From db1ab7da485f81b5d1909a823fb155bddaadacfc Mon Sep 17 00:00:00 2001
From: Josh Cunningham <josh.cunningham@auth0.com>
Date: Fri, 2 Apr 2021 11:19:51 -0700
Subject: [PATCH] update axios throughout (#285)

---
 rules.json                                      | 6 +++---
 src/rules/caisson-id-check.js                   | 2 +-
 src/rules/iddataweb-verification-workflow.js    | 2 +-
 src/rules/mylife-digital-progressive-consent.js | 2 +-
 src/rules/onetrust-consent-management.js        | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/rules.json b/rules.json
index f5fd0f28..8aecc1c9 100644
--- a/rules.json
+++ b/rules.json
@@ -509,7 +509,7 @@
           "marketplace"
         ],
         "description": "<p>Please see the <a href=\"https://marketplace.auth0.com/integrations/iddataweb-identity-verification\">ID DataWeb integration</a> for more information and detailed installation instructions.</p>\n<p><strong>Required configuration</strong> (this Rule will be skipped if any of the below are not defined):</p>\n<ul>\n<li><code>IDDATAWEB_BASE_URL</code> Indicates the ID DataWeb environment. The default value is Pre-production - <code>https://prod2.iddataweb.com/prod-axn</code> - where all testing and POCs should take place. To switch to production, change the URL to <code>https://prod2.iddataweb.com/prod-axn</code></li>\n<li><code>IDDATAWEB_CLIENT_ID</code> Identifies your specific verification workflow and user experience. Get this from the ID DataWeb’s AXN Admin console.</li>\n<li><code>IDDATAWEB_CLIENT_SECRET</code> Authenticates your specific verification workflow and user experience. Get this from ID DataWeb’s AXN Admin console.</li>\n</ul>\n<p><strong>Optional configuration:</strong></p>\n<ul>\n<li><code>IDDATAWEB_ALWAYS_VERIFY</code> Controls if users are verified each time they login, or just initially. We recommend \"true\" (verify the user on every login) for testing, not set (verify once, then not again) for production.</li>\n</ul>",
-        "code": "async function iddatawebVerificationWorkflow(user, context, callback) {\n  const {\n    IDDATAWEB_BASE_URL,\n    IDDATAWEB_CLIENT_ID,\n    IDDATAWEB_CLIENT_SECRET,\n    IDDATAWEB_ALWAYS_VERIFY\n  } = configuration;\n\n  if (!IDDATAWEB_BASE_URL || !IDDATAWEB_CLIENT_ID || !IDDATAWEB_CLIENT_SECRET) {\n    console.log('Missing required configuration. Skipping.');\n    return callback(null, user, context);\n  }\n\n  const { Auth0RedirectRuleUtilities } = require('@auth0/rule-utilities@0.1.0');\n  const axiosClient = require('axios@0.19.2');\n  const url = require('url');\n\n  const ruleUtils = new Auth0RedirectRuleUtilities(\n    user,\n    context,\n    configuration\n  );\n\n  const idwBasicAuth = Buffer.from(\n    IDDATAWEB_CLIENT_ID + ':' + IDDATAWEB_CLIENT_SECRET\n  ).toString('base64');\n\n  const idwTokenNamepsace = 'https://iddataweb.com/';\n  const idwTokenEndpoint = `${IDDATAWEB_BASE_URL}/axn/oauth2/token`;\n  const idwAuthorizeEndpoint = `${IDDATAWEB_BASE_URL}/axn/oauth2/authorize`;\n  const auth0ContinueUrl = `https://${context.request.hostname}/continue`;\n\n  let iddataweb = (user.app_metadata && user.app_metadata.iddataweb) || {};\n  iddataweb.verificationResult = iddataweb.verificationResult || {};\n\n  // if the user is already verified and we don't need to check, exit\n  if (\n    iddataweb.verificationResult.policyDecision === 'approve' &&\n    IDDATAWEB_ALWAYS_VERIFY !== 'true'\n  ) {\n    console.log('user ' + user.user_id + ' has been previously verified.');\n    return callback(null, user, context);\n  }\n\n  // if coming back from redirect - get token, make policy decision, and update user metadata.