descope 1.0.6 → 1.1.0

data/lib/descope/mixins/http.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
-require "addressable/uri"
+require 'descope/mixins/common'
+require 'addressable/uri'
 require 'retryable'
 require_relative '../exception'
 
@@ -7,6 +8,7 @@ module Descope
   module Mixins
     # HTTP-related methods
     module HTTP
+      include Descope::Mixins::Common
       attr_accessor :headers, :base_uri, :timeout, :retry_count
 
       DEFAULT_RETRIES = 3
@@ -44,13 +46,61 @@ module Descope
         }
       end
 
-      def safe_parse_json(body)
+      def safe_parse_json(body, cookies: {}, headers: {})
         @logger.debug "response => #{JSON.parse(body.to_s)}"
-        JSON.parse(body.to_s)
+        res = JSON.parse(body.to_s)
+
+        # Handle DS and DSR cookies in response.
+        # First check RestClient's cookies (works for same-domain cookies)
+        extracted_cookies = {}
+        if cookies.key?(SESSION_COOKIE_NAME)
+          extracted_cookies[SESSION_COOKIE_NAME] = cookies[SESSION_COOKIE_NAME]
+        end
+        if cookies.key?(REFRESH_SESSION_COOKIE_NAME)
+          extracted_cookies[REFRESH_SESSION_COOKIE_NAME] = cookies[REFRESH_SESSION_COOKIE_NAME]
+        end
+
+        # If no cookies found via RestClient, parse Set-Cookie headers directly
+        # This handles custom domain cookies that RestClient filters out
+        if extracted_cookies.empty? && headers.respond_to?(:[])
+          set_cookie_headers = headers[:set_cookie] || headers['set-cookie'] || headers['Set-Cookie'] || []
+          set_cookie_headers = [set_cookie_headers] unless set_cookie_headers.is_a?(Array)
+
+          set_cookie_headers.each do |cookie_header|
+            next unless cookie_header.is_a?(String)
+            
+            # Parse DS cookie (session token)
+            if cookie_header.include?("#{SESSION_COOKIE_NAME}=")
+              cookie_value = parse_cookie_value(cookie_header, SESSION_COOKIE_NAME)
+              extracted_cookies[SESSION_COOKIE_NAME] = cookie_value if cookie_value
+            end
+            
+            # Parse DSR cookie (refresh token)
+            if cookie_header.include?("#{REFRESH_SESSION_COOKIE_NAME}=")
+              cookie_value = parse_cookie_value(cookie_header, REFRESH_SESSION_COOKIE_NAME)
+              extracted_cookies[REFRESH_SESSION_COOKIE_NAME] = cookie_value if cookie_value
+            end
+          end
+        end
+
+        # Add extracted cookies to response if any were found
+        unless extracted_cookies.empty?
+          res['cookies'] = extracted_cookies
+        end
+
+        res
       rescue JSON::ParserError
         body
       end
 
+      def parse_cookie_value(cookie_header, cookie_name)
+        # Extract cookie value from Set-Cookie header
+        # Format: "cookieName=cookieValue; attribute1=value1; attribute2=value2"
+        # Only match valid cookie value characters (RFC 6265: exclude whitespace, semicolon, comma)
+        match = cookie_header.match(/#{Regexp.escape(cookie_name)}=([^;]+)/)
+        match ? match[1].strip : nil
+      end
+
       def encode_uri(uri)
         encoded_uri = base_uri ? Addressable::URI.parse(uri).normalize : Addressable::URI.escape(uri)
         @logger.debug "will call #{url(encoded_uri)}"
@@ -94,11 +144,12 @@ module Descope
                    call(method, encode_uri(uri), timeout, @headers, body.to_json)
                  end
 
-        raise Descope::Unsupported.new("No response from server", code: 400) unless result && result.respond_to?(:code)
+        raise Descope::Unsupported.new('No response from server', code: 400) unless result.respond_to?(:code)
 
