Class: OneLogin::Api::Client

Inherits:

Object

• Object
• OneLogin::Api::Client

Includes:

HTTParty, Util

Defined in:

lib/onelogin/api/client.rb

Overview

at developers.onelogin.com/api-docs/1/getting-started/dev-overview.

Constant Summary

NOKOGIRI_OPTIONS =

Nokogiri::XML::ParseOptions::STRICT |
Nokogiri::XML::ParseOptions::NONET

DEFAULT_USER_AGENT =

"onelogin-ruby-sdk v#{OneLogin::VERSION}".freeze

Constants included from Util::Constants

Util::Constants::ACTIVATE_FACTOR_URL, Util::Constants::ADD_ROLE_TO_USER_URL, Util::Constants::CREATE_EVENT_URL, Util::Constants::CREATE_GROUP_URL, Util::Constants::CREATE_ROLE_URL, Util::Constants::CREATE_USER_URL, Util::Constants::DELETE_ROLE_TO_USER_URL, Util::Constants::DELETE_USER_URL, Util::Constants::EMBED_APP_URL, Util::Constants::ENROLL_FACTOR_URL, Util::Constants::GENERATE_INVITE_LINK_URL, Util::Constants::GET_APPS_FOR_USER_URL, Util::Constants::GET_CUSTOM_ATTRIBUTES_URL, Util::Constants::GET_ENROLLED_FACTORS_URL, Util::Constants::GET_EVENTS_URL, Util::Constants::GET_EVENT_TYPES_URL, Util::Constants::GET_EVENT_URL, Util::Constants::GET_FACTORS_URL, Util::Constants::GET_GROUPS_URL, Util::Constants::GET_GROUP_URL, Util::Constants::GET_RATE_URL, Util::Constants::GET_ROLES_FOR_USER_URL, Util::Constants::GET_ROLES_URL, Util::Constants::GET_ROLE_URL, Util::Constants::GET_SAML_ASSERTION_URL, Util::Constants::GET_SAML_VERIFY_FACTOR, Util::Constants::GET_TOKEN_VERIFY_FACTOR, Util::Constants::GET_USERS_URL, Util::Constants::GET_USER_URL, Util::Constants::LOCK_USER_URL, Util::Constants::LOG_USER_OUT_URL, Util::Constants::REMOVE_FACTOR_URL, Util::Constants::SEND_INVITE_LINK_URL, Util::Constants::SESSION_LOGIN_TOKEN_URL, Util::Constants::SET_CUSTOM_ATTRIBUTE_TO_USER_URL, Util::Constants::SET_PW_CLEARTEXT, Util::Constants::SET_PW_SALT, Util::Constants::SET_USER_STATE_URL, Util::Constants::TOKEN_REFRESH_URL, Util::Constants::TOKEN_REQUEST_URL, Util::Constants::TOKEN_REVOKE_URL, Util::Constants::UPDATE_USER_URL, Util::Constants::VERIFY_FACTOR_URL

Instance Attribute Summary

• #client_id ⇒ Object

  Returns the value of attribute client_id.

• #client_secret ⇒ Object

  Returns the value of attribute client_secret.

• #error ⇒ Object

  Returns the value of attribute error.

• #error_attribute ⇒ Object

  Returns the value of attribute error_attribute.

• #error_description ⇒ Object

  Returns the value of attribute error_description.

• #region ⇒ Object

  Returns the value of attribute region.

• #user_agent ⇒ Object

  Returns the value of attribute user_agent.

Instance Method Summary

• #access_token ⇒ OneLoginToken

  Generates an access token and refresh token that you may use to call Onelogin’s API methods.

• #activate_factor(user_id, device_id) ⇒ FactorEnrollmentResponse

  Triggers an SMS or Push notification containing a One-Time Password (OTP) that can be used to authenticate a user with the Verify Factor call.

• #assign_role_to_user(user_id, role_ids) ⇒ Boolean

  Assigns Roles to User.

• #authorized_headers(bearer = true) ⇒ Object
• #clean_error ⇒ Object

  Clean any previous error registered at the client.

• #create_event(event_params) ⇒ Boolean

  Create an event in the OneLogin event log.

• #create_session_login_token(query_params, allowed_origin = '') ⇒ SessionTokenInfo|SessionTokenMFAInfo

  Generates a session login token in scenarios in which MFA may or may not be required.

• #create_user(user_params) ⇒ User

  Creates an user.

• #delete_user(user_id) ⇒ Boolean

  Deletes an user.

