descope 1.0.6 → 1.1.0

data/lib/descope/api/v1/management/sso_application.rb

@@ -0,0 +1,236 @@
+# frozen_string_literal: true
+
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module SSOApplication
+          include Descope::Api::V1::Management::Common
+
+          def create_sso_oidc_app(id: nil, name: nil, description: nil, enabled: nil, logo: nil, login_page_url: nil)
+            # Create a new OIDC sso application with the given name. SSO application IDs are provisioned automatically,
+            # but can be provided explicitly if needed. Both the name and ID must be unique per project.
+            body = {}
+            body[:id] = id if id
+            body[:name] = name if name
+            body[:description] = description if description
+            body[:enabled] = enabled if enabled
+            body[:logo] = logo if logo
+            body[:loginPageUrl] = login_page_url if login_page_url
+            post(SSO_APPLICATION_OIDC_CREATE_PATH, body)
+          end
+
+          # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          def create_saml_application(
+            name: nil,
+            login_page_url: nil,
+            id: nil,
+            description: nil,
+            logo: nil,
+            enabled: nil,
+            use_metadata_info: nil,
+            metadata_url: nil,
+            entity_id: nil,
+            acs_url: nil,
+            certificate: nil,
+            attribute_mapping: nil,
+            groups_mapping: nil,
+            acs_allowed_callbacks: nil,
+            subject_name_id_type: nil,
+            subject_name_id_format: nil,
+            default_relay_state: nil,
+            force_authentication: nil,
+            logout_redirect_url: nil
+          )
+            # Create a new SAML sso application with the given name. SSO application IDs are provisioned automatically,
+            # but can be provided explicitly if needed. Both the name and ID must be unique per project.
+
+            if use_metadata_info
+              raise Descope::ArgumentException.new('metadata_url argument must be set', code: 400) unless metadata_url
+            else
+              unless entity_id && acs_url && certificate
+                raise Descope::ArgumentException.new('entity_id, acs_url, certificate arguments must be set', code: 400)
+              end
+            end
+
+            attribute_mapping ||= []
+            groups_mapping ||= []
+            acs_allowed_callbacks ||= []
+            body = compose_create_update_saml_body(
+              name:,
+              login_page_url:,
+              id:,
+              description:,
+              enabled:,
+              logo:,
+              use_metadata_info:,
+              metadata_url:,
+              entity_id:,
+              acs_url:,
+              certificate:,
+              attribute_mapping:,
+              groups_mapping:,
+              acs_allowed_callbacks:,
+              subject_name_id_type:,
+              subject_name_id_format:,
+              default_relay_state:,
+              force_authentication:,
+              logout_redirect_url:
+            )
+            post(SSO_APPLICATION_SAML_CREATE_PATH, body)
+          end
+
+          def update_sso_oidc_app(id: nil, name: nil, description: nil, enabled: nil, logo: nil, login_page_url: nil, force_authentication: nil)
+            # Update an existing OIDC sso application with the given parameters. IMPORTANT: All parameters are used as overrides
+            # to the existing sso application. Empty fields will override populated fields. Use carefully.
+            body = compose_create_update_oidc_body(name, login_page_url, id, description, enabled, logo, force_authentication)
+            post(SSO_APPLICATION_OIDC_UPDATE_PATH, body)
+          end
+
+          def update_saml_application(
+            id: nil,
+            name: nil,
+            login_page_url: nil,
+            description: nil,
+            logo: nil,
+            enabled: nil,
+            use_metadata_info: nil,
+            metadata_url: nil,
+            entity_id: nil,
+            acs_url: nil,
+            certificate: nil,
+            attribute_mapping: nil,
+            groups_mapping: nil,
+            acs_allowed_callbacks: nil,
+            subject_name_id_type: nil,
+            subject_name_id_format: nil,
+            default_relay_state: nil,
+            force_authentication: nil,
+            logout_redirect_url: nil
+          )
+            # Update an existing SAML sso application with the given parameters. IMPORTANT: All parameters are used as overrides
+            # to the existing sso application. Empty fields will override populated fields. Use carefully.
+
+            if use_metadata_info
+              raise 'metadata_url argument must be set' unless metadata_url
+            else
+              raise 'entity_id, acs_url, certificate arguments must be set' unless entity_id && acs_url
+            end
+
+            attribute_mapping ||= []
+            groups_mapping ||= []
+            acs_allowed_callbacks ||= []
+
+            body = compose_create_update_saml_body(
+              name:,
+              login_page_url:,
+              id:,
+              description:,
+              enabled:,
+              logo:,
+              use_metadata_info:,
+              metadata_url:,
+              entity_id:,
+              acs_url:,
