From cb7d36cd21ac04f683c38f73d4c9642654886c18 Mon Sep 17 00:00:00 2001 From: Puja Sharma Date: Fri, 8 Apr 2022 12:30:48 +0530 Subject: [PATCH] feat(jans-config-api): user mgmt patch endpoint --- jans-cli/cli/jca.yaml.bak | 6993 ----------------- .../model/user/UserPatchRequest.java | 39 + .../rest/resource/auth/UserResource.java | 27 +- .../configapi/service/auth/UserService.java | 31 +- .../io/jans/configapi/core/util/Jackson.java | 5 + .../orm/model/base/CustomObjectAttribute.java | 9 +- 6 files changed, 77 insertions(+), 7027 deletions(-) delete mode 100644 jans-cli/cli/jca.yaml.bak create mode 100644 jans-config-api/common/src/main/java/io/jans/configapi/model/user/UserPatchRequest.java diff --git a/jans-cli/cli/jca.yaml.bak b/jans-cli/cli/jca.yaml.bak deleted file mode 100644 index 30ba1f40938..00000000000 --- a/jans-cli/cli/jca.yaml.bak +++ /dev/null @@ -1,6993 +0,0 @@ -openapi: 3.0.1 -info: - title: jans-config-api - description: jans-config-api - Authorization services - contact: - email: xxx@gluu.org - license: - name: License - url: 'https://github.com/JanssenProject/blob/master/LICENSE' - version: '1.0.0' -servers: - - url: 'https://jans.io/' -tags: - - name: developers - description: jans-config-api enables access to the features available via the existing Jans Authorization Server API. - - name: Attribute - - name: Default Authentication Method - - name: Cache Configuration - - name: Cache Configuration – Memcached - - name: Cache Configuration – Redis - - name: Cache Configuration – in-Memory - - name: Cache Configuration – Native-Persistence - - name: Configuration – Properties - - name: Configuration – Fido2 - - name: Configuration – SMTP - - name: Configuration – Logging - - name: Configuration – JWK - JSON Web Key (JWK) - - name: Custom Scripts - - name: Database - LDAP configuration - - name: Database - Couchbase configuration - - name: OAuth - OpenID Connect - Clients - - name: OAuth - UMA Resources - - name: OAuth - Scopes - - name: Statistics - User - - name: Health - Check - - name: Server Stats - - name: User Management - - name: SCIM - User Management - - name: SCIM - Config Management - - name: Organization Configuration - - name: Auth Server Health - Check - - name: Admin UI - Role - - name: Admin UI - Permission - - name: Admin UI - Role-Permissions Mapping - - name: Admin UI - License -paths: - /jans-config-api/api/v1/jans-auth-server/config: - get: - summary: Gets all Jans authorization server configuration properties. - description: Gets all Jans authorization server configuration properties. - operationId: get-properties - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/properties.readonly] - tags: - - Configuration – Properties - responses: - '200': - description: OK - content: - application/json: - schema: - title: AppConfiguration - description: Jans Authorization Server config properties. - $ref: '#/components/schemas/AppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - patch: - summary: Partially modifies Jans authorization server Application configuration properties. - description: Partially modifies Jans authorization server AppConfiguration properties. - operationId: patch-properties - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/properties.write] - tags: - - Configuration – Properties - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: loggingLevel, value: DEBUG } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: AppConfiguration - description: Jans authorization server config properties. - $ref: '#/components/schemas/AppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/api/v1/jans-auth-server/config/persistence: - get: - summary: Returns persistence type configured for Jans authorization server. - description: Returns persistence type configured for Jans authorization server. - operationId: get-properties-persistence - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/properties.readonly] - tags: - - Configuration – Properties - responses: - '200': - description: OK - content: - application/json: - schema: - title: PersistenceConfiguration - description: Jans Authorization Persistence Configuration object. - $ref: '#/components/schemas/PersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/api/v1/fido2/config: - get: - summary: Gets Jans Authorization Server Fido2 configuration properties. - description: Gets Jans Authorization Server Fido2 configuration properties. - operationId: get-properties-fido2 - tags: - - Configuration – Fido2 - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JansFido2DynConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/fido2.readonly] - put: - summary: Updates Fido2 configuration properties. - description: Updates Fido2 configuration properties. - operationId: put-properties-fido2 - tags: - - Configuration – Fido2 - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/JansFido2DynConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JansFido2DynConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/fido2.write] - parameters: [] - /jans-config-api/api/v1/attributes: - get: - summary: Gets a list of Gluu attributes. - description: 'Gets all attributes. Optionally max-size of the result, attribute status and pattern can be provided.' - operationId: get-attributes - tags: - - Attribute - responses: - '200': - description: OK - content: - application/json: - schema: - title: Gluu Attributes - description: List of all attribute. - type: array - items: - $ref: '#/components/schemas/GluuAttribute' - '401': - description: Unauthorized - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: string - default: all - in: query - name: status - description: Status of the attribute - post: - summary: Adds a new attribute. - description: Adds a new attribute. - operationId: post-attributes - tags: - - Attribute - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - description: Unauthorized - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.write] - put: - summary: Updates an existing attribute. - description: Updates an existing attribute. - operationId: put-attributes - tags: - - Attribute - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - description: Unauthorized - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.write] - parameters: [] - '/jans-config-api/api/v1/attributes/{inum}': - parameters: - - name: inum - in: path - required: true - description: Attribute ID. - schema: - type: string - get: - summary: Gets an attribute based on inum. - description: Gets an attribute based on inum. - operationId: get-attributes-by-inum - tags: - - Attribute - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.readonly] - delete: - summary: Deletes an attribute based on inum. - description: Deletes an attribute based on inum. - operationId: delete-attributes-by-inum - tags: - - Attribute - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.delete] - patch: - summary: Partially modify a GluuAttribute. - description: Partially modify a GluuAttribute. - operationId: patch-attributes-by-inum - security: - - oauth2: [https://jans.io/oauth/config/attributes.write] - tags: - - Attribute - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: displayName, value: \"CustomAttribute\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/api/v1/acrs: - get: - summary: Gets default authentication method. - description: Gets default authentication method. - operationId: get-acrs - tags: - - Default Authentication Method - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/AuthenticationMethod' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/acrs.readonly] - put: - summary: Updates default authentication method. - description: Updates default authentication method. - operationId: put-acrs - tags: - - Default Authentication Method - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AuthenticationMethod' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/AuthenticationMethod' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/acrs.write] - parameters: [] - /jans-config-api/api/v1/config/database/ldap: - get: - summary: Gets list of existing LDAP configurations. - description: Gets list of existing LDAP configurations. - operationId: get-config-database-ldap - tags: - - Database - LDAP configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: LdapConfiguration - description: List of configured LDAP configuration. - type: array - items: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.readonly] - post: - summary: Adds a new LDAP configuration. - description: Adds a new LDAP configuration. - operationId: post-config-database-ldap - tags: - - Database - LDAP configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.write] - put: - summary: Updates LDAP configuration. - description: Updates LDAP configuration. - operationId: put-config-database-ldap - tags: - - Database - LDAP configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.write] - parameters: [] - /jans-config-api/api/v1/config/database/ldap/{name}: - parameters: - - name: configId - in: path - required: true - description: Name of LDAP configuration. - schema: - type: string - get: - summary: Gets an LDAP configuration by name. - description: Gets an LDAP configuration by name. - operationId: get-config-database-ldap-by-name - tags: - - Database - LDAP configuration - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.readonly] - delete: - summary: Deletes an LDAP configuration. - description: Deletes an LDAP configuration. - operationId: delete-config-database-ldap-by-name - tags: - - Database - LDAP configuration - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.delete] - patch: - summary: Partially modify an LDAP configuration. - description: Partially modify an LDAP configuration. - operationId: patch-config-database-ldap-by-name - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.write] - tags: - - Database - LDAP configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: maxConnections, value: 8 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/api/v1/config/database/ldap/test: - post: - summary: Tests an LDAP configuration. - description: Tests an LDAP configuration. - operationId: post-config-database-ldap-test - tags: - - Database - LDAP configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - type: boolean - description: LDAP connection status true if connection is successfully established. - - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.readonly] - /jans-config-api/api/v1/config/database/sql: - get: - summary: Gets list of existing sql configurations. - description: Gets list of existing sql configurations. - operationId: get-config-database-sql - tags: - - Database - Sql configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: SqlConfiguration - description: List of configured Sql configuration. - items: - $ref: '#/components/schemas/SqlConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/sql.readonly] - post: - summary: Adds a new Sql configuration. - description: Adds a new Sql configuration. - operationId: post-config-database-sql - tags: - - Database - Sql configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/SqlConfiguration' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/SqlConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/sql.write] - put: - summary: Updates Sql configuration. - description: Updates Sql configuration. - operationId: put-config-database-sql - tags: - - Database - Sql configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/SqlConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SqlConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/sql.write] - parameters: [] - /jans-config-api/api/v1/config/database/sql/{name}: - parameters: - - name: name - in: path - required: true - description: Name of Sql configuration. - schema: - type: string - get: - summary: Gets a Sql configurations by name. - description: Gets a Sql configurations by name. - operationId: get-config-database-sql-by-name - tags: - - Database - Sql configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: SqlConfiguration - description: List of configured Sql configuration. - $ref: '#/components/schemas/SqlConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/sql.readonly] - patch: - summary: Partially modify an Sql configuration. - description: Partially modify an Sql configuration. - operationId: patch-config-database-sql-by-name - tags: - - Database - Sql configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: maxConnections, value: 8 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SqlConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/sql.write] - delete: - summary: Deletes a Sql configurations by name. - description: Deletes a Sql configurations by name. - operationId: delete-config-database-sql-by-name - tags: - - Database - Sql configuration - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/sql.delete] - /jans-config-api/api/v1/config/database/sql/test: - post: - summary: Tests a Sql configuration. - description: Tests a Sql configuration. - operationId: post-config-database-sql-test - tags: - - Database - Sql configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/SqlConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - type: boolean - description: Sql connection status true if connection is successfully established. - - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/sql.readonly] - /jans-config-api/api/v1/config/database/couchbase: - get: - summary: Gets list of existing Couchbase configurations. - description: Gets list of existing Couchbase configurations. - operationId: get-config-database-couchbase - tags: - - Database - Couchbase configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: CouchbaseConfiguration - description: List of configured Couchbase configuration. - items: - $ref: '#/components/schemas/CouchbaseConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/couchbase.readonly] - post: - summary: Adds a new Couchbase configuration. - description: Adds a new Couchbase configuration. - operationId: post-config-database-couchbase - tags: - - Database - Couchbase configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/CouchbaseConfiguration' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/CouchbaseConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/couchbase.write] - put: - summary: Updates Couchbase configuration. - description: Updates Couchbase configuration. - operationId: put-config-database-couchbase - tags: - - Database - Couchbase configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/CouchbaseConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CouchbaseConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/couchbase.write] - parameters: [] - /jans-config-api/api/v1/config/database/couchbase/{name}: - parameters: - - name: name - in: path - required: true - description: Name of Couchbase configuration. - schema: - type: string - get: - summary: Gets a Couchbase configurations by name. - description: Gets a Couchbase configurations by name. - operationId: get-config-database-couchbase-by-name - tags: - - Database - Couchbase configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: CouchbaseConfiguration - description: List of configured Couchbase configuration. - $ref: '#/components/schemas/CouchbaseConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/couchbase.readonly] - patch: - summary: Partially modify an Couchbase configuration. - description: Partially modify an Couchbase configuration. - operationId: patch-config-database-couchbase-by-name - tags: - - Database - Couchbase configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: maxConnections, value: 8 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CouchbaseConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/couchbase.write] - delete: - summary: Deletes a Couchbase configurations by name. - description: Deletes a Couchbase configurations by name. - operationId: delete-config-database-couchbase-by-name - tags: - - Database - Couchbase configuration - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/couchbase.delete] - /jans-config-api/api/v1/config/database/couchbase/test: - post: - summary: Tests a Couchbase configuration. - description: Tests a Couchbase configuration. - operationId: post-config-database-couchbase-test - tags: - - Database - Couchbase configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/CouchbaseConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - type: boolean - description: Couchbase connection status true if connection is successfully established. - - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/couchbase.readonly] - /jans-config-api/api/v1/config/scripts: - get: - summary: Gets a list of custom scripts. - description: Gets a list of custom scripts. - operationId: get-config-scripts - tags: - - Custom Scripts - responses: - '200': - description: OK - content: - application/json: - schema: - items: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.readonly] - post: - summary: Adds a new custom script. - description: Adds a new custom script. - operationId: post-config-scripts - tags: - - Custom Scripts - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - responses: - '201': - description: CREATED - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.write] - put: - summary: Updates a custom script. - description: Updates a custom script. - operationId: put-config-scripts - x-cli-getdata: get-config-scripts-by-inum - tags: - - Custom Scripts - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.write] - /jans-config-api/api/v1/config/scripts/type/{type}: - parameters: - - schema: - type: string - enum: - - '- person_authentication' - - '- introspection' - - '- resource_owner_password_credentials' - - '- application_session' - - '- cache_refresh' - - '- update_user' - - '- user_registration' - - '- client_registration' - - '- id_generator' - - '- uma_rpt_policy' - - '- uma_rpt_claims' - - '- uma_claims_gathering' - - '- consent_gathering' - - '- dynamic_scope' - - '- spontaneous_scope' - - '- end_session' - - '- post_authn' - - '- scim' - - '- ciba_end_user_notification' - - '- persistence_extension' - - '- idp' - name: type - in: path - description: Script type. - required: true - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - get: - summary: Gets list of scripts by type. - description: Gets list of scripts by type. - operationId: get-config-scripts-by-type - x-cli-ignore: true - tags: - - Custom Scripts - responses: - '200': - description: OK - content: - application/json: - schema: - items: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.readonly] - /jans-config-api/api/v1/config/scripts/inum/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - required: true - description: Script identifier. - get: - summary: Gets a script by Inum. - description: Gets a script by Inum. - operationId: get-config-scripts-by-inum - x-cli-ignore: true - tags: - - Custom Scripts - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.readonly] - /jans-config-api/api/v1/config/scripts/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - required: true - description: Script identifier. - delete: - summary: Deletes a custom script. - description: Deletes a custom script. - operationId: delete-config-scripts-by-inum - tags: - - Custom Scripts - responses: - '204': - description: No Content - '401': - description: Unauthorized - '404': - description: Not Found - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scripts.delete] - /jans-config-api/api/v1/config/cache: - get: - summary: Returns cache configuration. - description: Returns cache configuration. - operationId: get-config-cache - tags: - - Cache Configuration - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CacheConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - patch: - summary: Partially modifies cache configuration. - description: Partially modifies cache configuration. - operationId: patch-config-cache - tags: - - Cache Configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: memcachedConfiguration, value: response.memcachedConfiguration } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CacheConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/memcached: - get: - summary: Returns Memcached cache configuration. - description: Returns Memcached cache configuration. - operationId: get-config-cache-memcached - tags: - - Cache Configuration – Memcached - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates Memcached cache configuration. - description: Updates Memcached cache configuration. - operationId: put-config-cache-memcached - tags: - - Cache Configuration – Memcached - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies Memcached cache configuration. - description: Partially modifies Memcached cache configuration. - operationId: patch-config-cache-memcached - tags: - - Cache Configuration – Memcached - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: memcachedConfiguration, value: response.memcachedConfiguration } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/redis: - get: - summary: Returns Redis cache configuration. - description: Returns Redis cache configuration. - operationId: get-config-cache-redis - tags: - - Cache Configuration – Redis - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates Redis cache configuration. - description: Updates Redis cache configuration. - operationId: put-config-cache-redis - tags: - - Cache Configuration – Redis - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies Redis cache configuration. - description: Partially modifies Redis cache configuration. - operationId: patch-config-cache-redis - tags: - - Cache Configuration – Redis - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: redisConfiguration/defaultPutExpiration, value: 80 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/in-memory: - get: - summary: Returns in-Memory cache configuration. - description: Returns in-Memory cache configuration. - operationId: get-config-cache-in-memory - tags: - - Cache Configuration – in-Memory - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates in-Memory cache configuration. - description: Updates in-Memory cache configuration. - operationId: put-config-cache-in-memory - tags: - - Cache Configuration – in-Memory - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies In-Memory cache configuration. - description: Partially modifies In-Memory cache configuration. - operationId: patch-config-cache-in-memory - tags: - - Cache Configuration – in-Memory - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: inMemoryConfiguration/defaultPutExpiration, value: 80 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/native-persistence: - get: - summary: Returns native persistence cache configuration. - description: Returns native persistence cache configuration. - operationId: get-config-cache-native-persistence - tags: - - Cache Configuration – Native-Persistence - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates native persistence cache configuration. - description: Updates native persistence cache configuration. - operationId: put-config-cache-native-persistence - tags: - - Cache Configuration – Native-Persistence - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies Native Persistence cache configuration. - description: Partially modifies Native Persistence cache configuration. - operationId: patch-config-cache-native-persistence - tags: - - Cache Configuration – Native-Persistence - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: nativePersistenceConfiguration/defaultPutExpiration, value: 80 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/smtp: - get: - summary: Returns SMTP server configuration. - description: Returns SMTP server configuration. - operationId: get-config-smtp - tags: - - Configuration – SMTP - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.readonly] - post: - summary: Adds SMTP server configuration. - description: Adds SMTP server configuration. - operationId: post-config-smtp - tags: - - Configuration – SMTP - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.write] - put: - summary: Updates SMTP server configuration. - description: Updates SMTP server configuration. - operationId: put-config-smtp - tags: - - Configuration – SMTP - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.write] - delete: - summary: Deletes SMTP server configuration. - description: Deletes SMTP server configuration. - operationId: delete-config-smtp - tags: - - Configuration – SMTP - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.delete] - parameters: [] - /jans-config-api/api/v1/config/smtp/test: - post: - summary: Test SMTP server configuration. - description: Test SMTP server configuration. - operationId: test-config-smtp - tags: - - Configuration – SMTP - responses: - '200': - description: OK - content: - application/json: - schema: - type: boolean - description: SMTP test status true if email sent is successful. - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.readonly] - /jans-config-api/api/v1/logging: - get: - tags: - - Configuration – Logging - summary: Returns Jans Authorization Server logging settings. - description: Returns Jans Authorization Server logging settings. - operationId: get-config-logging - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LoggingConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/logging.readonly] - put: - tags: - - Configuration – Logging - summary: Updates Jans Authorization Server logging settings. - description: Updates Jans Authorization Server logging settings. - operationId: put-config-logging - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/LoggingConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LoggingConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/logging.write] - parameters: [] - /jans-config-api/api/v1/config/jwks: - get: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Gets list of JSON Web Key (JWK) used by server. - description: 'Gets list of JSON Web Key (JWK) used by server. JWK is a JSON data structure that represents a set of public keys as a JSON object [RFC4627].' - operationId: get-config-jwks - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.readonly] - put: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Puts/replaces JWKS - description: Puts/replaces JSON Web Keys (JWKS). - operationId: put-config-jwks - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - patch: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Patch JWKS - description: Patch JSON Web Keys (JWKS). - operationId: patch-config-jwks - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[{"op": "add","path": "/keys/1", "value": { "kty": "RSA", "e": "AQAB","use": "sig","crv": "","kid": "dd570bfb-276a-44aa-a97d-667b57587108_sig_rs256","x5c": ["MIIDBDCC..."],"exp": 1599751946863,"alg": "RS256","n": "zj1NE.."}}]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - /jans-config-api/api/v1/config/jwks/key: - post: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Adds a new key to JSON Web Keys (JWKS) - description: Adds a new key to JSON Web Keys (JWKS). - operationId: post-config-jwks-key - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - /jans-config-api/api/v1/config/jwks/{kid}: - parameters: - - schema: - type: string - name: kid - in: path - description: The unique identifier for the key. - required: true - get: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Get a JSON Web Key based on kid - description: Get a JSON Web Key based on kid - operationId: put-config-jwk-kid - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.readonly] - patch: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Patch a specific JSON Web Key based on kid - description: Patch a specific JSON Web Key based on kid - operationId: patch-config-jwk-kid - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[{"op": "add","path": "/kty", "value": "RSA"}]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - delete: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Delete a JSON Web Key based on kid - description: Delete a JSON Web Key based on kid - operationId: delete-config-jwk-kid - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - /jans-config-api/api/v1/openid/clients: - get: - tags: - - OAuth - OpenID Connect - Clients - summary: Gets list of OpenID Connect clients - description: Gets list of OpenID Connect clients - operationId: get-oauth-openid-clients - responses: - '200': - description: OK - content: - application/json: - schema: - title: OpenID Clients. - description: List of OpenID clients. - items: - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - post: - tags: - - OAuth - OpenID Connect - Clients - summary: Create new OpenId connect client - description: Create new OpenId connect client - operationId: post-oauth-openid-clients - requestBody: - content: - application/json: - schema: - title: OpenID Connect Client Details. - description: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - responses: - '201': - description: Created - content: - application/json: - schema: - title: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.write] - put: - tags: - - OAuth - OpenID Connect - Clients - summary: Update OpenId Connect client. - description: Update OpenId Connect client. - operationId: put-oauth-openid-clients - requestBody: - content: - application/json: - schema: - title: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - responses: - '200': - description: OK - content: - application/json: - schema: - title: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.write] - /jans-config-api/api/v1/openid/clients/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - description: Client identifier - required: true - get: - tags: - - OAuth - OpenID Connect - Clients - summary: Get OpenId Connect Client by Inum - description: Get OpenId Connect Client by Inum. - operationId: get-oauth-openid-clients-by-inum - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.readonly] - delete: - tags: - - OAuth - OpenID Connect - Clients - summary: Delete OpenId Connect client. - description: Delete OpenId Connect client. - operationId: delete-oauth-openid-clients-by-inum - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.delete] - patch: - tags: - - OAuth - OpenID Connect - Clients - summary: Update modified properties of OpenId Connect client by Inum. - description: Update modified properties of OpenId Connect client by Inum. - operationId: patch-oauth-openid-clients-by-inum - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: backchannel_authentication_request_signing_alg, value: false } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Client Details. - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.write] - /jans-config-api/api/v1/uma/resources: - get: - tags: - - OAuth - UMA Resources - summary: Gets list of UMA resources. - description: Gets list of UMA resources. - operationId: get-oauth-uma-resources - responses: - '200': - description: OK - content: - application/json: - schema: - title: UMA Resource list. - description: List of UMA Resource. - items: - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - post: - tags: - - OAuth - UMA Resources - summary: Creates an UMA resource. - description: Creates an UMA resource. - operationId: post-oauth-uma-resources - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/UmaResource' - responses: - '201': - description: Created - content: - application/json: - schema: - title: UMAResource - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.write] - put: - tags: - - OAuth - UMA Resources - summary: Updates an UMA resource. - description: Updates an UMA resource. - operationId: put-oauth-uma-resources - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/UmaResource' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.write] - /jans-config-api/api/v1/uma/resources/{id}: - parameters: - - name: id - in: path - required: true - description: Resource description ID. - schema: - type: string - get: - tags: - - OAuth - UMA Resources - summary: Gets an UMA resource by ID. - description: Gets an UMA resource by ID. - operationId: get-oauth-uma-resources-by-id - responses: - '200': - description: OK - content: - application/json: - schema: - title: UMAResource - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.readonly] - delete: - tags: - - OAuth - UMA Resources - summary: Deletes an UMA resource. - description: Deletes an UMA resource. - operationId: delete-oauth-uma-resources-by-id - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.delete] - patch: - tags: - - OAuth - UMA Resources - summary: Partially updates an UMA resource by Inum. - description: Partially updates an UMA resource by Inum. - operationId: patch-oauth-uma-resources-by-id - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: clients, value: [\"client_1\",\"client_2\"] },{op:add, path: clients/2, value: \"client_3\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: UMAResource - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.write] - /jans-config-api/api/v1/scopes: - get: - tags: - - OAuth - Scopes - summary: Gets list of Scopes. - description: Gets list of Scopes. Optionally type to filter the scope, max-size of the result and pattern can be provided. - operationId: get-oauth-scopes - responses: - '200': - description: OK - content: - application/json: - schema: - title: Scope description list. - description: List of scope description. - items: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.readonly] - parameters: - - schema: - type: string - in: query - name: type - description: Scope type. - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - post: - tags: - - OAuth - Scopes - summary: Create Scope. - description: Create Scope. - operationId: post-oauth-scopes - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.write] - put: - tags: - - OAuth - Scopes - summary: Updates existing Scope. - description: Updates existing Scope. - operationId: put-oauth-scopes - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.write] - parameters: [] - /jans-config-api/api/v1/scopes/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - required: true - get: - tags: - - OAuth - Scopes - summary: Get Scope by Inum - description: Get Scope by Inum - operationId: get-oauth-scopes-by-inum - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: ['https://jans.io/oauth/config/scopes.readonly'] - delete: - tags: - - OAuth - Scopes - summary: Delete Scope. - description: Delete Scope. - operationId: delete-oauth-scopes-by-inum - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.delete] - patch: - tags: - - OAuth - Scopes - summary: Update modified attributes of existing Scope by Inum. - description: Update modified attributes of existing Scope by Inum. - operationId: patch-oauth-scopes-by-id - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: clients, value: [\"client_1\",\"client_2\"] },{op:add, path: clients/2, value: \"client_3\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.write] - /jans-config-api/api/v1/stat: - get: - summary: Provides server with basic statistic. - description: Provides server with basic statistic. - operationId: get-stat - security: - - oauth2: [https://jans.io/oauth/config/stats.readonly jans_stat] - tags: - - Statistics - User - responses: - '200': - description: OK - content: - application/json: - schema: - title: FlatStatResponse - description: Jans Authorization Server statistic data. - type: array - items: - $ref: '#/components/schemas/StatResponseItem' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - parameters: - - schema: - type: string - in: query - name: month - description: Month for which the stat report is to be fetched. - example: 202012 (2020 Dec) 202101 (2021 Jan)) - required: true - - schema: - type: string - enum: - - json - - openmetrics - default: json - in: query - name: format - description: Report format - - /jans-config-api/api/v1/health: - get: - summary: Returns application health status. - description: Returns application health status. - operationId: get-config-health - tags: - - Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HealthStatus' - '500': - description: Internal Server Error - /jans-config-api/api/v1/health/live: - get: - summary: Returns application liveness status. - description: Returns application liveness status. - operationId: get-config-health-live - tags: - - Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HealthStatusItem' - '500': - description: Internal Server Error - /jans-config-api/api/v1/health/ready: - get: - summary: Returns application readiness status. - description: Returns application readiness status. - operationId: get-config-health-ready - tags: - - Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HealthStatusItem' - '500': - description: Internal Server Error - - /jans-config-api/api/v1/health/server-stat: - get: - summary: Returns application server status. - description: Returns application server status. - operationId: get-server-stat - tags: - - Server Stats - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/StatsData' - '500': - description: Internal Server Error - - /jans-config-api/api/v1/user: - get: - tags: - - User Management - summary: Gets list of users - description: Gets list of users - operationId: get-user - responses: - '200': - description: OK - content: - application/json: - schema: - title: Users. - description: List of users. - items: - $ref: '#/components/schemas/User' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - post: - tags: - - User Management - summary: Create new User - description: Create new User - operationId: post-user - requestBody: - content: - application/json: - schema: - title: User Details. - description: User Details. - $ref: '#/components/schemas/User' - responses: - '201': - description: Created - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/User' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.write] - put: - tags: - - User Management - summary: Update User. - description: Update User. - operationId: put-user - requestBody: - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/User' - responses: - '200': - description: OK - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/User' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.write] - /jans-config-api/api/v1/user/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - description: User identifier - required: true - get: - tags: - - User Management - summary: Get User by Inum - description: Get User by Inum. - operationId: get-user-by-inum - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/User' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.readonly] - delete: - tags: - - User Management - summary: Delete User. - description: Delete User. - operationId: delete-user - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.delete] - patch: - tags: - - User Management - summary: Update modified properties of user by Inum. - description: Update modified properties of user by Inum. - operationId: patch-user-by-inum - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: userId, value: test_user_100 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/User' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.write] - - /jans-config-api/scim/user: - get: - tags: - - SCIM - User Management - x-cli-plugin: scim - summary: Gets list of SCIM users - description: Gets list of SCIM users - operationId: get-scim-users - responses: - '200': - description: Successful operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/UserListResponse' - application/json: - schema: - $ref: '#/components/schemas/UserListResponse' - '400': - description: Parameter count exceeds the maximum allowed value or the filter - supplied was unparsable - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - '500': - description: There was an unexpected failure executing the operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - security: - - oauth2: [https://jans.io/oauth/config/scim/users.read https://jans.io/scim/users.read] - parameters: - - schema: - type: string - in: query - name: filter - description: Search filter pattern. For more details refer section 3.4.2.2 of RFC 7644 - example: userName co \"mi\", userName eq \"admin\", displayName co \"1111\" or displayName co \"Group\" - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: integer - in: query - name: count - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: sortBy - description: The attribute whose value will be used to order the returned responses - - schema: - type: string - enum: - - '- ascending' - - '- descending' - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending" - - schema: - type: string - in: query - name: attributes - description: A comma-separated list of attribute names to return in the response - - schema: - type: string - in: query - name: excludedAttributes - description: When specified, the response will contain a default set of attributes minus those listed here (as a comma-separated list). - - post: - tags: - - SCIM - User Management - x-cli-plugin: scim - operationId: post-create-user - summary: Create a SCIM user. - description: Allows creating a User resource via POST (see section 3.3 of RFC 7644) - security: - - oauth2: [https://jans.io/oauth/config/scim/users.write https://jans.io/scim/users.write] - parameters: - - name: attributes - in: query - description: A comma-separated list of attribute names to return in the response - schema: - type: string - - name: excludedAttributes - in: query - description: When specified, the response will contain a default set of attributes minus those listed here (as a comma-separated list) - schema: - type: string - requestBody: - description: Payload that represents the Group to create - content: - application/scim+json: - schema: - $ref: '#/components/schemas/UserResource' - application/json: - schema: - $ref: '#/components/schemas/UserResource' - required: true - responses: - '201': - description: Successful operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/UserResource' - application/json: - schema: - $ref: '#/components/schemas/UserResource' - '400': - description: An invalid value was passed in the payload - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - '409': - description: There is a conflict with an already existing user. Uniqueness - is assumed over userName - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - '500': - description: There was an unexpected failure executing the operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - - /jans-config-api/scim/user/{id}: - get: - tags: - - SCIM - User Management - x-cli-plugin: scim - operationId: get-user-by-id - summary: Retrieves SCIM user by Id. - description: Retrieves a User resource by Id (see section 3.4.1 of RFC 7644) - security: - - oauth2: [https://jans.io/oauth/config/scim/users.read https://jans.io/scim/users.read] - parameters: - - name: attributes - in: query - description: A comma-separated list of attribute names to return in the response - schema: - type: string - - name: excludedAttributes - in: query - description: When specified, the response will contain a default set of attributes minus those listed here (as a comma-separated list) - schema: - type: string - - name: id - in: path - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/UserResource' - application/json: - schema: - $ref: '#/components/schemas/UserResource' - 404: - description: Id passed unknown - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - 500: - description: There was an unexpected failure executing the operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - put: - tags: - - SCIM - User Management - x-cli-plugin: scim - operationId: put-update-user-by-id - summary: Updates an SCIM user. - description: "Updates a User resource (see section 3.5.1 of RFC 7644). Update\ - \ works in a replacement fashion&#58; every\nattribute value found in the\ - \ payload sent will replace the one in the existing resource representation.\ - \ Attributes \nnot passed in the payload will be left intact.\n" - security: - - oauth2: [https://jans.io/oauth/config/scim/users.write https://jans.io/scim/users.write] - parameters: - - name: attributes - in: query - description: A comma-separated list of attribute names to return in the response - schema: - type: string - - name: excludedAttributes - in: query - description: When specified, the response will contain a default set of attributes minus those listed here (as a comma-separated list) - schema: - type: string - - name: id - in: path - required: true - schema: - type: string - requestBody: - description: Payload with the data to replace in the existing user identified - by the id param - content: - application/scim+json: - schema: - $ref: '#/components/schemas/UserResource' - application/json: - schema: - $ref: '#/components/schemas/UserResource' - required: true - responses: - 200: - description: Successful operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/UserResource' - application/json: - schema: - $ref: '#/components/schemas/UserResource' - 400: - description: | - An invalid value was passed in the payload or there was an attempt to update an immutable attribute - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - 404: - description: Id passed unknown - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - 409: - description: There is a conflict with an already existing group. Uniqueness - is assumed over displayName - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - 500: - description: There was an unexpected failure executing the operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - delete: - tags: - - SCIM - User Management - x-cli-plugin: scim - operationId: delete-user-by-id - summary: Deletes a SCIM user. - description: Deletes a user resource - security: - - oauth2: [https://jans.io/oauth/config/scim/users.write https://jans.io/scim/users.write] - parameters: - - name: id - in: path - description: Identifier of the resource to delete - required: true - schema: - type: string - responses: - 204: - description: Successful operation. Empty response - content: {} - 404: - description: Id passed unknown - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - 500: - description: There was an unexpected failure executing the operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - patch: - tags: - - SCIM - User Management - x-cli-plugin: scim - operationId: patch-user-by-id - summary: Patches SCIM User attributes. - description: "Updates one or more attributes of a User resource using a sequence\ - \ of additions, removals, and \nreplacements operations. See section 3.5.2\ - \ of RFC 7644\n" - security: - - oauth2: [https://jans.io/oauth/config/scim/users.write https://jans.io/scim/users.write] - parameters: - - name: attributes - in: query - description: A comma-separated list of attribute names to return in the response - schema: - type: string - - name: excludedAttributes - in: query - description: When specified, the response will contain a default set of attributes minus those listed here (as a comma-separated list) - schema: - type: string - - name: id - in: path - required: true - schema: - type: string - requestBody: - description: Payload describing the patch operations to apply upon the resource - identified by param id - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ScimPatchRequest' - application/json: - schema: - $ref: '#/components/schemas/ScimPatchRequest' - application/json-patch+json: - schema: - $ref: '#/components/schemas/ScimPatchRequest' - required: true - responses: - 200: - description: Successful operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/UserResource' - application/json: - schema: - $ref: '#/components/schemas/UserResource' - 400: - description: | - One or more operations supplied in the request are specified incorrectly, there were attempts to - modify immutable attributes, or the resulting resource cannot pass intrinsic validations - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - 500: - description: There was an unexpected failure executing the operation - content: - application/scim+json: - schema: - $ref: '#/components/schemas/ErrorResponse' - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - - /jans-config-api/scim/user/.search: - post: - tags: - - SCIM - User Management - x-cli-plugin: scim - summary: Search SCIM user. - description: Gets list of users - operationId: post-search-scim-users - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SearchRequest' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/UserListResponse' - '400': - description: Parameter count exceeds the maximum allowed value or the filter supplied was unparsable - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - '500': - description: There was an unexpected failure executing the operation - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - security: - - oauth2: [https://jans.io/oauth/config/scim/users.read https://jans.io/scim/users.read] - - /jans-config-api/scim/config: - get: - summary: Retrieves SCIM App configuration. - description: Retrieves SCIM configuration. - operationId: get-scim-config - security: - - oauth2: [https://jans.io/scim/config.readonly] - tags: - - SCIM - Config Management - x-cli-plugin: scim - responses: - '200': - description: OK - content: - application/json: - schema: - title: ScimAppConfiguration - description: SCIM App configuration. - $ref: '#/components/schemas/ScimAppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - patch: - summary: Partially modifies SCIM App configuration. - description: Partially modifies SCIM App configuration. - operationId: patch-scim-config - security: - - oauth2: [https://jans.io/scim/config.write] - tags: - - SCIM - Config Management - x-cli-plugin: scim - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: loggingLevel, value: DEBUG } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: ScimAppConfiguration - description: SCIM App configuration. - $ref: '#/components/schemas/ScimAppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - - /jans-config-api/api/v1/org: - get: - summary: Retrieves organization configuration. - description: Retrieves organization configuration. - operationId: get-organization-config - security: - - oauth2: [https://jans.io/oauth/config/organization.readonly] - tags: - - Organization Configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: Organization - description: Organization configuration. - $ref: '#/components/schemas/Organization' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - patch: - summary: Partially modifies organization configuration. - description: Partially modifies organization configuration. - operationId: patch-organization-config - security: - - oauth2: [https://jans.io/oauth/config/organization.write] - tags: - - Organization Configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[{"op": "add", "path": "/jsFaviconPath", "value": "/opt/jans/jetty/jans-auth/custom/static/"}]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Organization - description: Organization configuration. - $ref: '#/components/schemas/Organization' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - - /jans-config-api/api/v1/jans-auth-server/health: - get: - summary: Returns auth server health status. - description: Returns auth server health status. - operationId: get-auth-server-health - tags: - - Auth Server Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/AuthHealthStatus' - '500': - description: Internal Server Error - - /jans-config-api/admin-ui/user/roles: - get: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Get all admin ui roles. - description: Get all admin ui roles. - operationId: get-adminui-roles - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.read] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui roles. - description: Get admin ui roles. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - post: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Add admin ui role. - description: Add admin ui role. - operationId: add-adminui-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] - requestBody: - content: - application/json: - schema: - required: - - role - $ref: '#/components/schemas/AdminRole' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Add admin ui role. - description: Add admin ui role. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Edit admin ui role. - description: Edit admin ui role. - operationId: edit-adminui-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminRole' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Edit admin ui role. - description: Edit admin ui role. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - delete: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Delete admin ui role. - description: Delete admin ui role. - operationId: delete-adminui-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminRole' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Delete admin ui role. - description: Delete admin ui role. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/user/permissions: - get: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Get admin ui permissions. - description: Get admin ui permissions. - operationId: get-adminui-permissions - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.read] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui permissions. - description: Get admin ui permissions. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - post: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Add admin ui permission. - description: Add admin ui permission. - operationId: add-adminui-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] - requestBody: - content: - application/json: - schema: - required: - - permission - $ref: '#/components/schemas/AdminPermission' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Add admin ui permission. - description: Add admin ui permission. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Edit admin ui permission. - description: Edit admin ui permission. - operationId: edit-adminui-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminPermission' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Edit admin ui permission. - description: Edit admin ui permission. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - delete: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Delete admin ui permission. - description: Delete admin ui permission. - operationId: delete-adminui-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminPermission' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Delete admin ui permission. - description: Delete admin ui permission. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/user/rolePermissionsMapping: - get: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Get admin ui role-permissions mapping. - description: Get admin ui role-permissions mapping. - operationId: get-adminui-role-permissions - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui role-permissions mapping. - description: Get admin ui role-permissions mapping. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - post: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Add role-permissions mapping. - description: Add role-permissions mapping. - operationId: Add role-permissions mapping. - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolePermissionMapping' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Add role-permissions mapping. - description: Add role-permissions mapping. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Map permissions to role. - description: Map permissions to role. - operationId: map-permissions-to-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolePermissionMapping' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Map permissions to role. - description: Map permissions to role. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - delete: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Remove role-permissions mapping. - description: Remove role-permissions mapping. - operationId: remove-role-permissions-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolePermissionMapping' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Remove role-permissions mapping. - description: Remove role-permissions mapping. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/license/licenseDetails: - get: - tags: - - Admin UI - License - x-cli-plugin: admin-ui - summary: Get admin ui license details. - description: Get admin ui license details. - operationId: get-adminui-license - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui license details. - description: Get admin ui license details. - $ref: '#/components/schemas/LicenseResponse' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - License - x-cli-plugin: admin-ui - summary: Edit admin ui license details. - description: Edit admin ui license details. - operationId: edit-adminui-license - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.write] - requestBody: - content: - application/json: - schema: - required: - - role - $ref: '#/components/schemas/LicenseRequest' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Edit admin ui license details. - description: Edit admin ui license details. - $ref: '#/components/schemas/LicenseResponse' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' -components: - securitySchemes: - oauth2: - type: oauth2 - description: Authorization - flows: - clientCredentials: - tokenUrl: 'https://{op-hostname}/.../token' - scopes: - https://jans.io/oauth/jans-auth-server/config/properties.readonly: View Auth Server properties related information - https://jans.io/oauth/jans-auth-server/config/properties.write: Manage Auth Server properties related information - https://jans.io/oauth/config/fido2.readonly: View FIDO2 related information - https://jans.io/oauth/config/fido2.write: Manage FIDO2 related information - https://jans.io/oauth/config/attributes.readonly: View attribute related information - https://jans.io/oauth/config/attributes.write: Manage attribute related information - https://jans.io/oauth/config/attributes.delete: Delete attribute related information - https://jans.io/oauth/config/acrs.readonly: View ACRS related information - https://jans.io/oauth/config/acrs.write: Manage ACRS related information - https://jans.io/oauth/config/database/ldap.readonly: View LDAP database related information - https://jans.io/oauth/config/database/ldap.write: Manage LDAP database related information - https://jans.io/oauth/config/database/ldap.delete: Delete LDAP database related information - https://jans.io/oauth/config/database/couchbase.readonly: View Couchbase database information - https://jans.io/oauth/config/database/couchbase.write: Manage Couchbase database related information - https://jans.io/oauth/config/database/couchbase.delete: Delete Couchbase database related information - https://jans.io/oauth/config/scripts.readonly: View cache scripts information - https://jans.io/oauth/config/scripts.write: Manage scripts related information - https://jans.io/oauth/config/scripts.delete: Delete scripts related information - https://jans.io/oauth/config/cache.readonly: View cache related information - https://jans.io/oauth/config/cache.write: Manage cache related information - https://jans.io/oauth/config/smtp.readonly: View SMTP related information - https://jans.io/oauth/config/smtp.write: Manage SMTP related information - https://jans.io/oauth/config/smtp.delete: Delete SMTP related information - https://jans.io/oauth/config/logging.readonly: View logging related information - https://jans.io/oauth/config/logging.write: Manage logging related information - https://jans.io/oauth/config/jwks.readonly: View JWKS related information - https://jans.io/oauth/config/jwks.write: Manage JWKS related information - https://jans.io/oauth/config/openid/clients.readonly: View clients related information - https://jans.io/oauth/config/openid/clients.write: Manage clients related information - https://jans.io/oauth/config/openid/clients.delete: Delete clients related information - https://jans.io/oauth/config/scopes.readonly: View scope related information - https://jans.io/oauth/config/scopes.write: Manage scope related information - https://jans.io/oauth/config/scopes.delete: Delete scope related information - https://jans.io/oauth/config/uma/resources.readonly: View UMA Resource related information - https://jans.io/oauth/config/uma/resources.write: Manage UMA Resource related information - https://jans.io/oauth/config/uma/resources.delete: Delete UMA Resource related information - https://jans.io/oauth/config/database/sql.readonly: View SQL database related information - https://jans.io/oauth/config/database/sql.write: Manage SQL database related information - https://jans.io/oauth/config/database/sql.delete: Delete SQL database related information - https://jans.io/oauth/config/stats.readonly: Vew server with basic statistic - https://jans.io/oauth/config/scim/users.read: Vew scim user related information - https://jans.io/oauth/config/scim/users.write: Manage scim user related information - https://jans.io/scim/config.readonly: Vew SCIM App configuration - https://jans.io/scim/config.write: Manage SCIM App configuration - https://jans.io/oauth/config/organization.readonly: View organization configuration information - https://jans.io/oauth/config/organization.write: Manage organization configuration information - https://jans.io/oauth/config/user.readonly: View user related information - https://jans.io/oauth/config/user.write: Manage user related information - https://jans.io/oauth/config/user.delete: Delete user related information - - - responses: - Found: - description: Resource Found. - content: {} - InvalidRequest: - description: Invalid parameters are provided to endpoint. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - Unauthorized: - description: Access token is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - AccessDenied: - description: Invalid details provided hence access denied. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - NotFound: - description: Resource Not Found. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - NotAcceptable: - description: Request Not Acceptable. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - InternalServerError: - description: Internal error occurred. Please check log file for details. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - schemas: - ErrorResponse: - required: - - error_code - - error_description - type: object - properties: - error_code: - type: string - error_description: - type: string - details: - type: string - CustomScript: - type: object - description: Script - required: - - name - - script - - scriptType - - programmingLanguage - - moduleProperties - - level - properties: - dn: - type: string - inum: - description: XRI i-number. Identifier to uniquely identify the script. - type: string - name: - type: string - pattern: '^[a-zA-Z0-9_\\-\\:\\/\\.]+$' - minLength: 1 - maxLength: 60 - description: 'Custom script name. Should contain only letters, digits and underscores.' - aliases: - type: array - description: List of possible aliases for the custom script. - items: - type: string - description: - type: string - description: Details describing the script. - script: - type: string - description: Actual script. - scriptType: - type: string - description: Type of script. - enum: - - PERSON_AUTHENTICATION - - INTROSPECTION - - RESOURCE_OWNER_PASSWORD_CREDENTIALS - - APPLICATION_SESSION - - CACHE_REFRESH - - UPDATE_USER - - USER_REGISTRATION - - CLIENT_REGISTRATION - - ID_GENERATOR - - UMA_RPT_POLICY - - UMA_RPT_CLAIMS - - UMA_CLAIMS_GATHERING - - CONSENT_GATHERING - - DYNAMIC_SCOPE - - SPONTANEOUS_SCOPE - - END_SESSION - - POST_AUTHN - - SCIM - - CIBA_END_USER_NOTIFICATION - - REVOKE_TOKEN - - PERSISTENCE_EXTENSION - - IDP - - DISCOVERY - - UPDATE_TOKEN - - CONFIG_API - programmingLanguage: - type: string - enum: - - PYTHON - - JAVA_SCRIPT - description: Programming language of the custom script. - moduleProperties: - type: array - description: Module-level properties applicable to the script. - items: - $ref: '#/components/schemas/SimpleCustomProperty' - configurationProperties: - type: array - description: Configuration properties applicable to the script. - items: - $ref: '#/components/schemas/SimpleExtendedCustomProperty' - level: - type: integer - description: Script level. - revision: - type: integer - format: int64 - description: Update revision number of the script. - default: 0 - enabled: - type: boolean - description: boolean value indicating if script enabled. - default: false - scriptError: - type: object - description: Possible errors assosiated with the script. - $ref: '#/components/schemas/ScriptError' - modified: - type: boolean - description: boolean value indicating if the script is modified. - default: false - internal: - type: boolean - description: boolean value indicating if the script is internal. - default: false - - LdapConfiguration: - type: object - required: - - configId - - bindDN - - maxConnections - - primaryKey - - localPrimaryKey - - bindPassword - - servers - - baseDNs - - useSSL - properties: - configId: - type: string - description: Unique identifier - Name - example: auth_ldap_server - bindDN: - type: string - description: This contains the username to connect to the backend server. You need to use full DN here. As for example, cn=jans,dc=company,dc=org. - bindPassword: - type: string - description: Ldap password for binding. - servers: - type: array - description: List of LDAP authentication servers. - items: - type: string - description: Unique name of the authentication server and port number. - example: 'authserver.org:63' - maxConnections: - type: integer - description: This value defines the maximum number of connections that are allowed to read the backend Active Directory/LDAP server. - format: int32 - default: 2 - useSSL: - type: boolean - description: Enable SSL communication between Jans Server and LDAP server. - baseDNs: - type: array - description: List contains the location of the Active Directory/LDAP tree from where the Gluu Server shall read the user information. - items: - type: string - primaryKey: - type: string - description: Used to search and bind operations in configured LDAP server. - example: 'SAMAccountName,uid, email' - localPrimaryKey: - type: string - description: Used to search local user entry in Gluu Server’s internal LDAP directory. - example: 'uid, email' - useAnonymousBind: - type: boolean - description: Boolean value used to indicate if the LDAP Server will allow anonymous bind request. - default: false - enabled: - type: boolean - description: Boolean value used to indicate if the LDAP Server is enabled. Do not use this unless the server administrator has entered all the required values. - default: false - version: - type: integer - description: LDAP server version. - level: - type: integer - description: A string that indicates the level. - - CouchbaseConfiguration: - type: object - required: - - configId - - userName - - userPassword - - servers - - defaultBucket - - buckets - - passwordEncryptionMethod - - sslTrustStoreFile - - sslTrustStorePin - - sslTrustStoreFormat - properties: - configId: - type: string - description: Unique identifier - userName: - type: string - description: Couchbase server user. - userPassword: - type: string - description: Encoded Couchbase server user password. - servers: - type: array - items: - type: string - description: Couchbase server host and port. - defaultBucket: - type: string - description: Main bucket that application should use if other mapping rules were not applied. - buckets: - type: array - items: - type: string - description: List of buckets defining mapping rules. - passwordEncryptionMethod: - type: string - description: A list of the password encryption algorithms. - enum: - - SHA - - SSHA - - SHA-256 - - SSHA-256 - - SHA-384 - - SSHA-384 - - SHA-512 - - SSHA-512 - - MD5 - - SMD5 - - CRYPT - - CRYPT-MD5 - - CRYPT-SHA-256 - - CRYPT-SHA-512 - - CRYPT-BCRYPT - - CRYPT-BCRYPT - - PKCS5S2 - operationTracingEnabled: - type: boolean - description: Boolean value True if tracing is enabled on the environment. - default: false - mutationTokensEnabled: - type: boolean - description: If mutation tokens are enabled, they can be used for advanced durability requirements, as well as optimized RYOW consistency. - connectTimeout: - type: integer - description: The default timeout for connection timeout. - format: int32 - computationPoolSize: - type: integer - format: int32 - description: Sets the pool size (number of threads to use) for all non-blocking operations, default value is the number of CPUs. - useSSL: - type: boolean - description: Identifies if SSL should be enabled. - default: true - sslTrustStoreFile: - type: string - description: The path to the trust store file to use. It contains the trusted certificates. - sslTrustStorePin: - type: string - description: The PIN to use to access the contents of the trust store. - sslTrustStoreFormat: - type: string - description: The format to use for the trust store. - binaryAttributes: - type: array - description: List of binary attributes. - items: - type: string - certificateAttributes: - type: array - description: List of certificate attributes. - items: - type: string - - SqlConfiguration: - type: object - required: - - configId - - userName - - userPassword - - connectionUri - - schemaName - - passwordEncryptionMethod - properties: - configId: - type: string - description: Unique identifier - userName: - type: string - description: Sql server user. - userPassword: - type: string - description: Encoded Sql server user password. - connectionUri: - type: array - items: - type: string - description: Sql server connection Uri. - schemaName: - type: string - description: Database schema name. - passwordEncryptionMethod: - type: string - description: A list of the password encryption algorithms. - enum: - - SHA - - SSHA - - SHA-256 - - SSHA-256 - - SHA-384 - - SSHA-384 - - SHA-512 - - SSHA-512 - - MD5 - - SMD5 - - CRYPT - - CRYPT-MD5 - - CRYPT-SHA-256 - - CRYPT-SHA-512 - - CRYPT-BCRYPT - - CRYPT-BCRYPT - - PKCS5S2 - serverTimezone: - type: string - description: Database schema name. - binaryAttributes: - type: array - description: List of binary attributes. - items: - type: string - certificateAttributes: - type: array - description: List of certificate attributes. - items: - type: string - JsonWebKey: - type: object - description: JsonWebKey - required: - - kid - - kty - - use - - alg - - exp - properties: - name: - type: string - description: Name of the key. - descr: - type: string - description: key description. - kid: - type: string - description: The unique identifier for the key. - kty: - type: string - description: The family of cryptographic algorithms used with the key. - use: - type: string - description: How the key was meant to be used; sig represents the signature. - alg: - type: string - description: The specific cryptographic algorithm used with the key. - crv: - type: string - description: The crv member identifies the cryptographic curve used with the key. Values defined by this specification are P-256, P-384 and P-521. Additional crv values MAY be used, provided they are understood by implementations using that Elliptic Curve key. The crv value is case sensitive. - exp: - type: integer - format: int64 - description: Contains the token expiration timestamp - x5c: - type: array - description: The x.509 certificate chain. The first entry in the array is the certificate to use for token verification; the other certificates can be used to verify this first certificate. - items: - type: string - n: - type: string - description: The modulus for the RSA public key. - e: - type: string - description: The exponent for the RSA public key. - x: - type: string - description: The x member contains the x coordinate for the elliptic curve point. It is represented as the base64url encoding of the coordinate's big endian representation. - y: - type: string - description: The y member contains the y coordinate for the elliptic curve point. It is represented as the base64url encoding of the coordinate's big endian representation. - - PersistenceConfiguration: - title: PersistenceConfiguration - description: Persistence configuration properties. - properties: - persistenceType: - type: string - description: Jans Auth Server persistence type configured. - enum: - - ldap - - couchbase - - sql - - spanner - - hybrid - - AppConfiguration: - title: AppConfiguration - description: App configuration properties. - properties: - issuer: - type: string - description: URL using the https scheme that OP asserts as Issuer identifier. - example: 'https://server.example.com/' - baseEndpoint: - type: string - description: The base URL for endpoints. - example: 'https://server.example.com/restv1' - authorizationEndpoint: - type: string - description: The authorization endpoint URL. - example: 'https://server.example.com/restv1/authorize' - tokenEndpoint: - type: string - description: The token endpoint URL. - example: 'https://server.example.com/restv1/token' - tokenRevocationEndpoint: - type: string - description: The URL for the access_token or refresh_token revocation endpoint. - example: 'https://server.example.com/restv1/revoke' - userInfoEndpoint: - type: string - description: The User Info endpoint URL. - example: 'https://server.example.com/restv1/userinfo' - clientInfoEndpoint: - type: string - description: The Client Info endpoint URL. - example: 'https://server.example.com/restv1/clientinfo' - checkSessionIFrame: - type: string - description: URL for an OP IFrame that supports cross-origin communications for session state information with the RP Client using the HTML5 postMessage API. - example: 'https://server.example.com/opiframe.htm' - endSessionEndpoint: - type: string - description: URL at the OP to which an RP can perform a redirect to request that the end user be logged out at the OP. - example: 'https://server.example.com/restv1/end_session' - jwksUri: - type: string - description: URL of the OP\'s JSON Web Key Set (JWK) document. This contains the signing key(s) the RP uses to validate signatures from the OP. - example: 'https://server.example.com/restv1/jwks' - registrationEndpoint: - type: string - description: URL of the Registration Endpoint. - example: 'https://server.example.com/restv1/register' - openIdDiscoveryEndpoint: - type: string - description: URL for the Discovery Endpoint. - example: 'https://server.example.com/.well-known/webfinger' - openIdConfigurationEndpoint: - type: string - description: URL for the Open ID Connect Configuration Endpoint. - example: 'https://server.example.com/.well-known/openid-configuration' - idGenerationEndpoint: - type: string - description: URL for the ID Generation Endpoint. - example: 'https://server.example.com/restv1/id' - introspectionEndpoint: - type: string - description: URL for the Introspection Endpoint. - example: 'https://server.example.com/restv1/introspection' - deviceAuthzEndpoint: - type: string - description: URL for the Device Authorization. - example: 'https://server.example.com/restv1/device_authorization' - sessionAsJwt: - type: boolean - description: Boolean value true saves session data as a JWT. - sectorIdentifierCacheLifetimeInMinutes: - type: integer - description: Sector Identifier cache lifetime in minutes. - umaConfigurationEndpoint: - type: string - description: URL for the UMA Configuration Endpoint. - example: 'https://server.example.com/restv1/uma2-configuration' - umaRptAsJwt: - type: boolean - description: Issue RPT as JWT or as random string. - umaRptLifetime: - type: integer - description: UMA RPT lifetime. - umaTicketLifetime: - type: integer - description: UMA ticket lifetime. - umaPctLifetime: - type: integer - description: UMA PCT lifetime. - umaResourceLifetime: - type: integer - description: UMA PCT lifetime. - umaAddScopesAutomatically: - type: boolean - description: Add UMA scopes automatically if it is not registered yet. - umaValidateClaimToken: - type: boolean - description: Validate claim_token as id_token assuming it is issued by local idp. - umaGrantAccessIfNoPolicies: - type: boolean - description: Specifies whether to grant access to resources if there are no any policies associated with scopes. - umaRestrictResourceToAssociatedClient: - type: boolean - description: Restrict access to resource by associated client. - spontaneousScopeLifetime: - type: integer - description: The lifetime of spontaneous scope in seconds. - openidSubAttribute: - type: string - description: Specifies which LDAP attribute is used for the subject identifier claim. - example: inum - responseTypesSupported: - type: array - description: A list of the OAuth 2.0 response_type values that this OP supports. - items: - type: string - enum: - - code - - token - - id_token - responseModesSupported: - type: array - description: A list of the OAuth 2.0 Response Mode values that this OP supports. - items: - type: string - enum: - - query - - fragment - - form_post - grantTypesSupported: - type: array - description: A list of the OAuth 2.0 Grant Type values that this OP supports. - items: - type: string - enum: - - authorization_code - - implicit - - password - - client_credentials - - refresh_token - - '\urn\:ietf\:params\:oauth\:grant-type\:uma-ticket' - - '\urn\:openid\:params\:grant-type\:ciba' - subjectTypesSupported: - type: array - description: A list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. - items: - type: string - enum: - - public - - pairwise - defaultSubjectType: - type: string - description: Default Subject Type used for Dynamic Client Registration. - enum: - - public - - pairwise - userInfoSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) JWA supported by the UserInfo Endpoint to encode the Claims in a JWT. - items: - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - userInfoEncryptionAlgValuesSupported: - type: array - description: A list of the JWE encryption algorithms (alg values) JWA supported by the UserInfo Endpoint to encode the Claims in a JWT. - items: - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - userInfoEncryptionEncValuesSupported: - type: array - description: A list of the JWE encryption algorithms (enc values) JWA supported by the UserInfo Endpoint to encode the Claims in a JWT. - items: - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - idTokenSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. - items: - type: string - enum: - - none - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - idTokenEncryptionAlgValuesSupported: - type: array - description: A list of the JWE encryption algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. - items: - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - idTokenEncryptionEncValuesSupported: - type: array - description: A list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT. - items: - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - requestObjectSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) supported by the OP for Request Objects. - items: - type: string - enum: - - none - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - requestObjectEncryptionAlgValuesSupported: - type: array - description: A list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects. - items: - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - requestObjectEncryptionEncValuesSupported: - type: array - description: A list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. - items: - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - tokenEndpointAuthMethodsSupported: - type: array - description: A list of Client Authentication methods supported by this Token Endpoint. - items: - type: string - enum: - - client_secret_basic - - client_secret_post - - client_secret_jwt - - private_key_jwt - tokenEndpointAuthSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. - items: - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - dynamicRegistrationCustomAttributes: - type: array - description: Custom attributes for the Dynamic registration. - items: - type: string - enum: - - jansTrustedClnt - displayValuesSupported: - type: array - description: A list of the display parameter values that the OpenID Provider supports. - items: - type: string - enum: - - page - - popup - claimTypesSupported: - type: array - description: A list of the Claim Types that the OpenID Provider supports. - items: - type: string - enum: - - normal - jwksAlgorithmsSupported: - type: array - description: A list of algorithms that will be used in JWKS endpoint. - items: - type: string - enum: - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - - RSA1_5 - - RSA-OAEP - serviceDocumentation: - type: string - description: URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider. - format: url - example: 'http://gluu.org/docs' - claimsLocalesSupported: - type: array - description: Languages and scripts supported for values in Claims being returned. - items: - type: string - enum: - - en - idTokenTokenBindingCnfValuesSupported: - type: array - description: Array containing a list of the JWT Confirmation Method member names supported by the OP for Token Binding of ID