• #enroll_factor(user_id, factor_id, display_name, number) ⇒ OTPDevice

  Enroll a user with a given authentication factor.

• #expired? ⇒ Boolean
• #extract_error_attribute_from_response(response) ⇒ Object
• #extract_error_message_from_response(response) ⇒ Object
• #generate_invite_link(email) ⇒ String

  Generates an invite link for a user that you have already created in your OneLogin account.

• #get_custom_attributes ⇒ Array

  Gets a list of all custom attribute fields (also known as custom user fields) that have been defined for OL account.

• #get_embed_apps(token, email) ⇒ Array

  Lists apps accessible by a OneLogin user.

• #get_enrolled_factors(user_id) ⇒ Array

  Return a list of authentication factors registered to a particular user for multifactor authentication (MFA).

• #get_event(event_id) ⇒ Event

  Gets Event by ID.

• #get_event_types ⇒ Array

  List of all OneLogin event types available to the Events API.

• #get_events(params = {}) ⇒ Array

  Gets a list of Event resources.

• #get_factors(user_id) ⇒ Array

  Returns a list of authentication factors that are available for user enrollment via API.

• #get_group(group_id) ⇒ Group

  Gets Group by ID.

• #get_groups(params = {}) ⇒ Array

  Gets a list of Group resources (element of groups limited with the limit parameter).

• #get_rate_limits ⇒ RateLimit

  Gets current rate limit details about an access token.

• #get_role(role_id) ⇒ Role

  Gets Role by ID.

• #get_roles(params = {}) ⇒ Array

  Gets a list of Role resources.

• #get_saml_assertion(username_or_email, password, app_id, subdomain, ip_address = nil) ⇒ SAMLEndpointResponse

  Generates a SAML Assertion.

• #get_saml_assertion_verifying(app_id, device_id, state_token, otp_token = nil, url_endpoint = nil, do_not_notify = false) ⇒ SAMLEndpointResponse

  Verify a one-time password (OTP) value provided for a second factor when multi-factor authentication (MFA) is required for SAML authentication.

• #get_session_token_verified(device_id, state_token, otp_token = nil, allowed_origin = '', do_not_notify = false) ⇒ SessionTokenInfo

  Verify a one-time password (OTP) value provided for multi-factor authentication (MFA).

• #get_user(user_id) ⇒ User

  Gets User by ID.

• #get_user_apps(user_id) ⇒ Array

  Gets a list of apps accessible by a user, not including personal apps.

• #get_user_roles(user_id) ⇒ Array

  Gets a list of role IDs that have been assigned to a user.

• #get_users(params = {}) ⇒ Array

  Gets a list of User resources.

• #handle_operation_response(response) ⇒ Object
• #handle_saml_endpoint_response(response) ⇒ Object
• #handle_session_token_response(response) ⇒ Object
• #headers ⇒ Object
• #initialize(config) ⇒ Client constructor

  Create a new instance of the Client.

• #lock_user(user_id, minutes) ⇒ Boolean

  Use this call to lock a user’s account based on the policy assigned to the user, for a specific time you define in the request, or until you unlock it.

• #log_user_out(user_id) ⇒ Boolean

  Log a user out of any and all sessions.

• #prepare_token ⇒ Object
• #regenerate_token ⇒ OneLoginToken

  Refreshing tokens provides a new set of access and refresh tokens.

• #remove_factor(user_id, device_id) ⇒ Boolean

  Remove an enrolled factor from a user.

• #remove_role_from_user(user_id, role_ids) ⇒ Boolean

  Removes Role from User.

• #retrieve_apps_from_xml(xml_content) ⇒ Object
• #revoke_token ⇒ Boolean

  Revokes an access token and refresh token pair.

• #send_invite_link(email, personal_email = nil) ⇒ String

  Sends an invite link to a user that you have already created in your OneLogin account.

• #set_custom_attribute_to_user(user_id, custom_attributes) ⇒ Boolean

  Set Custom Attribute Value.

• #set_password_using_clear_text(user_id, password, password_confirmation, validate_policy = false) ⇒ Boolean

  Sets Password by ID Using Cleartext.

• #set_password_using_hash_salt(user_id, password, password_confirmation, password_algorithm, password_salt = nil) ⇒ Boolean

  Set Password by ID Using Salt and SHA-256.

• #set_state_to_user(user_id, state) ⇒ Boolean

  Set User State.

• #update_user(user_id, user_params) ⇒ User

  Updates an user.

