Module: Auth0::Api::AuthenticationEndpoints
- Defined in:
- lib/auth0/api/authentication_endpoints.rb
Overview
https://auth0.com/docs/api/authentication Methods to use the Authentication API
Constant Summary collapse
- UP_AUTH =
'Username-Password-Authentication'.freeze
- JWT_BEARER =
'urn:ietf:params:oauth:grant-type:jwt-bearer'.freeze
Instance Method Summary collapse
-
#api_token(client_id: @client_id, client_secret: @client_secret, organization: @organization, audience: nil) ⇒ json
Request an API access token using a Client Credentials grant.
-
#authorization_url(redirect_uri, options = {}) ⇒ url
Return an authorization URL.
-
#change_password(email, password, connection_name = UP_AUTH) ⇒ Object
deprecated
Deprecated.
Use #reset_password instead.
-
#exchange_auth_code_for_tokens(code, redirect_uri: nil, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using an Authorization Code.
-
#exchange_refresh_token(refresh_token, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using a refresh token.
-
#login_with_resource_owner(login_name, password, client_id: @client_id, client_secret: @client_secret, realm: nil, audience: nil, scope: 'openid') ⇒ json
rubocop:disable Metrics/ParameterLists Get access and ID tokens using Resource Owner Password.
-
#logout_url(return_to, include_client: false, federated: false) ⇒ url
Returns an Auth0 logout URL with a return URL.
-
#reset_password(email, connection_name = UP_AUTH, client_id = @client_id) ⇒ Object
Trigger a password reset email.
-
#saml_metadata ⇒ xml
Retrive SAML 2.0 metadata XML for an Application.
-
#samlp_url(connection = UP_AUTH) ⇒ url
Return a SAMLP URL.
-
#signup(email, password, connection_name = UP_AUTH) ⇒ json
Sign up with a database connection using a username and password.
-
#start_passwordless_email_flow(email, send = 'link', auth_params = {}) ⇒ Object
Start Passwordless email login flow.
-
#start_passwordless_sms_flow(phone_number) ⇒ Object
Start Passwordless SMS login flow.
-
#userinfo(access_token) ⇒ json
Return the user information based on the Auth0 access token.
-
#validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists.
-
#wsfed_metadata ⇒ xml
Retrieve WS-Federation metadata XML for a tenant.
-
#wsfed_url(connection = UP_AUTH, options = {}) ⇒ url
Return a WS-Federation URL.
Instance Method Details
#api_token(client_id: @client_id, client_secret: @client_secret, organization: @organization, audience: nil) ⇒ json
Request an API access token using a Client Credentials grant
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 19 def api_token( client_id: @client_id, client_secret: @client_secret, organization: @organization, audience: nil ) request_params = { grant_type: 'client_credentials', client_id: client_id, client_secret: client_secret, audience: audience } response = request_with_retry(:post, '/oauth/token', request_params) ::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in']) end |
#authorization_url(redirect_uri, options = {}) ⇒ url
Return an authorization URL.
254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 254 def (redirect_uri, = {}) raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty? request_params = { client_id: @client_id, response_type: .fetch(:response_type, 'code'), connection: .fetch(:connection, nil), redirect_uri: redirect_uri, state: .fetch(:state, nil), scope: .fetch(:scope, nil), organization: .fetch(:organization, @organization), invitation: .fetch(:invitation, nil) }.merge(.fetch(:additional_parameters, {})) URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params)) end |
#change_password(email, password, connection_name = UP_AUTH) ⇒ Object
Use #reset_password instead.
Change a user’s password or trigger a password reset email.
156 157 158 159 160 161 162 163 164 165 166 167 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 156 def change_password(email, password, connection_name = UP_AUTH) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? request_params = { email: email, password: password, connection: connection_name, client_id: @client_id } request_with_retry(:post, '/dbconnections/change_password', request_params) end |
#exchange_auth_code_for_tokens(code, redirect_uri: nil, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using an Authorization Code.
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 44 def exchange_auth_code_for_tokens( code, redirect_uri: nil, client_id: @client_id, client_secret: @client_secret ) raise Auth0::InvalidParameter, 'Must provide an authorization code' if code.to_s.empty? request_params = { grant_type: 'authorization_code', client_id: client_id, client_secret: client_secret, code: code, redirect_uri: redirect_uri } ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#exchange_refresh_token(refresh_token, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using a refresh token.
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 71 def exchange_refresh_token( refresh_token, client_id: @client_id, client_secret: @client_secret ) raise Auth0::InvalidParameter, 'Must provide a refresh token' if refresh_token.to_s.empty? request_params = { grant_type: 'refresh_token', client_id: client_id, client_secret: client_secret, refresh_token: refresh_token } ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#login_with_resource_owner(login_name, password, client_id: @client_id, client_secret: @client_secret, realm: nil, audience: nil, scope: 'openid') ⇒ json
rubocop:disable Metrics/ParameterLists Get access and ID tokens using Resource Owner Password. Requires that your tenant has a Default Audience or Default Directory.