+              certificate:,
+              attribute_mapping:,
+              groups_mapping:,
+              acs_allowed_callbacks:,
+              subject_name_id_type:,
+              subject_name_id_format:,
+              default_relay_state:,
+              force_authentication:,
+              logout_redirect_url:
+            )
+            post(SSO_APPLICATION_SAML_UPDATE_PATH, body)
+          end
+
+          def delete_sso_app(id)
+            # Delete an existing sso application. IMPORTANT: This operation is irreversible. Use carefully.
+            delete(SSO_APPLICATION_DELETE_PATH, { id: })
+          end
+
+          def load_sso_app(id)
+            # Load an existing sso application.
+            get(SSO_APPLICATION_LOAD_PATH, { id: })
+          end
+
+          def load_all_sso_apps
+            # Load all sso applications.
+            #
+            #   Return value:
+            #        {
+            #           "apps": [
+            #                   {"id":"app1","name":"<name>","description":"<description>","enabled":true,"logo":"","appType":"saml","samlSettings":{"loginPageUrl":"","idpCert":"<cert>","useMetadataInfo":true,"metadataUrl":"","entityId":"","acsUrl":"","certificate":"","attributeMapping":[{"name":"email","type":"","value":"attrVal1"}],"groupsMapping":[{"name":"grp1","type":"","filterType":"roles","value":"","roles":[{"id":"myRoleId","name":"myRole"}]}],"idpMetadataUrl":"","idpEntityId":"","idpSsoUrl":"","acsAllowedCallbacks":[],"subjectNameIdType":"","subjectNameIdFormat":"", "defaultRelayState":"", "forceAuthentication": false, "idpLogoutUrl": "", "logoutRedirectUrl": ""},"oidcSettings":{"loginPageUrl":"","issuer":"","discoveryUrl":"", "forceAuthentication":false}},
+            #           {"id":"app2","name":"<name>","description":"<description>","enabled":true,"logo":"","appType":"saml","samlSettings":{"loginPageUrl":"","idpCert":"<cert>","useMetadataInfo":true,"metadataUrl":"","entityId":"","acsUrl":"","certificate":"","attributeMapping":[{"name":"email","type":"","value":"attrVal1"}],"groupsMapping":[{"name":"grp1","type":"","filterType":"roles","value":"","roles":[{"id":"myRoleId","name":"myRole"}]}],"idpMetadataUrl":"","idpEntityId":"","idpSsoUrl":"","acsAllowedCallbacks":[],"subjectNameIdType":"","subjectNameIdFormat":"", "defaultRelayState":"", "forceAuthentication": false, "idpLogoutUrl": "", "logoutRedirectUrl": ""},"oidcSettings":{"loginPageUrl":"","issuer":"","discoveryUrl":"", "forceAuthentication":false}}
+            #           ]
+            #       }
+            #   Containing the loaded sso applications information.
+            get(SSO_APPLICATION_LOAD_ALL_PATH, {})
+          end
+
+          private
+
+          def compose_create_update_oidc_body(name, login_page_url, id, description, enabled, logo, force_authentication)
+            body = {}
+            body[:name] = name if name
+            body[:loginPageUrl] = login_page_url if login_page_url
+            body[:id] = id if id
+            body[:description] = description if description
+            body[:logo] = logo if logo
+            body[:enabled] = enabled if enabled
+            body[:force_authentication] = force_authentication if force_authentication
+            body
+          end
+
+          # rubocop:disable Metrics/AbcSize
+          def compose_create_update_saml_body(
+            name: nil,
+            login_page_url: nil,
+            id: nil,
+            description: nil,
+            enabled: nil,
+            logo: nil,
+            use_metadata_info: nil,
+            metadata_url: nil,
+            entity_id: nil,
+            acs_url: nil,
+            certificate: nil,
+            attribute_mapping: nil,
+            groups_mapping: nil,
+            acs_allowed_callbacks: nil,
+            subject_name_id_type: nil,
+            subject_name_id_format: nil,
+            default_relay_state: nil,
+            force_authentication: nil,
+            logout_redirect_url: nil
+          )
+            body = {}
+            body[:name] = name if name
+            body[:loginPageUrl] = login_page_url if login_page_url
+            body[:id] = id if id
+            body[:description] = description if description
+            body[:enabled] = enabled if enabled
+            body[:logo] = logo if logo
+            body[:useMetadataInfo] = use_metadata_info if use_metadata_info
+            body[:metadataUrl] = metadata_url if metadata_url
+            body[:entityId] = entity_id if entity_id
+            body[:acsUrl] = acs_url if acs_url
+            body[:certificate] = certificate if certificate
+            body[:attributeMapping] = attribute_mapping if attribute_mapping
+            body[:groupsMapping] = groups_mapping if groups_mapping
+            body[:acsAllowedCallbacks] = acs_allowed_callbacks if acs_allowed_callbacks
+            body[:subjectNameIdType] = subject_name_id_type if subject_name_id_type
+            body[:subjectNameIdFormat] = subject_name_id_format if subject_name_id_format
+            body[:defaultRelayState] = default_relay_state if default_relay_state
+            body[:forceAuthentication] = force_authentication if force_authentication
+            body[:logoutRedirectUrl] = logout_redirect_url if logout_redirect_url
+            puts "body: #{body}"
+            body
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/sso_settings.rb

