supabase-auth 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b4f7cdcf0814c8ebe968554adfc4d142691b864b3813d58d0ad78c07d100bda
-  data.tar.gz: 4051b6ea710ac669ed1c0a94c45c31d29e0e9469c3d580e8496d6f4144af3a06
+  metadata.gz: 447551cf93e708192099399ba8c3bd2d3256c35534b48766dd93e96d96409c2a
+  data.tar.gz: a6579187b098a1e57f94c2cf03a043ba6b513e90233d0d5bf6bc9b2fd09f345b
 SHA512:
-  metadata.gz: cebe4dde4a57246f1b5d05541aca98286b118f6f56a161776b1d433cb97818bf45307ed629b902ef497cc4f8c78412784b7a289b94654df8bdc58babea7cec7b
-  data.tar.gz: bfdd074a5f2a876308ea01240dc32a152e9955da9eae370b1c8d1cb4ddbaa07bd70814d58c88513f1edb3f48a3049b1be509b9d0d8810d97728344d5913b2e8d
+  metadata.gz: 79c44b3178e54c53a50f7ea63d1d8d3740f46a5ff41a52fdcd28a123022ca4e09ad1c9728dd6e86416ec2cff12b5c92a604e6657d82b93c3d9c92e4d2561cb18
+  data.tar.gz: 50662f169c281937d9f9aae60f5d3f4f7d82171ab48bfb818153360783a68fcd48a3da961a5b977ff749847579eab51814840d9b1751a92c4b98fbc64bf2796e

data/lib/supabase/auth/admin_api.rb

@@ -10,8 +10,11 @@ module Supabase
       # @param url [String] The GoTrue API base URL
       # @param headers [Hash] Headers including Authorization bearer token
       # @param http_client [Faraday::Connection, nil] Optional custom Faraday client
-      def initialize(url:, headers: {}, http_client: nil)
-        super(url: url, headers: headers, http_client: http_client)
+      # @param verify [Boolean] Verify TLS certificates (default true)
+      # @param proxy [String, nil] HTTP proxy URL
+      # @param timeout [Numeric, nil] Per-request timeout in seconds
+      def initialize(url:, headers: {}, http_client: nil, verify: true, proxy: nil, timeout: nil)
+        super(url: url, headers: headers, http_client: http_client, verify: verify, proxy: proxy, timeout: timeout)
       end
 
