descope 1.0.4

data/Rakefile

@@ -0,0 +1,31 @@
+#!/usr/bin/env rake
+require 'bundler/gem_tasks'
+
+begin
+  require 'rubocop/rake_task'
+
+  require 'rspec/core/rake_task'
+
+  desc 'Run Rubocop'
+  RuboCop::RakeTask.new(:rubocop)
+
+  desc 'Run Integration Tests'
+  RSpec::Core::RakeTask.new(:integration) do |t|
+    t.pattern = FileList["spec/integration/**/*#{ENV['PATTERN']}*_spec.rb"]
+  end
+
+  desc 'Run Unit Tests'
+  RSpec::Core::RakeTask.new(:spec) do |t|
+    t.pattern = FileList["spec/lib/descope/**/*#{ENV['PATTERN']}*_spec.rb"]
+  end
+
+  desc 'Run All Suites'
+  RSpec::Core::RakeTask.new(:all)
+
+  desc 'Run unit and integration tests'
+  task test: [:spec, :integration]
+
+  task default: [:rubocop, :test]
+rescue LoadError
+  puts 'Load Error - No RSpec'
+end

data/descope.gemspec

@@ -0,0 +1,34 @@
+# -*- encoding: utf-8 -*-
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+require 'descope/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'descope'
+  s.version     = Descope::VERSION
+  s.authors     = ['Descope']
+  s.email       = ['support@descope.com']
+  s.homepage    = 'https://github.com/descope/descope-ruby-sdk'
+  s.summary     = 'Descope API Client'
+  s.description = 'Ruby API Client for Descope API https://descope.com'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  s.add_runtime_dependency 'rest-client', '~> 2.1'
+  s.add_runtime_dependency 'jwt', '~> 2.7'
+  s.add_runtime_dependency 'zache', '~> 0.12'
+  s.add_runtime_dependency 'addressable', '~> 2.8'
+  s.add_runtime_dependency 'retryable', '~> 3.0'
+
+  s.add_development_dependency 'bundler'
+  s.add_development_dependency 'rake', '~> 13.0'
+  s.add_development_dependency 'fuubar', '~> 2.0'
+  s.add_development_dependency 'rspec', '~> 3.11'
+  s.add_development_dependency 'simplecov', '~> 0.9'
+  s.add_development_dependency 'faker', '~> 2.0'
+  s.add_development_dependency "super_diff", "~> 1.0"
+  s.add_development_dependency 'concurrent-ruby', '~> 1.1'
+  s.license = 'MIT'
+end

data/examples/ruby/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'descope'
+gem 'launchy'

data/examples/ruby/Gemfile.lock

@@ -0,0 +1,41 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
+    descope (1.0.2)
+      addressable (~> 2.8)
+      jwt (~> 2.7)
+      rest-client (~> 2.1)
+      retryable (~> 3.0)
+      zache (~> 0.12)
+    domain_name (0.6.20240107)
+    http-accept (1.7.0)
+    http-cookie (1.0.5)
+      domain_name (~> 0.5)
+    jwt (2.7.1)
+    launchy (2.5.2)
+      addressable (~> 2.8)
+    mime-types (3.5.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2024.0206)
+    netrc (0.11.0)
+    public_suffix (5.0.4)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    retryable (3.0.5)
+    zache (0.13.1)
+
+PLATFORMS
+  arm64-darwin-23
+  ruby
+
+DEPENDENCIES
+  descope
+  launchy
+
+BUNDLED WITH
+   2.5.5

data/examples/ruby/access_key_app.rb

@@ -0,0 +1,45 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'descope'
+
+@logger = Logger.new($stdout)
+
+@project_id = ENV['DESCOPE_PROJECT_ID']
+@management_key = ENV['DESCOPE_MANAGEMENT_KEY']
+
+@logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
+
+@client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
+
+access_key = nil
+
+begin
+  @logger.info('Going to login by using access key ...')
+
+  if access_key.nil?
+    print "Insert access key here\n"
+    access_key = gets.chomp
+  end
+
+  begin
+    jwt_response = @client.exchange_access_key(access_key)
+    @logger.info('exchange access key successfully')
+    @logger.info("jwt_response: #{jwt_response}")
+
+    permission_name = 'TestPermission'
+    permission_presented = @client.validate_permissions(
+      jwt_response:, permissions: [permission_name]
+    )
+    @logger.info("#{permission_name} presented on the jwt: [#{permission_presented}]")
+    role_name = 'TestRole'
+    role_presented = @client.validate_roles(jwt_response:, roles: [role_name])
+    @logger.info("#{role_name} presented on the jwt: [#{role_presented}]")
+  rescue Descope::AuthException => e
+    @logger.error("Failed to exchange access key #{e}")
+    raise
+  end
+rescue StandardError => e
+  @logger.error("Failed to initialize DescopeClient #{e}")
+  raise
+end