@@ -18,28 +18,6 @@ module Descope
             delete(SSO_SETTINGS_PATH, { tenantId: tenant_id })
           end
 
-          def create_sso_oidc_app(id: nil, name: nil, description: nil, enabled: nil, logo: nil, login_page_url: nil)
-            body = {}
-            body[:id] = id if id
-            body[:name] = name if name
-            body[:description] = description if description
-            body[:enabled] = enabled if enabled
-            body[:logo] = logo if logo
-            body[:loginPageUrl] = login_page_url if login_page_url
-            post(SSO_OIDC_CREATE_APP_PATH, body)
-          end
-
-          def update_sso_oidc_app(id: nil, name: nil, description: nil, enabled: nil, logo: nil, login_page_url: nil)
-            body = {}
-            body[:id] = id if id
-            body[:name] = name if name
-            body[:description] = description if description
-            body[:enabled] = enabled if enabled
-            body[:logo] = logo if logo
-            body[:loginPageUrl] = login_page_url if login_page_url
-            put(SSO_OIDC_UPDATE_APP_PATH, body)
-          end
-
           def configure_sso_oidc(tenant_id: nil, settings: nil, redirect_url: nil, domain: nil)
             raise Descope::ArgumentException.new('SSO settings must be a Hash', code: 400) unless settings.is_a?(Hash)
 
@@ -63,12 +41,12 @@ module Descope
               redirectUrl: redirect_url,
               domain:
             }
-            post(SSO_SAML_PATH, request_params)
+            post(SSO_SETTINGS_PATH, request_params)
           end
 
           def configure_sso_saml_metadata(tenant_id: nil, settings: nil, redirect_url: nil, domain: nil)
             # Configure tenant SSO SAML Metadata, using a valid management key.
-            post(SSO_SAML_METADATA_PATH, compose_metadata_body(tenant_id, settings, redirect_url, domain))
+            post(SSO_METADATA_PATH, compose_metadata_body(tenant_id, settings, redirect_url, domain))
           end
 
           private

data/lib/descope/api/v1/management/user.rb

@@ -185,7 +185,9 @@ module Descope
             statuses: [],
             emails: [],
             phones: [],
-            sso_app_ids: []
+            sso_app_ids: [],
+            tenant_role_ids: {},
+            tenant_role_names: {}
           )
             body = {
               loginId: login_id,
@@ -212,9 +214,18 @@ module Descope
             body[:ssoAppIds] = sso_app_ids unless sso_app_ids.empty?
             body[:tenantIds] = tenant_ids unless tenant_ids.empty?
             body[:roleNames] = role_names unless role_names.empty?
+            body[:tenantRoleIds] = map_to_values_object(tenant_role_ids) unless tenant_role_ids.nil? || tenant_role_ids.empty?
+            body[:tenantRoleNames] = map_to_values_object(tenant_role_names) unless tenant_role_names.nil? || tenant_role_names.empty?
             post(Common::USERS_SEARCH_PATH, body)
           end
 
