passageidentity 0.7.1 → 1.0.1

data/lib/openapi_client/models/user_status.rb

@@ -6,7 +6,7 @@
 The version of the OpenAPI document: 1
 Contact: support@passage.id
 Generated by: https://openapi-generator.tech
-Generator version: 7.11.0-SNAPSHOT
+Generator version: 7.11.0
 
 =end
 

data/lib/openapi_client/models/web_authn_devices.rb

@@ -6,7 +6,7 @@
 The version of the OpenAPI document: 1
 Contact: support@passage.id
 Generated by: https://openapi-generator.tech
-Generator version: 7.11.0-SNAPSHOT
+Generator version: 7.11.0
 
 =end
 

data/lib/openapi_client/models/web_authn_icons.rb

@@ -6,7 +6,7 @@
 The version of the OpenAPI document: 1
 Contact: support@passage.id
 Generated by: https://openapi-generator.tech
-Generator version: 7.11.0-SNAPSHOT
+Generator version: 7.11.0
 
 =end
 

data/lib/openapi_client/models/web_authn_type.rb

@@ -6,7 +6,7 @@
 The version of the OpenAPI document: 1
 Contact: support@passage.id
 Generated by: https://openapi-generator.tech
-Generator version: 7.11.0-SNAPSHOT
+Generator version: 7.11.0
 
 =end
 

data/lib/openapi_client/version.rb

@@ -6,7 +6,7 @@
 The version of the OpenAPI document: 1
 Contact: support@passage.id
 Generated by: https://openapi-generator.tech
-Generator version: 7.11.0-SNAPSHOT
+Generator version: 7.11.0
 
 =end
 

data/lib/openapi_client.rb

@@ -6,7 +6,7 @@
 The version of the OpenAPI document: 1
 Contact: support@passage.id
 Generated by: https://openapi-generator.tech
-Generator version: 7.11.0-SNAPSHOT
+Generator version: 7.11.0
 
 =end
 
@@ -17,25 +17,18 @@ require_relative 'openapi_client/version'
 require_relative 'openapi_client/configuration'
 
 # Models
-require_relative 'openapi_client/models/app_info'
-require_relative 'openapi_client/models/app_response'
 require_relative 'openapi_client/models/apple_user_social_connection'
-require_relative 'openapi_client/models/auth_methods'
 require_relative 'openapi_client/models/create_magic_link_request'
-require_relative 'openapi_client/models/create_user_request'
-require_relative 'openapi_client/models/element_customization'
-require_relative 'openapi_client/models/font_family'
+require_relative 'openapi_client/models/create_user_args'
 require_relative 'openapi_client/models/github_user_social_connection'
 require_relative 'openapi_client/models/google_user_social_connection'
-require_relative 'openapi_client/models/layout_config'
-require_relative 'openapi_client/models/layouts'
 require_relative 'openapi_client/models/link'
 require_relative 'openapi_client/models/list_devices_response'
 require_relative 'openapi_client/models/list_paginated_users_item'
 require_relative 'openapi_client/models/list_paginated_users_response'
 require_relative 'openapi_client/models/magic_link'
-require_relative 'openapi_client/models/magic_link_auth_method'
 require_relative 'openapi_client/models/magic_link_channel'
+require_relative 'openapi_client/models/magic_link_language'
 require_relative 'openapi_client/models/magic_link_response'
 require_relative 'openapi_client/models/magic_link_type'
 require_relative 'openapi_client/models/model400_error'
@@ -44,19 +37,12 @@ require_relative 'openapi_client/models/model403_error'
 require_relative 'openapi_client/models/model404_error'
 require_relative 'openapi_client/models/model500_error'
 require_relative 'openapi_client/models/nonce'
-require_relative 'openapi_client/models/otp_auth_method'
 require_relative 'openapi_client/models/paginated_links'
-require_relative 'openapi_client/models/passkeys_auth_method'
+require_relative 'openapi_client/models/passage_user'
 require_relative 'openapi_client/models/social_connection_type'
-require_relative 'openapi_client/models/technologies'
-require_relative 'openapi_client/models/theme_type'
-require_relative 'openapi_client/models/ttl_display_unit'
-require_relative 'openapi_client/models/update_user_request'
+require_relative 'openapi_client/models/update_user_args'
 require_relative 'openapi_client/models/user_event_action'
 require_relative 'openapi_client/models/user_event_status'
-require_relative 'openapi_client/models/user_info'
-require_relative 'openapi_client/models/user_metadata_field'
-require_relative 'openapi_client/models/user_metadata_field_type'
 require_relative 'openapi_client/models/user_recent_event'
 require_relative 'openapi_client/models/user_response'
 require_relative 'openapi_client/models/user_social_connections'
@@ -66,7 +52,6 @@ require_relative 'openapi_client/models/web_authn_icons'
 require_relative 'openapi_client/models/web_authn_type'
 
