Class: Auth0::Clients::Client

Inherits:

Object

• Object
• Auth0::Clients::Client

Defined in:

lib/auth0/clients/client.rb

Instance Method Summary

• #connections ⇒ Auth0::Connections::Client
• #create(request_options: {}, **params) ⇒ Auth0::Types::CreateClientResponseContent

  Create a new client (application or SSO integration).

• #credentials ⇒ Auth0::Credentials::Client
• #delete(request_options: {}, **params) ⇒ untyped

  Delete a client and related configuration (rules, connections, etc).

• #get(request_options: {}, **params) ⇒ Auth0::Types::GetClientResponseContent

  Retrieve client details by ID.

• #initialize(client:) ⇒ void constructor
• #list(request_options: {}, **params) ⇒ Auth0::Types::ListClientsOffsetPaginatedResponseContent

  Retrieve clients (applications and SSO integrations) matching provided filters.

• #preview_cimd_metadata(request_options: {}, **params) ⇒ Auth0::Types::PreviewCimdMetadataResponseContent

  Fetches and validates a Client ID Metadata Document without creating a client.

• #register_cimd_client(request_options: {}, **params) ⇒ Auth0::Types::RegisterCimdClientResponseContent

  Idempotent registration for Client ID Metadata Document (CIMD) clients.

• #rotate_secret(request_options: {}, **params) ⇒ Auth0::Types::RotateClientSecretResponseContent

  Rotate a client secret.

• #update(request_options: {}, **params) ⇒ Auth0::Types::UpdateClientResponseContent

  Updates a client’s settings.

Constructor Details

#initialize(client:) ⇒ void

Parameters:

• client (Auth0::Internal::Http::RawClient)

# File 'lib/auth0/clients/client.rb', line 9

def initialize(client:)
  @client = client
end

Instance Method Details

#connections ⇒ Auth0::Connections::Client

Returns:

• (Auth0::Connections::Client)

# File 'lib/auth0/clients/client.rb', line 436

def connections
  @connections ||= Auth0::Clients::Connections::Client.new(client: @client)
end

#create(request_options: {}, **params) ⇒ Auth0::Types::CreateClientResponseContent

Create a new client (application or SSO integration). For more information, read [Create Applications](www.auth0.com/docs/get-started/auth0-overview/create-applications) [API Endpoints for Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).

Notes:

• We recommend leaving the ‘client_secret` parameter unspecified to allow the generation of a safe secret.

• The ‘client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use

‘client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).

• When using ‘client_authentication_methods` to configure the client with Private Key JWT authentication method,

specify fully defined credentials. These credentials will be automatically enabled for Private Key JWT authentication on the client.

• To configure ‘client_authentication_methods`, the `create:client_credentials` scope is required.

• To configure ‘client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.

SSO Integrations created via this endpoint will accept login requests and share user profile information.

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::CreateClientRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Returns:

• (Auth0::Types::CreateClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 132

def create(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients",
    body: Auth0::Clients::Types::CreateClientRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::CreateClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#credentials ⇒ Auth0::Credentials::Client

Returns:

• (Auth0::Credentials::Client)

# File 'lib/auth0/clients/client.rb', line 431

def credentials
  @credentials ||= Auth0::Clients::Credentials::Client.new(client: @client)
end

#delete(request_options: {}, **params) ⇒ untyped

Delete a client and related configuration (rules, connections, etc).

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)

Returns:

• (untyped)

Raises:

• (error_class)

# File 'lib/auth0/clients/client.rb', line 316

def delete(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "DELETE",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  return if code.between?(200, 299)

  error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
  raise error_class.new(response.body, code: code)
end

#get(request_options: {}, **params) ⇒ Auth0::Types::GetClientResponseContent

Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. For more information, read [Applications in Auth0](www.auth0.com/docs/get-started/applications) and [Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on).

• The following properties can be retrieved with any of the scopes:

  `client_id`, `app_type`, `name`, and `description`.
  

