Module: Auth0::Api::AuthenticationEndpoints
- Includes:
- ClientAssertion
- Defined in:
- lib/auth0/api/authentication_endpoints.rb
Overview
https://auth0.com/docs/api/authentication Methods to use the Authentication API
Constant Summary collapse
- UP_AUTH =
'Username-Password-Authentication'.freeze
- JWT_BEARER =
'urn:ietf:params:oauth:grant-type:jwt-bearer'.freeze
- GRANT_TYPE_PASSWORDLESS_OPT =
'http://auth0.com/oauth/grant-type/passwordless/otp'.freeze
Constants included from ClientAssertion
ClientAssertion::CLIENT_ASSERTION_TYPE
Instance Method Summary collapse
-
#api_token(client_id: @client_id, client_secret: @client_secret, organization: @organization, audience: nil) ⇒ json
Request an API access token using a Client Credentials grant.
-
#authorization_url(redirect_uri, options = {}) ⇒ url
Return an authorization URL.
-
#change_password(email, password, connection_name = UP_AUTH) ⇒ Object
deprecated
Deprecated.
Use #reset_password instead.
-
#exchange_auth_code_for_tokens(code, redirect_uri: nil, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using an Authorization Code.
-
#exchange_email_otp_for_tokens(email_address, otp, audience: nil, scope: nil) ⇒ Object
Exchange an OTP recieved through email for ID and access tokens.
-
#exchange_refresh_token(refresh_token, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using a refresh token.
-
#exchange_sms_otp_for_tokens(phone_number, otp, audience: nil, scope: nil) ⇒ Object
Exchange an OTP recieved through SMS for ID and access tokens.
-
#login_with_resource_owner(login_name, password, client_id: @client_id, client_secret: @client_secret, realm: nil, audience: nil, scope: 'openid') ⇒ json
rubocop:disable Metrics/ParameterLists Get access and ID tokens using Resource Owner Password.
-
#logout_url(return_to, include_client: false, federated: false) ⇒ url
Returns an Auth0 logout URL with a return URL.
-
#par_authorization_url(request_uri) ⇒ Object
Return an authorization URL for PAR requests.
-
#pushed_authorization_request(parameters = {}) ⇒ url
Make a request to the PAR endpoint and receive a ‘request_uri` to send to the ’/authorize’ endpoint.
-
#reset_password(email, connection_name = UP_AUTH, client_id = @client_id) ⇒ Object
Trigger a password reset email.
-
#saml_metadata ⇒ xml
Retrive SAML 2.0 metadata XML for an Application.
-
#samlp_url(connection = UP_AUTH) ⇒ url
Return a SAMLP URL.
-
#signup(email, password, connection_name = UP_AUTH) ⇒ json
Sign up with a database connection using a username and password.
-
#start_passwordless_email_flow(email, send = 'link', auth_params = {}) ⇒ Object
Start Passwordless email login flow.
-
#start_passwordless_sms_flow(phone_number) ⇒ Object
Start Passwordless SMS login flow.
-
#userinfo(access_token) ⇒ json
Return the user information based on the Auth0 access token.
-
#validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists.
-
#wsfed_metadata ⇒ xml
Retrieve WS-Federation metadata XML for a tenant.
-
#wsfed_url(connection = UP_AUTH, options = {}) ⇒ url
Return a WS-Federation URL.
Methods included from ClientAssertion
#populate_client_assertion_or_secret
Instance Method Details
#api_token(client_id: @client_id, client_secret: @client_secret, organization: @organization, audience: nil) ⇒ json
Request an API access token using a Client Credentials grant
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 25 def api_token( client_id: @client_id, client_secret: @client_secret, organization: @organization, audience: nil ) request_params = { grant_type: 'client_credentials', client_id: client_id, audience: audience, organization: organization } populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret) response = request_with_retry(:post, '/oauth/token', request_params) ::Auth0::ApiToken.new(response['access_token'], response['scope'], response['expires_in']) end |
#authorization_url(redirect_uri, options = {}) ⇒ url
Return an authorization URL.
310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 310 def (redirect_uri, = {}) raise Auth0::InvalidParameter, 'Must supply a valid redirect_uri' if redirect_uri.to_s.empty? request_params = { client_id: @client_id, response_type: .fetch(:response_type, 'code'), connection: .fetch(:connection, nil), redirect_uri: redirect_uri, state: .fetch(:state, nil), scope: .fetch(:scope, nil), organization: .fetch(:organization, @organization), invitation: .fetch(:invitation, nil) }.merge(.fetch(:additional_parameters, {})) URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params)) end |
#change_password(email, password, connection_name = UP_AUTH) ⇒ Object
Use #reset_password instead.