• #validate_config ⇒ Object
• #verify_factor(user_id, device_id, otp_token = nil, state_token = nil) ⇒ Boolean

  Authenticates a one-time password (OTP) code provided by a multifactor authentication (MFA) device.

Methods included from Util::UrlBuilder

#url_for

Constructor Details

#initialize(config) ⇒ Client

Create a new instance of the Client.

# File 'lib/onelogin/api/client.rb', line 33

def initialize(config)
  options = Hash[config.map { |(k, v)| [k.to_sym, v] }]

  @client_id = options[:client_id]
  @client_secret = options[:client_secret]
  @region = options[:region] || 'us'
  @max_results = options[:max_results] || 1000

  if options[:proxy_host]
    self.class.http_proxy options[:proxy_host], options[:proxy_port], options[:proxy_user], options[:proxy_pass]
  end

  validate_config

  @user_agent = DEFAULT_USER_AGENT
end

Instance Attribute Details

#client_id ⇒ Object

Returns the value of attribute client_id.

# File 'lib/onelogin/api/client.rb', line 21

def client_id
  @client_id
end

#client_secret ⇒ Object

Returns the value of attribute client_secret.

# File 'lib/onelogin/api/client.rb', line 21

def client_secret
  @client_secret
end

#error ⇒ Object

Returns the value of attribute error.

# File 'lib/onelogin/api/client.rb', line 22

def error
  @error
end

#error_attribute ⇒ Object

Returns the value of attribute error_attribute.

# File 'lib/onelogin/api/client.rb', line 22

def error_attribute
  @error_attribute
end

#error_description ⇒ Object

Returns the value of attribute error_description.

# File 'lib/onelogin/api/client.rb', line 22

def error_description
  @error_description
end

#region ⇒ Object

Returns the value of attribute region.

# File 'lib/onelogin/api/client.rb', line 21

def region
  @region
end

#user_agent ⇒ Object

Returns the value of attribute user_agent.

# File 'lib/onelogin/api/client.rb', line 22

def user_agent
  @user_agent
end

Instance Method Details

#access_token ⇒ OneLoginToken

Generates an access token and refresh token that you may use to call Onelogin’s API methods.

See Also:

• Generate Tokens documentation}

# File 'lib/onelogin/api/client.rb', line 187

def access_token
  clean_error

  begin
    url = url_for(TOKEN_REQUEST_URL)

    data = {
      'grant_type' => 'client_credentials'
    }

    response = self.class.post(
      url,
      headers: authorized_headers(false),
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      token = OneLogin::Api::Models::OneLoginToken.new(json_data)
      @access_token = token.access_token
      @refresh_token = token.refresh_token
      @expiration = token.created_at + token.expires_in
      return token
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#activate_factor(user_id, device_id) ⇒ FactorEnrollmentResponse

Triggers an SMS or Push notification containing a One-Time Password (OTP) that can be used to authenticate a user with the Verify Factor call.

See Also:

• Activate an Authentication Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1579

def activate_factor(user_id, device_id)
  clean_error
  prepare_token

  begin
    url = url_for(ACTIVATE_FACTOR_URL, user_id, device_id)

    response = self.class.post(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::FactorEnrollmentResponse.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#assign_role_to_user(user_id, role_ids) ⇒ Boolean

Assigns Roles to User

See Also:

• Assign Role to User documentation}

# File 'lib/onelogin/api/client.rb', line 603

def assign_role_to_user(user_id, role_ids)
  clean_error
  prepare_token

  begin
    url = url_for(ADD_ROLE_TO_USER_URL, user_id)

    data = {
      'role_id_array' => role_ids
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#authorized_headers(bearer = true) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 165

def authorized_headers(bearer = true)
  authorization = if bearer
    "bearer:#{@access_token}"
  else
    "client_id:#{@client_id},client_secret:#{@client_secret}"
  end

  headers.merge({
    'Authorization' => authorization
  })
end

#clean_error ⇒ Object

Clean any previous error registered at the client.

# File 'lib/onelogin/api/client.rb', line 56

def clean_error
  @error = nil
  @error_description = nil
  @error_attribute = nil
end

#create_event(event_params) ⇒ Boolean

Create an event in the OneLogin event log.

