descope 1.0.4

data/lib/descope/api/v1/session.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Descope
+  module Api
+    module V1
+      # Holds all session methods
+      module Session
+        include Descope::Mixins::Common
+        include Descope::Mixins::Common::EndpointsV1
+        include Descope::Mixins::Common::EndpointsV2
+
+        def token_validation_key(project_id)
+          get("#{PUBLIC_KEY_PATH}/#{project_id}")
+        end
+
+        def refresh_session(refresh_token: nil, audience: nil)
+          #  Validate a session token. Call this function for every incoming request to your
+          #  private endpoints. Alternatively, use validate_and_refresh_session in order to
+          #  automatically refresh expired sessions. If you need to use these specific claims
+          #  [amr, drn, exp, iss, rexp, sub, jwt] in the top level of the response dict, please use
+          #  them from the sessionToken key instead, as these claims will soon be deprecated from the top level
+          #  of the response dict.
+
+          validate_refresh_token_not_nil(refresh_token)
+          validate_token(refresh_token, audience)
+          res = post(REFRESH_TOKEN_PATH, {}, {}, refresh_token)
+          generate_jwt_response(response_body: res, refresh_cookie: refresh_token, audience:)
+        end
+
+        def me(refresh_token = nil)
+          get(ME_PATH, {}, {}, refresh_token)
+        end
+
+        def sign_out(refresh_token = nil)
+          post(LOGOUT_PATH, {}, {}, refresh_token)
+        end
+
+        def sign_out_all(refresh_token = nil)
+          post(LOGOUT_ALL_PATH, {}, {}, refresh_token)
+        end
+
+        def validate_session(session_token: nil, audience: nil)
+          # Validate a session token. Call this function for every incoming request to your
+          # private endpoints. Alternatively, use validate_and_refresh_session in order to
+          # automatically refresh expired sessions. If you need to use these specific claims
+          # [amr, drn, exp, iss, rexp, sub, jwt] in the top level of the response dict, please use
+          # them from the sessionToken key instead, as these claims will soon be deprecated from the top level
+          # of the response dict.
+          # Return a hash includes the session token and all JWT claims
+
+          if session_token.nil? || session_token.empty?
+            raise Descope::AuthException.new('Session token is required for validation', code: 400)
+          end
+
+          @logger.debug("Validating session token: #{session_token}")
+          res = validate_token(session_token, audience)
+          @logger.debug("Session token validation response: #{res}")
+          # Duplicate for saving backward compatibility but keep the same structure as the refresh operation response
+          res[SESSION_TOKEN_NAME] = deep_copy(res)
+          session_props = adjust_properties(res, true)
+          @logger.debug("session validation jwt response properties: #{session_props}")
+          session_props
+        end
+
+        def validate_and_refresh_session(session_token: nil, refresh_token: nil, audience: nil)
+          # Validate the session token and refresh it if it has expired, the session token will automatically be refreshed.
+          # Either the session_token or the refresh_token must be provided.
+          # Call this function for every incoming request to your
+          # private endpoints. Alternatively, use validate_session to only validate the session.
+
+          raise Descope::AuthException.new('Session token is missing', code: 400) if session_token.nil?
+
+          begin
+            @logger.debug("Validating session token: #{session_token}")
+            validate_session(session_token:, audience:)
+          rescue Descope::AuthException
+            @logger.debug("Session is invalid, refreshing session with refresh token: #{refresh_token}")
+            refresh_session(refresh_token:, audience:)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1.rb

