sdk: Updates SDKs to implement list group capabilities

UPGRADE.md

@@ -52,6 +52,15 @@ before finalizing the upgrade process.
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
+## 0.11.0
+
+This release has a minor breaking change in the experimental Warden Group SDK: 
+`FindGroupsByMember(member string) ([]swagger.Group, *swagger.APIResponse, error)` is now
+`ListGroups(member string, limit, offset int64) ([]swagger.Group, *swagger.APIResponse, error)`.
+The change has to be applied in a similar fashion to other SDKs generated using swagger.
+
+Leave the `member` parameter empty to list all groups, and add it to filter groups by member id.
+
 ## 0.10.0
 
 This release has several major improvements, and some breaking changes. It focuses on cryptographic security

sdk/go/hydra/sdk_api.go

@@ -126,7 +126,7 @@ type WardenAPI interface {
 	DeleteGroup(id string) (*swagger.APIResponse, error)
 	DoesWardenAllowAccessRequest(body swagger.WardenAccessRequest) (*swagger.WardenAccessRequestResponse, *swagger.APIResponse, error)
 	DoesWardenAllowTokenAccessRequest(body swagger.WardenTokenAccessRequest) (*swagger.WardenTokenAccessRequestResponse, *swagger.APIResponse, error)
-	FindGroupsByMember(member string) ([]swagger.Group, *swagger.APIResponse, error)
+	ListGroups(member string, limit, offset int64) ([]swagger.Group, *swagger.APIResponse, error)
 	GetGroup(id string) (*swagger.Group, *swagger.APIResponse, error)
 	RemoveMembersFromGroup(id string, body swagger.GroupMembers) (*swagger.APIResponse, error)
 }

sdk/go/hydra/swagger/README.md

@@ -56,8 +56,8 @@ Class | Method | HTTP request | Description
 *WardenApi* | [**DeleteGroup**](docs/WardenApi.md#deletegroup) | **Delete** /warden/groups/{id} | Delete a group by id
 *WardenApi* | [**DoesWardenAllowAccessRequest**](docs/WardenApi.md#doeswardenallowaccessrequest) | **Post** /warden/allowed | Check if an access request is valid (without providing an access token)
 *WardenApi* | [**DoesWardenAllowTokenAccessRequest**](docs/WardenApi.md#doeswardenallowtokenaccessrequest) | **Post** /warden/token/allowed | Check if an access request is valid (providing an access token)
-*WardenApi* | [**FindGroupsByMember**](docs/WardenApi.md#findgroupsbymember) | **Get** /warden/groups | Find groups by member
 *WardenApi* | [**GetGroup**](docs/WardenApi.md#getgroup) | **Get** /warden/groups/{id} | Get a group by id
+*WardenApi* | [**ListGroups**](docs/WardenApi.md#listgroups) | **Get** /warden/groups | List groups
 *WardenApi* | [**RemoveMembersFromGroup**](docs/WardenApi.md#removemembersfromgroup) | **Delete** /warden/groups/{id}/members | Remove members from a group
 
 

sdk/go/hydra/swagger/consent_request.go

@@ -10,23 +10,24 @@
 
 package swagger
 
+import (
+	"time"
+)
+
 type ConsentRequest struct {
 
 	// ClientID is the client id that initiated the OAuth2 request.
 	ClientId string `json:"clientId,omitempty"`
 
+	// ExpiresAt is the time where the access request will expire.
+	ExpiresAt time.Time `json:"expiresAt,omitempty"`
+
 	// ID is the id of this consent request.
 	Id string `json:"id,omitempty"`
 
 	// Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected.
 	RedirectUrl string `json:"redirectUrl,omitempty"`
 
-	RequestedAcr []string `json:"requestedAcr,omitempty"`
-
-	RequestedMaxAge int64 `json:"requestedMaxAge,omitempty"`
-
-	RequestedPrompt string `json:"requestedPrompt,omitempty"`
-
 	// RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator.
 	RequestedScopes []string `json:"requestedScopes,omitempty"`
 }

sdk/go/hydra/swagger/consent_request_acceptance.go

@@ -15,18 +15,12 @@ type ConsentRequestAcceptance struct {
 	// AccessTokenExtra represents arbitrary data that will be added to the access token and that will be returned on introspection and warden requests.
 	AccessTokenExtra map[string]interface{} `json:"accessTokenExtra,omitempty"`
 
-	// AuthTime is the time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
-	AuthTime int64 `json:"authTime,omitempty"`
-
 	// A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request.
 	GrantScopes []string `json:"grantScopes,omitempty"`
 
 	// IDTokenExtra represents arbitrary data that will be added to the ID token. The ID token will only be issued if the user agrees to it and if the client requested an ID token.
 	IdTokenExtra map[string]interface{} `json:"idTokenExtra,omitempty"`
 
-	// ProvidedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1.  In summary ISO/IEC 29115 defines four levels, broadly summarized as follows.  acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification.
-	ProvidedAcr string `json:"providedAcr,omitempty"`
-
 	// Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the OAuth2 request.
 	Subject string `json:"subject,omitempty"`
 }

sdk/go/hydra/swagger/consent_request_rejection.go

@@ -12,9 +12,6 @@ package swagger
 
 type ConsentRequestRejection struct {
 
-	// Error can be used to return an OpenID Connect or OAuth 2.0 error to the OAuth 2.0 client, such as login_required, interaction_required, consent_required.
-	Error_ string `json:"error,omitempty"`
-
 	// Reason represents the reason why the user rejected the consent request.
 	Reason string `json:"reason,omitempty"`
 }

sdk/go/hydra/swagger/context.go

@@ -10,6 +10,10 @@
 
 package swagger
 
+import (
+	"time"
+)
+
 // Context contains an access token's session data
 type Context struct {
 
