Class: Auth0::Clients::Client

Inherits:

Object

• Object
• Auth0::Clients::Client

Defined in:

lib/auth0/clients/client.rb

Instance Method Summary

• #connections ⇒ Auth0::Connections::Client
• #create(request_options: {}, **params) ⇒ Auth0::Types::CreateClientResponseContent

  Create a new client (application or SSO integration).

• #credentials ⇒ Auth0::Credentials::Client
• #delete(request_options: {}, **params) ⇒ untyped

  Delete a client and related configuration (rules, connections, etc).

• #get(request_options: {}, **params) ⇒ Auth0::Types::GetClientResponseContent

  Retrieve client details by ID.

• #initialize(client:) ⇒ void constructor
• #list(request_options: {}, **params) ⇒ Auth0::Types::ListClientsOffsetPaginatedResponseContent

  Retrieve clients (applications and SSO integrations) matching provided filters.

• #preview_cimd_metadata(request_options: {}, **params) ⇒ Auth0::Types::PreviewCimdMetadataResponseContent

  Fetches and validates a Client ID Metadata Document without creating a client.

• #register_cimd_client(request_options: {}, **params) ⇒ Auth0::Types::RegisterCimdClientResponseContent

  Idempotent registration for Client ID Metadata Document (CIMD) clients.

• #rotate_secret(request_options: {}, **params) ⇒ Auth0::Types::RotateClientSecretResponseContent

  Rotate a client secret.

• #update(request_options: {}, **params) ⇒ Auth0::Types::UpdateClientResponseContent

  Updates a client’s settings.

Constructor Details

#initialize(client:) ⇒ void

Parameters:

• client (Auth0::Internal::Http::RawClient)

# File 'lib/auth0/clients/client.rb', line 9

def initialize(client:)
  @client = client
end

Instance Method Details

#connections ⇒ Auth0::Connections::Client

Returns:

• (Auth0::Connections::Client)

# File 'lib/auth0/clients/client.rb', line 458

def connections
  @connections ||= Auth0::Clients::Connections::Client.new(client: @client)
end

#create(request_options: {}, **params) ⇒ Auth0::Types::CreateClientResponseContent

Create a new client (application or SSO integration). For more information, read <a href=“www.auth0.com/docs/get-started/auth0-overview/create-applications”>Create Applications</a> <a href=“www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>”>API Endpoints for Single Sign-On</a>.

Notes:

• We recommend leaving the ‘client_secret` parameter unspecified to allow the generation of a safe secret.

• The client_authentication_methods and token_endpoint_auth_method properties are

mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).

• When using client_authentication_methods to configure the client with Private Key JWT

authentication method, specify fully defined credentials. These credentials will be automatically enabled for Private Key JWT authentication on the client.

• To configure client_authentication_methods, the create:client_credentials scope is

required.

• To configure client_authentication_methods, the property jwt_configuration.alg must

be set to RS256.

<div class=“alert alert-warning”>SSO Integrations created via this endpoint will accept login requests and share user profile information.</div>

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::CreateClientRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Returns:

• (Auth0::Types::CreateClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 147

def create(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients",
    body: Auth0::Clients::Types::CreateClientRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::CreateClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#credentials ⇒ Auth0::Credentials::Client

Returns:

• (Auth0::Credentials::Client)

# File 'lib/auth0/clients/client.rb', line 453

def credentials
  @credentials ||= Auth0::Clients::Credentials::Client.new(client: @client)
end

#delete(request_options: {}, **params) ⇒ untyped

Delete a client and related configuration (rules, connections, etc).

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)

Returns:

• (untyped)

Raises:

• (error_class)

# File 'lib/auth0/clients/client.rb', line 335

def delete(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "DELETE",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  return if code.between?(200, 299)

  error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
  raise error_class.new(response.body, code: code)
end

#get(request_options: {}, **params) ⇒ Auth0::Types::GetClientResponseContent

Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. For more information, read <a href=“www.auth0.com/docs/get-started/applications”> Applications in Auth0</a> and <a href=“www.auth0.com/docs/authenticate/single-sign-on”> Single Sign-On</a>. <ul>

<li>
  The following properties can be retrieved with any of the scopes:
  <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
</li>
<li>
  The following properties can only be retrieved with the <code>read:clients</code> or
  <code>read:client_keys</code> scopes:
  <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
  <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
  <code>callback_url_template</code>, <code>jwt_configuration</code>,
  <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
  <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
  <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
  <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
  <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
  <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
  <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
  <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,

refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, refresh_token.policies, organization_usage,

  <code>organization_require_behavior</code>.
</li>
<li>

The following properties can only be retrieved with the read:client_keys or read:client_credentials scopes:

  <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
  <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
</li>

</ul>

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)
• :fields (String, nil)
• :include_fields (Boolean, nil)

Returns:

• (Auth0::Types::GetClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 294

def get(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  query_param_names = %i[fields include_fields]
  query_params = {}
  query_params["fields"] = params[:fields] if params.key?(:fields)
  query_params["include_fields"] = params[:include_fields] if params.key?(:include_fields)
  params = params.except(*query_param_names)

  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "GET",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    query: query_params,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::GetClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#list(request_options: {}, **params) ⇒ Auth0::Types::ListClientsOffsetPaginatedResponseContent

Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. For more information, read <a href=“www.auth0.com/docs/get-started/applications”> Applications in Auth0</a> and <a href=“www.auth0.com/docs/authenticate/single-sign-on”> Single Sign-On</a>.

