descope 1.0.4 → 1.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yaml +15 -27
- data/.github/workflows/publish-gem.yaml +61 -0
- data/Gemfile +12 -14
- data/Gemfile.lock +46 -101
- data/README.md +56 -19
- data/descope.gemspec +25 -20
- data/examples/ruby/.ruby-version +1 -0
- data/examples/ruby/access_key_app.rb +7 -4
- data/examples/ruby/enchantedlink_app.rb +1 -0
- data/examples/ruby/magiclink_app.rb +1 -0
- data/examples/ruby/management/.ruby-version +1 -0
- data/examples/ruby/management/Gemfile +2 -2
- data/examples/ruby/management/Gemfile.lock +2 -2
- data/examples/ruby/management/access_key_app.rb +2 -0
- data/examples/ruby/management/audit_app.rb +32 -8
- data/examples/ruby/management/authz_app.rb +1 -0
- data/examples/ruby/management/flow_app.rb +1 -0
- data/examples/ruby/management/permission_app.rb +3 -2
- data/examples/ruby/management/role_app.rb +10 -4
- data/examples/ruby/management/tenant_app.rb +1 -0
- data/examples/ruby/management/user_app.rb +1 -0
- data/examples/ruby/oauth_app.rb +1 -0
- data/examples/ruby/otp_app.rb +38 -12
- data/examples/ruby/password_app.rb +8 -7
- data/examples/ruby/saml_app.rb +1 -0
- data/examples/ruby/version_check.rb +17 -0
- data/examples/ruby-on-rails-api/descope/.gitignore +58 -28
- data/examples/ruby-on-rails-api/descope/Gemfile +3 -1
- data/examples/ruby-on-rails-api/descope/Gemfile.lock +121 -90
- data/examples/ruby-on-rails-api/descope/README.md +18 -18
- data/examples/ruby-on-rails-api/descope/app/assets/builds/App.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/App.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/application.css +20131 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/application.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/application.js +40368 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/application.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/App.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/App.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/App.js +27979 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/App.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Dashboard.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Dashboard.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Dashboard.js +27118 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Dashboard.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Home.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Home.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Home.js +27113 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Home.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Login.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Login.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Login.js +27131 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Login.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Profile.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Profile.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Profile.js +27168 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/Profile.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/index.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/index.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/index.js +28236 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/components/index.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/controllers/application.js +2456 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/controllers/application.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/controllers/index.js +2453 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/controllers/index.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/routes/index.css +62 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/routes/index.css.map +7 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/routes/index.js +27973 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/routes/index.js.map +7 -0
- data/examples/ruby-on-rails-api/descope/package-lock.json +1021 -19307
- data/examples/ruby-on-rails-api/descope/package.json +8 -16
- data/examples/ruby-on-rails-api/descope/yarn.lock +459 -10641
- data/lib/descope/api/v1/auth/otp.rb +21 -14
