descope 1.0.6 → 1.1.0

data/spec/lib.descope/api/v1/auth_spec.rb

@@ -249,7 +249,13 @@ describe Descope::Api::V1::Auth do
     end
 
     it 'is expected to select tenant' do
-      jwt_response = { 'fake': 'response' }
+      jwt_response = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt',
+        'cookies' => {
+          'refresh_token' => 'fake_refresh_cookie'
+        }
+      }
 
       expect(@instance).to receive(:post).with(
         SELECT_TENANT_PATH, { tenantId: 'tenant123' }, {}, 'refresh-token'
@@ -390,20 +396,26 @@ describe Descope::Api::V1::Auth do
     end
 
     it 'is expected to successfully exchange access key without login_options' do
-      jwt_response = { 'fake': 'response' }
+      jwt_response = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt'
+      }
       access_key = 'abc'
 
       expect(@instance).to receive(:post).with(
         EXCHANGE_AUTH_ACCESS_KEY_PATH, { loginOptions: {}, audience: 'IT' }, {}, access_key
       ).and_return(jwt_response)
 
-      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+      allow(@instance).to receive(:generate_auth_info).and_return(jwt_response)
 
       expect { @instance.exchange_access_key(access_key:, audience: 'IT') }.not_to raise_error
     end
 
     it 'is expected to successfully exchange access key with login_options' do
-      jwt_response = { 'fake': 'response' }
+      jwt_response = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt'
+      }
       access_key = 'abc'
 
       expect(@instance).to receive(:post).with(
@@ -413,9 +425,159 @@ describe Descope::Api::V1::Auth do
         access_key
       ).and_return(jwt_response)
 
-      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+      allow(@instance).to receive(:generate_auth_info).and_return(jwt_response)
 
       expect { @instance.exchange_access_key(access_key:, login_options: { customClaims: { k1: 'v1' } }, audience: 'IT') }.not_to raise_error
     end
   end
+
+  describe '#generate_auth_info cookie handling enhancements' do
+    let(:audience) { nil }
+    let(:session_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbSJ9.session_sig' }
+    let(:refresh_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbSJ9.refresh_sig' }
+    
+    let(:mock_token_validation) do
+      {
+        'iss' => 'https://api.descope.com/P2abcde12345',
+        'sub' => 'U2abcde12345',
+        'permissions' => ['read', 'write'],
+        'roles' => ['admin'],
+        'tenants' => { 'tenant1' => { 'permissions' => ['read'] } }
+      }
+    end
+
+    before do
+      allow(@instance).to receive(:validate_token).and_return(mock_token_validation)
+    end
+
+    context 'when session token is in cookies (custom domain scenario)' do
+      let(:response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com',
+          'cookies' => {
+            'DS' => session_jwt,      # Session token in cookies
+            'DSR' => refresh_jwt      # Refresh token in cookies
+          }
+        }
+      end
+
+      it 'extracts session token from cookies when not in response body' do
+        result = @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+
+      it 'validates session token from cookies' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        
+        @instance.send(:generate_auth_info, response_body, nil, true, audience)
+      end
+
+      it 'includes permissions and roles from cookie tokens' do
+        result = @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        
+        expect(result['permissions']).to eq(['read', 'write'])
+        expect(result['roles']).to eq(['admin'])
+        expect(result['tenants']).to eq({ 'tenant1' => { 'permissions' => ['read'] } })
+      end
+    end
+
+    context 'when session token is in response body and refresh token in cookies' do
+      let(:response_body) do
+        {
+          'sessionJwt' => session_jwt,  # Session token in response body
+          'userId' => 'test123',
+          'cookies' => {
+            'DSR' => refresh_jwt        # Only refresh token in cookies
+          }
+        }
+      end
+
+      it 'uses session token from response body and refresh token from cookies' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        
+        result = @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+    end
+
+    context 'when refresh token is passed as parameter' do
+      let(:response_body) do
+        {
+          'userId' => 'test123',
+          'cookies' => {
+            'DS' => session_jwt         # Only session token in cookies
+          }
+        }
+      end
+
+      it 'uses passed refresh token when not in response body or cookies' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        
+        result = @instance.send(:generate_auth_info, response_body, refresh_jwt, true, audience)
+        
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+    end
+
+    context 'error handling for missing tokens' do
+      let(:response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookies' => {}  # No tokens anywhere
+        }
+      end
+
+      it 'raises helpful error when no refresh token is found' do
+        expect {
+          @instance.send(:generate_auth_info, response_body, nil, true, audience)
+        }.to raise_error(Descope::AuthException, /Could not find refreshJwt in response body \/ cookies \/ passed in refresh_token/)
+      end
+    end
+
+    context 'backward compatibility' do
+      let(:traditional_response_body) do
+        {
+          'sessionJwt' => session_jwt,
+          'refreshJwt' => refresh_jwt,
+          'userId' => 'test123'
+        }
+      end
+
+      it 'continues to work with traditional response body tokens' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return(mock_token_validation)
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        
+        result = @instance.send(:generate_auth_info, traditional_response_body, nil, true, audience)
+        
+        expect(result['sessionToken']).to eq(mock_token_validation)
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+
+      it 'works with same-domain cookies (existing RestClient behavior)' do
+        response_with_restclient_cookies = {
+          'userId' => 'test123',
+          'cookies' => {
+            'DSR' => refresh_jwt
+          }
+        }
+
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return(mock_token_validation)
+        
+        result = @instance.send(:generate_auth_info, response_with_restclient_cookies, nil, false, audience)
+        
+        expect(result['refreshSessionToken']).to eq(mock_token_validation)
+      end
+    end
+  end
 end

