Merge branch 'main' into feat/add-device-credentials-support

.github/CODEOWNERS

@@ -1 +1 @@
-*   @auth0/dx-sdks-engineer
+*   @auth0/project-dx-sdks-engineer-codeowner

.github/workflows/add-to-project.yml

@@ -0,0 +1,16 @@
+name: Adds all issues to github dashboard
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add issue to project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e #v1.0.2
+        with:
+          project-url: https://github.com/orgs/auth0/projects/53
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/e2e-tests.yml

@@ -28,7 +28,7 @@ jobs:
           AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }}
 
       - name: Update codecov report
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # pin@4.3.1
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # pin@4.6.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./coverage.out

.github/workflows/govulncheck.yml

@@ -1,7 +1,10 @@
 name: govulncheck
 
 on:
-  pull_request_target: {}
+  pull_request:
+    types:
+      - opened
+      - synchronize
   push:
     branches: [main]
   schedule:
@@ -15,8 +18,9 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
+
       - name: Scan for Vulnerabilities in Code
-        uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # [email protected].2
+        uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # [email protected].4
         with:
           go-version-file: go.mod
           go-package: ./...

.github/workflows/main.yml

@@ -26,7 +26,7 @@ jobs:
         run: go build ./...
 
       - name: Check for linting errors
-        uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # pin@5.1.0
+        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # pin@6.1.1
         with:
           version: latest
           args: -v -c .golangci.yml
@@ -48,7 +48,7 @@ jobs:
         run: make test
 
       - name: Update codecov report
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # pin@4.3.1
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # pin@4.6.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./coverage.out

.github/workflows/semgrep.yml

@@ -1,8 +1,7 @@
 name: Semgrep
 
 on:
-  merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -20,30 +19,22 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   run:
-    needs: authorize # Require approval before running on forked pull requests
-
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
-
     container:
       image: returntocorp/semgrep
 
     steps:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
-        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
+        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues.
 
-      - uses: actions/checkout@v4
+      - name: Checkout Code
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
-      - run: semgrep ci
+      - name: Run Semgrep
+        run: semgrep ci
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_TOKEN }}