- data/lib/descope/api/v1/auth.rb +37 -25
- data/lib/descope/api/v1/management/access_key.rb +5 -4
- data/lib/descope/api/v1/management/audit.rb +24 -0
- data/lib/descope/api/v1/management/common.rb +5 -1
- data/lib/descope/api/v1/management/role.rb +22 -6
- data/lib/descope/api/v1/management/user.rb +17 -0
- data/lib/descope/mixins/common.rb +6 -13
- data/lib/descope/mixins/http.rb +1 -1
- data/lib/descope/mixins/validation.rb +21 -6
- data/lib/descope/version.rb +1 -1
- data/spec/integration/lib.descope/api/v1/auth/enchantedlink_spec.rb +81 -0
- data/spec/integration/lib.descope/api/v1/auth/magiclink_spec.rb +49 -0
- data/spec/integration/lib.descope/api/v1/auth/otp_spec.rb +103 -0
- data/spec/integration/lib.descope/api/v1/auth/password_spec.rb +41 -0
- data/spec/integration/lib.descope/api/v1/auth/totp_spec.rb +76 -0
- data/spec/integration/lib.descope/api/v1/management/access_key_spec.rb +62 -0
- data/spec/integration/lib.descope/api/v1/management/audit_spec.rb +52 -0
- data/spec/integration/lib.descope/api/v1/management/authz_spec.rb +187 -0
- data/spec/integration/lib.descope/api/v1/management/flow_spec.rb +44 -0
- data/spec/integration/lib.descope/api/v1/management/permissions_spec.rb +27 -0
- data/spec/integration/lib.descope/api/v1/management/project_spec.rb +29 -0
- data/spec/integration/lib.descope/api/v1/management/roles_spec.rb +116 -0
- data/spec/integration/lib.descope/api/v1/management/user_spec.rb +262 -0
- data/spec/lib.descope/api/v1/auth/otp_spec.rb +176 -18
- data/spec/lib.descope/api/v1/auth_spec.rb +50 -1
- data/spec/lib.descope/api/v1/management/access_key_spec.rb +4 -2
- data/spec/lib.descope/api/v1/management/audit_spec.rb +92 -0
- data/spec/lib.descope/api/v1/management/role_spec.rb +35 -6
- data/spec/lib.descope/api/v1/management/user_spec.rb +40 -0
- data/spec/spec_helper.rb +9 -38
- data/spec/support/client_config.rb +5 -1
- data/spec/support/dummy_class.rb +15 -1
- data/spec/support/utils.rb +1 -1
- metadata +77 -133
- data/examples/ruby-on-rails-api/descope/tmp/pids/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/tmp/storage/.keep +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c34965cb6d8afe8eef75358f8a2bfe51a4c85732b7a6704352d67429be4ef2a1
|
4
|
+
data.tar.gz: d683b72349fe21ad68c8eb5ba3f5efc630f6d064d725200d874b0b1a07fda450
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aed5e37a77c61eca6ee2e52cef996ebc5088b57dd78ed566cb2c4e21b7b939ddd5779712de35fdba59e13990872757dc8fb3a84a6c05b4bf8d169fefa281dcc9
|
7
|
+
data.tar.gz: 6cca87aa406e2eda34f7d38ad02178422c5b37262d0c4d5195f582ab7b4eabffe4c5508a06c10615f165de612e0a2b6caf5d14d7c19157b245354746f582810a
|
data/.github/workflows/ci.yaml
CHANGED
@@ -7,10 +7,18 @@ on:
|
|
7
7
|
pull_request:
|
8
8
|
branches:
|
9
9
|
- main
|
10
|
+
workflow_dispatch:
|
11
|
+
inputs:
|
12
|
+
DESCOPE_LOG_LEVEL:
|
13
|
+
description: "Descope Log Level"
|
14
|
+
default: "info"
|
15
|
+
|
16
|
+
env:
|
17
|
+
DESCOPE_LOG_LEVEL: ${{ github.event.inputs.DESCOPE_LOG_LEVEL || 'info' }}
|
10
18
|
|
11
19
|
jobs:
|
12
|
-
|
13
|
-
name:
|
20
|
+
ci:
|
21
|
+
name: Descope Ruby SDK CI
|
14
22
|
runs-on: ubuntu-latest
|
15
23
|
steps:
|
16
24
|
- name: Checkout Code
|
@@ -25,30 +33,10 @@ jobs:
|
|
25
33
|
run: bundle install
|
26
34
|
|
27
35
|
- name: Run RSpec Test
|
28
|
-
run: bundle exec rspec
|
29
|
-
|
30
|
-
# in order to release use conventional commits
|
31
|
-
# $ git commit --allow-empty -m "chore: release 1.0.0" -m "Release-As: 1.0.0" && git push
|
32
|
-
# this will open a new PR with the changelog and bump the version
|
33
|
-
# Release Please assumes you are using Conventional Commit messages.
|
34
|
-
#
|
35
|
-
# The most important prefixes you should have in mind are:
|
36
|
-
#
|
37
|
-
# fix: which represents bug fixes, and correlates to a SemVer patch.
|
38
|
-
# feat: which represents a new feature, and correlates to a SemVer minor.
|
39
|
-
# feat!:, or fix!:, refactor!:, etc., which represent a breaking change (indicated by the !) and will result in a SemVer major.
|
40
|
-
- uses: google-github-actions/release-please-action@v4
|
41
|
-
id: release
|
42
|
-
if: github.ref == 'refs/heads/main'
|
36
|
+
run: bundle exec rspec spec/lib.descope
|
43
37
|
|
44
|
-
- name:
