descope 1.0.4 → 1.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0cbfd697e21207d7a3d5da5c544ad159369e7e51456461532f41608e13022d3d
-  data.tar.gz: 7bbf26b7613fb3699933760f428c17e97ed51089fb46567f28fa74334e3f89f1
+  metadata.gz: c34965cb6d8afe8eef75358f8a2bfe51a4c85732b7a6704352d67429be4ef2a1
+  data.tar.gz: d683b72349fe21ad68c8eb5ba3f5efc630f6d064d725200d874b0b1a07fda450
 SHA512:
-  metadata.gz: 70d3208d9fb671fa6878e0e344c0a3638ededf2cf5cd3ba0f35e81931f0279a30ebbbfedbbce0a66c7caf59bb22e8f767e08a354ca6cde8422c77ff25a1d5c2c
-  data.tar.gz: f19dfe58eda7ff846949b7bd722cf3d7de09ce806f0bdfb6679ef4a68b2cebb86aa01a51fb80f6f69a927fb21ab9b7d1baec24d87345a68b4c0536ce484564af
+  metadata.gz: aed5e37a77c61eca6ee2e52cef996ebc5088b57dd78ed566cb2c4e21b7b939ddd5779712de35fdba59e13990872757dc8fb3a84a6c05b4bf8d169fefa281dcc9
+  data.tar.gz: 6cca87aa406e2eda34f7d38ad02178422c5b37262d0c4d5195f582ab7b4eabffe4c5508a06c10615f165de612e0a2b6caf5d14d7c19157b245354746f582810a

data/.github/workflows/ci.yaml

@@ -7,10 +7,18 @@ on:
   pull_request:
     branches:
       - main
+  workflow_dispatch:
+    inputs:
+      DESCOPE_LOG_LEVEL:
+        description: "Descope Log Level"
+        default: "info"
+
+env:
+  DESCOPE_LOG_LEVEL: ${{ github.event.inputs.DESCOPE_LOG_LEVEL || 'info' }}
 
 jobs:
-  build:
-    name: Build Ruby SDK
+  ci:
+    name: Descope Ruby SDK CI
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
@@ -25,30 +33,10 @@ jobs:
         run: bundle install
 
       - name: Run RSpec Test
-        run: bundle exec rspec
-
-      # in order  to release use conventional commits
-      # $ git commit --allow-empty -m "chore: release 1.0.0" -m "Release-As: 1.0.0" && git push
-      # this will open a new PR with the changelog and bump the version
-      # Release Please assumes you are using Conventional Commit messages.
-      #
-      # The most important prefixes you should have in mind are:
-      #
-      # fix: which represents bug fixes, and correlates to a SemVer patch.
-      # feat: which represents a new feature, and correlates to a SemVer minor.
-      # feat!:, or fix!:, refactor!:, etc., which represent a breaking change (indicated by the !) and will result in a SemVer major.
-      - uses: google-github-actions/release-please-action@v4
-        id: release
-        if: github.ref == 'refs/heads/main'
+        run: bundle exec rspec spec/lib.descope
 
-      - name: Publish to RubyGems
-        run: |
-          mkdir -p $HOME/.gem
-          touch $HOME/.gem/credentials
-          chmod 0600 $HOME/.gem/credentials
-          printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
-          gem build *.gemspec
-          gem push *.gem
+      - name: Run RSpec Integration Tests
         env:
-          GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_API_KEY}}"
-        if: ${{ steps.release.outputs.release_created }}
+          DESCOPE_MANAGEMENT_KEY: ${{ secrets.DESCOPE_MANAGEMENT_KEY }}
+          DESCOPE_PROJECT_ID: ${{ secrets.DESCOPE_PROJECT_ID }}
+        run: bundle exec rspec spec/integration