data/spec/lib.descope/api/v1/cookie_domain_fix_integration_spec.rb

@@ -0,0 +1,245 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Cookie Domain Fix Integration' do
+  before(:all) do
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth)
+    dummy_instance.extend(Descope::Mixins::HTTP)
+    dummy_instance.extend(Descope::Mixins::Common::EndpointsV1)
+    @instance = dummy_instance
+  end
+
+  describe 'refresh_session with custom domain cookies' do
+    let(:refresh_token) { 'test_refresh_token' }
+    let(:audience) { nil }
+    
+    let(:session_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbS9QMmFiY2RlMTIzNDUiLCJzdWIiOiJVMmFiY2RlMTIzNDUifQ.session_signature' }
+    let(:refresh_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbS9QMmFiY2RlMTIzNDUiLCJzdWIiOiJVMmFiY2RlMTIzNDUifQ.refresh_signature' }
+
+    context 'when Descope is configured for cookie-only tokens with custom domain' do
+      let(:api_response_body) do
+        # Response body without sessionJwt/refreshJwt (cookie-only configuration)
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com',
+          'cookiePath' => '/'
+        }
+      end
+
+      let(:set_cookie_headers) do
+        [
+          "DS=#{session_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; SameSite=None",
+          "DSR=#{refresh_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; SameSite=None; Max-Age=2592000"
+        ]
+      end
+
+      let(:mock_response) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({}) # RestClient filters out custom domain cookies
+          allow(response).to receive(:headers).and_return({ 'set-cookie' => set_cookie_headers })
+        end
+      end
+
+      before do
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345',
+          'permissions' => [],
+          'roles' => [],
+          'tenants' => {}
+        })
+        allow(@instance).to receive(:call).and_return(mock_response)
+      end
+
+      it 'successfully extracts tokens from Set-Cookie headers' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        expect(result).to be_a(Hash)
+        expect(result['sessionToken']).to be_a(Hash)
+        expect(result['sessionToken']['iss']).to eq('https://api.descope.com/P2abcde12345')
+        expect(result['sessionToken']['sub']).to eq('U2abcde12345')
+        
+        expect(result['refreshSessionToken']).to be_a(Hash)
+        expect(result['refreshSessionToken']['iss']).to eq('https://api.descope.com/P2abcde12345')
+        expect(result['refreshSessionToken']['sub']).to eq('U2abcde12345')
+        
+        expect(result['cookieData'][:domain]).to eq('dev.lulukuku.com')
+      end
+
+      it 'validates the extracted session token' do
+        expect(@instance).to receive(:validate_token).with(session_jwt, audience).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345'
+        })
+
+        @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+      end
+
+      it 'validates the extracted refresh token' do
+        expect(@instance).to receive(:validate_token).with(refresh_jwt, audience).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345'
+        })
+
+        @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+      end
+
+      it 'includes cookie metadata in response' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        expect(result['cookieData'][:domain]).to eq('dev.lulukuku.com')
+      end
+    end
+
+    context 'when only refresh token is in cookies (partial custom domain)' do
+      let(:api_response_body) do
+        {
+          'sessionJwt' => session_jwt,  # Session token in response body
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com'
+        }
+      end
+
+      let(:set_cookie_headers) do
+        [
+          "DSR=#{refresh_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; Max-Age=2592000"
+        ]
+      end
+
+      let(:mock_response) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({})
+          allow(response).to receive(:headers).and_return({ 'set-cookie' => set_cookie_headers })
