descope 1.0.4 → 1.0.6

data/lib/descope/api/v1/auth/otp.rb

@@ -10,10 +10,11 @@ module Descope
           include Descope::Mixins::Common::EndpointsV1
           include Descope::Mixins::Common::EndpointsV2
 
-          def otp_sign_in(method: nil, login_id: nil, login_options: nil, refresh_token: nil,  provider_id: nil,
+          def otp_sign_in(method: nil, login_id: nil, login_options: nil, refresh_token: nil, provider_id: nil,
                           template_id: nil, sso_app_id: nil)
-            # Sign in (log in) an existing user with the unique login_id you provide. (See 'sign_up' function for an explanation of the
-            # login_id field.) Provide the DeliveryMethod required for this user. If the login_id value cannot be used for the
+            # Sign in (log in) an existing user with the unique login_id you provide.
+            # The login_id field is used to identify the user. It can be an email address or a phone number.
+            # Provide the DeliveryMethod required for this user. If the login_id value cannot be used for the
             # DeliverMethod selected (for example, 'login_id = 4567qq445km' and 'DeliveryMethod = email')
             validate_login_id(login_id)
             uri = otp_compose_signin_url(method)
@@ -23,12 +24,15 @@ module Descope
           end
 
           def otp_sign_up(method: nil, login_id: nil, user: {}, provider_id: nil, template_id: nil)
-            #  Sign up (create) a new user using their email or phone number. Choose a delivery method for OTP
-            #  verification, for example email, SMS, or WhatsApp.
+            #  Sign up (create) a new user using their email or phone number.
+            #  The login_id field is used to identify the user. It can be an email address or a phone number.
+            #  Choose a delivery method for OTP verification, for example email, SMS, or Voice.
             #  (optional) Include additional user metadata that you wish to preserve.
-            user ||= {}
+            validate_login_id(login_id)
 
-            raise AuthException unless adjust_and_verify_delivery_method(method, login_id, user)
+            unless adjust_and_verify_delivery_method(method, login_id, user)
+              raise Descope::AuthException.new('Could not verify delivery method', code: 400)
+            end
 
             uri = otp_compose_signup_url(method)
             body = otp_compose_signup_body(method, login_id, user, provider_id, template_id)
@@ -38,9 +42,11 @@ module Descope
 
           def otp_sign_up_or_in(method: nil, login_id: nil, login_options: nil, provider_id: nil, template_id: nil,
                                 sso_app_id: nil)
-            #  Sign_up_or_in lets you handle both sign up and sign in with a single call. Sign-up_or_in will first
-            #  determine if login_id is a new or existing end user. If login_id is new, a new end user user will be
-            #  created and then authenticated using the OTP DeliveryMethod specified.
+            #  Sign_up_or_in lets you handle both sign up and sign in with a single call.
+            #  The login_id field is used to identify the user. It can be an email address or a phone number.
+            #  Sign-up_or_in will first determine if login_id is a new or existing end user.
+            #  If login_id is new, a new end user user will be created and then authenticated using the
+            #  OTP DeliveryMethod specified.
             #  If login_id exists, the end user will be authenticated using the OTP DeliveryMethod specified.
             validate_login_id(login_id)
             uri = otp_compose_sign_up_or_in_url(method)
@@ -81,9 +87,10 @@ module Descope
             method: nil, login_id: nil, phone: nil, refresh_token: nil, add_to_login_ids: false,
             on_merge_use_existing: false, provider_id: nil, template_id: nil
           )
-            # Update the phone number of an existing end user, after verifying the authenticity of the end user using OTP.
+            # Update the phone number of an existing end user, after verifying the authenticity of the end user using OTP
             validate_login_id(login_id)
             validate_phone(method, phone)
+
             uri = otp_compose_update_phone_url(method)
             request_params = {
               loginId: login_id,
@@ -127,7 +134,7 @@ module Descope
           # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
           def otp_compose_signup_body(method, login_id, user, provider_id, template_id)
             body = {
-              loginId: login_id,
+              loginId: login_id
             }
 