<ul>

<li>
  The following can be retrieved with any scope:
  <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
</li>
<li>
  The following properties can only be retrieved with the <code>read:clients</code> or
  <code>read:client_keys</code> scope:
  <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
  <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
  <code>callback_url_template</code>, <code>jwt_configuration</code>,
  <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
  <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
  <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
  <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
  <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
  <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
  <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
  <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,

refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, refresh_token.policies, organization_usage,

  <code>organization_require_behavior</code>.
</li>
<li>
  The following properties can only be retrieved with the
  <code>read:client_keys</code> or <code>read:client_credentials</code> scope:
  <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
  <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
</li>

</ul>

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :fields (String, nil)
• :include_fields (Boolean, nil)
• :page (Integer, nil)
• :per_page (Integer, nil)
• :include_totals (Boolean, nil)
• :is_global (Boolean, nil)
• :is_first_party (Boolean, nil)
• :app_type (String, nil)
• :external_client_id (String, nil)
• :q (String, nil)

Returns:

• (Auth0::Types::ListClientsOffsetPaginatedResponseContent)

# File 'lib/auth0/clients/client.rb', line 70

def list(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  query_param_names = %i[fields include_fields page per_page include_totals is_global is_first_party app_type external_client_id q]
  query_params = {}
  query_params["fields"] = params[:fields] if params.key?(:fields)
  query_params["include_fields"] = params[:include_fields] if params.key?(:include_fields)
  query_params["page"] = params.fetch(:page, 0)
  query_params["per_page"] = params.fetch(:per_page, 50)
  query_params["include_totals"] = params.fetch(:include_totals, true)
  query_params["is_global"] = params[:is_global] if params.key?(:is_global)
  query_params["is_first_party"] = params[:is_first_party] if params.key?(:is_first_party)
  query_params["app_type"] = params[:app_type] if params.key?(:app_type)
  query_params["external_client_id"] = params[:external_client_id] if params.key?(:external_client_id)
  query_params["q"] = params[:q] if params.key?(:q)
  params.except(*query_param_names)

  Auth0::Internal::OffsetItemIterator.new(
    initial_page: query_params["page"],
    item_field: :clients,
    has_next_field: nil,
    step: true
  ) do |next_page|
    query_params["page"] = next_page
    request = Auth0::Internal::JSON::Request.new(
      base_url: request_options[:base_url],
      method: "GET",
      path: "clients",
      query: query_params,
      request_options: request_options
    )
    begin
      response = @client.send(request)
    rescue Net::HTTPRequestTimeout
      raise Auth0::Errors::TimeoutError
    end
    code = response.code.to_i
    if code.between?(200, 299)
      Auth0::Types::ListClientsOffsetPaginatedResponseContent.load(response.body)
    else
      error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
      raise error_class.new(response.body, code: code)
    end
  end
end

#preview_cimd_metadata(request_options: {}, **params) ⇒ Auth0::Types::PreviewCimdMetadataResponseContent

Fetches and validates a Client ID Metadata Document without creating a client.

Returns the raw metadata and how it would be mapped to Auth0 client fields.
This endpoint is useful for testing metadata URIs before creating CIMD clients.

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::PreviewCimdMetadataRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Returns:

• (Auth0::Types::PreviewCimdMetadataResponseContent)

# File 'lib/auth0/clients/client.rb', line 185

def preview_cimd_metadata(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/cimd/preview",
    body: Auth0::Clients::Types::PreviewCimdMetadataRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::PreviewCimdMetadataResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#register_cimd_client(request_options: {}, **params) ⇒ Auth0::Types::RegisterCimdClientResponseContent

Idempotent registration for Client ID Metadata Document (CIMD) clients.

Uses external_client_id as the unique identifier for upsert operations.
**Create:** Returns 201 when a new client is created (requires \

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::RegisterCimdClientRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Returns:

• (Auth0::Types::RegisterCimdClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 222

def register_cimd_client(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/cimd/register",
    body: Auth0::Clients::Types::RegisterCimdClientRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::RegisterCimdClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#rotate_secret(request_options: {}, **params) ⇒ Auth0::Types::RotateClientSecretResponseContent

Rotate a client secret.

This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.

For more information, read <a href=“www.auth0.com/docs/get-started/applications/rotate-client-secret”>Rotate Client Secrets</a>.

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)

Returns:

• (Auth0::Types::RotateClientSecretResponseContent)

# File 'lib/auth0/clients/client.rb', line 430

def rotate_secret(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}/rotate-secret",
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::RotateClientSecretResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#update(request_options: {}, **params) ⇒ Auth0::Types::UpdateClientResponseContent

Updates a client’s settings. For more information, read <a href=“www.auth0.com/docs/get-started/applications”> Applications in Auth0</a> and <a href=“www.auth0.com/docs/authenticate/single-sign-on”> Single Sign-On</a>.

Notes:

• The ‘client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.

• The client_authentication_methods and token_endpoint_auth_method properties are

mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).

• When using client_authentication_methods to configure the client with Private Key JWT

authentication method, only specify the credential IDs that were generated when creating the credentials on the client.

• To configure client_authentication_methods, the update:client_credentials scope is

required.

• To configure client_authentication_methods, the property jwt_configuration.alg must

be set to RS256.

• To change a client’s is_first_party property to false, the

organization_usage and organization_require_behavior properties must be unset.

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::UpdateClientRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)

Returns:

• (Auth0::Types::UpdateClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 385

def update(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request_data = Auth0::Clients::Types::UpdateClientRequestContent.new(params).to_h
  non_body_param_names = ["id"]
  body = request_data.except(*non_body_param_names)

  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "PATCH",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    body: body,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::UpdateClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end