kinde_sdk 1.1.0 → 1.2.0

data/lib/kinde_sdk/client.rb

@@ -2,46 +2,57 @@ require "kinde_api"
 
 module KindeSdk
   class Client
-    attr_accessor :kinde_api_client
-    attr_accessor :bearer_token
+    include FeatureFlags
+    include Permissions
 
-    def initialize(sdk_api_client, bearer_token)
+    attr_accessor :kinde_api_client, :bearer_token, :tokens_hash, :expires_at
+
+    def initialize(sdk_api_client, tokens_hash)
       @kinde_api_client = sdk_api_client
-      @bearer_token = bearer_token
-      @decoded_token = JWT.decode(bearer_token, nil, false)
+      set_hash_related_data(tokens_hash)
     end
 
-    def get_claim(*args)
-      @decoded_token[0].dig(*args)
+    def token_expired?
+      expires_at.to_i > 0 && (expires_at <= Time.now.to_i)
     end
 
-    def get_permissions
-      get_claim("permissions")
+    def refresh_token
+      new_tokens_hash = KindeSdk.refresh_token(tokens_hash)
+      set_hash_related_data(new_tokens_hash)
+      @kinde_api_client = KindeSdk.api_client(tokens_hash["access_token"])
+      new_tokens_hash
     end
 
-    def get_permission(permission)
-      {
-        org_code: get_claim("org_code"),
-        is_granted: permission_granted?(permission)
-      }
-    end
+    # token_type is one of: :access_token, :id_token
+    #
+    # @return [Hash]
+    # @example {name: "scp", value: ["openid", "offline"]}
+    def get_claim(claim, token_type = :access_token)
+      token = tokens_hash[token_type]
+      return unless token
 
-    def permission_granted?(permission)
-      get_claim("permissions").include?(permission)
-    end
+      value = JWT.decode(token, nil, false)[0][claim]
+      return unless value
 
-    def logout
-      KindeSdk.logout(bearer_token, kinde_api_client)
+      { name: claim, value: value }
     end
 
     ::KindeApi.constants.filter { |klass| klass.to_s.end_with?("Api") }.each do |klass|
       api_klass = Kernel.const_get("KindeApi::#{klass}")
 
-      define_method(klass.to_s.downcase.split("api")[0]) { init_instance_api(api_klass) }
+      define_method(klass.to_s.gsub(/([a-z\d])([A-Z])/) { "#{$1}_#{$2}" }.downcase.split("_api")[0]) do
+        init_instance_api(api_klass)
+      end
     end
 
     private
 
+    def set_hash_related_data(tokens_hash)
+      @tokens_hash = tokens_hash.transform_keys(&:to_sym)
+      @bearer_token = tokens_hash[:access_token]
+      @expires_at = tokens_hash[:expires_at]
+    end
+
     def init_instance_api(api_klass)
       api_klass.new(kinde_api_client)
     end

data/lib/kinde_sdk/configuration.rb

@@ -14,7 +14,6 @@ module KindeSdk
     attr_accessor :debugging
     attr_accessor :oauth_client
     attr_accessor :pkce_enabled
-    attr_accessor :business_name
 
     def initialize
       @authorize_url = '/oauth2/auth'
@@ -23,7 +22,6 @@ module KindeSdk
       @logger = defined?(Rails) ? Rails.logger : Logger.new(STDOUT)
       @scope = 'openid offline email profile'
       @pkce_enabled = true
-      @business_name = nil
 
       yield(self) if block_given?
     end

data/lib/kinde_sdk/version.rb

@@ -1,3 +1,3 @@
 module KindeSdk
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
 end

data/lib/kinde_sdk.rb

@@ -1,11 +1,14 @@
 require "kinde_sdk/version"
 require "kinde_sdk/configuration"
+require "kinde_sdk/client/feature_flags"
+require "kinde_sdk/client/permissions"
 require "kinde_sdk/client"
 
 require 'securerandom'
 require 'oauth2'
 require 'pkce_challenge'
 require 'faraday/follow_redirects'
+require 'uri'
 