|
45
|
-
run: |
|
46
|
-
mkdir -p $HOME/.gem
|
47
|
-
touch $HOME/.gem/credentials
|
48
|
-
chmod 0600 $HOME/.gem/credentials
|
49
|
-
printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
50
|
-
gem build *.gemspec
|
51
|
-
gem push *.gem
|
38
|
+
- name: Run RSpec Integration Tests
|
52
39
|
env:
|
53
|
-
|
54
|
-
|
40
|
+
DESCOPE_MANAGEMENT_KEY: ${{ secrets.DESCOPE_MANAGEMENT_KEY }}
|
41
|
+
DESCOPE_PROJECT_ID: ${{ secrets.DESCOPE_PROJECT_ID }}
|
42
|
+
run: bundle exec rspec spec/integration
|
@@ -0,0 +1,61 @@
|
|
1
|
+
name: Publish Ruby Gem
|
2
|
+
|
3
|
+
on:
|
4
|
+
release:
|
5
|
+
types: [published]
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
release:
|
9
|
+
name: Publish Ruby Gem
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
steps:
|
12
|
+
- name: Checkout Code
|
13
|
+
uses: actions/checkout@v4
|
14
|
+
with:
|
15
|
+
ref: main
|
16
|
+
fetch-depth: 0
|
17
|
+
|
18
|
+
- uses: ruby/setup-ruby@v1
|
19
|
+
with:
|
20
|
+
# We are not letting this step to run bundle install, we will do it later
|
21
|
+
bundler-cache: false
|
22
|
+
|
23
|
+
- name: Install dependencies
|
24
|
+
run: bundle install
|
25
|
+
|
26
|
+
- name: Bump version
|
27
|
+
run: |
|
28
|
+
NEW_VERSION=$(echo ${{ github.event.release.tag_name }} | sed 's/^v//') # strip the 'v' from the tag if present
|
29
|
+
sed -i "s/^ VERSION = '.*'/ VERSION = '${NEW_VERSION}'/g" lib/descope/version.rb
|
30
|
+
echo -e "Updated version file:\n $(cat lib/descope/version.rb)"
|
31
|
+
|
32
|
+
- name: Commit changes
|
33
|
+
run: |
|
34
|
+
git config --global user.name 'github-actions'
|
35
|
+
git config --global user.email 'github-actions@github.com'
|
36
|
+
git checkout main
|
37
|
+
git add ./lib/descope/version.rb
|
38
|
+
git commit -m "Bump version to $NEW_VERSION"
|
39
|
+
git push origin main
|
40
|
+
env:
|
41
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
42
|
+
|
43
|
+
- name: Repoint the tag to latest commit
|
44
|
+
run: |
|
45
|
+
git tag -d ${{ github.event.release.tag_name }}
|
46
|
+
git tag ${{ github.event.release.tag_name }} -m "Release $NEW_VERSION"
|
47
|
+
git push origin :${{ github.event.release.tag_name }}
|
48
|
+
git push
|
49
|
+
env:
|
50
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
51
|
+
|
52
|
+
- name: Publish to RubyGems
|
53
|
+
run: |
|
54
|
+
mkdir -p $HOME/.gem
|
55
|
+
touch $HOME/.gem/credentials
|
56
|
+
chmod 0600 $HOME/.gem/credentials
|
57
|
+
printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
58
|
+
gem build *.gemspec
|
59
|
+
gem push *.gem
|
60
|
+
env:
|
61
|
+
GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_API_KEY}}"
|
data/Gemfile
CHANGED
@@ -1,22 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
source 'https://rubygems.org'
|
2
4
|
gemspec
|
3
5
|
|
4
6
|
group :development do
|
5
|
-
gem '
|
6
|
-
gem '
|
7
|
-
gem 'rubocop', require: false
|
8
|
-
gem 'rubocop-rails', require: false
|
9
|
-
gem 'irb', require: false
|
7
|
+
gem 'rubocop', '1.63.2', require: false
|
8
|
+
gem 'rubocop-rails', '2.24.1', require: false
|
10
9
|
end
|
11
10
|
|
12
11
|
group :test do
|
13
|
-
gem '
|
14
|
-
gem '
|
15
|
-
gem '
|
16
|
-
gem '
|
17
|
-
gem '
|
18
|
-
gem '
|
19
|
-
gem '
|
20
|
-
gem '
|
21
|
-
gem 'rotp', require: false
|
12
|
+
gem 'factory_bot', '6.4.6', require: false
|
13
|
+
gem 'faker', require: false
|
14
|
+
gem 'rack-test', '2.1.0', require: false
|
15
|
+
gem 'rotp', '6.3.0', require: false
|
16
|
+
gem 'rspec', '3.13.0', require: false
|
17
|
+
gem 'selenium-webdriver', '4.19.0', require: false
|
18
|
+
gem 'simplecov', '0.22.0', require: false
|
19
|
+
gem 'super_diff', '0.11.0', require: false
|
22
20
|
end
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
descope (1.0.
|
4
|
+
descope (1.0.5)
|
5
5
|
addressable (~> 2.8)
|
6
6
|
jwt (~> 2.7)
|
7
7
|
rest-client (~> 2.1)
|
@@ -11,7 +11,7 @@ PATH
|
|
11
11
|
GEM
|
12
12
|
remote: https://rubygems.org/
|
13
13
|
specs:
|
14
|
-
activesupport (7.1.3)
|
14
|
+
activesupport (7.1.3.2)
|
15
15
|
base64
|
16
16
|
bigdecimal
|
17
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
@@ -26,71 +26,46 @@ GEM
|
|
26
26
|
ast (2.4.2)
|
27
27
|
attr_extras (7.1.0)
|
28
28
|
base64 (0.2.0)
|
29
|
-
bigdecimal (3.1.
