Merge branch 'master' into master

.github/CODEOWNERS

@@ -0,0 +1 @@
+*	@auth0/sdk-team-approvers

.gitignore

@@ -33,7 +33,7 @@ node_modules
 # Compressed files.
 *.tgz
 
-# InelliJ IDEA
+# IntelliJ IDEA
 .idea
 
 build
@@ -43,4 +43,7 @@ test-results.xml
 
 # Release process
 .release
-.release-tmp-*/
+.release-tmp-*/
+
+# npm
+package-lock.json

CHANGELOG.md

@@ -1,5 +1,34 @@
 # Change Log
 
+## [v2.17.0](https://github.com/auth0/node-auth0/tree/v2.17.0) (2019-04-15)
+
+[Full Changelog](https://github.com/auth0/node-auth0/compare/v2.16.0...v2.17.0)
+
+**Added**
+
+* Add method to assign users to a role [\#348](https://github.com/auth0/node-auth0/pull/348) ([pushpabrol](https://github.com/pushpabrol))
+* Add support for roles and permissions [\#344](https://github.com/auth0/node-auth0/pull/344) ([pushpabrol](https://github.com/pushpabrol))
+
+## [v2.16.0](https://github.com/auth0/node-auth0/tree/v2.16.0) (2019-03-18)
+
+[Full Changelog](https://github.com/auth0/node-auth0/compare/v2.15.0...v2.16.0)
+
+**Added**
+
+* Add support for Auth0 Grants [\#343](https://github.com/auth0/node-auth0/pull/343) ([jsmpereira](https://github.com/jsmpereira))
+
+## [v2.15.0](https://github.com/auth0/node-auth0/tree/v2.15.0) (2019-03-11)
+
+[Full Changelog](https://github.com/auth0/node-auth0/compare/v2.14.0...v2.15.0)
+
+**Added**
+
+* Add users-exports endpoint [\#340](https://github.com/auth0/node-auth0/pull/340) ([arjenvanderende](https://github.com/arjenvanderende))
+
+**Fixed**
+
+* Don't validate id_token when alg is HS256 and there is no clientSecret [\#330](https://github.com/auth0/node-auth0/pull/330) ([luisrudge](https://github.com/luisrudge))
+
 ## [v2.14.0](https://github.com/auth0/node-auth0/tree/v2.14.0) (2018-11-12)
 
 [Full Changelog](https://github.com/auth0/node-auth0/compare/v2.13.0...v2.14.0)

package.json

@@ -1,15 +1,16 @@
 {
   "name": "auth0",
-  "version": "2.14.0",
+  "version": "2.17.0",
   "description": "SDK for Auth0 API v2",
   "main": "src/index.js",
-  "files": ["src"],
+  "files": [
+    "src"
+  ],
   "scripts": {
-    "test": "mocha -R spec $(find ./test -name *.tests.js)",
-    "test:ci":
-      "istanbul cover _mocha --report lcovonly -R $(find ./test -name *.tests.js) -- -R mocha-multi --reporter-options spec=-,mocha-junit-reporter=-",
+    "test": "mocha -R spec ./test/**/*.tests.js ./test/*.tests.js",
+    "test:ci": "istanbul cover _mocha --report lcovonly -R $(find ./test -name *.tests.js) -- -R mocha-multi --reporter-options spec=-,mocha-junit-reporter=-",
     "test:coverage": "codecov",
-    "test:watch": "NODE_ENV=test mocha --timeout 5000 $(find ./test -name *.tests.js) --watch",
+    "test:watch": "cross-env NODE_ENV=test mocha --timeout 5000 ./test/**/*.tests.js ./test/*.tests.js --watch",
     "jsdoc:generate": "jsdoc --configure .jsdoc.json --verbose",
     "release:clean": "node scripts/cleanup.js",
     "preversion": "node scripts/prepare.js",
@@ -21,7 +22,10 @@
     "type": "git",
     "url": "https://github.com/auth0/node-auth0"
   },
-  "keywords": ["auth0", "api"],
+  "keywords": [
+    "auth0",
+    "api"
+  ],
   "author": "Auth0",
   "license": "MIT",
   "bugs": {
@@ -31,16 +35,17 @@
   "dependencies": {
     "bluebird": "^2.10.2",
     "jsonwebtoken": "^8.3.0",
-    "jwks-rsa": "^1.3.0",
-    "lru-memoizer": "^1.11.1",
+    "jwks-rsa": "^1.4.0",
+    "lru-memoizer": "^1.12.0",
     "object.assign": "^4.0.4",
-    "request": "^2.83.0",
+    "request": "^2.88.0",
     "rest-facade": "^1.10.1",
     "retry": "^0.10.1"
   },
   "devDependencies": {
     "chai": "^2.2.0",
     "codecov": "^2.2.0",
+    "cross-env": "^5.2.0",
     "husky": "^0.14.3",
     "istanbul": "^0.4.0",
     "jsdoc": "^3.5.5",

src/auth/DatabaseAuthenticator.js

@@ -30,7 +30,8 @@ var DatabaseAuthenticator = function(options, oauth) {
    * @type {Object}
    */
   var clientOptions = {
-    errorFormatter: { message: 'message', name: 'error' }
+    errorFormatter: { message: 'message', name: 'error' },
+    headers: options.headers
   };
 
   this.oauth = oauth;

src/auth/OAUthWithIDTokenValidation.js

@@ -4,6 +4,9 @@ var Promise = require('bluebird');
 
 var ArgumentError = require('rest-facade').ArgumentError;
 
