RubyGems - descope - Versions diffs - 1.0.5 → 1.0.7 - Mend

descope 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yaml +2 -2
data/.github/workflows/publish-gem.yaml +39 -7
data/.gitignore +2 -0
data/.ruby-version +1 -1
data/Gemfile +7 -7
data/Gemfile.lock +70 -65
data/README.md +175 -52
data/descope.gemspec +25 -20
data/examples/ruby/.ruby-version +1 -0
data/examples/ruby/access_key_app.rb +4 -3
data/examples/ruby/enchantedlink_app.rb +1 -0
data/examples/ruby/magiclink_app.rb +1 -0
data/examples/ruby/management/.ruby-version +1 -0
data/examples/ruby/management/Gemfile +2 -2
data/examples/ruby/management/access_key_app.rb +2 -0
data/examples/ruby/management/audit_app.rb +32 -8
data/examples/ruby/management/authz_app.rb +1 -0
data/examples/ruby/management/flow_app.rb +1 -0
data/examples/ruby/management/permission_app.rb +3 -2
data/examples/ruby/management/role_app.rb +3 -2
data/examples/ruby/management/tenant_app.rb +1 -0
data/examples/ruby/management/user_app.rb +1 -0
data/examples/ruby/oauth_app.rb +1 -0
data/examples/ruby/otp_app.rb +38 -12
data/examples/ruby/password_app.rb +8 -7
data/examples/ruby/saml_app.rb +1 -0
data/examples/ruby/version_check.rb +17 -0
data/examples/ruby-on-rails-api/descope/Gemfile +9 -7
data/examples/ruby-on-rails-api/descope/Gemfile.lock +121 -90
data/examples/ruby-on-rails-api/descope/README.md +18 -18
data/examples/ruby-on-rails-api/descope/app/assets/builds/application.css +20092 -23
data/examples/ruby-on-rails-api/descope/app/assets/builds/application.js +0 -1
data/examples/ruby-on-rails-api/descope/app/assets/builds/components/index.js +0 -14
data/examples/ruby-on-rails-api/descope/package-lock.json +1073 -19302
data/examples/ruby-on-rails-api/descope/package.json +8 -16
data/examples/ruby-on-rails-api/descope/yarn.lock +557 -10641
data/lib/descope/api/v1/auth/enchantedlink.rb +3 -1
data/lib/descope/api/v1/auth/magiclink.rb +3 -1
data/lib/descope/api/v1/auth/otp.rb +24 -15
data/lib/descope/api/v1/auth/password.rb +6 -2
data/lib/descope/api/v1/auth/totp.rb +3 -1
data/lib/descope/api/v1/auth.rb +64 -32
data/lib/descope/api/v1/management/audit.rb +24 -0
data/lib/descope/api/v1/management/common.rb +21 -5
data/lib/descope/api/v1/management/sso_application.rb +236 -0
data/lib/descope/api/v1/management/sso_settings.rb +2 -24
data/lib/descope/api/v1/management/user.rb +151 -13
data/lib/descope/api/v1/management.rb +2 -0
data/lib/descope/api/v1/session.rb +37 -4
data/lib/descope/mixins/common.rb +6 -2
data/lib/descope/mixins/http.rb +60 -9
data/lib/descope/mixins/initializer.rb +2 -1
data/lib/descope/mixins/logging.rb +12 -4
data/lib/descope/mixins/validation.rb +21 -6
data/lib/descope/version.rb +1 -1
data/spec/descope/api/v1/auth_spec.rb +29 -0
data/spec/descope/api/v1/auth_token_extraction_spec.rb +126 -0
data/spec/descope/api/v1/session_refresh_spec.rb +98 -0
data/spec/factories/user.rb +1 -1
data/spec/integration/lib.descope/api/v1/auth/enchantedlink_spec.rb +1 -1
data/spec/integration/lib.descope/api/v1/auth/magiclink_spec.rb +1 -1
data/spec/integration/lib.descope/api/v1/auth/otp_spec.rb +73 -8
data/spec/integration/lib.descope/api/v1/auth/session_spec.rb +49 -0
data/spec/integration/lib.descope/api/v1/auth/totp_spec.rb +1 -1
data/spec/integration/lib.descope/api/v1/management/access_key_spec.rb +3 -0
data/spec/integration/lib.descope/api/v1/management/audit_spec.rb +38 -0
data/spec/integration/lib.descope/api/v1/management/authz_spec.rb +2 -0
data/spec/integration/lib.descope/api/v1/management/flow_spec.rb +3 -1
data/spec/integration/lib.descope/api/v1/management/permissions_spec.rb +4 -2
data/spec/integration/lib.descope/api/v1/management/project_spec.rb +2 -0
data/spec/integration/lib.descope/api/v1/management/roles_spec.rb +3 -1
data/spec/integration/lib.descope/api/v1/management/user_spec.rb +55 -6
data/spec/lib.descope/api/v1/auth/enchantedlink_spec.rb +11 -2
data/spec/lib.descope/api/v1/auth/otp_spec.rb +176 -18
data/spec/lib.descope/api/v1/auth/password_spec.rb +10 -1
data/spec/lib.descope/api/v1/auth_spec.rb +168 -6
data/spec/lib.descope/api/v1/cookie_domain_fix_integration_spec.rb +245 -0
data/spec/lib.descope/api/v1/management/audit_spec.rb +92 -0
data/spec/lib.descope/api/v1/management/sso_application_spec.rb +217 -0
data/spec/lib.descope/api/v1/management/sso_settings_spec.rb +2 -2