 # APIs
-require_relative 'openapi_client/api/apps_api'
 require_relative 'openapi_client/api/magic_links_api'
 require_relative 'openapi_client/api/tokens_api'
 require_relative 'openapi_client/api/user_devices_api'

data/lib/passageidentity/auth.rb

@@ -2,139 +2,66 @@
 
 require 'active_support'
 require 'jwt'
-require 'rubygems/deprecate'
-require_relative 'client'
 require_relative '../openapi_client'
 
 module Passage
   # The Passage::Auth class provides methods for authenticating requests and tokens
   class Auth
-    extend Gem::Deprecate
-
-    def initialize(app_id, api_key, auth_strategy)
-      @app_cache = ActiveSupport::Cache::MemoryStore.new
+    def initialize(app_id:, req_opts:)
       @app_id = app_id
-      @api_key = api_key
-      @auth_strategy = auth_strategy
+      @req_opts = req_opts
 
+      @app_cache = ActiveSupport::Cache::MemoryStore.new
       fetch_jwks
 
-      header_params = { 'Passage-Version' => "passage-ruby #{Passage::VERSION}" }
-      header_params['Authorization'] = "Bearer #{@api_key}" if @api_key != ''
-
-      @req_opts = {}
-      @req_opts[:header_params] = header_params
-      @req_opts[:debug_auth_names] = ['header']
-
-      @tokens_client = OpenapiClient::TokensApi.new
       @magic_links_client = OpenapiClient::MagicLinksApi.new
     end
 
-    def authenticate_request(request)
-      # Get the token based on the strategy
-      if @auth_strategy == Passage::COOKIE_STRATEGY
-        unless request.cookies.key?('psg_auth_token')
-          raise PassageError.new(
-            status_code: 401,
-            body: {
-              error: 'missing authentication token: expected "psg_auth_token" cookie',
-              code: 'invalid_access_token'
-            }
-          )
-        end
-        @token = request.cookies['psg_auth_token']
-      else
-        headers = request.headers
-        unless headers.key?('Authorization')
-          raise PassageError.new(
-            status_code: 401,
-            body: {
-              error: 'no authentication token in header',
-              code: 'invalid_access_token'
-            }
-          )
-        end
-
-        @token = headers['Authorization'].split(' ').last
-      end
-
-      validate_jwt(@token)
-    end
-
-    def validate_jwt(token)
-      raise ArgumentError, 'jwt is required.' unless token && !token.empty?
-
-      begin
-        fetch_jwks
-      rescue Faraday::Error
-        raise PassageError.new(
-          status_code: 401,
-          body: {
-            error: 'invalid JWKs',
-            code: 'invalid_access_token'
-          }
-        )
-      end
+    def validate_jwt(jwt:)
+      raise ArgumentError, 'jwt is required.' unless jwt && !jwt.empty?
 
       claims =
         JWT.decode(
-          token,
+          jwt,
           nil,
           true,
           {
             aud: @app_id,
             verify_aud: true,
             algorithms: ['RS256'],
-            jwks: @jwks
+            jwks: fetch_jwks
           }
         )
 
       claims[0]['sub']
-    rescue JWT::InvalidIssuerError, JWT::InvalidAudError, JWT::ExpiredSignature, JWT::IncorrectAlgorithm,
-           JWT::DecodeError => e
-      raise PassageError.new(
-        status_code: 401,
-        body: {
-          error: e.message,
-          code: 'invalid_access_token'
-        }
-      )
     end
 
-    def revoke_user_refresh_tokens(user_id)
-      warn 'NOTE: Passage::Auth#revoke_user_refresh_tokens is deprecated;
-        use Passage::User#revoke_refresh_tokens instead. It will be removed on or after 2024-12.'
-      user_exists?(user_id)
-
-      @tokens_client.revoke_user_refresh_tokens(@app_id, user_id, @req_opts)
-    rescue Faraday::Error => e
-      raise PassageError.new(
-        status_code: e.response[:status],
-        body: e.response[:body]
-      )
-    end
-
-    def create_magic_link_with_email(email, type, send, opts = {})
+    def create_magic_link_with_email(email:, type:, send:, opts: {})
       args = {}
       args['email'] = email
-      args['channel'] = EMAIL_CHANNEL
+      args['channel'] = 'email'
       args['type'] = type
       args['send'] = send
 