+var HS256_IGNORE_VALIDATION_MESSAGE =
+  'Validation of `id_token` requires a `clientSecret` when using the HS256 algorithm. To ensure tokens are validated, please switch the signing algorithm to RS256 or provide a `clientSecret` in the constructor.';
+
 /**
  * @class
  * Abstracts the `oauth.create` method with additional id_token validation
@@ -58,6 +61,9 @@ OAUthWithIDTokenValidation.prototype.create = function(params, data, cb) {
     if (r.id_token) {
       function getKey(header, callback) {
         if (header.alg === 'HS256') {
+          if (!_this.clientSecret) {
+            return callback({ message: HS256_IGNORE_VALIDATION_MESSAGE });
+          }
           return callback(null, Buffer.from(_this.clientSecret, 'base64'));
         }
         _this._jwksClient.getSigningKey(header.kid, function(err, key) {
@@ -77,11 +83,15 @@ OAUthWithIDTokenValidation.prototype.create = function(params, data, cb) {
             audience: this.clientId,
             issuer: 'https://' + this.domain + '/'
           },
-          function(err, payload) {
-            if (err) {
-              return rej(err);
+          function(err) {
+            if (!err) {
+              return res(r);
+            }
+            if (err.message && err.message.includes(HS256_IGNORE_VALIDATION_MESSAGE)) {
+              console.warn(HS256_IGNORE_VALIDATION_MESSAGE);
+              return res(r);
             }
-            return res(r);
+            return rej(err);
           }
         );
       });

src/auth/OAuthAuthenticator.js

@@ -33,7 +33,8 @@ var OAuthAuthenticator = function(options) {
    * @type {Object}
    */
   var clientOptions = {
-    errorFormatter: { message: 'message', name: 'error' }
+    errorFormatter: { message: 'message', name: 'error' },
+    headers: options.headers
   };
 
   this.oauth = new RestClient(options.baseUrl + '/oauth/:type', clientOptions);

src/auth/PasswordlessAuthenticator.js

@@ -29,7 +29,8 @@ var PasswordlessAuthenticator = function(options, oauth) {
    * @type {Object}
    */
   var clientOptions = {
-    errorFormatter: { message: 'message', name: 'error' }
+    errorFormatter: { message: 'message', name: 'error' },
+    headers: options.headers
   };
 
   this.oauth = oauth;

src/auth/index.js

@@ -1,8 +1,6 @@
 /** @module auth **/
 
 var util = require('util');
-
-var pkg = require('../../package.json');
 var utils = require('../utils');
 var jsonToBase64 = utils.jsonToBase64;
 var ArgumentError = require('rest-facade').ArgumentError;
@@ -67,8 +65,11 @@ var AuthenticationClient = function(options) {
   };
 
   if (options.telemetry !== false) {
-    var telemetry = jsonToBase64(options.clientInfo || this.getClientInfo());
-    managerOptions.headers['Auth0-Client'] = telemetry;
+    var clientInfo = options.clientInfo || utils.generateClientInfo();
+    if ('string' === typeof clientInfo.name && clientInfo.name) {
+      var telemetry = jsonToBase64(clientInfo);
+      managerOptions.headers['Auth0-Client'] = telemetry;
+    }
   }
 
   /**
@@ -107,38 +108,6 @@ var AuthenticationClient = function(options) {
   this.tokens = new TokensManager(managerOptions);
 };
 
-/**
- * Return an object with information about the current client,
- *
- * @method    getClientInfo
- * @memberOf  module:auth.AuthenticationClient.prototype
- *
- * @return {Object}   Object containing client information.
- */
-AuthenticationClient.prototype.getClientInfo = function() {
-  var clientInfo = {
-    name: 'node-auth0',
-    version: pkg.version,
-    dependencies: [],
-    environment: [
-      {
-        name: 'node.js',
-        version: process.version.replace('v', '')
-      }
-    ]
-  };
-
-  // Add the dependencies to the client info object.
-  Object.keys(pkg.dependencies).forEach(function(name) {
-    clientInfo.dependencies.push({
-      name: name,
-      version: pkg.dependencies[name]
-    });
-  });
-
-  return clientInfo;
-};
-
 /**
  * Start passwordless flow sending an email.
  *

