Class: Auth0::Clients::Client

Inherits:
Object
  • Object
show all
Defined in:
lib/auth0/clients/client.rb

Instance Method Summary collapse

Constructor Details

#initialize(client:) ⇒ void

Parameters:



9
10
11
 
# File 'lib/auth0/clients/client.rb', line 9

def initialize(client:)
  @client = client
end

Instance Method Details

#connectionsAuth0::Connections::Client

Returns:



439
440
441
 
# File 'lib/auth0/clients/client.rb', line 439

def connections
  @connections ||= Auth0::Clients::Connections::Client.new(client: @client)
end

#create(request_options: {}, **params) ⇒ Auth0::Types::CreateClientResponseContent

Create a new client (application or SSO integration). For more information, read [Create Applications](www.auth0.com/docs/get-started/auth0-overview/create-applications) [API Endpoints for Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).

Notes:

  • We recommend leaving the ‘client_secret` parameter unspecified to allow the generation of a safe secret.

  • The ‘client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use

‘client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).

  • When using ‘client_authentication_methods` to configure the client with Private Key JWT authentication method,

specify fully defined credentials. These credentials will be automatically enabled for Private Key JWT authentication on the client.

  • To configure ‘client_authentication_methods`, the `create:client_credentials` scope is required.

  • To configure ‘client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.

SSO Integrations created via this endpoint will accept login requests and share user profile information.

Parameters:

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Returns:



132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
 
# File 'lib/auth0/clients/client.rb', line 132

def create(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients",
    body: Auth0::Clients::Types::CreateClientRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::CreateClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#credentialsAuth0::Credentials::Client

Returns:

  • (Auth0::Credentials::Client) 


434
435
436
 
# File 'lib/auth0/clients/client.rb', line 434

def credentials
  @credentials ||= Auth0::Clients::Credentials::Client.new(client: @client)
end

#delete(request_options: {}, **params) ⇒ untyped

Delete a client and related configuration (rules, connections, etc).

Parameters:

  • request_options (Hash) (defaults to: {})
  • params (Hash)

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Options Hash (**params):

  • :id (String)

Returns:

  • (untyped)

Raises:

  • (error_class) 


319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
 
# File 'lib/auth0/clients/client.rb', line 319

def delete(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "DELETE",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  return if code.between?(200, 299)

  error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
  raise error_class.new(response.body, code: code)
end

#get(request_options: {}, **params) ⇒ Auth0::Types::GetClientResponseContent

Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. For more information, read [Applications in Auth0](www.auth0.com/docs/get-started/applications) and [Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on).

  • The following properties can be retrieved with any of the scopes:

    `client_id`, `app_type`, `name`, and `description`.

  • The following properties can only be retrieved with the ‘read:clients` or

    `read:client_keys` scopes:
`callbacks`, `oidc_logout`, `allowed_origins`,
`web_origins`, `tenant`, `global`, `config_route`,
`callback_url_template`, `jwt_configuration`,
`jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
`jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
`logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
`custom_login_page_off`, `sso`, `addons`, `form_template`,
`custom_login_page_codeview`, `resource_servers`, `client_metadata`,
`mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
`token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
`is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
`refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
`refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
`organization_require_behavior`.

  • The following properties can only be retrieved with the ‘read:client_keys` or `read:client_credentials`

scopes:

`encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
`client_secret`, `client_authentication_methods` and `signing_key`.

Parameters:

  • request_options (Hash) (defaults to: {})
  • params (Hash)

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Options Hash (**params):

  • :id (String)
  • :fields (String, nil)
  • :include_fields (Boolean, nil)

Returns:



280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
 
# File 'lib/auth0/clients/client.rb', line 280

def get(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  query_params = {}
  query_params["fields"] = params[:fields] if params.key?(:fields)
  query_params["include_fields"] = params[:include_fields] if params.key?(:include_fields)

  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "GET",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    query: query_params,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::GetClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#list(request_options: {}, **params) ⇒ Auth0::Types::ListClientsOffsetPaginatedResponseContent

Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. For more information, read [Applications in Auth0](www.auth0.com/docs/get-started/applications) and [Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on).

  • The following can be retrieved with any scope:

    `client_id`, `app_type`, `name`, and `description`.

  • The following properties can only be retrieved with the ‘read:clients` or

    `read:client_keys` scope:
`callbacks`, `oidc_logout`, `allowed_origins`,
`web_origins`, `tenant`, `global`, `config_route`,
`callback_url_template`, `jwt_configuration`,
`jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
`jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
`logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
`custom_login_page_off`, `sso`, `addons`, `form_template`,
`custom_login_page_codeview`, `resource_servers`, `client_metadata`,
`mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
`token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
`is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
`refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
`refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
`organization_require_behavior`.

  • The following properties can only be retrieved with the

    `read:client_keys` or `read:client_credentials` scope:
`encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
`client_secret`, `client_authentication_methods` and `signing_key`.