See Also:

• Create Event documentation}

# File 'lib/onelogin/api/client.rb', line 1237

def create_event(event_params)
  clean_error
  prepare_token

  begin
    url = url_for(CREATE_EVENT_URL)

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: event_params.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#create_session_login_token(query_params, allowed_origin = '') ⇒ SessionTokenInfo|SessionTokenMFAInfo

Generates a session login token in scenarios in which MFA may or may not be required. A session login token expires two minutes after creation.

See Also:

• Create Session Login Token documentation}

# File 'lib/onelogin/api/client.rb', line 970

def create_session_login_token(query_params, allowed_origin='')
  clean_error
  prepare_token

  begin
    url = url_for(SESSION_LOGIN_TOKEN_URL)

    if query_params.nil? || !query_params.has_key?('username_or_email') || !query_params.has_key?('password') || !query_params.has_key?('subdomain')
      raise "username_or_email, password and subdomain are required parameters"
    end

    headers = authorized_headers
    if allowed_origin
      headers = headers.merge({ 'Custom-Allowed-Origin-Header-1' => allowed_origin })
    end

    response = self.class.post(
      url,
      headers: headers,
      body: query_params.to_json
    )

    if response.code == 200
      return handle_session_token_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#create_user(user_params) ⇒ User

Creates an user

See Also:

• Create User documentation}

# File 'lib/onelogin/api/client.rb', line 520

def create_user(user_params)
  clean_error
  prepare_token

  begin
    url = url_for(CREATE_USER_URL)

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: user_params.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::User.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#delete_user(user_id) ⇒ Boolean

Deletes an user

See Also:

• Delete User by ID documentation}

# File 'lib/onelogin/api/client.rb', line 931

def delete_user(user_id)
  clean_error
  prepare_token

  begin
    url = url_for(DELETE_USER_URL, user_id)

    response = self.class.delete(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#enroll_factor(user_id, factor_id, display_name, number) ⇒ OTPDevice

Enroll a user with a given authentication factor.

See Also:

• Enroll an Authentication Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1494

def enroll_factor(user_id, factor_id, display_name, number)
  clean_error
  prepare_token

  begin
    url = url_for(ENROLL_FACTOR_URL, user_id)

    data = {
      'factor_id'=> factor_id.to_i,
      'display_name'=> display_name,
      'number'=> number
    }

    response = self.class.post(
      url,
      :headers => authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data and json_data['data']
        return OneLogin::Api::Models::OTPDevice.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#expired? ⇒ Boolean

# File 'lib/onelogin/api/client.rb', line 96

def expired?
  Time.now.utc > @expiration
end

#extract_error_attribute_from_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 82

def extract_error_attribute_from_response(response)
  attribute = nil
  content = JSON.parse(response.body)
  if content && content.has_key?('status')
    status = content['status']
    if status.has_key?('message') && status['message'].instance_of?(Hash)
      if status['message'].has_key?('attribute')
        attribute = status['message']['attribute']
      end
    end
  end
  attribute
end

#extract_error_message_from_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 62

def extract_error_message_from_response(response)
  message = ''
  content = JSON.parse(response.body)
  if content && content.has_key?('status')
    status = content['status']
    if status.has_key?('message')
      if status['message'].instance_of?(Hash)
        if status['message'].has_key?('description')
          message = status['message']['description']
        end
      else
        message = status['message']
      end
    elsif status.has_key?('type')
      message = status['type']
    end
  end
  message
end

#generate_invite_link(email) ⇒ String

Generates an invite link for a user that you have already created in your OneLogin account.

See Also:

• Generate Invite Link documentation}

# File 'lib/onelogin/api/client.rb', line 1709

def generate_invite_link(email)
  clean_error
  prepare_token

  begin
    url = url_for(GENERATE_INVITE_LINK_URL)

    data = {
      'email'=> email
    }

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return json_data['data'][0]
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_custom_attributes ⇒ Array

Gets a list of all custom attribute fields (also known as custom user fields) that have been defined for OL account.

See Also:

• Get Custom Attributes documentation}

# File 'lib/onelogin/api/client.rb', line 476

def get_custom_attributes
  clean_error
  prepare_token

  begin
    url = url_for(GET_CUSTOM_ATTRIBUTES_URL)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    custom_attributes = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        custom_attributes = json_data['data'][0]
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end

    return custom_attributes
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_embed_apps(token, email) ⇒ Array

Lists apps accessible by a OneLogin user.

