From 3084a4762014c56e4f8a48c4f4462d1cc5da7d12 Mon Sep 17 00:00:00 2001 From: arekkas Date: Mon, 8 Jan 2018 14:22:50 +0100 Subject: [PATCH] sdk: Updates SDKs to implement list group capabilities --- UPGRADE.md | 9 +++ sdk/go/hydra/sdk_api.go | 2 +- sdk/go/hydra/swagger/README.md | 2 +- sdk/go/hydra/swagger/consent_request.go | 13 ++-- .../swagger/consent_request_acceptance.go | 6 -- .../swagger/consent_request_rejection.go | 3 - sdk/go/hydra/swagger/context.go | 10 +++ sdk/go/hydra/swagger/docs/ConsentRequest.md | 4 +- .../swagger/docs/ConsentRequestAcceptance.md | 2 - .../swagger/docs/ConsentRequestRejection.md | 1 - sdk/go/hydra/swagger/docs/Context.md | 2 + .../swagger/docs/OAuth2consentRequest.md | 5 +- sdk/go/hydra/swagger/docs/WardenApi.md | 28 +++---- .../hydra/swagger/o_auth2_consent_request.go | 11 +-- sdk/go/hydra/swagger/warden_api.go | 48 ++++++------ sdk/js/swagger/README.md | 2 +- sdk/js/swagger/docs/ConsentRequest.md | 4 +- .../swagger/docs/ConsentRequestAcceptance.md | 2 - .../swagger/docs/ConsentRequestRejection.md | 1 - sdk/js/swagger/docs/Context.md | 2 + sdk/js/swagger/docs/OAuth2consentRequest.md | 5 +- sdk/js/swagger/docs/WardenApi.md | 45 ++++++----- sdk/js/swagger/src/api/WardenApi.js | 75 +++++++++---------- sdk/js/swagger/src/model/ConsentRequest.js | 37 ++------- .../src/model/ConsentRequestAcceptance.js | 19 ----- .../src/model/ConsentRequestRejection.js | 8 -- sdk/js/swagger/src/model/Context.js | 16 ++++ .../swagger/src/model/OAuth2ConsentRequest.js | 34 +-------- 28 files changed, 166 insertions(+), 230 deletions(-) diff --git a/UPGRADE.md b/UPGRADE.md index f6b1233f99c..156fb6dc650 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -52,6 +52,15 @@ before finalizing the upgrade process. +## 0.11.0 + +This release has a minor breaking change in the experimental Warden Group SDK: +`FindGroupsByMember(member string) ([]swagger.Group, *swagger.APIResponse, error)` is now +`ListGroups(member string, limit, offset int64) ([]swagger.Group, *swagger.APIResponse, error)`. +The change has to be applied in a similar fashion to other SDKs generated using swagger. + +Leave the `member` parameter empty to list all groups, and add it to filter groups by member id. + ## 0.10.0 This release has several major improvements, and some breaking changes. It focuses on cryptographic security diff --git a/sdk/go/hydra/sdk_api.go b/sdk/go/hydra/sdk_api.go index 6dbb998584c..8760f20a67d 100644 --- a/sdk/go/hydra/sdk_api.go +++ b/sdk/go/hydra/sdk_api.go @@ -126,7 +126,7 @@ type WardenAPI interface { DeleteGroup(id string) (*swagger.APIResponse, error) DoesWardenAllowAccessRequest(body swagger.WardenAccessRequest) (*swagger.WardenAccessRequestResponse, *swagger.APIResponse, error) DoesWardenAllowTokenAccessRequest(body swagger.WardenTokenAccessRequest) (*swagger.WardenTokenAccessRequestResponse, *swagger.APIResponse, error) - FindGroupsByMember(member string) ([]swagger.Group, *swagger.APIResponse, error) + ListGroups(member string, limit, offset int64) ([]swagger.Group, *swagger.APIResponse, error) GetGroup(id string) (*swagger.Group, *swagger.APIResponse, error) RemoveMembersFromGroup(id string, body swagger.GroupMembers) (*swagger.APIResponse, error) } diff --git a/sdk/go/hydra/swagger/README.md b/sdk/go/hydra/swagger/README.md index 6a37c5fdbe4..71af573c691 100644 --- a/sdk/go/hydra/swagger/README.md +++ b/sdk/go/hydra/swagger/README.md @@ -56,8 +56,8 @@ Class | Method | HTTP request | Description *WardenApi* | [**DeleteGroup**](docs/WardenApi.md#deletegroup) | **Delete** /warden/groups/{id} | Delete a group by id *WardenApi* | [**DoesWardenAllowAccessRequest**](docs/WardenApi.md#doeswardenallowaccessrequest) | **Post** /warden/allowed | Check if an access request is valid (without providing an access token) *WardenApi* | [**DoesWardenAllowTokenAccessRequest**](docs/WardenApi.md#doeswardenallowtokenaccessrequest) | **Post** /warden/token/allowed | Check if an access request is valid (providing an access token) -*WardenApi* | [**FindGroupsByMember**](docs/WardenApi.md#findgroupsbymember) | **Get** /warden/groups | Find groups by member *WardenApi* | [**GetGroup**](docs/WardenApi.md#getgroup) | **Get** /warden/groups/{id} | Get a group by id +*WardenApi* | [**ListGroups**](docs/WardenApi.md#listgroups) | **Get** /warden/groups | List groups *WardenApi* | [**RemoveMembersFromGroup**](docs/WardenApi.md#removemembersfromgroup) | **Delete** /warden/groups/{id}/members | Remove members from a group diff --git a/sdk/go/hydra/swagger/consent_request.go