RubyGems - descope - Versions diffs - 1.0.4 - Mend

descope 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

checksums.yaml +7 -0
data/.github/workflows/ci.yaml +54 -0
data/.gitignore +59 -0
data/.release-please-manifest.json +3 -0
data/.rubocop.yml +10 -0
data/.rubocop_todo.yml +10 -0
data/.ruby-version +1 -0
data/CHANGELOG.md +90 -0
data/Gemfile +22 -0
data/Gemfile.lock +204 -0
data/LICENSE +21 -0
data/README.md +1171 -0
data/Rakefile +31 -0
data/descope.gemspec +34 -0
data/examples/ruby/Gemfile +4 -0
data/examples/ruby/Gemfile.lock +41 -0
data/examples/ruby/access_key_app.rb +45 -0
data/examples/ruby/enchantedlink_app.rb +65 -0
data/examples/ruby/magiclink_app.rb +81 -0
data/examples/ruby/management/Gemfile +5 -0
data/examples/ruby/management/Gemfile.lock +38 -0
data/examples/ruby/management/access_key_app.rb +71 -0
data/examples/ruby/management/audit_app.rb +25 -0
data/examples/ruby/management/authz_app.rb +135 -0
data/examples/ruby/management/authz_files.json +229 -0
data/examples/ruby/management/flow_app.rb +57 -0
data/examples/ruby/management/permission_app.rb +56 -0
data/examples/ruby/management/role_app.rb +58 -0
data/examples/ruby/management/tenant_app.rb +60 -0
data/examples/ruby/management/user_app.rb +60 -0
data/examples/ruby/oauth_app.rb +39 -0
data/examples/ruby/otp_app.rb +50 -0
data/examples/ruby/password_app.rb +76 -0
data/examples/ruby/saml_app.rb +38 -0
data/examples/ruby-on-rails-api/descope/.dockerignore +37 -0
data/examples/ruby-on-rails-api/descope/.gitattributes +9 -0
data/examples/ruby-on-rails-api/descope/.gitignore +40 -0
data/examples/ruby-on-rails-api/descope/.node-version +1 -0
data/examples/ruby-on-rails-api/descope/.ruby-version +1 -0
data/examples/ruby-on-rails-api/descope/Dockerfile +75 -0
data/examples/ruby-on-rails-api/descope/Gemfile +67 -0
data/examples/ruby-on-rails-api/descope/Gemfile.lock +284 -0
data/examples/ruby-on-rails-api/descope/Procfile.dev +3 -0
data/examples/ruby-on-rails-api/descope/README.md +54 -0
data/examples/ruby-on-rails-api/descope/Rakefile +6 -0
data/examples/ruby-on-rails-api/descope/app/assets/builds/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/config/manifest.js +3 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/descope.jpeg +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/favicon.ico +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/logo192.png +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/logo512.png +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/stylesheets/application.bootstrap.scss +67 -0
data/examples/ruby-on-rails-api/descope/app/channels/application_cable/channel.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/channels/application_cable/connection.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/controllers/application_controller.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/controllers/concerns/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/controllers/homepage_controller.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/controllers/session_controller.rb +66 -0
data/examples/ruby-on-rails-api/descope/app/helpers/application_helper.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/helpers/homepage_helper.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/helpers/session_helper.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/javascript/App.css +53 -0
data/examples/ruby-on-rails-api/descope/app/javascript/application.js +5 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/App.jsx +4 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Dashboard.jsx +60 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Home.jsx +27 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Login.jsx +45 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Profile.jsx +81 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/index.html +11 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/index.jsx +24 -0
data/examples/ruby-on-rails-api/descope/app/javascript/controllers/application.js +9 -0
data/examples/ruby-on-rails-api/descope/app/javascript/controllers/index.js +5 -0
data/examples/ruby-on-rails-api/descope/app/javascript/reportWebVitals.js +13 -0
data/examples/ruby-on-rails-api/descope/app/javascript/routes/index.jsx +17 -0
data/examples/ruby-on-rails-api/descope/app/jobs/application_job.rb +7 -0
data/examples/ruby-on-rails-api/descope/app/mailers/application_mailer.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/models/application_record.rb +3 -0