data/.github/workflows/publish-gem.yaml

@@ -0,0 +1,61 @@
+name: Publish Ruby Gem
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  release:
+    name: Publish Ruby Gem
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: 0
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          # We are not letting this step to run bundle install, we will do it later
+          bundler-cache: false
+
+      - name: Install dependencies
+        run: bundle install
+
+      - name: Bump version
+        run: |
+          NEW_VERSION=$(echo ${{ github.event.release.tag_name }} | sed 's/^v//') # strip the 'v' from the tag if present
+          sed -i "s/^  VERSION = '.*'/  VERSION = '${NEW_VERSION}'/g" lib/descope/version.rb
+          echo -e "Updated version file:\n $(cat lib/descope/version.rb)"
+
+      - name: Commit changes
+        run: |
+          git config --global user.name 'github-actions'
+          git config --global user.email 'github-actions@github.com'
+          git checkout main
+          git add ./lib/descope/version.rb
+          git commit -m "Bump version to $NEW_VERSION"
+          git push origin main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Repoint the tag to latest commit
+        run: |
+          git tag -d ${{ github.event.release.tag_name }}
+          git tag ${{ github.event.release.tag_name }} -m "Release $NEW_VERSION"
+          git push origin :${{ github.event.release.tag_name }}
+          git push
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish to RubyGems
+        run: |
+          mkdir -p $HOME/.gem
+          touch $HOME/.gem/credentials
+          chmod 0600 $HOME/.gem/credentials
+          printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+          gem build *.gemspec
+          gem push *.gem
+        env:
+          GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_API_KEY}}"

data/Gemfile

@@ -1,22 +1,20 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 gemspec
 
 group :development do
-  gem 'terminal-notifier-guard', require: false unless ENV['CIRCLECI']
-  gem 'coveralls', require: false
-  gem 'rubocop', require: false
-  gem 'rubocop-rails', require: false
-  gem 'irb', require: false
+  gem 'rubocop', '1.63.2', require: false
+  gem 'rubocop-rails', '2.24.1', require: false
 end
 
 group :test do
-  gem 'webmock', require: false
-  gem 'simplecov-cobertura'
-  gem 'timecop', require: false
-  gem 'rack-test', require: false
-  gem 'dotenv', require: false
-  gem 'super_diff', require: false
-  gem 'factory_bot', require: 'false'
-  gem 'selenium-webdriver', require: false
-  gem 'rotp', require: false
+  gem 'factory_bot', '6.4.6', require: false
+  gem 'faker', require: false
+  gem 'rack-test', '2.1.0', require: false
+  gem 'rotp', '6.3.0', require: false
+  gem 'rspec', '3.13.0', require: false
+  gem 'selenium-webdriver', '4.19.0', require: false
+  gem 'simplecov', '0.22.0', require: false
+  gem 'super_diff', '0.11.0', require: false
 end