@@ -0,0 +1,13 @@
+require 'descope/api/v1/management'
+require 'descope/api/v1/session'
+require 'descope/api/v1/auth'
+
+module Descope
+  module Api
+    module V1
+      include Descope::Api::V1::Management
+      include Descope::Api::V1::Session
+      include Descope::Api::V1::Auth
+    end
+  end
+end

data/lib/descope/client.rb

@@ -0,0 +1,6 @@
+module Descope
+  # Main class for descope client
+  class Client
+    include Descope::Mixins
+  end
+end

data/lib/descope/exception.rb

@@ -0,0 +1,50 @@
+module Descope
+  # Default exception in namespace of Descope
+  # If you want to catch all exceptions, then you should use this one.
+  # Network exceptions are not included
+  class Exception < StandardError
+    attr_reader :error_data
+
+    def initialize(message, error_data = {})
+      super(message)
+      @error_data = error_data
+    end
+  end
+
+  # Parent for all exceptions that arise out of HTTP error responses.
+  class HTTPError < Descope::Exception
+    def headers
+      error_data[:headers]
+    end
+
+    def http_code
+      error_data[:code]
+    end
+  end
+
+  class AuthException < Descope::Exception; end
+  # exception for unauthorized requests, if you see it,
+  # probably Bearer Token is not set correctly
+
+  # exception for unset user_id, this might cause removal of
+  # all users, or other unexpected behaviour
+  class ArgumentException < Descope::Exception; end
+
+  # exception for invalid token when its empty
+  class InvalidToken < Descope::Exception; end
+  class InvalidParameter < Descope::Exception; end
+  class Unauthorized < Descope::HTTPError; end
+  # exception for not found resource, you query for an
+  # non-existent resource, or wrong path
+  class NotFound < Descope::HTTPError; end
+  class MethodNotAllowed < Descope::HTTPError; end
+  # exception for unknown error
+  class Unsupported < Descope::HTTPError; end
+  # exception for server error
+  class ServerError < Descope::HTTPError; end
+  # exception for incorrect request, you've sent wrong params
+  class BadRequest < Descope::HTTPError; end
+  class AccessDenied < Descope::HTTPError; end
+  class RateLimitException < Descope::HTTPError; end
+  class RequestTimeout < Descope::HTTPError; end
+end