data/examples/ruby/enchantedlink_app.rb

@@ -0,0 +1,65 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'descope'
+
+@logger = Logger.new($stdout)
+
+@project_id = ENV['DESCOPE_PROJECT_ID']
+@management_key = ENV['DESCOPE_MANAGEMENT_KEY']
+
+@logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
+
+@client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
+
+def verify
+  print "Please insert the token you received by email:\n"
+  token = gets.chomp
+  @client.enchanted_link_verify_token(token)
+  p 'Token is valid'
+rescue Descope::AuthException => e
+  p "Invalid Token #{e}"
+  raise
+end
+
+print 'Going to signup / signin using Enchanted Link ...'
+print "Please insert email to signup / signin:\n"
+email = gets.chomp
+resp = @client.enchanted_link_sign_up_or_in(
+  login_id: email,
+  uri: 'http://test.me'
+)
+
+link_identifier = resp['linkId']
+masked_email = resp['maskedEmail']
+p "We have sent you an email to #{masked_email}"
+p "Please click the link with the identifier #{link_identifier}"
+pending_ref = resp['pendingRef']
+
+done = false
+
+# open thread to get input
+thread = Thread.new { verify }
+thread.join
+
+i = 0
+until done
+  begin
+    i += 1
+    $stdout.write("Sleeping #{i}...")
+    sleep(4)
+    jwt_response = @client.enchanted_link_get_session(pending_ref)
+    done = true
+  rescue Descope::AuthException => e
+    if e.status_code != 401
+      p "Failed pending session, err: #{e}"
+      done = true
+    end
+  end
+end
+
+if jwt_response
+  refresh_token = jwt_response.fetch(Descope::Mixins::Common::REFRESH_SESSION_TOKEN_NAME).fetch('jwt')
+  @client.sign_out(refresh_token)
+  p 'User logged out'
+end

data/examples/ruby/magiclink_app.rb

@@ -0,0 +1,81 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'descope'
+
+# include Descope::Mixin::Common
+@logger = Logger.new($stdout)
+
+@project_id = ENV['DESCOPE_PROJECT_ID']
+@management_key = ENV['DESCOPE_MANAGEMENT_KEY']
+
+@logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
+
+@client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
+
+@logger.info('Going to signup / signin using Magic Link ...')
+print "Please insert email to signup / signin:\n"
+email = gets.chomp
+masked_mail = @client.magiclink_sign_up_or_in(
+  method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
+  login_id: email,
+  uri: 'http://test.me'
+)
+
+print "Please insert the token you received by email (#{masked_mail}):\n"
+token = gets.chomp
+begin
+  jwt_response = @client.magiclink_verify_token(token)
+  @logger.info('Token is valid')
+  refresh_token = jwt_response['refreshJwt']
+  @logger.info("jwt_response: #{jwt_response}")
+rescue Descope::AuthException => e
+  @logger.error("Invalid Token #{e}")
+  raise
+end
+
+begin
+  @logger.info('Going to logout after sign-in / sign-up')
+  @client.sign_out(refresh_token)
+  @logger.info('User logged out after sign-in / sign-up')
+rescue Descope::AuthException => e
+  @logger.info("Failed to logged after sign-in / sign-up, err: #{e}")
+end
+
+@logger.info('Going to sign in same user again...')
+@client.magiclink_sign_in(
+  method: Descope::Mixins::Common::DeliveryMethod::EMAIL, login_id: email, uri: 'http://test.me'
+)
+
+print "Please insert the Token you received by email:\n"
+token = gets.chomp
+begin
+  jwt_response = @client.magiclink_verify_token(token)
+  @logger.info('Token is valid')
+  session_token_1 = jwt_response['sessionJwt']
+  refresh_token_1 = jwt_response['refreshJwt']
+  @logger.info("jwt_response: #{jwt_response}")
+rescue Descope::AuthException => e
+  @logger.error("Invalid Token #{e}")
+  raise
+end
+
+begin
+  @logger.info("going to validate session...#{session_token_1}")
+  @client.validate_and_refresh_session(
+    session_token: session_token_1, refresh_token: refresh_token_1
+  )
+  @logger.info('Session is valid and all is OK')
+rescue Descope::AuthException => e
+  @logger.error("Session is not valid #{e}")
+end
+
+begin
+  @logger.info(
+    "Going to logout at the second time\nrefresh_token: #{refresh_token_1}"
+  )
+  @client.sign_out(refresh_token_1)
+  @logger.info('User logged out')
+rescue Descope::AuthException => e
+  @logger.error("Failed to logged out user, err: #{e}")
+end