Tokens. The presence of this parameter indicates that the OpenID Provider supports Token Binding of ID Tokens. If omitted, the default is that the OpenID Provider does not support Token Binding of ID Tokens. - items: - type: string - enum: - - tbh - uiLocalesSupported: - type: array - description: Languages and scripts supported for the user interface. - items: - type: string - enum: - - en - - es - claimsParameterSupported: - type: boolean - description: Specifies whether the OP supports use of the claim’s parameter. - requestParameterSupported: - type: boolean - description: Boolean value specifying whether the OP supports use of the request parameter. - requestUriParameterSupported: - type: boolean - description: Boolean value specifying whether the OP supports use of the request_uri parameter. - requestUriHashVerificationEnabled: - type: boolean - description: Boolean value specifying whether the OP supports use of the request_uri hash verification. - requireRequestUriRegistration: - type: boolean - description: Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. - opPolicyUri: - type: string - description: URL that the OpenID Provider provides to the person registering the Client to read about the OP\'s requirements on how the Relying Party can use the data provided by the OP. - example: 'http://ox.gluu.org/doku.php?id=jans:policy' - opTosUri: - type: string - description: URL that the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service. - example: 'http://ox.gluu.org/doku.php?id=jans:tos' - authorizationCodeLifetime: - type: integer - description: The lifetime of the Authorization Code. - refreshTokenLifetime: - type: integer - description: The lifetime of the Refresh Token. - idTokenLifetime: - type: integer - description: The lifetime of the ID Token. - example: 3600 - idTokenFilterClaimsBasedOnAccessToken: - type: boolean - description: Boolean value specifying whether idToken filters claims based on accessToken. - accessTokenLifetime: - type: integer - description: The lifetime of the short-lived Access Token. - example: 3600 - cleanServiceInterval: - type: integer - description: Time interval for the Clean Service in seconds. - example: 60 - cleanServiceBatchChunkSize: - type: integer - description: Each clean up iteration fetches chunk of expired data per base dn and removes it from storage. - example: 10000 - keyRegenerationEnabled: - type: boolean - description: Boolean value specifying whether to regenerate keys. - keyRegenerationInterval: - type: integer - description: The interval for key regeneration in hours. - example: 48 - defaultSignatureAlgorithm: - type: string - description: The default signature algorithm to sign ID Tokens. - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - oxOpenIdConnectVersion: - type: string - description: OpenID Connect Version. - example: openidconnect-1.0 - oxId: - type: string - description: URL for the Inum generator Service. - format: url - example: 'https://server.example.com/oxid/service/jans/inum' - dynamicRegistrationExpirationTime: - type: integer - description: Expiration time in seconds for clients created with dynamic registration, -1 means never expire. - example: -1 - dynamicRegistrationPersistClientAuthorizations: - type: boolean - description: Boolean value specifying whether to persist client authorizations. - trustedClientEnabled: - type: boolean - description: Boolean value specifying whether a client is trusted and no authorization is required. - skipAuthorizationForOpenIdScopeAndPairwiseId: - type: boolean - description: If a client has only openid scope and pairwise id, person should not have to authorize. - dynamicRegistrationScopesParamEnabled: - type: boolean - description: Boolean value specifying whether to enable scopes parameter in dynamic registration. - dynamicRegistrationPasswordGrantTypeEnabled: - type: boolean - description: Boolean value specifying whether to enable Password Grant Type during Dynamic Registration. - dynamicRegistrationAllowedPasswordGrantScopes: - type: array - description: List of grant scopes for dynamic registration. - items: - type: string - dynamicRegistrationCustomObjectClass: - type: string - description: LDAP custom object class for dynamic registration. - personCustomObjectClassList: - type: array - description: LDAP custom object class list for dynamic person enrolment. - items: - type: string - enum: - - gluuCustomPerson - - gluuPerson - persistIdTokenInLdap: - type: boolean - description: Specifies whether to persist id_token into LDAP (otherwise saves into cache). - persistRefreshTokenInLdap: - type: boolean - description: Specifies whether to persist refresh_token into LDAP (otherwise saves into cache). - allowPostLogoutRedirectWithoutValidation: - type: boolean - description: Allows post logout redirect without validation for End Session Endpoint. - invalidateSessionCookiesAfterAuthorizationFlow: - type: boolean - description: Boolean value to specify whether to invalidate `session_id` and `consent_session_id` cookies right after successful or unsuccessful authorization. - returnClientSecretOnRead: - type: boolean - description: Boolean value specifying whether a client_secret is returned on client GET or PUT. False value means not to return secret. - rejectJwtWithNoneAlg: - type: boolean - description: Boolean value specifying whether reject JWT requested or validated with algorithm None. - expirationNotificatorEnabled: - type: boolean - description: Boolean value specifying whether expiration notificator is enabled (used to identify expiration for persistence that support TTL, like Couchbase). - useNestedJwtDuringEncryption: - type: boolean - description: Boolean value specifying whether to use nested Jwt during encryption. - expirationNotificatorMapSizeLimit: - type: integer - description: The expiration notificator maximum size limit. - example: 100000 - expirationNotificatorIntervalInSeconds: - type: integer - description: The expiration notificator interval in seconds. - example: 600 - authenticationFiltersEnabled: - type: boolean - description: Boolean value specifying whether to enable user authentication filters. - clientAuthenticationFiltersEnabled: - type: boolean - description: Boolean value specifying whether to enable client authentication filters. - clientRegDefaultToCodeFlowWithRefresh: - type: boolean - description: Boolean value specifying whether to add Authorization Code Flow with Refresh grant during client registration. - authenticationFilters: - type: array - description: List of authentication filters. - items: - $ref: '#/components/schemas/AuthenticationFilters' - clientAuthenticationFilters: - type: array - description: List of client authentication filters. - items: - $ref: '#/components/schemas/AuthenticationFilters' - corsConfigurationFilters: - type: array - description: CORS Configuration filters. - items: - $ref: '#/components/schemas/CorsConfigurationFilter' - sessionIdUnusedLifetime: - type: integer - description: The lifetime for unused session states. - sessionIdUnauthenticatedUnusedLifetime: - type: integer - description: The lifetime for unused unauthenticated session states. - sessionIdEnabled: - type: boolean - description: Boolean value specifying whether to enable authentication by session_id. - sessionIdPersistOnPromptNone: - type: boolean - description: Boolean value specifying whether to persist session ID on prompt none. - sessionIdRequestParameterEnabled: - type: boolean - description: Boolean value specifying whether to enable session_id HTTP request parameter. - changeSessionIdOnAuthentication: - type: boolean - description: Boolean value specifying whether to change session_id on authentication. - sessionIdPersistInCache: - type: boolean - description: Boolean value specifying whether to persist session_id in cache. - sessionIdLifetime: - type: integer - description: The lifetime of session id in seconds. If 0 or -1 then expiration is not set. `session_id` cookie expires when browser session ends. - serverSessionIdLifetime: - type: integer - description: The sessionId lifetime in seconds for sessionId. By default same as sessionIdLifetime. - configurationUpdateInterval: - type: integer - description: The interval for configuration update in seconds. - enableClientGrantTypeUpdate: - type: boolean - description: Boolean value to specify if client can update Grant Type values. - dynamicGrantTypeDefault: - type: array - description: list of the OAuth 2.0 Grant Type values that it\'s possible to set via client registration API.. - items: - type: string - enum: - - none - - authorization_code - - implicit - - password - - client_credentials - - refresh_token - - 'urn:ietf:params:oauth:grant-type:uma-ticket' - - 'urn:openid:params:grant-type:ciba' - - 'urn:ietf:params:oauth:grant-type:device_code' - cssLocation: - type: string - description: The location for CSS files. - jsLocation: - type: string - description: The location for JavaScript files. - imgLocation: - type: string - description: The location for image files. - metricReporterInterval: - type: integer - description: The interval for metric reporter in seconds. - metricReporterKeepDataDays: - type: integer - description: The days to keep metric reported data. - pairwiseIdType: - type: string - description: The pairwise ID type. - pairwiseCalculationKey: - type: string - description: Key to calculate algorithmic pairwise IDs. - pairwiseCalculationSalt: - type: string - description: Salt to calculate algorithmic pairwise IDs. - shareSubjectIdBetweenClientsWithSameSectorId: - type: boolean - description: Share Subject ID between clients with same Sector ID. - webKeysStorage: - type: string - description: Web Key Storage Type. - enum: - - keystore - - pkcs11 - dnName: - type: string - description: DN of certificate issuer. - keyStoreFile: - type: string - description: The Key Store File (JKS). - example: /etc/certs/jans-auth-keys.jks - keyStoreSecret: - type: string - description: The password of the Key Store. - keySelectionStrategy: - type: string - description: Key Selection Strategy. - enum: - - OLDER - - NEWER - - FIRST - oxElevenTestModeToken: - type: string - description: oxEleven Test Mode Token. - oxElevenGenerateKeyEndpoint: - type: string - description: URL for the oxEleven Generate Key Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/generateKey' - oxElevenSignEndpoint: - type: string - description: URL for the oxEleven Sign Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/sign' - oxElevenVerifySignatureEndpoint: - type: string - description: URL for the oxEleven Verify Signature Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/verifySignature' - oxElevenDeleteKeyEndpoint: - type: string - description: URL for the oxEleven Delete Key Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/deleteKey' - introspectionAccessTokenMustHaveUmaProtectionScope: - type: boolean - description: Reject introspection requests if access_token in Authorization header does not have uma_protection scope. - endSessionWithAccessToken: - type: boolean - description: Accept access token to call end_session endpoint. - cookieDomain: - type: string - description: Sets cookie domain for all cookies created by OP. - enabledOAuthAuditLogging: - type: boolean - description: enabled OAuth Audit Logging. - jmsBrokerURISet: - type: array - description: JMS Broker URI Set. - format: select - items: - type: string - jmsUserName: - type: string - description: JMS UserName. - jmsPassword: - type: string - description: JMS Password. - clientWhiteList: - type: array - description: White List for Client Redirection URIs. - items: - type: string - clientBlackList: - type: array - description: Black List for Client Redirection URIs. - items: - type: string - legacyIdTokenClaims: - type: boolean - description: Include Claims in ID Token. - customHeadersWithAuthorizationResponse: - type: boolean - description: Boolean value specifying whether to enable Custom Response Header parameter to return custom headers with the Authorization Response. - frontChannelLogoutSessionSupported: - type: boolean - description: Boolean value to specify support for front channel logout session. - loggingLevel: - type: string - description: Logging level for jans-auth logger. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - OFF - loggingLayout: - type: string - description: Logging layout used for Jans Authorization Server loggers. - - text - - json - updateUserLastLogonTime: - type: boolean - description: Boolean value to specify if application should update oxLastLogonTime attribute on user authentication. - updateClientAccessTime: - type: boolean - description: Boolean value to specify if application should update oxLastAccessTime/oxLastLogonTime attributes on client authentication. - logClientIdOnClientAuthentication: - type: boolean - description: Boolean value to specify if application should log the Client ID on client authentication. - logClientNameOnClientAuthentication: - type: boolean - description: Boolean value to specify if application should log the Client Name on client authentication. - disableJdkLogger: - type: boolean - description: Boolean value specifying whether to enable JDK Loggers. - authorizationRequestCustomAllowedParameters: - type: array - description: Authorization Request Custom Allowed Parameters. - items: - type: string - legacyDynamicRegistrationScopeParam: - type: boolean - description: Legacy Dynamic Registration Scopes JSON Array Param. - openidScopeBackwardCompatibility: - type: boolean - description: Set to false to only allow token endpoint request for openid scope with grant type equals to authorization_code, restrict access to userinfo to scope openid and only return id_token if scope contains openid. - disableU2fEndpoint: - type: boolean - description: Enable/Disable U2F endpoints. - useLocalCache: - type: boolean - description: Boolean value specifying whether to enable local in-memory cache. - fapiCompatibility: - type: boolean - description: Boolean value specifying whether turn on FAPI compatibility mode. If true AS behaves in more strict mode. - forceIdTokenHintPrecense: - type: boolean - description: Boolean value specifying whether force id_token_hint parameter presence. - forceOfflineAccessScopeToEnableRefreshToken: - type: boolean - description: Boolean value specifying whether force offline_access scope to enable refresh_token grant type. - errorReasonEnabled: - type: boolean - description: Boolean value specifying whether to return detailed reason of the error from AS.. - removeRefreshTokensForClientOnLogout: - type: boolean - description: Boolean value specifying whether to remove refresh tokens on logout. - skipRefreshTokenDuringRefreshing: - type: boolean - description: Boolean value specifying whether to skip refreshing tokens on refreshing. - refreshTokenExtendLifetimeOnRotation: - type: boolean - description: Boolean value specifying whether to extend refresh tokens on rotation. - consentGatheringScriptBackwardCompatibility: - type: boolean - description: Boolean value specifying whether turn on Consent Gathering Script backward compatibility mode. If true AS will pick up script with higher level globally. If false AS will pick up script based on client configuration. - introspectionScriptBackwardCompatibility: - type: boolean - description: Boolean value specifying whether switch off client\'s introspection scripts (true value) and run all scripts that exists on server. - introspectionResponseScopesBackwardCompatibility: - type: boolean - description: Boolean value specifying introspection response backward compatibility mode. - softwareStatementValidationType: - type: string - description: Validation type used for software statement. - enum: - - none - - jwks - - jwks_uri - - script - softwareStatementValidationClaimName: - type: string - description: Validation claim name for software statement. - authenticationProtectionConfiguration: - type: object - description: Authentication Brute Force Protection Configuration. - $ref: '#/components/schemas/AuthenticationProtectionConfiguration' - errorHandlingMethod: - type: string - description: A list of possible error handling methods. - enum: - - internal - - remote - keepAuthenticatorAttributesOnAcrChange: - type: boolean - description: Boolean value specifying whether to keep authenticator attributes on ACR change. - deviceAuthzRequestExpiresIn: - type: integer - description: Expiration time given for device authorization requests. - deviceAuthzTokenPollInterval: - type: integer - description: Default interval returned to the client to process device token requests. - deviceAuthzResponseTypeToProcessAuthz: - type: string - description: Response type used to process device authz requests. - backchannelClientId: - type: string - description: Backchannel Client Id. - backchannelRedirectUri: - type: string - description: Backchannel Redirect Uri. - example: 'https://server.example.com/oxeleven/rest/backchannel/backchannelRedirectUri' - backchannelAuthenticationEndpoint: - type: string - description: Backchannel Authentication Endpoint. - example: 'https://server.example.com/oxeleven/rest/backchannel/backchannelAuthenticationEndpoint()' - backchannelDeviceRegistrationEndpoint: - type: string - description: Backchannel Device Registration Endpoint. - example: 'https://server.example.com/oxeleven/rest/backchannel/backchannelDeviceRegistrationEndpoint' - backchannelTokenDeliveryModesSupported: - type: array - description: Backchannel Token Delivery Modes Supported. - items: - type: string - enum: - - poll - - ping - - push - backchannelAuthenticationRequestSigningAlgValuesSupported: - type: array - description: Backchannel Authentication Request Signing Alg Values Supported. - items: - type: string - enum: - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - - RS384 - - RS256 - backchannelUserCodeParameterSupported: - type: boolean - description: Backchannel User Code Parameter Supported - backchannelBindingMessagePattern: - type: string - description: Backchannel Binding Message Pattern. - backchannelAuthenticationResponseExpiresIn: - type: integer - description: Backchannel Authentication Response Expires In. - backchannelAuthenticationResponseInterval: - type: integer - description: Backchannel Authentication Response Interval. - backchannelLoginHintClaims: - type: array - description: Backchannel Login Hint Claims. - items: - type: string - cibaEndUserNotificationConfig: - type: object - description: CIBA End User Notification Config. - $ref: '#/components/schemas/CIBAEndUserNotificationConfig' - backchannelRequestsProcessorJobIntervalSec: - type: integer - description: Specifies the allowable elapsed time in seconds backchannel request processor executes. - backchannelRequestsProcessorJobChunkSize: - type: integer - description: Each backchannel request processor iteration fetches chunk of data to be processed. - cibaGrantLifeExtraTimeSec: - type: integer - description: Specifies the CIBA Grant life extra time in seconds. - cibaMaxExpirationTimeAllowedSec: - type: integer - description: Specifies the CIBA token expiration time in seconds. - discoveryCacheLifetimeInMinutes: - type: integer - description: Lifetime of discovery cache. - httpLoggingEnabled: - type: boolean - description: Enable/Disable request/response logging filter. - httpLoggingExcludePaths: - type: array - description: List of base URI for which request/response logging filter should not record activity. - items: - type: string - example: '\"/auth/img\", \"/auth/stylesheet\"' - externalLoggerConfiguration: - type: string - description: Path to external log4j2 logging configuration. - example: /identity/logviewer/configure - dcrSignatureValidationEnabled: - type: boolean - description: Boolean value enables DCR signature validation. Default is false. - dcrSignatureValidationSharedSecret: - type: string - description: Specifies shared secret for Dynamic Client Registration. - dcrSignatureValidationSoftwareStatementJwksURIClaim: - type: string - description: Specifies claim name inside software statement. Value of claim should point to JWKS URI. - dcrSignatureValidationSoftwareStatementJwksClaim: - type: string - description: Specifies claim name inside software statement. Value of claim should point to inlined JWKS. - dcrSignatureValidationJwks: - type: string - description: Specifies JWKS for all DCR's validations. - dcrSignatureValidationJwksUri: - type: string - description: Specifies JWKS URI for all DCR's validations. - dcrAuthorizationWithClientCredentials: - type: boolean - description: Boolean value indicating if DCR authorization to be performed using client credentials. - dcrSkipSignatureValidation: - type: boolean - description: Boolean value indicating if signature validation is to be skipped. - statTimerIntervalInSeconds: - type: integer - description: Statistical data capture time interval. - statWebServiceIntervalLimitInSeconds: - type: integer - description: Statistical data capture time interval limit. - keyAlgsAllowedForGeneration: - type: array - description: List of algorithm allowed to be used for key generation. - items: - type: string - example: '\"RS256\", \"RS512\", \"ES384\", \"PS256\"' - discoveryAllowedKeys: - type: array - description: List of configuration response claim allowed to be displayed in discovery endpoint. - items: - type: string - example: 'authorization_endpoint, token_endpoint, jwks_uri, scopes_supported, response_types_supported, response_modes_supported, etc..' - allowIdTokenWithoutImplicitGrantTypes: - type: boolean - description: Specifies if a token without implicit grant types is allowed. - keySignWithSameKeyButDiffAlg: - type: boolean - description: Specifies if signing to be done with same key but apply different algorithms. - enabledComponents: - type: array - description: List of auth components enabled - items: - type: string - example: 'HEALTH_CHECK, USERINFO, CLIENTINFO, ID_GENERATION, REGISTRATION, INTROSPECTION, etc..' - staticKid: - type: string - description: Specifies static Kid - redirectUrisRegexEnabled: - type: boolean - description: Enable/Disable redirect uris validation using regular expression. - useHighestLevelScriptIfAcrScriptNotFound: - type: boolean - description: Enable/Disable usage of highest level script in case ACR script does not exist. - - GluuAttribute: - title: GluuAttribute - description: Attribute. - type: object - required: - - name - - description - - displayName - - dataType - - status - - viewType - - editType - properties: - dn: - type: string - inum: - description: XRI i-number. Identifier to uniquely identify the attribute. - type: string - name: - type: string - description: Name of the attribute. - example: 'name, displayName, birthdate, email' - displayName: - type: string - description: - type: string - description: User friendly descriptive detail of attribute. - dataType: - type: string - description: Data Type of attribute. - enum: - - STRING - - NUMERIC - - BOOLEAN - - BINARY - - CERTIFICATE - - DATE - - JSON - status: - type: string - description: Attrubute status - enum: - - ACTIVE - - INACTIVE - - EXPIRED - - REGISTER - lifetime: - type: string - sourceAttribute: - type: string - salt: - type: string - nameIdType: - type: string - origin: - type: string - editType: - type: array - description: GluuUserRole - items: - type: string - enum: - - ADMIN - - OWNER - - MANAGER - - USER - - WHITEPAGES - viewType: - type: array - description: GluuUserRole - items: - type: string - enum: - - ADMIN - - OWNER - - MANAGER - - USER - - WHITEPAGES - usageType: - type: object - description: GluuAttributeUsageType - items: - type: string - claimName: - type: string - seeAlso: - type: string - saml1Uri: - type: string - saml2Uri: - type: string - urn: - type: string - scimCustomAttr: - type: boolean - description: Boolean value indicating if the attribute is a SCIM custom attribute - oxMultiValuedAttribute: - type: boolean - description: Boolean value indicating if the attribute can hold multiple value. - attributeValidation: - type: object - description: Details of validations to be applied on the attribute - properties: - regexp: - type: string - description: Reguar expression to be used to validate the dataType. - minLength: - type: integer - maxLength: - type: integer - tooltip: - type: string - jansHideOnDiscovery: - type: boolean - description: Boolean value indicating if the attribute should be shown on that discovery page. - PatchRequest: - description: A JSONPatch document as defined by RFC 6902 - required: - - "op" - - "path" - properties: - op: - type: string - description: The operation to be performed - enum: - - "add" - - "remove" - - "replace" - - "move" - - "copy" - - "test" - path: - type: string - description: A JSON-Pointer - value: - type: object - description: The value to be used within the operations. - Scope: - title: Scope - description: Auth Scope. - type: object - required: - - id - - scopeType - properties: - dn: - type: string - inum: - description: Unique id identifying the . - type: string - displayName: - description: A human-readable name of the scope. - type: string - id: - description: The base64url encoded id. - type: string - iconUrl: - description: A URL for a graphic icon representing the scope. The referenced icon MAY be used by the authorization server in any user interface it presents to the resource owner. - type: string - description: - description: A human-readable string describing the scope. - type: string - scopeType: - description: The scopes type associated with Access Tokens determine what resources will. - type: string - enum: - - openid - - dynamic - - uma - - spontaneous - - oauth - claims: - description: Claim attributes associated with the scope. - type: array - items: - type: string - defaultScope: - description: Boolean value to specify default scope. - type: boolean - groupClaims: - description: Specifies if the scope is group claims. - type: boolean - dynamicScopeScripts: - description: Dynamic Scope Scripts associated with the scope. - type: array - items: - type: string - umaAuthorizationPolicies: - description: Policies associated with scopes. - type: array - items: - type: string - attributes: - type: object - description: ScopeAttributes - properties: - spontaneousClientId: - type: string - spontaneousClientScopes: - type: array - items: - type: string - showInConfigurationEndpoint: - type: boolean - umaType: - description: Specifies if the scope is of type UMA. - type: boolean - default: false - deletable: - description: Specifies if the scope can be deleted. - type: boolean - default: false - expirationDate: - description: Expiry date of the Scope. - type: string - format: date - CustomAttribute: - title: CustomAttribute - description: Attribute. - type: object - required: - - name - - multiValued - - values - properties: - name: - type: string - description: Name of the attribute. - example: 'name, displayName, birthdate, email' - multiValued: - type: boolean - description: Indicates if the attribute can hold multiple values. - values: - type: array - items: - type: string - ClientAttributes: - title: ClientAttributes - description: Attribute. - type: object - properties: - tlsClientAuthSubjectDn: - type: string - runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims: - description: Run Introspection Script Before Access Token as Jwt Creation and Include Claims. Default value is false. - type: boolean - keepClientAuthorizationAfterExpiration: - description: Keep Client Authorization After Expiration. - type: boolean - allowSpontaneousScopes: - type: boolean - spontaneousScopes: - type: array - items: - type: string - spontaneousScopeScriptDns: - type: array - items: - type: string - backchannelLogoutUri: - type: array - items: - type: string - backchannelLogoutSessionRequired: - type: boolean - additionalAudience: - type: array - items: - type: string - postAuthnScripts: - type: array - items: - type: string - consentGatheringScripts: - type: array - items: - type: string - introspectionScripts: - type: array - items: - type: string - rptClaimsScripts: - type: array - items: - type: string - Client: - title: Client object - description: Client. - type: object - required: - - applicationType - - logout - - includeClaimsInIdToken - - displayName - properties: - dn: - type: string - inum: - description: XRI i-number. Client Identifier to uniquely identify the client. - type: string - displayName: - type: string - description: Name of the user suitable for display to end-users - clientSecret: - type: string - description: The client secret. The client MAY omit the parameter if the client secret is an empty string. - frontChannelLogoutUri: - type: string - frontChannelLogoutSessionRequired: - type: boolean - registrationAccessToken: - type: string - clientIdIssuedAt: - type: string - format: date-time - clientSecretExpiresAt: - type: string - format: date-time - redirectUris: - description: Redirection URI values used by the Client. One of these registered Redirection URI values must exactly match the redirect_uri parameter value used in each Authorization Request - type: array - items: - type: string - example: - - 'https://client.example.org/cb' - claimRedirectUris: - description: Array of The Claims Redirect URIs to which the client wishes the authorization server to direct the requesting party's user agent after completing its interaction. - type: array - items: - type: string - responseTypes: - description: 'A list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using. If omitted, the default is that the Client will use only the code Response Type. Allowed values are code, token, id_token.' - type: array - items: - type: string - enum: - - code - - token - - id_token - grantTypes: - description: A list of the OAuth 2.0 Grant Types that the Client is declaring that it will restrict itself to using. - type: array - items: - type: string - enum: - - authorization_code - - implicit - - password - - client_credentials - - refresh_token - - urn:ietf:params:oauth:grant-type:uma-ticket - - urn:openid:params:grant-type:ciba - - urn:ietf:params:oauth:grant-type:device_code - applicationType: - description: 'Kind of the application. The default, if omitted, is web. The defined values are native or web. Web Clients using the OAuth Implicit Grant Type must only register URLs using the HTTPS scheme as redirect_uris, they must not use localhost as the hostname. Native Clients must only register redirect_uris using custom URI schemes or URLs using the http scheme with localhost as the hostname.' - type: string - enum: - - web - - native - contacts: - description: e-mail addresses of people responsible for this Client. - type: array - items: - type: string - clientName: - description: A human-readable name of the client. - type: string - idTokenTokenBindingCnf: - description: 'Specifies the JWT Confirmation Method member name (e.g. tbh) that the Relying Party expects when receiving Token Bound ID Tokens. The presence of this parameter indicates that the Relying Party supports Token Binding of ID Tokens. If omitted, the default is that the Relying Party does not support Token Binding of ID Tokens.' - type: string - logoUri: - description: URL that references a logo for the Client application. - type: string - clientUri: - description: URL of the home page of the Client. The value of this field must point to a valid Web page. - type: string - policyUri: - description: URL that the Relying Party Client provides to the End-User to read about the how the profile data will be used. - type: string - tosUri: - description: URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service. - type: string - jwksUri: - description: 'URL for the Client''s JSON Web Key Set (JWK) document containing key(s) that are used for signing requests to the OP. The JWK Set may also contain the Client''s encryption keys(s) that are used by the OP to encrypt the responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is required for all keys in the document to indicate each key''s intended usage.' - type: string - jwks: - description: 'List of JSON Web Key (JWK) - A JSON object that represents a cryptographic key. The members of the object represent properties of the key, including its value.' - type: string - example: '{ "keys" : [ { "e" : "AQAB", "n" : "gmlDX_mgMcHX.." ] }' - sectorIdentifierUri: - description: URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. - type: string - subjectType: - description: Subject type requested for the Client ID. Valid types include pairwise and public. - type: string - enum: - - pairwise - - public - idTokenSignedResponseAlg: - description: JWS alg algorithm (JWA) required for signing the ID Token issued to this Client. - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - idTokenEncryptedResponseAlg: - description: JWE alg algorithm (JWA) required for encrypting the ID Token issued to this Client. - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - idTokenEncryptedResponseEnc: - description: JWE enc algorithm (JWA) required for encrypting the ID Token issued to this Client. - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - userInfoSignedResponseAlg: - description: JWS alg algorithm (JWA) required for signing UserInfo Responses. - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - userInfoEncryptedResponseAlg: - description: JWE alg algorithm (JWA) required for encrypting UserInfo Responses. - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - userInfoEncryptedResponseEnc: - description: JWE enc algorithm (JWA) required for encrypting UserInfo Responses. - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - requestObjectSigningAlg: - description: JWS alg algorithm (JWA) that must be used for signing Request Objects sent to the OP. - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - requestObjectEncryptionAlg: - description: JWE alg algorithm (JWA) the RP is declaring that it may use for encrypting Request Objects sent to the OP. - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - requestObjectEncryptionEnc: - description: JWE enc algorithm (JWA) the RP is declaring that it may use for encrypting Request Objects sent to the OP. - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - tokenEndpointAuthMethod: - description: Requested Client Authentication method for the Token Endpoint. - type: string - enum: - - client_secret_basic - - client_secret_post - - client_secret_jwt - - private_key_jwt - - tls_client_auth - - none - tokenEndpointAuthSigningAlg: - description: JWS alg algorithm (JWA) that must be used for signing the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - defaultMaxAge: - description: Specifies the Default Maximum Authentication Age. - type: integer - format: int32 - example: 1000000 - requireAuthTime: - description: Boolean value specifying whether the auth_time Claim in the ID Token is required. It is required when the value is true. - type: boolean - defaultAcrValues: - description: Array of default requested Authentication Context Class Reference values that the Authorization Server must use for processing requests from the Client. - type: array - items: - type: string - initiateLoginUri: - description: Specifies the URI using the https scheme that the authorization server can call to initiate a login at the client. - type: string - postLogoutRedirectUris: - description: Provide the URLs supplied by the RP to request that the user be redirected to this location after a logout has been performed. - type: array - items: - type: string - example: - - 'https://client.example.org/logout/page1' - - 'https://client.example.org/logout/page2' - - 'https://client.example.org/logout/page3' - requestUris: - description: Provide a list of requests_uri values that are pre-registered by the Client for use at the Authorization Server. - type: array - items: - type: string - scopes: - description: Provide list of scopes granted to the client. - type: array - items: - type: string - example: - - read write dolphin - claims: - description: Provide list of claims granted to the client. - type: array - items: - type: string - description: String containing a space-separated list of claims that can be requested individually. - trustedClient: - description: Attribute which corresponds to the "Pre-Authorization" property. Default value is false. - type: boolean - default: false - lastAccessTime: - description: 'Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating last access time.' - type: string - format: date-time - lastLogonTime: - description: 'Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating last login time.' - type: string - format: date-time - persistClientAuthorizations: - description: Specifies if the client authorization details are to be persisted. Default value is true. - type: boolean - includeClaimsInIdToken: - description: 'If true then claims are included in token id, default value is false.' - type: boolean - default: false - refreshTokenLifetime: - description: Specifies the Client-specific refresh token expiration. - type: integer - format: int32 - example: 100000000 - accessTokenLifetime: - description: Specifies the Client-specific access token expiration. - type: integer - format: int32 - example: 100000000 - customAttributes: - type: array - items: - $ref: '#/components/schemas/CustomAttribute' - customObjectClasses: - type: array - items: - type: string - rptAsJwt: - description: Specifies whether RPT should be return as signed JWT. - type: boolean - accessTokenAsJwt: - description: Specifies whether access token as signed JWT. - type: boolean - accessTokenSigningAlg: - description: 'Specifies signing algorithm that has to be used during JWT signing. If it''s not specified, then the default OP signing algorithm will be used.' - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - disabled: - description: Specifies whether client is disabled. - type: boolean - default: false - authorizedOrigins: - description: Specifies authorized JavaScript origins. - type: array - items: - type: string - softwareId: - description: Specifies a unique identifier string (UUID) assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered. - type: string - example: 4NRB1-0XZABZI9E6-5SM3R - softwareVersion: - description: Specifies a version identifier string for the client software identified by 'software_id'. The value of the 'software_version' should change on any update to the client software identified by the same 'software_id'. - type: string - example: '2.1' - softwareStatement: - description: Specifies a software statement containing client metadata values about the client software as claims. This is a string value containing the entire signed JWT. - type: string - attributes: - type: object - $ref: '#/components/schemas/ClientAttributes' - backchannelTokenDeliveryMode: - description: specifies how backchannel token will be delivered. - type: string - enum: - - poll - - ping - - push - backchannelClientNotificationEndpoint: - description: 'Client Initiated Backchannel Authentication (CIBA) enables a Client to initiate the authentication of an end-user by means of out-of-band mechanisms. Upon receipt of the notification, the Client makes a request to the token endpoint to obtain the tokens.' - type: string - backchannelAuthenticationRequestSigningAlg: - description: 'The JWS algorithm alg value that the Client will use for signing authentication request, as described in Section 7.1.1. of OAuth 2.0 [RFC6749]. When omitted, the Client will not send signed authentication requests.' - type: string - enum: - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - backchannelUserCodeParameter: - description: 'Boolean value specifying whether the Client supports the user_code parameter. If omitted, the default value is false.' - type: boolean - expirationDate: - description: Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this permission will expire. - type: string - format: date-time - deletable: - description: Specifies whether client is deletable. - type: boolean - default: false - jansId: - description: Attribute Scope Id. - type: string - description: - description: Description of the client. - type: string - - UmaResource: - title: UMAResource object - description: UMAResource - type: object - required: - - id - - type - - iconUri - properties: - dn: - type: string - inum: - description: XRI i-number. Client Identifier to uniquely identify the UMAResource. - type: string - id: - description: Resource id. - type: string - name: - description: A human-readable name of the scope. - type: string - iconUri: - description: A URL for a graphic icon representing