             unless user.nil?
@@ -167,7 +174,8 @@ module Descope
           end
 
           private
-          def otp_user_compose_update_body(login_id: nil, name: nil, phone: nil, email: nil, given_name: nil, middle_name: nil, family_name: nil)
+          def otp_user_compose_update_body(login_id: nil, name: nil, phone: nil, email: nil, given_name: nil,
+                                           middle_name: nil, family_name: nil)
             user = {}
             user[:loginId] = login_id if login_id
             user[:name] = name if name
@@ -176,7 +184,6 @@ module Descope
             user[:givenName] = given_name if given_name
             user[:middleName] = middle_name if middle_name
             user[:familyName] = family_name if family_name
-
             user
           end
         end

data/lib/descope/api/v1/auth.rb

@@ -41,8 +41,21 @@ module Descope
           jwt_response
         end
 
-        def exchange_access_key(access_key = nil)
-          post(EXCHANGE_AUTH_ACCESS_KEY_PATH, {}, {}, access_key)
+        def exchange_access_key(access_key: nil, login_options: {}, audience: nil)
+          # Return a new session token for the given access key
+          #   Args:
+          #     access_key (str): The access key
+          #     audience (str|Iterable[str]|nil): Optional recipients that the JWT is intended for
+          #              (must be equal to the 'aud' claim on the provided token)
+          #     login_options (hash): Optional advanced controls over login parameters
+          #     Return value (Hash): returns the session token from the server together with the expiry and key id
+          #                          (sessionToken:Hash, keyId:str, expiration:int)
+          unless (access_key.is_a?(String) || access_key.nil?) && !access_key.to_s.empty?
+            raise AuthException.new('Access key should be a string!', code: 400)
+          end
+
+          res = post(EXCHANGE_AUTH_ACCESS_KEY_PATH, { loginOptions: login_options, audience: }, {}, access_key)
+          generate_auth_info(res, nil, false, audience)
         end
 
         def select_tenant(tenant_id: nil, refresh_token: nil)
@@ -223,16 +236,18 @@ module Descope
 
           # validate the session token if sessionJwt is not empty
           st_jwt = response_body.fetch('sessionJwt', '')
-          if st_jwt
-            jwt_response[SESSION_TOKEN_NAME] = validate_token(st_jwt, audience)
+          unless st_jwt.empty?
+            @logger.debug "validating session token with refresh_token: #{refresh_token}" if st_jwt
+            jwt_response[SESSION_TOKEN_NAME] = validate_token(st_jwt, audience) if st_jwt
           end
 
           # validate refresh token if refresh_token was passed or if refreshJwt is not empty
           rt_jwt = response_body.fetch('refreshJwt', '')
 
-          if refresh_token
+          if !refresh_token.nil? || !refresh_token.to_s.empty?
+            @logger.debug "validating refresh token: #{refresh_token}" if refresh_token
             jwt_response[REFRESH_SESSION_TOKEN_NAME] = validate_token(refresh_token, audience)
-          elsif rt_jwt
+          elsif !rt_jwt.empty?
             jwt_response[REFRESH_SESSION_TOKEN_NAME] = validate_token(rt_jwt, audience)
           end
 
@@ -392,6 +407,7 @@ module Descope
           login_id = {
             DeliveryMethod::WHATSAPP => ['whatsapp', user.fetch(:phone, '')],
             DeliveryMethod::SMS => ['phone', user.fetch(:phone, '')],
+            DeliveryMethod::VOICE => ['phone', user.fetch(:phone, '')],
             DeliveryMethod::EMAIL => ['email', user.fetch(:email, '')]
           }[method]
 
@@ -401,34 +417,30 @@ module Descope
         end
 
         def adjust_and_verify_delivery_method(method, login_id, user)
-          return false if login_id.nil?
+          @logger.debug("adjust_and_verify_delivery_method:  method: #{method}, login_id: #{login_id}, user: #{user}")
+          raise AuthException.new("Could not verify delivery method for method: #{method}", code: 400) if method.nil?
+          raise AuthException.new('Could not verify delivery method without login_id', code: 400) if login_id.nil?
 