       # Creates a new user via the admin API.
@@ -118,6 +121,94 @@ module Supabase
         data = delete("admin/users/#{user_id}/factors/#{factor_id}")
         Types::AuthMFAAdminDeleteFactorResponse.from_hash(data)
       end
+
+      # Lists OAuth clients with optional pagination. Only relevant when the OAuth 2.1
+      # server is enabled in Supabase Auth.
+      # @param params [Hash, Types::PageParams, nil] optional :page and :per_page
+      # @return [Types::OAuthClientListResponse]
+      def _list_oauth_clients(params = nil)
+        query = {}
+        if params
+          page = params[:page] || params["page"]
+          per_page = params[:per_page] || params["per_page"]
+          query[:page] = page if page
+          query[:per_page] = per_page if per_page
+        end
+
+        response = _request("GET", "admin/oauth/clients", params: query, no_resolve_json: true)
+        body = response.body.is_a?(String) ? JSON.parse(response.body) : (response.body || {})
+        result = Types::OAuthClientListResponse.from_hash(body)
+
+        total = response.headers["x-total-count"] || response.headers["X-Total-Count"]
+        result.total = total.to_i if total
+
+        links = response.headers["link"] || response.headers["Link"]
+        if links
+          links.split(",").each do |link|
+            parts = link.split(";")
+            next unless parts.length >= 2
+
+            page_match = parts[0].split("page=")
+            next unless page_match.length >= 2
+
+            page_num = page_match[1].split("&")[0].sub(/>$/, "").to_i
+            rel = parts[1].split("=")[1].to_s.delete('"').strip
+            case rel
+            when "next" then result.next_page = page_num
+            when "last" then result.last_page = page_num
+            end
+          end
+        end
+
+        result
+      end
+
+      # Creates a new OAuth client. Only relevant when the OAuth 2.1 server is enabled.
+      # @param params [Hash] OAuth client attributes (client_name, redirect_uris, etc.)
+      # @return [Types::OAuthClientResponse]
+      def _create_oauth_client(params)
+        data = post("admin/oauth/clients", body: params)
+        Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
+      end
+
+      # Gets details of a specific OAuth client.
+      # @param client_id [String] OAuth client UUID
+      # @return [Types::OAuthClientResponse]
+      # @raise [ArgumentError] if client_id is not a valid UUID
+      def _get_oauth_client(client_id)
+        _validate_uuid(client_id)
+        data = get("admin/oauth/clients/#{client_id}")
+        Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
+      end
+
+      # Updates an OAuth client.
+      # @param client_id [String] OAuth client UUID
+      # @param params [Hash] attributes to update
+      # @return [Types::OAuthClientResponse]
+      # @raise [ArgumentError] if client_id is not a valid UUID
+      def _update_oauth_client(client_id, params)
+        _validate_uuid(client_id)
+        data = put("admin/oauth/clients/#{client_id}", body: params)
+        Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
+      end
+
+      # Deletes an OAuth client.
+      # @param client_id [String] OAuth client UUID
+      # @raise [ArgumentError] if client_id is not a valid UUID
+      def _delete_oauth_client(client_id)
+        _validate_uuid(client_id)
+        _request("DELETE", "admin/oauth/clients/#{client_id}")
+      end
+
+      # Regenerates the secret for an OAuth client.
+      # @param client_id [String] OAuth client UUID
+      # @return [Types::OAuthClientResponse]
+      # @raise [ArgumentError] if client_id is not a valid UUID
+      def _regenerate_oauth_client_secret(client_id)
+        _validate_uuid(client_id)
+        data = post("admin/oauth/clients/#{client_id}/regenerate_secret")
+        Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
+      end
     end
   end
 end

data/lib/supabase/auth/api.rb

@@ -14,10 +14,16 @@ module Supabase
       # @param url [String] The GoTrue API base URL
       # @param headers [Hash] Default headers to include on every request (e.g., apikey)
       # @param http_client [Faraday::Connection, nil] Optional custom Faraday client
-      def initialize(url:, headers: {}, http_client: nil)
+      # @param verify [Boolean] Verify TLS certificates (default true)
+      # @param proxy [String, nil] HTTP proxy URL
+      # @param timeout [Numeric, nil] Per-request timeout in seconds
+      def initialize(url:, headers: {}, http_client: nil, verify: true, proxy: nil, timeout: nil)
         @url = url
         @headers = headers
         @http_client = http_client
+        @verify = verify
+        @proxy = proxy
+        @timeout = timeout
       end
 
       # Central HTTP dispatch method. Builds URL, merges headers (including API version
@@ -92,8 +98,12 @@ module Supabase
       end
 
       def build_connection
-        Faraday.new(url: @url) do |f|
+        Faraday.new(url: @url, ssl: { verify: @verify }, proxy: @proxy) do |f|
           f.response :raise_error
+          if @timeout
+            f.options.timeout = @timeout
+            f.options.open_timeout = @timeout
+          end
           f.adapter Faraday.default_adapter
         end
       end

data/lib/supabase/auth/client.rb

@@ -48,6 +48,9 @@ module Supabase
         @storage_key = opts[:storage_key] || STORAGE_KEY
         @storage = opts[:storage] || MemoryStorage.new
         @http_client = opts[:http_client]
+        @verify = opts.fetch(:verify, true)
+        @proxy = opts[:proxy]
+        @timeout = opts[:timeout]
 