See Also:

• Get Apps to Embed for a User documentation}

# File 'lib/onelogin/api/client.rb', line 1796

def get_embed_apps(token, email)
  clean_error

  begin
    response = self.class.get(
      EMBED_APP_URL,
      headers: {
        'User-Agent' => @user_agent
      },
      query: {
        token: token,
        email: email
      }
    )

    if response.code == 200 && !(response.body.nil? || response.body.empty?)
      return retrieve_apps_from_xml(response.body)
    else
      @error = response.code.to_s
      unless response.body.nil? || response.body.empty?
        @error_description = response.body
      end
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_enrolled_factors(user_id) ⇒ Array

Return a list of authentication factors registered to a particular user for multifactor authentication (MFA)

See Also:

• Get Enrolled Authentication Factors documentation}

# File 'lib/onelogin/api/client.rb', line 1537

def get_enrolled_factors(user_id)
  clean_error
  prepare_token

  begin
    url = url_for(GET_ENROLLED_FACTORS_URL, user_id)

    response = self.class.get(
      url,
      :headers => authorized_headers
    )

    otp_devices = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data and json_data['data'] and json_data['data']['otp_devices']
        json_data['data']['otp_devices'].each do |otp_device_data|
          otp_devices << OneLogin::Api::Models::OTPDevice.new(otp_device_data)
        end
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
    return otp_devices
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_event(event_id) ⇒ Event

Gets Event by ID.

See Also:

• Get Event by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1195

def get_event(event_id)
  clean_error
  prepare_token

  begin
    url = url_for(GET_EVENT_URL, event_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::Event.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_event_types ⇒ Array

List of all OneLogin event types available to the Events API.

See Also:

• Get Event Types documentation}

# File 'lib/onelogin/api/client.rb', line 1138

def get_event_types
  clean_error
  prepare_token

  begin
  options = {
    model: OneLogin::Api::Models::EventType,
    headers: authorized_headers,
    max_results: @max_results
  }

  return Cursor.new(self.class, url_for(GET_EVENT_TYPES_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_events(params = {}) ⇒ Array

Gets a list of Event resources. (if no limit provided, by default get 50 elements)

See Also:

• Get Events documentation}

# File 'lib/onelogin/api/client.rb', line 1166

def get_events(params={})
  clean_error
  prepare_token

  begin
  options = {
    model: OneLogin::Api::Models::Event,
    headers: authorized_headers,
    max_results: @max_results,
    params: params
  }

  return Cursor.new(self.class, url_for(GET_EVENTS_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_factors(user_id) ⇒ Array

Returns a list of authentication factors that are available for user enrollment via API.

See Also:

• Get Available Authentication Factors documentation}

# File 'lib/onelogin/api/client.rb', line 1451

def get_factors(user_id)
  clean_error
  prepare_token

  begin
    url = url_for(GET_FACTORS_URL, user_id)

    response = self.class.get(
      url,
      :headers => authorized_headers
    )

    factors = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data and json_data['data'] and json_data['data']['auth_factors']
        json_data['data']['auth_factors'].each do |factor_data|
          factors << OneLogin::Api::Models::AuthFactor.new(factor_data)
        end
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
    return factors
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_group(group_id) ⇒ Group

Gets Group by ID.

See Also:

• Get Group by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1303

def get_group(group_id)
  clean_error
  prepare_token

  begin
    url = url_for(GET_GROUP_URL, group_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::Group.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_groups(params = {}) ⇒ Array

Gets a list of Group resources (element of groups limited with the limit parameter).

See Also:

• Get Groups documentation}

# File 'lib/onelogin/api/client.rb', line 1274

def get_groups(params = {})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::Group,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self.class, url_for(GET_GROUPS_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_rate_limits ⇒ RateLimit

Gets current rate limit details about an access token.

See Also:

• Get Rate Limit documentation}

# File 'lib/onelogin/api/client.rb', line 307

def get_rate_limits
  clean_error
  prepare_token

  begin
    url = url_for(GET_RATE_URL)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::RateLimit.new(json_data['data'])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_role(role_id) ⇒ Role

Gets Role by ID.

See Also:

• Get Role by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1100

def get_role(role_id)
  clean_error
  prepare_token

  begin
    url = url_for(GET_ROLE_URL, role_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::Role.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_roles(params = {}) ⇒ Array

Gets a list of Role resources. (if no limit provided, by default get 50 elements)

See Also:

• Get Roles documentation}

# File 'lib/onelogin/api/client.rb', line 1071

def get_roles(params = {})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::Role,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self.class, url_for(GET_ROLES_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_saml_assertion(username_or_email, password, app_id, subdomain, ip_address = nil) ⇒ SAMLEndpointResponse

Generates a SAML Assertion.