.version

@@ -1 +1 @@
-v1.5.0
+v1.11.2

CHANGELOG.md

@@ -1,5 +1,68 @@
 # Change Log
 
+## [v1.11.2](https://github.com/auth0/go-auth0/tree/v1.11.2) (2024-10-14)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.11.1...v1.11.2)
+
+**Fixed**
+- PATCH: Rename `user_id_attribute` to `userid_attribute` in Azure Connection Options [\#454](https://github.com/auth0/go-auth0/pull/454) ([duedares-rvj](https://github.com/duedares-rvj))
+
+## [v1.11.1](https://github.com/auth0/go-auth0/tree/v1.11.1) (2024-10-07)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.11.0...v1.11.1)
+
+**Added**
+- Add missing support for `Custom` email provider in EmailProviderManager [\#452](https://github.com/auth0/go-auth0/pull/452) ([duedares-rvj](https://github.com/duedares-rvj))
+
+## [v1.11.0](https://github.com/auth0/go-auth0/tree/v1.11.0) (2024-09-27)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.10.0...v1.11.0)
+
+**Added**
+- Add support for `Form`, `Flow`, and `Flow Vault Connection` Managers [\#444](https://github.com/auth0/go-auth0/pull/444) ([kushalshit27](https://github.com/kushalshit27))
+- Add support for MFA Authentication Endpoints: Add, List, and Delete Authenticators [\#447](https://github.com/auth0/go-auth0/pull/447) ([developerkunal](https://github.com/developerkunal))
+- Add `user_id_attribute` support to AzureAD connection options in Connection Manager [\#445](https://github.com/auth0/go-auth0/pull/445) ([acwest](https://github.com/acwest))
+- Add `strategy_version` support to required connections in Connection Manager [\#443](https://github.com/auth0/go-auth0/pull/443) ([acwest](https://github.com/acwest))
+
+## [v1.10.0](https://github.com/auth0/go-auth0/tree/v1.10.0) (2024-09-03)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.9.0...v1.10.0)
+
+**Added**
+- Add support for new Prompts and Screens for Prompt Partial [\#437](https://github.com/auth0/go-auth0/pull/437) ([developerkunal](https://github.com/developerkunal))
+- Add Organizations for Client Credentials [\#432](https://github.com/auth0/go-auth0/pull/432) ([duedares-rvj](https://github.com/duedares-rvj))
+- Add Support for Control Your Own Key (CYOK) and Bring Your Own Key (BYOK) Features with New `EncryptionKeyManager` [\#435](https://github.com/auth0/go-auth0/pull/435) ([developerkunal](https://github.com/developerkunal))
+
+> **Note**
+> The methods `ReadPartials`, `CreatePartials`, and `UpdatePartials` are deprecated. Please use `GetPartials` and `SetPartials` instead for managing Prompt Partials.
+
+## [v1.9.0](https://github.com/auth0/go-auth0/tree/v1.9.0) (2024-08-16)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.8.0...v1.9.0)
+
+**Added**
+- Add Support for Self Service Profiles [\#431](https://github.com/auth0/go-auth0/pull/431) ([duedares-rvj](https://github.com/duedares-rvj))
+- Add Support for HRI Features [\#429](https://github.com/auth0/go-auth0/pull/429) ([developerkunal](https://github.com/developerkunal))
+- Add Support for Flexible Identifiers on ConnectionOptions & `phone_number` to SignupRequest Struct [\#421](https://github.com/auth0/go-auth0/pull/421) ([developerkunal](https://github.com/developerkunal))
+
+## [v1.8.0](https://github.com/auth0/go-auth0/tree/v1.8.0) (2024-07-09)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.7.0...v1.8.0)
+
+**Added**
+- Add support for managing a connection's SCIM (System for Cross-domain Identity Management) configuration [\#419](https://github.com/auth0/go-auth0/pull/419) ([developerkunal](https://github.com/developerkunal))
+
+## [v1.7.0](https://github.com/auth0/go-auth0/tree/v1.7.0) (2024-06-14)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.6.0...v1.7.0)
+
+**Added**
+- Add is_signup_enabled field to OrganizationConnection [\#413](https://github.com/auth0/go-auth0/pull/413) ([developerkunal](https://github.com/developerkunal))
+
+## [v1.6.0](https://github.com/auth0/go-auth0/tree/v1.6.0) (2024-05-09)
+[Full Changelog](https://github.com/auth0/go-auth0/compare/v1.5.0...v1.6.0)
+
+**Added**
+- [GH-380] - Add User Refresh Token Management Functionality to SDK [\#404](https://github.com/auth0/go-auth0/pull/404) ([developerkunal](https://github.com/developerkunal))
+- [GH-366] - Add support for enabled_connections field in CreateOrganizationConnections [\#394](https://github.com/auth0/go-auth0/pull/394) ([developerkunal](https://github.com/developerkunal))
+
+**Fixed**
+- [GH-372] Fix unmarshaling issue with Wordpress strategy connections [\#398](https://github.com/auth0/go-auth0/pull/398) ([developerkunal](https://github.com/developerkunal))
+- [GH-336] - Fix Unmarshal JSON error as string [\#393](https://github.com/auth0/go-auth0/pull/393) ([developerkunal](https://github.com/developerkunal))
+
 ## [v1.5.0](https://github.com/auth0/go-auth0/tree/v1.5.0) (2024-04-23)
 [Full Changelog](https://github.com/auth0/go-auth0/compare/v1.4.1...v1.5.0)
 