\n  if (ruleUtils.isRedirectCallback) {\n    console.log('code from IDW: ' + ruleUtils.queryParams.code);\n\n    const formParams = new url.URLSearchParams({\n      grant_type: 'authorization_code',\n      code: ruleUtils.queryParams.code,\n      redirect_uri: auth0ContinueUrl\n    });\n\n    const headers = {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Cache-Control': 'no-cache',\n      Authorization: `Basic ${idwBasicAuth}`\n    };\n\n    let decodedToken;\n    try {\n      const tokenResponse = await axiosClient.post(\n        idwTokenEndpoint,\n        formParams.toString(),\n        { headers }\n      );\n\n      if (tokenResponse.data.error) {\n        throw new Error(tokenResponse.data.error_description);\n      }\n\n      decodedToken = jwt.decode(tokenResponse.data.id_token);\n    } catch (error) {\n      return callback(error);\n    }\n\n    //check issuer, audience and experiation of ID DataWeb Token\n    if (\n      decodedToken.iss !== IDDATAWEB_BASE_URL ||\n      decodedToken.aud !== IDDATAWEB_CLIENT_ID\n    ) {\n      return callback(new Error('ID token invalid.'));\n    }\n\n    console.log('policy decision: ' + decodedToken.policyDecision);\n    console.log('score: ' + decodedToken.idwTrustScore);\n    console.log('IDW transaction ID: ' + decodedToken.jti);\n\n    // once verification is complete, update user's metadata in Auth0.\n    //this could be used for downstream application authorization,\n    //or mapping access to levels of assurance.\n    iddataweb.verificationResult = {\n      policyDecision: decodedToken.policyDecision,\n      transactionid: decodedToken.jti,\n      iat: decodedToken.iat\n    };\n\n    try {\n      auth0.users.updateAppMetadata(user.user_id, { iddataweb });\n    } catch (error) {\n      return callback(error);\n    }\n\n    //include ID DataWeb results in Auth0 ID Token\n    context.idToken[idwTokenNamepsace + 'policyDecision'] =\n      decodedToken.policyDecision;\n    context.idToken[idwTokenNamepsace + 'transactionId'] = decodedToken.jti;\n    context.idToken[idwTokenNamepsace + 'iat'] = decodedToken.iat;\n\n    return callback(null, user, context);\n  }\n\n  // ... otherwise, redirect for verification.\n\n  let idwRedirectUrl =\n    idwAuthorizeEndpoint +\n    '?client_id=' +\n    IDDATAWEB_CLIENT_ID +\n    '&redirect_uri=' +\n    auth0ContinueUrl +\n    '&scope=openid+country.US&response_type=code';\n\n  if (ruleUtils.canRedirect) {\n    context.redirect = {\n      url: idwRedirectUrl\n    };\n  }\n\n  return callback(null, user, context);\n}"
+        "code": "async function iddatawebVerificationWorkflow(user, context, callback) {\n  const {\n    IDDATAWEB_BASE_URL,\n    IDDATAWEB_CLIENT_ID,\n    IDDATAWEB_CLIENT_SECRET,\n    IDDATAWEB_ALWAYS_VERIFY\n  } = configuration;\n\n  if (!IDDATAWEB_BASE_URL || !IDDATAWEB_CLIENT_ID || !IDDATAWEB_CLIENT_SECRET) {\n    console.log('Missing required configuration. Skipping.');\n    return callback(null, user, context);\n  }\n\n  const { Auth0RedirectRuleUtilities } = require('@auth0/rule-utilities@0.1.0');\n  const axiosClient = require('axios@0.21.1');\n  const url = require('url');\n\n  const ruleUtils = new Auth0RedirectRuleUtilities(\n    user,\n    context,\n    configuration\n  );\n\n  const idwBasicAuth = Buffer.from(\n    IDDATAWEB_CLIENT_ID + ':' + IDDATAWEB_CLIENT_SECRET\n  ).toString('base64');\n\n  const idwTokenNamepsace = 'https://iddataweb.com/';\n  const idwTokenEndpoint = `${IDDATAWEB_BASE_URL}/axn/oauth2/token`;\n  const idwAuthorizeEndpoint = `${IDDATAWEB_BASE_URL}/axn/oauth2/authorize`;\n  const auth0ContinueUrl = `https://${context.request.hostname}/continue`;\n\n  let iddataweb = (user.app_metadata && user.app_metadata.iddataweb) || {};\n  iddataweb.verificationResult = iddataweb.verificationResult || {};\n\n  // if the user is already verified and we don't need to check, exit\n  if (\n    iddataweb.verificationResult.policyDecision === 'approve' &&\n    IDDATAWEB_ALWAYS_VERIFY !