See Also:

• Generate SAML Assertion documentation}

# File 'lib/onelogin/api/client.rb', line 1347

def get_saml_assertion(username_or_email, password, app_id, subdomain, ip_address=nil)
  clean_error
  prepare_token

  begin
    url = url_for(GET_SAML_ASSERTION_URL)

    data = {
      'username_or_email'=> username_or_email,
      'password'=> password,
      'app_id'=> app_id,
      'subdomain'=> subdomain,
    }

    unless ip_address.nil? || ip_address.empty?
      data['ip_address'] = ip_address
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_saml_endpoint_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_saml_assertion_verifying(app_id, device_id, state_token, otp_token = nil, url_endpoint = nil, do_not_notify = false) ⇒ SAMLEndpointResponse

Verify a one-time password (OTP) value provided for a second factor when multi-factor authentication (MFA) is required for SAML authentication.

See Also:

• Verify Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1397

def get_saml_assertion_verifying(app_id, device_id, state_token, otp_token=nil, url_endpoint=nil, do_not_notify=false)
  clean_error
  prepare_token

  begin

    if url_endpoint.nil? || url_endpoint.empty?
      url = url_for(GET_SAML_VERIFY_FACTOR)
    else
      url = url_endpoint
    end

    data = {
      'app_id'=> app_id,
      'device_id'=> device_id.to_s,
      'state_token'=> state_token,
      'do_not_notify'=> do_not_notify
    }

    unless otp_token.nil? || otp_token.empty?
      data['otp_token'] = otp_token
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_saml_endpoint_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_session_token_verified(device_id, state_token, otp_token = nil, allowed_origin = '', do_not_notify = false) ⇒ SessionTokenInfo

Verify a one-time password (OTP) value provided for multi-factor authentication (MFA).

See Also:

• Verify Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1017

def get_session_token_verified(device_id, state_token, otp_token=nil, allowed_origin='', do_not_notify=false)
  clean_error
  prepare_token

  begin
    url = url_for(GET_TOKEN_VERIFY_FACTOR)

    data = {
      'device_id'=> device_id.to_s,
      'state_token'=> state_token,
      'do_not_notify'=> do_not_notify
    }

    unless otp_token.nil? || otp_token.empty?
      data['otp_token'] = otp_token
    end

    headers = authorized_headers
    if allowed_origin
      headers = headers.merge({ 'Custom-Allowed-Origin-Header-1' => allowed_origin })
    end

    response = self.class.post(
      url,
      headers: headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_session_token_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_user(user_id) ⇒ User

Gets User by ID.

See Also:

• Get User by ID documentation}

# File 'lib/onelogin/api/client.rb', line 376

def get_user(user_id)
  clean_error
  prepare_token

  begin

    url = url_for(GET_USER_URL, user_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::User.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_user_apps(user_id) ⇒ Array

Gets a list of apps accessible by a user, not including personal apps.

See Also:

• Get Apps for a User documentation}

# File 'lib/onelogin/api/client.rb', line 413

def get_user_apps(user_id)
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::App,
      headers: authorized_headers,
      max_results: @max_results
    }

    return Cursor.new(self.class, url_for(GET_APPS_FOR_USER_URL, user_id), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_user_roles(user_id) ⇒ Array

Gets a list of role IDs that have been assigned to a user.

See Also:

• Get Roles for a User documentation}

# File 'lib/onelogin/api/client.rb', line 441

def get_user_roles(user_id)
  clean_error
  prepare_token

  begin
    url = url_for(GET_ROLES_FOR_USER_URL, user_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    role_ids = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      role_ids = json_data['data'][0] if json_data && json_data['data']
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end

    return role_ids
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_users(params = {}) ⇒ Array

Gets a list of User resources. (if no limit provided, by default gt 50 elements)

See Also:

