zitadel-client 1.4.2 → 1.5.0

data/lib/zitadel-client/auth/open_id.rb

@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-
-require 'json'
-require 'uri'
-require 'net/http'
-
-module ZitadelClient
-  module Auth
-    ##
-    # OpenId retrieves OpenID Connect configuration from a given host.
-    #
-    # It builds the well-known configuration URL from the provided hostname,
-    # fetches the configuration, and extracts the token endpoint.
-    #
-    class OpenId
-      attr_accessor :token_endpoint, :host_endpoint
-
-      ##
-      # Initializes a new OpenId instance.
-      #
-      # @param hostname [String] the hostname for the OpenID provider.
-      # @raise [RuntimeError] if the OpenID configuration cannot be fetched or the token_endpoint is missing.
-      #
-      # noinspection HttpUrlsUsage
-      def initialize(hostname)
-        hostname = "https://#{hostname}" unless hostname.start_with?('http://', 'https://')
-        @host_endpoint = hostname
-        well_known_url = self.class.build_well_known_url(hostname)
-
-        uri = URI.parse(well_known_url)
-        response = Net::HTTP.get_response(uri)
-        raise "Failed to fetch OpenID configuration: HTTP #{response.code}" unless response.code.to_i == 200
-
-        config = JSON.parse(response.body)
-        token_endpoint = config['token_endpoint']
-        raise 'token_endpoint not found in OpenID configuration' unless token_endpoint
-
-        @token_endpoint = token_endpoint
-      end
-
-      ##
-      # Builds the well-known OpenID configuration URL for the given hostname.
-      #
-      # @param hostname [String] the hostname for the OpenID provider.
-      # @return [String] the well-known configuration URL.
-      #
-      def self.build_well_known_url(hostname)
-        URI.join(hostname, '/.well-known/openid-configuration').to_s
-      end
-    end
-  end
-end

data/lib/zitadel-client/auth/personal_access_token_authenticator.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module ZitadelClient
-  module Auth
-    ##
-    # Personal Access Token Authenticator.
-    #
-    # Uses a static personal access token for API authentication.
-    #
-    class PersonalAccessTokenAuthenticator < Authenticator
-      ##
-      # Initializes the PersonalAccessTokenAuthenticator with host and token.
-      #
-      # @param host [String] the base URL for the service.
-      # @param token [String] the personal access token.
-      #
-      def initialize(host, token)
-        # noinspection RubyArgCount
-        super(ZitadelClient::Utils::UrlUtil.build_hostname(host))
-        @token = token
-      end
-
-      protected
-
-      ##
-      # Returns the authentication headers using the personal access token.
-      #
-      # @return [Hash{String => String}] a hash containing the 'Authorization' header.
-      #
-      def auth_headers
-        { 'Authorization' => "Bearer #{@token}" }
-      end
-    end
-  end
-end