-          return false unless user.is_a?(Hash)
+          unless user.is_a?(Hash)
+            raise AuthException.new('Could not verify delivery method, user is not a Hash', code: 400)
+          end
 
           case method
           when DeliveryMethod::EMAIL
-            user[:email] ||= login_id
-            begin
-              validate_email(user[:email])
-              return true
-            rescue AuthException
-              return false
-            end
-          when DeliveryMethod::SMS
-            user[:phone] ||= login_id
-            return false unless /^#{PHONE_REGEX}$/.match(user[:phone])
-          when DeliveryMethod::WHATSAPP
-            user[:phone] ||= login_id
-            return false unless /^#{PHONE_REGEX}$/.match(user[:phone])
+            validate_email(login_id)
+            @logger.debug("email: #{login_id} is valid")
+            true
+          when DeliveryMethod::SMS, DeliveryMethod::WHATSAPP, DeliveryMethod::VOICE
+            validate_phone(method, login_id)
+            @logger.debug("phone number (login_id): #{login_id} is valid")
+            true
           else
-            return false
+            false
           end
-
-          true
         end
 
         def extract_masked_address(response, method)
-          if [DeliveryMethod::SMS, DeliveryMethod::WHATSAPP].include?(method)
+          if [DeliveryMethod::SMS, DeliveryMethod::WHATSAPP, DeliveryMethod::VOICE].include?(method)
             response['maskedPhone']
           elsif method == DeliveryMethod::EMAIL
             response['maskedEmail']

data/lib/descope/api/v1/management/access_key.rb

@@ -9,22 +9,23 @@ module Descope
           include Descope::Mixins::Validation
           include Descope::Api::V1::Management::Common
 
-          def create_access_key(name: nil, expire_time: nil, role_names: nil, key_tenants: nil)
+          def create_access_key(name: nil, expire_time: nil, role_names: nil, key_tenants: nil, custom_claims: nil)
             # Create a new access key.'
             # @see https://docs.descope.com/api/openapi/accesskeymanagement/operation/CreateAccessKey/
 
             role_names ||= []
             key_tenants ||= []
             validate_tenants(key_tenants)
-            post(ACCESS_KEY_CREATE_PATH, access_key_compose_create_body(name, expire_time, role_names, key_tenants))
+            post(ACCESS_KEY_CREATE_PATH, access_key_compose_create_body(name, expire_time, role_names, key_tenants, custom_claims))
           end
 
-          def access_key_compose_create_body(name, expire_time, role_names, key_tenants)
+          def access_key_compose_create_body(name, expire_time, role_names, key_tenants, custom_claims)
             {
               name:,
               expireTime: expire_time,
               roleNames: role_names,
-              keyTenants: associated_tenants_to_hash_array(key_tenants)
+              keyTenants: associated_tenants_to_hash_array(key_tenants),
+              customClaims: custom_claims
             }
           end
 

data/lib/descope/api/v1/management/audit.rb

@@ -58,6 +58,30 @@ module Descope
             { 'audits' => res['audits'].map { |audit| convert_audit_record(audit) } }
           end
 
