Replace RestClient with Faraday

Gemfile.lock

@@ -3,8 +3,8 @@ PATH
   specs:
     auth0 (5.18.0)
       addressable (~> 2.8)
+      faraday (~> 2.9)
       jwt (~> 2.7)
-      rest-client (~> 2.1)
       retryable (~> 3.0)
       zache (~> 0.12)
 
@@ -71,6 +71,12 @@ GEM
     erubi (1.13.0)
     faker (2.23.0)
       i18n (>= 1.8.11, < 2)
+    faraday (2.12.2)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.0)
+      net-http (>= 0.5.0)
     ffi (1.17.0-aarch64-linux-gnu)
     ffi (1.17.0-aarch64-linux-musl)
     ffi (1.17.0-arm-linux-gnu)
@@ -129,6 +135,8 @@ GEM
     minitest (5.25.2)
     multi_json (1.15.0)
     nenv (0.3.0)
+    net-http (0.6.0)
+      uri
     netrc (0.11.0)
     nokogiri (1.16.7-aarch64-linux)
       racc (~> 1.4)

auth0.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'rest-client', '~> 2.1'
+  s.add_runtime_dependency 'faraday', '~> 2.9'
   s.add_runtime_dependency 'jwt', '~> 2.7'
   s.add_runtime_dependency 'zache', '~> 0.12'
   s.add_runtime_dependency 'addressable', '~> 2.8'

lib/auth0/mixins.rb

@@ -1,5 +1,4 @@
 require 'base64'
-require 'rest-client'
 require 'uri'
 
 require 'auth0/mixins/access_token_struct'

lib/auth0/mixins/httpproxy.rb

@@ -1,8 +1,40 @@
 require "addressable/uri"
+require "faraday"
 require "retryable"
 require_relative "../exception.rb"
 
 module Auth0
+  # Shim for Faraday with interface similar to RestClient
+  class HttpClient
+    def self.execute(method:, url:, payload:, headers:, timeout:)
+      params = headers.delete(:params)
+      case method
+      when :get
+        Faraday.get(url, params, headers) do |req|
+          req.options[:timeout] = timeout
+        end
+      when :post
+        Faraday.post(url, payload, headers) do |req|
+          req.options[:timeout] = timeout
+        end
+      when :patch
+        Faraday.patch(url, payload, headers) do |req|
+          req.options[:timeout] = timeout
+        end
+      when :put
+        Faraday.put(url, payload, headers) do |req|
+          req.options[:timeout] = timeout
+        end
+      when :delete
+        Faraday.delete(url, params, headers) do |req|
+          req.options[:timeout] = timeout
+        end
+      else
+        raise 'Unsupported HTTP method'
+      end
+    end
+  end
+
   module Mixins
     # here's the proxy for Rest calls based on rest-client, we're building all request on that gem
     # for now, if you want to feel free to use your own http client
@@ -95,33 +127,28 @@ def request(method, uri, body = {}, extra_headers = {})
           call(method, encode_uri(uri), timeout, headers, body.to_json)
         end
 
-        case result.code
+        case result.status
         when 200...226 then safe_parse_json(result.body)
-        when 400       then raise Auth0::BadRequest.new(result.body, code: result.code, headers: result.headers)
-        when 401       then raise Auth0::Unauthorized.new(result.body, code: result.code, headers: result.headers)
-        when 403       then raise Auth0::AccessDenied.new(result.body, code: result.code, headers: result.headers)
-        when 404       then raise Auth0::NotFound.new(result.body, code: result.code, headers: result.headers)
-        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.code, headers: result.headers)
-        when 500       then raise Auth0::ServerError.new(result.body, code: result.code, headers: result.headers)
-        else           raise Auth0::Unsupported.new(result.body, code: result.code, headers: result.headers)
+        when 400       then raise Auth0::BadRequest.new(result.body, code: result.status, headers: result.headers)
+        when 401       then raise Auth0::Unauthorized.new(result.body, code: result.status, headers: result.headers)
+        when 403       then raise Auth0::AccessDenied.new(result.body, code: result.status, headers: result.headers)
+        when 404       then raise Auth0::NotFound.new(result.body, code: result.status, headers: result.headers)
+        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.status, headers: result.headers)
+        when 500       then raise Auth0::ServerError.new(result.body, code: result.status, headers: result.headers)
+        else           raise Auth0::Unsupported.new(result.body, code: result.status, headers: result.headers)
         end
       end
 