       create_magic_link(args, opts)
     end
 
-    def create_magic_link_with_phone(phone, type, send, opts = {})
+    def create_magic_link_with_phone(phone:, type:, send:, opts: {})
       args = {}
       args['phone'] = phone
-      args['channel'] = PHONE_CHANNEL
+      args['channel'] = 'phone'
       args['type'] = type
       args['send'] = send
 
       create_magic_link(args, opts)
     end
 
-    def create_magic_link_with_user(user_id, channel, type, send, opts = {})
+    def create_magic_link_with_user(user_id:, channel:, type:, send:, opts: {})
+      raise ArgumentError, "channel must be either 'email' or 'phone'" unless %w[
+        email
+        phone
+      ].include?(channel)
+
       args = {}
       args['user_id'] = user_id
       args['channel'] = channel
@@ -144,50 +71,34 @@ module Passage
       create_magic_link(args, opts)
     end
 
-    def fetch_app
-      client = OpenapiClient::AppsApi.new
-      response = client.get_app(@app_id)
-
-      response.app
-    rescue Faraday::Error => e
-      raise PassageError.new(
-        status_code: e.response[:status],
-        body: e.response[:body]
-      )
-    end
+    private
 
     def fetch_jwks
-      app_cache = get_cache(@app_id)
-
-      if app_cache
-        @jwks = app_cache
-      else
-        auth_gw_connection =
-          Faraday.new(url: 'https://auth.passage.id') do |f|
-            f.request :json
-            f.response :raise_error
-            f.response :json
-            f.adapter :net_http
-          end
-
-        response =
-          auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")
-
-        if response.success?
-          @jwks = response.body
-          set_cache(key: @app_id, jwks: @jwks)
+      jwks = @app_cache.read(@app_id)
+      return jwks if jwks
+
+      auth_gw_connection =
+        Faraday.new(url: 'https://auth.passage.id') do |f|
+          f.request :json
+          f.response :raise_error
+          f.response :json
+          f.adapter :net_http
         end
-      end
-    end
 
-    def authenticate_token(token)
-      validate_jwt(token)
-    end
+      response = auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")
+      jwks = response.body
 
-    private
+      @app_cache.write(@app_id, jwks, expires_in: 86_400) # 24 hours in seconds
+      jwks
+    end
 
     def create_magic_link(args, opts)
-      args['language'] = opts['language']
+      language = opts['language']
+      if language && !OpenapiClient::MagicLinkLanguage.all_vars.include?(language)
+        raise ArgumentError, "language must be one of #{OpenapiClient::MagicLinkLanguage.all_vars}"
+      end
+
+      args['language'] = language
       args['magic_link_path'] = opts['magic_link_path']
       args['redirect_url'] = opts['redirect_url']
       args['ttl'] = opts['ttl']
@@ -197,16 +108,16 @@ module Passage
 
     def handle_magic_link_creation(args)
       @magic_links_client.create_magic_link(@app_id, args, @req_opts).magic_link
-    rescue Faraday::Error => e
-      raise PassageError.new(
-        status_code: e.response[:status],
-        body: e.response[:body]
-      )
     rescue OpenapiClient::ApiError => e
       raise PassageError.new(
         status_code: e.code,
         body: try_parse_json_string(e.response_body)
       )
+    rescue Faraday::Error => e
+      raise PassageError.new(
+        status_code: e.response[:status],
+        body: e.response[:body]
+      )
     end
 
     def try_parse_json_string(string)
@@ -214,29 +125,5 @@ module Passage
     rescue JSON::ParserError
       string
     end
-
-    def user_exists?(user_id)
-      return unless user_id.to_s.empty?
-
-      raise PassageError.new(
-        status_code: 400,
-        body: {
-          error: 'Must supply a valid user_id',
-          code: 'invalid_request'
-        }
-      )
-    end
-
-    def get_cache(key)
-      @app_cache.read(key)
-    end
-
-    def set_cache(key:, jwks:)
-      @app_cache.write(key, jwks, expires_in: 86_400)
-    end
-    deprecate(:authenticate_request, :validate_jwt, 2025, 1)
-    deprecate(:authenticate_token, :validate_jwt, 2025, 1)
-    deprecate(:fetch_app, :none, 2025, 1)
-    deprecate(:fetch_jwks, :none, 2025, 1)
   end
 end

data/lib/passageidentity/client.rb

@@ -1,113 +1,33 @@
 # frozen_string_literal: true
 
-require 'rubygems'
 require_relative 'auth'
-require_relative 'user_api'
-require_relative 'error'
+require_relative 'user'
 require_relative 'version'
-require_relative '../openapi_client'
 
 module Passage
-  COOKIE_STRATEGY = 0
-  HEADER_STRATEGY = 1
-
-  EMAIL_CHANNEL = 'email'
-  PHONE_CHANNEL = 'phone'
-
   # The Passage::Client class provides methods for interacting with Passage
   class Client
     attr_reader :auth, :user
 