data/lib/zitadel-client/auth/web_token_authenticator.rb

@@ -1,161 +0,0 @@
-# frozen_string_literal: true
-
-require 'time'
-require 'openssl'
-
-module ZitadelClient
-  module Auth
-    # -----------------------------------------------------------------------------
-    # WebTokenAuthenticator
-    # -----------------------------------------------------------------------------
-
-    # OAuth authenticator implementing the JWT bearer flow.
-    #
-    # This implementation builds a JWT assertion dynamically in get_grant().
-    class WebTokenAuthenticator < ZitadelClient::Auth::OAuthAuthenticator
-      # Constructs a WebTokenAuthenticator.
-      #
-      # @param open_id [OpenId] The OpenId instance with OAuth endpoint information.
-      # @param auth_scopes [Set<String>] The scope(s) for the token request.
-      # @param jwt_issuer [String] The JWT issuer.
-      # @param jwt_subject [String] The JWT subject.
-      # @param jwt_audience [String] The JWT audience.
-      # @param private_key [String] The private key used to sign the JWT.
-      # @param jwt_lifetime [Integer] Lifetime of the JWT in seconds (default 3600 seconds).
-      # @param jwt_algorithm [String] The JWT signing algorithm (default "RS256").
-      # @param key_id [String, nil] Optional key identifier for the JWT header (default: nil).
-      # rubocop:disable Metrics/ParameterLists,Metrics/MethodLength
-      def initialize(open_id, auth_scopes, jwt_issuer, jwt_subject, jwt_audience, private_key,
-                     jwt_lifetime: 3600, jwt_algorithm: 'RS256', key_id: nil)
-        # noinspection RubyArgCount,RubyMismatchedArgumentType
-        super(open_id, auth_scopes, OAuth2::Client.new('zitadel', 'zitadel', {
-                                                         site: open_id.host_endpoint,
-                                                         token_url: open_id.token_endpoint
-                                                       }))
-        @jwt_issuer = jwt_issuer
-        @jwt_subject = jwt_subject
-        @jwt_audience = jwt_audience
-        @private_key = private_key
-        @jwt_lifetime = jwt_lifetime
-        @jwt_algorithm = jwt_algorithm
-        @key_id = key_id
-      end
-
-      # rubocop:enable Metrics/ParameterLists,Metrics/MethodLength
-
-      # Creates a WebTokenAuthenticator instance from a JSON configuration file.
-      #
-      # The JSON file must be formatted as follows:
-      #
-      #   {
-      #     "type": "serviceaccount",
-      #     "keyId": "<key-id>",
-      #     "key": "<private-key>",
-      #     "userId": "<user-id>"
-      #   }
-      #
-      # @param host [String] Base URL for the API endpoints.
-      # @param json_path [String] File path to the JSON configuration file.
-      # @return [WebTokenAuthenticator] A new instance of WebTokenAuthenticator.
-      # @raise [RuntimeError] If the file cannot be read, the JSON is invalid, or required keys are missing.
-      def self.from_json(host, json_path)
-        config = JSON.parse(File.read(json_path))
-      rescue Errno::ENOENT => e
-        raise "Unable to read JSON file at #{json_path}: #{e.message}"
-      rescue JSON::ParserError => e
-        raise "Invalid JSON in file at #{json_path}: #{e.message}"
-      else
-        raise "Expected a JSON object, got #{config.class}" unless config.is_a?(Hash)
-
-        user_id, private_key, key_id = config.values_at('userId', 'key', 'keyId')
-        raise "Missing required keys 'userId', 'keyId' or 'key'" unless user_id && key_id && private_key
-
-        WebTokenAuthenticator.builder(host, user_id, private_key).key_identifier(key_id).build
-      end
-
-      # Returns a builder for constructing a WebTokenAuthenticator.
-      #
-      # @param host [String] The base URL for the OAuth provider.
-      # @param user_id [String] The user identifier (used as both the issuer and subject).
-      # @param private_key [String] The private key used to sign the JWT.
-      # @return [WebTokenAuthenticatorBuilder] A builder instance.
-      def self.builder(host, user_id, private_key)
-        WebTokenAuthenticatorBuilder.new(host, user_id, user_id, host, private_key)
-      end
-
-      protected
-
-      # Overrides the base get_grant to return client credentials grant parameters.
-      #
-      # @return [OAuth2::AccessToken] A hash containing the grant type.
-      # rubocop:disable Metrics/MethodLength
-      def get_grant(client, auth_scopes)
-        client.assertion.get_token(
-          { iss: @jwt_issuer,
-            sub: @jwt_subject,
-            aud: @jwt_audience,
-            iat: Time.now.utc.to_i,
-            exp: (Time.now.utc + @jwt_lifetime).to_i },
-          {
-            algorithm: @jwt_algorithm,
-            key: OpenSSL::PKey::RSA.new(@private_key),
-            kid: @key_id
-          },
-          {
-            scope: auth_scopes
-          }
-        )
-      end
-
-      # rubocop:enable Metrics/MethodLength
-
-      # -----------------------------------------------------------------------------
-      # WebTokenAuthenticatorBuilder
-      # -----------------------------------------------------------------------------
-
-      # Builder for WebTokenAuthenticator.
-      #
-      # Provides a fluent API for configuring and constructing a WebTokenAuthenticator instance.
-      class WebTokenAuthenticatorBuilder < OAuthAuthenticatorBuilder
-        # Initializes the WebTokenAuthenticatorBuilder with required parameters.
-        #
-        # @param host [String] The base URL for API endpoints.
-        # @param jwt_issuer [String] The issuer claim for the JWT.
-        # @param jwt_subject [String] The subject claim for the JWT.
-        # @param jwt_audience [String] The audience claim for the JWT.
-        # @param private_key [String] The PEM-formatted private key used for signing the JWT.
-        def initialize(host, jwt_issuer, jwt_subject, jwt_audience, private_key)
-          # noinspection RubyArgCount
-          super(host)
-          @jwt_issuer = jwt_issuer
-          @jwt_subject = jwt_subject
-          @jwt_audience = jwt_audience
-          @private_key = private_key
-          @jwt_lifetime = 3600
-        end
-
-        # Sets the JWT token lifetime in seconds.
-        #
-        # @param seconds [Integer] Lifetime of the JWT in seconds.
-        # @return [WebTokenAuthenticatorBuilder] The builder instance.
-        def token_lifetime_seconds(seconds)
-          @jwt_lifetime = seconds
-          self
-        end
-
-        def key_identifier(key_id)
-          @key_id = key_id
-          self
-        end
-
-        # Constructs and returns a new WebTokenAuthenticator instance using the configured parameters.
-        #
-        # @return [WebTokenAuthenticator] A configured instance.
-        def build
-          WebTokenAuthenticator.new(open_id, auth_scopes, @jwt_issuer, @jwt_subject, @jwt_audience,
-                                    @private_key, jwt_lifetime: @jwt_lifetime, key_id: @key_id)
-        end
-      end
-    end
-  end
-end