== 'true'\n  ) {\n    console.log('user ' + user.user_id + ' has been previously verified.');\n    return callback(null, user, context);\n  }\n\n  // if coming back from redirect - get token, make policy decision, and update user metadata.\n  if (ruleUtils.isRedirectCallback) {\n    console.log('code from IDW: ' + ruleUtils.queryParams.code);\n\n    const formParams = new url.URLSearchParams({\n      grant_type: 'authorization_code',\n      code: ruleUtils.queryParams.code,\n      redirect_uri: auth0ContinueUrl\n    });\n\n    const headers = {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Cache-Control': 'no-cache',\n      Authorization: `Basic ${idwBasicAuth}`\n    };\n\n    let decodedToken;\n    try {\n      const tokenResponse = await axiosClient.post(\n        idwTokenEndpoint,\n        formParams.toString(),\n        { headers }\n      );\n\n      if (tokenResponse.data.error) {\n        throw new Error(tokenResponse.data.error_description);\n      }\n\n      decodedToken = jwt.decode(tokenResponse.data.id_token);\n    } catch (error) {\n      return callback(error);\n    }\n\n    //check issuer, audience and experiation of ID DataWeb Token\n    if (\n      decodedToken.iss !== IDDATAWEB_BASE_URL ||\n      decodedToken.aud !== IDDATAWEB_CLIENT_ID\n    ) {\n      return callback(new Error('ID token invalid.'));\n    }\n\n    console.log('policy decision: ' + decodedToken.policyDecision);\n    console.log('score: ' + decodedToken.idwTrustScore);\n    console.log('IDW transaction ID: ' + decodedToken.jti);\n\n    // once verification is complete, update user's metadata in Auth0.\n    //this could be used for downstream application authorization,\n    //or mapping access to levels of assurance.\n    iddataweb.verificationResult = {\n      policyDecision: decodedToken.policyDecision,\n      transactionid: decodedToken.jti,\n      iat: decodedToken.iat\n    };\n\n    try {\n      auth0.users.updateAppMetadata(user.user_id, { iddataweb });\n    } catch (error) {\n      return callback(error);\n    }\n\n    //include ID DataWeb results in Auth0 ID Token\n    context.idToken[idwTokenNamepsace + 'policyDecision'] =\n      decodedToken.policyDecision;\n    context.idToken[idwTokenNamepsace + 'transactionId'] = decodedToken.jti;\n    context.idToken[idwTokenNamepsace + 'iat'] = decodedToken.iat;\n\n    return callback(null, user, context);\n  }\n\n  // ... otherwise, redirect for verification.\n\n  let idwRedirectUrl =\n    idwAuthorizeEndpoint +\n    '?client_id=' +\n    IDDATAWEB_CLIENT_ID +\n    '&redirect_uri=' +\n    auth0ContinueUrl +\n    '&scope=openid+country.US&response_type=code';\n\n  if (ruleUtils.canRedirect) {\n    context.redirect = {\n      url: idwRedirectUrl\n    };\n  }\n\n  return callback(null, user, context);\n}"
       },
       {
         "id": "incognia-authentication",
@@ -539,7 +539,7 @@
           "marketplace"
         ],
         "description": "<p>Please see the <a href=\"https://marketplace.auth0.com/integrations/mylife-digital-progressive-consent\">MyLife Digital integration</a> for more information and detailed installation instructions.\n<strong>Required configuration</strong> (this Rule will be skipped if any of the below are not defined):</p>\n<ul>\n<li><code>CONSENTRIC_AUTH_HOST</code> The URL to authenticate against for your Consentric API token, like <code>https://sandbox-consentric.eu.auth0.com</code></li>\n<li><code>CONSENTRIC_API_HOST</code> The Consentric API host URL, like <code>https://sandbox.consentric.io</code></li>\n<li><code>CONSENTRIC_CLIENT_ID</code> The Consentric ClientId issued to you</li>\n<li><code>CONSENTRIC_CLIENT_SECRET</code> The Consentric ClientSecret issued to you</li>\n<li><code>CONSENTRIC_AUDIENCE</code> The name of the Consentric API being called, like <code>https://sandbox.consentric.io</code></li>\n<li><code>CONSENTRIC_APPLICATION_ID</code> The Consentric ApplicationId issued to you</li>\n<li><code>CONSENTRIC_REDIRECT_URL</code> The URL of the page containing the Progressive widget</li>\n</ul>",
