUEST_RETRY_DELAY = 250
+      BASE_DELAY = 100
 
       # proxying requests from instance methods to HTTP class methods
       %i(get post post_file put patch delete delete_with_body).each do |method|
@@ -26,14 +27,14 @@ module Auth0
 
       def retry_options
         sleep_timer = lambda do |attempt|
-          wait = 1000 * 2**attempt # Exponential delay with each subsequent request attempt.
-          wait += rand(wait..wait+MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
+          wait = BASE_DELAY * (2**attempt-1) # Exponential delay with each subsequent request attempt.
+          wait += rand(wait+1..wait+MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
           wait = [MAX_REQUEST_RETRY_DELAY, wait].min # Cap delay at MAX_REQUEST_RETRY_DELAY.
           wait = [MIN_REQUEST_RETRY_DELAY, wait].max # Ensure delay is no less than MIN_REQUEST_RETRY_DELAY.
           wait / 1000.to_f.round(2) # convert ms to seconds
         end
 
-        tries = 1 + [Integer(retry_count || DEAFULT_RETRIES), MAX_ALLOWED_RETRIES].min # Cap retries at MAX_ALLOWED_RETRIES
+        tries = 1 + [Integer(retry_count || DEFAULT_RETRIES), MAX_ALLOWED_RETRIES].min # Cap retries at MAX_ALLOWED_RETRIES
 
         {
           tries: tries,
@@ -72,15 +73,13 @@ module Auth0
 
       def request(method, uri, body = {}, extra_headers = {})
         result = if method == :get
-          # Mutate the headers property to add parameters.
-          add_headers({params: body})
-          # Merge custom headers into existing ones for this req.
-          # This prevents future calls from using them.
-          get_headers = headers.merge extra_headers
-          # Make the call with extra_headers, if provided.
+          @headers ||= {}
+          get_headers = @headers.merge({params: body}).merge(extra_headers)
           call(:get, encode_uri(uri), timeout, get_headers)
         elsif method == :delete
-          call(:delete, encode_uri(uri), timeout, add_headers({params: body}))
+          @headers ||= {}
+          delete_headers = @headers.merge({ params: body })
+          call(:delete, encode_uri(uri), timeout, delete_headers)
         elsif method == :delete_with_body
           call(:delete, encode_uri(uri), timeout, headers, body.to_json)
         elsif method == :post_file

data/lib/auth0/mixins/initializer.rb

@@ -16,6 +16,8 @@ module Auth0
         @headers = client_headers
         @timeout = options[:timeout] || 10
         @retry_count = options[:retry_count]
+        @client_assertion_signing_key = options[:client_assertion_signing_key]
+        @client_assertion_signing_alg = options[:client_assertion_signing_alg] || 'RS256';        
         extend Auth0::Api::AuthenticationEndpoints
         @client_id = options[:client_id]
         @client_secret = options[:client_secret]

data/lib/auth0/mixins/token_management.rb

@@ -6,7 +6,6 @@ module Auth0
 
       def initialize_token(options)
         @token = options[:access_token] || options[:token]
-        
         # default expiry to an hour if a token was given but no expires_at
         @token_expires_at = @token ? options[:token_expires_at] || Time.now.to_i + 3600 : nil 
 
@@ -15,9 +14,10 @@ module Auth0
       end
 
       def get_token
+        # pp @token_expires_at
         has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
         
-        if (@token.nil? || has_expired) && @client_id && @client_secret
+        if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
           response = api_token(audience: @audience)
           @token = response.token
           @token_expires_at = response.expires_in ? Time.now.to_i + response.expires_in : nil

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.9.0'.freeze
+  VERSION = '5.11.0'.freeze
 end

data/opslevel.yml

@@ -0,0 +1,5 @@
+---
+version: 1
+repository:
+  owner: dx_sdks
+  tags:

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_patch_client/should_update_the_client_with_the_correct_attributes.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/clients/SftKo9ySyHnMPezQUFd0C70GBoNFM21F?fields=jwt_configuration&include_fields=false
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/clients/SftKo9ySyHnMPezQUFd0C70GBoNFM21F
     body:
       encoding: UTF-8
       string: '{"custom_login_page_on":false,"sso":true}'
@@ -12,6 +12,7 @@ http_interactions:
       User-Agent:
       - rest-client/2.1.0 (darwin19.6.0 x86_64) ruby/2.7.0p0
       Content-Type:
+
       - application/json
       Auth0-Client:
       - eyJuYW1lIjoicnVieS1hdXRoMCIsInZlcnNpb24iOiI1LjUuMCIsImVudiI6eyJydWJ5IjoiMi43LjAifX0=

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_update_connection/should_update_the_connection.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/connections/con_WltM0fv20JCnxOuY?email=rubytest-210908-rubytest-210908-username@auth0.com
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/connections/con_WltM0fv20JCnxOuY
     body:
       encoding: UTF-8
       string: '{"options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"excellent","strategy_version":2,"brute_force_protection":true}}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_update_rule/should_update_the_disabled_rule_to_be_enabled.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/rules/rul_bsg64xEPZz4WOkXz?fields=stage&include_fields=false
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/rules/rul_bsg64xEPZz4WOkXz
     body:
       encoding: UTF-8
       string: '{"enabled":true}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_revert_the_tenant_name.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings?fields=support_email&include_fields=true
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings
     body:
       encoding: UTF-8
       string: '{"friendly_name":"Auth0"}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_update_the_tenant_settings_with_a_new_tenant_name.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings?fields=support_email&include_fields=true
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings
     body:
       encoding: UTF-8
       string: '{"friendly_name":"Auth0-CHANGED"}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_roles/should_add_a_Role_to_a_User_successfully.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: post
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9/roles?per_page=2
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9/roles
     body:
       encoding: UTF-8
       string: '{"roles":["rol_2VZOCes8HgBar3Tp"]}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_patch_user/should_patch_the_User_successfully.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9?fields=email&include_fields=true
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9
     body:
       encoding: UTF-8
       string: '{"email_verified":true,"user_metadata":{"addresses":{"home_address":"742