data/lib/descope/mixins/common.rb

@@ -0,0 +1,129 @@
+# frozen_string_literal: true
+
+require_relative '../exception'
+
+module Descope
+  module Mixins
+    # Common values and methods
+    module Common
+      DEFAULT_BASE_URL = 'https://api.descope.com' # pragma: no cover
+      DEFAULT_TIMEOUT_SECONDS = 60
+      DEFAULT_JWT_VALIDATION_LEEWAY = 5
+      PHONE_REGEX = %r{^(?:\(?(?:00|\+)([1-4]\d\d|[1-9]\d?)\)?)?[-./ \\]?(?:(?:\(?\d{1,}\)?[-./ \\]?){0,})(?:[-./ \\]?(?:#|ext\.?|extension|x)[-./ \\]?(\d+))?$}.freeze
+
+      SESSION_COOKIE_NAME = 'DS'
+      REFRESH_SESSION_COOKIE_NAME = 'DSR'
+
+      SESSION_TOKEN_NAME = 'sessionToken'
+      REFRESH_SESSION_TOKEN_NAME = 'refreshSessionToken'
+      COOKIE_DATA_NAME = 'cookieData'
+
+      REDIRECT_LOCATION_COOKIE_NAME = 'Location'
+
+      module DeliveryMethod
+        WHATSAPP = 1
+        SMS = 2
+        EMAIL = 3
+      end
+
+      def get_method_string(method)
+        name = {
+          DeliveryMethod::WHATSAPP => 'whatsapp',
+          DeliveryMethod::SMS => 'sms',
+          DeliveryMethod::EMAIL => 'email'
+        }[method]
+
+        raise ArgumentException, "Unknown delivery method: #{method}" if name.nil?
+
+        name
+      end
+
+      def deep_copy(obj)
+        Marshal.load(Marshal.dump(obj))
+      end
+
+      module EndpointsV1
+        REFRESH_TOKEN_PATH = '/v1/auth/refresh'
+        SELECT_TENANT_PATH = '/v1/auth/tenant/select'
+        LOGOUT_PATH = '/v1/auth/logout'
+        LOGOUT_ALL_PATH = '/v1/auth/logoutall'
+        VALIDATE_SESSION_PATH = '/v1/auth/validate'
+        ME_PATH = '/v1/auth/me'
+
+        # accesskey
+        EXCHANGE_AUTH_ACCESS_KEY_PATH = '/v1/auth/accesskey/exchange'
+
+        # otp
+        SIGN_UP_AUTH_OTP_PATH = '/v1/auth/otp/signup'
+        SIGN_IN_AUTH_OTP_PATH = '/v1/auth/otp/signin'
+        SIGN_UP_OR_IN_AUTH_OTP_PATH = '/v1/auth/otp/signup-in'
+        VERIFY_CODE_AUTH_PATH = '/v1/auth/otp/verify'
+        UPDATE_USER_EMAIL_OTP_PATH = '/v1/auth/otp/update/email'
+        UPDATE_USER_PHONE_OTP_PATH = '/v1/auth/otp/update/phone'
+
+        # magiclink
+        SIGN_UP_AUTH_MAGICLINK_PATH = '/v1/auth/magiclink/signup'
+        SIGN_IN_AUTH_MAGICLINK_PATH = '/v1/auth/magiclink/signin'
+        SIGN_UP_OR_IN_AUTH_MAGICLINK_PATH = '/v1/auth/magiclink/signup-in'
+        VERIFY_MAGICLINK_AUTH_PATH = '/v1/auth/magiclink/verify'
+        GET_SESSION_MAGICLINK_AUTH_PATH = '/v1/auth/magiclink/pending-session'
+        UPDATE_USER_EMAIL_MAGICLINK_PATH = '/v1/auth/magiclink/update/email'