-        "code": "function consentricProgressiveConsent(user, context, callback) {\n  const axios = require('axios@0.19.2');\n  const moment = require('moment@2.11.2');\n  const { Auth0RedirectRuleUtilities } = require('@auth0/rule-utilities@0.1.0');\n\n  const ruleUtils = new Auth0RedirectRuleUtilities(\n    user,\n    context,\n    configuration\n  );\n\n  const asMilliSeconds = (seconds) => seconds * 1000;\n\n  const {\n    CONSENTRIC_AUTH_HOST,\n    CONSENTRIC_API_HOST,\n    CONSENTRIC_AUDIENCE,\n    CONSENTRIC_CLIENT_ID,\n    CONSENTRIC_CLIENT_SECRET,\n    CONSENTRIC_APPLICATION_ID,\n    CONSENTRIC_REDIRECT_URL\n  } = configuration;\n\n  if (\n    !CONSENTRIC_AUTH_HOST ||\n    !CONSENTRIC_API_HOST ||\n    !CONSENTRIC_AUDIENCE ||\n    !CONSENTRIC_CLIENT_ID ||\n    !CONSENTRIC_CLIENT_SECRET ||\n    !CONSENTRIC_APPLICATION_ID ||\n    !CONSENTRIC_REDIRECT_URL\n  ) {\n    console.log('Missing required configuration. Skipping.');\n    return callback(null, user, context);\n  }\n\n  const consentricAuth = axios.create({\n    baseURL: CONSENTRIC_AUTH_HOST,\n    timeout: 1000\n  });\n\n  const consentricApi = axios.create({\n    baseURL: CONSENTRIC_API_HOST,\n    timeout: 1000\n  });\n\n  // Returns Consentric API Access Token (JWT) from either the global cache or generates it anew from clientId and secret\n  const getConsentricApiAccessToken = async () => {\n    const consentricApiTokenNotValid =\n      !global.consentricApiToken || global.consentricApiToken.exp < Date.now();\n\n    if (consentricApiTokenNotValid) {\n      try {\n        // Exchange Credentials for Consentric Api Access token\n        const {\n          data: { expires_in, access_token }\n        } = await consentricAuth.post('/oauth/token', {\n          grant_type: 'client_credentials',\n          client_id: CONSENTRIC_CLIENT_ID,\n          client_secret: CONSENTRIC_CLIENT_SECRET,\n          audience: CONSENTRIC_AUDIENCE,\n          applicationId: CONSENTRIC_APPLICATION_ID\n        });\n\n        const expiryInMs = new Date().getTime() + asMilliSeconds(expires_in);\n        const auth = {\n          jwt: access_token,\n          exp: expiryInMs\n        };\n\n        // Persist API Access token in global properties\n        global.consentricApiToken = auth;\n      } catch (error) {\n        console.error(\n          'Unable to retrieve API Access token for Consentric. Please check that your credentials (CONSENTRIC_CLIENT_ID and CONSENTRIC_CLIENT_SECRET) are correct.'\n        );\n        throw error;\n      }\n    }\n\n    return global.consentricApiToken;\n  };\n\n  // Creates Citizen Record in Consentric with Auth0 Id\n  const createCitizen = ({ userRef, apiAccessToken }) => {\n    console.log(`Upserting Consentric Citizen record for ${userRef}`);\n    const data = {\n      applicationId: CONSENTRIC_APPLICATION_ID,\n      externalRef: userRef\n    };\n\n    return consentricApi\n      .post('/v1/citizens', data, {\n        headers: {\n          Authorization: 'Bearer ' + apiAccessToken\n        }\n      })\n      .catch((err) => {\n        if (err.response.status !