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    descope (1.0.4)
+    descope (1.0.5)
       addressable (~> 2.8)
       jwt (~> 2.7)
       rest-client (~> 2.1)
@@ -11,7 +11,7 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.1.3)
+    activesupport (7.1.3.2)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -26,71 +26,46 @@ GEM
     ast (2.4.2)
     attr_extras (7.1.0)
     base64 (0.2.0)
-    bigdecimal (3.1.6)
+    bigdecimal (3.1.7)
     concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
-    coveralls (0.7.1)
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      term-ansicolor
-      thor
-    crack (0.4.5)
-      rexml
-    diff-lcs (1.5.0)
+    diff-lcs (1.5.1)
     docile (1.4.0)
     domain_name (0.6.20240107)
-    dotenv (2.8.1)
-    drb (2.2.0)
-      ruby2_keywords
-    factory_bot (6.4.5)
+    drb (2.2.1)
+    factory_bot (6.4.6)
       activesupport (>= 5.0.0)
-    faker (2.23.0)
+    faker (3.3.1)
       i18n (>= 1.8.11, < 2)
-    fuubar (2.5.1)
-      rspec-core (~> 3.0)
-      ruby-progressbar (~> 1.4)
-    hashdiff (1.1.0)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    i18n (1.14.1)
+    i18n (1.14.4)
       concurrent-ruby (~> 1.0)
-    io-console (0.7.2)
-    irb (1.11.1)
-      rdoc
-      reline (>= 0.4.2)
-    json (2.7.1)
-    jwt (2.7.1)
+    json (2.7.2)
+    jwt (2.8.1)
+      base64
     language_server-protocol (3.17.0.3)
     mime-types (3.5.2)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.1205)
-    minitest (5.21.2)
-    multi_json (1.15.0)
+    mime-types-data (3.2024.0305)
+    minitest (5.22.3)
     mutex_m (0.2.0)
     netrc (0.11.0)
     optimist (3.1.0)
     parallel (1.24.0)
-    parser (3.3.0.4)
+    parser (3.3.0.5)
       ast (~> 2.4.1)
       racc
     patience_diff (1.2.0)
       optimist (~> 3.0)
-    psych (5.1.2)
-      stringio
-    public_suffix (5.0.4)
+    public_suffix (5.0.5)
     racc (1.7.3)
-    rack (3.0.8)
+    rack (3.0.10)
     rack-test (2.1.0)
       rack (>= 1.3)
     rainbow (3.1.1)
-    rake (13.1.0)
-    rdoc (6.6.2)
-      psych (>= 4.0.0)
     regexp_parser (2.9.0)
-    reline (0.4.2)
-      io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
@@ -99,20 +74,20 @@ GEM
     retryable (3.0.5)
     rexml (3.2.6)
     rotp (6.3.0)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.1)
-    rubocop (1.60.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
+    rubocop (1.63.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
@@ -120,20 +95,19 @@ GEM
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.30.0)
-      parser (>= 3.2.1.0)
-    rubocop-rails (2.23.1)
+    rubocop-ast (1.31.2)
+      parser (>= 3.3.0.4)
+    rubocop-rails (2.24.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
-    ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
-    selenium-webdriver (4.17.0)
+    selenium-webdriver (4.19.0)
       base64 (~> 0.2)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
@@ -142,63 +116,34 @@ GEM
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
-    simplecov-cobertura (2.1.0)
-      rexml
-      simplecov (~> 0.19)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
-    stringio (3.1.0)
-    super_diff (0.10.0)
+    super_diff (0.11.0)
       attr_extras (>= 6.2.4)
       diff-lcs
       patience_diff
-    sync (0.5.0)
-    term-ansicolor (1.7.1)
-      tins (~> 1.0)
-    terminal-notifier-guard (1.7.0)
-    thor (1.3.0)
-    timecop (0.9.8)
-    tins (1.32.1)
-      sync
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
-    webmock (3.19.1)
-      addressable (>= 2.8.0)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
     websocket (1.2.10)
     zache (0.13.1)
 
 PLATFORMS
-  arm64-darwin-22
   arm64-darwin-23
-  x86_64-darwin-23
   x86_64-linux
 
 DEPENDENCIES
-  bundler
-  concurrent-ruby (~> 1.1)
-  coveralls
   descope!
-  dotenv
-  factory_bot
-  faker (~> 2.0)
-  fuubar (~> 2.0)
-  irb
-  rack-test
-  rake (~> 13.0)
-  rotp
-  rspec (~> 3.11)
-  rubocop
-  rubocop-rails
-  selenium-webdriver
-  simplecov (~> 0.9)
-  simplecov-cobertura
-  super_diff
-  terminal-notifier-guard
-  timecop
-  webmock
+  factory_bot (= 6.4.6)
+  faker
+  rack-test (= 2.1.0)
+  rotp (= 6.3.0)
+  rspec (= 3.13.0)
+  rubocop (= 1.63.2)
+  rubocop-rails (= 2.24.1)
+  selenium-webdriver (= 4.19.0)
+  simplecov (= 0.22.0)
+  super_diff (= 0.11.0)
 