data/examples/ruby/management/Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# A sample Gemfile
+source 'http://rubygems.org'
+
+gem 'descope'

data/examples/ruby/management/Gemfile.lock

@@ -0,0 +1,38 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
+    descope (1.0.0)
+      addressable (~> 2.8)
+      jwt (~> 2.7)
+      rest-client (~> 2.1)
+      retryable (~> 3.0)
+      zache (~> 0.12)
+    domain_name (0.6.20240107)
+    http-accept (1.7.0)
+    http-cookie (1.0.5)
+      domain_name (~> 0.5)
+    jwt (2.7.1)
+    mime-types (3.5.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2023.1205)
+    netrc (0.11.0)
+    public_suffix (5.0.4)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    retryable (3.0.5)
+    zache (0.13.1)
+
+PLATFORMS
+  arm64-darwin-23
+  ruby
+
+DEPENDENCIES
+  descope
+
+BUNDLED WITH
+   2.5.5

data/examples/ruby/management/access_key_app.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'descope'
+
+@logger = Logger.new($stdout)
+
+@project_id = ENV['DESCOPE_PROJECT_ID']
+@management_key = ENV['DESCOPE_MANAGEMENT_KEY']
+
+@logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
+
+@client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
+
+begin
+  @logger.info('Going to create a new access key')
+  access_key_resp = @client.create_access_key(name: 'key-name', expire_time: 1_677_844_931)
+  access_key = access_key_resp['key']
+  key_id = access_key['id']
+  @logger.info("Create: created access key #{access_key}")
+rescue Descope::AuthException => e
+  @logger.info("Access key creation failed #{e}")
+end
+
+begin
+  @logger.info('Searching for created access key')
+  access_key_resp = @client.load_access_key(key_id)
+  access_key = access_key_resp['key']
+  @logger.info("Load: found access key #{access_key}")
+rescue Descope::AuthException => e
+  @logger.info("Access key load failed #{e}")
+end
+
+begin
+  @logger.info('Searching all access keys')
+  users_resp = @client.search_all_access_keys
+  access_keys = users_resp['keys']
+  access_keys.each do |key|
+    @logger.info("Search Found access key #{key}")
+  end
+rescue Descope::AuthException => e
+  @logger.info("Access key load failed #{e}")
+end
+
+begin
+  @logger.info('Updating newly created access key')
+  @client.update_access_key(id: key_id, name: 'New key name')
+rescue Descope::AuthException => e
+  @logger.info("Access key update failed #{e}")
+end
+
+begin
+  @logger.info('Deactivating newly created access key')
+  @client.deactivate_access_key(key_id)
+rescue Descope::AuthException => e
+  @logger.info("Access key deactivate failed #{e}")
+end
+
+begin
+  @logger.info('Activating newly created access key')
+  @client.activate_access_key(key_id)
+rescue Descope::AuthException => e
+  @logger.info("Access key activate failed #{e}")
+end
+
+begin
+  @logger.info('Deleting newly created access key')
+  @client.delete_access_key(key_id)
+rescue Descope::AuthException => e
+  @logger.info("Access key deletion failed #{e}")
+end

data/examples/ruby/management/audit_app.rb

@@ -0,0 +1,25 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'descope'
+
+@logger = Logger.new($stdout)
+
+@project_id = ENV['DESCOPE_PROJECT_ID']
+@management_key = ENV['DESCOPE_MANAGEMENT_KEY']
+
+@logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
+
+@client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
+
+begin
+  @logger.info('Going to search audit')
+  text = nil
+  text = ARGV[0] if ARGV.length > 1
+  from_ts = nil
+  from_ts = DateTime.iso8601(ARGV[1]) if ARGV.length > 2
+  res = @client.audit_search(text:, from_ts:)
+  @logger.info("Audit search result: #{res}")
+rescue Descope::AuthException => e
+  @logger.error("Audit search failed #{e}")
+end