         @current_session = nil
         @jwks = { "keys" => [] }
@@ -56,8 +59,10 @@ module Supabase
         @refresh_token_timer = nil
         @network_retries = 0
 
-        @api = Api.new(url: @url, headers: @headers, http_client: @http_client)
-        @admin = AdminApi.new(url: @url, headers: @headers, http_client: @http_client)
+        @api = Api.new(url: @url, headers: @headers, http_client: @http_client,
+                       verify: @verify, proxy: @proxy, timeout: @timeout)
+        @admin = AdminApi.new(url: @url, headers: @headers, http_client: @http_client,
+                              verify: @verify, proxy: @proxy, timeout: @timeout)
         @mfa = MFAApi.new(self)
       end
 
@@ -262,7 +267,7 @@ module Supabase
         end
         return nil unless current_session
 
-        time_now = Time.now.to_i
+        time_now = Time.now.round.to_i
         has_expired = current_session.expires_at ? current_session.expires_at <= time_now + EXPIRY_MARGIN : false
 
         if has_expired
@@ -307,7 +312,7 @@ module Supabase
       # @raise [Errors::AuthInvalidJwtError] if token is malformed
       # @raise [Errors::AuthSessionMissing] if token expired and no refresh token
       def set_session(access_token, refresh_token)
-        time_now = Time.now.to_i
+        time_now = Time.now.round.to_i
         expires_at = time_now
         has_expired = true
         session = nil
@@ -583,7 +588,7 @@ module Supabase
 
       # Link an OAuth identity to the current user.
       # @param credentials [Hash] (:provider, optional :options)
-      # @return [Types::LinkIdentityResponse]
+      # @return [Types::OAuthResponse]
       # @raise [Errors::AuthSessionMissing] if no active session
       def link_identity(credentials)
         provider = credentials[:provider] || credentials["provider"]
@@ -601,10 +606,11 @@ module Supabase
         session = get_session
         raise Errors::AuthSessionMissing unless session
 
-        _request("GET", url,
-                 params: query,
-                 jwt: session.access_token,
-                 xform: ->(data) { Helpers.parse_link_identity_response(data) })
+        link_identity = _request("GET", url,
+                                 params: query,
+                                 jwt: session.access_token,
+                                 xform: ->(data) { Helpers.parse_link_identity_response(data) })
+        Types::OAuthResponse.new(provider: provider, url: link_identity.url)
       end
 
       # Unlink an identity from the current user.
@@ -813,7 +819,7 @@ module Supabase
           return
         end
 
-        time_now = Time.now.to_i
+        time_now = Time.now.round.to_i
         expires_at = current_session.expires_at
         expires_at = expires_at.to_i if expires_at
 
@@ -888,7 +894,7 @@ module Supabase
 
         expire_at = session.expires_at
         if expire_at
-          time_now = Time.now.to_i
+          time_now = Time.now.round.to_i
           expire_in = expire_at - time_now
           refresh_duration_before_expires = expire_in > EXPIRY_MARGIN ? EXPIRY_MARGIN : 0.5
           value = (expire_in - refresh_duration_before_expires) * 1000
@@ -1011,7 +1017,7 @@ module Supabase
         token_type = params["token_type"]
         raise Errors::AuthImplicitGrantRedirectError.new("No token_type detected.") unless token_type
 
-        time_now = Time.now.to_i
+        time_now = Time.now.round.to_i
         expires_at = time_now + expires_in
 
         user_response = get_user(access_token)

data/lib/supabase/auth/errors.rb

@@ -45,7 +45,7 @@ module Supabase
         end
 
         def to_h
-          { name: @name, message: message, status: @status }
+          { name: @name, message: message, status: @status, code: @code }
         end
       end
 
@@ -73,7 +73,7 @@ module Supabase
         end
 
         def to_h
-          { name: @name, message: message, status: @status, details: @details }
+          { name: @name, message: message, status: @status, code: @code, details: @details }
         end
       end
 