== 409) {\n          // 409 indicates Citizen with given reference already exists in Consentric\n          console.error(err);\n          throw err;\n        }\n      });\n  };\n\n  // Function to retrieve Consentric User Token from User Metadata\n  const getConsentricUserTokenFromMetadata = (user) =>\n    user.app_metadata && user.app_metadata.consentric;\n\n  // Generates On Demand Consentric User Token for the given User using the API Access Token\n  const generateConsentricUserAccessToken = async ({\n    userRef,\n    apiAccessToken\n  }) => {\n    try {\n      console.log(`Attempting to generate access token API for ${userRef}`);\n\n      const {\n        data: { token, expiryDate: exp }\n      } = await consentricApi.post(\n        '/v1/access-tokens/tokens',\n        {\n          applicationId: CONSENTRIC_APPLICATION_ID,\n          externalRef: userRef,\n          expiryDate: moment().add(3, 'months').toISOString()\n        },\n        {\n          headers: {\n            Authorization: 'Bearer ' + apiAccessToken\n          }\n        }\n      );\n\n      return {\n        token,\n        exp\n      };\n    } catch (err) {\n      console.error(err);\n      throw err;\n    }\n  };\n\n  const loadConsentricUserAccessToken = async ({ user }) => {\n    try {\n      const metadataUserToken = getConsentricUserTokenFromMetadata(user);\n      if (\n        metadataUserToken &&\n        moment(metadataUserToken.exp).subtract(1, 'days').isAfter(moment())\n      )\n        return metadataUserToken;\n\n      const { jwt: apiAccessToken } = await getConsentricApiAccessToken();\n      const apiCredentials = {\n        userRef: user.user_id,\n        apiAccessToken\n      };\n\n      // Create Citizen with Auth0 UserId\n      await createCitizen(apiCredentials);\n\n      // Generate an On Demand Access Token for the created citizen\n      const generatedToken = await generateConsentricUserAccessToken(\n        apiCredentials\n      );\n\n      // Persist the app_metadata update\n      await auth0.users.updateAppMetadata(user.user_id, {\n        consentric: generatedToken\n      });\n\n      return generatedToken;\n    } catch (err) {\n      console.error(\n        `Issue loading Consentric User Access Token for user ${user.user_id} - ${err}`\n      );\n      throw err;\n    }\n  };\n\n  const initConsentricFlow = async () => {\n    try {\n      const { token } = await loadConsentricUserAccessToken({ user });\n      const urlConnector = CONSENTRIC_REDIRECT_URL.includes('?') ? '&' : '?';\n      const redirectUrl =\n        CONSENTRIC_REDIRECT_URL + urlConnector + 'token=' + token;\n\n      context.redirect = {\n        url: redirectUrl\n      };\n    } catch (err) {\n      console.error(`CONSENTRIC RULE ABORTED: ${err}`);\n    }\n    return callback(null, user, context);\n  };\n\n  if (ruleUtils.canRedirect) {\n    return initConsentricFlow();\n  } else {\n    // Run after Redirect or Silent Auth\n    return callback(null, user, context);\n  }\n}"
+        "code": "function consentricProgressiveConsent(user, context, callback) {\n  const axios = require('axios@0.21.1');\n  const moment = require('moment@2.11.2');\n  const { Auth0RedirectRuleUtilities } = require('@auth0/rule-utilities@0.1.0');\n\n  const ruleUtils = new Auth0RedirectRuleUtilities(\n    user,\n    context,\n    configuration\n  );\n\n  const asMilliSeconds = (seconds) => seconds * 1000;\n\n  const {\n    CONSENTRIC_AUTH_HOST,\n    CONSENTRIC_API_HOST,\n    CONSENTRIC_AUDIENCE,\n    CONSENTRIC_CLIENT_ID,\n    CONSENTRIC_CLIENT_SECRET,\n    CONSENTRIC_APPLICATION_ID,\n    CONSENTRIC_REDIRECT_URL\n  } = configuration;\n\n  if (\n    !CONSENTRIC_AUTH_HOST ||\n    !CONSENTRIC_API_HOST ||\n    !CONSENTRIC_AUDIENCE ||\n    !CONSENTRIC_CLIENT_ID ||\n    !CONSENTRIC_CLIENT_SECRET ||\n    !CONSENTRIC_APPLICATION_ID ||\n    !CONSENTRIC_REDIRECT_URL\n  ) {\n    console.log('Missing required configuration. Skipping.');\n    return callback(null, user, context);\n  }\n\n  const consentricAuth = axios.create({\n    baseURL: CONSENTRIC_AUTH_HOST,\n    timeout: 1000\n  });\n\n  const consentricApi = axios.create({\n    baseURL: CONSENTRIC_API_HOST,\n    timeout: 1000\n  });\n\n  // Returns