Add support for new SCIM Server Management API endpoints (#419)

auth0 · Jul 5, 2024 · 4125b95 · 4125b95
1 parent aaf54a7
commit 4125b95
Show file tree

Hide file tree

Showing 14 changed files with 2,768 additions and 1 deletion.
diff --git a/management/connection.go b/management/connection.go
@@ -157,6 +157,101 @@ type Connection struct {
 	ShowAsButton *bool `json:"show_as_button,omitempty"`
 }
 
+// SCIMConfiguration represents the SCIM configuration for a connection.
+// This struct is used primarily for enterprise connections.
+type SCIMConfiguration struct {
+	// ConnectionID is the connection's identifier.
+	ConnectionID *string `json:"connection_id,omitempty"`
+
+	// ConnectionName is the connection's name.
+	ConnectionName *string `json:"connection_name,omitempty"`
+
+	// Strategy is the connection's strategy.
+	Strategy *string `json:"strategy,omitempty"`
+
+	// TenantName is the tenant's name.
+	TenantName *string `json:"tenant_name,omitempty"`
+
+	// UserIDAttribute is the user ID attribute for generating unique user IDs.
+	// Optional. Defaults depend on the connection type (SAML, OIDC).
+	UserIDAttribute *string `json:"user_id_attribute,omitempty"`
+
+	// CreatedAt is the date and time when the SCIM configuration was created.
+	CreatedAt *string `json:"created_at,omitempty"`
+
+	// UpdatedAt is the date and time when the SCIM configuration was last updated.
+	UpdatedAt *string `json:"updated_at,omitempty"`
+
+	// Mapping is the user-provided mapping between Auth0 and SCIM fields.
+	// Optional. If not provided, defaults based on connection type.
+	Mapping *[]SCIMConfigurationMapping `json:"mapping,omitempty"`
+}
+
+// SCIMConfigurationMapping represents the mapping between Auth0 and SCIM fields.
+// This struct is used primarily for enterprise connections.
+type SCIMConfigurationMapping struct {
+	// Auth0 is the field location in the Auth0 schema.
+	Auth0 *string `json:"auth0,omitempty"`
+
+	// SCIM is the field location in the SCIM schema.
+	SCIM *string `json:"scim,omitempty"`
+}
+
+// MarshalJSON implements the json.Marshaler interface.
+func (sc *SCIMConfiguration) MarshalJSON() ([]byte, error) {
+	type SCIMConfigurationSubset struct {
+		UserIDAttribute *string                     `json:"user_id_attribute,omitempty"`
+		Mapping         *[]SCIMConfigurationMapping `json:"mapping,omitempty"`
+	}
+
+	return json.Marshal(&SCIMConfigurationSubset{
+		UserIDAttribute: sc.UserIDAttribute,
+		Mapping:         sc.Mapping,
+	})
+}
+
+// SCIMTokens represents the SCIM tokens for a connection.
+// This struct is used primarily for enterprise connections.
+type SCIMTokens *[]SCIMToken
+
+// SCIMToken represents the SCIM token used by the client.
+// This struct is used primarily for enterprise connections.
+type SCIMToken struct {
+	// TokenID is the identifier associated with the token.
+	TokenID *string `json:"token_id,omitempty"`
+
+	// Token is the actual token value used for authentication.
+	Token *string `json:"token,omitempty"`
+
+	// Scopes is an array of strings representing the scopes that the token provides.
+	Scopes *[]string `json:"scopes,omitempty"`
+
+	// CreatedAt is the ISO8601 standard date string indicating when the token was created.
+	CreatedAt *string `json:"created_at,omitempty"`
+
+	// ValidUntil is the ISO8601 standard date string indicating when the token will expire.
+	ValidUntil *string `json:"valid_until,omitempty"`
+
+	// TokenLifeTime is the lifetime of the token in seconds. It must be greater than 900.
+	TokenLifeTime *int `json:"token_lifetime,omitempty"`
+
+	// LastUsedAt is the ISO8601 standard date string that says when the token was used. If never used it won’t be returned.
+	LastUsedAt *string `json:"last_used_at,omitempty"`
+}
+
+// MarshalJSON implements the json.Marshaler interface.
+func (st *SCIMToken) MarshalJSON() ([]byte, error) {
+	type SCIMTokenSubset struct {
+		Scopes        *[]string `json:"scopes,omitempty"`
+		TokenLifeTime *int      `json:"token_lifetime,omitempty"`
+	}
+
+	return json.Marshal(&SCIMTokenSubset{
+		Scopes:        st.Scopes,
+		TokenLifeTime: st.TokenLifeTime,
+	})
+}
+
 // MarshalJSON implements the json.Marshaler interface.
 func (c *Connection) MarshalJSON() ([]byte, error) {
 	type connection Connection
@@ -1346,3 +1441,88 @@ func (m *ConnectionManager) ReadByName(ctx context.Context, name string, opts ..
 	}
 	return nil, &managementError{404, "Not Found", "Connection not found"}
 }
+
+// CreateSCIMConfiguration creates a SCIM configuration for a connection by its connection ID.
+//
+// Note: This method only works with the following enterprise connections:
+//   - Authentication > Enterprise > SAML
+//   - Authentication > Enterprise > OpenID Connect