+        end
+      end
+
+      before do
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345',
+          'permissions' => [],
+          'roles' => [],
+          'tenants' => {}
+        })
+        allow(@instance).to receive(:call).and_return(mock_response)
+      end
+
+      it 'handles mixed token sources (response body + custom domain cookies)' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        
+        expect(result).to be_a(Hash)
+        expect(result['sessionToken']).to_not be_nil
+        expect(result['refreshSessionToken']).to_not be_nil
+      end
+    end
+
+    context 'error handling for custom domain configurations' do
+      let(:api_response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com'
+        }
+      end
+
+      let(:mock_response_no_cookies) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({})
+          allow(response).to receive(:headers).and_return({}) # No Set-Cookie headers
+        end
+      end
+
+      before do
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345'
+        })
+        allow(@instance).to receive(:call).and_return(mock_response_no_cookies)
+      end
+
+      it 'provides helpful error message when no tokens are found' do
+        result = @instance.refresh_session(refresh_token: refresh_token, audience: audience)
+        expect(result).to be_a(Hash)
+        expect(result['sessionToken']).to be_nil
+        expect(result['refreshSessionToken']).to_not be_nil
+      end
+    end
+  end
+
+  describe 'validate_and_refresh_session with custom domain cookies' do
+    let(:session_token) { 'expired_session_token' }
+    let(:refresh_token) { 'valid_refresh_token' }
+    let(:audience) { nil }
+
+    context 'when session is expired and refresh uses custom domain cookies' do
+      let(:refresh_jwt) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5kZXNjb3BlLmNvbSJ9.signature' }
+      
+      let(:api_response_body) do
+        {
+          'userId' => 'test123',
+          'cookieExpiration' => 1640704758,
+          'cookieDomain' => 'dev.lulukuku.com'
+        }
+      end
+
+      let(:set_cookie_headers) do
+        [
+          "DS=new_session_jwt; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure",
+          "DSR=#{refresh_jwt}; Path=/; Domain=dev.lulukuku.com; HttpOnly; Secure; Max-Age=2592000"
+        ]
+      end
+
+      let(:mock_response) do
+        double('response').tap do |response|
+          allow(response).to receive(:code).and_return(200)
+          allow(response).to receive(:body).and_return(api_response_body.to_json)
+          allow(response).to receive(:cookies).and_return({})
+          allow(response).to receive(:headers).and_return({ 'set-cookie' => set_cookie_headers })
+        end
+      end
+
+      before do
+        # Mock session validation to fail (expired token)
+        allow(@instance).to receive(:validate_session).and_raise(Descope::AuthException.new('Token expired'))
+        
+        # Mock refresh_session to work with custom domain cookies
+        allow(@instance).to receive(:validate_refresh_token_not_nil).and_return(true)
+        allow(@instance).to receive(:validate_token).and_return({
+          'iss' => 'https://api.descope.com/P2abcde12345',
+          'sub' => 'U2abcde12345',
+          'permissions' => [],
+          'roles' => [],
+          'tenants' => {}
+        })
+        allow(@instance).to receive(:call).and_return(mock_response)
+      end
+
+      it 'falls back to refresh_session when validate_session fails' do
+        expect(@instance).to receive(:refresh_session).with(
+          refresh_token: refresh_token,
+          audience: audience
+        ).and_call_original
+
+        result = @instance.validate_and_refresh_session(
+          session_token: session_token,
+          refresh_token: refresh_token,
+          audience: audience
+        )
+
+        expect(result).to be_a(Hash)
+      end
+    end
+  end
+end