 module KindeSdk
   class << self
@@ -24,9 +27,9 @@ module KindeSdk
     # receive url for authorization in Kinde itself
     #
     # @return [Hash]
-    def auth_url(**kwargs)
+    def auth_url(redirect_uri: @config.callback_url, **kwargs)
       params = {
-        redirect_uri: @config.callback_url,
+        redirect_uri: redirect_uri,
         state: SecureRandom.hex,
         scope: @config.scope
       }.merge(**kwargs)
@@ -43,26 +46,34 @@ module KindeSdk
     # when callback processor receives code, it needs to be used for fetching bearer token
     #
     # @return [Hash]
-    def fetch_tokens(params_or_code, code_verifier = nil)
+    def fetch_tokens(params_or_code, code_verifier: nil, redirect_uri: @config.callback_url)
       code = params_or_code.kind_of?(Hash) ? params.fetch("code") : params_or_code
-      params = { redirect_uri: @config.callback_url }
+      params = {
+        redirect_uri: redirect_uri,
+        headers: { 'User-Agent' => "Kinde-SDK: Ruby/#{KindeSdk::VERSION}" }
+      }
       params[:code_verifier] = code_verifier if code_verifier
       @config.oauth_client.auth_code.get_token(code.to_s, params).to_hash
     end
 
+    # tokens_hash #=>
+    # {"access_token"=>"eyJhbGciOiJSUzI1NiIsIm...",
+    #  "expires_in"=>86399,
+    #  "id_token"=>"eyJhbGciOiJSUz",
+    #  "refresh_token"=>"eyJhbGciOiJSUz",
+    #  "scope"=>"openid offline email profile",
+    #  "token_type"=>"bearer"}
+    #
     # @return [KindeSdk::Client]
-    def client(bearer_token)
-      sdk_api_client = api_client(bearer_token)
-      KindeSdk::Client.new(sdk_api_client, bearer_token)
+    def client(tokens_hash)
+      sdk_api_client = api_client(tokens_hash["access_token"])
+      KindeSdk::Client.new(sdk_api_client, tokens_hash)
     end
 
-    def logout(bearer_token, sdk_api_client = nil)
-      (sdk_api_client || api_client(bearer_token))
-        .call_api(
-          :get, '/logout',
-          query_params: { 'redirect' => @config.logout_url },
-          header_params: { 'Authorization' => "Bearer #{bearer_token}" }
-        )
+    def logout_url
+      query = @config.logout_url ? URI.encode_www_form(redirect: @config.logout_url) : nil
+      host = URI::parse(@config.domain).host
+      URI::HTTP.build(host: host, path: '/logout', query: query).to_s
     end
 
     def client_credentials_access(
@@ -97,10 +108,10 @@ module KindeSdk
       config = KindeApi::Configuration.default
       config.configure do |c|
         c.access_token = bearer_token
-        c.server_variables = { businessName: business_name }
         c.host = @config.domain
         c.debugging = @config.debugging
         c.logger = @config.logger
+        c.scheme = url_scheme(c.scheme)
       end
 
       KindeApi::ApiClient.new(config)
@@ -108,10 +119,11 @@ module KindeSdk
 
     private
 
-    def business_name
-      # from https://example.kinde.com fetches `example`
-      # from https://example-chamois.au.kinde.com fetches `example-chamois.au`
-      @config.business_name || @config.domain.split("//")[1].split(".")[0..-3].join(".")
+    def url_scheme(default_scheme)
+      parsed_url = URI.parse(@config.domain.to_s)
+      parsed_url.scheme || default_scheme
+    rescue URI::InvalidURIError
+      default_scheme
     end
   end
 end

data/spec/kinde_sdk_spec.rb

@@ -5,6 +5,7 @@ describe KindeSdk do
   let(:client_id) { "client_id" }
   let(:client_secret) { "client_secret" }
   let(:callback_url) { "http://localhost:3000/callback" }
+  let(:logout_url) { "http://localhost/logout-callback" }
 
   before do
     KindeSdk.configure do |c|
@@ -12,6 +13,7 @@ describe KindeSdk do
       c.client_id = client_id
       c.client_secret = client_secret
       c.callback_url = callback_url
+      c.logout_url = logout_url
     end
   end
 