data/spec/lib.descope/api/v1/management/user_spec.rb +134 -46
data/spec/lib.descope/api/v1/session_spec.rb +119 -6
data/spec/lib.descope/mixins/http_spec.rb +218 -0
data/spec/support/client_config.rb +0 -1
data/spec/support/utils.rb +6 -0
metadata +34 -137
data/examples/ruby-on-rails-api/descope/app/assets/builds/reportWebVitals.js +0 -211
data/examples/ruby-on-rails-api/descope/app/assets/builds/reportWebVitals.js.map +0 -7

data/spec/lib.descope/api/v1/auth_spec.rb CHANGED Viewed

@@ -181,7 +181,7 @@ describe Descope::Api::V1::Auth do
       expect do
         exp_in_seconds = 20
-        puts "Sleeping for #{exp_in_seconds} seconds to test token expiration. Please wait..."
+        puts "\nAuthSpec.validate_token::Sleeping for #{exp_in_seconds} seconds to test token expiration. Please wait...\n"
         sleep(exp_in_seconds)
         @instance.send(:validate_token, token)
       end.to raise_error(
@@ -249,7 +249,13 @@ describe Descope::Api::V1::Auth do
     end
     it 'is expected to select tenant' do
-      jwt_response = { 'fake': 'response' }
+      jwt_response = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt',
+        'cookies' => {
+          'refresh_token' => 'fake_refresh_cookie'
+        }
+      }
       expect(@instance).to receive(:post).with(
         SELECT_TENANT_PATH, { tenantId: 'tenant123' }, {}, 'refresh-token'
@@ -390,20 +396,26 @@ describe Descope::Api::V1::Auth do
     end
     it 'is expected to successfully exchange access key without login_options' do
-      jwt_response = { 'fake': 'response' }
+      jwt_response = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt'
+      }
       access_key = 'abc'
       expect(@instance).to receive(:post).with(
         EXCHANGE_AUTH_ACCESS_KEY_PATH, { loginOptions: {}, audience: 'IT' }, {}, access_key
       ).and_return(jwt_response)
-      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+      allow(@instance).to receive(:generate_auth_info).and_return(jwt_response)
       expect { @instance.exchange_access_key(access_key:, audience: 'IT') }.not_to raise_error
     end
     it 'is expected to successfully exchange access key with login_options' do
-      jwt_response = { 'fake': 'response' }
+      jwt_response = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt'
+      }
       access_key = 'abc'
       expect(@instance).to receive(:post).with(
@@ -413,9 +425,159 @@ describe Descope::Api::V1::Auth do
         access_key
       ).and_return(jwt_response)
-      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+      allow(@instance).to receive(:generate_auth_info).and_return(jwt_response)
       expect { @instance.exchange_access_key(access_key:, login_options: { customClaims: { k1: 'v1' } }, audience: 'IT') }.not_to raise_error
     end
   end
+  describe '#generate_auth_info cookie handling enhancements' do
+    let(:audience) { nil }
+    let(:session_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbSJ9.session_sig' }
+    let(:refresh_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbSJ9.refresh_sig' }
+    let(:mock_token_validation) do
+      {
+        'iss' => 'https://api.descope.com/P2abcde12345',
+        'sub' => 'U2abcde12345',
+        'permissions' => ['read', 'write'],
+        'roles' => ['admin'],
+        'tenants' => { 'tenant1' => { 'permissions' => ['read'] } }
+      }
+    end
+    before do
+      allow(@instance).to receive(:validate_token).and_return(mock_token_validation)
+    end
+    context 'when session token is in cookies (custom domain scenario)' do
+      let(:response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com',
+          'cookies' => {
+            'DS' => session_jwt,      # Session token in cookies
+            'DSR' => refresh_jwt      # Refresh token in cookies
+          }
+        }
+      end
+      it 'extracts session token from cookies when not in response body' do
+        result = @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+      it 'validates session token from cookies' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        @instance.send(:generate_auth_info, response_body, nil, true, audience)
+      end
+      it 'includes permissions and roles from cookie tokens' do
+        result = @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        expect(result['permissions']).to eq(['read', 'write'])