+        UPDATE_USER_PHONE_MAGICLINK_PATH = '/v1/auth/magiclink/update/phone'
+
+        # enchantedlink
+        SIGN_UP_AUTH_ENCHANTEDLINK_PATH = '/v1/auth/enchantedlink/signup'
+        SIGN_IN_AUTH_ENCHANTEDLINK_PATH = '/v1/auth/enchantedlink/signin'
+        SIGN_UP_OR_IN_AUTH_ENCHANTEDLINK_PATH = '/v1/auth/enchantedlink/signup-in'
+        VERIFY_ENCHANTEDLINK_AUTH_PATH = '/v1/auth/enchantedlink/verify'
+        GET_SESSION_ENCHANTEDLINK_AUTH_PATH = '/v1/auth/enchantedlink/pending-session'
+        UPDATE_USER_EMAIL_ENCHANTEDLINK_PATH = '/v1/auth/enchantedlink/update/email'
+
+        # oauth
+        OAUTH_START_PATH = '/v1/auth/oauth/authorize'
+        OAUTH_EXCHANGE_TOKEN_PATH = '/v1/auth/oauth/exchange'
+        OAUTH_CREATE_REDIRECT_URL_FOR_SIGN_IN_REQUEST_PATH = 'v1/auth/oauth/authorize/signin'
+        OAUTH_CREATE_REDIRECT_URL_FOR_SIGN_UP_REQUEST_PATH = 'v1/auth/oauth/authorize/signup'
+
+        # saml
+        AUTH_SAML_START_PATH = '/v1/auth/saml/authorize'
+        SAML_EXCHANGE_TOKEN_PATH = '/v1/auth/saml/exchange'
+
+        # totp
+        SIGN_UP_AUTH_TOTP_PATH = '/v1/auth/totp/signup'
+        VERIFY_TOTP_PATH = '/v1/auth/totp/verify'
+        UPDATE_TOTP_PATH = '/v1/auth/totp/update'
+
+        # webauthn
+        SIGN_UP_AUTH_WEBAUTHN_START_PATH = '/v1/auth/webauthn/signup/start'
+        SIGN_UP_AUTH_WEBAUTHN_FINISH_PATH = '/v1/auth/webauthn/signup/finish'
+        SIGN_IN_AUTH_WEBAUTHN_START_PATH = '/v1/auth/webauthn/signin/start'
+        SIGN_IN_AUTH_WEBAUTHN_FINISH_PATH = '/v1/auth/webauthn/signin/finish'
+        SIGN_UP_OR_IN_AUTH_WEBAUTHN_START_PATH = '/v1/auth/webauthn/signup-in/start'
+        UPDATE_AUTH_WEBAUTHN_START_PATH = '/v1/auth/webauthn/update/start'
+        UPDATE_AUTH_WEBAUTHN_FINISH_PATH = '/v1/auth/webauthn/update/finish'
+
+        # password
+        SIGN_UP_PASSWORD_PATH = '/v1/auth/password/signup'
+        SIGN_IN_PASSWORD_PATH = '/v1/auth/password/signin'
+        SEND_RESET_PASSWORD_PATH = '/v1/auth/password/reset'
+        UPDATE_PASSWORD_PATH = '/v1/auth/password/update'
+        REPLACE_PASSWORD_PATH = '/v1/auth/password/replace'
+        PASSWORD_POLICY_PATH = '/v1/auth/password/policy'
+      end
+
+      module EndpointsV2
+        PUBLIC_KEY_PATH = '/v2/keys'
+      end
+
+      module LoginOptions
+        attr_accessor :stepup, :mfa, :custom_claims
+
+        def initialize
+          @stepup = stepup || false
+          @mfa ||= false
+          @custom_claims ||= {}
+        end
+      end
+    end
+  end
+end