@@ -19,9 +23,15 @@ type Context struct {
 	// ClientID is id of the client the token was issued for..
 	ClientId string `json:"clientId,omitempty"`
 
+	// ExpiresAt is the expiry timestamp.
+	ExpiresAt time.Time `json:"expiresAt,omitempty"`
+
 	// GrantedScopes is a list of scopes that the subject authorized when asked for consent.
 	GrantedScopes []string `json:"grantedScopes,omitempty"`
 
+	// IssuedAt is the token creation time stamp.
+	IssuedAt time.Time `json:"issuedAt,omitempty"`
+
 	// Issuer is the id of the issuer, typically an hydra instance.
 	Issuer string `json:"issuer,omitempty"`
 

sdk/go/hydra/swagger/docs/ConsentRequest.md

@@ -4,11 +4,9 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **ClientId** | **string** | ClientID is the client id that initiated the OAuth2 request. | [optional] [default to null]
+**ExpiresAt** | [**time.Time**](time.Time.md) | ExpiresAt is the time where the access request will expire. | [optional] [default to null]
 **Id** | **string** | ID is the id of this consent request. | [optional] [default to null]
 **RedirectUrl** | **string** | Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] [default to null]
-**RequestedAcr** | **[]string** |  | [optional] [default to null]
-**RequestedMaxAge** | **int64** |  | [optional] [default to null]
-**RequestedPrompt** | **string** |  | [optional] [default to null]
 **RequestedScopes** | **[]string** | RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. | [optional] [default to null]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

sdk/go/hydra/swagger/docs/ConsentRequestAcceptance.md

@@ -4,10 +4,8 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **AccessTokenExtra** | [**map[string]interface{}**](interface{}.md) | AccessTokenExtra represents arbitrary data that will be added to the access token and that will be returned on introspection and warden requests. | [optional] [default to null]
-**AuthTime** | **int64** | AuthTime is the time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. | [optional] [default to null]
 **GrantScopes** | **[]string** | A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request. | [optional] [default to null]
 **IdTokenExtra** | [**map[string]interface{}**](interface{}.md) | IDTokenExtra represents arbitrary data that will be added to the ID token. The ID token will only be issued if the user agrees to it and if the client requested an ID token. | [optional] [default to null]
-**ProvidedAcr** | **string** | ProvidedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1.  In summary ISO/IEC 29115 defines four levels, broadly summarized as follows.  acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. | [optional] [default to null]
 **Subject** | **string** | Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the OAuth2 request. | [optional] [default to null]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

sdk/go/hydra/swagger/docs/ConsentRequestRejection.md

@@ -3,7 +3,6 @@
 ## Properties
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Error_** | **string** | Error can be used to return an OpenID Connect or OAuth 2.0 error to the OAuth 2.0 client, such as login_required, interaction_required, consent_required. | [optional] [default to null]
 **Reason** | **string** | Reason represents the reason why the user rejected the consent request. | [optional] [default to null]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

sdk/go/hydra/swagger/docs/Context.md

@@ -5,7 +5,9 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **AccessTokenExtra** | [**map[string]interface{}**](interface{}.md) | Extra represents arbitrary session data. | [optional] [default to null]
 **ClientId** | **string** | ClientID is id of the client the token was issued for.. | [optional] [default to null]
+**ExpiresAt** | [**time.Time**](time.Time.md) | ExpiresAt is the expiry timestamp. | [optional] [default to null]
 **GrantedScopes** | **[]string** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] [default to null]
+**IssuedAt** | [**time.Time**](time.Time.md) | IssuedAt is the token creation time stamp. | [optional] [default to null]
 **Issuer** | **string** | Issuer is the id of the issuer, typically an hydra instance. | [optional] [default to null]
 **Subject** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null]
 

sdk/go/hydra/swagger/docs/OAuth2consentRequest.md

@@ -6,10 +6,7 @@ Name | Type | Description | Notes
 **ClientId** | **string** | ClientID is the client id that initiated the OAuth2 request. | [optional] [default to null]
 **ExpiresAt** | **string** | ExpiresAt is the time where the access request will expire. | [optional] [default to null]
 **Id** | **string** | ID is the id of this consent request. | [optional] [default to null]
-**RedirectUrl** | **string** | RedirectURL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] [default to null]
-**RequestedAcr** | **[]string** | RequestedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1.  In summary ISO/IEC 29115 defines four levels, broadly summarized as follows.  acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. | [optional] [default to null]
-**RequestedMaxAge** | **int64** | MaxAge specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. | [optional] [default to null]
-**RequestedPrompt** | **string** | Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are:  none: The consent app MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required. This can be used as a method to check for existing authentication and/or consent. login: The consent app SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required. consent: The consent app SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required. select_account: The consent app SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required.  The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request. If this parameter contains none with any other value, an error is returned. | [optional] [default to null]
+**RedirectUrl** | **string** | Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] [default to null]
 **RequestedScopes** | **[]string** | RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. | [optional] [default to null]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)