+          def map_to_values_object(input_map)
+            return {} unless input_map.is_a?(Hash)
+            input_map.each_with_object({}) do |(key, values), result|
+              result[key] = { values: Array(values) }
+            end
+          end
+
           # Get an existing user's provider token, using a valid management key.
           # @see https://docs.descope.com/api/openapi/usermanagement/operation/GetUserProviderToken/
           def get_provider_token(login_id: nil, provider: nil)
@@ -324,6 +335,51 @@ module Descope
             post(Common::USER_UPDATE_CUSTOM_ATTRIBUTE_PATH, body)
           end
 
+          def patch_user(
+            login_id: nil,
+            email: nil,
+            phone: nil,
+            name: nil,
+            given_name: nil,
+            middle_name: nil,
+            family_name: nil,
+            role_names: [],
+            user_tenants: [],
+            picture: nil,
+            custom_attributes: nil,
+            verified_email: nil,
+            verified_phone: nil,
+            additional_identifiers: [],
+            password: nil,
+            hashed_password: {},
+            sso_app_ids: []
+          )
+            validate_login_id(login_id)
+            role_names ||= []
+            user_tenants ||= []
+            path = Common::USER_PATCH_PATH
+            request_params = user_compose_update_body(
+              login_id:,
+              email:,
+              phone:,
+              name:,
+              given_name:,
+              middle_name:,
+              family_name:,
+              role_names:,
+              user_tenants:,
+              picture:,
+              custom_attributes:,
+              verified_email:,
+              verified_phone:,
+              additional_identifiers:,
+              password:,
+              hashed_password:,
+              sso_app_ids:
+            )
+            patch(path, request_params)
+          end
+
           def update_jwt(jwt: nil, custom_claims: nil)
             body = {
               jwt:,
@@ -460,6 +516,75 @@ module Descope
             post(USER_GENERATE_EMBEDDED_LINK_PATH, request_params)
           end
 
+          # Search for all test users.
+          #
+          # @param tenant_ids [Array<String>] Optional list of tenant IDs to filter by
+          # @param role_names [Array<String>] Optional list of role names to filter by
+          # @param limit [Integer] Optional limit of the number of users returned. Leave empty for default.
+          # @param page [Integer] Optional pagination control. Pages start at 0 and must be non-negative.
+          # @param custom_attributes [Hash] Optional search for an attribute with a given value
+          # @param statuses [Array<String>] Optional list of statuses to search for ("enabled", "disabled", "invited")
+          # @param emails [Array<String>] Optional list of emails to search for
+          # @param phones [Array<String>] Optional list of phones to search for
+          # @param sso_app_ids [Array<String>] Optional list of SSO application IDs to filter by
+          # @param text [String] Optional string, allows free text search among all user's attributes.
+          # @param login_ids [Array<String>] Optional list of login ids
+          # @param sort [Array<Hash>] Optional array, allows to sort by fields.
+          #
+          # @return [Hash] Return hash in the format {"users": []}
+          #
+          # The "users" key contains a list of all the found users and their information
+          #
+          # @raise [AuthException] Raised if the search operation fails
+          #
+          def search_all_test_users(
+            tenant_ids: [],
+            role_names: [],
+            limit: 0,
+            page: 0,
+            custom_attributes: {},
+            statuses: [],
+            emails: [],
+            phones: [],
+            sso_app_ids: [],
+            sort: [],
+            text: nil,
+            login_ids: [],
+            tenant_role_ids: {},
+            tenant_role_names: {}
+          )
+            tenant_ids ||= []
+            role_names ||= []
+
+            if limit < 0 || page < 0
+              raise Descope::ArgumentException.new(
+                'limit or page must be non-negative', code: 400
+              )
+            end
+
+            body = {
+              tenantIds: tenant_ids,
+              roleNames: role_names,
+              limit:,
+              page:,
+              testUsersOnly: true,
+              withTestUser: true
+            }
+
+            body[:statuses] =  statuses unless statuses.nil? || statuses.empty?
+            body[:emails] = emails unless emails.nil? || emails.empty?
+            body[:phones] = phones unless phones.nil? || phones.empty?
+            body[:customAttributes] = custom_attributes unless custom_attributes.nil? || custom_attributes.empty?
+            body[:ssoAppIds] = sso_app_ids unless sso_app_ids.nil? || sso_app_ids.empty?
+            body[:loginIds] = login_ids unless login_ids.nil? || login_ids.empty?
+            body[:sort] = sort unless sort.nil? || sort.empty?
+            body[:text] = text unless text.nil? || text.empty?
+            body[:tenantRoleIds] = map_to_values_object(tenant_role_ids) unless tenant_role_ids.nil? || tenant_role_ids.empty?
+            body[:tenantRoleNames] = map_to_values_object(tenant_role_names) unless tenant_role_names.nil? || tenant_role_names.empty?
+
+            post(Common::TEST_USERS_SEARCH_PATH, body)
+          end
+
 