+          def audit_create_event(action: nil, type: nil, data: nil, user_id: nil, actor_id: nil, tenant_id: nil)
+            # Create an audit event
+            unless %w[info warn error].include?(type)
+              raise Descope::AuthException, 'type must be either info, warn or error'
+            end
+
+            # validation
+            raise Descope::AuthException, 'data must be provided as a key, value Hash' unless data.is_a?(Hash)
+            raise Descope::AuthException, 'action must be provided' if action.nil?
+            raise Descope::AuthException, 'actor_id must be provided' if actor_id.nil?
+            raise Descope::AuthException, 'tenant_id must be provided' if tenant_id.nil?
+
+            request_params = {
+              action:,
+              tenantId: tenant_id,
+              type:,
+              actorId: actor_id,
+              data:
+            }
+            request_params[:userId] = user_id unless user_id.nil?
+
+            post(AUDIT_CREATE_EVENT, request_params)
+          end
+
           private
 
           def convert_audit_record(audit)

data/lib/descope/api/v1/management/common.rb

@@ -15,7 +15,7 @@ module Descope
           TENANT_SEARCH_ALL_PATH = '/v1/mgmt/tenant/search'
           PASSWORD_SETTINGS_PATH = '/v1/mgmt/password/settings'
 
-          # userUSER_CREATE_PATH
+          # user
           USER_CREATE_PATH = '/v1/mgmt/user/create'
           USER_CREATE_BATCH_PATH = '/v1/mgmt/user/create/batch'
           USER_UPDATE_PATH = '/v1/mgmt/user/update'
@@ -34,6 +34,8 @@ module Descope
           USER_UPDATE_CUSTOM_ATTRIBUTE_PATH = '/v1/mgmt/user/update/customAttribute'
           USER_ADD_ROLE_PATH = '/v1/mgmt/user/update/role/add'
           USER_REMOVE_ROLE_PATH = '/v1/mgmt/user/update/role/remove'
+          USER_SET_TEMPORARY_PASSWORD_PATH = '/v1/mgmt/user/password/set/temporary'
+          USER_SET_ACTIVE_PASSWORD_PATH = '/v1/mgmt/user/password/set/active'
           USER_SET_PASSWORD_PATH = '/v1/mgmt/user/password/set'
           USER_EXPIRE_PASSWORD_PATH = '/v1/mgmt/user/password/expire'
           USER_ADD_TENANT_PATH = '/v1/mgmt/user/update/tenant/add'
@@ -80,6 +82,7 @@ module Descope
           ROLE_UPDATE_PATH = '/v1/mgmt/role/update'
           ROLE_DELETE_PATH = '/v1/mgmt/role/delete'
           ROLE_LOAD_ALL_PATH = '/v1/mgmt/role/all'
+          ROLE_SEARCH_PATH = '/v1/mgmt/role/search'
 
           # flow
           FLOW_LIST_PATH = '/v1/mgmt/flow/list'
@@ -97,6 +100,7 @@ module Descope
 
           # Audit
           AUDIT_SEARCH = '/v1/mgmt/audit/search'
+          AUDIT_CREATE_EVENT = '/v1/mgmt/audit/event'
 
           # Authz ReBAC
           AUTHZ_SCHEMA_SAVE = '/v1/mgmt/authz/schema/save'

data/lib/descope/api/v1/management/role.rb

@@ -8,18 +8,19 @@ module Descope
         module Role
           include Descope::Api::V1::Management::Common
 
-          def create_role(name: nil, description: nil, permission_names: nil)
+          def create_role(name: nil, description: nil, permission_names: nil, tenant_id: nil)
             # Create a new role.
             permission_names ||= []
             request_params = {
               name:,
               description:,
-              permissionNames: permission_names
+              permissionNames: permission_names,
+              tenantId: tenant_id
             }
             post(ROLE_CREATE_PATH, request_params)
           end
 
-          def update_role(name: nil, new_name: nil, description: nil, permission_names: nil)
+          def update_role(name: nil, new_name: nil, description: nil, permission_names: nil, tenant_id: nil)
             # Update an existing role with the given various fields. IMPORTANT: All parameters are used as overrides
             # to the existing role. Empty fields will override populated fields. Use carefully.
             permission_names ||= []
@@ -27,20 +28,35 @@ module Descope
               name:,
               newName: new_name,
               description:,
-              permissionNames: permission_names
+              permissionNames: permission_names,
+              tenantId: tenant_id
             }
             post(ROLE_UPDATE_PATH, request_params)
           end
 