 BUNDLED WITH
-   2.4.19
+   2.5.6

data/README.md

@@ -1,8 +1,3 @@
-Descope SDK for Ruby
-
-
-The Descope SDK for Ruby provides convenient access to the Descope user management and authentication API for a backend written in Ruby. You can read more on the Descope Website.
-
 # Descope SDK for Ruby
 
 The Descope SDK for Ruby provides convenient access to the Descope user management and authentication API
@@ -36,6 +31,13 @@ descope_client = Descope::Client.new(
 )
 ```
 
+### Important Logging note
+You may pass `log_level: 'debug'` to the client config or use `DESCOPE_LOG_LEVEL` env var.
+Be aware that only the management key is truncated, and the JWT responses are printed on debug
+
+Do not run with log level debug on Production!
+
+
 ## Authentication Methods
 These sections show how to use the SDK to perform various authentication/authorization functions:
 
@@ -65,7 +67,7 @@ These sections show how to use the SDK to perform permission and user management
 8. [Manage Flows](#manage-flows-and-theme)
 9. [Manage JWTs](#manage-jwts)
 10. [Embedded links](#embedded-links)
-11. [Search Audit](#search-audit)
+11. [Audit](#audit)
 12. [Manage ReBAC Authz](#manage-rebac-authz)
 13. [Manage Project](#manage-project)
 
@@ -77,7 +79,7 @@ For rate limiting information, please confer to the [API Rate Limits](#api-rate-
 
 ### OTP Authentication
 
-Send a user a one-time password (OTP) using your preferred delivery method (_email / SMS_). An email address or phone number must be provided accordingly.
+Send a user a one-time password (OTP) using your preferred delivery method (email/SMS/Voice call). An email address or phone number must be provided accordingly.
 
 The user can either `sign up`, `sign in` or `sign up or in`
 
@@ -385,7 +387,7 @@ containing the session and refresh tokens, as well as all of the JWT claims.
 Make sure to return the tokens from the response to the client, or updated the cookie if you're using it.
 
 Usually, the tokens can be passed in and out via HTTP headers or via a cookie.
-The implementation can defer according to your framework of choice. See our [samples](#code-samples) for a few examples.
+The implementation can defer according to your framework of choice. See our [examples](#code-examples) for a few examples.
 
 If Roles & Permissions are used, validate them immediately after validating the session. See the [next section](#roles--permission-validation)
 for more information.
@@ -614,13 +616,15 @@ end
 
 #### Set or Expire User Password
 
-You can set or expire a user's password.
-Note: When setting a password, it will automatically be set as expired.
-The user will not be able log-in using an expired password, and will be required replace it on next login.
+You can set a new active password for a user, which they can then use to sign in. You can also set a temporary
+password that the user will be forced to change on the next login.
 
 ```ruby
+# Set a user's temporary password
+descope_client.set_temporary_password(login_id: '<login-id>', password:  '<some-password>');
+
 # Set a user's password
-descope_client.set_password(login_id: '<login-id>', password:  '<some-password>');
+descope_client.set_active_password(login_id: '<login-id>', password:  '<some-password>');
 