         @logger.info("API Request: [#{method}] #{uri} - Response Code: #{result.code}")
+
         case result.code
-        when 200...226 then safe_parse_json(result.body)
+        when 200...226 then safe_parse_json(result.body, cookies: result.cookies, headers: result.headers)
         when 400       then raise Descope::BadRequest.new(result.body, code: result.code, headers: result.headers)
         when 401       then raise Descope::Unauthorized.new(result.body, code: result.code, headers: result.headers)
         when 403       then raise Descope::AccessDenied.new(result.body, code: result.code, headers: result.headers)
@@ -113,10 +164,10 @@ module Descope
 
       def call(method, url, timeout, headers, body = nil)
         RestClient::Request.execute(
-          method:,
-          url:,
-          timeout:,
-          headers:,
+          method: method,
+          url: url,
+          timeout: timeout,
+          headers: headers,
           payload: body
         )
       rescue RestClient::Exception => e

data/lib/descope/mixins/initializer.rb

@@ -13,10 +13,13 @@ module Descope
         @base_uri = base_url(options)
         @headers = client_headers
         @project_id = options[:project_id] || ENV['DESCOPE_PROJECT_ID'] || ''
+        @headers['x-descope-project-id'] = @project_id
         @public_key = options[:public_key] || ENV['DESCOPE_PUBLIC_KEY']
         @mlock = Mutex.new
-        log_level = options[:log_level] || ENV['DESCOPE_LOG_LEVEL'] || 'info'
-        @logger ||= Descope::Mixins::Logging.logger_for(self.class.name, log_level)
+        @logger = options[:logger] || begin
+          log_level = options[:log_level] || ENV['DESCOPE_LOG_LEVEL'] || 'info'
+          Descope::Mixins::Logging.logger_for(self.class.name, log_level, @project_id)
+        end
 
         @logger.debug("Initializing Descope API with project_id: #{@project_id} and base_uri: #{@base_uri}")
 

data/lib/descope/mixins/logging.rb

@@ -7,21 +7,29 @@ module Descope
 
       def logger
         # This is the magical bit that gets mixed into the other modules
-        @logger ||= Logging.logger_for(self.class.name, 'info')
+        @logger ||= Logging.logger_for(self.class.name, 'info', @project_id)
       end
 
       # Use a hash class-ivar to cache a unique Logger per class:
       @loggers = {}
 
       class << self
-        def logger_for(classname, level)
-          @loggers[classname] ||= configure_logger_for(classname, level)
+        def logger_for(classname, level, project_id = nil)
+          key = "#{classname}-#{project_id}"
+          @loggers[key] ||= configure_logger_for(classname, level, project_id)
         end
 
-        def configure_logger_for(classname, level = 'info')
+        def configure_logger_for(classname, level = 'info', project_id = nil)
           logger = Logger.new(STDOUT)
           logger.level = Object.const_get("Logger::#{level.upcase}")
           logger.progname = classname
+
+          # Adding Custom Formatter for Project ID
+          logger.formatter = proc do |severity, datetime, progname, msg|
+            project_info = project_id ? "PRID: #{project_id}" : ""
+            "[#{datetime}] #{severity} #{project_info} #{progname}: #{msg}\n"
+          end
+
           logger
         end
       end

data/lib/descope/version.rb

@@ -2,6 +2,6 @@
 
 # Current version of gem
 module Descope
-  VERSION = '1.0.6'
+  VERSION = '1.1.0'
   SDK_VERSION = '1.0.0'
 end

data/spec/descope/api/v1/auth_spec.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Descope::Api::V1::Auth do
+  let(:client) { Class.new { include Descope::Api::V1::Auth }.new }
+  let(:valid_token) { 'valid_token' }
+  let(:refresh_token) { 'refresh_token' }
+
+  describe 'token extraction with empty strings' do
+    it 'handles empty string tokens correctly' do
+      response_body = {
+        'sessionJwt' => '',
+        'refreshJwt' => '',
+        'cookies' => {
+          'DS' => valid_token,
+          'DSR' => refresh_token
+        }
+      }
+
+      allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+      result = client.generate_jwt_response(response_body: response_body)
+
+      expect(result).to have_key('sessionToken')
+      expect(result).to have_key('refreshSessionToken')
+    end
+  end
+end

