Incorrect request_params for username-password login about ruby-auth0 HOT 4 CLOSED

Am having problems to login via user/password due to the deprecated 'Connection' key, it's now realm, so I have changed the login method to:

request_params = { 
   client_id:     @client_id, 
   client_secret: @client_secret, 
   username:      username, 
   password:      password, 
   scope:            options.fetch(:scope, 'openid'), 
   realm:            connection_name, 
   grant_type:    options.fetch(:grant_type, 'password'), 
   id_token:      id_token, 
   device:        options.fetch(:device, nil) 
 } 

Replaced connection key by realm.

And then at my login request the grant-type is supposed to be passed as:

grant_type: 'http://auth0.com/oauth/grant-type/password-realm'

Just inside the options object. Would probably be a good idea to leave it as the default value when user/password login.

from ruby-auth0.

Apologies for the late reply here ... the auth endpoints module in this SDK is getting an overhaul for the next release. We'll be deprecating (not removing yet) a few methods, this one included, and replacing with ones that more closely match how the endpoints work currently. All of the concerns here will be addressed.

Thank you for the report!

from ruby-auth0.

We'll be deprecating (not removing yet) a few methods, this one included, and replacing with ones that more closely match how the endpoints work currently. All of the concerns here will be addressed.

Are the plans for this public? I'd love to help tackle this personally.

from ruby-auth0.

@j-collier - I appreciate the offer! The plans are not public but only because our tracking is done in the same system as our product. Happy to share what we have in mind remaining.

Much of this is complete, some of which has already been merged:

• #129 (merged) adds a formal client credentials grant
• #130 (merged) adds a /userinfo call that works (have to include an access token)
• #131 (in review) will add a method to perform an authorization code exchange
• #133 (in review) will add a method that does a more complete resource owner grant

The remaining methods that have not been started:

• A method to replace authorization_url ... current one works but could be structured better. It should also generate a state automatically. Replace with a method that does both and adds audience as a first-class parameter.
• A method to use a refresh token to get a new access token (#111).

If you want to take on one of those, I would be happy to guide and review! At the moment, we don't have a contribution guide (on my list to put one of those together soon) but a few notes:

• Please add unit tests to spec/lib/auth0/api/authentication_endpoints_spec.rb. You can run those with bundle exec rake spec
• Where possible, please add integration tests to spec/integration/lib/auth0/api/api_authentication_spec.rb. You can run those with MODE=full bundle exec rake all. Note that we recently added VCR HTTP recording to the suite (#132) so uncomment this line and leave VCR off when you're writing the tests, then add VCR, run twice, and add that comment back. We've got filtering in place to remove sensitive data but make sure to review the YML files created before pushing.

If you want to take one or the other or both (separate PRs please), just let me know and I'll hold off on my end. I'll work on the contribution guide instead 😄

Thank you in advance!!

from ruby-auth0.