Change a user’s password or trigger a password reset email.
212 213 214 215 216 217 218 219 220 221 222 223 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 212 def change_password(email, password, connection_name = UP_AUTH) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? request_params = { email: email, password: password, connection: connection_name, client_id: @client_id } request_with_retry(:post, '/dbconnections/change_password', request_params) end |
#exchange_auth_code_for_tokens(code, redirect_uri: nil, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using an Authorization Code.
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 52 def exchange_auth_code_for_tokens( code, redirect_uri: nil, client_id: @client_id, client_secret: @client_secret ) raise Auth0::InvalidParameter, 'Must provide an authorization code' if code.to_s.empty? request_params = { grant_type: 'authorization_code', client_id: client_id, code: code, redirect_uri: redirect_uri } populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret) ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#exchange_email_otp_for_tokens(email_address, otp, audience: nil, scope: nil) ⇒ Object
Exchange an OTP recieved through email for ID and access tokens
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 125 def exchange_email_otp_for_tokens(email_address, otp, audience: nil, scope: nil) request_params = { grant_type: GRANT_TYPE_PASSWORDLESS_OPT, client_id: @client_id, username: email_address, otp: otp, realm: 'email', audience: audience, scope: scope || 'openid profile email' } populate_client_assertion_or_secret(request_params) ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#exchange_refresh_token(refresh_token, client_id: @client_id, client_secret: @client_secret) ⇒ Auth0::AccessToken
Get access and ID tokens using a refresh token.
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 81 def exchange_refresh_token( refresh_token, client_id: @client_id, client_secret: @client_secret ) raise Auth0::InvalidParameter, 'Must provide a refresh token' if refresh_token.to_s.empty? request_params = { grant_type: 'refresh_token', client_id: client_id, refresh_token: refresh_token } populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret) ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#exchange_sms_otp_for_tokens(phone_number, otp, audience: nil, scope: nil) ⇒ Object
Exchange an OTP recieved through SMS for ID and access tokens
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 104 def exchange_sms_otp_for_tokens(phone_number, otp, audience: nil, scope: nil) request_params = { grant_type: GRANT_TYPE_PASSWORDLESS_OPT, client_id: @client_id, username: phone_number, otp: otp, realm: 'sms', audience: audience, scope: scope || 'openid profile email' } populate_client_assertion_or_secret(request_params) ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#login_with_resource_owner(login_name, password, client_id: @client_id, client_secret: @client_secret, realm: nil, audience: nil, scope: 'openid') ⇒ json
rubocop:disable Metrics/ParameterLists Get access and ID tokens using Resource Owner Password. Requires that your tenant has a Default Audience or Default Directory.
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 155 def login_with_resource_owner( login_name, password, client_id: @client_id, client_secret: @client_secret, realm: nil, audience: nil, scope: 'openid' ) raise Auth0::InvalidParameter, 'Must supply a valid login_name' if login_name.empty? raise Auth0::InvalidParameter, 'Must supply a valid password' if password.empty? request_params = { username: login_name, password: password, client_id: client_id, realm: realm, scope: scope, audience: audience, grant_type: realm ? 'http://auth0.com/oauth/grant-type/password-realm' : 'password' } populate_client_assertion_or_secret(request_params, client_id: client_id, client_secret: client_secret) ::Auth0::AccessToken.from_response request_with_retry(:post, '/oauth/token', request_params) end |
#logout_url(return_to, include_client: false, federated: false) ⇒ url
Returns an Auth0 logout URL with a return URL.
349 350 351 352 353 354 355 356 357 358 359 360 361 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 349 def logout_url(return_to, include_client: false, federated: false) request_params = { returnTo: return_to, client_id: include_client ? @client_id : nil, federated: federated ? '1' : nil } URI::HTTPS.build( host: @domain, path: '/v2/logout', query: to_query(request_params) ) end |
#par_authorization_url(request_uri) ⇒ Object
Return an authorization URL for PAR requests
331 332 333 334 335 336 337 338 339 340 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 331 def (request_uri) raise Auth0::InvalidParameter, 'Must supply a valid request_uri' if request_uri.to_s.empty? request_params = { client_id: @client_id, request_uri: request_uri, } URI::HTTPS.build(host: @domain, path: '/authorize', query: to_query(request_params)) end |
#pushed_authorization_request(parameters = {}) ⇒ url
Make a request to the PAR endpoint and receive a ‘request_uri` to send to the ’/authorize’ endpoint.