data/lib/zitadel-client/configuration.rb

@@ -1,178 +0,0 @@
-# frozen_string_literal: true
-
-module ZitadelClient
-  ##
-  # Configuration class for the ZitadelClient SDK.
-  #
-  # This class defines all client-level options including timeouts,
-  # logging, SSL behavior, and validation controls. It allows you
-  # to customize how API calls are made and handled internally.
-  #
-  # Example:
-  #
-  #   config = ZitadelClient::Configuration.new do |c|
-  #     c.debugging = true
-  #     c.timeout = 10
-  #     c.verify_ssl = true
-  #   end
-  #
-  # noinspection RubyTooManyInstanceVariablesInspection
-  class Configuration
-    USER_AGENT = [
-      "zitadel-client/#{ZitadelClient::VERSION}",
-
-      [
-        'lang=ruby',
-        "lang_version=#{RUBY_VERSION}",
-        "os=#{RUBY_PLATFORM}",
-        "arch=#{RbConfig::CONFIG['host_cpu']}"
-      ].join('; ')
-        .prepend('(').concat(')')
-    ].join(' ')
-
-    ##
-    # The authentication strategy used to authorize requests.
-    #
-    # This is typically an instance of a class implementing an interface
-    # like `#authenticate(request)`, such as `NoAuthAuthenticator` or
-    # a custom implementation.
-    #
-    # @return [Authenticator] the authenticator instance
-    attr_reader :authenticator
-
-    ##
-    # Enables or disables debug logging.
-    #
-    # When enabled, HTTP request and response details are logged
-    # via the configured `logger` instance.
-    #
-    # @return [Boolean]
-    attr_accessor :debugging
-
-    ##
-    # The logger used to output debugging information.
-    #
-    # Defaults to `Rails.logger` if Rails is defined; otherwise,
-    # logs to STDOUT.
-    #
-    # @return [#debug]
-    attr_accessor :logger
-
-    ##
-    # Directory path used to temporarily store files returned
-    # by API responses (e.g., when downloading files).
-    #
-    # @return [String]
-    attr_accessor :temp_folder_path
-
-    ##
-    # Request timeout duration in seconds.
-    #
-    # If set to `0`, requests will never time out.
-    #
-    # @return [Integer]
-    attr_accessor :timeout
-
-    ##
-    # Enables or disables client-side request validation.
-    #
-    # When disabled, validation of input parameters is skipped.
-    # Defaults to `true`.
-    #
-    # @return [Boolean]
-    attr_accessor :client_side_validation
-
-    ##
-    # Controls whether SSL certificates are verified when
-    # making HTTPS requests.
-    #
-    # Set to `false` to bypass certificate verification. Defaults to `true`.
-    # **Note:** This should always be `true` in production.
-    #
-    # @return [Boolean]
-    attr_accessor :verify_ssl
-
-    ##
-    # Controls whether SSL hostnames are verified during
-    # HTTPS communication.
-    #
-    # Set to `false` to skip hostname verification. Defaults to `true`.
-    # **Note:** Disabling this weakens transport security.
-    #
-    # @return [Boolean]
-    attr_accessor :verify_ssl_host
-
-    ##
-    # Path to the certificate file used to verify the peer.
-    #
-    # This is used in place of system-level certificate stores.
-    #
-    # @return [String]
-    #
-    # @see https://github.com/typhoeus/typhoeus/blob/master/lib/typhoeus/easy_factory.rb#L145
-    attr_accessor :ssl_ca_cert
-
-    ##
-    # Path to the client certificate file for mutual TLS (mTLS).
-    #
-    # This is optional and only required when server expects
-    # client-side certificates.
-    #
-    # @return [String]
-    attr_accessor :cert_file
-
-    ##
-    # Path to the private key file for the client certificate.
-    #
-    # Used with `cert_file` during mutual TLS authentication.
-    #
-    # @return [String]
-    attr_accessor :key_file
-
-    ##
-    # Custom encoding strategy for query parameters that are arrays.
-    #
-    # Set this if your server expects a specific collection format
-    # (e.g., `multi`, `csv`, etc.). Defaults to `nil`.
-    #
-    # @return [Symbol, nil]
-    #
-    # @see https://github.com/typhoeus/ethon/blob/master/lib/ethon/easy/queryable.rb#L96
-    attr_accessor :params_encoding
-
-    ##
-    # The User-Agent header to be sent with HTTP requests.
-    #
-    # Set this to identify your client or library when making requests.
-    #
-    # @return [String, nil]
-    attr_accessor :user_agent
-
-    # rubocop:disable Metrics/MethodLength
-    def initialize(authenticator = Auth::NoAuthAuthenticator.new)
-      @authenticator = authenticator
-      @client_side_validation = true
-      @verify_ssl = true
-      @verify_ssl_host = true
-      @cert_file = nil
-      @key_file = nil
-      @timeout = 0
-      @params_encoding = nil
-      @debugging = false
-      @logger = nil?
-      @user_agent = USER_AGENT
-
-      yield(self) if block_given?
-    end
-
-    # rubocop:enable Metrics/MethodLength
-
-    ##
-    # Allows modifying the current instance using a configuration block.
-    #
-    # @yieldparam [Configuration] self
-    def configure
-      yield(self) if block_given?
-    end
-  end
-end