data/lib/descope/mixins/headers.rb

@@ -0,0 +1,15 @@
+module Descope
+  module Mixins
+    module Headers
+      # Descope default headers
+      def client_headers
+        {
+          'Content-Type' => 'application/json',
+          'x-descope-sdk-name': 'ruby',
+          'x-descope-sdk-ruby-version': RUBY_VERSION,
+          'x-descope-sdk-version': Descope::SDK_VERSION,
+        }
+      end
+    end
+  end
+end

data/lib/descope/mixins/http.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+require "addressable/uri"
+require 'retryable'
+require_relative '../exception'
+
+module Descope
+  module Mixins
+    # HTTP-related methods
+    module HTTP
+      attr_accessor :headers, :base_uri, :timeout, :retry_count
+
+      DEFAULT_RETRIES = 3
+      MAX_ALLOWED_RETRIES = 10
+      MAX_REQUEST_RETRY_JITTER = 250
+      MAX_REQUEST_RETRY_DELAY = 1000
+      MIN_REQUEST_RETRY_DELAY = 250
+      BASE_DELAY = 100
+
+      %i[get post post_file post_form put patch delete delete_with_body].each do |method|
+        define_method(method) do |uri, body = {}, extra_headers = {}, pswd = nil|
+          body = body.delete_if { |_, v| v.nil? }
+          authorization_header(pswd) # This will set the pswd if provided, else default to the @default_pswd
+
+          @logger.debug "request => method: #{method}, uri: #{uri}, body: #{body}, extra_headers: #{extra_headers}}"
+          request_with_retry(method, uri, body, extra_headers)
+        end
+      end
+
+      def retry_options
+        sleep_timer = lambda do |attempt|
+          wait = BASE_DELAY * (2**attempt - 1) # Exponential delay with each subsequent request attempt.
+          wait += rand(wait + 1..wait + MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
+          wait = [MAX_REQUEST_RETRY_DELAY, wait].min # Cap delay at MAX_REQUEST_RETRY_DELAY.
+          wait = [MIN_REQUEST_RETRY_DELAY, wait].max # Ensure delay is no less than MIN_REQUEST_RETRY_DELAY.
+          wait / 1000.to_f.round(2) # convert ms to seconds
+        end
+
+        tries = 1 + [Integer(retry_count || DEFAULT_RETRIES), MAX_ALLOWED_RETRIES].min # Cap retries at MAX_ALLOWED_RETRIES
+
+        {
+          tries: tries,
+          sleep: sleep_timer,
+          on: Descope::RateLimitException
+        }
+      end
+
+      def safe_parse_json(body)
+        @logger.debug "response => #{JSON.parse(body.to_s)}"
+        JSON.parse(body.to_s)
+      rescue JSON::ParserError
+        body
+      end
+
+      def encode_uri(uri)
+        encoded_uri = base_uri ? Addressable::URI.parse(uri).normalize : Addressable::URI.escape(uri)
+        @logger.debug "will call #{url(encoded_uri)}"
+        url(encoded_uri)
+      end
+
+      def url(path)
+        "#{@base_uri}#{path}"
+      end
+
+      def add_headers(h = {})
+        raise ArgumentError, 'Headers must be an object which responds to #to_hash' unless h.respond_to?(:to_hash)
+
+        @headers ||= {}
+        @headers.merge!(h.to_hash)
+      end
+
+      def request_with_retry(method, uri, body = {}, extra_headers = {}, pswd = nil)
+        Retryable.retryable(retry_options) do
+          request(method, uri, body, extra_headers)
+        end
+      end
+
+      def request(method, uri, body = {}, extra_headers = {})
+        # @headers is getting the authorization header merged in initializer.rb
+        headers_debug = @headers.dup
+        if headers_debug['Authorization']
+          headers_debug['Authorization'] = headers_debug['Authorization'].gsub(/(.{10})\z/, '***********')
+        end
+
+        @logger.debug "base url: #{@base_uri}"
+        @logger.debug "request method: #{method}, uri: #{uri}, body: #{body}, extra_headers: #{extra_headers}, headers: #{headers_debug}"
+        result = case method
+                 when :get
+                   get_headers = @headers.merge({ params: body }).merge(extra_headers)
+                   call(:get, encode_uri(uri), timeout, get_headers)
+                 when :delete
+                   delete_headers = @headers.merge({ params: body })
+                   call(:delete, encode_uri(uri), timeout, delete_headers)
+                 else
+                   call(method, encode_uri(uri), timeout, @headers, body.to_json)
+                 end
+
+        raise Descope::Unsupported.new("No response from server", code: 400) unless result && result.respond_to?(:code)
+
+        @logger.info "http status code: #{result.code}"
+        case result.code
+        when 200...226 then safe_parse_json(result.body)
+        when 400       then raise Descope::BadRequest.new(result.body, code: result.code, headers: result.headers)
+        when 401       then raise Descope::Unauthorized.new(result.body, code: result.code, headers: result.headers)
+        when 403       then raise Descope::AccessDenied.new(result.body, code: result.code, headers: result.headers)
+        when 404       then raise Descope::NotFound.new(result.body, code: result.code, headers: result.headers)
+        when 405       then raise Descope::MethodNotAllowed.new(result.body, code: result.code, headers: result.headers)
+        when 429       then raise Descope::RateLimitException.new(result.body, code: result.code, headers: result.headers)
+        when 500       then raise Descope::ServerError.new(result.body, code: result.code, headers: result.headers)
+        else
+          raise Descope::Unsupported.new(result.body, code: result.code, headers: result.headers)
+        end
+      end
+
+      def call(method, url, timeout, headers, body = nil)
+        RestClient::Request.execute(
+          method:,
+          url:,
+          timeout:,
+          headers:,
+          payload: body
+        )
+      rescue RestClient::Exception => e
+        case e
+        when RestClient::RequestTimeout
+          raise Descope::RequestTimeout.new(e.message)
+        else
+          return e.response
+        end
+      end
+    end
+  end
+end
+

