From 17c9c55e7217c461e6847dce2de038ecdf34d5f9 Mon Sep 17 00:00:00 2001
From: Tristan Starck <tstarck@invoca.com>
Date: Wed, 17 Sep 2025 11:57:59 -0700
Subject: [PATCH 1/2] Make get_token a public method on the Auth0::Client

Currently if I want to generate an API token for an API using the Auth0::Client, I must do the following:
```ruby
client = Auth0::Client.new(api_identifier: "my-api-identifier", **options)
api_token = client.api_token("my-api-identifier")
do_something(api_token) # Make a request to this API with the api token as the Authorization bearer.
```

However `Auth0::Client.new` will actually already request this api token on initialize, however this token is not available via any public interface.

This commit moves the `Auth0::Client#get_token` to a public method (formerly private).

Now when in need of any API token for an API, we can do the following:
```ruby
client = Auth0::Client.new(api_identifier: "my-api-identifier", **options)
api_token = client.get_token # No need for redundant request to `/oauth/token`.
do_something(api_token) # i.e make an http request to this API using the API token as the Authorization bearer.
```
---
 lib/auth0/mixins/token_management.rb          | 29 ++++++------
 .../lib/auth0/mixins/token_management_spec.rb | 44 +++++++++----------
 2 files changed, 38 insertions(+), 35 deletions(-)

diff --git a/lib/auth0/mixins/token_management.rb b/lib/auth0/mixins/token_management.rb
index b61b68c2..bca40ff7 100644
--- a/lib/auth0/mixins/token_management.rb
+++ b/lib/auth0/mixins/token_management.rb
@@ -1,22 +1,14 @@
 module Auth0
   module Mixins
     module TokenManagement
-      
-      private
-
-      def initialize_token(options)
-        @token = options[:access_token] || options[:token]
-        # default expiry to an hour if a token was given but no expires_at
-        @token_expires_at = @token ? options[:token_expires_at] || Time.now.to_i + 3600 : nil 
-
-        @audience = options[:api_identifier] || "https://#{@domain}/api/v2/"
-        get_token() if @token.nil?
-      end
 
+      # Get the Client's api token (or generate a new one if it has expired).
+      #
+      # @return [String] the api token
       def get_token
         # pp @token_expires_at
         has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
-        
+
         if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
           response = api_token(audience: @audience)
           @token = response.token
@@ -27,6 +19,17 @@ def get_token
           @token
         end
       end
+
+      private
+
+      def initialize_token(options)
+        @token = options[:access_token] || options[:token]
+        # default expiry to an hour if a token was given but no expires_at
+        @token_expires_at = @token ? options[:token_expires_at] || Time.now.to_i + 3600 : nil
+
+        @audience = options[:api_identifier] || "https://#{@domain}/api/v2/"
+        get_token() if @token.nil?
+      end
     end
   end
-end
\ No newline at end of file
+end
diff --git a/spec/lib/auth0/mixins/token_management_spec.rb b/spec/lib/auth0/mixins/token_management_spec.rb
index 5e78e411..37973eb2 100644
--- a/spec/lib/auth0/mixins/token_management_spec.rb
+++ b/spec/lib/auth0/mixins/token_management_spec.rb
@@ -15,7 +15,7 @@
     organization: nil
   } }
 
-  let(:params) { { 
+  let(:params) { {
     domain: domain,
     client_id: client_id,
     client_secret: client_secret,
@@ -43,15 +43,15 @@
         )))
 
         expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq(payload)
-      
-        StubResponse.new({ 
-          "access_token" => "test", 
-          "expires_in" => 86400}, 
-          true, 
+
+        StubResponse.new({
+          "access_token" => "test",
+          "expires_in" => 86400},
+          true,
           200)
       end
 
-      instance.send(:get_token)
+      instance.get_token
 
       expect(instance.instance_variable_get('@token')).to eq('test')
       expect(instance.instance_variable_get('@token_expires_at')).to eq(time_now.to_i + 86400)
@@ -66,7 +66,7 @@
         url: 'https://samples.auth0.com/oauth/token',
       ))
 
-      instance.send(:get_token)
+      instance.get_token
 
       expect(instance.instance_variable_get('@token')).to eq('test-token')
       expect(instance.instance_variable_get('@token_expires_at')).to eq(time_now.to_i + 86400)
@@ -84,15 +84,15 @@
         )))
 
         expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq(payload)
-      
-        StubResponse.new({ 
-          "access_token" => "renewed_token", 
-          "expires_in" => 86400}, 
-          true, 
+
+        StubResponse.new({
+          "access_token" => "renewed_token",
+          "expires_in" => 86400},
+          true,
           200)
       end
 
-      instance.send(:get_token)
+      instance.get_token
 
       expect(instance.instance_variable_get('@token')).to eq('renewed_token')
       expect(instance.instance_variable_get('@token_expires_at')).to eq(time_now.to_i + 86400)
@@ -110,15 +110,15 @@
         )))
 
         expect(JSON.parse(arg[:payload], { symbolize_names: true })).to eq(payload)
-      
-        StubResponse.new({ 
-          "access_token" => "renewed_token", 
-          "expires_in" => 86400}, 
-          true, 
+
+        StubResponse.new({
+          "access_token" => "renewed_token",
+          "expires_in" => 86400},
+          true,
           200)
       end
 
-      instance.send(:get_token)
+      instance.get_token
 
       expect(instance.instance_variable_get('@token')).to eq('renewed_token')
       expect(instance.instance_variable_get('@token_expires_at')).to eq(time_now.to_i + 86400)
@@ -130,7 +130,7 @@
 
       expect(RestClient::Request).not_to receive(:execute)
 
-      instance.send(:get_token)
+      instance.get_token
     end
   end
-end
\ No newline at end of file
+end

From dfa7f3c21dcec88624ff9b0441f8b81692b48e91 Mon Sep 17 00:00:00 2001
From: arpit-jain_atko <arpit.jain@okta.com>
Date: Tue, 5 May 2026 21:13:57 +0530
Subject: [PATCH 2/2] Address review feedback: add YARD @note for
 network/thread-safety, remove debug comment, assert return value in test

---
 lib/auth0/mixins/token_management.rb           | 2 +-
 spec/lib/auth0/mixins/token_management_spec.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/auth0/mixins/token_management.rb b/lib/auth0/mixins/token_management.rb
index bca40ff7..f57a1408 100644
--- a/lib/auth0/mixins/token_management.rb
+++ b/lib/auth0/mixins/token_management.rb
@@ -4,9 +4,9 @@ module TokenManagement
 
       # Get the Client's api token (or generate a new one if it has expired).
       #
+      # @note This method may perform a network request to refresh an expired token. It is not thread-safe.
       # @return [String] the api token
       def get_token
-        # pp @token_expires_at
         has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
 
         if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
diff --git a/spec/lib/auth0/mixins/token_management_spec.rb b/spec/lib/auth0/mixins/token_management_spec.rb
index 37973eb2..f53a484b 100644
--- a/spec/lib/auth0/mixins/token_management_spec.rb
+++ b/spec/lib/auth0/mixins/token_management_spec.rb
@@ -130,7 +130,7 @@
 
       expect(RestClient::Request).not_to receive(:execute)
 
-      instance.get_token
+      expect(instance.get_token).to eq('test-token')
     end
   end
 end