data/lib/zitadel-client/models/user_service_human_m_f_a_init_skipped_response.rb

@@ -1,230 +0,0 @@
-=begin
-#Zitadel SDK
-
-#The Zitadel SDK is a convenience wrapper around the Zitadel APIs to assist you in integrating with your Zitadel environment. This SDK enables you to handle resources, settings, and configurations within the Zitadel platform.
-
-The version of the OpenAPI document: 1.0.0
-
-Generated by: https://openapi-generator.tech
-Generator version: 7.12.0
-
-=end
-
-require 'date'
-require 'time'
-
-module ZitadelClient::Models
-  class UserServiceHumanMFAInitSkippedResponse
-    attr_accessor :details
-
-    # Attribute mapping from ruby-style variable name to JSON key.
-    def self.attribute_map
-      {
-        :'details' => :'details'
-      }
-    end
-
-    # Returns attribute mapping this model knows about
-    def self.acceptable_attribute_map
-      attribute_map
-    end
-
-    # Returns all the JSON keys this model knows about
-    def self.acceptable_attributes
-      acceptable_attribute_map.values
-    end
-
-    # Attribute type mapping.
-    def self.openapi_types
-      {
-        :'details' => :'UserServiceDetails'
-      }
-    end
-
-    # List of attributes with nullable: true
-    def self.openapi_nullable
-      Set.new([
-      ])
-    end
-
-    # Initializes the object
-    # @param [Hash] attributes Models attributes in the form of hash
-    def initialize(attributes = {})
-      if (!attributes.is_a?(Hash))
-        # MODIFIED: Updated class name in error message
-        fail ArgumentError, "The input argument (attributes) must be a hash in `ZitadelClient::Models::UserServiceHumanMFAInitSkippedResponse` initialize method"
-      end
-
-      # check to see if the attribute exists and convert string to symbol for hash key
-      acceptable_attribute_map = self.class.acceptable_attribute_map
-      attributes = attributes.each_with_object({}) { |(k, v), h|
-        if (!acceptable_attribute_map.key?(k.to_sym))
-          # MODIFIED: Updated class name in error message
-          fail ArgumentError, "`#{k}` is not a valid attribute in `ZitadelClient::Models::UserServiceHumanMFAInitSkippedResponse`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
-        end
-        h[k.to_sym] = v
-      }
-
-      if attributes.key?(:'details')
-        self.details = attributes[:'details']
-      end
-    end
-
-    # Show invalid properties with the reasons. Usually used together with valid?
-    # @return Array for valid properties with the reasons
-    def list_invalid_properties
-      warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
-      invalid_properties = Array.new
-      invalid_properties
-    end
-
-    # Check to see if the all the properties in the model are valid
-    # @return true if the model is valid
-    def valid?
-      warn '[DEPRECATED] the `valid?` method is obsolete'
-      true
-    end
-
-    # Checks equality by comparing each attribute.
-    # @param [Object] Object to be compared
-    def ==(o)
-      return true if self.equal?(o)
-      self.class == o.class &&
-          details == o.details
-    end
-
-    # @see the `==` method
-    # @param [Object] Object to be compared
-    def eql?(o)
-      self == o
-    end
-
-    # Calculates hash code according to all attributes.
-    # @return [Integer] Hash code
-    def hash
-      [details].hash
-    end
-
-# Builds the object from hash
-# @param [Hash] attributes Models attributes in the form of hash
-# @return [Object] Returns the model itself
-def self.build_from_hash(attributes)
-  return nil unless attributes.is_a?(Hash)
-  attributes = attributes.transform_keys(&:to_sym)
-  transformed_hash = {}
-  openapi_types.each_pair do |key, type|