• The following properties can only be retrieved with the ‘read:clients` or

  `read:client_keys` scopes:
  `callbacks`, `oidc_logout`, `allowed_origins`,
  `web_origins`, `tenant`, `global`, `config_route`,
  `callback_url_template`, `jwt_configuration`,
  `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
  `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
  `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
  `custom_login_page_off`, `sso`, `addons`, `form_template`,
  `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
  `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
  `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
  `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
  `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
  `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
  `organization_require_behavior`.
  

• The following properties can only be retrieved with the ‘read:client_keys` or `read:client_credentials`

scopes:

`encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
`client_secret`, `client_authentication_methods` and `signing_key`.

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)
• :fields (String, nil)
• :include_fields (Boolean, nil)

Returns:

• (Auth0::Types::GetClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 277

def get(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  query_params = {}
  query_params["fields"] = params[:fields] if params.key?(:fields)
  query_params["include_fields"] = params[:include_fields] if params.key?(:include_fields)

  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "GET",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    query: query_params,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::GetClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#list(request_options: {}, **params) ⇒ Auth0::Types::ListClientsOffsetPaginatedResponseContent

Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. For more information, read [Applications in Auth0](www.auth0.com/docs/get-started/applications) and [Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on).

• The following can be retrieved with any scope:

  `client_id`, `app_type`, `name`, and `description`.
  

• The following properties can only be retrieved with the ‘read:clients` or

  `read:client_keys` scope:
  `callbacks`, `oidc_logout`, `allowed_origins`,
  `web_origins`, `tenant`, `global`, `config_route`,
  `callback_url_template`, `jwt_configuration`,
  `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
  `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
  `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
  `custom_login_page_off`, `sso`, `addons`, `form_template`,
  `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
  `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
  `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
  `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
  `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
  `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
  `organization_require_behavior`.
  

• The following properties can only be retrieved with the

  `read:client_keys` or `read:client_credentials` scope:
  `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
  `client_secret`, `client_authentication_methods` and `signing_key`.
  

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :fields (String, nil)
• :include_fields (Boolean, nil)
• :page (Integer, nil)
• :per_page (Integer, nil)
• :include_totals (Boolean, nil)
• :is_global (Boolean, nil)
• :is_first_party (Boolean, nil)
• :app_type (String, nil)
• :external_client_id (String, nil)
• :q (String, nil)

Returns:

• (Auth0::Types::ListClientsOffsetPaginatedResponseContent)

# File 'lib/auth0/clients/client.rb', line 60

def list(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  query_params = {}
  query_params["fields"] = params[:fields] if params.key?(:fields)
  query_params["include_fields"] = params[:include_fields] if params.key?(:include_fields)
  query_params["page"] = params.fetch(:page, 0)
  query_params["per_page"] = params.fetch(:per_page, 50)
  query_params["include_totals"] = params.fetch(:include_totals, true)
  query_params["is_global"] = params[:is_global] if params.key?(:is_global)
  query_params["is_first_party"] = params[:is_first_party] if params.key?(:is_first_party)
  query_params["app_type"] = params[:app_type] if params.key?(:app_type)
  query_params["external_client_id"] = params[:external_client_id] if params.key?(:external_client_id)
  query_params["q"] = params[:q] if params.key?(:q)

  Auth0::Internal::OffsetItemIterator.new(
    initial_page: query_params["page"],
    item_field: :clients,
    has_next_field: nil,
    step: false
  ) do |next_page|
    query_params["page"] = next_page
    request = Auth0::Internal::JSON::Request.new(
      base_url: request_options[:base_url],
      method: "GET",
      path: "clients",
      query: query_params,
      request_options: request_options
    )
    begin
      response = @client.send(request)
    rescue Net::HTTPRequestTimeout
      raise Auth0::Errors::TimeoutError
    end
    code = response.code.to_i
    if code.between?(200, 299)
      parsed_response = Auth0::Types::ListClientsOffsetPaginatedResponseContent.load(response.body)
      [parsed_response, response]
    else
      error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
      raise error_class.new(response.body, code: code)
    end
  end
end

#preview_cimd_metadata(request_options: {}, **params) ⇒ Auth0::Types::PreviewCimdMetadataResponseContent

Fetches and validates a Client ID Metadata Document without creating a client.