data/spec/lib.descope/api/v1/management/sso_application_spec.rb

@@ -0,0 +1,217 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Management::SSOApplication do
+  before(:all) do
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Management::SSOApplication)
+    @instance = dummy_instance
+  end
+
+  context('.create_sso_oidc_application') do
+    it 'should respond to .create_saml_application' do
+      expect(@instance).to respond_to :create_saml_application
+    end
+
+    it 'is expected to create SAML application' do
+      expect(@instance).to receive(:post).with(
+        SSO_APPLICATION_OIDC_CREATE_PATH, {
+          id: 'tenant1',
+          name: 'test',
+          description: 'awesome tenant',
+          enabled: true,
+          logo: 'https://logo.com',
+          loginPageUrl: 'https://dummy.com/login'
+        }
+      )
+      expect do
+        @instance.create_sso_oidc_app(
+          id: 'tenant1',
+          name: 'test',
+          description: 'awesome tenant',
+          enabled: true,
+          logo: 'https://logo.com',
+          login_page_url: 'https://dummy.com/login'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context('.create_saml_application') do
+    it 'should respond to .create_saml_application' do
+      expect(@instance).to respond_to :create_saml_application
+    end
+
+    it 'is expected to create SAML application' do
+      expect(@instance).to receive(:post).with(
+        SSO_APPLICATION_SAML_CREATE_PATH, {
+          name: 'test',
+          description: 'awesome tenant',
+          id: 'tenant1',
+          loginPageUrl: 'https://dummy.com/login',
+          logo: 'https://logo.com',
+          enabled: true,
+          useMetadataInfo: true,
+          metadataUrl: 'https://dummy.com/metadata',
+          entityId: 'ent1234',
+          acsUrl: 'https://dummy.com/acs',
+          certificate: 'something',
+          attributeMapping: [
+            {
+              'abc': '123'
+            }
+          ],
+          groupsMapping: [
+            {
+              'abc': '123'
+            }
+          ],
+          acsAllowedCallbacks: true,
+          subjectNameIdType: 'test',
+          subjectNameIdFormat: 'test',
+          defaultRelayState: 'test',
+          forceAuthentication: true,
+          logoutRedirectUrl: 'https://dummy.com/logout'
+        }
+      )
+      expect do
+        @instance.create_saml_application(
+          name: 'test',
+          login_page_url: 'https://dummy.com/login',
+          id: 'tenant1',
+          description: 'awesome tenant',
+          logo: 'https://logo.com',
+          enabled: true,
+          use_metadata_info: true,
+          metadata_url: 'https://dummy.com/metadata',
+          entity_id: 'ent1234',
+          acs_url: 'https://dummy.com/acs',
+          certificate: 'something',
+          attribute_mapping: [
+            {
+              'abc': '123'
+            }
+          ],
+          groups_mapping: [
+            {
+              'abc': '123'
+            }
+          ],
+          acs_allowed_callbacks: true,
+          subject_name_id_type: 'test',
+          subject_name_id_format: 'test',
+          default_relay_state: 'test',
+          force_authentication: true,
+          logout_redirect_url: 'https://dummy.com/logout'
+        )
+      end.not_to raise_error
+    end
+
+    it 'is expected to raise error if metadata_url is empty' do
+      expect do
+        @instance.create_saml_application(
+          name: 'test',
+          login_page_url: 'https://dummy.com/login',
+          id: 'tenant1',
+          description: 'awesome tenant',
+          logo: 'https://logo.com',