-    if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
-      transformed_hash["#{key}"] = nil
-    elsif type =~ /\AArray<(.*)>/i
-      # check to ensure the input is an array given that the attribute
-      # is documented as an array but the input is not
-      if attributes[attribute_map[key]].is_a?(Array)
-        transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
-      end
-    elsif !attributes[attribute_map[key]].nil?
-      transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
-    end
-  end
-  new(transformed_hash) # `new` will call the initialize method of the specific model class.
-end
-
-# Deserializes the data based on type
-# @param string type Data type
-# @param string value Value to be deserialized
-# @return [Object] Deserialized data
-def self._deserialize(type, value)
-  case type.to_sym
-  when :Time
-    Time.parse(value)
-  when :Date
-    Date.parse(value)
-  when :String
-    value.to_s
-  when :Integer
-    value.to_i
-  when :Float
-    value.to_f
-  when :Boolean
-    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
-      true
-    else
-      false
-    end
-  when :Object
-    # generic object (usually a Hash), return directly
-    value
-  when /\AArray<(?<inner_type>.+)>\z/
-    inner_type = Regexp.last_match[:inner_type]
-    value.map { |v| _deserialize(inner_type, v) }
-  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
-    k_type = Regexp.last_match[:k_type]
-    v_type = Regexp.last_match[:v_type]
-    {}.tap do |hash|
-      value.each do |k, v|
-        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
-      end
-    end
-  else # model
-    # models (e.g. Pet) or oneOf/anyOf constructs that resolve to a model name
-    # MODIFIED: Ensure model is looked up in the Models namespace
-    # 'type' here is expected to be the simple class name (e.g., "User", "OrderDetails")
-    klass = ZitadelClient::Models.const_get(type)
-    # The `klass.build` method is for oneOf/anyOf types (defined in partial_oneof_module.mustache / partial_anyof_module.mustache)
-    # The `klass.build_from_hash` is for regular model types (defined in this base_object.mustache itself)
-    if klass.respond_to?(:openapi_one_of) || klass.respond_to?(:openapi_any_of) || klass.respond_to?(:openapi_allOf)
-      klass.build(value) # For oneOf/anyOf/allOf, delegate to their specific build method
-    else
-      klass.build_from_hash(value) # For regular models
-    end
-  end
-end
-
-# Returns the string representation of the object
-# @return [String] String presentation of the object
-def to_s
-  to_hash.to_s
-end
-
-# to_body is an alias to to_hash (backward compatibility)
-# @return [Hash] Returns the object in the form of hash
-def to_body
-  to_hash
-end
-
-# Returns the object in the form of hash
-# @return [Hash] Returns the object in the form of hash
-def to_hash
-  hash = {} # Calls super.to_hash if parent exists
-  self.class.attribute_map.each_pair do |attr, param|
-    value = self.send(attr)
-    if value.nil?
-      is_nullable = self.class.openapi_nullable.include?(attr)
-      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
-    end
-
-    hash[param] = _to_hash(value)
-  end
-  hash
-end
-
-# Outputs non-array value in the form of hash
-# For object, use to_hash. Otherwise, just return the value
-# @param [Object] value Any valid value
-# @return [Hash] Returns the value in the form of hash
-def _to_hash(value)
-  if value.is_a?(Array)
-    value.compact.map { |v| _to_hash(v) }
-  elsif value.is_a?(Hash)
-    {}.tap do |hash|
-      value.each { |k, v| hash[k] = _to_hash(v) }
-    end
-  elsif value.respond_to? :to_hash
-    value.to_hash
-  else
-    value
-  end
-end
-
-  end
-
-end