           private
 
@@ -486,11 +611,15 @@ module Descope
             middle_name: nil,
             family_name: nil,
             sso_app_ids: [],
-            skip_create: false
+            skip_create: false,
+            template_id: nil
           )
             role_names ||= []
             user_tenants ||= []
             path = Common::USER_CREATE_PATH
+
+            path = Common::TEST_USER_CREATE_PATH if test
+
             request_params = user_compose_create_body(
               login_id:,
               email:,
@@ -513,7 +642,8 @@ module Descope
               additional_identifiers:,
               password:,
               hashed_password:,
-              sso_app_ids:
+              sso_app_ids:,
+              template_id:,
             )
             return request_params if skip_create
 
@@ -542,7 +672,8 @@ module Descope
             additional_identifiers: [],
             password: nil,
             hashed_password: {},
-            sso_app_ids: []
+            sso_app_ids: [],
+            template_id: nil
           )
             body = user_compose_update_body(
               login_id:,
@@ -561,14 +692,15 @@ module Descope
               additional_identifiers:,
               password:,
               hashed_password:,
-              sso_app_ids:
+              sso_app_ids:,
+              template_id:,
             )
             body[:invite] = invite
-            body[:verifiedEmail] = verified_email unless verified_email.nil? || !verified_email.empty?
-            body[:verifiedPhone] = verified_phone unless verified_phone.nil? || !verified_phone.empty?
-            body[:inviteUrl] = invite_url unless invite_url.nil? || !invite_url.empty?
-            body[:sendMail] = send_mail unless send_mail.nil? || !send_mail.empty?
-            body[:sendSMS] = send_sms unless send_sms.nil? || !send_sms.empty?
+            body[:verifiedEmail] = verified_email unless verified_email.nil? || verified_email.empty?
+            body[:verifiedPhone] = verified_phone unless verified_phone.nil? || verified_phone.empty?
+            body[:inviteUrl] = invite_url unless invite_url.nil? || invite_url.empty?
+            body[:sendMail] = send_mail unless send_mail.nil? || send_mail.empty?
+            body[:sendSMS] = send_sms unless send_sms.nil? || send_sms.empty?
 
             body
           end
@@ -592,7 +724,8 @@ module Descope
             additional_identifiers: [],
             password: nil,
             hashed_password: {},
-            sso_app_ids: []
+            sso_app_ids: [],
+            template_id: nil
           )
             body = {
               loginId: login_id,
@@ -615,18 +748,23 @@ module Descope
             body[:phone] = phone unless phone.nil? || phone.empty?
             body[:name] = name unless name.nil? || name.empty?
             body[:roleNames] = role_names unless role_names.nil? || role_names.empty?
-            body[:userTenants] = associated_tenants_to_hash_array(user_tenants) unless user_tenants.nil? || user_tenants.empty?
+            unless user_tenants.nil? || user_tenants.empty?
+              body[:userTenants] = associated_tenants_to_hash_array(user_tenants)
+            end
             body[:test] = test unless test.nil?
             body[:invite] = invite unless invite.nil?
             body[:picture] = picture unless picture.nil? || picture.empty?
             body[:customAttributes] = custom_attributes unless custom_attributes.nil? || custom_attributes.empty?
-            body[:additionalIdentifiers] = additional_identifiers unless additional_identifiers.nil? || additional_identifiers.empty?
+            unless additional_identifiers.nil? || additional_identifiers.empty?
+              body[:additionalIdentifiers] = additional_identifiers
+            end
             body[:ssoAppIds] = sso_app_ids unless sso_app_ids.nil? || sso_app_ids.empty?
             body[:verifiedEmail] = verified_email unless verified_email.nil? || !verified_email.to_s.empty?
             body[:givenName] = given_name unless given_name.nil?
             body[:middleName] = middle_name unless middle_name.nil?
             body[:familyName] = family_name unless family_name.nil?
             body[:verifiedPhone] = verified_phone unless verified_phone.nil?
+            body[:templateId] = template_id unless template_id.nil? || template_id.empty?
             body
           end
         end

