move managemnt key check to management tests

lib/descope/api/v1/auth.rb

@@ -246,9 +246,13 @@ def generate_auth_info(response_body, refresh_token, user_jwt, audience = nil)
           rt_jwt = response_body.fetch('refreshJwt', '')
 
           if !rt_jwt.empty?
+            @logger.debug 'found refreshJwt in response body, adding to jwt_response'
+            @logger.debug 'validating refreshJwt token...'
             jwt_response[REFRESH_SESSION_TOKEN_NAME] = validate_token(rt_jwt, audience)
           elsif refresh_token && !refresh_token.empty?
             # if refresh_token is in response body (local storage)
+            @logger.debug 'refreshJwt is empty, but refresh_token was passed, adding to jwt_response'
+            @logger.debug 'validating passed-in refresh token...'
             jwt_response[REFRESH_SESSION_TOKEN_NAME] = validate_token(refresh_token, audience)
           else
             cookies = response_body.fetch('cookies', {})
@@ -261,7 +265,8 @@ def generate_auth_info(response_body, refresh_token, user_jwt, audience = nil)
           end
 
           if jwt_response[REFRESH_SESSION_TOKEN_NAME].nil?
-            raise Descope::AuthException.new('Unable to validate refresh token', code: 500)
+            @logger.debug "Error: Could not find refreshJwt in response body: #{response_body} / cookies: #{cookies} / passed in refresh_token ->#{refresh_token}<-"
+            raise Descope::AuthException.new('Could not find refreshJwt in response body / cookies / passed in refresh_token', code: 500)
           end
 
           jwt_response = adjust_properties(jwt_response, user_jwt)

lib/descope/api/v1/session.rb

@@ -20,11 +20,10 @@ def refresh_session(refresh_token: nil, audience: nil)
           #  [amr, drn, exp, iss, rexp, sub, jwt] in the top level of the response dict, please use
           #  them from the sessionToken key instead, as these claims will soon be deprecated from the top level
           #  of the response dict.
-
+          #  Make sure you set Enable refresh token rotation in the Project Settings before using this.
           validate_refresh_token_not_nil(refresh_token)
           validate_token(refresh_token, audience)
           res = post(REFRESH_TOKEN_PATH, {}, {}, refresh_token)
-
           cookies = res.fetch(COOKIE_DATA_NAME, {})
           refresh_cookie = cookies.fetch(REFRESH_SESSION_COOKIE_NAME, nil) || res.fetch('refreshJwt', nil)
           generate_jwt_response(response_body: res, refresh_cookie:, audience:)

lib/descope/mixins/http.rb

@@ -47,12 +47,13 @@ def retry_options
       def safe_parse_json(body, cookies: {})
         @logger.debug "response => #{JSON.parse(body.to_s)}"
         res = JSON.parse(body.to_s)
-        cookies.each do |cookie_name, cookie_value|
-          if cookie_name == REFRESH_SESSION_COOKIE_NAME
-            res['cookies'] ||= {}
-            res['cookies'][cookie_name] = cookie_value
-          end
+
+        # Handle DSR cookie in response.
+        if cookies.key?(REFRESH_SESSION_COOKIE_NAME)
+          res['cookies'] = {}
+          res['cookies'][REFRESH_SESSION_COOKIE_NAME] = cookies[REFRESH_SESSION_COOKIE_NAME]
         end
+
         res
       rescue JSON::ParserError
         body

spec/integration/lib.descope/api/v1/auth/session_spec.rb

@@ -30,14 +30,17 @@
 
       @client.logger.info('2. Sign in with password')
       login_res = @client.password_sign_in(login_id: user[:login_id], password: @password)
-      @client.logger.info("login_res: #{login_res}")
+      @client.logger.info("sign_in res: #{login_res}")
 
       @client.logger.info('3. sleep 1 second before calling refresh_session')
       sleep(1)
 
       @client.logger.info('4. Refresh session')
-      login_res = @client.refresh_session(refresh_token: login_res[REFRESH_SESSION_TOKEN_NAME]['jwt'])
-      new_refresh_token = login_res['refreshSessionToken']['jwt']
+      refresh_session_res = @client.refresh_session(refresh_token: login_res[REFRESH_SESSION_TOKEN_NAME]['jwt'])
+      @client.logger.info("refresh_session_res: #{refresh_session_res}")
+
+      new_refresh_token = refresh_session_res[REFRESH_SESSION_TOKEN_NAME]['jwt']
+      @client.logger.info("new_refresh_token: #{new_refresh_token}")
 
       @client.logger.info('5. Check new refresh token is not the same as the original one')
       expect(original_refresh_token).not_to eq(new_refresh_token)

spec/integration/lib.descope/api/v1/management/access_key_spec.rb

@@ -4,6 +4,8 @@
 
 describe Descope::Api::V1::Management::AccessKey do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
   end
 

spec/integration/lib.descope/api/v1/management/audit_spec.rb

@@ -4,6 +4,8 @@
 
 describe Descope::Api::V1::Management::Audit do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     @client.logger.info('Deleting all tenants for Ruby SDK...')
     @client.search_all_tenants(names: ['Ruby-SDK-test'])['tenants'].each do |tenant|

spec/integration/lib.descope/api/v1/management/authz_spec.rb

@@ -4,6 +4,8 @@
 
 describe Descope::Api::V1::Management::Authz do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     puts 'authz schema delete'
   end

spec/integration/lib.descope/api/v1/management/flow_spec.rb

@@ -4,6 +4,8 @@
 
 describe Descope::Api::V1::Management::Flow do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
   end
 

spec/integration/lib.descope/api/v1/management/permissions_spec.rb

@@ -4,6 +4,8 @@
 
 describe Descope::Api::V1::Management::Permission do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     @client.load_all_permissions['permissions'].each do |perm|
       if perm['description'] == 'Ruby SDK'

spec/integration/lib.descope/api/v1/management/project_spec.rb

@@ -4,6 +4,8 @@
 
 describe Descope::Api::V1::Management::Project do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     @export_output = @client.export_project
   end

spec/integration/lib.descope/api/v1/management/roles_spec.rb

@@ -4,6 +4,8 @@
 
 describe Descope::Api::V1::Management::Role do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     @client.logger.info('Staring cleanup before tests...')
     @client.logger.info('Deleting all permissions for Ruby SDK...')

spec/integration/lib.descope/api/v1/management/user_spec.rb

@@ -4,10 +4,14 @@
 
 describe Descope::Api::V1::Management::User do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
+    @client = DescopeClient.new(Configuration.config)
+
     @password = SpecUtils.generate_password
     @new_password = SpecUtils.generate_password
     @user = build(:user)
-    @client = DescopeClient.new(Configuration.config)
+
     include Descope::Mixins::Common::DeliveryMethod
   end
 

spec/support/client_config.rb

@@ -5,7 +5,6 @@ module Configuration
   module_function
 
   def config
-    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
     raise 'DESCOPE_PROJECT_ID is not set' if ENV['DESCOPE_PROJECT_ID'].nil?
 
     {