Added User Management, Password/SSO Auth Methods, and Audit (#24)

* RELEASE

* added password auth method, and user management functions

* added files

* added files

* added files

* added files

* added files

* added tenant management

* added tenant

* added files

* added files and README

* added userpassword phpass

* fixed linter

* added new workflows

* added tests

* fixed tests

* fixed tests

* exclude must have different classes

* commit

* fixed

* added namespace

* added files

* added files

* fixed

* fixed

* added

* added

* added

* added

* added files

* added files

---------

Co-authored-by: Chris Carper <[email protected]>

.env.example

@@ -0,0 +1,2 @@
+DESCOPE_PROJECT_ID="YOUR_PROJECT_ID"
+DESCOPE_MANAGEMENT_KEY="YOUR_MANAGEMENT_KEY"

.github/workflows/ci.yml

@@ -0,0 +1,31 @@
+name: Composer, Linter, and Tests
+
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, reopened, synchronize]
+
+jobs:
+  Run-Tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 📥 Checkout code
+        uses: actions/checkout@v4
+
+      - name: 🛠️ Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.1"
+          tools: composer, cs2pr
+
+      - name: 🔍 Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: 📦 Install dependencies
+        run: composer install --prefer-dist --no-progress
+
+      - name: ✨ Run PHP CodeSniffer
+        run: vendor/bin/phpcs --standard=PSR2 --extensions=php --exclude=Generic.Files.LineLength src
+
+      - name: 🧪 Run PHPUnit tests
+        run: composer run-script test

.github/workflows/license.yml

@@ -0,0 +1,22 @@
+name: License Check
+
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, reopened, synchronize]
+
+jobs:
+  Check-License:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 📥 Checkout code
+        uses: actions/checkout@v4
+
+      - name: 🛠️ Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.1"
+          tools: composer
+
+      - name: 📜 Check License
+        run: composer run-script license-check

.github/workflows/main.yml → .github/workflows/release.yml

@@ -16,6 +16,24 @@ jobs:
           persist-credentials: false
           ref: ${{ github.ref }}
 
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.1"
+          tools: composer
+
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress
+
+      - name: Run PHP CodeSniffer
+        run: vendor/bin/phpcs --standard=PSR2 --extensions=php src
+
+      - name: Run PHPUnit tests
+        run: composer run-script test
+
       - name: Get token
         id: get_token
         uses: tibdex/github-app-token@v1

README.md

@@ -24,28 +24,189 @@ You'll need to set up a `.env` file in the root directory with your Descope Proj
 
 ```
 DESCOPE_PROJECT_ID=<Descope Project ID>
+DESCOPE_MANAGEMENT_KEY=<Descope Management Key>
 ```
 
 ## Using the SDK
 
 In order to use the SDK you will need to initialize a `DescopeSDK` object with your Descope Project ID you defined in your `.env` file, like this:
 
-```
+```php
 require 'vendor/autoload.php';
 use Descope\SDK\DescopeSDK;
 