@@ -20,12 +22,71 @@ describe KindeSdk do
       auth_obj = described_class.auth_url
       expect(auth_obj[:code_verifier]).not_to be_nil
       expect(auth_obj[:url]).to start_with("#{domain}/oauth2/auth?client_id=#{client_id}&")
+      expect(auth_obj[:url]).to match(/localhost%3A3000%2Fcallback/)
+    end
+
+    it "allows override callback url" do
+      auth_obj = described_class.auth_url(redirect_uri: "localhost:5000/another_callback")
+      expect(auth_obj[:url]).to match(/localhost%3A5000%2Fanother_callback/)
+    end
+  end
+
+  describe "#logout_url" do
+    it "returns logout url" do
+      expect(described_class.logout_url)
+        .to eq("http://example.com/logout?redirect=http%3A%2F%2Flocalhost%2Flogout-callback")
+    end
+
+    context "when logout url not set" do
+      let(:logout_url) { nil }
+      it "returns logout url without redirect query" do
+        expect(described_class.logout_url).to eq("http://example.com/logout")
+      end
     end
   end
 
   describe "#api_client" do
     it "returns initialized api_client instance of KindeApi" do
-      expect(described_class.api_client("bearer-token")).to be_instance_of(KindeApi::ApiClient)
+      expect(described_class.api_client({ "access_token": "bearer-token" }))
+        .to be_instance_of(KindeApi::ApiClient)
+    end
+  end
+
+  describe "#fetch_tokens" do
+    let(:code) { "some-code" }
+    before do
+      stub_request(:post, "#{domain}/oauth2/token")
+        .with(
+          body: {
+            "code" => code,
+            "grant_type" => "authorization_code",
+            "redirect_uri" => callback_url
+          },
+          headers: {
+            'Accept' => '*/*',
+            'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
+            'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
+            'Content-Type' => 'application/x-www-form-urlencoded',
+            'User-Agent' => "Kinde-SDK: Ruby/#{KindeSdk::VERSION}"
+          }
+        )
+        .to_return(
+          status: 200,
+          body: { "access_token": "eyJ", "expires_in": 86399, "scope": "", "token_type": "bearer" }.to_json,
+          headers: { "content-type" => "application/json;charset=UTF-8" }
+        )
+    end
+
+    it "calls /token url with proper body and headers" do
+      expect(described_class.fetch_tokens(code).keys).to eq(%w[scope token_type access_token refresh_token expires_at])
+    end
+
+    context "with redefined callback_url" do
+      let(:callback_url) { "another-callback" }
+
+      it "calls /token url with proper body and headers" do
+        expect(described_class.fetch_tokens(code).keys.size).to eq(5)
+      end
     end
   end
 