Consentric API Access Token (JWT) from either the global cache or generates it anew from clientId and secret\n  const getConsentricApiAccessToken = async () => {\n    const consentricApiTokenNotValid =\n      !global.consentricApiToken || global.consentricApiToken.exp < Date.now();\n\n    if (consentricApiTokenNotValid) {\n      try {\n        // Exchange Credentials for Consentric Api Access token\n        const {\n          data: { expires_in, access_token }\n        } = await consentricAuth.post('/oauth/token', {\n          grant_type: 'client_credentials',\n          client_id: CONSENTRIC_CLIENT_ID,\n          client_secret: CONSENTRIC_CLIENT_SECRET,\n          audience: CONSENTRIC_AUDIENCE,\n          applicationId: CONSENTRIC_APPLICATION_ID\n        });\n\n        const expiryInMs = new Date().getTime() + asMilliSeconds(expires_in);\n        const auth = {\n          jwt: access_token,\n          exp: expiryInMs\n        };\n\n        // Persist API Access token in global properties\n        global.consentricApiToken = auth;\n      } catch (error) {\n        console.error(\n          'Unable to retrieve API Access token for Consentric. Please check that your credentials (CONSENTRIC_CLIENT_ID and CONSENTRIC_CLIENT_SECRET) are correct.'\n        );\n        throw error;\n      }\n    }\n\n    return global.consentricApiToken;\n  };\n\n  // Creates Citizen Record in Consentric with Auth0 Id\n  const createCitizen = ({ userRef, apiAccessToken }) => {\n    console.log(`Upserting Consentric Citizen record for ${userRef}`);\n    const data = {\n      applicationId: CONSENTRIC_APPLICATION_ID,\n      externalRef: userRef\n    };\n\n    return consentricApi\n      .post('/v1/citizens', data, {\n        headers: {\n          Authorization: 'Bearer ' + apiAccessToken\n        }\n      })\n      .catch((err) => {\n        if (err.response.status !== 409) {\n          // 409 indicates Citizen with given reference already exists in Consentric\n          console.error(err);\n          throw err;\n        }\n      });\n  };\n\n  // Function to retrieve Consentric User Token from User Metadata\n  const getConsentricUserTokenFromMetadata = (user) =>\n    user.app_metadata && user.app_metadata.consentric;\n\n  // Generates On Demand Consentric User Token for the given User using the API Access Token\n  const generateConsentricUserAccessToken = async ({\n    userRef,\n    apiAccessToken\n  }) => {\n    try {\n      console.log(`Attempting to generate access token API for ${userRef}`);\n\n      const {\n        data: { token, expiryDate: exp }\n      } = await consentricApi.post(\n        '/v1/access-tokens/tokens',\n        {\n          applicationId: CONSENTRIC_APPLICATION_ID,\n          externalRef: userRef,\n          expiryDate: moment().add(3, 'months').toISOString()\n        },\n        {\n          headers: {\n            Authorization: 'Bearer ' + apiAccessToken\n          }\n        }\n      );\n\n      return {\n        token,\n        exp\n      };\n    } catch (err) {\n      console.error(err);\n      throw err;\n    }\n  };\n\n  const loadConsentricUserAccessToken = async ({ user }) => {\n    try {\n      const metadataUserToken = getConsentricUserTokenFromMetadata(user);\n      if (\n        metadataUserToken &&\n        moment(metadataUserToken.exp).subtract(1, 'days').isAfter(moment())\n      )\n        return metadataUserToken;\n\n      const { jwt: apiAccessToken } = await getConsentricApiAccessToken();\n      const apiCredentials = {\n        userRef: user.user_id,\n        apiAccessToken\n      };\n\n      // Create Citizen with Auth0 UserId\n      await createCitizen(apiCredentials);\n\n      // Generate an On Demand Access Token for the created citizen\n      const generatedToken = await generateConsentricUserAccessToken(\n        