       def call(method, url, timeout, headers, body = nil)
-        RestClient::Request.execute(
+        Auth0::HttpClient.execute(
           method: method,
           url: url,
           timeout: timeout,
           headers: headers,
           payload: body
         )
-      rescue RestClient::Exception => e
-        case e
-        when RestClient::RequestTimeout
-          raise Auth0::RequestTimeout.new(e.message)
-        else
-          return e.response
-        end
+      rescue Faraday::RequestTimeoutError => e
+        raise Auth0::RequestTimeout.new(e.message)
       end
     end
   end

spec/lib/auth0/api/authentication_endpoints_spec.rb

@@ -49,7 +49,7 @@
   context 'AuthenticationEndponts' do
     context 'api_token' do
       it 'requests a new token using client_secret' do
-        expect(RestClient::Request).to receive(:execute).with(hash_including(
+        expect(Auth0::HttpClient).to receive(:execute).with(hash_including(
           method: :post,
           url: 'https://samples.auth0.com/oauth/token',
           payload: {
@@ -76,7 +76,7 @@
       end
 
       it 'requests a new token using organization' do
-        expect(RestClient::Request).to receive(:execute).with(hash_including(
+        expect(Auth0::HttpClient).to receive(:execute).with(hash_including(
           method: :post,
           url: 'https://samples.auth0.com/oauth/token',
           payload: {
@@ -103,7 +103,7 @@
       end
 
       it 'requests a new token using client_assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -135,7 +135,7 @@
 
     context 'exchange_auth_code_for_tokens' do
       it 'requests a new token using client_secret' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -168,7 +168,7 @@
       end
 
       it 'requests a new token using client_assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -201,7 +201,7 @@
 
     context 'exchange_refresh_token' do
       it 'exchanges the refresh token using a client secret' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -233,7 +233,7 @@
       end
 
       it 'exchanges the refresh token using client_assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -268,7 +268,7 @@
 
     context 'exchange_sms_otp_for_tokens' do
       it 'requests the tokens using an OTP from SMS' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -304,7 +304,7 @@
       end
 
       it 'requests the tokens using OTP from SMS, and overrides scope and audience' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -337,7 +337,7 @@
       end
 
       it 'requests the tokens using an OTP from SMS using client assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -366,7 +366,7 @@
 
     context 'exchange_email_otp_for_tokens' do
       it 'requests the tokens using email OTP' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -402,7 +402,7 @@
       end
 
       it 'requests the tokens using OTP from email, and overrides scope and audience' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -430,7 +430,7 @@
       end
 
       it 'requests the tokens using OTP from email using client assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -462,7 +462,7 @@
 
     context 'login_with_resource_owner' do
       it 'logs in using a client secret' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -498,7 +498,7 @@
       end
 
       it 'logs in using a client secret, realm and audience' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -534,7 +534,7 @@
       end
 
       it 'logs in using client assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -568,7 +568,7 @@
 
     context 'start_passwordless_email_flow' do
       it 'starts passwordless flow using a client secret' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -592,7 +592,7 @@
       end
 
       it 'starts passwordless email flow using client assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -615,7 +615,7 @@
 
     context 'start_passwordless_sms_flow' do
       it 'starts passwordless flow using a client secret' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -637,7 +637,7 @@
       end
 
       it 'starts passwordless email flow using client assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg).to match(
             include(
               method: :post,
@@ -675,7 +675,7 @@
 
     context 'pushed_authorization_request' do
       it 'sends the request as a form post' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
           expect(arg[:method]).to eq(:post)
 
@@ -692,7 +692,7 @@
       end
 
       it 'allows the RestClient to handle the correct header defaults' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg[:headers]).not_to have_key('Content-Type')
 
           StubResponse.new({}, true, 200)
@@ -703,7 +703,7 @@
       end
 
       it 'sends the request as a form post with all known overrides' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
           expect(arg[:method]).to eq(:post)
 
@@ -733,7 +733,7 @@
       end
 
       it 'sends the request as a form post using client assertion' do
-        expect(RestClient::Request).to receive(:execute) do |arg|
+        expect(Auth0::HttpClient).to receive(:execute) do |arg|
           expect(arg[:url]).to eq('https://samples.auth0.com/oauth/par')
           expect(arg[:method]).to eq(:post)
           expect(arg[:payload][:client_secret]).to be_nil