 # Or alternatively, expire a user password
 descope_client.expire_password('<login-id>')
@@ -633,12 +637,14 @@ You can create, update, delete or load access keys, as well as search according
 ```ruby
 # An access key must have a name and expiration, other fields are optional.
 # Roles should be set directly if no tenants exist, otherwise set
-# on a per-tenant basis.
+# on a per-tenant basis. If custom_claims supplied they will be presented on the jwt.
+# If customClaims is supplied, then those claims will be present in the JWT returned by calls to ExchangeAccessKey.
 associated_tenants = [{ tenant_id: 'tenant_id1', role_names: %w[role_name1 role_name2] }]
 create_resp = descope_client.create_access_key(
     name: 'name',
     expire_time: 1677844931,
-    key_tenants: associated_tenants
+    key_tenants: associated_tenants,
+	custom_claims: {'k1': 'v1'}
 )
 key = create_resp['key']
 cleartext = create_resp['cleartext'] # make sure to save the returned cleartext securely. It will not be returned again.
@@ -738,6 +744,7 @@ descope_client.create_role(
     name: 'My Role',
     description: 'Optional description to briefly explain what this role allows.',
     permission_names: ['My Updated Permission'],
+    tenant_id: 'Optionally scope this role for this specific tenant. If left empty, the role will be available to all tenants.'
 )
 
 # Update will override all fields as is. Use carefully.
@@ -745,11 +752,12 @@ descope_client.update_role(
     name: 'My Role',
     new_name: 'My Updated Role',
     description: 'A revised description',
-    permission_names: ['My Updated Permission', 'Another Permission']
+    permission_names: ['My Updated Permission', 'Another Permission'],
+    tenant_id: 'The tenant ID to which this role is associated, leave empty, if role is a global one'
 )
 
 # Role deletion cannot be undone. Use carefully.
-descope_client.delete_role('My Updated Role')
+descope_client.delete_role(name: 'My Updated Role',  tenant_id: 'The tenant ID to which this role is associated, leave empty, if role is a global one')
 
 # Load all roles
 roles_resp = descope_client.load_all_roles()
@@ -760,6 +768,20 @@ roles = roles_resp['roles']
 # 
 ```
 
+# Search roles
+roles_resp = descope_client.search_roles(
+    names: ['role1', 'role2'], # Search for roles with the names 'role1' and 'role2'
+    role_name_like: 'role', # Search for roles that contain the string 'role'
+    tenant_ids: ['tenant1', 'tenant2'], # Search for roles that are associated with the tenants 'tenant1' and 'tenant2'
+    permission_names: ['permission1', 'permission2'] # Search for roles that have the permissions 'permission1' and 'permission2'
+)
+
+roles = roles_resp['roles']
+roles.each do |role|
+  # Do something
+end
+```
+
 ### Manage Flows and Theme
 
 You can list your flows and also import and export flows and screens, or the project theme:
@@ -849,7 +871,7 @@ This token can then be verified using the magic link 'verify' function, either d
 token = descope_client.generate_embedded_link(login_id: 'desmond@descope.com', custom_claims: {'key1':'value1'})
 ```
 
-### Search Audit
+### Audit
 
 You can perform an audit search for either specific values or full-text across the fields. Audit search is limited to the last 30 days.
 Below are some examples. For a full list of available search criteria options, see the function documentation.
@@ -876,6 +898,21 @@ audits = descope_client.audit_search(
 audits = descope_client.audit_search(actions: ['LoginSucceed'])
 ```
 
+You can also create audit event with data
+
+```ruby
+descope_client.audit_create_event(
+  actor_id: "UXXX", # required, for example a user ID
+  tenant_id: "tenant-id", # required
+  action: "pencil.created", # required
+  type: "info", # either: info/warn/error # required
+  data: {
+        pencil_id: "PXXX",
+        pencil_name: "Pencil Name"
+  } # optional
+)
+```
+
 ### Manage ReBAC Authz
 
