Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Support for HRI Features #429

Merged
merged 6 commits into from
Aug 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion EXAMPLES.md
Original file line number Diff line number Diff line change
Expand Up @@ -193,4 +193,27 @@ if err != nil {
log.Fatalf("error was %+v", err)
}
log.Printf("User %s", user.GetOurCustomID())
```
```

To handle nullable fields, create a custom struct without the omitempty tag and set it to null using a custom request.

```go
// Define a custom struct similar to the `Tenant` struct exposed by the SDK but without the `omitempty` tag.
type CustomTenant struct {
AcrValuesSupported *[]string `json:"acr_values_supported"`
MTLS *management.MTLSConfiguration `json:"mtls"`
}

// Create a custom request to set the nullable fields to null.
nullableTenantSettings := &CustomTenant{
AcrValuesSupported: nil,
MTLS: nil,
}

err := auth0API.Request(context.Background(), http.MethodPatch, auth0API.URI("tenants", "settings"), nullableTenantSettings)
if err != nil {
log.Fatalf("error was %+v", err)
}

log.Printf("Tenant %+v", tenant)
```
98 changes: 97 additions & 1 deletion management/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,75 @@ type Client struct {

// URLs that are valid to call back from Auth0 for OIDC logout.
OIDCLogout *OIDCLogout `json:"oidc_logout,omitempty"`

// SignedRequestObject JWT-secured Authorization Requests (JAR) settings for the client.
SignedRequestObject *SignedRequestObject `json:"signed_request_object,omitempty"`

// ComplianceLevel Defines the compliance level for this client, which may restrict it's capabilities
//
// To unset values (set to null), use a PATCH request like this:
//
// PATCH /api/v2/clients/{id}
//
// {
// "compliance_level": null
// }
//
// For more details on making custom requests, refer to the Auth0 Go SDK examples:
// https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct
ComplianceLevel *string `json:"compliance_level,omitempty"`

// RequireProofOfPossession Makes the use of Proof-of-Possession mandatory for this client (default: false).
RequireProofOfPossession *bool `json:"require_proof_of_possession,omitempty"`
}

// SignedRequestObject is used to configure JWT-secured Authorization Requests (JAR) settings for our Client.
type SignedRequestObject struct {
// Indicates whether the JAR requests are mandatory
Required *bool `json:"required,omitempty"`

// Credentials used to sign the JAR requests
Credentials *[]Credential `json:"credentials,omitempty"`
}

// CleanForPatch removes unnecessary fields from the client object before patching.
func (c *Client) CleanForPatch() {
if c.SignedRequestObject != nil && c.SignedRequestObject.Credentials != nil {
var credentials []Credential
for _, cred := range *c.SignedRequestObject.Credentials {
if cred.ID != nil && *cred.ID != "" {
credentials = append(credentials, Credential{ID: cred.ID})
}
}
c.SignedRequestObject.Credentials = &credentials
}
if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.TLSClientAuth != nil && c.ClientAuthenticationMethods.TLSClientAuth.Credentials != nil {
var credentials []Credential
for _, cred := range *c.ClientAuthenticationMethods.TLSClientAuth.Credentials {
if cred.ID != nil && *cred.ID != "" {
credentials = append(credentials, Credential{ID: cred.ID})
}
}
c.ClientAuthenticationMethods.TLSClientAuth.Credentials = &credentials
}
if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.SelfSignedTLSClientAuth != nil && c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials != nil {
var credentials []Credential
for _, cred := range *c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials {
if cred.ID != nil && *cred.ID != "" {
credentials = append(credentials, Credential{ID: cred.ID})
}
}
c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials = &credentials
}
if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.PrivateKeyJWT != nil && c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials != nil {
var credentials []Credential
for _, cred := range *c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials {
if cred.ID != nil && *cred.ID != "" {
credentials = append(credentials, Credential{ID: cred.ID})
}
}
c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials = &credentials
}
}

// ClientJWTConfiguration is used to configure JWT settings for our Client.
Expand All @@ -131,7 +200,7 @@ type ClientJWTConfiguration struct {

Scopes *map[string]string `json:"scopes,omitempty"`

// Algorithm used to sign JWTs. Can be "HS256" or "RS256"
// Algorithm used to sign JWTs. Can be `HS256` or `RS256`. `PS256` available via addon"
Algorithm *string `json:"alg,omitempty"`
}

Expand Down Expand Up @@ -215,11 +284,37 @@ type Credential struct {
UpdatedAt *time.Time `json:"updated_at,omitempty"`
// The time that this credential will expire.
ExpiresAt *time.Time `json:"expires_at,omitempty"`
// Subject Distinguished Name. Mutually exclusive with `pem` property.
SubjectDN *string `json:"subject_dn,omitempty"`
// The SHA256 thumbprint of the x509_cert certificate.
ThumbprintSHA256 *string `json:"thumbprint_sha256,omitempty"`
}

// ClientAuthenticationMethods defines client authentication method settings for the client.
type ClientAuthenticationMethods struct {
PrivateKeyJWT *PrivateKeyJWT `json:"private_key_jwt,omitempty"`

// TLSClientAuth defines the `tls_client_auth` client authentication method settings for the client.
// If the property is defined, the client is configured to use CA-based mTLS authentication method
TLSClientAuth *TLSClientAuth `json:"tls_client_auth,omitempty"`

// SelfSignedTLSClientAuth defines the `self_signed_tls_client_auth` client authentication method settings for the client.
// If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate
SelfSignedTLSClientAuth *SelfSignedTLSClientAuth `json:"self_signed_tls_client_auth,omitempty"`
}

// TLSClientAuth defines the `tls_client_auth` client authentication method settings for the client.
type TLSClientAuth struct {
// Fully defined credentials that will be enabled on the client for CA-based mTLS authentication.
// A list of unique and previously created credential IDs enabled on the client for CA-based mTLS authentication.
Credentials *[]Credential `json:"credentials,omitempty"`
}

// SelfSignedTLSClientAuth defines the `self_signed_tls_client_auth` client authentication method settings for the client.
type SelfSignedTLSClientAuth struct {
// Fully defined credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificate.
// A list of unique and previously created credential IDs enabled on the client for mTLS authentication utilizing self-signed certificate.
Credentials *[]Credential `json:"credentials,omitempty"`
}

// PrivateKeyJWT defines the `private_key_jwt` client authentication method settings for the client.
Expand Down Expand Up @@ -560,6 +655,7 @@ func (m *ClientManager) List(ctx context.Context, opts ...RequestOption) (c *Cli
//
// See: https://auth0.com/docs/api/management/v2#!/Clients/patch_clients_by_id
func (m *ClientManager) Update(ctx context.Context, id string, c *Client, opts ...RequestOption) (err error) {
c.CleanForPatch()
return m.management.Request(ctx, "PATCH", m.management.URI("clients", id), c, opts...)
}

Expand Down
Loading