the resource. - type: string - scopes: - description: Applicable resource scopes. - type: array - items: - type: string - scopeExpression: - description: Resource scope expression. - type: string - clients: - description: List of client assosiated with the resource. - type: array - items: - type: string - resources: - description: List of assosiated resource. - type: array - items: - type: string - rev: - description: Resource revision. - type: string - creator: - description: Resource creator or owner. - type: string - description: - description: Resource description. - type: string - type: - description: Resource type. - type: string - creationDate: - description: 'Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this resource will created.' - type: string - format: date-time - expirationDate: - description: 'Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this resource will expire.' - type: string - format: date-time - deletable: - description: Specifies whether client is deletable. - type: boolean - default: false - SectorIdentifier: - type: object - description: Sector Identifier Details. - required: - - id - properties: - id: - description: XRI i-number. Sector Identifier to uniquely identify the sector. - type: string - description: - description: A human-readable string describing the sector. - type: string - redirectUris: - description: Redirection URI values used by the Client. One of these registered Redirection URI values must exactly match the redirect_uri parameter value used in each Authorization Request - type: array - items: - type: string - example: - - 'https://client.example.org/cb' - clientIds: - description: List of OAuth 2.0 Client Identifier valid at the Authorization Server. - type: array - items: - type: string - example: 1402.0ab17362-36cc-4ac8-9c73-20239de64364 API Requesting Party Client. - CacheConfiguration: - type: object - description: Cache Configuration Details. - properties: - cacheProviderType: - description: The cache Provider Type. - type: string - enum: - - IN_MEMORY - - MEMCACHED - - REDIS - - NATIVE_PERSISTENCE - memcachedConfiguration: - type: object - $ref: '#/components/schemas/MemcachedConfiguration' - redisConfiguration: - type: object - $ref: '#/components/schemas/RedisConfiguration' - inMemoryConfiguration: - type: object - $ref: '#/components/schemas/InMemoryConfiguration' - nativePersistenceConfiguration: - type: object - $ref: '#/components/schemas/NativePersistenceConfiguration' - MemcachedConfiguration: - description: Memcached cache configuration. - type: object - properties: - servers: - type: string - description: Server details separated by spaces. - format: url - minLength: 1 - maxOperationQueueLength: - type: integer - description: Maximum operation Queue Length. - bufferSize: - type: integer - description: Buffer Size. - defaultPutExpiration: - type: integer - description: Expiration timeout value. - connectionFactoryType: - type: string - description: The MemcachedConnectionFactoryType Type. - enum: - - DEFAULT - - BINARY - RedisConfiguration: - type: object - description: Cache Configuration - properties: - redisProviderType: - description: Type of connection. - type: string - enum: - - STANDALONE - - CLUSTER - - SHARDED - - SENTINEL - servers: - description: 'server details separated by comma e.g. ''server1:8080server2:8081''.' - type: string - title: servers - format: url - password: - description: Redis password. - type: string - defaultPutExpiration: - description: defaultPutExpiration timeout value. - type: integer - sentinelMasterGroupName: - description: Sentinel Master Group Name (required if SENTINEL type of connection is selected). - type: string - useSSL: - description: Enable SSL communication between Gluu Server and Redis cache. - type: boolean - sslTrustStoreFilePath: - description: Directory Path to Trust Store. - type: string - format: url - maxIdleConnections: - description: The cap on the number of \idle\ instances in the pool. If max idle is set too low on heavily loaded systems it is possible you will see objects being destroyed and almost immediately new objects being created. This is a result of the active threads momentarily returning objects faster than they are requesting them causing the number of idle objects to rise above max idle. The best value for max idle for heavily loaded system will vary but the default is a good starting point. - type: integer - maxTotalConnections: - description: The number of maximum connection instances in the pool. - type: integer - connectionTimeout: - description: Connection time out. - type: integer - soTimeout: - description: With this option set to a non-zero timeout a read() call on the InputStream associated with this Socket will block for only this amount of time. If the timeout expires a java.net.SocketTimeoutException is raised though the Socket is still valid. The option must be enabled prior to entering the blocking operation to have effect. The timeout must be > 0. A timeout of zero is interpreted as an infinite timeout. - type: integer - maxRetryAttempts: - description: Maximum retry attempts in case of failure. - type: integer - InMemoryConfiguration: - type: object - description: Cache configuration. - properties: - defaultPutExpiration: - description: defaultPutExpiration timeout value. - type: integer - NativePersistenceConfiguration: - type: object - description: Cache configuration. - properties: - defaultPutExpiration: - description: defaultPutExpiration timeout value. - type: integer - defaultCleanupBatchSize: - description: defaultCleanupBatchSize page size. - type: integer - deleteExpiredOnGetRequest: - type: boolean - SmtpConfiguration: - type: object - description: SMTP configuration. - properties: - host: - description: Hostname of the SMTP server. - type: string - format: url - port: - description: Port number of the SMTP server. - type: integer - format: int32 - multipleOf: 1 - requires_ssl: - description: Boolean value with default value false. If true, SSL will be enabled. - type: boolean - trust_host: - type: boolean - description: Boolean value with default value false. - from_name: - description: Name of the sender. - type: string - from_email_address: - description: Email Address of the Sender. - type: string - requires_authentication: - description: Boolean value with default value false. It true it will enable sender authentication. - type: boolean - user_name: - description: Username of the SMTP. - type: string - password: - description: Password for the SMTP. - type: string - LoggingConfiguration: - type: object - description: Log configuration. - properties: - loggingLevel: - type: string - description: Logging level for Jans Authorization Server logger. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - 'OFF' - loggingLayout: - type: string - description: Logging layout used for Jans Authorization Server loggers. - enum: - - text - - json - httpLoggingEnabled: - description: To enable http request/response logging. - type: boolean - disableJdkLogger: - description: To enable/disable Jdk logging. - type: boolean - enabledOAuthAuditLogging: - description: To enable/disable OAuth audit logging. - type: boolean - externalLoggerConfiguration: - description: Path to external log4j2 configuration file. - type: string - httpLoggingExcludePaths: - description: List of paths to exclude from logger. - type: array - items: - type: string - example: - - /auth/img - - /auth/stylesheet - WebKeysConfiguration: - type: object - description: 'JSON Web Key Set (JWKS) - A JSON object that represents a set of JWKs. The JSON object MUST have a keys member, which is an array of JWKs.' - required: - - keys - properties: - keys: - type: array - description: 'List of JSON Web Key (JWK) - A JSON object that represents a cryptographic key. The members of the object represent properties of the key, including its value.' - items: - $ref: '#/components/schemas/JsonWebKey' - - AuthenticationMethod: - type: object - description: Authentication Method Configuration - properties: - defaultAcr: - type: string - description: This field controls the default authentication mechanism that is presented to users from all applications that leverage Janssen Server for authentication. - - JansFido2DynConfiguration: - type: object - description: Jans Fido2 dynamic configuration properties. - properties: - issuer: - type: string - description: URL using the https scheme for Issuer identifier. - example: 'https://server.example.com/' - baseEndpoint: - type: string - description: The base URL for Fido2 endpoints. - example: 'https://server.example.com/fido2/restv1' - cleanServiceInterval: - type: integer - description: Time interval for the Clean Service in seconds. - cleanServiceBatchChunkSize: - type: integer - description: Each clean up iteration fetches chunk of expired data per base dn and removes it from storage. - useLocalCache: - description: Boolean value to indicate if Local Cache is to be used. - type: boolean - disableJdkLogger: - type: boolean - description: Boolean value specifying whether to enable JDK Loggers. - loggingLevel: - type: string - description: Logging level for Fido2 logger. - loggingLayout: - type: string - description: Logging layout used for Fido2. - externalLoggerConfiguration: - type: string - description: Path to external Fido2 logging configuration. - metricReporterInterval: - type: integer - description: The interval for metric reporter in seconds. - metricReporterKeepDataDays: - type: integer - description: The days to keep report data. - personCustomObjectClassList: - type: array - description: Custom object class list for dynamic person enrolment. - items: - type: string - fido2Configuration: - description: Fido2Configuration. - $ref: '#/components/schemas/Fido2Configuration' - - Fido2Configuration: - type: object - description: Fido2 configuration properties. - properties: - authenticatorCertsFolder: - description: Authenticators certificates fodler. - type: string - mdsCertsFolder: - description: MDS TOC root certificates folder. - type: string - mdsTocsFolder: - description: MDS TOC files folder. - type: string - serverMetadataFolder: - description: Authenticators metadata in json format. - type: string - requestedParties: - description: Authenticators metadata in json format. - type: array - items: - $ref: '#/components/schemas/RequestedParties' - userAutoEnrollment: - description: Allow to enroll users on enrollment/authentication requests. - type: boolean - unfinishedRequestExpiration: - description: Expiration time in seconds for pending enrollment/authentication requests - type: integer - authenticationHistoryExpiration: - description: Expiration time in seconds for approved authentication requests. - type: integer - requestedCredentialTypes: - description: List of Requested Credential Types. - type: array - items: - type: string - RequestedParties: - type: object - description: Credential Type. - properties: - name: - description: Name of the Requested Party. - type: string - format: url - domains: - description: Requested Party domains. - type: array - items: - type: string - SimpleCustomProperty: - type: object - description: Simple Property. - properties: - value1: - type: string - value2: - type: string - description: - type: string - SimpleExtendedCustomProperty: - type: object - description: Simple Extended Property. - properties: - value1: - type: string - value2: - type: string - description: - type: string - hide: - type: boolean - ScriptError: - type: object - description: Possible errors assosiated with the script. - properties: - raisedAt: - type: string - format: date-time - stackTrace: - type: string - AuthenticationFilters: - type: object - description: Represents the authentication filter. - properties: - filter: - type: string - description: Filter to be used. - example: 'myCustomAttr1={0}' - bind: - type: boolean - description: Filter bind. - bind-password-attribute: - type: string - description: Filter bind password attribute. - base-dn: - type: string - description: Bind filter base distinguished name. - example: 'ou=clients,o=gluu' - CorsConfigurationFilter: - type: object - description: CORS Configuration Filter. - properties: - filterName: - type: string - description: Filter name. - corsEnabled: - type: boolean - description: Boolean value indicating if the filter is enabled. - corsAllowedOrigins: - type: string - description: A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, a whitelist of comma separated origins can be provided. - corsAllowedMethods: - type: string - description: A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of Access-Control-Allow-Methods header in pre-flight response. - corsAllowedHeaders: - type: string - description: The names of the supported author request headers. - corsExposedHeaders: - type: string - description: A comma separated list of request headers that can be used when making an actual request. These headers will also be returned as part of Access-Control-Allow-Headers header in a pre-flight response. - corsSupportCredentials: - type: boolean - description: A flag that indicates whether the resource supports user credentials. This flag is exposed as part of Access-Control-Allow-Credentials header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. - corsLoggingEnabled: - type: boolean - description: Value to enable logging, Setting the value to False will disable logging. - corsPreflightMaxAge: - type: integer - description: The duration in seconds the browser is allowed to cache the result of the pre-flight request. - corsRequestDecorate: - type: boolean - description: A flag to control if CORS specific attributes should be added to the HttpServletRequest object. - - AuthenticationProtectionConfiguration: - type: object - description: Authentication Brute Force Protection Configuration. - properties: - attemptExpiration: - type: integer - description: How long store in cache information about particular login attempt. It's needed to count login attempts withing specified period of time. - maximumAllowedAttemptsWithoutDelay: - type: integer - description: How many attempts application allow without delay. - delayTime: - type: integer - description: Delay time in seconds after reaching maximumAllowedAttemptsWithoutDelay limit. - bruteForceProtectionEnabled: - type: boolean - description: Enable or disable service, This functionality can be enabled dynamically. - - CIBAEndUserNotificationConfig: - type: object - description: CIBA End User Notification Config. - properties: - apiKey: - type: string - description: API Key - authDomain: - type: string - description: Auth Domain - databaseURL: - type: string - description: Database URL - projectId: - type: string - description: Project ID - storageBucket: - type: string - description: Storage Bucket - messagingSenderId: - type: string - description: Messaging Sender ID - appId: - type: string - description: App ID - notificationUrl: - type: string - description: Notification URL - notificationKey: - type: string - description: Notification Key - publicVapidKey: - type: string - description: Public Vapid Key - - - StatResponseItem: - type: object - description: Server statistics data - properties: - month: - type: integer - monthly_active_users: - type: integer - format: int64 - description: Number of active users - default: 0 - token_count_per_granttype: - type: object - additionalProperties: - $ref: '#/components/schemas/TokenMapObject' - - TokenMapObject: - type: object - description: A hashmap with statistical item as a key and the value as statistical value. - additionalProperties: - type: integer - format: int64 - - HealthStatus: - type: object - description: Server health data - properties: - status: - type: string - description: Health parameter name - error: - type: string - description: error message in case of error - checks: - type: array - items: - $ref: '#/components/schemas/HealthStatusItem' - description: health check status details. - example: '"checks": [{"name": "jans-config-api liveness","status": "UP"},{"name": "jans-config-api readiness","status": "UP"}],"status": "UP"}' - - - HealthStatusItem: - type: object - description: Server health data - properties: - name: - type: string - description: Health parameter name - status: - type: string - description: Health parameter status - - SearchRequest: - type: object - description: Search Parameters. - properties: - schemas: - type: array - items: - type: string - description: schema details - attributes: - type: array - items: - type: string - description: attribute details - excludedAttributes: - type: array - items: - type: string - description: attribute to be excluded details - filter: - type: string - description: search filter - sortBy: - type: string - description: attribute to be used for sorting - sortOrder: - type: string - description: sorting order - startIndex: - type: integer - format: int32 - description: result start index - count: - type: integer - format: int32 - description: total count of records - - UserListResponse: - description: Results for users search. See section 3.4.2.4 of RFC 7644 - allOf: - - $ref: '#/components/schemas/BasicListResponse' - - type: object - - type: object - properties: - Resources: - type: array - items: - $ref: '#/components/schemas/UserResource' - BasicListResponse: - type: object - properties: - schemas: - type: array - items: - type: string - example: urn:ietf:params:scim:api:messages:2.0:ListResponse - totalResults: - type: integer - description: Total number of results returned by the search. The value may be larger than the number of resources returned due to pagination - startIndex: - type: integer - description: The 1-based index of the first result in the current set of search results - itemsPerPage: - type: integer - description: The number of resources returned in a results page - - UserResource: - description: Represents a user resource. See section 4.1 of RFC 7643 - allOf: - - $ref: '#/components/schemas/BaseResource' - - type: object - - type: object - properties: - externalId: - type: string - description: Identifier of the resource useful from the perspective of the provisioning client. See section 3.1 of RFC 7643 - userName: - type: string - description: Identifier for the user, typically used by the user to directly authenticate (id and externalId are opaque identifiers generally not known by users) - name: - $ref: '#/components/schemas/Name' - displayName: - type: string - description: Name of the user suitable for display to end-users - nickName: - type: string - description: Casual way to address the user in real life - profileUrl: - type: string - description: URI pointing to a location representing the User's online profile - title: - type: string - example: Vice President - userType: - type: string - description: Used to identify the relationship between the organization and the user - example: Contractor - preferredLanguage: - type: string - description: Preferred language as used in the Accept-Language HTTP header - example: en - locale: - type: string - description: Used for purposes of localizing items such as currency and dates - example: en-US - timezone: - type: string - example: America/Los_Angeles - active: - type: boolean - password: - type: string - emails: - type: array - items: - $ref: '#/components/schemas/Email' - phoneNumbers: - type: array - items: - $ref: '#/components/schemas/PhoneNumber' - ims: - type: array - items: - $ref: '#/components/schemas/InstantMessagingAddress' - photos: - type: array - items: - $ref: '#/components/schemas/Photo' - addresses: - type: array - items: - $ref: '#/components/schemas/Address' - groups: - type: array - items: - $ref: '#/components/schemas/Group' - entitlements: - type: array - items: - $ref: '#/components/schemas/Entitlement' - roles: - type: array - items: - $ref: '#/components/schemas/Role' - x509Certificates: - type: array - items: - $ref: '#/components/schemas/X509Certificate' - urn:ietf:params:scim:schemas:extension:gluu:2.0:User: - type: object - properties: {} - description: Extended attributes - - Name: - type: object - properties: - familyName: - type: string - givenName: - type: string - middleName: - type: string - honorificPrefix: - type: string - description: A "title" like "Ms.", "Mrs." - honorificSuffix: - type: string - description: Name suffix, like "Junior", "The great", "III" - formatted: - type: string - description: Full name, including all middle names, titles, and suffixes as appropriate - description: See section 4.1.1 of RFC 7643 - Email: - type: object - properties: - value: - description: E-mail addresses for the user. - type: string - example: gossow@nsfw.com - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'work' or 'home'. - type: string - example: work - primary: - type: boolean - description: Denotes if this is the preferred e-mail among others, if any - description: See section 4.1.2 of RFC 7643 - PhoneNumber: - type: object - properties: - value: - description: Phone number of the User - type: string - example: +1-555-555-8377 - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'work' or 'home' or 'mobile' etc. - type: string - example: fax - primary: - description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute. - type: boolean - InstantMessagingAddress: - type: object - properties: - value: - description: Instant messaging address for the User. - type: string - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'aim', 'gtalk', 'mobile' etc. - type: string - example: gtalk - primary: - type: boolean - description: Denotes if this is the preferred messaging addressed among others, if any - description: See section 4.1.2 of RFC 7643 - Photo: - type: object - properties: - value: - description: URI of a photo of the User. - type: string - example: https://pics.nsfw.com/gossow.png - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'photo' or 'thumbnail'. - type: string - example: thumbnail - primary: - type: boolean - description: Denotes if this is the preferred photo among others, if any - description: Points to a resource location representing the user's image. See section 4.1.2 of RFC 7643 - Address: - type: object - properties: - formatted: - type: string - description: The full mailing address, formatted for display or use with a mailing label. - streetAddress: - description: The full street address component, which may include house number, street name,PO BOX,etc. - type: string - example: 56 Acacia Avenue - locality: - type: string - description: City or locality of the address - region: - type: string - description: State or region of the address - postalCode: - type: string - description: Zip code - country: - type: string - description: Country expressed in ISO 3166-1 "alpha-2" code format - example: UK - type: - description: A label indicating the attribute's function; e.g., 'work' or 'home'. - type: string - example: home - primary: - type: boolean - description: Denotes if this is the preferred address among others, if any - description: Physical mailing address for this user. See section 4.1.2 of RFC 7643 - Role: - type: object - properties: - value: - description: The value of a role - type: string - example: Project manager - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function. - type: string - primary: - type: boolean - description: Denotes if this is the preferred role among others, if any - description: See section 4.1.2 of RFC 7643 - BaseResource: - type: object - properties: - schemas: - type: array - description: URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current structure - items: - type: string - id: - type: string - description: A unique identifier for a SCIM resource. See section 3.1 of RFC 7643 - meta: - $ref: '#/components/schemas/Meta' - Group: - type: object - properties: - value: - type: string - description: Group identifier - example: 180ee84f0671b1 - $ref: - type: string - description: URI associated to the group - example: https://nsfw.com/scim/restv1/v2/Groups/180ee84f0671b1 - display: - description: A human readable name, primarily used for display purposes. - type: string - example: Cult managers - type: - type: string - description: Describes how the group membership was derived - example: direct - description: See section 4.1.2 of RFC 7643 - Entitlement: - type: object - properties: - value: - description: The value of an entitlement. - type: string - example: Stakeholder - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function. - type: string - primary: - type: boolean - description: Denotes if this is the preferred entitlement among others, if any - description: Entitlements represent things a user has, like rights. See section 4.1.2 of RFC 7643 - X509Certificate: - type: object - properties: - value: - description: The value of a X509 certificate. - type: string - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function. - type: string - primary: - type: boolean - description: Denotes if this is the preferred certificate among others, if any - description: A certificate associated with the user. See section 4.1.2 of RFC 7643 - Meta: - type: object - properties: - resourceType: - type: string - created: - type: string - lastModified: - type: string - location: - type: string - description: See section 3.1 of RFC 7643 - - ScimPatchOperation: - required: - - op - type: object - properties: - op: - type: string - description: The kind of operation to perform - enum: - - add - - remove - - replace - path: - type: string - description: Required when op is remove, optional otherwise - value: - $ref: '#/components/schemas/AnyValue' - description: Only required when op is add or replace - description: See section 3.5.2 of RFC 7644 - - ScimPatchRequest: - description: Stores one or more patch operations - required: - - operations - type: object - properties: - schemas: - type: array - items: - type: string - example: urn:ietf:params:scim:api:messages:2.0:PatchOp - operations: - type: array - items: - $ref: '#/components/schemas/ScimPatchOperation' - AnyValue: - description: Can be any value - string, number, boolean, array or object - - AuthHealthStatus: - type: object - description: Auth Server health data - additionalProperties: - type: string - - AdminRole: - type: object - description: Admin role - required: - - role - properties: - role: - type: string - description: role - description: - type: string - description: role description - deletable: - type: boolean - description: can we delete the role? - AdminPermission: - type: object - description: Admin permission - required: - - permission - properties: - permission: - type: string - description: permission - description: - type: string - description: permission description - RolePermissionMapping: - type: object - description: Admin role-permission mapping - required: - - role - properties: - role: - type: string - description: role - permissions: - type: array - items: - type: string - description: permissions - LicenseRequest: - type: object - description: Admin license request - required: - - validityPeriod - properties: - validityPeriod: - type: string - description: The license will expire on following date. - maxActivations: - type: string - description: The maximum allowed activations of this license on different machines. - licenseActive: - type: string - description: Is license active? - LicenseResponse: - type: object - description: Admin license response - properties: - licenseEnabled: - type: boolean - description: Is license module enabled in admin-ui application? - default: false - productName: - type: string - description: The license is registered under following product. - productCode: - type: string - description: The short code is used in our API calls in order to identify the product. - licenseType: - type: string - description: The type of license (eg Perpetual, Time-based, Subscription, and Consumption-based licenses). - maxActivations: - type: integer - description: The license key. - licenseKey: - type: string - description: The license key. - licenseActive: - type: boolean - description: Is license active? - default: false - validityPeriod: - type: string - description: The license validity period - companyName: - type: string - description: The company name of the registered license. - customerEmail: - type: string - description: The customer email address of the registered license. - customerFirstName: - type: string - description: The customer first name. - customerLastName: - type: string - description: The customer last name. - ScimAppConfiguration: - type: object - properties: - baseDN: - type: string - description: Application config Base DN - applicationUrl: - type: string - description: Application base URL - baseEndpoint: - type: string - description: SCIM base endpoint URL - personCustomObjectClass: - type: string - description: Person Object Class - oxAuthIssuer: - type: string - description: Jans Auth - Issuer identifier. - protectionMode: - type: string - enum: - - OAUTH - - BYPASS - description: SCIM Protection Mode - maxCount: - type: integer - example: Maximum number of results per page - userExtensionSchemaURI: - type: string - description: User Extension Schema URI - loggingLevel: - type: string - description: Logging level for scim logger. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - OFF - loggingLayout: - type: string - description: Logging layout used for Server loggers. - externalLoggerConfiguration: - type: string - description: Path to external log4j2 logging configuration. - metricReporterInterval: - type: integer - description: The interval for metric reporter in seconds. - metricReporterKeepDataDays: - type: integer - description: The days to keep metric reported data. - metricReporterEnabled: - type: boolean - description: Metric reported data enabled flag. - disableJdkLogger: - type: boolean - description: Boolean value specifying whether to enable JDK Loggers. - useLocalCache: - type: boolean - description: Boolean value specifying whether to enable local in-memory cache. - - Organization: - type: object - properties: - displayName: - type: string - description: Organization name - description: - type: string - description: Organization description - member: - type: string - description: String describing memberOf - countryName: - type: string - description: Organization country name - organization: - type: string - status: - type: string - managerGroup: - type: string - description: qualified id of the group - example: inum=60B7,ou=groups,o=jans - themeColor: - type: string - description: color of the theme - example: 166309 - shortName: - type: string - customMessages: - type: array - items: - type: string - title: - type: string - jsLogoPath: - type: string - description: Path to organization logo image - jsFaviconPath: - type: string - description: Path to organization favicon image - - - FacterData: - type: object - properties: - memoryfree: - type: string - description: Server free memory - swapfree: - type: string - description: Server swap free - hostname: - type: string - description: Server hostname - ipaddress: - type: string - description: Server ipaddress - uptime: - type: string - description: Server uptime - free_disk_space: - type: string - description: Server free disk space - load_average: - type: string - description: Server average load time - - - StatsData: - type: object - properties: - dbType: - type: string - description: Jans Server DB type - lastUpdate: - type: string - description: Stats update time - facterData: - type: object - $ref: '#/components/schemas/FacterData' - description: Underlying Server stats - - User: - title: User object - description: User. - type: object - required: - - userId - properties: - dn: - type: string - description: Domain name. - userId: - description: A domain issued and managed identifier for the user. - type: string - createdAt: - description: User creation date. - type: string - format: date-time - updatedAt: - description: Time the information of the person was last updated. Seconds from 1970-01-01T0:0:0Z - type: string - format: date-time - oxAuthPersistentJwt: - description: Persistent JWT. - type: array - items: - type: string - customAttributes: - description: dn of associated clients with the user. - type: array - items: - $ref: '#/components/schemas/CustomAttribute' - - \ No newline at end of file diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/model/user/UserPatchRequest.java b/jans-config-api/common/src/main/java/io/jans/configapi/model/user/UserPatchRequest.java new file mode 100644 index 00000000000..51cc2602909 --- /dev/null +++ b/jans-config-api/common/src/main/java/io/jans/configapi/model/user/UserPatchRequest.java @@ -0,0 +1,39 @@ +package io.jans.configapi.model.user; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +import io.jans.orm.model.base.CustomObjectAttribute; + +import java.io.Serializable; +import java.util.List; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class UserPatchRequest implements Serializable { + + private static final long serialVersionUID = 1L; + + private String jsonPatchString; + + private List customAttributes; + + public String getJsonPatchString() { + return jsonPatchString; + } + + public void setJsonPatchString(String jsonPatchString) { + this.jsonPatchString = jsonPatchString; + } + + public List getCustomAttributes() { + return customAttributes; + } + + public void setCustomAttributes(List customAttributes) { + this.customAttributes = customAttributes; + } + + @Override + public String toString() { + return "UserPatchRequest [jsonPatchString=" + jsonPatchString + ", customAttributes=" + customAttributes + "]"; + } +} diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java index 311498ddfb4..1872c020dd2 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/UserResource.java @@ -10,12 +10,12 @@ import static io.jans.as.model.util.Util.escapeLog; import io.jans.as.common.model.common.User; import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.configapi.model.user.UserPatchRequest; import io.jans.configapi.rest.model.SearchRequest; import io.jans.configapi.service.auth.UserService; import io.jans.configapi.util.ApiAccessConstants; import io.jans.configapi.util.ApiConstants; import io.jans.orm.model.PagedResult; -import io.jans.orm.model.base.CustomObjectAttribute; import java.io.IOException; import java.util.ArrayList; @@ -103,17 +103,20 @@ public Response updateUser(@Valid User user) { @Consumes(MediaType.APPLICATION_JSON_PATCH_JSON) @ProtectedApi(scopes = { ApiAccessConstants.USER_WRITE_ACCESS }) @Path(ApiConstants.INUM_PATH) - public Response patchUser(@PathParam(ApiConstants.INUM) @NotNull String inum, @NotNull String pathString, - List customAttributes) throws JsonPatchException, IOException { + public Response patchUser(@PathParam(ApiConstants.INUM) @NotNull String inum, @NotNull UserPatchRequest userPatchRequest) throws JsonPatchException, IOException { if (logger.isDebugEnabled()) { - logger.debug("User details to be patched - inum:{}, pathString:{}, customAttributes:{} ", escapeLog(inum), - escapeLog(pathString), escapeLog(customAttributes)); + logger.debug("User:{} to be patched with :{} ", escapeLog(inum),escapeLog(userPatchRequest)); } + logger.error("User:{} to be patched with :{} ", escapeLog(inum),escapeLog(userPatchRequest)); + + //check if user exists User existingUser = userSrv.getUserByInum(inum); checkResourceNotNull(existingUser, USER); - existingUser = userSrv.patchUser(inum, pathString, customAttributes); - logger.debug("Patched user:{}", existingUser); + //patch user + existingUser = userSrv.patchUser(inum, userPatchRequest); + logger.error("Patched user:{}", existingUser); + return Response.ok(existingUser).build(); } @@ -151,14 +154,4 @@ private List doSearch(SearchRequest searchReq) { return users; } - private CustomObjectAttribute getCustomObjectAttribute(List customAttributesList, - String name) { - - if (customAttributesList != null && !customAttributesList.isEmpty()) { - return customAttributesList.stream().filter(x -> x.getName() != null && x.getName().equals(name)).findAny() - .orElse(null); - } - return null; - } - } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java index f906bdfb385..31322d45e0c 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/UserService.java @@ -12,6 +12,7 @@ import io.jans.as.model.config.StaticConfiguration; import io.jans.as.model.configuration.AppConfiguration; import io.jans.configapi.core.util.Jackson; +import io.jans.configapi.model.user.UserPatchRequest; import io.jans.configapi.rest.model.SearchRequest; import io.jans.orm.model.PagedResult; import io.jans.orm.model.SortOrder; @@ -80,11 +81,10 @@ public void removeUser(User user) { persistenceEntryManager.removeRecursively(user.getDn(), User.class); } - public User patchUser(String inum, String pathString, List customAttributes) + public User patchUser(String inum, UserPatchRequest userPatchRequest) throws JsonPatchException, IOException { - logger.debug("Details to patch user inum:{}, pathString:{}, customAttributes:{} ", escapeLog(inum), - escapeLog(pathString), escapeLog(customAttributes)); + logger.error("Details to patch user inum:{}, UserPatchRequest:{} ", escapeLog(inum), escapeLog(userPatchRequest)); if (StringHelper.isEmpty(inum)) { return null; } @@ -94,38 +94,41 @@ public User patchUser(String inum, String pathString, List customAttributes) { - logger.debug("Custom Attributes to update for - user:{}, customAttributes:{} ", user, customAttributes); + logger.error("Custom Attributes to update for - user:{}, customAttributes:{} ", user, customAttributes); if (customAttributes != null && !customAttributes.isEmpty()) { for (CustomObjectAttribute attribute : customAttributes) { CustomObjectAttribute existingAttribute = getCustomAttribute(user, attribute.getName()); - logger.debug("Existing CustomAttributes with existingAttribute:{} ", existingAttribute); + logger.error("Existing CustomAttributes with existingAttribute:{} ", existingAttribute); // add if (existingAttribute == null) { boolean result = addUserAttribute(user, attribute.getName(), attribute.getValues(), attribute.isMultiValued()); - logger.debug("Result of adding CustomAttributes attribute:{} , result:{} ", attribute, result); + logger.error("Result of adding CustomAttributes attribute:{} , result:{} ", attribute, result); } // remove attribute else if (attribute.getValue() == null || attribute.getValues() == null) { @@ -138,7 +141,7 @@ else if (attribute.getValue() == null || attribute.getValues() == null) { existingAttribute.setValues(attribute.getValues()); } // Final attribute - logger.debug("Finally user CustomAttributes user.getCustomAttributes:{} ", user.getCustomAttributes()); + logger.error("Finally user CustomAttributes user.getCustomAttributes:{} ", user.getCustomAttributes()); } } diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/util/Jackson.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/util/Jackson.java index ec03d47a680..fec9bde0e49 100644 --- a/jans-config-api/shared/src/main/java/io/jans/configapi/core/util/Jackson.java +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/util/Jackson.java @@ -27,11 +27,15 @@ import org.json.JSONException; import org.json.JSONObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + /** * @author Yuriy Zabrovarnyy */ public class Jackson { + private static final Logger LOG = LoggerFactory.getLogger(Jackson.class); private Jackson() { } @@ -46,6 +50,7 @@ public static String getElement(String jsonString, String fieldName) throws Json } public static T applyPatch(String patchAsString, T obj) throws JsonPatchException, IOException { + LOG.error("\n\n\n Jackson::applyPatch() - patchAsString:{}, obj:{}", patchAsString, obj ); JsonPatch jsonPatch = JsonPatch.fromJson(Jackson.asJsonNode(patchAsString)); return applyPatch(jsonPatch, obj); } diff --git a/jans-orm/model/src/main/java/io/jans/orm/model/base/CustomObjectAttribute.java b/jans-orm/model/src/main/java/io/jans/orm/model/base/CustomObjectAttribute.java index f3f13484786..1baaf3fd2fa 100644 --- a/jans-orm/model/src/main/java/io/jans/orm/model/base/CustomObjectAttribute.java +++ b/jans-orm/model/src/main/java/io/jans/orm/model/base/CustomObjectAttribute.java @@ -92,9 +92,12 @@ public String getDisplayValue() { return values.get(0).toString(); } - StringBuilder sb = new StringBuilder(values.get(0).toString()); - for (int i = 1; i < values.size(); i++) { - sb.append(", ").append(values.get(i).toString()); + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < values.size(); i++) { + if (i > 0) { + sb.append(", "); + } + sb.append(values.get(i).toString()); } return sb.toString();