data/examples/ruby/management/authz_app.rb

@@ -0,0 +1,135 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'descope'
+
+@logger = Logger.new($stdout)
+
+@project_id = ENV['DESCOPE_PROJECT_ID']
+@management_key = ENV['DESCOPE_MANAGEMENT_KEY']
+
+@logger.info("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
+
+@client = Descope::Client.new({ project_id: @project_id, management_key: @management_key })
+
+begin
+  @logger.info('Creating test authz schema if different name')
+  schema = @client.authz_load_schema
+  File.open('./authz_files.json', 'rt') do |f|
+    schema_from_file = JSON.parse(f.read)
+    if schema['name'] != schema_from_file['name']
+      @logger.info('Schema is different, upgrading...')
+      @client.authz_save_schema(schema: schema_from_file, upgrade: true)
+      @client.authz_create_relations(
+        [
+          {
+            "resource": 'Dev',
+            "relationDefinition": 'parent',
+            "namespace": 'org',
+            "target": 'Descope'
+          },
+          {
+            "resource": 'Sales',
+            "relationDefinition": 'parent',
+            "namespace": 'org',
+            "target": 'Descope'
+          },
+          {
+            "resource": 'Dev',
+            "relationDefinition": 'member',
+            "namespace": 'org',
+            "target": 'u1'
+          },
+          {
+            "resource": 'Dev',
+            "relationDefinition": 'member',
+            "namespace": 'org',
+            "target": 'u3'
+          },
+          {
+            "resource": 'Sales',
+            "relationDefinition": 'member',
+            "namespace": 'org',
+            "target": 'u2'
+          },
+          {
+            "resource": 'Presentations',
+            "relationDefinition": 'parent',
+            "namespace": 'folder',
+            "target": 'Internal'
+          },
+          {
+            "resource": 'roadmap.ppt',
+            "relationDefinition": 'parent',
+            "namespace": 'doc',
+            "target": 'Presentations'
+          },
+          {
+            "resource": 'roadmap.ppt',
+            "relationDefinition": 'owner',
+            "namespace": 'doc',
+            "target": 'u1'
+          },
+          {
+            "resource": 'Internal',
+            "relationDefinition": 'viewer',
+            "namespace": 'folder',
+            "targetSetResource": 'Descope',
+            "targetSetRelationDefinition": 'member',
+            "targetSetRelationDefinitionNamespace": 'org'
+          },
+          {
+            "resource": 'Presentations',
+            "relationDefinition": 'editor',
+            "namespace": 'folder',
+            "targetSetResource": 'Sales',
+            "targetSetRelationDefinition": 'member',
+            "targetSetRelationDefinitionNamespace": 'org'
+          }
+        ]
+      )
+    end
+
+    res = @client.authz_has_relations?([
+                                         {
+                                           "resource": 'roadmap.ppt',
+                                           "relationDefinition": 'owner',
+                                           "namespace": 'doc',
+                                           "target": 'u1'
+                                         },
+                                         {
+                                           "resource": 'roadmap.ppt',
+                                           "relationDefinition": 'editor',
+                                           "namespace": 'doc',
+                                           "target": 'u1'
+                                         },
+                                         {
+                                           "resource": 'roadmap.ppt',
+                                           "relationDefinition": 'viewer',
+                                           "namespace": 'doc',
+                                           "target": 'u1'
+                                         },
+                                         {
+                                           "resource": 'roadmap.ppt',
+                                           "relationDefinition": 'viewer',
+                                           "namespace": 'doc',
+                                           "target": 'u3'
+                                         },
+                                         {
+                                           "resource": 'roadmap.ppt',
+                                           "relationDefinition": 'editor',
+                                           "namespace": 'doc',
+                                           "target": 'u3'
+                                         },
+                                         {
+                                           "resource": 'roadmap.ppt',
+                                           "relationDefinition": 'editor',
+                                           "namespace": 'doc',
+                                           "target": 'u2'
+                                         }
+                                       ])
+    @logger.info("Checking existing relations: #{res}")
+  rescue Descope::AuthException => e
+    @logger.error("Audit search failed #{e}")
+  end
+end