 $descopeSDK = new DescopeSDK([
-    'projectId' => $_ENV['DESCOPE_PROJECT_ID']
+    'projectId' => $_ENV['DESCOPE_PROJECT_ID'],
+    'managementKey' => $_ENV['DESCOPE_MANAGEMENT_KEY'] // Optional, only used for Management functions
 ]);
 ```
 
-This SDK will easily allow you to handle Descope JWT tokens with the following built in functions:
+This SDK will easily allow you to handle Descope JWT tokens with the following built-in functions:
+
+## Password Authentication
+
+### Sign Up
+
+```php
+$response = $descopeSDK->auth->password->signUp("loginId", "password123");
+print_r($response);
+```
+
+### Sign In
+
+```php
+$response = $descopeSDK->auth->password->signIn("loginId", "password123");
+print_r($response);
+```
+
+### Send Reset Password
+
+```php
+$response = $descopeSDK->auth->password->sendReset("loginId", "https://example.com/reset");
+print_r($response);
+```
+
+### Update Password
+
+```php
+$descopeSDK->auth->password->update("loginId", "newPassword123", "refreshToken");
+```
+
+### Replace Password
+
+```php
+$response = $descopeSDK->auth->password->replace("loginId", "oldPassword123", "newPassword123");
+print_r($response);
+```
+
+### Get Password Policy
+
+```php
+$response = $descopeSDK->auth->password->getPolicy();
+print_r($response);
+```
+
+## SSO Authentication
+
+### SSO Sign In
+
+```php
+$response = $descopeSDK->auth->sso->signIn(
+    "tenant",
+    "https://example.com/callback",
+    "prompt",
+    true,
+    true,
+    ["custom" => "claim"],
+    "ssoAppId"
+);
+print_r($response);
+```
+
+### Exchange Token
+
+```php
+$response = $descopeSDK->auth->sso->exchangeToken("code");
+print_r($response);
+```
+
+## Session Management
 
 1. `DescopeSDK->verify($sessionToken)` - will validate the JWT signature and return either **TRUE** or **FALSE**, depending on if the JWT is valid and expired
 2. `DescopeSDK->getClaims($sessionToken)` - will return all of the claims from the JWT in an array format
 3. `DescopeSDK->getUserDetails($refreshToken)` - will return all of the user information (email, phone, verification status, etc.) using a provided refresh token
 
-> **Note**: To use verify() and getClaims(), you will need to pass in your session token into the function argument. To use getUserDetails() to will need to pass in your refresh token.
+> **Note**: To use `verify()` and `getClaims()`, you will need to pass in your session token into the function argument. To use `getUserDetails()`, you will need to pass in your refresh token.
+
+## User Management Functions
+
+### Create User
+
+```php
+$response = $descopeSDK->management->user->create(
+    "testuser1",
+    "[email protected]",
+    "1234567890",
+    "Test User",
+    "Test",
+    "Middle",
+    "User"
+);
+print_r($response);
+```
+
+### Update User
+
+```php
+$descopeSDK->management->user->update(
+    "testuser1",
+    "[email protected]",
+    "0987654321",
+    "Updated User",
+    "Updated",
+    "Middle",
+    "User"
+);
+```
+
+### Delete User
+
+```php
+$descopeSDK->management->user->delete("testuser1");
+```
+
+### Add Tenant
+
+```php
+$response = $descopeSDK->management->user->addTenant("testuser1", "tenantId1");
+print_r($response);
+```
+
+### Remove Tenant
+
+```php
+$response = $descopeSDK->management->user->removeTenant("testuser1", "tenantId1");
+print_r($response);
+```
+
+### Set Tenant Roles
+
+```php
+$response = $descopeSDK->management->user->setTenantRoles("testuser1", "tenantId1", ["admin"]);
+print_r($response);
+```
+
+### Add Tenant Roles
+
+```php
+$response = $descopeSDK->management->user->addTenantRoles("testuser1", "tenantId1", ["user"]);
+print_r($response);
+```
+
+### Remove Tenant Roles
+
+```php
+$response = $descopeSDK->management->user->removeTenantRoles("testuser1", "tenantId1", ["admin"]);
+print_r($response);
+```
+
+### Set Temporary Password
+
+```php
+$descopeSDK->management->user->setTemporaryPassword("testuser1", new UserPassword(cleartext: "temporaryPassword123"));
+```
+
+### Set Active Password
+
+```php
+$descopeSDK->management->user->setActivePassword("testuser1", new UserPassword(cleartext: "activePassword123"));
+```
+
+### Set Password
+
+```php
+$descopeSDK->management->user->setPassword("testuser1", new UserPassword(cleartext: "password123"), true);
+```
 
 ## Unit Testing
 
@@ -54,7 +215,7 @@ The PHP directory includes unit testing using PHPUnit. You can insert values for
 To run the tests, run this command:
 
 ```
-./vendor/bin/phpunit --verbose src/tests/DescopeSDKTest.php
+./vendor/bin/phpunit --bootstrap bootstrap.php --verbose src/tests/DescopeSDKTest.php
 ```
 
 ## Running the PHP Sample App

bootstrap.php

@@ -0,0 +1,6 @@
+<?php
+
+require 'vendor/autoload.php';
+
+$dotenv = Dotenv\Dotenv::createImmutable(__DIR__);
+$dotenv->load();

composer.json

@@ -1,7 +1,7 @@
 {
   "name": "descope/descope-php",
   "type": "library",
-  "description": "Descope SDK for PHP 8.1+ for JWT validation and fetching claims and user information.",
+  "description": "Descope SDK for PHP 8.1+",
   "keywords": [
     "drag-and-drop",
     "authentication"
@@ -31,6 +31,6 @@
   },
   "scripts": {
     "test": "./vendor/bin/phpunit --bootstrap vendor/autoload.php src/tests/DescopeSDKTest.php",
-    "license-check": "php src/tests/check_license.php"
+    "license-check": "php src/tests/CheckLicense.php"
   }
 }

sample/callback.php

@@ -22,17 +22,17 @@
     ]);
 
     if (isset($_POST["sessionToken"]) && $descopeSDK->verify($_POST["sessionToken"])) {
-        session_start();
+        session_start()
 
         $_SESSION["user"] = json_decode($_POST["userDetails"], true);
         $_SESSION["sessionToken"] = $_POST["sessionToken"];
 
         // Redirect to dashboard
-        header('Location: dashboard.php');
+        // header('Location: dashboard.php');
         exit();
     } else {
         // Redirect to login page
-        header('Location: login.php');
+        // header('Location: login.php');
         exit();
     }
     ?>

sample/dashboard.php

@@ -9,6 +9,7 @@
 // Get user details and session token from session variables
 $user = $_SESSION["user"];
 $sessionToken = $_SESSION["sessionToken"];
+
 ?>
 
 <!DOCTYPE html>

sample/index.php

@@ -1,9 +1,21 @@
 <?php
+require '../vendor/autoload.php';
+use Descope\SDK\DescopeSDK;
+
 session_start();
 if (isset($_SESSION["user"])) {
     header('Location: dashboard.php');
     exit();
 }
+
+
+$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
+$dotenv->load();
+
+$descopeSDK = new DescopeSDK([
+    'projectId' => $_ENV['DESCOPE_PROJECT_ID']
+]);
+
 ?>
 
 <!DOCTYPE html>