|
29
|
+
bigdecimal (3.1.7)
|
30
30
|
concurrent-ruby (1.2.3)
|
31
31
|
connection_pool (2.4.1)
|
32
|
-
|
33
|
-
multi_json (~> 1.3)
|
34
|
-
rest-client
|
35
|
-
simplecov (>= 0.7)
|
36
|
-
term-ansicolor
|
37
|
-
thor
|
38
|
-
crack (0.4.5)
|
39
|
-
rexml
|
40
|
-
diff-lcs (1.5.0)
|
32
|
+
diff-lcs (1.5.1)
|
41
33
|
docile (1.4.0)
|
42
34
|
domain_name (0.6.20240107)
|
43
|
-
|
44
|
-
|
45
|
-
ruby2_keywords
|
46
|
-
factory_bot (6.4.5)
|
35
|
+
drb (2.2.1)
|
36
|
+
factory_bot (6.4.6)
|
47
37
|
activesupport (>= 5.0.0)
|
48
|
-
faker (
|
38
|
+
faker (3.3.1)
|
49
39
|
i18n (>= 1.8.11, < 2)
|
50
|
-
fuubar (2.5.1)
|
51
|
-
rspec-core (~> 3.0)
|
52
|
-
ruby-progressbar (~> 1.4)
|
53
|
-
hashdiff (1.1.0)
|
54
40
|
http-accept (1.7.0)
|
55
41
|
http-cookie (1.0.5)
|
56
42
|
domain_name (~> 0.5)
|
57
|
-
i18n (1.14.
|
43
|
+
i18n (1.14.4)
|
58
44
|
concurrent-ruby (~> 1.0)
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
reline (>= 0.4.2)
|
63
|
-
json (2.7.1)
|
64
|
-
jwt (2.7.1)
|
45
|
+
json (2.7.2)
|
46
|
+
jwt (2.8.1)
|
47
|
+
base64
|
65
48
|
language_server-protocol (3.17.0.3)
|
66
49
|
mime-types (3.5.2)
|
67
50
|
mime-types-data (~> 3.2015)
|
68
|
-
mime-types-data (3.
|
69
|
-
minitest (5.
|
70
|
-
multi_json (1.15.0)
|
51
|
+
mime-types-data (3.2024.0305)
|
52
|
+
minitest (5.22.3)
|
71
53
|
mutex_m (0.2.0)
|
72
54
|
netrc (0.11.0)
|
73
55
|
optimist (3.1.0)
|
74
56
|
parallel (1.24.0)
|
75
|
-
parser (3.3.0.
|
57
|
+
parser (3.3.0.5)
|
76
58
|
ast (~> 2.4.1)
|
77
59
|
racc
|
78
60
|
patience_diff (1.2.0)
|
79
61
|
optimist (~> 3.0)
|
80
|
-
|
81
|
-
stringio
|
82
|
-
public_suffix (5.0.4)
|
62
|
+
public_suffix (5.0.5)
|
83
63
|
racc (1.7.3)
|
84
|
-
rack (3.0.
|
64
|
+
rack (3.0.10)
|
85
65
|
rack-test (2.1.0)
|
86
66
|
rack (>= 1.3)
|
87
67
|
rainbow (3.1.1)
|
88
|
-
rake (13.1.0)
|
89
|
-
rdoc (6.6.2)
|
90
|
-
psych (>= 4.0.0)
|
91
68
|
regexp_parser (2.9.0)
|
92
|
-
reline (0.4.2)
|
93
|
-
io-console (~> 0.5)
|
94
69
|
rest-client (2.1.0)
|
95
70
|
http-accept (>= 1.7.0, < 2.0)
|
96
71
|
http-cookie (>= 1.0.2, < 2.0)
|
@@ -99,20 +74,20 @@ GEM
|
|
99
74
|
retryable (3.0.5)
|
100
75
|
rexml (3.2.6)
|
101
76
|
rotp (6.3.0)
|
102
|
-
rspec (3.
|
103
|
-
rspec-core (~> 3.
|
104
|
-
rspec-expectations (~> 3.
|
105
|
-
rspec-mocks (~> 3.
|
106
|
-
rspec-core (3.
|
107
|
-
rspec-support (~> 3.
|
108
|
-
rspec-expectations (3.
|
77
|
+
rspec (3.13.0)
|
78
|
+
rspec-core (~> 3.13.0)
|
79
|
+
rspec-expectations (~> 3.13.0)
|
80
|
+
rspec-mocks (~> 3.13.0)
|
81
|
+
rspec-core (3.13.0)
|
82
|
+
rspec-support (~> 3.13.0)
|
83
|
+
rspec-expectations (3.13.0)
|
109
84
|
diff-lcs (>= 1.2.0, < 2.0)
|
110
|
-
rspec-support (~> 3.
|
111
|
-
rspec-mocks (3.
|
85
|
+
rspec-support (~> 3.13.0)
|
86
|
+
rspec-mocks (3.13.0)
|
112
87
|
diff-lcs (>= 1.2.0, < 2.0)
|
113
|
-
rspec-support (~> 3.
|
114
|
-
rspec-support (3.
|
115
|
-
rubocop (1.