apiCredentials\n      );\n\n      // Persist the app_metadata update\n      await auth0.users.updateAppMetadata(user.user_id, {\n        consentric: generatedToken\n      });\n\n      return generatedToken;\n    } catch (err) {\n      console.error(\n        `Issue loading Consentric User Access Token for user ${user.user_id} - ${err}`\n      );\n      throw err;\n    }\n  };\n\n  const initConsentricFlow = async () => {\n    try {\n      const { token } = await loadConsentricUserAccessToken({ user });\n      const urlConnector = CONSENTRIC_REDIRECT_URL.includes('?') ? '&' : '?';\n      const redirectUrl =\n        CONSENTRIC_REDIRECT_URL + urlConnector + 'token=' + token;\n\n      context.redirect = {\n        url: redirectUrl\n      };\n    } catch (err) {\n      console.error(`CONSENTRIC RULE ABORTED: ${err}`);\n    }\n    return callback(null, user, context);\n  };\n\n  if (ruleUtils.canRedirect) {\n    return initConsentricFlow();\n  } else {\n    // Run after Redirect or Silent Auth\n    return callback(null, user, context);\n  }\n}"
       },
       {
         "id": "netlify-role-management",
@@ -559,7 +559,7 @@
           "marketplace"
         ],
         "description": "<p>Please see the <a href=\"https://marketplace.auth0.com/integrations/onetrust-consent-management\">OneTrust integration</a> for more information and detailed installation instructions.</p>\n<p><strong>Required configuration</strong> (this Rule will be skipped if any of the below are not defined):</p>\n<ul>\n<li><code>ONETRUST_REQUEST_INFORMATION</code> Your OneTrust Collection Point API token</li>\n<li><code>ONETRUST_CONSENT_API_URL</code> Your OneTrust Collection Point API URL</li>\n<li><code>ONETRUST_PURPOSE_ID</code> Your OneTrust Collection Point Purpose ID</li>\n</ul>\n<p><strong>Optional configuration:</strong></p>\n<ul>\n<li><code>ONETRUST_SKIP_IF_NO_EMAIL</code> If set to \"true\" then the Rule will be skipped if there is no email address. Otherwise the Rule will fail with an error.</li>\n</ul>",
-        "code": "/* global configuration */\nasync function oneTrustConsentManagement(user, context, callback) {\n  const axios = require('axios@0.19.2');\n\n  const {\n    ONETRUST_REQUEST_INFORMATION,\n    ONETRUST_CONSENT_API_URL,\n    ONETRUST_PURPOSE_ID\n  } = configuration;\n\n  if (\n    !ONETRUST_REQUEST_INFORMATION ||\n    !ONETRUST_CONSENT_API_URL ||\n    !ONETRUST_PURPOSE_ID\n  ) {\n    console.log('Missing required configuration. Skipping.');\n    return callback(null, user, context);\n  }\n\n  const skipIfNoEmail = configuration.ONETRUST_SKIP_IF_NO_EMAIL === 'true';\n\n  user.app_metadata = user.app_metadata || {};\n  let onetrust = user.app_metadata.onetrust || {};\n\n  if (onetrust.receipt) {\n    console.log('User has a Collection Point receipt. Skipping.');\n    return callback(null, user, context);\n  }\n\n  if (!user.email) {\n    if (skipIfNoEmail) {\n      console.log('User has no email address. Skipping.');\n      return callback(null, user, context);\n    }\n    return callback(new Error('An email address is required.'));\n  }\n\n  try {\n    const response = await axios.post(ONETRUST_CONSENT_API_URL, {\n      identifier: user.email,\n      requestInformation: ONETRUST_REQUEST_INFORMATION,\n      purposes: [{ Id: ONETRUST_PURPOSE_ID }]\n    });\n    onetrust.receipt = response.data.receipt;\n  } catch (error) {\n    console.log('Error calling the Collection Point.');\n    return callback(error);\n  }\n\n  try {\n    await auth0.users.updateAppMetadata(user.user_id, { onetrust });\n  } catch (error) {\n    console.log('Error updating user app_metadata.');\n    return callback(error);\n  }\n\n  return callback(null, user, context);\n}"