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 101 def login_with_resource_owner( login_name, password, client_id: @client_id, client_secret: @client_secret, realm: nil, audience: nil, scope: 'openid' ) raise Auth0::InvalidParameter, 'Must supply a valid login_name' if login_name.empty? raise Auth0::InvalidParameter, 'Must supply a valid password' if password.empty? request_params = { username: login_name, password: password, client_id: client_id, client_secret: client_secret, realm: realm, scope: scope, audience: audience, grant_type: realm ? 'http://auth0.com/oauth/grant-type/password-realm' : 'password' } ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#logout_url(return_to, include_client: false, federated: false) ⇒ url
Returns an Auth0 logout URL with a return URL.
278 279 280 281 282 283 284 285 286 287 288 289 290 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 278 def logout_url(return_to, include_client: false, federated: false) request_params = { returnTo: return_to, client_id: include_client ? @client_id : nil, federated: federated ? '1' : nil } URI::HTTPS.build( host: @domain, path: '/v2/logout', query: to_query(request_params) ) end |
#reset_password(email, connection_name = UP_AUTH, client_id = @client_id) ⇒ Object
Trigger a password reset email.
178 179 180 181 182 183 184 185 186 187 188 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 178 def reset_password(email, connection_name = UP_AUTH, client_id = @client_id) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? request_params = { email: email, connection: connection_name, client_id: client_id } request_with_retry(:post, '/dbconnections/change_password', request_params) end |
#saml_metadata ⇒ xml
Retrive SAML 2.0 metadata XML for an Application.
231 232 233 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 231 def request_with_retry(:get, "/samlp/metadata/#{@client_id}") end |
#samlp_url(connection = UP_AUTH) ⇒ url
Return a SAMLP URL. The SAML Request AssertionConsumerServiceURL will be used to POST back the assertion and it must match with the application callback URL.
298 299 300 301 302 303 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 298 def samlp_url(connection = UP_AUTH) request_params = { connection: connection } URI::HTTPS.build(host: @domain, path: "/samlp/#{@client_id}", query: to_query(request_params)) end |
#signup(email, password, connection_name = UP_AUTH) ⇒ json
Sign up with a database connection using a username and password.
134 135 136 137 138 139 140 141 142 143 144 145 146 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 134 def signup(email, password, connection_name = UP_AUTH) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty? request_params = { email: email, password: password, connection: connection_name, client_id: @client_id } request_with_retry(:post, '/dbconnections/signup', request_params) end |
#start_passwordless_email_flow(email, send = 'link', auth_params = {}) ⇒ Object
Start Passwordless email login flow.
196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 196 def start_passwordless_email_flow(email, send = 'link', auth_params = {}) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? request_params = { email: email, send: send, authParams: auth_params, connection: 'email', client_id: @client_id, client_secret: @client_secret } request_with_retry(:post, '/passwordless/start', request_params) end |
#start_passwordless_sms_flow(phone_number) ⇒ Object
Start Passwordless SMS login flow.
215 216 217 218 219 220 221 222 223 224 225 226 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 215 def start_passwordless_sms_flow(phone_number) raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty? request_params = { phone_number: phone_number, connection: 'sms', client_id: @client_id, client_secret: @client_secret } request_with_retry(:post, '/passwordless/start', request_params) end |
#userinfo(access_token) ⇒ json
Return the user information based on the Auth0 access token.
245 246 247 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 245 def userinfo(access_token) request_with_retry(:get, '/userinfo', {}, 'Authorization' => "Bearer #{access_token}") end |
#validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
343 344 345 346 347 348 349 350 351 352 353 354 355 356 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 343 def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization) context = { issuer: issuer || "https://#{@domain}/", audience: audience || @client_id, algorithm: algorithm || Auth0::Algorithm::RS256.jwks_url("https://#{@domain}/.well-known/jwks.json"), leeway: leeway } context[:nonce] = nonce unless nonce.nil? context[:max_age] = max_age unless max_age.nil? context[:organization] = organization unless !organization Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token) end |
#wsfed_metadata ⇒ xml
Retrieve WS-Federation metadata XML for a tenant.
238 239 240 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 238 def request_with_retry(:get, '/wsfed/FederationMetadata/2007-06/FederationMetadata.xml') end |
#wsfed_url(connection = UP_AUTH, options = {}) ⇒ url
Return a WS-Federation URL.
310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 310 def wsfed_url(connection = UP_AUTH, = {}) request_params = { whr: connection, wtrealm: [:wtrealm], wctx: [:wctx], wreply: [:wreply] } url_client_id = @client_id unless request_params[:wtrealm] URI::HTTPS.build( host: @domain, path: "/wsfed/#{url_client_id}", query: to_query(request_params) ) end |