EXAMPLES.md

@@ -193,4 +193,27 @@ if err != nil {
     log.Fatalf("error was %+v", err)
 }
 log.Printf("User %s", user.GetOurCustomID())
-```
+```
+
+To handle nullable fields, create a custom struct without the omitempty tag and set it to null using a custom request.
+
+```go
+// Define a custom struct similar to the `Tenant` struct exposed by the SDK but without the `omitempty` tag.
+type CustomTenant struct {
+ACRValuesSupported *[]string          `json:"acr_values_supported"`
+MTLS               *management.MTLSConfiguration `json:"mtls"`
+}
+
+// Create a custom request to set the nullable fields to null.
+nullableTenantSettings := &CustomTenant{
+ACRValuesSupported: nil,
+MTLS:               nil,
+}
+
+err := auth0API.Request(context.Background(), http.MethodPatch, auth0API.URI("tenants", "settings"), nullableTenantSettings)
+if err != nil {
+log.Fatalf("error was %+v", err)
+}
+
+log.Printf("Tenant %+v", tenant)
+```

authentication/authentication_error.go

@@ -12,6 +12,7 @@ type Error struct {
 	StatusCode int    `json:"statusCode"`
 	Err        string `json:"error"`
 	Message    string `json:"error_description"`
+	MFAToken   string `json:"mfa_token,omitempty"`
 }
 
 func newError(response *http.Response) error {
@@ -42,6 +43,14 @@ func (a *Error) Error() string {
 	return fmt.Sprintf("%d %s: %s", a.StatusCode, a.Err, a.Message)
 }
 
+// GetMFAToken returns the MFA token associated with the error, if any.
+func (a *Error) GetMFAToken() string {
+	if a == nil || a.MFAToken == "" {
+		return ""
+	}
+	return a.MFAToken
+}
+
 // Status returns the status code of the error.
 func (a *Error) Status() int {
 	return a.StatusCode