data/examples/ruby-on-rails-api/descope/app/models/concerns/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/views/homepage/index.html.erb +2 -0
data/examples/ruby-on-rails-api/descope/app/views/layouts/application.html.erb +16 -0
data/examples/ruby-on-rails-api/descope/app/views/layouts/mailer.html.erb +13 -0
data/examples/ruby-on-rails-api/descope/app/views/layouts/mailer.text.erb +1 -0
data/examples/ruby-on-rails-api/descope/app/views/session/index.html.erb +2 -0
data/examples/ruby-on-rails-api/descope/bin/bundle +109 -0
data/examples/ruby-on-rails-api/descope/bin/dev +11 -0
data/examples/ruby-on-rails-api/descope/bin/docker-entrypoint +8 -0
data/examples/ruby-on-rails-api/descope/bin/rails +4 -0
data/examples/ruby-on-rails-api/descope/bin/rake +4 -0
data/examples/ruby-on-rails-api/descope/bin/setup +36 -0
data/examples/ruby-on-rails-api/descope/build.js +30 -0
data/examples/ruby-on-rails-api/descope/config/application.rb +42 -0
data/examples/ruby-on-rails-api/descope/config/boot.rb +4 -0
data/examples/ruby-on-rails-api/descope/config/cable.yml +10 -0
data/examples/ruby-on-rails-api/descope/config/config.yml +9 -0
data/examples/ruby-on-rails-api/descope/config/credentials.yml.enc +1 -0
data/examples/ruby-on-rails-api/descope/config/database.yml +25 -0
data/examples/ruby-on-rails-api/descope/config/environment.rb +5 -0
data/examples/ruby-on-rails-api/descope/config/environments/development.rb +76 -0
data/examples/ruby-on-rails-api/descope/config/environments/production.rb +97 -0
data/examples/ruby-on-rails-api/descope/config/environments/test.rb +64 -0
data/examples/ruby-on-rails-api/descope/config/initializers/assets.rb +13 -0
data/examples/ruby-on-rails-api/descope/config/initializers/content_security_policy.rb +25 -0
data/examples/ruby-on-rails-api/descope/config/initializers/filter_parameter_logging.rb +8 -0
data/examples/ruby-on-rails-api/descope/config/initializers/inflections.rb +16 -0
data/examples/ruby-on-rails-api/descope/config/initializers/load_config.rb +12 -0
data/examples/ruby-on-rails-api/descope/config/initializers/permissions_policy.rb +13 -0
data/examples/ruby-on-rails-api/descope/config/locales/en.yml +31 -0
data/examples/ruby-on-rails-api/descope/config/puma.rb +35 -0
data/examples/ruby-on-rails-api/descope/config/routes.rb +18 -0
data/examples/ruby-on-rails-api/descope/config/storage.yml +34 -0
data/examples/ruby-on-rails-api/descope/config.ru +6 -0
data/examples/ruby-on-rails-api/descope/db/seeds.rb +9 -0
data/examples/ruby-on-rails-api/descope/lib/assets/.keep +0 -0
data/examples/ruby-on-rails-api/descope/lib/tasks/.keep +0 -0
data/examples/ruby-on-rails-api/descope/log/.keep +0 -0
data/examples/ruby-on-rails-api/descope/package-lock.json +19680 -0
data/examples/ruby-on-rails-api/descope/package.json +51 -0
data/examples/ruby-on-rails-api/descope/public/404.html +67 -0
data/examples/ruby-on-rails-api/descope/public/422.html +67 -0
data/examples/ruby-on-rails-api/descope/public/500.html +66 -0
data/examples/ruby-on-rails-api/descope/public/apple-touch-icon-precomposed.png +0 -0
data/examples/ruby-on-rails-api/descope/public/apple-touch-icon.png +0 -0
data/examples/ruby-on-rails-api/descope/public/favicon.ico +0 -0
data/examples/ruby-on-rails-api/descope/public/robots.txt +1 -0
data/examples/ruby-on-rails-api/descope/storage/.keep +0 -0
data/examples/ruby-on-rails-api/descope/tmp/.keep +0 -0
data/examples/ruby-on-rails-api/descope/tmp/pids/.keep +0 -0
data/examples/ruby-on-rails-api/descope/tmp/storage/.keep +0 -0
data/examples/ruby-on-rails-api/descope/vendor/.keep +0 -0
data/examples/ruby-on-rails-api/descope/yarn.lock +10780 -0
data/lib/descope/api/v1/auth/enchantedlink.rb +156 -0
data/lib/descope/api/v1/auth/magiclink.rb +170 -0
data/lib/descope/api/v1/auth/oauth.rb +72 -0
data/lib/descope/api/v1/auth/otp.rb +186 -0
data/lib/descope/api/v1/auth/password.rb +100 -0
data/lib/descope/api/v1/auth/saml.rb +48 -0
data/lib/descope/api/v1/auth/totp.rb +72 -0
data/lib/descope/api/v1/auth.rb +452 -0
data/lib/descope/api/v1/management/access_key.rb +81 -0
data/lib/descope/api/v1/management/audit.rb +82 -0
data/lib/descope/api/v1/management/authz.rb +165 -0
data/lib/descope/api/v1/management/common.rb +147 -0
data/lib/descope/api/v1/management/flow.rb +55 -0
data/lib/descope/api/v1/management/password.rb +58 -0
data/lib/descope/api/v1/management/permission.rb +48 -0