@@ -94,7 +94,7 @@ module Supabase
         end
 
         def to_h
-          { name: @name, message: message, status: @status, reasons: @reasons }
+          { name: @name, message: message, status: @status, code: @code, reasons: @reasons }
         end
       end
 
@@ -200,6 +200,7 @@ module Supabase
         invalid_credentials
         email_address_not_authorized
         email_address_invalid
+        invalid_jwt
       ].freeze
     end
   end

data/lib/supabase/auth/helpers.rb

@@ -12,7 +12,6 @@ module Supabase
     module Helpers
       API_VERSION_HEADER_NAME = "X-Supabase-Api-Version"
       API_VERSION_REGEX = /\A2[0-9]{3}-(0[1-9]|1[0-2])-(0[1-9]|1[0-9]|2[0-9]|3[0-1])\z/
-      BASE64URL_REGEX = /\A([a-z0-9_-]{4})*($|[a-z0-9_-]{3}$|[a-z0-9_-]{2}$)\z/i
       PKCE_CHARSET = (("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + %w[- . _ ~]).freeze
       API_VERSION_2024_01_01_TIMESTAMP = Time.new(2024, 1, 1).to_f
 
@@ -23,7 +22,7 @@ module Supabase
         raise Errors::AuthInvalidJwtError, "Invalid JWT structure" unless parts.length == 3
 
         parts.each do |part|
-          raise Errors::AuthInvalidJwtError, "JWT not in base64url format" unless part.match?(BASE64URL_REGEX)
+          raise Errors::AuthInvalidJwtError, "JWT not in base64url format" unless part.match?(Constants::BASE64URL_REGEX)
         end
 
         header = JSON.parse(str_from_base64url(parts[0]))

data/lib/supabase/auth/types.rb

@@ -101,6 +101,9 @@ module Supabase
         :new_phone,
         :invited_at,
         :is_anonymous,
+        :is_sso_user,
+        :deleted_at,
+        :banned_until,
         :confirmation_sent_at,
         :recovery_sent_at,
         :email_change_sent_at,
@@ -133,6 +136,9 @@ module Supabase
             new_phone: hash["new_phone"] || hash[:new_phone],
             invited_at: Types.parse_timestamp(hash["invited_at"] || hash[:invited_at]),
             is_anonymous: hash.key?("is_anonymous") ? hash["is_anonymous"] : (hash.key?(:is_anonymous) ? hash[:is_anonymous] : false),
+            is_sso_user: hash.key?("is_sso_user") ? hash["is_sso_user"] : (hash.key?(:is_sso_user) ? hash[:is_sso_user] : false),
+            deleted_at: hash["deleted_at"] || hash[:deleted_at],
+            banned_until: hash["banned_until"] || hash[:banned_until],
             confirmation_sent_at: Types.parse_timestamp(hash["confirmation_sent_at"] || hash[:confirmation_sent_at]),
             recovery_sent_at: Types.parse_timestamp(hash["recovery_sent_at"] || hash[:recovery_sent_at]),
             email_change_sent_at: Types.parse_timestamp(hash["email_change_sent_at"] || hash[:email_change_sent_at]),
@@ -158,7 +164,7 @@ module Supabase
           expires_at = hash["expires_at"] || hash[:expires_at]
           expires_in = hash["expires_in"] || hash[:expires_in]
           if expires_in && !expires_at
-            expires_at = Time.now.to_i + expires_in.to_i
+            expires_at = Time.now.round.to_i + expires_in.to_i
           end
           expires_at = expires_at.to_i if expires_at
 