b/sdk/go/hydra/swagger/consent_request.go index 349e12a18bd..333a9db8167 100644 --- a/sdk/go/hydra/swagger/consent_request.go +++ b/sdk/go/hydra/swagger/consent_request.go @@ -10,23 +10,24 @@ package swagger +import ( + "time" +) + type ConsentRequest struct { // ClientID is the client id that initiated the OAuth2 request. ClientId string `json:"clientId,omitempty"` + // ExpiresAt is the time where the access request will expire. + ExpiresAt time.Time `json:"expiresAt,omitempty"` + // ID is the id of this consent request. Id string `json:"id,omitempty"` // Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. RedirectUrl string `json:"redirectUrl,omitempty"` - RequestedAcr []string `json:"requestedAcr,omitempty"` - - RequestedMaxAge int64 `json:"requestedMaxAge,omitempty"` - - RequestedPrompt string `json:"requestedPrompt,omitempty"` - // RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. RequestedScopes []string `json:"requestedScopes,omitempty"` } diff --git a/sdk/go/hydra/swagger/consent_request_acceptance.go b/sdk/go/hydra/swagger/consent_request_acceptance.go index b3aa27babdf..0fab37e6688 100644 --- a/sdk/go/hydra/swagger/consent_request_acceptance.go +++ b/sdk/go/hydra/swagger/consent_request_acceptance.go @@ -15,18 +15,12 @@ type ConsentRequestAcceptance struct { // AccessTokenExtra represents arbitrary data that will be added to the access token and that will be returned on introspection and warden requests. AccessTokenExtra map[string]interface{} `json:"accessTokenExtra,omitempty"` - // AuthTime is the time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. - AuthTime int64 `json:"authTime,omitempty"` - // A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request. GrantScopes []string `json:"grantScopes,omitempty"` // IDTokenExtra represents arbitrary data that will be added to the ID token. The ID token will only be issued if the user agrees to it and if the client requested an ID token. IdTokenExtra map[string]interface{} `json:"idTokenExtra,omitempty"` - // ProvidedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. - ProvidedAcr string `json:"providedAcr,omitempty"` - // Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the OAuth2 request. Subject string `json:"subject,omitempty"` } diff --git a/sdk/go/hydra/swagger/consent_request_rejection.go b/sdk/go/hydra/swagger/consent_request_rejection.go index f5ee0af1ee5..bb464f66b9d 100644 --- a/sdk/go/hydra/swagger/consent_request_rejection.go +++ b/sdk/go/hydra/swagger/consent_request_rejection.go @@ -12,9 +12,6 @@ package swagger type ConsentRequestRejection struct { - // Error can be used to return an OpenID Connect or OAuth 2.0 error to the OAuth 2.0 client, such as login_required, interaction_required, consent_required. - Error_ string `json:"error,omitempty"` - // Reason represents the reason why the user rejected the consent request. Reason string `json:"reason,omitempty"` } diff --git a/sdk/go/hydra/swagger/context.go b/sdk/go/hydra/swagger/context.go index e447f383d2c..2cb6654df3e 100644 --- a/sdk/go/hydra/swagger/context.go +++ b/sdk/go/hydra/swagger/context.go @@ -10,6 +10,10 @@ package swagger +import ( + "time" +) + // Context contains an access token's session data type Context struct { @@ -19,9 +23,15 @@ type Context struct { // ClientID is id of the client the token was issued for.. ClientId string `json:"clientId,omitempty"` + // ExpiresAt is the expiry timestamp. + ExpiresAt time.Time `json:"expiresAt,omitempty"` + // GrantedScopes is a list of scopes that the subject authorized when asked for consent. GrantedScopes []string `json:"grantedScopes,omitempty"` + // IssuedAt is the token creation time stamp. + IssuedAt time.Time `json:"issuedAt,omitempty"` + // Issuer is the id of the issuer, typically an hydra instance. Issuer string `json:"issuer,omitempty"` diff --git a/sdk/go/hydra/swagger/docs/ConsentRequest.md b/sdk/go/hydra/swagger/docs/ConsentRequest.md index e0017fbd212..6db855d26e3 100644 --- a/sdk/go/hydra/swagger/docs/ConsentRequest.md +++ b/sdk/go/hydra/swagger/docs/ConsentRequest.md @@ -4,11 +4,9 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **ClientId** | **string** | ClientID is the client id that initiated the OAuth2 request. | [optional] [default to null] +**ExpiresAt** | [**time.Time**](time.Time.md) | ExpiresAt is the time where the access request will expire. | [optional] [default to null] **Id** | **string** | ID is the id of this consent request. | [optional] [default to null] **RedirectUrl** | **string** | Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] [default