auth0 4.10.0 → 4.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '088787530ff625f8af83a64dec5b298a0802be569a23161d1619e08d1db1a24b'
-  data.tar.gz: 3631754f52de1a123dac236e82ccab2faf71477b5ee99cb90f5b31b72ce83ca6
+  metadata.gz: 5510689e9c12f2e8b6cdaa0b7a36487b426e65d550a71b8e507d1c1a6328032b
+  data.tar.gz: 23a2e96a3dadbe065252666ec16cee463d4511ec464be83abcc05ba43f1025a7
 SHA512:
-  metadata.gz: c71ce2a7048f106a8719e6103b66164b54dff4becb3803c6b415f4754c61f4c48e6d77dffd02a790735315ae24f6c589d94a4aab1cd54c8928ff27db7c5c0224
-  data.tar.gz: d48e1b2f8302a758eeef107388fe8670bbcfeca432b9c326ae56bd5b5558340d303963c23f26f76218c948a1454ed51a167da1a59aea9f987915ad960aaa7c5f
+  metadata.gz: f018c7269551d67247bd49841a76e379efdfad2b650efa5506bb8aa75d28576fdf66e7bd2d1f405fc1d92471d53f5ade81b86101a91ffb29053d9313f8ab9591
+  data.tar.gz: 19a41e79a0b6bd393eb8b85c882dcff8ff7ccefa71c33896928cf53cb5068b495e3d42aa0751ad6fc4d2b103b76049f0570147accfa7b406ff329e53100d009d

data/.env.example

@@ -0,0 +1,2 @@
+DOMAIN=
+CLIENT_ID=

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Change Log
 
+## [v4.11.0](https://github.com/auth0/ruby-auth0/tree/v4.11.0) (2020-05-06)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.10.0...v4.11.0)
+
+**Added**
+
+- [SDK-1542] Add client secret to Passwordless flow since it is now required [\#217](https://github.com/auth0/ruby-auth0/pull/217) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
 ## [v4.10.0](https://github.com/auth0/ruby-auth0/tree/v4.10.0) (2020-04-23)
 
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.9.0...v4.10.0)

data/DEPLOYMENT.md

@@ -1,3 +1,15 @@
+# Releasing the gem
+
+## Credentials set up
+
+Make sure you have access in https://rubygems.org/gems/auth0/ and that your Ruby Gems tokens are set in `~/.gem/credentials`.
+
+In order to generate the required changelog entry, define an environment variable `GITHUB_READ_TOKEN` with a Github API token that has READ access to `repo:public_repo`. You can generate a Github API Token [here](https://github.com/settings/tokens/new?description=GitHub%20Changelog%20Generator%20token).
+
+Create a new Github Milestone with the version name prefixed with `v`. i.e. `v4.10.2`. Assign every Issue and Pull Request to be included on this release to that Milestone, and tag them with the `CH:xxxxxx` labels, depending on the type of change fixed or introduced there.
+
+Finally, follow the next steps:
+
 ```bash
 # Install gems for exec commands
 bundle install
@@ -45,3 +57,5 @@ git push origin vX.X.X
 # Rubygems token can be updated in ~/.gem/credentials
 bundle exec gem release
 ```
+
+The steps above were tested with Ruby `v2.5.7`.

data/Gemfile.lock

@@ -1,31 +1,31 @@
 PATH
   remote: .
   specs:
-    auth0 (4.10.0)
+    auth0 (4.11.0)
       rest-client (~> 2.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (6.0.2.2)
-      actionview (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
+    actionpack (6.0.3)
+      actionview (= 6.0.3)
+      activesupport (= 6.0.3)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.0.2.2)
-      activesupport (= 6.0.2.2)
+    actionview (6.0.3)
+      activesupport (= 6.0.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (6.0.2.2)
+    activesupport (6.0.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
+      zeitwerk (~> 2.2, >= 2.2.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.0)
@@ -93,7 +93,7 @@ GEM
     method_source (0.8.2)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.1009)
+    mime-types-data (3.2020.0425)
     mini_portile2 (2.4.0)
     minitest (5.14.0)
     multi_json (1.14.1)
@@ -105,7 +105,7 @@ GEM
       nenv (~> 0.1)
       shellany (~> 0.0)
     parallel (1.19.1)
-    parser (2.7.1.1)
+    parser (2.7.1.2)
       ast (~> 2.4.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
@@ -122,15 +122,15 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.2.2)
-      actionpack (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
+    railties (6.0.3)
+      actionpack (= 6.0.3)
+      activesupport (= 6.0.3)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
     rainbow (3.0.0)
     rake (13.0.1)
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     rest-client (2.0.2)
@@ -142,15 +142,15 @@ GEM
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
     rspec-expectations (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-support (3.9.2)
+    rspec-support (3.9.3)
     rubocop (0.82.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -191,7 +191,7 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    yard (0.9.24)
+    yard (0.9.25)
     zeitwerk (2.3.0)
 
 PLATFORMS

data/README.md

@@ -12,7 +12,7 @@ Ruby API client for the [Auth0](https://auth0.com) platform.
 