data/lib/descope/api/v1/management/project.rb +53 -0
data/lib/descope/api/v1/management/role.rb +48 -0
data/lib/descope/api/v1/management/scim.rb +206 -0
data/lib/descope/api/v1/management/sso_settings.rb +153 -0
data/lib/descope/api/v1/management/tenant.rb +71 -0
data/lib/descope/api/v1/management/user.rb +619 -0
data/lib/descope/api/v1/management.rb +38 -0
data/lib/descope/api/v1/session.rb +84 -0
data/lib/descope/api/v1.rb +13 -0
data/lib/descope/client.rb +6 -0
data/lib/descope/exception.rb +50 -0
data/lib/descope/mixins/common.rb +129 -0
data/lib/descope/mixins/headers.rb +15 -0
data/lib/descope/mixins/http.rb +133 -0
data/lib/descope/mixins/initializer.rb +80 -0
data/lib/descope/mixins/logging.rb +30 -0
data/lib/descope/mixins/validation.rb +79 -0
data/lib/descope/mixins.rb +22 -0
data/lib/descope/version.rb +7 -0
data/lib/descope.rb +9 -0
data/lib/descope_client.rb +5 -0
data/release-please-config.json +18 -0
data/renovate.json +6 -0
data/spec/factories/user.rb +16 -0
data/spec/lib.descope/api/v1/auth/enchantedlink_spec.rb +159 -0
data/spec/lib.descope/api/v1/auth/magiclink_spec.rb +282 -0
data/spec/lib.descope/api/v1/auth/oauth_spec.rb +117 -0
data/spec/lib.descope/api/v1/auth/otp_spec.rb +285 -0
data/spec/lib.descope/api/v1/auth/password_spec.rb +124 -0
data/spec/lib.descope/api/v1/auth/saml_spec.rb +55 -0
data/spec/lib.descope/api/v1/auth/totp_spec.rb +70 -0
data/spec/lib.descope/api/v1/auth_spec.rb +372 -0
data/spec/lib.descope/api/v1/management/access_key_spec.rb +118 -0
data/spec/lib.descope/api/v1/management/audit_spec.rb +78 -0
data/spec/lib.descope/api/v1/management/authz_spec.rb +336 -0
data/spec/lib.descope/api/v1/management/flow_spec.rb +78 -0
data/spec/lib.descope/api/v1/management/password_spec.rb +25 -0
data/spec/lib.descope/api/v1/management/permission_spec.rb +81 -0
data/spec/lib.descope/api/v1/management/project_spec.rb +63 -0
data/spec/lib.descope/api/v1/management/role_spec.rb +85 -0
data/spec/lib.descope/api/v1/management/scim_spec.rb +312 -0
data/spec/lib.descope/api/v1/management/sso_settings_spec.rb +172 -0
data/spec/lib.descope/api/v1/management/tenant_spec.rb +141 -0
data/spec/lib.descope/api/v1/management/user_spec.rb +667 -0
data/spec/lib.descope/api/v1/session_spec.rb +117 -0
data/spec/lib.descope/client_spec.rb +40 -0
data/spec/spec_helper.rb +72 -0
data/spec/support/client_config.rb +14 -0
data/spec/support/dummy_class.rb +36 -0
data/spec/support/utils.rb +32 -0
metadata +420 -0

data/lib/descope/api/v1/management/audit.rb ADDED Viewed

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Audit
+          include Descope::Api::V1::Management::Common
+          def audit_search(
+            user_ids: nil,
+            actions: nil,
+            exclude_actions: nil,
+            devices: nil,
+            methods: nil,
+            geos: nil,
+            remote_addresses: nil,
+            login_ids: nil,
+            tenants: nil,
+            no_tenants: false,
+            text: nil,
+            from_ts: nil,
+            to_ts: nil
+          )
+            # Search the audit trail up to last 30 days based on given parameters
+            # user_ids (Array): Optional list of user IDs to filter by
+            # actions (Array): Optional list of actions to filter by
+            # excluded_actions (Array): Optional list of actions to exclude
+            # devices (Array): Optional list of devices to filter by. Current devices supported are "Bot"/"Mobile"/"Desktop"/"Tablet"/"Unknown"
+            # methods (Array): Optional list of methods to filter by. Current auth methods are "otp"/"totp"/"magiclink"/"oauth"/"saml"/"password"
+            # geos (Array): Optional list of geos to filter by. Geo is currently country code like "US", "IL", etc.
+            # remote_addresses (Array): Optional list of remote addresses to filter by
+            # login_ids (Array): Optional list of login IDs to filter by
+            # tenants (Array): Optional list of tenants to filter by
+            # no_tenants (bool): Should audits without any tenants always be included
+            # text (str): Free text search across all fields
+            # from_ts (datetime): Retrieve records newer than given time but not older than 30 days
+            # to_ts (datetime): Retrieve records older than given time
+            request_params = {
+              noTenants: no_tenants
+            }
+            request_params[:userIds] = user_ids unless user_ids.nil?