 Descope supports full relation based access control (ReBAC) using a [Google Zanzibar](https://research.google/pubs/pub48190/) like schema and operations.
@@ -1132,9 +1169,9 @@ end
     # This variable indicates how many seconds until the next valid API call can take place.
 ```
 
-## Code Samples
+## Code Examples
 
-You can find various usage samples in the [samples folder](https://github.com/descope/ruby-sdk/blob/main/samples).
+You can find various usage examples in the [examples folder](https://github.com/descope/ruby-sdk/blob/main/examples).
 
 ## Run Locally
 

data/descope.gemspec

@@ -1,34 +1,39 @@
 # -*- encoding: utf-8 -*-
 $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 require 'descope/version'
+version = Descope::VERSION
 
 Gem::Specification.new do |s|
-  s.name        = 'descope'
-  s.version     = Descope::VERSION
-  s.authors     = ['Descope']
-  s.email       = ['support@descope.com']
-  s.homepage    = 'https://github.com/descope/descope-ruby-sdk'
-  s.summary     = 'Descope API Client'
-  s.description = 'Ruby API Client for Descope API https://descope.com'
+  s.platform    = Gem::Platform::RUBY
+  s.name        = "descope"
+  s.version     = version
+  s.summary     = "Descope Ruby API Client"
+  s.description = "Ruby API Client for Descope API https://descope.com"
+
+  s.required_ruby_version     = ">= 3.3.0"
+  s.required_rubygems_version = ">= 3.5"
+
+  s.author      = "Descope Inc."
+  s.email       = "support@descope.com"
+  s.homepage    = "https://github.com/descope/descope-ruby-sdk"
+
+  s.license = "MIT"
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'rest-client', '~> 2.1'
-  s.add_runtime_dependency 'jwt', '~> 2.7'
-  s.add_runtime_dependency 'zache', '~> 0.12'
+  s.metadata = {
+    "bug_tracker_uri"   => "https://github.com/descope/descope-ruby-sdk/issues",
+    "changelog_uri"     => "https://github.com/descope/descope-ruby-sdk/releases/tag/#{version}",
+    "documentation_uri" => "https://docs.descope.com",
+    "source_code_uri" => "https://github.com/descope/descope-ruby-sdk/tree/#{version}",
+  }
+
   s.add_runtime_dependency 'addressable', '~> 2.8'
+  s.add_runtime_dependency 'jwt', '~> 2.7'
+  s.add_runtime_dependency 'rest-client', '~> 2.1'
   s.add_runtime_dependency 'retryable', '~> 3.0'
-
-  s.add_development_dependency 'bundler'
-  s.add_development_dependency 'rake', '~> 13.0'
-  s.add_development_dependency 'fuubar', '~> 2.0'
-  s.add_development_dependency 'rspec', '~> 3.11'
-  s.add_development_dependency 'simplecov', '~> 0.9'
-  s.add_development_dependency 'faker', '~> 2.0'
-  s.add_development_dependency "super_diff", "~> 1.0"
-  s.add_development_dependency 'concurrent-ruby', '~> 1.1'
-  s.license = 'MIT'
+  s.add_runtime_dependency 'zache', '~> 0.12'
 end

data/examples/ruby/.ruby-version

@@ -0,0 +1 @@
+3.3.0

data/examples/ruby/access_key_app.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
+require_relative './version_check'
 require 'descope'
 
 @logger = Logger.new($stdout)
@@ -11,7 +12,6 @@ require 'descope'
 @logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
 
 @client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
-
 access_key = nil
 
 begin
@@ -23,17 +23,20 @@ begin
   end
 
   begin
-    jwt_response = @client.exchange_access_key(access_key)
+    login_options = {
+      customClaims: { "k1": 'v1' }
+    }
+    jwt_response = @client.exchange_access_key(access_key: access_key, login_options: login_options)
     @logger.info('exchange access key successfully')
     @logger.info("jwt_response: #{jwt_response}")
 
     permission_name = 'TestPermission'
     permission_presented = @client.validate_permissions(
-      jwt_response:, permissions: [permission_name]
+      jwt_response: jwt_response, permissions: [permission_name]
     )
     @logger.info("#{permission_name} presented on the jwt: [#{permission_presented}]")
     role_name = 'TestRole'
-    role_presented = @client.validate_roles(jwt_response:, roles: [role_name])
+    role_presented = @client.validate_roles(jwt_response: jwt_response, roles: [role_name])
     @logger.info("#{role_name} presented on the jwt: [#{role_presented}]")
   rescue Descope::AuthException => e
     @logger.error("Failed to exchange access key #{e}")