-          def delete_role(name)
+          def delete_role(name: nil, tenant_id: nil)
             # Delete an existing role. IMPORTANT: This action is irreversible. Use carefully.
-            post(ROLE_DELETE_PATH, { name: })
+            raise Descope::ArgumentError, 'name is required' if name.nil? || name.empty?
+
+            request_params = { name: }
+            request_params[:tenantId] = tenant_id if tenant_id
+            post(ROLE_DELETE_PATH, request_params)
           end
 
           def load_all_roles
             # Load all roles.
             get(ROLE_LOAD_ALL_PATH)
           end
+
+          def search_roles(role_names: nil, tenant_ids: nil, role_name_like: nil, permission_names: nil)
+            # Search for roles using the given parameters.
+            request_params = {}
+            request_params[:roleNames] = role_names if role_names
+            request_params[:tenantIds] = tenant_ids if tenant_ids
+            request_params[:roleNameLike] = role_name_like if role_name_like
+            request_params[:permissionNames] = permission_names if permission_names
+            post(ROLE_SEARCH_PATH, request_params)
+          end
         end
       end
     end

data/lib/descope/api/v1/management/user.rb

@@ -385,6 +385,23 @@ module Descope
             post(Common::USER_REMOVE_TENANT_PATH, body)
           end
 
+          def set_temporary_password(login_id: nil, password: nil)
+            body = {
+              loginId: login_id,
+              password:
+            }
+            post(Common::USER_SET_TEMPORARY_PASSWORD_PATH, body)
+          end
+
+          def set_active_password(login_id: nil, password: nil)
+            body = {
+              loginId: login_id,
+              password:
+            }
+            post(Common::USER_SET_ACTIVE_PASSWORD_PATH, body)
+          end
+
+		  # Deprecated (use set_temporary_password(..) instead)
           def set_password(login_id: nil, password: nil)
             body = {
               loginId: login_id,

data/lib/descope/mixins/common.rb

@@ -9,7 +9,8 @@ module Descope
       DEFAULT_BASE_URL = 'https://api.descope.com' # pragma: no cover
       DEFAULT_TIMEOUT_SECONDS = 60
       DEFAULT_JWT_VALIDATION_LEEWAY = 5
-      PHONE_REGEX = %r{^(?:\(?(?:00|\+)([1-4]\d\d|[1-9]\d?)\)?)?[-./ \\]?(?:(?:\(?\d{1,}\)?[-./ \\]?){0,})(?:[-./ \\]?(?:#|ext\.?|extension|x)[-./ \\]?(\d+))?$}.freeze
+      # Using E164 format,\A and \z are start and end of string respectively, to prevent multiline matching
+      PHONE_REGEX = /\A\+[1-9]\d{1,14}\z/
 
       SESSION_COOKIE_NAME = 'DS'
       REFRESH_SESSION_COOKIE_NAME = 'DSR'
@@ -24,13 +25,15 @@ module Descope
         WHATSAPP = 1
         SMS = 2
         EMAIL = 3
+        VOICE = 4
       end
 
       def get_method_string(method)
         name = {
           DeliveryMethod::WHATSAPP => 'whatsapp',
           DeliveryMethod::SMS => 'sms',
-          DeliveryMethod::EMAIL => 'email'
+          DeliveryMethod::EMAIL => 'email',
+          DeliveryMethod::VOICE => 'voice'
         }[method]
 
         raise ArgumentException, "Unknown delivery method: #{method}" if name.nil?
@@ -50,7 +53,7 @@ module Descope
         VALIDATE_SESSION_PATH = '/v1/auth/validate'
         ME_PATH = '/v1/auth/me'
 