+            request_params[:actions] = actions unless actions.nil?
+            request_params[:excludeActions] = exclude_actions unless exclude_actions.nil?
+            request_params[:devices] = devices unless devices.nil?
+            request_params[:methods] = methods unless methods.nil?
+            request_params[:geos] = geos unless geos.nil?
+            request_params[:remoteAddresses] = remote_addresses unless remote_addresses.nil?
+            request_params[:externalIds] = login_ids unless login_ids.nil?
+            request_params[:tenants] = tenants unless tenants.nil?
+            request_params[:text] = text unless text.nil?
+            request_params[:from] = from_ts.to_i * 1000 unless from_ts.nil?
+            request_params[:to] = to_ts.to_i * 1000 unless to_ts.nil?
+            res = post(AUDIT_SEARCH, request_params)
+            raise Descope::AuthException, "could not get audits: #{res}" if res['audits'].nil?
+            { 'audits' => res['audits'].map { |audit| convert_audit_record(audit) } }
+          end
+          private
+          def convert_audit_record(audit)
+            {
+              'projectId' => audit['projectId'] || '',
+              'userId' => audit['userId'] || '',
+              'action' => audit['action'] || '',
+              'occurred' => audit['occurred'] || '',
+              'device' => audit['device'] || '',
+              'method' => audit['method'] || '',
+              'geo' => audit['geo'] || '',
+              'remoteAddress' => audit['remoteAddress'] || '',
+              'loginIds' => audit['externalIds'] || '',
+              'tenants' => audit['tenants'] || '',
+              'data' => audit['data'] || ''
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/authz.rb ADDED Viewed

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Authz
+          include Descope::Api::V1::Management::Common
+          def authz_save_schema(schema: nil, upgrade: false)
+            #  Create or update the ReBAC schema.
+            #  In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.
+            #  Args:
+            #  schema (dict): the schema dict with format
+            #       {
+            #           "name": "name-of-schema",
+            #           "namespaces": [
+            #               {
+            #                   "name": "name-of-namespace",
+            #                   "relationDefinitions": [
+            #                       {
+            #                           "name": "name-of-relation-definition",
+            #                           "complexDefinition": {
+            #                               "nType": "one of child|union|intersect|sub",
+            #                               "children": "optional list of node children - same format as complexDefinition",
+            #                               "expression": {
+            #                                   "neType": "one of self|targetSet|relationLeft|relationRight",
+            #                                   "relationDefinition": "name of relation definition for relationLeft and relationRight",
+            #                                   "relationDefinitionNamespace": "the namespace for the rd above",
+            #                                   "targetRelationDefinition": "relation definition for targetSet and relationLeft/right",
+            #                                   "targetRelationDefinitionNamespace": "the namespace for above"
+            #                               }
+            #                           }
+            #                       }
+            #                   ]
+            #               }
+            #           ]
+            #       }
+            #   Schema name can be used for projects to track versioning.
+            #  @see https://docs.descope.com/api/openapi/authz/operation/SaveSchema/
+            request_params = { schema:, upgrade: }
+            post(AUTHZ_SCHEMA_SAVE, request_params)
+          end
+          def authz_delete_schema
+            # Delete the schema for the project which will also delete all relations.
+            post(AUTHZ_SCHEMA_DELETE)
+          end
+          def authz_load_schema
+            # Load the schema for the project.
+            post(AUTHZ_SCHEMA_LOAD)
+          end
+          def authz_save_namespace(namespace: nil, old_name: nil, schema_name: nil)
+            # Create or update the given namespace
+            # Will not delete relation definitions not mentioned in the namespace.
+            request_params = { namespace: namespace }
+            request_params[:oldName] = old_name unless old_name.nil?
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_NS_SAVE, request_params)
+          end
+          def authz_delete_namespace(name: nil, schema_name: nil)
+            # Delete the given namespace
+            request_params = { name: name }
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_NS_DELETE, request_params)
+          end
+          def authz_save_relation_definition(relation_definition: nil, namespace: nil, old_name: nil, schema_name: nil)
+            # Create or update the given relation definition
+            #  Will not delete relation definitions not mentioned in the namespace.
+            request_params = {
+              relationDefinition: relation_definition,
+              namespace:
+            }
+            request_params[:old_name] = old_name unless old_name.nil?