Parameters:

  • request_options (Hash) (defaults to: {})
  • params (Hash)

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Options Hash (**params):

  • :fields (String, nil)
  • :include_fields (Boolean, nil)
  • :page (Integer, nil)
  • :per_page (Integer, nil)
  • :include_totals (Boolean, nil)
  • :is_global (Boolean, nil)
  • :is_first_party (Boolean, nil)
  • :app_type (String, nil)
  • :external_client_id (String, nil)
  • :q (String, nil)

Returns:



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/auth0/clients/client.rb', line 60

def list(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  query_params = {}
  query_params["fields"] = params[:fields] if params.key?(:fields)
  query_params["include_fields"] = params[:include_fields] if params.key?(:include_fields)
  query_params["page"] = params.fetch(:page, 0)
  query_params["per_page"] = params.fetch(:per_page, 50)
  query_params["include_totals"] = params.fetch(:include_totals, true)
  query_params["is_global"] = params[:is_global] if params.key?(:is_global)
  query_params["is_first_party"] = params[:is_first_party] if params.key?(:is_first_party)
  query_params["app_type"] = params[:app_type] if params.key?(:app_type)
  query_params["external_client_id"] = params[:external_client_id] if params.key?(:external_client_id)
  query_params["q"] = params[:q] if params.key?(:q)

  Auth0::Internal::OffsetItemIterator.new(
    initial_page: query_params["page"],
    item_field: :clients,
    has_next_field: nil,
    step: false
  ) do |next_page|
    query_params["page"] = next_page
    request = Auth0::Internal::JSON::Request.new(
      base_url: request_options[:base_url],
      method: "GET",
      path: "clients",
      query: query_params,
      request_options: request_options
    )
    begin
      response = @client.send(request)
    rescue Net::HTTPRequestTimeout
      raise Auth0::Errors::TimeoutError
    end
    code = response.code.to_i
    if code.between?(200, 299)
      parsed_response = Auth0::Types::ListClientsOffsetPaginatedResponseContent.load(response.body)
      [parsed_response, response]
    else
      error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
      raise error_class.new(response.body, code: code)
    end
  end
end

#preview_cimd_metadata(request_options: {}, **params) ⇒ Auth0::Types::PreviewCimdMetadataResponseContent

Fetches and validates a Client ID Metadata Document without creating a client.

Returns the raw metadata and how it would be mapped to Auth0 client fields.
This endpoint is useful for testing metadata URIs before creating CIMD clients.

Parameters:

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Returns:



170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
 
# File 'lib/auth0/clients/client.rb', line 170

def preview_cimd_metadata(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/cimd/preview",
    body: Auth0::Clients::Types::PreviewCimdMetadataRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::PreviewCimdMetadataResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#register_cimd_client(request_options: {}, **params) ⇒ Auth0::Types::RegisterCimdClientResponseContent

Idempotent registration for Client ID Metadata Document (CIMD) clients. Uses external_client_id as the unique identifier for upsert operations.

<strong>Create:</strong> Returns 201 when a new client is created (requires create:clients scope). <strong>Update:</strong> Returns 200 when an existing client is updated (requires update:clients scope).

This endpoint automatically: <ul>

<li>Fetches and validates the metadata document</li>
<li>Maps CIMD fields to Auth0 client configuration</li>
<li>Creates/rotates credentials from the JWKS</li>
<li>Enforces CIMD security policies (HTTPS-only, no shared secrets)</li>

</ul>

Parameters:

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Returns:



217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
 
# File 'lib/auth0/clients/client.rb', line 217

def register_cimd_client(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/cimd/register",
    body: Auth0::Clients::Types::RegisterCimdClientRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::RegisterCimdClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#rotate_secret(request_options: {}, **params) ⇒ Auth0::Types::RotateClientSecretResponseContent

Rotate a client secret.

This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.

For more information, read [Rotate Client Secrets](www.auth0.com/docs/get-started/applications/rotate-client-secret).

Parameters:

  • request_options (Hash) (defaults to: {})
  • params (Hash)

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Options Hash (**params):

  • :id (String)

Returns:



411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
 
# File 'lib/auth0/clients/client.rb', line 411

def rotate_secret(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}/rotate-secret",
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::RotateClientSecretResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#update(request_options: {}, **params) ⇒ Auth0::Types::UpdateClientResponseContent

Updates a client’s settings. For more information, read [Applications in Auth0](www.auth0.com/docs/get-started/applications) and [Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on).

Notes:

  • The ‘client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.

  • The ‘client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use

‘client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).

  • When using ‘client_authentication_methods` to configure the client with Private Key JWT authentication method,

only specify the credential IDs that were generated when creating the credentials on the client.

  • To configure ‘client_authentication_methods`, the `update:client_credentials` scope is required.

  • To configure ‘client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.

  • To change a client’s ‘is_first_party` property to `false`, the `organization_usage` and

‘organization_require_behavior` properties must be unset.

Parameters:

Options Hash (request_options:):

  • :base_url (String)
  • :additional_headers (Hash{String => Object})
  • :additional_query_parameters (Hash{String => Object})
  • :additional_body_parameters (Hash{String => Object})
  • :timeout_in_seconds (Integer)

Options Hash (**params):

  • :id (String)

Returns:



366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
 
# File 'lib/auth0/clients/client.rb', line 366

def update(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request_data = Auth0::Clients::Types::UpdateClientRequestContent.new(params).to_h
  non_body_param_names = %w[id]
  body = request_data.except(*non_body_param_names)

  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "PATCH",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    body: body,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::UpdateClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end