-        # accesskey
+        # access key
         EXCHANGE_AUTH_ACCESS_KEY_PATH = '/v1/auth/accesskey/exchange'
 
         # otp
@@ -114,16 +117,6 @@ module Descope
       module EndpointsV2
         PUBLIC_KEY_PATH = '/v2/keys'
       end
-
-      module LoginOptions
-        attr_accessor :stepup, :mfa, :custom_claims
-
-        def initialize
-          @stepup = stepup || false
-          @mfa ||= false
-          @custom_claims ||= {}
-        end
-      end
     end
   end
 end

data/lib/descope/mixins/http.rb

@@ -96,7 +96,7 @@ module Descope
 
         raise Descope::Unsupported.new("No response from server", code: 400) unless result && result.respond_to?(:code)
 
-        @logger.info "http status code: #{result.code}"
+        @logger.info("API Request: [#{method}] #{uri} - Response Code: #{result.code}")
         case result.code
         when 200...226 then safe_parse_json(result.body)
         when 400       then raise Descope::BadRequest.new(result.body, code: result.code, headers: result.headers)

data/lib/descope/mixins/validation.rb

@@ -1,9 +1,12 @@
 # frozen_string_literal: true
 
+require 'descope/mixins/common'
+
 module Descope
   module Mixins
     # Module to provide validation for specific data structures.
     module Validation
+      include Descope::Mixins::Common
       def validate_tenants(key_tenants)
         raise ArgumentError, 'key_tenants should be an Array of hashes' unless key_tenants.is_a? Array
 
@@ -46,11 +49,18 @@ module Descope
       end
 
       def validate_phone(method, phone)
+        phone_number_is_invalid = !phone.match?(PHONE_REGEX) unless phone.nil?
+
         raise AuthException.new('Phone number cannot be empty', code: 400) unless phone.is_a?(String) && !phone.empty?
-        raise AuthException.new('Invalid phone number', code: 400) unless phone.match?(PHONE_REGEX)
-        raise AuthException.new('Invalid delivery method', code: 400) unless [
-          DeliveryMethod::WHATSAPP, DeliveryMethod::SMS
-        ].include?(method)
+        raise AuthException.new("Invalid pattern for phone number: #{phone}", code: 400) if phone_number_is_invalid
+
+        valid_methods = DeliveryMethod.constants.map { |constant| DeliveryMethod.const_get(constant) }
+
+        # rubocop:disable Style/LineLength
+        unless valid_methods.include?(method)
+          valid_methods_names = valid_methods.map { |m| "DeliveryMethod::#{DeliveryMethod.constants[valid_methods.index(m)]}" }.join(', ')
+          raise AuthException.new("Delivery method should be one of the following: #{valid_methods_names}", code: 400)
+        end
       end
 
       def verify_provider(oauth_provider)
@@ -64,7 +74,9 @@ module Descope
       end
 
       def validate_redirect_url(return_url)
-        raise AuthException.new('Return_url cannot be empty', code: 400) unless return_url.is_a?(String) && !return_url.empty?
+        return if return_url.is_a?(String) && !return_url.empty?
+
+        raise AuthException.new('Return_url cannot be empty', code: 400)
       end
 
       def validate_code(code)
@@ -72,7 +84,10 @@ module Descope
       end
 
       def validate_scim_group_id(group_id)
-        raise AuthException.new('SCIM Group ID cannot be empty', code: 400) unless group_id.is_a?(String) && !group_id.empty?
+        return if group_id.is_a?(String) && !group_id.empty?
+
+        raise AuthException.new('SCIM Group ID cannot be empty', code: 400)
+
       end
     end
   end