+        expect(result['roles']).to eq(['admin'])
+        expect(result['tenants']).to eq({ 'tenant1' => { 'permissions' => ['read'] } })
+      end
+    end
+    context 'when session token is in response body and refresh token in cookies' do
+      let(:response_body) do
+        {
+          'sessionJwt' => session_jwt,  # Session token in response body
+          'userId' => 'test123',
+          'cookies' => {
+            'DSR' => refresh_jwt        # Only refresh token in cookies
+          }
+        }
+      end
+      it 'uses session token from response body and refresh token from cookies' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        result = @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+    end
+    context 'when refresh token is passed as parameter' do
+      let(:response_body) do
+        {
+          'userId' => 'test123',
+          'cookies' => {
+            'DS' => session_jwt         # Only session token in cookies
+          }
+        }
+      end
+      it 'uses passed refresh token when not in response body or cookies' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        result = @instance.send(:generate_auth_info, response_body, refresh_jwt, true, audience)
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+    end
+    context 'error handling for missing tokens' do
+      let(:response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookies' => {}  # No tokens anywhere
+        }
+      end
+      it 'raises helpful error when no refresh token is found' do
+        expect {
+          @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        }.to raise_error(Descope::AuthException, /Could not find refreshJwt in response body \/ cookies \/ passed in refresh_token/)
+      end
+    end
+    context 'backward compatibility' do
+      let(:traditional_response_body) do
+        {
+          'sessionJwt' => session_jwt,
+          'refreshJwt' => refresh_jwt,
+          'userId' => 'test123'
+        }
+      end
+      it 'continues to work with traditional response body tokens' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        result = @instance.send(:generate_auth_info, traditional_response_body, nil, true, audience)
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+      it 'works with same-domain cookies (existing RestClient behavior)' do
+        response_with_restclient_cookies = {
+          'userId' => 'test123',
+          'cookies' => {
+            'DSR' => refresh_jwt
+          }
+        }
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        result = @instance.send(:generate_auth_info, response_with_restclient_cookies, nil, false, audience)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+    end
+  end
 end

data/spec/lib.descope/api/v1/cookie_domain_fix_integration_spec.rb ADDED Viewed

@@ -0,0 +1,245 @@
+# frozen_string_literal: true
+require 'spec_helper'
+describe 'Cookie Domain Fix Integration' do
+  before(:all) do
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth)
+    dummy_instance.extend(Descope::Mixins::HTTP)
+    dummy_instance.extend(Descope::Mixins::Common::EndpointsV1)
+    @instance = dummy_instance
+  end
+  describe 'refresh_session with custom domain cookies' do
+    let(:refresh_token) { 'test_refresh_token' }
+    let(:audience) { nil }
+    let(:session_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbS9QMmFiY2RlMTIzNDUiLCJzdWIiOiJVMmFiY2RlMTIzNDUifQ.session_signature' }
+    let(:refresh_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbS9QMmFiY2RlMTIzNDUiLCJzdWIiOiJVMmFiY2RlMTIzNDUifQ.refresh_signature' }
+    context 'when Descope is configured for cookie-only tokens with custom domain' do
+      let(:api_response_body) do
+        # Response body without sessionJwt/refreshJwt (cookie-only configuration)
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com',
+          'cookiePath' => '/'
+        }
+      end
+      let(:set_cookie_headers) do
+        [
+          "DS=#{session_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; SameSite=None",
+          "DSR=#{refresh_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; SameSite=None; Max-Age=2592000"
+        ]
+      end
+      let(:mock_response) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({}) # RestClient filters out custom domain cookies