|
88
|
+
rspec-support (~> 3.13.0)
|
89
|
+
rspec-support (3.13.1)
|
90
|
+
rubocop (1.63.2)
|
116
91
|
json (~> 2.3)
|
117
92
|
language_server-protocol (>= 3.17.0)
|
118
93
|
parallel (~> 1.10)
|
@@ -120,20 +95,19 @@ GEM
|
|
120
95
|
rainbow (>= 2.2.2, < 4.0)
|
121
96
|
regexp_parser (>= 1.8, < 3.0)
|
122
97
|
rexml (>= 3.2.5, < 4.0)
|
123
|
-
rubocop-ast (>= 1.
|
98
|
+
rubocop-ast (>= 1.31.1, < 2.0)
|
124
99
|
ruby-progressbar (~> 1.7)
|
125
100
|
unicode-display_width (>= 2.4.0, < 3.0)
|
126
|
-
rubocop-ast (1.
|
127
|
-
parser (>= 3.
|
128
|
-
rubocop-rails (2.
|
101
|
+
rubocop-ast (1.31.2)
|
102
|
+
parser (>= 3.3.0.4)
|
103
|
+
rubocop-rails (2.24.1)
|
129
104
|
activesupport (>= 4.2.0)
|
130
105
|
rack (>= 1.1)
|
131
106
|
rubocop (>= 1.33.0, < 2.0)
|
132
|
-
rubocop-ast (>= 1.
|
107
|
+
rubocop-ast (>= 1.31.1, < 2.0)
|
133
108
|
ruby-progressbar (1.13.0)
|
134
|
-
ruby2_keywords (0.0.5)
|
135
109
|
rubyzip (2.3.2)
|
136
|
-
selenium-webdriver (4.
|
110
|
+
selenium-webdriver (4.19.0)
|
137
111
|
base64 (~> 0.2)
|
138
112
|
rexml (~> 3.2, >= 3.2.5)
|
139
113
|
rubyzip (>= 1.2.2, < 3.0)
|
@@ -142,63 +116,34 @@ GEM
|
|
142
116
|
docile (~> 1.1)
|
143
117
|
simplecov-html (~> 0.11)
|
144
118
|
simplecov_json_formatter (~> 0.1)
|
145
|
-
simplecov-cobertura (2.1.0)
|
146
|
-
rexml
|
147
|
-
simplecov (~> 0.19)
|
148
119
|
simplecov-html (0.12.3)
|
149
120
|
simplecov_json_formatter (0.1.4)
|
150
|
-
|
151
|
-
super_diff (0.10.0)
|
121
|
+
super_diff (0.11.0)
|
152
122
|
attr_extras (>= 6.2.4)
|
153
123
|
diff-lcs
|
154
124
|
patience_diff
|
155
|
-
sync (0.5.0)
|
156
|
-
term-ansicolor (1.7.1)
|
157
|
-
tins (~> 1.0)
|
158
|
-
terminal-notifier-guard (1.7.0)
|
159
|
-
thor (1.3.0)
|
160
|
-
timecop (0.9.8)
|
161
|
-
tins (1.32.1)
|
162
|
-
sync
|
163
125
|
tzinfo (2.0.6)
|
164
126
|
concurrent-ruby (~> 1.0)
|
165
127
|
unicode-display_width (2.5.0)
|
166
|
-
webmock (3.19.1)
|
167
|
-
addressable (>= 2.8.0)
|
168
|
-
crack (>= 0.3.2)
|
169
|
-
hashdiff (>= 0.4.0, < 2.0.0)
|
170
128
|
websocket (1.2.10)
|
171
129
|
zache (0.13.1)
|
172
130
|
|
173
131
|
PLATFORMS
|
174
|
-
arm64-darwin-22
|
175
132
|
arm64-darwin-23
|
176
|
-
x86_64-darwin-23
|
177
133
|
x86_64-linux
|
178
134
|
|
179
135
|
DEPENDENCIES
|
180
|
-
bundler
|
181
|
-
concurrent-ruby (~> 1.1)
|
182
|
-
coveralls
|
183
136
|
descope!
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
rubocop-rails
|
195
|
-
selenium-webdriver
|
196
|
-
simplecov (~> 0.9)
|
197
|
-
simplecov-cobertura
|
198
|
-
super_diff
|
199
|
-
terminal-notifier-guard
|
200
|
-
timecop
|
201
|
-
webmock
|
137
|
+
factory_bot (= 6.4.6)
|
138
|
+
faker
|
139
|
+
rack-test (= 2.1.0)
|
140
|
+
rotp (= 6.3.0)
|
141
|
+
rspec (= 3.13.0)
|
142
|
+
rubocop (= 1.63.2)
|
143
|
+
rubocop-rails (= 2.24.1)
|
144
|
+
selenium-webdriver (= 4.19.0)
|
145
|
+
simplecov (= 0.22.0)
|
146
|
+
super_diff (= 0.11.0)
|
202
147
|
|
203
148
|
BUNDLED WITH
|
204
|
-
2.
|
149
|
+
2.5.6
|
data/README.md
CHANGED
@@ -1,8 +1,3 @@
|
|
1
|
-
Descope SDK for Ruby
|
2
|
-
|
3
|
-
|
4
|
-
The Descope SDK for Ruby provides convenient access to the Descope user management and authentication API for a backend written in Ruby. You can read more on the Descope Website.