data/spec/descope/api/v1/auth_token_extraction_spec.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Descope::Api::V1::Auth do
+  let(:client) { Descope::Client.new(project_id: 'test_project_id', management_key: 'test_key') }
+  let(:valid_session_token) { 'valid.session.token' }
+  let(:valid_refresh_token) { 'valid.refresh.token' }
+
+  describe '#generate_auth_info (private method)' do
+    context 'session token extraction' do
+      it 'extracts session token from sessionJwt field' do
+        response_body = {
+          'sessionJwt' => valid_session_token,
+          'refreshJwt' => valid_refresh_token,
+          'cookies' => {}
+        }
+
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+        result = client.send(:generate_auth_info, response_body, nil, true, nil)
+
+        expect(result).to have_key('sessionToken')
+      end
+
+      it 'extracts session token from cookies with DS name' do
+        response_body = {
+          'sessionJwt' => '',
+          'refreshJwt' => valid_refresh_token,
+          'cookies' => {
+            'DS' => valid_session_token
+          }
+        }
+
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+        result = client.send(:generate_auth_info, response_body, nil, true, nil)
+
+        expect(result).to have_key('sessionToken')
+      end
+
+      it 'extracts session token from cookies with SESSION_COOKIE_NAME' do
+        stub_const('Descope::Api::V1::Auth::SESSION_COOKIE_NAME', 'CustomSession')
+        
+        response_body = {
+          'sessionJwt' => '',
+          'refreshJwt' => valid_refresh_token,
+          'cookies' => {
+            'CustomSession' => valid_session_token
+          }
+        }
+
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+        result = client.send(:generate_auth_info, response_body, nil, true, nil)
+
+        expect(result).to have_key('sessionToken')
+      end
+    end
+
+    context 'refresh token extraction' do
+      it 'extracts refresh token from refreshJwt field' do
+        response_body = {
+          'sessionJwt' => valid_session_token,
+          'refreshJwt' => valid_refresh_token,
+          'cookies' => {}
+        }
+
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+        result = client.send(:generate_auth_info, response_body, nil, true, nil)
+
+        expect(result).to have_key('refreshSessionToken')
+      end
+
+      it 'extracts refresh token from cookies when refreshJwt is empty' do
+        stub_const('Descope::Api::V1::Auth::REFRESH_SESSION_COOKIE_NAME', 'DSR')
+        
+        response_body = {
+          'sessionJwt' => valid_session_token,
+          'refreshJwt' => '',
+          'cookies' => {
+            'DSR' => valid_refresh_token
+          }
+        }
+
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+        result = client.send(:generate_auth_info, response_body, nil, true, nil)
+
+        expect(result).to have_key('refreshSessionToken')
+      end
+
+      it 'falls back to parameter refresh token when cookie has empty string' do
+        response_body = {
+          'sessionJwt' => valid_session_token,
+          'refreshJwt' => '',
+          'cookies' => {
+            'DSR' => ''
+          }
+        }
+
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+        result = client.send(:generate_auth_info, response_body, valid_refresh_token, true, nil)
+
+        expect(result).to have_key('refreshSessionToken')
+        expect(client).to have_received(:validate_token).with(valid_refresh_token, nil)
+      end
+
+      it 'raises error when no refresh token is available' do
+        response_body = {
+          'sessionJwt' => valid_session_token,
+          'refreshJwt' => '',
+          'cookies' => {}
+        }
+
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123', 'iss' => 'test_project_id' })
+
+        expect {
+          client.send(:generate_auth_info, response_body, nil, true, nil)
+        }.to raise_error(Descope::AuthException, /Could not find refresh token/)
+      end
+    end
+  end
+end

data/spec/descope/api/v1/session_refresh_spec.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Descope::Api::V1::Session do
+  let(:client) { Descope::Client.new(project_id: 'test_project_id', management_key: 'test_key') }
+  let(:valid_token) { 'valid.jwt.token' }
+  let(:refresh_token) { 'refresh.jwt.token' }
+
+  describe '#refresh_session' do
+    context 'when refresh token is in cookie' do
+      it 'uses the cookie refresh token' do
+        response_body = {
+          'sessionJwt' => '',
+          'refreshJwt' => '',
+          'cookieData' => {
+            'DSR' => refresh_token
+          },
+          'cookies' => {
+            'DS' => valid_token
+          }
+        }
+
+        allow(client).to receive(:post).and_return(response_body)
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123' })
+
+        result = client.refresh_session(refresh_token: refresh_token)
+
+        expect(result).to be_a(Hash)
+        expect(client).to have_received(:validate_token).with(refresh_token, nil)
+      end
+    end
+
+    context 'when refresh token is in response body' do
+      it 'uses the refreshJwt from response body' do
+        response_body = {
+          'sessionJwt' => '',
+          'refreshJwt' => refresh_token,
+          'cookieData' => {},
+          'cookies' => {
+            'DS' => valid_token
+          }
+        }
+
+        allow(client).to receive(:post).and_return(response_body)
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123' })
+
+        result = client.refresh_session(refresh_token: 'old_refresh_token')
+
+        expect(result).to be_a(Hash)
+      end
+    end
+
+    context 'when refresh token is only in parameter' do
+      it 'falls back to the parameter refresh token' do
+        response_body = {
+          'sessionJwt' => '',
+          'refreshJwt' => '',
+          'cookieData' => {},
+          'cookies' => {
+            'DS' => valid_token
+          }
+        }
+
+        allow(client).to receive(:post).and_return(response_body)
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123' })
+
+        result = client.refresh_session(refresh_token: refresh_token)
+
+        expect(result).to be_a(Hash)
+        expect(client).to have_received(:validate_token).with(refresh_token, nil).at_least(:once)
+      end
+    end
+
+    context 'when refresh token values are empty strings' do
+      it 'falls back to parameter refresh token when cookie and body have empty strings' do
+        response_body = {
+          'sessionJwt' => '',
+          'refreshJwt' => '',
+          'cookieData' => {
+            'DSR' => ''
+          },
+          'cookies' => {
+            'DS' => valid_token
+          }
+        }
+
+        allow(client).to receive(:post).and_return(response_body)
+        allow(client).to receive(:validate_token).and_return({ 'sub' => 'user123' })
+
+        result = client.refresh_session(refresh_token: refresh_token)
+
+        expect(result).to be_a(Hash)
+        expect(client).to have_received(:validate_token).with(refresh_token, nil).at_least(:once)
+      end
+    end
+  end
+end