+          allow(response).to receive(:headers).and_return({ 'set-cookie' => set_cookie_headers })
+        end
+      end
+      before do
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345',
+          'permissions' => [],
+          'roles' => [],
+          'tenants' => {}
+        })
+        allow(@instance).to receive(:call).and_return(mock_response)
+      end
+      it 'successfully extracts tokens from Set-Cookie headers' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        expect(result).to be_a(Hash)
+        expect(result['sessionToken']).to be_a(Hash)
+        expect(result['sessionToken']['iss']).to eq('https://api.descope.com/P2abcde12345')
+        expect(result['sessionToken']['sub']).to eq('U2abcde12345')
+        expect(result['refreshSessionToken']).to be_a(Hash)
+        expect(result['refreshSessionToken']['iss']).to eq('https://api.descope.com/P2abcde12345')
+        expect(result['refreshSessionToken']['sub']).to eq('U2abcde12345')
+        expect(result['cookieData'][:domain]).to eq('dev.lulukuku.com')
+      end
+      it 'validates the extracted session token' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345'
+        })
+        @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+      end
+      it 'validates the extracted refresh token' do
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345'
+        })
+        @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+      end
+      it 'includes cookie metadata in response' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        expect(result['cookieData'][:domain]).to eq('dev.lulukuku.com')
+      end
+    end
+    context 'when only refresh token is in cookies (partial custom domain)' do
+      let(:api_response_body) do
+        {
+          'sessionJwt' => session_jwt,  # Session token in response body
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com'
+        }
+      end
+      let(:set_cookie_headers) do
+        [
+          "DSR=#{refresh_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; Max-Age=2592000"
+        ]
+      end
+      let(:mock_response) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({})
+          allow(response).to receive(:headers).and_return({ 'set-cookie' => set_cookie_headers })
+        end
+      end
+      before do
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345',
+          'permissions' => [],
+          'roles' => [],
+          'tenants' => {}
+        })
+        allow(@instance).to receive(:call).and_return(mock_response)
+      end
+      it 'handles mixed token sources (response body + custom domain cookies)' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        expect(result).to be_a(Hash)
+        expect(result['sessionToken']).to_not be_nil
+        expect(result['refreshSessionToken']).to_not be_nil
+      end
+    end
+    context 'error handling for custom domain configurations' do
+      let(:api_response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com'
+        }
+      end
+      let(:mock_response_no_cookies) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({})
+          allow(response).to receive(:headers).and_return({}) # No Set-Cookie headers
+        end
+      end
+      before do
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345'
+        })
+        allow(@instance).to receive(:call).and_return(mock_response_no_cookies)
+      end
+      it 'provides helpful error message when no tokens are found' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        expect(result).to be_a(Hash)
+        expect(result['sessionToken']).to be_nil
+        expect(result['refreshSessionToken']).to_not be_nil
+      end
+    end
+  end
+  describe 'validate_and_refresh_session with custom domain cookies' do
+    let(:session_token) { 'expired_session_token' }
+    let(:refresh_token) { 'valid_refresh_token' }
+    let(:audience) { nil }
+    context 'when session is expired and refresh uses custom domain cookies' do
+      let(:refresh_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbSJ9.signature' }
+      let(:api_response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com'
+        }
+      end
+      let(:set_cookie_headers) do
+        [