data/lib/descope/version.rb

@@ -2,6 +2,6 @@
 
 # Current version of gem
 module Descope
-  VERSION = '1.0.4'
+  VERSION = '1.0.6'
   SDK_VERSION = '1.0.0'
 end

data/spec/integration/lib.descope/api/v1/auth/enchantedlink_spec.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+def poll_for_session(descope_client, pending_ref)
+  max_tries = 15
+  i = 0
+  done = false
+  while !done && i < max_tries
+    begin
+      i += 1
+      @client.logger.info('waiting 4 seconds for session to be created...')
+      sleep(4)
+      print '.'
+      @client.logger.info("Getting session for pending_ref: #{pending_ref}...")
+      jwt_response = descope_client.enchanted_link_get_session(pending_ref)
+      done = true
+    rescue Descope::AuthException, Descope::Unauthorized => e
+      @client.logger.info("Failed pending session, err: #{e}")
+     nil
+    end
+
+    next unless jwt_response
+
+    @client.logger.info("jwt_response: #{jwt_response}")
+    refresh_token = jwt_response[Descope::Mixins::Common::REFRESH_SESSION_TOKEN_NAME]['jwt']
+
+    @client.logger.info("refresh_token: #{refresh_token}")
+    done = true
+    return refresh_token
+  end
+end
+
+def verify_session(descope_client: nil, res: nil, user: nil)
+  raise StandardError, 'Missing required parameters' if descope_client.nil? || res.nil? || user.nil?
+
+  token = res['link'].match(/.+verify\?t=(.+)/)[1]
+  @client.logger.info("token: #{token}")
+
+  expect do
+    descope_client.enchanted_link_verify_token(token)
+    @client.logger.info('EnchantedLink Token Verified! now getting session information...')
+    @client.logger.info('Polling for session...')
+    refresh_token = poll_for_session(descope_client, res['pendingRef'])
+    my_details = descope_client.me(refresh_token)
+    expect(my_details['email']).to eq(user['email'])
+    @client.logger.info('EnchantedLink Token Verified via sign in!')
+  rescue StandardError => e
+    raise StandardError, "Verification failed - Could not verify token #{e.message}"
+
+  end.to_not raise_error
+end
+
+describe Descope::Api::V1::Auth::EnchantedLink do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  context 'test EnchantedLink for test user' do
+    it 'should sign in with enchanted link' do
+      user = build(:user)
+      test_user = @client.create_test_user(**user)['user']
+      @client.logger.info("Should sign in a test user => #{test_user['loginIds'][0]} with enchanted link...")
+      res = @client.generate_enchanted_link_for_test_user(login_id: test_user['loginIds'][0], uri: 'http://localhost:3000/verify')
+      @client.logger.info("res: #{res}")
+      @client.logger.info('Verifying session...')
+      verify_session(descope_client: @client, res:, user: test_user)
+    end
+  end
+end

data/spec/integration/lib.descope/api/v1/auth/magiclink_spec.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Auth::MagicLink do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  context 'test Magiclink for test user' do
+    it 'should sign in with magiclink' do
+      user = build(:user)
+      test_user = @client.create_test_user(**user)['user']
+      @client.create_test_user(**user)
+      res = @client.generate_magic_link_for_test_user(
+        method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
+        login_id: test_user['loginIds'][0],
+        uri: 'http://localhost:3000/verify'
+      )
+      @client.logger.info("res: #{res}")
+      token = res['link'].match(/^http.+verify\?t=(.+)/)[1]
+      @client.logger.info("token: #{token}")
+
+      expect do
+        @client.logger.info('Verifying token...')
+        jwt_response = @client.magiclink_verify_token(token)
+        @client.logger.info("jwt_response #{jwt_response}")
+        my_details = @client.me(jwt_response['refreshSessionToken']['jwt'])
+        @client.logger.info('verifying session...')
+        expect(my_details['email']).to eq(test_user['email'])
+        @client.logger.info('Magiclink Token Verified via sign in!')
+      rescue StandardError => e
+        raise StandardError, "Verification failed - Could not verify token: #{e.message}"
+
+      end.to_not raise_error
+    end
+  end
+end