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_RD_SAVE, request_params)
+          end
+          def authz_delete_relation_definition(name: nil, namespace: nil, schema_name: nil)
+            # Delete the given relation definition
+            request_params = { name: , namespace:  }
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_RD_DELETE, request_params)
+          end
+          def authz_create_relations(relations = nil)
+            # Create the given relations based on the existing schema
+            #  relations (Array[]): the relations to create. Each in the following format:
+            #   {
+            #       "resource": "id of the resource that has the relation",
+            #       "relationDefinition": "the relation definition for the relation",
+            #       "namespace": "namespace for the relation definition",
+            #       "target": "the target that has the relation - usually users or other resources",
+            #       "targetSetResource": "if the target is a group that has another relation",
+            #       "targetSetRelationDefinition": "the relation definition for the targetSet group",
+            #       "targetSetRelationDefinitionNamespace": "the namespace for the relation definition for the targetSet group",
+            #       "query": {
+            #           "tenants": ["t1", "t2"],
+            #           "roles": ["r1", "r2"],
+            #           "text": "full-text-search",
+            #           "statuses": ["enabled|disabled|invited"],
+            #           "ssoOnly": True|False,
+            #           "withTestUser": True|False,
+            #           "customAttributes": {
+            #               "key": "value",
+            #               ...
+            #           }
+            #       }
+            #   }
+            #   Each relation should have exactly one of: target, targetSet, query
+            #   Regarding query above, it should be specified if the target is a set of users that matches the query - all fields are optional
+            post(AUTHZ_RE_CREATE, { relations: })
+          end
+          def authz_delete_relations(relations = nil)
+            # Delete the given relations based on the existing schema
+            post(AUTHZ_RE_DELETE, { relations: })
+          end
+          def authz_delete_relations_for_resources(resources = nil)
+            # Delete all relations for the given resources
+            post(AUTHZ_RE_DELETE_RESOURCES, { resources: })
+          end
+          def authz_has_relations?(relation_queries = nil)
+            # Queries the given relations to see if they exist returning true if they do
+            post(AUTHZ_RE_HAS_RELATIONS, { relationQueries: relation_queries })
+          end
+          def authz_who_can_access?(resource: nil, relation_definition: nil, namespace: nil)
+            #  Finds the list of targets (usually users) who can access the given resource with the given RD
+            request_params = {
+              resource:,
+              relationDefinition: relation_definition,
+              namespace:
+            }
+            post(AUTHZ_RE_WHO, request_params)
+          end
+          def authz_resource_relations(resources: nil)
+            post(AUTHZ_RE_RESOURCE, { resources: })
+          end
+          def authz_target_relations(targets: nil)
+            # Returns the list of all defined relations (not recursive) for the given targets.
+            post(AUTHZ_RE_TARGETS, { targets: })
+          end
+          def authz_what_can_target_access?(target: nil)
+            # Returns the list of all relations for the given target including derived relations from the schema tree.
+            res = post(AUTHZ_RE_TARGET_ALL, { target: })
+            raise Descope::AuthException, "could not get relation for target: #{res}" if res['relations'].nil?
+            res['relations']
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/common.rb ADDED Viewed

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Common Management constants
+        module Common
+          # tenant
+          TENANT_CREATE_PATH = '/v1/mgmt/tenant/create'
+          TENANT_UPDATE_PATH = '/v1/mgmt/tenant/update'
+          TENANT_DELETE_PATH = '/v1/mgmt/tenant/delete'
+          TENANT_LOAD_PATH = '/v1/mgmt/tenant'
+          TENANT_LOAD_ALL_PATH = '/v1/mgmt/tenant/all'
+          TENANT_SEARCH_ALL_PATH = '/v1/mgmt/tenant/search'