• Get Users documentation}

# File 'lib/onelogin/api/client.rb', line 347

def get_users(params = {})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::User,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self.class, url_for(GET_USERS_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#handle_operation_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 108

def handle_operation_response(response)
  result = false
  begin
    content = JSON.parse(response.body)
    if content && content.has_key?('status') && content['status'].has_key?('type') && content['status']['type'] == "success"
      result = true
    end
  rescue Exception => e
    result = false
  end

  result
end

#handle_saml_endpoint_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 137

def handle_saml_endpoint_response(response)
  content = JSON.parse(response.body)
  if content && content.has_key?('status') && content['status'].has_key?('message') && content['status'].has_key?('type')
    status_type = content['status']['type']
    status_message = content['status']['message']
    saml_endpoint_response = OneLogin::Api::Models::SAMLEndpointResponse.new(status_type, status_message)
    if content.has_key?('data')
      if status_message == 'Success'
        saml_endpoint_response.saml_response = content['data']
      else
        mfa = OneLogin::Api::Models::MFA.new(content['data'][0])
        saml_endpoint_response.mfa = mfa
      end
    end

    return saml_endpoint_response
  end

  nil
end

#handle_session_token_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 122

def handle_session_token_response(response)
  content = JSON.parse(response.body)
  if content && content.has_key?('status') && content['status'].has_key?('message') && content.has_key?('data')
    if content['status']['message'] == "Success"
      return OneLogin::Api::Models::SessionTokenInfo.new(content['data'][0])
    elsif content['status']['message'] == "MFA is required for this user"
      return OneLogin::Api::Models::SessionTokenMFAInfo.new(content['data'][0])
    else
      raise "Status Message type not reognized: %s" % content['status']['message']
    end
  end

  nil
end

#headers ⇒ Object

# File 'lib/onelogin/api/client.rb', line 158

def headers
  {
    'Content-Type' => 'application/json',
    'User-Agent' => @user_agent
  }
end

#lock_user(user_id, minutes) ⇒ Boolean

Use this call to lock a user’s account based on the policy assigned to the user, for a specific time you define in the request, or until you unlock it.

See Also:

• Lock User Account documentation}

# File 'lib/onelogin/api/client.rb', line 892

def lock_user(user_id, minutes)
  clean_error
  prepare_token

  begin
    url = url_for(LOCK_USER_URL, user_id)

    data = {
      'locked_until' => minutes
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#log_user_out(user_id) ⇒ Boolean

Log a user out of any and all sessions.

See Also:

• Log User Out documentation}

# File 'lib/onelogin/api/client.rb', line 855

def log_user_out(user_id)
  clean_error
  prepare_token

  begin
    url = url_for(LOG_USER_OUT_URL, user_id)

    response = self.class.put(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#prepare_token ⇒ Object

# File 'lib/onelogin/api/client.rb', line 100

def prepare_token
  if @access_token.nil?
    access_token
  elsif expired?
    regenerate_token
  end
end

#regenerate_token ⇒ OneLoginToken

Refreshing tokens provides a new set of access and refresh tokens.

See Also:

• Refresh Tokens documentation}

# File 'lib/onelogin/api/client.rb', line 227

def regenerate_token
  clean_error

  begin
    url = url_for(TOKEN_REQUEST_URL)

    data = {
      'grant_type' => 'refresh_token',
      'access_token' => @access_token,
      'refresh_token' => @refresh_token
    }

    response = self.class.post(
      url,
      headers: headers,
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      token = OneLogin::Api::Models::OneLoginToken.new(json_data)
      @access_token = token.access_token
      @refresh_token = token.refresh_token
      @expiration = token.created_at + token.expires_in
      return token
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#remove_factor(user_id, device_id) ⇒ Boolean

Remove an enrolled factor from a user.

See Also:

• Remove a Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1671

def remove_factor(user_id, device_id)
  clean_error
  prepare_token

  begin
    url = url_for(REMOVE_FACTOR_URL, user_id, device_id)

    response = self.class.delete(
      url,
      :headers => authorized_headers
    )

    if response.code == 200
      return true
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      return false
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#remove_role_from_user(user_id, role_ids) ⇒ Boolean

Removes Role from User

See Also:

• Remove Role from User documentation}

# File 'lib/onelogin/api/client.rb', line 643

def remove_role_from_user(user_id, role_ids)
  clean_error
  prepare_token

  begin
    url = url_for(DELETE_ROLE_TO_USER_URL, user_id)

    data = {
      'role_id_array' => role_ids
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#retrieve_apps_from_xml(xml_content) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 1827

def retrieve_apps_from_xml(xml_content)
  doc = Nokogiri::XML(xml_content) do |config|
    config.options = NOKOGIRI_OPTIONS
  end

  node_list = doc.xpath("/apps/app")
  attributes = ['id', 'icon', 'name', 'provisioned', 'extension_required', 'personal', 'login_id']
  apps = []
  node_list.each do |node|
    app_data = {}
    node.children.each do |children|
      if attributes.include? children.name
        app_data[children.name] = children.content
      end
    end
    apps << OneLogin::Api::Models::EmbedApp.new(app_data)
  end

  apps
end

#revoke_token ⇒ Boolean

Revokes an access token and refresh token pair.