data/lib/descope/mixins/initializer.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Descope
+  module Mixins
+    # Helper class for initializing the Descope API
+    module Initializer
+      attr_accessor :public_keys, :mlock
+
+      def initialize(config)
+        options = Hash[config.map { |(k, v)| [k.to_sym, v] }]
+        @base_uri = base_url(options)
+        @headers = client_headers
+        @project_id = options[:project_id] || ENV['DESCOPE_PROJECT_ID'] || ''
+        @public_key = options[:public_key] || ENV['DESCOPE_PUBLIC_KEY']
+        @mlock = Mutex.new
+        log_level = options[:log_level] || ENV['DESCOPE_LOG_LEVEL'] || 'info'
+        @logger ||= Descope::Mixins::Logging.logger_for(self.class.name, log_level)
+
+        @logger.debug("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
+
+        if @public_key.nil?
+          @public_keys = {}
+        else
+          kid, pub_key, alg = validate_and_load_public_key(@public_key)
+          @public_keys = { kid => [pub_key, alg] }
+        end
+
+        @skip_verify = options[:skip_verify]
+        @secure = !@skip_verify
+        @management_key = options[:management_key] || ENV['DESCOPE_MANAGEMENT_KEY']
+        @logger.debug("Management Key ID: #{@management_key}")
+        @timeout_seconds = options[:timeout_seconds] || Common::DEFAULT_TIMEOUT_SECONDS
+        @jwt_validation_leeway = options[:jwt_validation_leeway] || Common::DEFAULT_JWT_VALIDATION_LEEWAY
+
+        if @project_id.to_s.empty?
+          raise AuthException.new(
+            'Unable to init Auth object because project_id cannot be empty. '\
+                    'Set environment variable DESCOPE_PROJECT_ID or pass your Project ID to the init function.',
+            code: 400
+          )
+        else
+          initialize_api(options)
+        end
+      end
+
+      def self.included(klass)
+        klass.send :prepend, Initializer
+      end
+
+      def base_url(options)
+        url = options[:descope_base_uri] || ENV['DESCOPE_BASE_URI'] || Common::DEFAULT_BASE_URL
+        return url if url.start_with? 'http'
+
+        raise AuthException.new('base url must start with http or https', code: 400)
+
+      end
+
+      def authorization_header(pswd = nil)
+        pswd = @default_pswd if pswd.nil? || pswd.empty?
+        bearer = "#{@project_id}:#{pswd}"
+        add_headers('Authorization' => "Bearer #{bearer}")
+      end
+
+      def initialize_api(options)
+        initialize_v1(options)
+        @default_pswd = options.fetch(:management_key, ENV['DESCOPE_MANAGEMENT_KEY'])
+        authorization_header
+      end
+
+      def initialize_v1(_options)
+        extend Descope::Api::V1
+        extend Descope::Api::V1::Management
+        extend Descope::Api::V1::Auth
+        extend Descope::Api::V1::Session
+      end
+    end
+  end
+end

data/lib/descope/mixins/logging.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Descope
+  module Mixins
+    # Module to provide logger.
+    module Logging
+
+      def logger
+        # This is the magical bit that gets mixed into the other modules
+        @logger ||= Logging.logger_for(self.class.name, 'info')
+      end
+
+      # Use a hash class-ivar to cache a unique Logger per class:
+      @loggers = {}
+
+      class << self
+        def logger_for(classname, level)
+          @loggers[classname] ||= configure_logger_for(classname, level)
+        end
+
+        def configure_logger_for(classname, level = 'info')
+          logger = Logger.new(STDOUT)
+          logger.level = Object.const_get("Logger::#{level.upcase}")
+          logger.progname = classname
+          logger
+        end
+      end
+    end
+  end
+end