+          PASSWORD_SETTINGS_PATH = '/v1/mgmt/password/settings'
+          # userUSER_CREATE_PATH
+          USER_CREATE_PATH = '/v1/mgmt/user/create'
+          USER_CREATE_BATCH_PATH = '/v1/mgmt/user/create/batch'
+          USER_UPDATE_PATH = '/v1/mgmt/user/update'
+          USER_DELETE_PATH = '/v1/mgmt/user/delete'
+          USER_LOGOUT_PATH = '/v1/mgmt/user/logout'
+          USER_DELETE_ALL_TEST_USERS_PATH = '/v1/mgmt/user/test/delete/all'
+          USER_LOAD_PATH = '/v1/mgmt/user'
+          USERS_SEARCH_PATH = '/v1/mgmt/user/search'
+          USER_GET_PROVIDER_TOKEN = '/v1/mgmt/user/provider/token'
+          USER_UPDATE_STATUS_PATH = '/v1/mgmt/user/update/status'
+          USER_UPDATE_LOGIN_ID_PATH = '/v1/mgmt/user/update/loginid'
+          USER_UPDATE_EMAIL_PATH = '/v1/mgmt/user/update/email'
+          USER_UPDATE_PHONE_PATH = '/v1/mgmt/user/update/phone'
+          USER_UPDATE_NAME_PATH = '/v1/mgmt/user/update/name'
+          USER_UPDATE_PICTURE_PATH = '/v1/mgmt/user/update/picture'
+          USER_UPDATE_CUSTOM_ATTRIBUTE_PATH = '/v1/mgmt/user/update/customAttribute'
+          USER_ADD_ROLE_PATH = '/v1/mgmt/user/update/role/add'
+          USER_REMOVE_ROLE_PATH = '/v1/mgmt/user/update/role/remove'
+          USER_SET_PASSWORD_PATH = '/v1/mgmt/user/password/set'
+          USER_EXPIRE_PASSWORD_PATH = '/v1/mgmt/user/password/expire'
+          USER_ADD_TENANT_PATH = '/v1/mgmt/user/update/tenant/add'
+          USER_REMOVE_TENANT_PATH = '/v1/mgmt/user/update/tenant/remove'
+          USER_GENERATE_OTP_FOR_TEST_PATH = '/v1/mgmt/tests/generate/otp'
+          USER_GENERATE_MAGIC_LINK_FOR_TEST_PATH = '/v1/mgmt/tests/generate/magiclink'
+          USER_GENERATE_ENCHANTED_LINK_FOR_TEST_PATH = '/v1/mgmt/tests/generate/enchantedlink'
+          USER_GENERATE_EMBEDDED_LINK_PATH = '/v1/mgmt/user/signin/embeddedlink'
+          # access key
+          ACCESS_KEY_CREATE_PATH = '/v1/mgmt/accesskey/create'
+          ACCESS_KEY_LOAD_PATH = '/v1/mgmt/accesskey'
+          ACCESS_KEYS_SEARCH_PATH = '/v1/mgmt/accesskey/search'
+          ACCESS_KEY_UPDATE_PATH = '/v1/mgmt/accesskey/update'
+          ACCESS_KEY_DEACTIVATE_PATH = '/v1/mgmt/accesskey/deactivate'
+          ACCESS_KEY_ACTIVATE_PATH = '/v1/mgmt/accesskey/activate'
+          ACCESS_KEY_DELETE_PATH = '/v1/mgmt/accesskey/delete'
+          # sso
+          SSO_SETTINGS_PATH = '/v2/mgmt/sso/settings'
+          SSO_OIDC_PATH = '/v1/mgmt/sso/oidc' # configure ssp settings via oidc
+          SSO_OIDC_CREATE_APP_PATH = '/v1/mgmt/sso/idp/app/oidc/create'
+          SSO_OIDC_UPDATE_APP_PATH = '/v1/mgmt/sso/idp/app/oidc/create'
+          SSO_SAML_PATH = '/v1/mgmt/sso/saml' # configure ssp settings via saml
+          SSO_SAML_METADATA_PATH = '/v1/mgmt/sso/saml/metadata' # configure ssp settings via saml metadata
+          # SCIM
+          SCIM_GROUPS_PATH = '/scim/v2/Groups'
+          SCIM_RESOURCE_TYPES_PATH = '/scim/v2/ResourceTypes'
+          SCIM_SERVICE_PROVIDER_CONFIG_PATH = '/scim/v2/ServiceProviderConfig'
+          SCIM_USERS_PATH = '/scim/v2/Users'
+          # jwt
+          UPDATE_JWT_PATH = '/v1/mgmt/jwt/update'
+          # permission
+          PERMISSION_CREATE_PATH = '/v1/mgmt/permission/create'
+          PERMISSION_UPDATE_PATH = '/v1/mgmt/permission/update'
+          PERMISSION_DELETE_PATH = '/v1/mgmt/permission/delete'
+          PERMISSION_LOAD_ALL_PATH = '/v1/mgmt/permission/all'
+          # role
+          ROLE_CREATE_PATH = '/v1/mgmt/role/create'
+          ROLE_UPDATE_PATH = '/v1/mgmt/role/update'
+          ROLE_DELETE_PATH = '/v1/mgmt/role/delete'
+          ROLE_LOAD_ALL_PATH = '/v1/mgmt/role/all'
+          # flow
+          FLOW_LIST_PATH = '/v1/mgmt/flow/list'
+          FLOW_IMPORT_PATH = '/v1/mgmt/flow/import'
+          FLOW_EXPORT_PATH = '/v1/mgmt/flow/export'
+          # theme
+          THEME_IMPORT_PATH = '/v1/mgmt/theme/import'
+          THEME_EXPORT_PATH = '/v1/mgmt/theme/export'
+          # group
+          GROUP_LOAD_ALL_PATH = '/v1/mgmt/group/all'
+          GROUP_LOAD_ALL_FOR_MEMBER_PATH = '/v1/mgmt/group/member/all'
+          GROUP_LOAD_ALL_GROUP_MEMBERS_PATH = '/v1/mgmt/group/members'
+          # Audit
+          AUDIT_SEARCH = '/v1/mgmt/audit/search'
+          # Authz ReBAC
+          AUTHZ_SCHEMA_SAVE = '/v1/mgmt/authz/schema/save'
+          AUTHZ_SCHEMA_DELETE = '/v1/mgmt/authz/schema/delete'