+          "DS=new_session_jwt; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure",
+          "DSR=#{refresh_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; Max-Age=2592000"
+        ]
+      end
+      let(:mock_response) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({})
+          allow(response).to receive(:headers).and_return({ 'set-cookie' => set_cookie_headers })
+        end
+      end
+      before do
+        # Mock session validation to fail (expired token)
+        allow(@instance).to receive(:validate_session).and_raise(Descope::AuthException.new('Token expired'))
+        # Mock refresh_session to work with custom domain cookies
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345',
+          'permissions' => [],
+          'roles' => [],
+          'tenants' => {}
+        })
+        allow(@instance).to receive(:call).and_return(mock_response)
+      end
+      it 'falls back to refresh_session when validate_session fails' do
+        expect(@instance).to receive(:refresh_session).with(
+          refresh_token: refresh_token,
+          audience: audience
+        ).and_call_original
+        result = @instance.validate_and_refresh_session(
+          session_token: session_token,
+          refresh_token: refresh_token,
+          audience: audience
+        )
+        expect(result).to be_a(Hash)
+      end
+    end
+  end
+end

data/spec/lib.descope/api/v1/management/audit_spec.rb CHANGED Viewed

@@ -75,4 +75,96 @@ describe Descope::Api::V1::Management::Audit do
       expect(res['audits'][0]['projectId']).to eq('abc')
     end
   end
+  context '.create_event' do
+    it 'should respond to .audit_create_event' do
+      expect(@instance).to respond_to :audit_create_event
+    end
+    it 'should raise an error if type is not info, warn or error' do
+      expect do
+        @instance.audit_create_event(
+          action: 'get',
+          type: 'debug',
+          data: { key: 'value' },
+          user_id: 'user_id',
+          actor_id: 'actor_id',
+          tenant_id: 'tenant_id'
+        )
+      end.to raise_error(Descope::AuthException, 'type must be either info, warn or error')
+    end
+    it 'should raise an error if data is not a hash' do
+      expect do
+        @instance.audit_create_event(
+          action: 'get',
+          type: 'info',
+          data: 'data',
+          user_id: 'user_id',
+          actor_id: 'actor_id',
+          tenant_id: 'tenant_id'
+        )
+      end.to raise_error(Descope::AuthException, 'data must be provided as a key, value Hash')
+    end
+    it 'should raise an error if action is not provided' do
+      expect do
+        @instance.audit_create_event(
+          type: 'info',
+          data: { key: 'value' },
+          user_id: 'user_id',
+          actor_id: 'actor_id',
+          tenant_id: 'tenant_id'
+        )
+      end.to raise_error(Descope::AuthException, 'action must be provided')
+    end
+    it 'should raise an error if actor is not provided' do
+      expect do
+        @instance.audit_create_event(
+          action: 'get',
+          type: 'info',
+          data: { key: 'value' },
+          user_id: 'user_id',
+          tenant_id: 'tenant_id'
+        )
+      end.to raise_error(Descope::AuthException, 'actor_id must be provided')
+    end
+    it 'should raise an error if tenant_id is not provided' do
+      expect do
+        @instance.audit_create_event(
+          action: 'get',
+          type: 'info',
+          data: { key: 'value' },
+          user_id: 'user_id',
+          actor_id: 'actor_id'
+        )
+      end.to raise_error(Descope::AuthException, 'tenant_id must be provided')
+    end
+    it 'is expected to create an audit event' do
+      expect(@instance).to receive(:post).with(
+        '/v1/mgmt/audit/event',
+        {
+          action: 'get',
+          type: 'info',
+          actorId: 'actor_id',
+          data: { key: 'value' },
+          tenantId: 'tenant_id',
+          userId: 'user_id'
+        }
+      )
+      expect do
+        @instance.audit_create_event(
+          action: 'get',
+          type: 'info',
+          data: { key: 'value' },
+          user_id: 'user_id',
+          actor_id: 'actor_id',
+          tenant_id: 'tenant_id'
+        )
+      end.not_to raise_error
+    end
+  end
 end