data/lib/descope/api/v1/management.rb

@@ -10,6 +10,7 @@ require 'descope/api/v1/management/role'
 require 'descope/api/v1/management/project'
 require 'descope/api/v1/management/authz'
 require 'descope/api/v1/management/audit'
+require 'descope/api/v1/management/sso_application'
 require 'descope/api/v1/management/sso_settings'
 require 'descope/api/v1/management/scim'
 require 'descope/api/v1/management/password'
@@ -29,6 +30,7 @@ module Descope
         include Descope::Api::V1::Management::Project
         include Descope::Api::V1::Management::Authz
         include Descope::Api::V1::Management::Audit
+        include Descope::Api::V1::Management::SSOApplication
         include Descope::Api::V1::Management::SSOSettings
         include Descope::Api::V1::Management::SCIM
         include Descope::Api::V1::Management::Password

data/lib/descope/api/v1/session.rb

@@ -20,11 +20,28 @@ module Descope
           #  [amr, drn, exp, iss, rexp, sub, jwt] in the top level of the response dict, please use
           #  them from the sessionToken key instead, as these claims will soon be deprecated from the top level
           #  of the response dict.
-
+          #  Make sure you set Enable refresh token rotation in the Project Settings before using this.
           validate_refresh_token_not_nil(refresh_token)
           validate_token(refresh_token, audience)
           res = post(REFRESH_TOKEN_PATH, {}, {}, refresh_token)
-          generate_jwt_response(response_body: res, refresh_cookie: refresh_token, audience:)
+          cookies = res.fetch(COOKIE_DATA_NAME, nil) || res.fetch('cookies', {})
+          
+          # Check each source and use the first non-empty value
+          refresh_cookie = nil
+          cookie_value = cookies.fetch(REFRESH_SESSION_COOKIE_NAME, nil)
+          if cookie_value && !cookie_value.empty?
+            refresh_cookie = cookie_value
+          else
+            jwt_value = res.fetch('refreshJwt', nil)
+            if jwt_value && !jwt_value.empty?
+              refresh_cookie = jwt_value
+            else
+              refresh_cookie = refresh_token
+            end
+          end
+          
+          logger.debug("Refreshing refresh_cookie: #{refresh_cookie}")
+          generate_jwt_response(response_body: res, refresh_cookie: refresh_cookie, audience: audience)
         end
 
         def me(refresh_token = nil)
@@ -72,12 +89,28 @@ module Descope
 
           begin
             @logger.debug("Validating session token: #{session_token}")
-            validate_session(session_token:, audience:)
+            validate_session(session_token: session_token, audience: audience)
           rescue Descope::AuthException
             @logger.debug("Session is invalid, refreshing session with refresh token: #{refresh_token}")
-            refresh_session(refresh_token:, audience:)
+            refresh_session(refresh_token: refresh_token, audience: audience)
           end
         end
+
+        def history(refresh_token = nil)
+          # Retrieve user authentication history for the refresh token
+          # Return List in the format
+          #              [
+          #                 {
+          #                     "userId": "User's ID",
+          #                     "loginTime": "User'sLogin time",
+          #                     "city": "User's city",
+          #                     "country": "User's country",
+          #                     "ip": User's IP
+          #                 }
+          #             ]
+          validate_refresh_token_not_nil(refresh_token)
+          get(HISTORY_PATH, {}, {}, refresh_token)
+        end
       end
     end
   end

data/lib/descope/mixins/common.rb

@@ -52,6 +52,7 @@ module Descope
         LOGOUT_ALL_PATH = '/v1/auth/logoutall'
         VALIDATE_SESSION_PATH = '/v1/auth/validate'
         ME_PATH = '/v1/auth/me'
+        HISTORY_PATH = '/v1/auth/me/history'
 
         # access key
         EXCHANGE_AUTH_ACCESS_KEY_PATH = '/v1/auth/accesskey/exchange'