See Also:

• Revoke Tokens documentation}

# File 'lib/onelogin/api/client.rb', line 269

def revoke_token
  clean_error

  begin
    url = url_for(TOKEN_REVOKE_URL)

    data = {
      access_token: @access_token
    }

    response = self.class.post(
      url,
      headers: authorized_headers(false),
      body: data.to_json
    )

    if response.code == 200
      @access_token = nil
      @refresh_token = nil
      @expiration = nil
      return true
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#send_invite_link(email, personal_email = nil) ⇒ String

Sends an invite link to a user that you have already created in your OneLogin account.

See Also:

• Send Invite Link documentation}

# File 'lib/onelogin/api/client.rb', line 1753

def send_invite_link(email, personal_email=nil)
  clean_error
  prepare_token

  begin
    url = url_for(SEND_INVITE_LINK_URL)

    data = {
      'email'=> email
    }

    unless personal_email.nil? || personal_email.empty?
      data['personal_email'] = personal_email
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_custom_attribute_to_user(user_id, custom_attributes) ⇒ Boolean

Set Custom Attribute Value

See Also:

• Set Custom Attribute Value documentation}

# File 'lib/onelogin/api/client.rb', line 816

def set_custom_attribute_to_user(user_id, custom_attributes)
  clean_error
  prepare_token

  begin
    url = url_for(SET_CUSTOM_ATTRIBUTE_TO_USER_URL, user_id)

    data = {
      'custom_attributes' => custom_attributes
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_password_using_clear_text(user_id, password, password_confirmation, validate_policy = false) ⇒ Boolean

Sets Password by ID Using Cleartext

See Also:

• Set Password by ID Using Cleartext documentation}

# File 'lib/onelogin/api/client.rb', line 685

def set_password_using_clear_text(user_id, password, password_confirmation, validate_policy=false)
  clean_error
  prepare_token

  begin
    url = url_for(SET_PW_CLEARTEXT, user_id)

    data = {
      'password' => password,
      'password_confirmation' => password_confirmation,
      'validate_policy' => validate_policy
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_password_using_hash_salt(user_id, password, password_confirmation, password_algorithm, password_salt = nil) ⇒ Boolean

Set Password by ID Using Salt and SHA-256

See Also:

• Set Password by ID Using Salt and SHA-256 documentation}

# File 'lib/onelogin/api/client.rb', line 730

def set_password_using_hash_salt(user_id, password, password_confirmation, password_algorithm, password_salt=nil)
  clean_error
  prepare_token

  begin
    url = url_for(SET_PW_SALT, user_id)

    data = {
      'password' => password,
      'password_confirmation' => password_confirmation,
      'password_algorithm' => password_algorithm
    }

    unless password_salt.nil?
      data['password_salt'] = password_salt
    end

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_state_to_user(user_id, state) ⇒ Boolean

Set User State

See Also:

• Set User State documentation}

# File 'lib/onelogin/api/client.rb', line 776

def set_state_to_user(user_id, state)
  clean_error
  prepare_token

  begin
    url = url_for(SET_USER_STATE_URL, user_id)

    data = {
      'state' => state
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#update_user(user_id, user_params) ⇒ User

Updates an user

See Also:

• Update User by ID documentation}

# File 'lib/onelogin/api/client.rb', line 564

def update_user(user_id, user_params)
  clean_error
  prepare_token

  begin
    url = url_for(UPDATE_USER_URL, user_id)

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: user_params.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::User.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#validate_config ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/onelogin/api/client.rb', line 50

def validate_config
  raise ArgumentError, 'client_id & client_secret are required' unless @client_id && @client_secret
end

#verify_factor(user_id, device_id, otp_token = nil, state_token = nil) ⇒ Boolean

Authenticates a one-time password (OTP) code provided by a multifactor authentication (MFA) device.

See Also:

• Verify an Authentication Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1623

def verify_factor(user_id, device_id, otp_token=nil, state_token=nil)
  clean_error
  prepare_token

  begin
    url = url_for(VERIFY_FACTOR_URL, user_id, device_id)

    data = {
      'user_id'=> user_id,
      'device_id'=> device_id
    }

    unless otp_token.nil? || otp_token.empty?
      data['otp_token'] = otp_token
    end

    unless state_token.nil? || state_token.empty?
      data['state_token'] = state_token
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end