+        "code": "/* global configuration */\nasync function oneTrustConsentManagement(user, context, callback) {\n  const axios = require('axios@0.21.1');\n\n  const {\n    ONETRUST_REQUEST_INFORMATION,\n    ONETRUST_CONSENT_API_URL,\n    ONETRUST_PURPOSE_ID\n  } = configuration;\n\n  if (\n    !ONETRUST_REQUEST_INFORMATION ||\n    !ONETRUST_CONSENT_API_URL ||\n    !ONETRUST_PURPOSE_ID\n  ) {\n    console.log('Missing required configuration. Skipping.');\n    return callback(null, user, context);\n  }\n\n  const skipIfNoEmail = configuration.ONETRUST_SKIP_IF_NO_EMAIL === 'true';\n\n  user.app_metadata = user.app_metadata || {};\n  let onetrust = user.app_metadata.onetrust || {};\n\n  if (onetrust.receipt) {\n    console.log('User has a Collection Point receipt. Skipping.');\n    return callback(null, user, context);\n  }\n\n  if (!user.email) {\n    if (skipIfNoEmail) {\n      console.log('User has no email address. Skipping.');\n      return callback(null, user, context);\n    }\n    return callback(new Error('An email address is required.'));\n  }\n\n  try {\n    const response = await axios.post(ONETRUST_CONSENT_API_URL, {\n      identifier: user.email,\n      requestInformation: ONETRUST_REQUEST_INFORMATION,\n      purposes: [{ Id: ONETRUST_PURPOSE_ID }]\n    });\n    onetrust.receipt = response.data.receipt;\n  } catch (error) {\n    console.log('Error calling the Collection Point.');\n    return callback(error);\n  }\n\n  try {\n    await auth0.users.updateAppMetadata(user.user_id, { onetrust });\n  } catch (error) {\n    console.log('Error updating user app_metadata.');\n    return callback(error);\n  }\n\n  return callback(null, user, context);\n}"
       },
       {
         "id": "onfido-idv",
diff --git a/src/rules/caisson-id-check.js b/src/rules/caisson-id-check.js
index 365341c4..298edb84 100644
--- a/src/rules/caisson-id-check.js
+++ b/src/rules/caisson-id-check.js
@@ -51,7 +51,7 @@ async function caissonIDCheck(user, context, callback) {
       api: 'https://api.caisson.com',
       dashboard: 'https://www.caisson.com'
     },
-    axios: require('axios@0.19.2'),
+    axios: require('axios@0.21.1'),
     util: new Auth0RedirectRuleUtilities(user, context, caissonConf)
   };
 
diff --git a/src/rules/iddataweb-verification-workflow.js b/src/rules/iddataweb-verification-workflow.js
index 9b5f1d13..22af5e61 100644
--- a/src/rules/iddataweb-verification-workflow.js
+++ b/src/rules/iddataweb-verification-workflow.js
@@ -32,7 +32,7 @@ async function iddatawebVerificationWorkflow(user, context, callback) {
   }
 
   const { Auth0RedirectRuleUtilities } = require('@auth0/rule-utilities@0.1.0');
-  const axiosClient = require('axios@0.19.2');
+  const axiosClient = require('axios@0.21.1');
   const url = require('url');
 
   const ruleUtils = new Auth0RedirectRuleUtilities(
diff --git a/src/rules/mylife-digital-progressive-consent.js b/src/rules/mylife-digital-progressive-consent.js
index 4bd28b6a..3cee56f0 100644
--- a/src/rules/mylife-digital-progressive-consent.js
+++ b/src/rules/mylife-digital-progressive-consent.js
@@ -18,7 +18,7 @@
 *
 */
 function consentricProgressiveConsent(user, context, callback) {
-  const axios = require('axios@0.19.2');
+  const axios = require('axios@0.21.1');
   const moment = require('moment@2.11.2');
   const { Auth0RedirectRuleUtilities } = require('@auth0/rule-utilities@0.1.0');
 
diff --git a/src/rules/onetrust-consent-management.js b/src/rules/onetrust-consent-management.js
index 082c545b..8c8658d1 100644
--- a/src/rules/onetrust-consent-management.js
+++ b/src/rules/onetrust-consent-management.js
@@ -18,7 +18,7 @@
  */
 /* global configuration */
 async function oneTrustConsentManagement(user, context, callback) {
-  const axios = require('axios@0.19.2');
+  const axios = require('axios@0.21.1');
 
   const {
     ONETRUST_REQUEST_INFORMATION,