data/spec/factories/user.rb

@@ -10,7 +10,7 @@ FactoryBot.define do
     phone { "+1#{Faker::Number.number(digits: 10)}" }
     name { Faker::Name.name }
     given_name { Faker::Name.first_name }
-    middle_name { 'Ruby SDK User' }
+    middle_name { "#{SpecUtils.build_prefix}Ruby-SDK-User" }
     family_name { Faker::Name.last_name }
   end
 end

data/spec/integration/lib.descope/api/v1/auth/enchantedlink_spec.rb

@@ -3,31 +3,25 @@
 require 'spec_helper'
 
 def poll_for_session(descope_client, pending_ref)
-  max_tries = 15
-  i = 0
-  done = false
-  while !done && i < max_tries
+  @client.logger.info('Waiting for session to be created...')
+  
+  SpecUtils.wait_for_condition(max_wait: 60, interval: 3, description: 'enchanted link session') do
     begin
-      i += 1
-      @client.logger.info('waiting 4 seconds for session to be created...')
-      sleep(4)
-      print '.'
       @client.logger.info("Getting session for pending_ref: #{pending_ref}...")
       jwt_response = descope_client.enchanted_link_get_session(pending_ref)
-      done = true
+      
+      if jwt_response
+        @client.logger.info("jwt_response: #{jwt_response}")
+        refresh_token = jwt_response[Descope::Mixins::Common::REFRESH_SESSION_TOKEN_NAME]['jwt']
+        @client.logger.info("refresh_token: #{refresh_token}")
+        return refresh_token
+      end
+      
+      false
     rescue Descope::AuthException, Descope::Unauthorized => e
-      @client.logger.info("Failed pending session, err: #{e}")
-     nil
+      @client.logger.info("Waiting for session, err: #{e}")
+      false
     end
-
-    next unless jwt_response
-
-    @client.logger.info("jwt_response: #{jwt_response}")
-    refresh_token = jwt_response[Descope::Mixins::Common::REFRESH_SESSION_TOKEN_NAME]['jwt']
-
-    @client.logger.info("refresh_token: #{refresh_token}")
-    done = true
-    return refresh_token
   end
 end
 
@@ -60,9 +54,13 @@ describe Descope::Api::V1::Auth::EnchantedLink do
     @client.logger.info('Cleaning up test users...')
     all_users = @client.search_all_users
     all_users['users'].each do |user|
-      if user['middleName'] == 'Ruby SDK User'
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
         @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
-        @client.delete_user(user['loginIds'][0])
+        begin
+          @client.delete_user(user['loginIds'][0])
+        rescue Descope::NotFound => e
+          @client.logger.info("User already deleted: #{e.message}")
+        end
       end
     end
   end

data/spec/integration/lib.descope/api/v1/auth/magiclink_spec.rb

@@ -11,9 +11,13 @@ describe Descope::Api::V1::Auth::MagicLink do
     @client.logger.info('Cleaning up test users...')
     all_users = @client.search_all_users
     all_users['users'].each do |user|
-      if user['middleName'] == 'Ruby SDK User'
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
         @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
-        @client.delete_user(user['loginIds'][0])
+        begin
+          @client.delete_user(user['loginIds'][0])
+        rescue Descope::NotFound => e
+          @client.logger.info("User already deleted: #{e.message}")
+        end
       end
     end
   end