368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 368 def (parameters = {}) request_params = { client_id: @client_id, response_type: parameters.fetch(:response_type, 'code'), connection: parameters.fetch(:connection, nil), redirect_uri: parameters.fetch(:redirect_uri, nil), state: parameters.fetch(:state, nil), scope: parameters.fetch(:scope, nil), organization: parameters.fetch(:organization, nil), invitation: parameters.fetch(:invitation, nil) }.merge(parameters.fetch(:additional_parameters, {})) populate_client_assertion_or_secret(request_params) request_with_retry(:post_form, '/oauth/par', request_params, {}) end |
#reset_password(email, connection_name = UP_AUTH, client_id = @client_id) ⇒ Object
Trigger a password reset email.
232 233 234 235 236 237 238 239 240 241 242 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 232 def reset_password(email, connection_name = UP_AUTH, client_id = @client_id) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? request_params = { email: email, connection: connection_name, client_id: client_id } request_with_retry(:post, '/dbconnections/change_password', request_params) end |
#saml_metadata ⇒ xml
Retrive SAML 2.0 metadata XML for an Application.
287 288 289 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 287 def request_with_retry(:get, "/samlp/metadata/#{@client_id}") end |
#samlp_url(connection = UP_AUTH) ⇒ url
Return a SAMLP URL. The SAML Request AssertionConsumerServiceURL will be used to POST back the assertion and it must match with the application callback URL.
391 392 393 394 395 396 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 391 def samlp_url(connection = UP_AUTH) request_params = { connection: connection } URI::HTTPS.build(host: @domain, path: "/samlp/#{@client_id}", query: to_query(request_params)) end |
#signup(email, password, connection_name = UP_AUTH) ⇒ json
Sign up with a database connection using a username and password.
190 191 192 193 194 195 196 197 198 199 200 201 202 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 190 def signup(email, password, connection_name = UP_AUTH) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty? request_params = { email: email, password: password, connection: connection_name, client_id: @client_id } request_with_retry(:post, '/dbconnections/signup', request_params) end |
#start_passwordless_email_flow(email, send = 'link', auth_params = {}) ⇒ Object
Start Passwordless email login flow.
250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 250 def start_passwordless_email_flow(email, send = 'link', auth_params = {}) raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? request_params = { email: email, send: send, authParams: auth_params, connection: 'email', client_id: @client_id, } populate_client_assertion_or_secret(request_params) request_with_retry(:post, '/passwordless/start', request_params) end |
#start_passwordless_sms_flow(phone_number) ⇒ Object
Start Passwordless SMS login flow.
270 271 272 273 274 275 276 277 278 279 280 281 282 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 270 def start_passwordless_sms_flow(phone_number) raise Auth0::InvalidParameter, 'Must supply a valid phone number' if phone_number.to_s.empty? request_params = { phone_number: phone_number, connection: 'sms', client_id: @client_id, } populate_client_assertion_or_secret(request_params) request_with_retry(:post, '/passwordless/start', request_params) end |
#userinfo(access_token) ⇒ json
Return the user information based on the Auth0 access token.
301 302 303 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 301 def userinfo(access_token) request_with_retry(:get, '/userinfo', {}, 'Authorization' => "Bearer #{access_token}") end |
#validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/ParameterLists
436 437 438 439 440 441 442 443 444 445 446 447 448 449 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 436 def validate_id_token(id_token, algorithm: nil, leeway: 60, nonce: nil, max_age: nil, issuer: nil, audience: nil, organization: @organization) context = { issuer: issuer || "https://#{@domain}/", audience: audience || @client_id, algorithm: algorithm || Auth0::Algorithm::RS256.jwks_url("https://#{@domain}/.well-known/jwks.json"), leeway: leeway } context[:nonce] = nonce unless nonce.nil? context[:max_age] = max_age unless max_age.nil? context[:organization] = organization unless !organization Auth0::Mixins::Validation::IdTokenValidator.new(context).validate(id_token) end |
#wsfed_metadata ⇒ xml
Retrieve WS-Federation metadata XML for a tenant.
294 295 296 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 294 def request_with_retry(:get, '/wsfed/FederationMetadata/2007-06/FederationMetadata.xml') end |
#wsfed_url(connection = UP_AUTH, options = {}) ⇒ url
Return a WS-Federation URL.
403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 |
# File 'lib/auth0/api/authentication_endpoints.rb', line 403 def wsfed_url(connection = UP_AUTH, = {}) request_params = { whr: connection, wtrealm: [:wtrealm], wctx: [:wctx], wreply: [:wreply] } url_client_id = @client_id unless request_params[:wtrealm] URI::HTTPS.build( host: @domain, path: "/wsfed/#{url_client_id}", query: to_query(request_params) ) end |