to null] -**RequestedAcr** | **[]string** | | [optional] [default to null] -**RequestedMaxAge** | **int64** | | [optional] [default to null] -**RequestedPrompt** | **string** | | [optional] [default to null] **RequestedScopes** | **[]string** | RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. | [optional] [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/hydra/swagger/docs/ConsentRequestAcceptance.md b/sdk/go/hydra/swagger/docs/ConsentRequestAcceptance.md index 337f96dc4fc..7226d7802cc 100644 --- a/sdk/go/hydra/swagger/docs/ConsentRequestAcceptance.md +++ b/sdk/go/hydra/swagger/docs/ConsentRequestAcceptance.md @@ -4,10 +4,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **AccessTokenExtra** | [**map[string]interface{}**](interface{}.md) | AccessTokenExtra represents arbitrary data that will be added to the access token and that will be returned on introspection and warden requests. | [optional] [default to null] -**AuthTime** | **int64** | AuthTime is the time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. | [optional] [default to null] **GrantScopes** | **[]string** | A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request. | [optional] [default to null] **IdTokenExtra** | [**map[string]interface{}**](interface{}.md) | IDTokenExtra represents arbitrary data that will be added to the ID token. The ID token will only be issued if the user agrees to it and if the client requested an ID token. | [optional] [default to null] -**ProvidedAcr** | **string** | ProvidedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. | [optional] [default to null] **Subject** | **string** | Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the OAuth2 request. | [optional] [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/hydra/swagger/docs/ConsentRequestRejection.md b/sdk/go/hydra/swagger/docs/ConsentRequestRejection.md index a07cd0bd34c..4b245fe779a 100644 --- a/sdk/go/hydra/swagger/docs/ConsentRequestRejection.md +++ b/sdk/go/hydra/swagger/docs/ConsentRequestRejection.md @@ -3,7 +3,6 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Error_** | **string** | Error can be used to return an OpenID Connect or OAuth 2.0 error to the OAuth 2.0 client, such as login_required, interaction_required, consent_required. | [optional] [default to null] **Reason** | **string** | Reason represents the reason why the user rejected the consent request. | [optional] [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/hydra/swagger/docs/Context.md b/sdk/go/hydra/swagger/docs/Context.md index 57ca6622a2b..c86ecf381d4 100644 --- a/sdk/go/hydra/swagger/docs/Context.md +++ b/sdk/go/hydra/swagger/docs/Context.md @@ -5,7 +5,9 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **AccessTokenExtra** | [**map[string]interface{}**](interface{}.md) | Extra represents arbitrary session data. | [optional] [default to null] **ClientId** | **string** | ClientID is id of the client the token was issued for.. | [optional] [default to null] +**ExpiresAt** | [**time.Time**](time.Time.md) | ExpiresAt is the expiry timestamp. | [optional] [default to null] **GrantedScopes** | **[]string** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] [default to null] +**IssuedAt** | [**time.Time**](time.Time.md) | IssuedAt is the token creation time stamp. | [optional] [default to null] **Issuer** | **string** | Issuer is the id of the issuer, typically an hydra instance. | [optional] [default to null] **Subject** | **string** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] [default to null] diff --git a/sdk/go/hydra/swagger/docs/OAuth2consentRequest.md b/sdk/go/hydra/swagger/docs/OAuth2consentRequest.md index acc37dfe996..faa4a7aac1d 100644 --- a/sdk/go/hydra/swagger/docs/OAuth2consentRequest.md +++ b/sdk/go/hydra/swagger/docs/OAuth2consentRequest.md @@ -6,10 +6,7 @@ Name | Type | Description | Notes **ClientId** | **string** | ClientID is the client id that initiated the OAuth2 request. | [optional] [default to null] **ExpiresAt** | **string** | ExpiresAt is the time where the access request will expire. | [optional] [default to null] **Id** | **string** | ID is the id of this consent request. | [optional] [default to null] -**RedirectUrl** | **string** | RedirectURL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] [default to null] -**RequestedAcr** | **[]string** | RequestedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. | [optional] [default to null] -**RequestedMaxAge** | **int64** | MaxAge specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. | [optional] [default