+          AUTHZ_SCHEMA_LOAD = '/v1/mgmt/authz/schema/load'
+          AUTHZ_NS_SAVE = '/v1/mgmt/authz/ns/save'
+          AUTHZ_NS_DELETE = '/v1/mgmt/authz/ns/delete'
+          AUTHZ_RD_SAVE = '/v1/mgmt/authz/rd/save'
+          AUTHZ_RD_DELETE = '/v1/mgmt/authz/rd/delete'
+          AUTHZ_RE_CREATE = '/v1/mgmt/authz/re/create'
+          AUTHZ_RE_DELETE = '/v1/mgmt/authz/re/delete'
+          AUTHZ_RE_DELETE_RESOURCES = '/v1/mgmt/authz/re/deleteresources'
+          AUTHZ_RE_HAS_RELATIONS = '/v1/mgmt/authz/re/has'
+          AUTHZ_RE_WHO = '/v1/mgmt/authz/re/who'
+          AUTHZ_RE_RESOURCE = '/v1/mgmt/authz/re/resource'
+          AUTHZ_RE_TARGETS = '/v1/mgmt/authz/re/targets'
+          AUTHZ_RE_TARGET_ALL = '/v1/mgmt/authz/re/targetall'
+          # Project
+          PROJECT_UPDATE_NAME = '/v1/mgmt/project/update/name'
+          PROJECT_CLONE = '/v1/mgmt/project/clone'
+          PROJECT_EXPORT_PATH = '/v1/mgmt/project/export'
+          PROJECT_IMPORT_PATH = '/v1/mgmt/project/import'
+          PROJECT_DELETE_PATH = '/v1/mgmt/project/delete'
+          def associated_tenants_to_hash_array(associated_tenants = [])
+            # Represents a tenant association for a User or Access Key. The tenant_id is required to denote
+            # which tenant the user or access key belongs to. The role_names array is an optional list of
+            # roles for the user or access key in this specific tenant.
+            # @param [Array] associated_tenants - list of associated tenants in the format of
+            #  [{tenant_id: 'tenant_id', role_names: ['role_name1', 'role_name2']}]
+            associated_tenants = associated_tenants.nil? ? [] : associated_tenants
+            associated_tenant_list = []
+            associated_tenants.each do |tenant|
+              associated_tenant_list.append(
+                {
+                  "tenantId": tenant[:tenant_id],
+                  "roleNames": tenant[:role_names]
+                }
+              )
+            end
+            associated_tenant_list
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/flow.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Flow
+          include Descope::Api::V1::Management::Common
+          #        List all project flows
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ListFlows/
+          # To list all flows, send an empty body such as: { } or { "ids": [] }.
+          #
+          # To search for a flow or several flows, send a body with the flowIds you want to search such as { "ids": ["sign-in"] } or { "ids": ["sign-in", "sign-up"] }.
+          def list_or_search_flows(ids = [])
+            request_params = { ids: }
+            post(FLOW_LIST_PATH, request_params)
+          end
+          # Export the given flow id flow and screens.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ExportFlow/
+          def export_flow(flow_id = nil)
+            request_params = { flowId: flow_id }
+            post(FLOW_EXPORT_PATH, request_params)
+          end
+          # Import the given flow and screens.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ImportFlow/
+          def import_flow(flow_id: nil, flow: nil, screens: nil)
+            request_params = {
+              flowId: flow_id,
+              flow:,
+              screens:
+            }
+            post(FLOW_IMPORT_PATH, request_params)
+          end
+          # Export the current project theme.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ExportTheme/
+          def export_theme
+            post(THEME_EXPORT_PATH)
+          end
+          # Import the current project theme.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ImportTheme/
+          def import_theme(theme)
+            request_params = { theme: }
+            post(THEME_IMPORT_PATH, request_params)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/password.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Password
+          include Descope::Api::V1::Management::Common
+          def get_password_settings(tenant_id)
+            # Get password settings for the provided tenant id.
+            get(PASSWORD_SETTINGS_PATH, { tenantId: tenant_id })
+          end
+          def update_password_settings(settings)
+            unless settings.is_a?(Hash)
+              raise Descope::ArgumentException.new('Password settings must be a Hash', code: 400)
+            end
+            # Update password settings for the provided tenant id.