|
5
|
-
|
6
1
|
# Descope SDK for Ruby
|
7
2
|
|
8
3
|
The Descope SDK for Ruby provides convenient access to the Descope user management and authentication API
|
@@ -36,6 +31,13 @@ descope_client = Descope::Client.new(
|
|
36
31
|
)
|
37
32
|
```
|
38
33
|
|
34
|
+
### Important Logging note
|
35
|
+
You may pass `log_level: 'debug'` to the client config or use `DESCOPE_LOG_LEVEL` env var.
|
36
|
+
Be aware that only the management key is truncated, and the JWT responses are printed on debug
|
37
|
+
|
38
|
+
Do not run with log level debug on Production!
|
39
|
+
|
40
|
+
|
39
41
|
## Authentication Methods
|
40
42
|
These sections show how to use the SDK to perform various authentication/authorization functions:
|
41
43
|
|
@@ -65,7 +67,7 @@ These sections show how to use the SDK to perform permission and user management
|
|
65
67
|
8. [Manage Flows](#manage-flows-and-theme)
|
66
68
|
9. [Manage JWTs](#manage-jwts)
|
67
69
|
10. [Embedded links](#embedded-links)
|
68
|
-
11. [
|
70
|
+
11. [Audit](#audit)
|
69
71
|
12. [Manage ReBAC Authz](#manage-rebac-authz)
|
70
72
|
13. [Manage Project](#manage-project)
|
71
73
|
|
@@ -77,7 +79,7 @@ For rate limiting information, please confer to the [API Rate Limits](#api-rate-
|
|
77
79
|
|
78
80
|
### OTP Authentication
|
79
81
|
|
80
|
-
Send a user a one-time password (OTP) using your preferred delivery method (
|
82
|
+
Send a user a one-time password (OTP) using your preferred delivery method (email/SMS/Voice call). An email address or phone number must be provided accordingly.
|
81
83
|
|
82
84
|
The user can either `sign up`, `sign in` or `sign up or in`
|
83
85
|
|
@@ -385,7 +387,7 @@ containing the session and refresh tokens, as well as all of the JWT claims.
|
|
385
387
|
Make sure to return the tokens from the response to the client, or updated the cookie if you're using it.
|
386
388
|
|
387
389
|
Usually, the tokens can be passed in and out via HTTP headers or via a cookie.
|
388
|
-
The implementation can defer according to your framework of choice. See our [
|
390
|
+
The implementation can defer according to your framework of choice. See our [examples](#code-examples) for a few examples.
|
389
391
|
|
390
392
|
If Roles & Permissions are used, validate them immediately after validating the session. See the [next section](#roles--permission-validation)
|
391
393
|
for more information.
|
@@ -614,13 +616,15 @@ end
|
|
614
616
|
|
615
617
|
#### Set or Expire User Password
|
616
618
|
|
617
|
-
You can set
|
618
|
-
|
619
|
-
The user will not be able log-in using an expired password, and will be required replace it on next login.
|
619
|
+
You can set a new active password for a user, which they can then use to sign in. You can also set a temporary
|
620
|
+
password that the user will be forced to change on the next login.
|
620
621
|
|
621
622
|
```ruby
|
623
|
+
# Set a user's temporary password
|
624
|
+
descope_client.set_temporary_password(login_id: '<login-id>', password: '<some-password>');
|
625
|
+
|
622
626
|
# Set a user's password
|
623
|
-
descope_client.
|
627
|
+
descope_client.set_active_password(login_id: '<login-id>', password: '<some-password>');
|
624
628
|
|
625
629
|
# Or alternatively, expire a user password
|
626
630
|
descope_client.expire_password('<login-id>')
|
@@ -633,12 +637,14 @@ You can create, update, delete or load access keys, as well as search according
|
|
633
637
|
```ruby
|
634
638
|
# An access key must have a name and expiration, other fields are optional.
|
635
639
|
# Roles should be set directly if no tenants exist, otherwise set
|
636
|
-
# on a per-tenant basis.
|
640
|
+
# on a per-tenant basis. If custom_claims supplied they will be presented on the jwt.
|
641
|
+
# If customClaims is supplied, then those claims will be present in the JWT returned by calls to ExchangeAccessKey.
|
637
642
|
associated_tenants = [{ tenant_id: 'tenant_id1', role_names: %w[role_name1 role_name2] }]
|
638
643
|
create_resp = descope_client.create_access_key(
|
639
644
|
name: 'name',
|
640
645
|
expire_time: 1677844931,
|
641
|
-
key_tenants: associated_tenants
|
646
|
+
key_tenants: associated_tenants,
|
647
|
+
custom_claims: {'k1': 'v1'}
|
642
648
|
)
|
643
649
|
key = create_resp['key']
|
644
650
|
cleartext = create_resp['cleartext'] # make sure to save the returned cleartext securely. It will not be returned again.