data/lib/descope/mixins/validation.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module Descope
+  module Mixins
+    # Module to provide validation for specific data structures.
+    module Validation
+      def validate_tenants(key_tenants)
+        raise ArgumentError, 'key_tenants should be an Array of hashes' unless key_tenants.is_a? Array
+
+        key_tenants.each do |tenant|
+          unless tenant.is_a? Hash
+            raise ArgumentError,
+                  'Each tenant should be a Hash of tenant_id and optional role_names array'
+          end
+
+          tenant_symbolized = tenant.transform_keys(&:to_sym)
+
+          raise ArgumentError, "Missing tenant_id key in tenant: #{tenant}" unless tenant_symbolized.key?(:tenant_id)
+        end
+      end
+
+      def validate_login_id(login_id)
+        raise AuthException, 'login_id cannot be empty' unless login_id.is_a?(String) && !login_id.empty?
+      end
+
+      def validate_user_id(user_id)
+        raise Descope::ArgumentException, 'Missing user id' if user_id.nil? || user_id.to_s.empty?
+      end
+
+      def validate_password(password)
+        raise AuthException, 'password cannot be empty' unless password.is_a?(String) && !password.empty?
+      end
+
+      def validate_email(email)
+        raise AuthException.new('email cannot be empty', code: 400) unless email.is_a?(String) && !email.empty?
+      end
+
+      def validate_token_not_empty(token)
+        raise AuthException.new('Token cannot be empty', code: 400) unless token.is_a?(String) && !token.empty?
+      end
+
+      def validate_refresh_token_not_nil(refresh_token)
+        return unless refresh_token.nil? || refresh_token.empty?
+
+        raise AuthException.new('Refresh token is required to refresh a session', code: 400)
+      end
+
+      def validate_phone(method, phone)
+        raise AuthException.new('Phone number cannot be empty', code: 400) unless phone.is_a?(String) && !phone.empty?
+        raise AuthException.new('Invalid phone number', code: 400) unless phone.match?(PHONE_REGEX)
+        raise AuthException.new('Invalid delivery method', code: 400) unless [
+          DeliveryMethod::WHATSAPP, DeliveryMethod::SMS
+        ].include?(method)
+      end
+
+      def verify_provider(oauth_provider)
+        return false if oauth_provider.to_s.empty? || oauth_provider.nil?
+
+        true
+      end
+
+      def validate_tenant(tenant)
+        raise AuthException.new('Tenant cannot be empty', code: 400) unless tenant.is_a?(String) && !tenant.empty?
+      end
+
+      def validate_redirect_url(return_url)
+        raise AuthException.new('Return_url cannot be empty', code: 400) unless return_url.is_a?(String) && !return_url.empty?
+      end
+
+      def validate_code(code)
+        raise AuthException.new('Code cannot be empty', code: 400) unless code.is_a?(String) && !code.empty?
+      end
+
+      def validate_scim_group_id(group_id)
+        raise AuthException.new('SCIM Group ID cannot be empty', code: 400) unless group_id.is_a?(String) && !group_id.empty?
+      end
+    end
+  end
+end

data/lib/descope/mixins.rb

@@ -0,0 +1,22 @@
+require 'rest-client'
+require 'uri'
+require 'logger'
+require 'jwt'
+require 'descope/mixins/headers'
+require 'descope/mixins/http'
+require 'descope/mixins/initializer'
+require 'descope/mixins/validation'
+require 'descope/mixins/logging'
+require 'descope/mixins/common'
+require 'descope/api/v1'
+
+module Descope
+  # Collecting dependencies here
+  module Mixins
+    include Descope::Mixins::Common
+    include Descope::Mixins::Headers
+    include Descope::Mixins::HTTP
+    include Descope::Mixins::Initializer
+    include Descope::Mixins::Logging
+  end
+end

data/lib/descope/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+# Current version of gem
+module Descope
+  VERSION = '1.0.4'
+  SDK_VERSION = '1.0.0'
+end

data/lib/descope.rb

@@ -0,0 +1,9 @@
+require 'descope/version'
+require 'descope/mixins'
+require 'descope/exception'
+require 'descope/client'
+require 'descope_client'
+
+# Namespace for Ruby Descope logic
+module Descope
+end

data/lib/descope_client.rb

@@ -0,0 +1,5 @@
+# This class is made for backward compatibility of gem
+
+class DescopeClient < Descope::Client
+
+end