@@ -430,6 +436,82 @@ module Supabase
         :signature,
         keyword_init: true
       )
+
+      # OAuth 2.1 server: client object returned by admin OAuth endpoints.
+      OAuthClient = Struct.new(
+        :client_id,
+        :client_name,
+        :client_secret,
+        :client_type,
+        :token_endpoint_auth_method,
+        :registration_type,
+        :client_uri,
+        :logo_uri,
+        :redirect_uris,
+        :grant_types,
+        :response_types,
+        :scope,
+        :created_at,
+        :updated_at,
+        keyword_init: true
+      ) do
+        def self.from_hash(hash)
+          return nil if hash.nil?
+
+          new(
+            client_id: hash["client_id"] || hash[:client_id],
+            client_name: hash["client_name"] || hash[:client_name],
+            client_secret: hash["client_secret"] || hash[:client_secret],
+            client_type: hash["client_type"] || hash[:client_type],
+            token_endpoint_auth_method: hash["token_endpoint_auth_method"] || hash[:token_endpoint_auth_method],
+            registration_type: hash["registration_type"] || hash[:registration_type],
+            client_uri: hash["client_uri"] || hash[:client_uri],
+            logo_uri: hash["logo_uri"] || hash[:logo_uri],
+            redirect_uris: hash["redirect_uris"] || hash[:redirect_uris] || [],
+            grant_types: hash["grant_types"] || hash[:grant_types] || [],
+            response_types: hash["response_types"] || hash[:response_types] || [],
+            scope: hash["scope"] || hash[:scope],
+            created_at: hash["created_at"] || hash[:created_at],
+            updated_at: hash["updated_at"] || hash[:updated_at]
+          )
+        end
+      end
+
+      # OAuth 2.1 server: response wrapper for single-client operations.
+      OAuthClientResponse = Struct.new(
+        :client,
+        keyword_init: true
+      )
+
+      # OAuth 2.1 server: paginated list response.
+      OAuthClientListResponse = Struct.new(
+        :clients,
+        :aud,
+        :next_page,
+        :last_page,
+        :total,
+        keyword_init: true
+      ) do
+        def self.from_hash(hash)
+          return nil if hash.nil?
+
+          clients_data = hash["clients"] || hash[:clients] || []
+          new(
+            clients: clients_data.map { |c| OAuthClient.from_hash(c) },
+            aud: hash["aud"] || hash[:aud],
+            next_page: hash["next_page"] || hash[:next_page],
+            last_page: hash["last_page"] || hash[:last_page] || 0,
+            total: hash["total"] || hash[:total] || 0
+          )
+        end
+      end
+
+      # Pagination params accepted by admin list endpoints.
+      PageParams = Struct.new(
+        :page,
+        :per_page,
+        keyword_init: true
+      )
     end
   end
 end

data/lib/supabase/auth/version.rb

@@ -2,6 +2,6 @@
 
 module Supabase
   module Auth
-    VERSION = "0.1.1"
+    VERSION = "0.1.2"
   end
 end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: supabase-auth
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
-- Bogdan Tarasenko
+- Supabase
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2026-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -110,7 +111,7 @@ dependencies:
 description: A Ruby gem implementing a client for Supabase Auth (GoTrue API), with
   adaptations for Ruby idioms.
 email:
-- bogdantarasenkozp@gmail.com
+- support@supabase.io
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -129,13 +130,14 @@ files:
 - lib/supabase/auth/timer.rb
 - lib/supabase/auth/types.rb
 - lib/supabase/auth/version.rb
-homepage: https://github.com/bogdantarasenko/supabase-rb
+homepage: https://github.com/suparails/supabase-auth
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/bogdantarasenko/supabase-rb
-  source_code_uri: https://github.com/bogdantarasenko/supabase-rb
-  changelog_uri: https://github.com/bogdantarasenko/supabase-rb/blob/main/CHANGELOG.md
+  homepage_uri: https://github.com/suparails/supabase-auth
+  source_code_uri: https://github.com/suparails/supabase-auth
+  changelog_uri: https://github.com/suparails/supabase-auth/blob/main/CHANGELOG.md
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -150,7 +152,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 3.0.3.1
+signing_key: 
 specification_version: 4
 summary: Ruby client for Supabase Auth (GoTrue API)
 test_files: []