Unsupported parameter `password` for `change_password` API

Describe the problem

In trying to implement a reset password workflow in our application, I found the /dbconnections/change_password endpoint which this gem implements in the change_password method.

The auth0 documentation for this endpoint lists 3 parameters:

client_id
email
connection

The documentation in the gem itself lists password as a possible parameter. This parameter is not listed in the API documentation.

ruby-auth0/lib/auth0/api/authentication_endpoints.rb

Lines 149 to 165 in 2a5cb4c

    
           # Change a user's password or trigger a password reset email. 
        
           # @see https://auth0.com/docs/api/authentication#change-password 
        
           # @see https://auth0.com/docs/connections/database/password-change 
        
           # @param email [string] User's current email 
        
           # @param password [string] User's new password; empty to trigger a 
        
           #   password reset email 
        
           # @param connection_name [string] Database connection name 
        
           def change_password(email, password, connection_name = UP_AUTH) 
        
             raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty? 
        
             request_params = { 
        
               email: email, 
        
               password: password, 
        
               connection: connection_name, 
        
               client_id: @client_id 
        
             } 
        
             post('/dbconnections/change_password', request_params)

Attempting to call change_password with a value for the password parameter results in a Auth0::BadRequest error, at least for me:

/Users/zach/.gem/ruby/3.0.2/gems/auth0-5.5.0/lib/auth0/mixins/httpproxy.rb:93:in `request': {"error":"password is not allowed"} (Auth0::BadRequest)

What was the expected behavior?

I think this behavior is probably expected considering the gem implementation doesn't match what the API documentation lists as the interface for this endpoint.

Reproduction

Create an Auth0 user
Attempt to change that user's email, following the change_password method documentation:

auth0_client.change_password('youremail@here.com', 'thisIsMyNewP4ssw0rd')

See Auth0::BadRequest returned

Environment

Version of this library used:
5.5.0
Which framework are you using, if applicable:
Rails
Other modules/plugins/libraries that might be involved:
N/A
Any other relevant information you think would be useful:
Ruby 3.0.2

I'd be happy to create a PR to address this by the way. I think this slipped under the radar since there isn't any spec that tries to test the change_password method with a password parameter.

Hey @Zajn thanks for brining this to our attention. This parameter is actually only supported on legacy applications. I will get the deprecation documented, and more than likely create a new method without the argument.

	# Change a user's password or trigger a password reset email.
	# @see https://auth0.com/docs/api/authentication#change-password
	# @see https://auth0.com/docs/connections/database/password-change
	# @param email [string] User's current email
	# @param password [string] User's new password; empty to trigger a
	# password reset email
	# @param connection_name [string] Database connection name
	def change_password(email, password, connection_name = UP_AUTH)
	raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?

	request_params = {
	email: email,
	password: password,
	connection: connection_name,
	client_id: @client_id
	}
	post('/dbconnections/change_password', request_params)