to null] -**RequestedPrompt** | **string** | Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none: The consent app MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required. This can be used as a method to check for existing authentication and/or consent. login: The consent app SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required. consent: The consent app SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required. select_account: The consent app SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required. The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request. If this parameter contains none with any other value, an error is returned. | [optional] [default to null] +**RedirectUrl** | **string** | Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] [default to null] **RequestedScopes** | **[]string** | RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. | [optional] [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/hydra/swagger/docs/WardenApi.md b/sdk/go/hydra/swagger/docs/WardenApi.md index f45f69a3f6f..0b89bd4dd10 100644 --- a/sdk/go/hydra/swagger/docs/WardenApi.md +++ b/sdk/go/hydra/swagger/docs/WardenApi.md @@ -9,8 +9,8 @@ Method | HTTP request | Description [**DeleteGroup**](WardenApi.md#DeleteGroup) | **Delete** /warden/groups/{id} | Delete a group by id [**DoesWardenAllowAccessRequest**](WardenApi.md#DoesWardenAllowAccessRequest) | **Post** /warden/allowed | Check if an access request is valid (without providing an access token) [**DoesWardenAllowTokenAccessRequest**](WardenApi.md#DoesWardenAllowTokenAccessRequest) | **Post** /warden/token/allowed | Check if an access request is valid (providing an access token) -[**FindGroupsByMember**](WardenApi.md#FindGroupsByMember) | **Get** /warden/groups | Find groups by member [**GetGroup**](WardenApi.md#GetGroup) | **Get** /warden/groups/{id} | Get a group by id +[**ListGroups**](WardenApi.md#ListGroups) | **Get** /warden/groups | List groups [**RemoveMembersFromGroup**](WardenApi.md#RemoveMembersFromGroup) | **Delete** /warden/groups/{id}/members | Remove members from a group @@ -160,23 +160,23 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) -# **FindGroupsByMember** -> []Group FindGroupsByMember($member) +# **GetGroup** +> Group GetGroup($id) -Find groups by member +Get a group by id -The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` +The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` ### Parameters Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **member** | **string**| The id of the member to look up. | + **id** | **string**| The id of the group to look up. | ### Return type -[**[]Group**](group.md) +[**Group**](group.md) ### Authorization @@ -189,23 +189,25 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) -# **GetGroup** -> Group GetGroup($id) +# **ListGroups** +> []Group ListGroups($member, $limit, $offset) -Get a group by id +List groups -The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` +The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` ### Parameters Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **id** | **string**| The id of the group to look up. | + **member** | **string**| The id of the member to look up. | [optional] + **limit** | **int64**| The maximum amount of policies returned. | [optional] + **offset** | **int64**| The offset from where to start looking. | [optional] ### Return type -[**Group**](group.md) +[**[]Group**](group.md) ### Authorization diff --git a/sdk/go/hydra/swagger/o_auth2_consent_request.go b/sdk/go/hydra/swagger/o_auth2_consent_request.go index b48450eb624..d078b0c4d40 100644 --- a/sdk/go/hydra/swagger/o_auth2_consent_request.go +++ b/sdk/go/hydra/swagger/o_auth2_consent_request.go @@ -21,18 +21,9 @@ type OAuth2ConsentRequest struct { // ID is the id of this consent request. Id string `json:"id,omitempty"` - // RedirectURL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. + // Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. RedirectUrl string `json:"redirectUrl,omitempty"` - // RequestedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. - RequestedAcr []string `json:"requestedAcr,omitempty"` - - // RequestedMaxAge specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. - RequestedMaxAge int64 `json:"requestedMaxAge,omitempty"` - - // Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none: The consent app MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required. This can be used as a method to check for existing authentication