src/management/EmailProviderManager.js

@@ -91,7 +91,10 @@ utils.wrapPropertyMethod(EmailProviderManager, 'configure', 'resource.create');
  * });
  *
  * @param   {Function}  [cb]    Callback function.
- *
+ * @param   {Object}    [params]          Clients parameters.
+ * @param   {Number}    [params.fields] A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve: name, enabled, settings fields.
+ * @param   {Number}    [params.include_fields]  true if the fields specified are to be excluded from the result, false otherwise (defaults to true)
+
  * @return  {Promise|undefined}
  */
 utils.wrapPropertyMethod(EmailProviderManager, 'get', 'resource.getAll');

src/management/GrantsManager.js

@@ -0,0 +1,119 @@
+var ArgumentError = require('rest-facade').ArgumentError;
+var utils = require('../utils');
+var Auth0RestClient = require('../Auth0RestClient');
+var RetryRestClient = require('../RetryRestClient');
+/**
+ * @class GrantsManager
+ * Auth0 Grants Manager.
+ *
+ * See {@link https://auth0.com/docs/api/v2#!/Grants Grants}
+ *
+ * @constructor
+ * @memberOf module:management
+ *
+ * @param {Object} options            The client options.
+ * @param {String} options.baseUrl    The URL of the API.
+ * @param {Object} [options.headers]  Headers to be included in all requests.
+ * @param {Object} [options.retry]    Retry Policy Config
+ */
+var GrantsManager = function(options) {
+  if (options === null || typeof options !== 'object') {
+    throw new ArgumentError('Must provide client options');
+  }
+
+  if (options.baseUrl === null || options.baseUrl === undefined) {
+    throw new ArgumentError('Must provide a base URL for the API');
+  }
+
+  if ('string' !== typeof options.baseUrl || options.baseUrl.length === 0) {
+    throw new ArgumentError('The provided base URL is invalid');
+  }
+
+  /**
+   * Options object for the Rest Client instance.
+   *
+   * @type {Object}
+   */
+  var clientOptions = {
+    errorFormatter: { message: 'message', name: 'error' },
+    headers: options.headers,
+    query: { repeatParams: false }
+  };
+
+  /**
+   * Provides an abstraction layer for consuming the
+   * {@link https://auth0.com/docs/api/v2#!/Grants Auth0 Grants endpoint}.
+   *
+   * @type {external:RestClient}
+   */
+  var auth0RestClient = new Auth0RestClient(
+    options.baseUrl + '/grants/:id',
+    clientOptions,
+    options.tokenProvider
+  );
+  this.resource = new RetryRestClient(auth0RestClient, options.retry);
+};
+
+/**
+ * Get all Auth0 Grants.
+ *
+ * @method    getAll
+ * @memberOf  module:management.GrantsManager.prototype
+ *
+ * @example
+ * var params = {
+ *   per_page: 10,
+ *   page: 0,
+ *   include_totals: true,
+ *   user_id: 'USER_ID',
+ *   client_id: 'CLIENT_ID',
+ *   audience: 'AUDIENCE'
+ * };
+ *
+ * management.getGrants(params, function (err, grants) {
+ *   console.log(grants.length);
+ * });
+ *
+ * @param   {Object}    params                Grants parameters.
+ * @param   {Number}    params.per_page       Number of results per page.
+ * @param   {Number}    params.page           Page number, zero indexed.
+ * @param   {Boolean}   params.include_totals true if a query summary must be included in the result, false otherwise. Default false;
+ * @param   {String}    params.user_id        The user_id of the grants to retrieve.
+ * @param   {String}    params.client_id      The client_id of the grants to retrieve.
+ * @param   {String}    params.audience       The audience of the grants to retrieve.
+ * @param   {Function}  [cb]                  Callback function.
+ *
+ * @return  {Promise|undefined}
+ */
+utils.wrapPropertyMethod(GrantsManager, 'getAll', 'resource.getAll');
+
+/**
+ * Delete an Auth0 grant.
+ *
+ * @method    delete
+ * @memberOf  module:management.GrantsManager.prototype
+ *
+ * @example
+ * var params = {
+ *    id: 'GRANT_ID',
+ *    user_id: 'USER_ID'
+ * };
+ *
+ * management.deleteGrant(params, function (err) {
+ *   if (err) {
+ *     // Handle error.
+ *   }
+ *
+ *   // Grant deleted.
+ * });
+ *
+ * @param   {Object}    params         Grant parameters.
+ * @param   {String}    params.id      Grant ID.
+ * @param   {String}    params.user_id The user_id of the grants to delete.
+ * @param   {Function}  [cb]           Callback function.
+ *
+ * @return  {Promise|undefined}
+ */
+utils.wrapPropertyMethod(GrantsManager, 'delete', 'resource.delete');
+
+module.exports = GrantsManager;