feat: support exchanging OTP codes for tokens

[stevehobbsdev]

Changes

This adds two methods exchange_email_otp_for_tokens and exchange_sms_otp_for_tokens for completing the email and SMS embedded passwordless flows respectively. This is essentially a missing feature; the SDK already supports starting the flows but provides no affordances to be able to complete them.

Also supports authentication using client assertion.

The Auth0 client must have the "Passwordless OTP" grant enabled (see Passwordless embedded login).

Usage example:

client = Auth0Client.new domain: 'YOUR_AUTH0_DOMAIN', client_id: 'YOUR_CLIENT_ID', client_secret: 'YOUR_CLIENT_SECRET'

# Start passwordless using email..
client.start_passwordless_email_flow 'email@test.com', 'code'

# .. or SMS
client.start_passwordless_sms_flow '+44123456789'

# Once the code has been received, call the appropriate method to exchange the OTP:
# From an email:
result = client.exchange_email_otp_for_tokens 'email@test.com', 'OTP'
# <struct Auth0::AccessToken>

# or from SMS
result = client.exchange_sms_otp_for_tokens '+44123456789', 'OTP'
# <struct Auth0::AccessToken>

References

Closes #422

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

• This change adds unit test coverage
• This change adds integration test coverage
• This change has been tested on the latest version of Ruby

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All existing and new tests complete without errors
• Rubocop passes on all added/modified files
• All active GitHub checks have passed