 This gem can be installed directly:
 
-``` bash
+```bash
 $ gem install auth0
 ```
 
@@ -26,7 +26,7 @@ bundle add auth0
 
 You can build the API documentation with the following:
 
-``` bash
+```bash
 bundle exec rake documentation
 ```
 
@@ -65,22 +65,22 @@ class AllUsersController < ApplicationController
     }
     @users = auth0_client.users @params
   end
-	
+
   private
-	
+
   # Setup the Auth0 API connection.
   def auth0_client
     @auth0_client ||= Auth0Client.new(
       client_id: ENV['AUTH0_RUBY_CLIENT_ID'],
       client_secret: ENV['AUTH0_RUBY_CLIENT_SECRET'],
-      # If you pass in a client_secret value, the SDK will automatically try to get a 
-      # Management API token for this application. Make sure your Application can make a 
+      # If you pass in a client_secret value, the SDK will automatically try to get a
+      # Management API token for this application. Make sure your Application can make a
       # Client Credentials grant (Application settings in Auth0 > Advanced > Grant Types
       # tab) and that the Application is authorized for the Management API:
       # https://auth0.com/docs/api-auth/config/using-the-auth0-dashboard
       #
       # Otherwise, you can pass in a Management API token directly for testing or temporary
-      # access using the key below. 
+      # access using the key below.
       # token: ENV['AUTH0_RUBY_API_TOKEN'],
       domain: ENV['AUTH0_RUBY_DOMAIN'],
       api_version: 2,
@@ -107,36 +107,71 @@ This should show the parameters passed to the `users` method and a list of users
 
 In addition to the Management API, this SDK also provides access to [Authentication API](https://auth0.com/docs/api/authentication) endpoints with the `Auth0::API::AuthenticationEndpoints` module. For basic login capability, we suggest using our OmniAuth stategy [detailed here](https://auth0.com/docs/quickstart/webapp/rails/01-login). Other authentication tasks currently supported are:
 
-* Register a new user with a database connection using the `signup` method.
-* Redirect a user to the universal login page for authentication using the `authorization_url` method.
-* Log a user into a highly trusted app with the [Resource Owner Password grant](https://auth0.com/docs/api-auth/tutorials/password-grant) using the `login` method.
-* Exchange an authorization code for an access token on callback using the `obtain_user_tokens` method (see the note on state validation below).
-* Send a change password email to a database connection user using the `change_password` method.
-* Log a user out of Auth0 with the `logout_url` method.
+- Register a new user with a database connection using the `signup` method.
+- Redirect a user to the universal login page for authentication using the `authorization_url` method.
+- Log a user into a highly trusted app with the [Resource Owner Password grant](https://auth0.com/docs/api-auth/tutorials/password-grant) using the `login` method.
+- Exchange an authorization code for an access token on callback using the `obtain_user_tokens` method (see the note on state validation below).
+- Send a change password email to a database connection user using the `change_password` method.
+- Log a user out of Auth0 with the `logout_url` method.
 
-**Important note on state validation**: If you choose to implement a login flow callback yourself, it is important to generate and store a `state` value, pass that value to Auth0 in the `authorization_url` method, and validate it in your callback URL before calling `obtain_user_tokens`. For more information on state validation, [please see our documentation](https://auth0.com/docs/protocols/oauth2/oauth-state). 
+**Important note on state validation**: If you choose to implement a login flow callback yourself, it is important to generate and store a `state` value, pass that value to Auth0 in the `authorization_url` method, and validate it in your callback URL before calling `obtain_user_tokens`. For more information on state validation, [please see our documentation](https://auth0.com/docs/protocols/oauth2/oauth-state).
 
 Please note that this module implements endpoints that might be deprecated for newer tenants. If you have any questions about how and when the endpoints should be used, consult the [documentation](https://auth0.com/docs/api/authentication) or ask in our [Community forums](https://community.auth0.com/tags/wordpress).
 
+## Development
+
+In order to set up the local environment you'd have to have Ruby installed and a few global gems used to run and record the unit tests. A working Ruby version can be taken from the [CI script](/.circleci/config.yml). At the moment of this writting we're using Ruby `2.5.7`.
+
+> It is expected that every Pull Request introducing a fix, change or feature contains enough test coverage to assert the new behavior.
+
+### Running the tests
+
+Install the gems required for this project.
+
+```bash
+bundle install
+```
+
+Finally, run the tests.
+
+```bash
+bundle exec rake test
+```
+
+#### Running only unit tests
+
+You can run only the unit tests and ignore the integration tests by running the following:
+
+```bash
+bundle exec rake spec
+```
+
+#### Running only integration tests
+
+You can run only the unit tests and ignore the integration tests by running the following:
+
+```bash
+bundle exec rake integration
+```
 