|
@@ -738,6 +744,7 @@ descope_client.create_role(
|
|
738
744
|
name: 'My Role',
|
739
745
|
description: 'Optional description to briefly explain what this role allows.',
|
740
746
|
permission_names: ['My Updated Permission'],
|
747
|
+
tenant_id: 'Optionally scope this role for this specific tenant. If left empty, the role will be available to all tenants.'
|
741
748
|
)
|
742
749
|
|
743
750
|
# Update will override all fields as is. Use carefully.
|
@@ -745,11 +752,12 @@ descope_client.update_role(
|
|
745
752
|
name: 'My Role',
|
746
753
|
new_name: 'My Updated Role',
|
747
754
|
description: 'A revised description',
|
748
|
-
permission_names: ['My Updated Permission', 'Another Permission']
|
755
|
+
permission_names: ['My Updated Permission', 'Another Permission'],
|
756
|
+
tenant_id: 'The tenant ID to which this role is associated, leave empty, if role is a global one'
|
749
757
|
)
|
750
758
|
|
751
759
|
# Role deletion cannot be undone. Use carefully.
|
752
|
-
descope_client.delete_role('My Updated Role')
|
760
|
+
descope_client.delete_role(name: 'My Updated Role', tenant_id: 'The tenant ID to which this role is associated, leave empty, if role is a global one')
|
753
761
|
|
754
762
|
# Load all roles
|
755
763
|
roles_resp = descope_client.load_all_roles()
|
@@ -760,6 +768,20 @@ roles = roles_resp['roles']
|
|
760
768
|
#
|
761
769
|
```
|
762
770
|
|
771
|
+
# Search roles
|
772
|
+
roles_resp = descope_client.search_roles(
|
773
|
+
names: ['role1', 'role2'], # Search for roles with the names 'role1' and 'role2'
|
774
|
+
role_name_like: 'role', # Search for roles that contain the string 'role'
|
775
|
+
tenant_ids: ['tenant1', 'tenant2'], # Search for roles that are associated with the tenants 'tenant1' and 'tenant2'
|
776
|
+
permission_names: ['permission1', 'permission2'] # Search for roles that have the permissions 'permission1' and 'permission2'
|
777
|
+
)
|
778
|
+
|
779
|
+
roles = roles_resp['roles']
|
780
|
+
roles.each do |role|
|
781
|
+
# Do something
|
782
|
+
end
|
783
|
+
```
|
784
|
+
|
763
785
|
### Manage Flows and Theme
|
764
786
|
|
765
787
|
You can list your flows and also import and export flows and screens, or the project theme:
|
@@ -849,7 +871,7 @@ This token can then be verified using the magic link 'verify' function, either d
|
|
849
871
|
token = descope_client.generate_embedded_link(login_id: 'desmond@descope.com', custom_claims: {'key1':'value1'})
|
850
872
|
```
|
851
873
|
|
852
|
-
###
|
874
|
+
### Audit
|
853
875
|
|
854
876
|
You can perform an audit search for either specific values or full-text across the fields. Audit search is limited to the last 30 days.
|
855
877
|
Below are some examples. For a full list of available search criteria options, see the function documentation.
|
@@ -876,6 +898,21 @@ audits = descope_client.audit_search(
|
|
876
898
|
audits = descope_client.audit_search(actions: ['LoginSucceed'])
|
877
899
|
```
|
878
900
|
|
901
|
+
You can also create audit event with data
|
902
|
+
|
903
|
+
```ruby
|
904
|
+
descope_client.audit_create_event(
|
905
|
+
actor_id: "UXXX", # required, for example a user ID
|
906
|
+
tenant_id: "tenant-id", # required
|
907
|
+
action: "pencil.created", # required
|
908
|
+
type: "info", # either: info/warn/error # required
|
909
|
+
data: {
|
910
|
+
pencil_id: "PXXX",
|
911
|
+
pencil_name: "Pencil Name"
|
912
|
+
} # optional
|
913
|
+
)
|
914
|
+
```
|
915
|
+
|
879
916
|
### Manage ReBAC Authz
|
880
917
|
|
881
918
|
Descope supports full relation based access control (ReBAC) using a [Google Zanzibar](https://research.google/pubs/pub48190/) like schema and operations.
|
@@ -1132,9 +1169,9 @@ end
|
|
1132
1169
|
# This variable indicates how many seconds until the next valid API call can take place.
|
1133
1170
|
```
|
1134
1171
|
|
1135
|
-
## Code
|
1172
|
+
## Code Examples
|
1136
1173
|
|
1137
|
-
You can find various usage
|
1174
|
+
You can find various usage examples in the [examples folder](https://github.com/descope/ruby-sdk/blob/main/examples).