-    extend Gem::Deprecate
-
-    def initialize(app_id:, api_key: '', auth_strategy: COOKIE_STRATEGY)
-      @app_id = app_id
-      @api_key = api_key
-
-      # check for valid auth strategy
-      unless [COOKIE_STRATEGY, HEADER_STRATEGY].include? auth_strategy
-        raise PassageError.new(
-          status_code: 400,
-          body: {
-            error: 'Invalid auth strategy',
-            code: 'invalid_argument'
-          }
-        )
+    def initialize(app_id:, api_key:)
+      unless app_id && !app_id.empty?
+        raise ArgumentError,
+              'A Passage App ID is required. Please include (app_id: YOUR_APP_ID, api_key: YOUR_API_KEY).'
       end
-
-      @auth_strategy = auth_strategy
-
-      header_params = { 'Passage-Version' => "passage-ruby #{Passage::VERSION}" }
-      header_params['Authorization'] = "Bearer #{@api_key}" if @api_key != ''
-
-      @req_opts = {}
-      @req_opts[:header_params] = header_params
-      @req_opts[:debug_auth_names] = ['header']
-
-      # initialize auth class
-      @auth = Passage::Auth.new(@app_id, @api_key, @auth_strategy)
-
-      # initialize user class
-      @user = Passage::UserAPI.new(@app_id, @api_key)
-
-      @magic_links_client = OpenapiClient::MagicLinksApi.new
-    end
-
-    # rubocop:disable Naming/AccessorMethodName
-    def get_app
-      client = OpenapiClient::AppsApi.new
-      client.get_app(@app_id).app
-    rescue StandardError => e
-      raise e
-    end
-    # rubocop:enable Naming/AccessorMethodName
-
-    # rubocop:disable Metrics/ParameterLists, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
-    def create_magic_link(
-      user_id: '',
-      email: '',
-      phone: '',
-      channel: '',
-      send: false,
-      magic_link_path: '',
-      redirect_url: '',
-      language: '',
-      ttl: 60,
-      type: 'login'
-    )
-      args = {}
-      args['user_id'] = user_id unless user_id.empty?
-      args['email'] = email unless email.empty?
-      args['phone'] = phone unless phone.empty?
-
-      unless [PHONE_CHANNEL, EMAIL_CHANNEL].include? channel
-        raise PassageError.new(
-          message:
-            'channel: must be either Passage::EMAIL_CHANNEL or Passage::PHONE_CHANNEL'
-        )
+      unless api_key && !api_key.empty?
+        raise ArgumentError,
+              'A Passage API key is required. Please include (app_id: YOUR_APP_ID, api_key: YOUR_API_KEY).'
       end
 
-      args['channel'] = channel unless channel.empty?
-      args['type'] = type
-      args['send'] = send
-
-      args['language'] = language unless language.empty?
-      args['magic_link_path'] = magic_link_path unless magic_link_path.empty?
-      args['redirect_url'] = redirect_url unless redirect_url.empty?
-      args['ttl'] = ttl unless ttl.zero?
+      req_opts = {}
+      req_opts[:header_params] = {
+        'Passage-Version' => "passage-ruby #{Passage::VERSION}",
+        'Authorization' => "Bearer #{api_key}"
+      }
+      req_opts[:debug_auth_names] = ['header']
 
-      begin
-        @magic_links_client.create_magic_link(@app_id, args, @req_opts).magic_link
-      rescue Faraday::Error => e
-        raise PassageError.new(
-          status_code: e.response[:status],
-          body: e.response[:body]
-        )
-      end
+      @auth = Passage::Auth.new(app_id: app_id, req_opts: req_opts)
+      @user = Passage::User.new(app_id: app_id, req_opts: req_opts)
     end
-    # rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
-
-    deprecate(:create_magic_link, 'Passage::Auth.create_magic_link', 2025, 1)
-    deprecate(:get_app, :none, 2025, 1)
   end
 end