+          enabled: true,
+          use_metadata_info: true,
+          entity_id: 'ent1234',
+          acs_url: 'https://dummy.com/acs',
+          certificate: 'something',
+          attribute_mapping: [
+            {
+              'abc': '123'
+            }
+          ],
+          groups_mapping: [
+            {
+              'abc': '123'
+            }
+          ],
+          acs_allowed_callbacks: true,
+          subject_name_id_type: 'test',
+          subject_name_id_format: 'test',
+          default_relay_state: 'test',
+          force_authentication: true,
+          logout_redirect_url: 'https://dummy.com/logout'
+        )
+      end.to raise_error(Descope::ArgumentException, 'metadata_url argument must be set')
+    end
+  end
+
+  it 'is expected to raise error if entity_id acs_url and certificate arguments are missing' do
+    expect do
+      @instance.create_saml_application(
+        name: 'test',
+        login_page_url: 'https://dummy.com/login',
+        id: 'tenant1',
+        description: 'awesome tenant',
+        logo: 'https://logo.com',
+        enabled: true,
+        attribute_mapping: [
+          {
+            'abc': '123'
+          }
+        ],
+        groups_mapping: [
+          {
+            'abc': '123'
+          }
+        ],
+        acs_allowed_callbacks: true,
+        subject_name_id_type: 'test',
+        subject_name_id_format: 'test',
+        default_relay_state: 'test',
+        force_authentication: true,
+        logout_redirect_url: 'https://dummy.com/logout'
+      )
+    end.to raise_error(Descope::ArgumentException, 'entity_id, acs_url, certificate arguments must be set')
+  end
+
+  it 'is expected to update sso oidc application' do
+    expect(@instance).to receive(:post).with(
+      SSO_APPLICATION_OIDC_UPDATE_PATH, {
+        id: 'tenant1',
+        name: 'test',
+        description: 'awesome tenant',
+        enabled: true,
+        logo: 'https://logo.com',
+        loginPageUrl: 'https://dummy.com/login'
+      }
+    )
+    expect do
+      @instance.update_sso_oidc_app(
+        id: 'tenant1',
+        name: 'test',
+        description: 'awesome tenant',
+        enabled: true,
+        logo: 'https://logo.com',
+        login_page_url: 'https://dummy.com/login'
+      )
+    end.not_to raise_error
+  end
+
+  it 'is expected to delete sso app' do
+    expect(@instance).to receive(:delete).with(
+      SSO_APPLICATION_DELETE_PATH, { id: 'tenant1' }
+    )
+    expect { @instance.delete_sso_app('tenant1') }.not_to raise_error
+  end
+
+  it 'is expected to load sso app' do
+    expect(@instance).to receive(:get).with(
+      SSO_APPLICATION_LOAD_PATH, { id: 'tenant1' }
+    )
+    expect { @instance.load_sso_app('tenant1') }.not_to raise_error
+  end
+
+  it 'is expected to load all sso apps' do
+    expect(@instance).to receive(:get).with(
+      SSO_APPLICATION_LOAD_ALL_PATH, {}
+    )
+    expect { @instance.load_all_sso_apps }.not_to raise_error
+  end
+end

data/spec/lib.descope/api/v1/management/sso_settings_spec.rb

@@ -87,7 +87,7 @@ describe Descope::Api::V1::Management::SSOSettings do
 
     it 'is expected to configure SSO settings' do
       expect(@instance).to receive(:post).with(
-        SSO_SAML_PATH, {
+        SSO_SETTINGS_PATH, {
           tenantId: '123',
           settings: {
             name: 'test',
@@ -132,7 +132,7 @@ describe Descope::Api::V1::Management::SSOSettings do
 
     it 'is expected to configure SAML metadata' do
       expect(@instance).to receive(:post).with(
-        SSO_SAML_METADATA_PATH, {
+        SSO_METADATA_PATH, {
           tenantId: '123',
           settings: {
             name: 'test',