 ## More Information
 
-* [Login using OmniAuth](https://auth0.com/docs/quickstart/webapp/rails/01-login)
-* [API authentication in Ruby](https://auth0.com/docs/quickstart/backend/ruby)
-* [API authentication in Rails](https://auth0.com/docs/quickstart/backend/rails)
-* [Managing authentication with Auth0 (blog)](https://auth0.com/blog/rails-5-with-auth0/)
-* [Ruby on Rails workflow with Docker (blog)](https://auth0.com/blog/ruby-on-rails-killer-workflow-with-docker-part-1/)
+- [Login using OmniAuth](https://auth0.com/docs/quickstart/webapp/rails/01-login)
+- [API authentication in Ruby](https://auth0.com/docs/quickstart/backend/ruby)
+- [API authentication in Rails](https://auth0.com/docs/quickstart/backend/rails)
+- [Managing authentication with Auth0 (blog)](https://auth0.com/blog/rails-5-with-auth0/)
+- [Ruby on Rails workflow with Docker (blog)](https://auth0.com/blog/ruby-on-rails-killer-workflow-with-docker-part-1/)
 
 ## What is Auth0?
 
 Auth0 helps you to:
 
-* Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders), either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce** among others, or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**.
-* Add authentication through more traditional **[username/password databases](https://docs.auth0.com/mysql-connection-tutorial)**.
-* Add support for **[linking different user accounts](https://docs.auth0.com/link-accounts)** with the same user.
-* Support for generating signed [JSON Web Tokens](https://docs.auth0.com/jwt) to call your APIs and **flow the user identity** securely.
-* Analytics of how, when, and where users are logging in.
-* Pull data from other sources and add it to the user profile with [JavaScript rules](https://docs.auth0.com/rules).
+- Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders), either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce** among others, or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**.
+- Add authentication through more traditional **[username/password databases](https://docs.auth0.com/mysql-connection-tutorial)**.
+- Add support for **[linking different user accounts](https://docs.auth0.com/link-accounts)** with the same user.
+- Support for generating signed [JSON Web Tokens](https://docs.auth0.com/jwt) to call your APIs and **flow the user identity** securely.
+- Analytics of how, when, and where users are logging in.
+- Pull data from other sources and add it to the user profile with [JavaScript rules](https://docs.auth0.com/rules).
 
 ## Create a free Auth0 Account
 

data/lib/auth0/api/authentication_endpoints.rb

@@ -170,7 +170,8 @@ module Auth0
           send: send,
           authParams: auth_params,
           connection: 'email',
-          client_id: @client_id
+          client_id: @client_id,
+          client_secret: @client_secret
         }
         post('/passwordless/start', request_params)
       end
@@ -185,7 +186,8 @@ module Auth0
         request_params = {
           phone_number: phone_number,
           connection: 'sms',
-          client_id: @client_id
+          client_id: @client_id,
+          client_secret: @client_secret
         }
         post('/passwordless/start', request_params)
       end

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '4.10.0'.freeze
+  VERSION = '4.11.0'.freeze
 end

data/spec/lib/auth0/api/authentication_endpoints_spec.rb

@@ -355,6 +355,7 @@ describe Auth0::Api::AuthenticationEndpoints do
       expect(@instance).to receive(:post).with(
         '/passwordless/start',
         client_id: @instance.client_id,
+        client_secret: @instance.client_secret,
         connection:  'email',
         email: 'test@test.com',
         send: 'code',
@@ -388,6 +389,7 @@ describe Auth0::Api::AuthenticationEndpoints do
       expect(@instance).to receive(:post).with(
         '/passwordless/start',
         client_id: @instance.client_id,
+        client_secret: @instance.client_secret,
         connection: 'sms',
         phone_number: phone_number
       )

data/spec/spec_helper.rb

@@ -27,6 +27,9 @@ VCR.configure do |config|
   config.hook_into :webmock
   config.filter_sensitive_data('CLIENT_SECRET') { ENV['CLIENT_SECRET'] }
   config.filter_sensitive_data('API_TOKEN') { ENV['MASTER_JWT'] }
+
+  ENV['DOMAIN'] = 'auth0-sdk-tests.auth0.com'
+  ENV['CLIENT_ID'] = '2cnWuug6zaFX1j0ge1P99jAUn0F4XSuI'
 end
 
 $LOAD_PATH.unshift File.expand_path('..', __FILE__)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auth0
 version: !ruby/object:Gem::Version
-  version: 4.10.0
+  version: 4.11.0
 platform: ruby
 authors:
 - Auth0
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-28 00:00:00.000000000 Z
+date: 2020-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -224,6 +224,7 @@ extra_rdoc_files: []
 files:
 - ".bundle/config"
 - ".circleci/config.yml"
+- ".env.example"
 - ".gemrelease"
 - ".github/CODEOWNERS"
 - ".github/ISSUE_TEMPLATE.md"