data/spec/integration/lib.descope/api/v1/auth/otp_spec.rb

@@ -19,9 +19,13 @@ describe Descope::Api::V1::Auth::OTP do
     @client.logger.info('Cleaning up test users...')
     all_users = @client.search_all_users
     all_users['users'].each do |user|
-      if user['middleName'] == 'Ruby SDK User'
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
         @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
-        @client.delete_user(user['loginIds'][0])
+        begin
+          @client.delete_user(user['loginIds'][0])
+        rescue Descope::NotFound => e
+          @client.logger.info("User already deleted: #{e.message}")
+        end
       end
     end
   end

data/spec/integration/lib.descope/api/v1/auth/session_spec.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Session do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+    
+    # Cleanup any existing test users before starting
+    @client.logger.info('Cleaning up any existing test users before starting...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
+        @client.logger.info("Deleting existing ruby spec test user #{user['loginIds'][0]}")
+        begin
+          @client.delete_user(user['loginIds'][0])
+        rescue Descope::NotFound => e
+          @client.logger.info("User already deleted: #{e.message}")
+        end
+      end
+    end
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        begin
+          @client.delete_user(user['loginIds'][0])
+        rescue Descope::NotFound => e
+          @client.logger.info("User already deleted: #{e.message}")
+        end
+      end
+    end
+  end
+
+  context 'test session methods' do
+    it 'should refresh session with refresh token' do
+      @password = SpecUtils.generate_password
+      # Add timestamp to ensure unique login_id across multiple test runs
+      user = build(:user, login_id: "session_test_#{Time.now.to_i}_#{SecureRandom.hex(4)}")
+
+      @client.logger.info("1. Sign up with password for user: #{user[:login_id]}")
+      res = @client.password_sign_up(login_id: user[:login_id], password: @password, user:)
+      @client.logger.info("sign up with password res: #{res}")
+      original_refresh_token = res[REFRESH_SESSION_TOKEN_NAME]['jwt']
+
+      @client.logger.info('2. Sign in with password')
+      login_res = @client.password_sign_in(login_id: user[:login_id], password: @password)
+      @client.logger.info("sign_in res: #{login_res}")
+
+      @client.logger.info('3. Wait briefly to ensure token timestamps differ')
+      sleep(2)  # Wait 2 seconds to ensure new token will have different 'iat' timestamp
+
+      @client.logger.info('4. Refresh session')
+      refresh_session_res = @client.refresh_session(refresh_token: login_res[REFRESH_SESSION_TOKEN_NAME]['jwt'])
+      @client.logger.info("refresh_session_res: #{refresh_session_res}")
+
+      new_refresh_token = refresh_session_res[REFRESH_SESSION_TOKEN_NAME]['jwt']
+      @client.logger.info("new_refresh_token: #{new_refresh_token}")
+
+      @client.logger.info('5. Check new refresh token is not the same as the original one')
+      expect(original_refresh_token).not_to eq(new_refresh_token)
+    end
+  end
+end

data/spec/integration/lib.descope/api/v1/auth/totp_spec.rb

@@ -12,9 +12,13 @@ describe Descope::Api::V1::Auth::TOTP do
     @client.logger.info('Cleaning up test users...')
     all_users = @client.search_all_users
     all_users['users'].each do |user|
-      if user['middleName'] == 'Ruby SDK User'
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
         @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
-        @client.delete_user(user['loginIds'][0])
+        begin
+          @client.delete_user(user['loginIds'][0])
+        rescue Descope::NotFound => e
+          @client.logger.info("User already deleted: #{e.message}")
+        end
       end
     end
   end

data/spec/integration/lib.descope/api/v1/management/access_key_spec.rb

@@ -4,6 +4,8 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::AccessKey do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
   end
 
@@ -28,7 +30,16 @@ describe Descope::Api::V1::Management::AccessKey do
       @tenant_id = @client.create_tenant(name: 'some-new-tenant')['id']
       @client.logger.info('creating access key')
       @access_key = @client.create_access_key(name: @key_name, key_tenants: [{ tenant_id: @tenant_id }])
-      sleep 60
+      @client.logger.info("waiting for access key #{@access_key['key']['id']} to be active")
+      SpecUtils.wait_for_condition(max_wait: 65, interval: 3, description: 'access key to be active') do
+        begin
+          key = @client.load_access_key(@access_key['key']['id'])
+          key['key']['status'] == 'active'
+        rescue StandardError => e
+          @client.logger.info("Waiting for key activation: #{e.message}")
+          false
+        end
+      end
     end
 
     it 'should create the access key and load it' do