+//   - Authentication > Enterprise > Okta Workforce
+//   - Authentication > Enterprise > Microsoft Azure AD
+//
+// Parameters:
+//   - scimConfig (optional): The SCIM configuration details. Only `mapping` and `user_id_attribute` fields are used.
+//     This parameter can be passed as nil or empty.
+//
+// `mapping`: Specifies a mapping between SCIM protocol user schema and Auth0 user schema.
+// If not provided, a default mapping based on the connection type (e.g., Okta, SAML) will be used.
+//
+// `user_id_attribute`: Specifies the SCIM attribute containing the unique user identifier
+// presented in the SAML assertion or ID token during user login. If not provided, it defaults to
+// `userName` for SAML connections and `externalId` for OIDC connections.
+//
+// For more details, see: https://auth0.com/docs/api/management/v2/connections/post-scim-configuration
+func (m *ConnectionManager) CreateSCIMConfiguration(ctx context.Context, id string, scimConfig *SCIMConfiguration, opts ...RequestOption) error {
+	return m.management.Request(ctx, "POST", m.management.URI("connections", id, "scim-configuration"), scimConfig, opts...)
+}
+
+// ReadSCIMConfiguration retrieves the SCIM configuration for a connection by its connection ID.
+// This method only works with enterprise connections.
+//
+// See: https://auth0.com/docs/api/management/v2/connections/get-scim-configuration
+func (m *ConnectionManager) ReadSCIMConfiguration(ctx context.Context, id string, opts ...RequestOption) (scim *SCIMConfiguration, err error) {
+	err = m.management.Request(ctx, "GET", m.management.URI("connections", id, "scim-configuration"), &scim, opts...)
+	return
+}
+
+// UpdateSCIMConfiguration updates the SCIM configuration for a connection by its connection ID.
+// This method only works with enterprise connections.
+//
+// See: https://auth0.com/docs/api/management/v2/connections/patch-scim-configuration
+func (m *ConnectionManager) UpdateSCIMConfiguration(ctx context.Context, id string, scimConfig *SCIMConfiguration, opts ...RequestOption) error {
+	return m.management.Request(ctx, "PATCH", m.management.URI("connections", id, "scim-configuration"), scimConfig, opts...)
+}
+
+// DeleteSCIMConfiguration deletes the SCIM configuration for a connection by its connection ID.
+// This method only works with enterprise connections.
+//
+// See: https://auth0.com/docs/api/management/v2/connections/delete-scim-configuration
+func (m *ConnectionManager) DeleteSCIMConfiguration(ctx context.Context, id string, opts ...RequestOption) error {
+	return m.management.Request(ctx, "DELETE", m.management.URI("connections", id, "scim-configuration"), nil, opts...)
+}
+
+// ReadSCIMDefaultConfiguration retrieves a SCIM configuration's default mapping by its connection ID.
+// This method only works with enterprise connections.
+//
+// https://auth0.com/docs/api/management/v2/connections/get-default-mapping
+func (m *ConnectionManager) ReadSCIMDefaultConfiguration(ctx context.Context, id string, opts ...RequestOption) (scim *SCIMConfiguration, err error) {
+	err = m.management.Request(ctx, "GET", m.management.URI("connections", id, "scim-configuration", "default-mapping"), &scim, opts...)
+	return
+}
+
+// CreateSCIMToken create a SCIM token for a scim client.
+// This method only works with enterprise connections.
+//
+// See: https://auth0.com/docs/api/management/v2/connections/post-scim-token
+func (m *ConnectionManager) CreateSCIMToken(ctx context.Context, id string, scimToken *SCIMToken, opts ...RequestOption) (err error) {
+	err = m.management.Request(ctx, "POST", m.management.URI("connections", id, "scim-configuration", "tokens"), scimToken, opts...)
+	return
+}
+
+// ListSCIMToken retrieves all SCIM tokens by its connection ID.
+// This method only works with enterprise connections.
+//
+// See: https://auth0.com/docs/api/management/v2/connections/get-scim-tokens
+func (m *ConnectionManager) ListSCIMToken(ctx context.Context, id string, opts ...RequestOption) (scimTokens []*SCIMToken, err error) {
+	err = m.management.Request(ctx, "GET", m.management.URI("connections", id, "scim-configuration", "tokens"), &scimTokens, opts...)
+	return
+}
+
+// DeleteSCIMToken deletes a SCIM token by its connection ID and token id.
+// This method only works with enterprise connections.
+//
+// See: https://auth0.com/docs/api/management/v2/connections/delete-scim-token
+func (m *ConnectionManager) DeleteSCIMToken(ctx context.Context, id, tokenID string, opts ...RequestOption) (err error) {
+	err = m.management.Request(ctx, "DELETE", m.management.URI("connections", id, "scim-configuration", "tokens", tokenID), nil, opts...)
+	return
+}