@@ -59,22 +120,89 @@ describe KindeSdk do
   describe "client" do
     let(:hash_to_encode) do
       { "aud" => [],
-       "azp" => "19ebb687cd2f405c9f2daf645a8db895",
-       "exp" => 1679600554,
-       "feature_flags" => nil,
-       "iat" => 1679514154,
-       "iss" => "https://example.kinde.com",
-       "jti" => "22c48b2c-da46-4661-a7ff-425c23eceab5",
-       "org_code" => "org_cb4544175bc",
-       "permissions" => ["read:todos", "create:todos"],
-       "scp" => ["openid", "offline"],
-       "sub" => "kp:b17adf719f7d4b87b611d1a88a09fd15" }
+        "azp" => "19ebb687cd2f405c9f2daf645a8db895",
+        "exp" => 1679600554,
+        "feature_flags" => {
+          "asd" => { "t" => "b", "v" => true },
+          "eeeeee" => { "t" => "i", "v" => 111 },
+          "qqq" => { "t" => "s", "v" => "aa" }
+        },
+        "iat" => 1679514154,
+        "iss" => "https://example.kinde.com",
+        "jti" => "22c48b2c-da46-4661-a7ff-425c23eceab5",
+        "org_code" => "org_cb4544175bc",
+        "permissions" => ["read:todos", "create:todos"],
+        "scp" => ["openid", "offline"],
+        "sub" => "kp:b17adf719f7d4b87b611d1a88a09fd15" }
     end
     let(:token) { JWT.encode(hash_to_encode, nil, "none") }
-    let(:client) { described_class.client(token) }
+    let(:expires_at) { Time.now.to_i + 10000000 }
+    let(:client) { described_class.client({ "access_token": token, "expires_at": expires_at }) }
+
+    context "with feature flags" do
+      it "returns existing flags", :aggregate_failures do
+        expect(client.get_flag("asd")).to eq({ code: "asd", is_default: false, type: "boolean", value: true })
+        expect(client.get_flag("eeeeee")).to eq({ code: "eeeeee", is_default: false, type: "integer", value: 111 })
+        expect(client.get_flag("qqq")).to eq({ code: "qqq", is_default: false, type: "string", value: "aa" })
+
+        expect { client.get_flag("undefined") }
+          .to raise_error(StandardError, "This flag was not found, and no default value has been provided")
+      end
+
+      it "returns fallbacks if no flag present", :aggregate_failures do
+        expect(client.get_flag("undefined", { default_value: true }))
+          .to eq({ code: "undefined", is_default: true, value: true })
+
+        expect(client.get_flag("undefined", { default_value: true }, "b")[:value]).to eq(true)
+        expect(client.get_flag("undefined", { default_value: "true" }, "s")[:value]).to eq("true")
+        expect(client.get_flag("undefined", { default_value: 111 }, "i")[:value]).to eq(111)
+      end
+
+      it "raises argument error when no value type match", :aggregate_failures do
+        expect { client.get_flag("undefined", { default_value: true }, "s") }
+          .to raise_error(ArgumentError, "Flag undefined value type is different from requested type")
+
+        expect { client.get_flag("undefined", { default_value: true }, "i") }
+          .to raise_error(ArgumentError, "Flag undefined value type is different from requested type")
+
+        expect { client.get_flag("undefined", { default_value: "true" }, "b") }
+          .to raise_error(ArgumentError, "Flag undefined value type is different from requested type")
+      end
+
+      it "behaves the same way for boolean flag wrapper getter", :aggregate_failures do
+        expect { client.get_boolean_flag("eeeeee") }
+          .to raise_error(ArgumentError, "Flag eeeeee value type is different from requested type")
+        expect(client.get_boolean_flag("asd")).to eq(true)
+        expect(client.get_boolean_flag("undefined", false)).to eq(false)
+
+        expect { client.get_boolean_flag("undefined", "true") }
+          .to raise_error(ArgumentError, "Flag undefined value type is different from requested type")
+      end
+
+      it "behaves the same way for integer flag wrapper getter", :aggregate_failures do
+        expect { client.get_integer_flag("asd") }
+          .to raise_error(ArgumentError, "Flag asd value type is different from requested type")
+        expect(client.get_integer_flag("eeeeee")).to eq(111)
+        expect(client.get_integer_flag("undefined", 111)).to eq(111)
+
+        expect { client.get_integer_flag("undefined", "true") }
+          .to raise_error(ArgumentError, "Flag undefined value type is different from requested type")
+      end
+
+      it "behaves the same way for string flag wrapper getter", :aggregate_failures do
+        expect { client.get_string_flag("asd") }
+          .to raise_error(ArgumentError, "Flag asd value type is different from requested type")
+        expect(client.get_string_flag("qqq")).to eq("aa")
+        expect(client.get_string_flag("undefined", "111")).to eq("111")
+
+        expect { client.get_string_flag("undefined", true) }
+          .to raise_error(ArgumentError, "Flag undefined value type is different from requested type")
+      end
+    end
 
     it "returns requested claim from bearer", :aggregate_failures do
-      expect(client.get_claim("scp")).to eq(hash_to_encode["scp"])
+      expect(client.get_claim("scp")).to eq({ name: "scp", value: hash_to_encode["scp"] })
+      expect(client.get_claim("scp", :id_token)).to be_nil
       expect(client.get_claim("aaa")).to be_nil
     end
 
@@ -88,8 +216,18 @@ describe KindeSdk do
       expect(client.permission_granted?("asd")).to be(false)
     end
 
+    context "with expiration check" do
+      it { expect(client.token_expired?).to be(false) }
+
+      context "when token expired" do
+        let(:expires_at) { Time.now.to_i - 1 }
+
+        it { expect(client.token_expired?).to be(true) }
+      end
+    end
+
     describe "api instances" do
-      it 'initializes client by passing the bearer' do
+      it 'initializes client by passing the tokens_hash' do
         expect(client).to be_instance_of(KindeSdk::Client)
       end
 
@@ -100,6 +238,10 @@ describe KindeSdk do
       it "initializes users instance api" do
         expect(client.users).to be_instance_of(KindeApi::UsersApi)
       end
+
+      it "initializes feature flags instance api" do
+        expect(client.feature_flags).to be_instance_of(KindeApi::FeatureFlagsApi)
+      end
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,6 +1,8 @@
 require "kinde_sdk"
 require "webmock/rspec"
 
+WebMock.disable_net_connect!
+
 # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
 RSpec.configure do |config|
   # rspec-expectations config goes here. You can use an alternate