authentication/authentication_error_test.go

@@ -1,6 +1,7 @@
 package authentication
 
 import (
+	"errors"
 	"io"
 	"net/http"
 	"strings"
@@ -11,9 +12,10 @@ import (
 
 func Test_newError(t *testing.T) {
 	var testCases = []struct {
-		name          string
-		givenResponse http.Response
-		expectedError Error
+		name             string
+		givenResponse    http.Response
+		expectedError    Error
+		expectedMFAToken string
 	}{
 		{
 			name: "it fails to decode if body is not json",
@@ -26,6 +28,7 @@ func Test_newError(t *testing.T) {
 				Err:        "Forbidden",
 				Message:    "failed to decode json error response payload: invalid character 'H' looking for beginning of value",
 			},
+			expectedMFAToken: "",
 		},
 		{
 			name: "it correctly decodes the error response payload",
@@ -38,6 +41,7 @@ func Test_newError(t *testing.T) {
 				Err:        "invalid_scope",
 				Message:    "Scope must be an array or a string",
 			},
+			expectedMFAToken: "",
 		},
 		{
 			name: "it will still post the correct status code if the body doesn't have the correct structure",
@@ -50,6 +54,7 @@ func Test_newError(t *testing.T) {
 				Err:        "Internal Server Error",
 				Message:    "",
 			},
+			expectedMFAToken: "",
 		},
 		{
 			name: "it will handle an invalid sign up response",
@@ -62,6 +67,7 @@ func Test_newError(t *testing.T) {
 				Err:        "invalid_signup",
 				Message:    "Invalid sign up",
 			},
+			expectedMFAToken: "",
 		},
 		{
 			name: "it will handle invalid password response",
@@ -74,13 +80,32 @@ func Test_newError(t *testing.T) {
 				Err:        "invalid_password",
 				Message:    `{"rules":[{"message":"At least %d characters in length","format":[8],"code":"lengthAtLeast","verified":true},{"message":"Contain at least %d of the following %d types of characters:","code":"containsAtLeast","format":[3,4],"items":[{"message":"lower case letters (a-z)","code":"lowerCase","verified":true},{"message":"upper case letters (A-Z)","code":"upperCase","verified":false},{"message":"numbers (i.e. 0-9)","code":"numbers","verified":false},{"message":"special characters (e.g. !@#$%^&*)","code":"specialCharacters","verified":true}],"verified":false}],"verified":false}`,
 			},
+			expectedMFAToken: "",
+		},
+		{
+			name: "it will handle invalid password response with MFA token",
+			givenResponse: http.Response{
+				StatusCode: http.StatusBadRequest,
+				Body:       io.NopCloser((strings.NewReader(`{"name":"PasswordStrengthError","message":"Password is too weak","code":"invalid_password","description":{"rules":[{"message":"At least %d characters in length","format":[8],"code":"lengthAtLeast","verified":true},{"message":"Contain at least %d of the following %d types of characters:","code":"containsAtLeast","format":[3,4],"items":[{"message":"lower case letters (a-z)","code":"lowerCase","verified":true},{"message":"upper case letters (A-Z)","code":"upperCase","verified":false},{"message":"numbers (i.e. 0-9)","code":"numbers","verified":false},{"message":"special characters (e.g. !@#$%^&*)","code":"specialCharacters","verified":true}],"verified":false}],"verified":false},"policy":"* At least 8 characters in length\n* Contain at least 3 of the following 4 types of characters:\n * lower case letters (a-z)\n * upper case letters (A-Z)\n * numbers (i.e. 0-9)\n * special characters (e.g. !@#$%^&*)","mfa_token":"123456","statusCode":400}`))),
+			},
+			expectedError: Error{
+				StatusCode: 400,
+				Err:        "invalid_password",
+				Message:    `{"rules":[{"message":"At least %d characters in length","format":[8],"code":"lengthAtLeast","verified":true},{"message":"Contain at least %d of the following %d types of characters:","code":"containsAtLeast","format":[3,4],"items":[{"message":"lower case letters (a-z)","code":"lowerCase","verified":true},{"message":"upper case letters (A-Z)","code":"upperCase","verified":false},{"message":"numbers (i.e. 0-9)","code":"numbers","verified":false},{"message":"special characters (e.g. !@#$%^&*)","code":"specialCharacters","verified":true}],"verified":false}],"verified":false}`,
+				MFAToken:   "123456",
+			},
+			expectedMFAToken: "123456",
 		},
 	}
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			actualError := newError(&testCase.givenResponse)
-			assert.Equal(t, &testCase.expectedError, actualError)
+			err := newError(&testCase.givenResponse)
+			var actualError *Error
+			ok := errors.As(err, &actualError)
+			assert.True(t, ok, "newError should return an *Error")
+			assert.Equal(t, testCase.expectedError, *actualError)
+			assert.Equal(t, testCase.expectedMFAToken, actualError.GetMFAToken())
 		})
 	}
 }

authentication/authentication_test.go

@@ -471,7 +471,9 @@ func TestWithClockTolerance(t *testing.T) {
 			return
 		}
 		w.WriteHeader(http.StatusOK)
-		fmt.Fprint(w, string(b))
+		if _, err := fmt.Fprint(w, string(b)); err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+		}
 	})
 	s := httptest.NewTLSServer(h)
 	t.Cleanup(func() {

authentication/database/database.go

@@ -18,6 +18,8 @@ type SignupRequest struct {
 	Connection string `json:"connection,omitempty"`
 	// The user's username. Only valid if the connection requires a username.
 	Username string `json:"username,omitempty"`
+	// The user's phone number.
+	PhoneNumber string `json:"phone_number,omitempty"`
 	// The user's given name(s).
 	GivenName string `json:"given_name,omitempty"`
 	// The user's family name(s).
@@ -43,6 +45,8 @@ type SignupResponse struct {
 	EmailVerified bool `json:"email_verified,omitempty"`
 	// The user's ID.
 	ID string `json:"_id,omitempty"`
+	// The user's phone number.
+	PhoneNumber string `json:"phone_number,omitempty"`
 	// The user's username. Only valid if the connection requires a username.
 	Username string `json:"username,omitempty"`
 	// The user's given name(s).