|
1138
1175
|
|
1139
1176
|
## Run Locally
|
1140
1177
|
|
data/descope.gemspec
CHANGED
@@ -1,34 +1,39 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
2
|
$LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
3
3
|
require 'descope/version'
|
4
|
+
version = Descope::VERSION
|
4
5
|
|
5
6
|
Gem::Specification.new do |s|
|
6
|
-
s.
|
7
|
-
s.
|
8
|
-
s.
|
9
|
-
s.
|
10
|
-
s.
|
11
|
-
|
12
|
-
s.
|
7
|
+
s.platform = Gem::Platform::RUBY
|
8
|
+
s.name = "descope"
|
9
|
+
s.version = version
|
10
|
+
s.summary = "Descope Ruby API Client"
|
11
|
+
s.description = "Ruby API Client for Descope API https://descope.com"
|
12
|
+
|
13
|
+
s.required_ruby_version = ">= 3.3.0"
|
14
|
+
s.required_rubygems_version = ">= 3.5"
|
15
|
+
|
16
|
+
s.author = "Descope Inc."
|
17
|
+
s.email = "support@descope.com"
|
18
|
+
s.homepage = "https://github.com/descope/descope-ruby-sdk"
|
19
|
+
|
20
|
+
s.license = "MIT"
|
13
21
|
|
14
22
|
s.files = `git ls-files`.split("\n")
|
15
23
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
16
24
|
s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
|
17
25
|
s.require_paths = ['lib']
|
18
26
|
|
19
|
-
s.
|
20
|
-
|
21
|
-
|
27
|
+
s.metadata = {
|
28
|
+
"bug_tracker_uri" => "https://github.com/descope/descope-ruby-sdk/issues",
|
29
|
+
"changelog_uri" => "https://github.com/descope/descope-ruby-sdk/releases/tag/#{version}",
|
30
|
+
"documentation_uri" => "https://docs.descope.com",
|
31
|
+
"source_code_uri" => "https://github.com/descope/descope-ruby-sdk/tree/#{version}",
|
32
|
+
}
|
33
|
+
|
22
34
|
s.add_runtime_dependency 'addressable', '~> 2.8'
|
35
|
+
s.add_runtime_dependency 'jwt', '~> 2.7'
|
36
|
+
s.add_runtime_dependency 'rest-client', '~> 2.1'
|
23
37
|
s.add_runtime_dependency 'retryable', '~> 3.0'
|
24
|
-
|
25
|
-
s.add_development_dependency 'bundler'
|
26
|
-
s.add_development_dependency 'rake', '~> 13.0'
|
27
|
-
s.add_development_dependency 'fuubar', '~> 2.0'
|
28
|
-
s.add_development_dependency 'rspec', '~> 3.11'
|
29
|
-
s.add_development_dependency 'simplecov', '~> 0.9'
|
30
|
-
s.add_development_dependency 'faker', '~> 2.0'
|
31
|
-
s.add_development_dependency "super_diff", "~> 1.0"
|
32
|
-
s.add_development_dependency 'concurrent-ruby', '~> 1.1'
|
33
|
-
s.license = 'MIT'
|
38
|
+
s.add_runtime_dependency 'zache', '~> 0.12'
|
34
39
|
end
|
@@ -0,0 +1 @@
|
|
1
|
+
3.3.0
|
@@ -1,6 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require_relative './version_check'
|
4
5
|
require 'descope'
|
5
6
|
|
6
7
|
@logger = Logger.new($stdout)
|
@@ -11,7 +12,6 @@ require 'descope'
|
|
11
12
|
@logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
|
12
13
|
|
13
14
|
@client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
|
14
|
-
|
15
15
|
access_key = nil
|
16
16
|
|
17
17
|
begin
|
@@ -23,17 +23,20 @@ begin
|
|
23
23
|
end
|
24
24
|
|
25
25
|
begin
|
26
|
-
|
26
|
+
login_options = {
|
27
|
+
customClaims: { "k1": 'v1' }
|
28
|
+
}
|
29
|
+
jwt_response = @client.exchange_access_key(access_key: access_key, login_options: login_options)
|
27
30
|
@logger.info('exchange access key successfully')
|
28
31
|
@logger.info("jwt_response: #{jwt_response}")
|
29
32
|
|
30
33
|
permission_name = 'TestPermission'
|
31
34
|
permission_presented = @client.validate_permissions(
|
32
|
-
jwt_response
|
35
|
+
jwt_response: jwt_response, permissions: [permission_name]
|
33
36
|
)
|
34
37
|
@logger.info("#{permission_name} presented on the jwt: [#{permission_presented}]")
|
35
38
|
role_name = 'TestRole'
|
36
|
-
role_presented = @client.validate_roles(jwt_response
|
39
|
+
role_presented = @client.validate_roles(jwt_response: jwt_response, roles: [role_name])
|
37
40
|
@logger.info("#{role_name} presented on the jwt: [#{role_presented}]")
|
38
41
|
rescue Descope::AuthException => e
|
39
42
|
@logger.error("Failed to exchange access key #{e}")
|