Returns the raw metadata and how it would be mapped to Auth0 client fields.
This endpoint is useful for testing metadata URIs before creating CIMD clients.

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::PreviewCimdMetadataRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Returns:

• (Auth0::Types::PreviewCimdMetadataResponseContent)

# File 'lib/auth0/clients/client.rb', line 170

def preview_cimd_metadata(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/cimd/preview",
    body: Auth0::Clients::Types::PreviewCimdMetadataRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::PreviewCimdMetadataResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#register_cimd_client(request_options: {}, **params) ⇒ Auth0::Types::RegisterCimdClientResponseContent

Idempotent registration for Client ID Metadata Document (CIMD) clients. Uses external_client_id as the unique identifier for upsert operations.

Create: Returns 201 when a new client is created (requires ‘create:clients` scope). Update: Returns 200 when an existing client is updated (requires `update:clients` scope).

This endpoint automatically:

• Fetches and validates the metadata document

• Maps CIMD fields to Auth0 client configuration

• Creates/rotates credentials from the JWKS

• Enforces CIMD security policies (HTTPS-only, no shared secrets)

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::RegisterCimdClientRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Returns:

• (Auth0::Types::RegisterCimdClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 214

def register_cimd_client(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/cimd/register",
    body: Auth0::Clients::Types::RegisterCimdClientRequestContent.new(params).to_h,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::RegisterCimdClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#rotate_secret(request_options: {}, **params) ⇒ Auth0::Types::RotateClientSecretResponseContent

Rotate a client secret.

This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.

For more information, read [Rotate Client Secrets](www.auth0.com/docs/get-started/applications/rotate-client-secret).

Parameters:

• request_options (Hash) (defaults to: {})
• params (Hash)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)

Returns:

• (Auth0::Types::RotateClientSecretResponseContent)

# File 'lib/auth0/clients/client.rb', line 408

def rotate_secret(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "POST",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}/rotate-secret",
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::RotateClientSecretResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end

#update(request_options: {}, **params) ⇒ Auth0::Types::UpdateClientResponseContent

Updates a client’s settings. For more information, read [Applications in Auth0](www.auth0.com/docs/get-started/applications) and [Single Sign-On](www.auth0.com/docs/authenticate/single-sign-on).

Notes:

• The ‘client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.

• The ‘client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use

‘client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).

• When using ‘client_authentication_methods` to configure the client with Private Key JWT authentication method,

only specify the credential IDs that were generated when creating the credentials on the client.

• To configure ‘client_authentication_methods`, the `update:client_credentials` scope is required.

• To configure ‘client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.

• To change a client’s ‘is_first_party` property to `false`, the `organization_usage` and

‘organization_require_behavior` properties must be unset.

Parameters:

• request_options (Hash) (defaults to: {})
• params (Auth0::Clients::Types::UpdateClientRequestContent)

Options Hash (request_options:):

• :base_url (String)
• :additional_headers (Hash{String => Object})
• :additional_query_parameters (Hash{String => Object})
• :additional_body_parameters (Hash{String => Object})
• :timeout_in_seconds (Integer)

Options Hash (**params):

• :id (String)

Returns:

• (Auth0::Types::UpdateClientResponseContent)

# File 'lib/auth0/clients/client.rb', line 363

def update(request_options: {}, **params)
  params = Auth0::Internal::Types::Utils.normalize_keys(params)
  request_data = Auth0::Clients::Types::UpdateClientRequestContent.new(params).to_h
  non_body_param_names = %w[id]
  body = request_data.except(*non_body_param_names)

  request = Auth0::Internal::JSON::Request.new(
    base_url: request_options[:base_url],
    method: "PATCH",
    path: "clients/#{URI.encode_uri_component(params[:id].to_s)}",
    body: body,
    request_options: request_options
  )
  begin
    response = @client.send(request)
  rescue Net::HTTPRequestTimeout
    raise Auth0::Errors::TimeoutError
  end
  code = response.code.to_i
  if code.between?(200, 299)
    Auth0::Types::UpdateClientResponseContent.load(response.body)
  else
    error_class = Auth0::Errors::ResponseError.subclass_for_code(code)
    raise error_class.new(response.body, code: code)
  end
end