+            body = compose_settings_body(settings)
+            post(PASSWORD_SETTINGS_PATH, body)
+          end
+          private
+          # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          def compose_settings_body(settings)
+            body = {}
+            body['minLength'] = settings[:min_length] if settings.key?(:min_length)
+            body['lowercase'] = settings[:lowercase] if settings.key?(:lowercase)
+            body['uppercase'] = settings[:uppercase] if settings.key?(:uppercase)
+            body['number'] = settings[:number] if settings.key?(:number)
+            body['nonAlphanumeric'] = settings[:non_alphanumeric] if settings.key?(:non_alphanumeric)
+            body['expiration'] = settings[:expiration] if settings.key?(:expiration)
+            body['expirationWeeks'] = settings[:expiration_weeks] if settings.key?(:expiration_weeks)
+            body['reuse'] = settings[:reuse] if settings.key?(:reuse)
+            body['reuseAmount'] = settings[:reuse_amount] if settings.key?(:reuse_amount)
+            body['lock'] = settings[:lock] if settings.key?(:lock)
+            body['lockAttempts'] = settings[:lock_attempts] if settings.key?(:lock_attempts)
+            body['emailServiceProvider'] = settings[:email_service_provider] if settings.key?(:email_service_provider)
+            body['emailSubject'] = settings[:email_subject] if settings.key?(:email_subject)
+            body['emailBody'] = settings[:email_body] if settings.key?(:email_body)
+            body['resetAuthMethod'] = settings[:reset_auth_method] if settings.key?(:reset_auth_method)
+            body['emailBodyPlainText'] = settings[:email_body_plain_text] if settings.key?(:email_body_plain_text)
+            if settings.key?(:use_email_body_plain_text)
+              body['useEmailBodyPlainText'] = settings[:use_email_body_plain_text]
+            end
+            body['tenantId'] = settings[:tenant_id] if settings.key?(:tenant_id)
+            body['enabled'] = settings[:enabled] if settings.key?(:enabled)
+            body
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/permission.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Permission
+          include Descope::Mixins::Validation
+          include Descope::Api::V1::Management::Common
+          def create_permission(name:, description: nil)
+            # Create a new permission.
+            # @see https://docs.descope.com/api/openapi/permissionmanagement/operation/CreatePermission/
+            request_params = {
+              name:,
+              description:
+            }
+            post(PERMISSION_CREATE_PATH, request_params)
+          end
+          def update_permission(name: nil, new_name: nil, description: nil)
+            # Update an existing permission with the given various fields. IMPORTANT: All parameters are used as overrides
+            # to the existing permission. Empty fields will override populated fields. Use carefully.
+            # @see https://docs.descope.com/api/openapi/permissionmanagement/operation/UpdatePermission/
+            request_params = {
+              name:,
+              newName: new_name,
+              description:
+            }
+            post(PERMISSION_UPDATE_PATH, request_params)
+          end
+          def delete_permission(name = nil)
+            # Delete an existing permission. IMPORTANT: This action is irreversible. Use carefully.
+            post(PERMISSION_DELETE_PATH, { name: })
+          end
+          def load_all_permissions
+            # Load all permissions.
+            get(PERMISSION_LOAD_ALL_PATH)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/project.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Project
+          include Descope::Api::V1::Management::Common
+          def rename_project(name)
+            # Rename a project.
+            post(PROJECT_UPDATE_NAME, { name: })
+          end
+          def export_project
+            # Exports all settings and configurations for a project and returns the
+            #   raw JSON files response as an object.
+            #    - This action is supported only with a pro license or above.
+            #    - Users, tenants and access keys are not cloned.
+            #    - Secrets, keys and tokens are not stripped from the exported data.
+            #   @returns a HASH containing the exported JSON files payload.
+            post(PROJECT_EXPORT_PATH)
+          end
+          def import_project(files: nil, excludes: nil)
+            # Import a project.
+            # The argument of files should be the output of the export project endpoint
+            body = { files: }
+            body[:excludes] = excludes unless excludes.nil?
+            post(PROJECT_IMPORT_PATH, body)
+          end
+          def delete_project
+            # Delete the current project. IMPORTANT: This action is irreversible. Use carefully.
+            post(PROJECT_DELETE_PATH)
+          end
+          def clone_project(name: nil, tag: nil)
+            # Clone the current project, including its settings and configurations.
+            # - This action is supported only with a pro license or above.
+            # - Users, tenants and access keys are not cloned.
+            request_params = {
+              name:,
+              tag:
+            }
+            post(PROJECT_CLONE, request_params)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/role.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Role
+          include Descope::Api::V1::Management::Common
+          def create_role(name: nil, description: nil, permission_names: nil)
+            # Create a new role.
+            permission_names ||= []
+            request_params = {
+              name:,
+              description:,
+              permissionNames: permission_names
+            }
+            post(ROLE_CREATE_PATH, request_params)
+          end
+          def update_role(name: nil, new_name: nil, description: nil, permission_names: nil)
+            # Update an existing role with the given various fields. IMPORTANT: All parameters are used as overrides
+            # to the existing role. Empty fields will override populated fields. Use carefully.
+            permission_names ||= []
+            request_params = {
+              name:,
+              newName: new_name,
+              description:,
+              permissionNames: permission_names
+            }
+            post(ROLE_UPDATE_PATH, request_params)
+          end
+          def delete_role(name)
+            # Delete an existing role. IMPORTANT: This action is irreversible. Use carefully.
+            post(ROLE_DELETE_PATH, { name: })
+          end
+          def load_all_roles
+            # Load all roles.
+            get(ROLE_LOAD_ALL_PATH)
+          end
+        end
+      end
+    end
+  end
+end