and/or consent. login: The consent app SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required. consent: The consent app SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required. select_account: The consent app SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required. The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request. If this parameter contains none with any other value, an error is returned. - RequestedPrompt string `json:"requestedPrompt,omitempty"` - // RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. RequestedScopes []string `json:"requestedScopes,omitempty"` } diff --git a/sdk/go/hydra/swagger/warden_api.go b/sdk/go/hydra/swagger/warden_api.go index e61fd780663..c760bab1117 100644 --- a/sdk/go/hydra/swagger/warden_api.go +++ b/sdk/go/hydra/swagger/warden_api.go @@ -370,17 +370,18 @@ func (a WardenApi) DoesWardenAllowTokenAccessRequest(body WardenTokenAccessReque } /** - * Find groups by member - * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` + * Get a group by id + * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` * - * @param member The id of the member to look up. - * @return []Group + * @param id The id of the group to look up. + * @return *Group */ -func (a WardenApi) FindGroupsByMember(member string) ([]Group, *APIResponse, error) { +func (a WardenApi) GetGroup(id string) (*Group, *APIResponse, error) { var localVarHttpMethod = strings.ToUpper("Get") // create path and map variables - localVarPath := a.Configuration.BasePath + "/warden/groups" + localVarPath := a.Configuration.BasePath + "/warden/groups/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) localVarHeaderParams := make(map[string]string) localVarQueryParams := url.Values{} @@ -397,7 +398,6 @@ func (a WardenApi) FindGroupsByMember(member string) ([]Group, *APIResponse, err for key := range a.Configuration.DefaultHeader { localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] } - localVarQueryParams.Add("member", a.Configuration.APIClient.ParameterToString(member, "")) // to determine the Content-Type header localVarHttpContentTypes := []string{"application/json"} @@ -417,37 +417,38 @@ func (a WardenApi) FindGroupsByMember(member string) ([]Group, *APIResponse, err if localVarHttpHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHttpHeaderAccept } - var successPayload = new([]Group) + var successPayload = new(Group) localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) var localVarURL, _ = url.Parse(localVarPath) localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "FindGroupsByMember", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + var localVarAPIResponse = &APIResponse{Operation: "GetGroup", Method: localVarHttpMethod, RequestURL: localVarURL.String()} if localVarHttpResponse != nil { localVarAPIResponse.Response = localVarHttpResponse.RawResponse localVarAPIResponse.Payload = localVarHttpResponse.Body() } if err != nil { - return *successPayload, localVarAPIResponse, err + return successPayload, localVarAPIResponse, err } err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return *successPayload, localVarAPIResponse, err + return successPayload, localVarAPIResponse, err } /** - * Get a group by id - * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` + * List groups + * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` * - * @param id The id of the group to look up. - * @return *Group + * @param member The id of the member to look up. + * @param limit The maximum amount of policies returned. + * @param offset The offset from where to start looking. + * @return []Group */ -func (a WardenApi) GetGroup(id string) (*Group, *APIResponse, error) { +func (a WardenApi) ListGroups(member string, limit int64, offset int64) ([]Group, *APIResponse, error) { var localVarHttpMethod = strings.ToUpper("Get") // create path and map variables - localVarPath := a.Configuration.BasePath + "/warden/groups/{id}" - localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", fmt.Sprintf("%v", id), -1) + localVarPath := a.Configuration.BasePath + "/warden/groups" localVarHeaderParams := make(map[string]string) localVarQueryParams := url.Values{} @@ -464,6 +465,9 @@ func (a WardenApi) GetGroup(id string) (*Group, *APIResponse, error) { for key := range a.Configuration.DefaultHeader { localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] } + localVarQueryParams.Add("member", a.Configuration.APIClient.ParameterToString(member, "")) + localVarQueryParams.Add("limit", a.Configuration.APIClient.ParameterToString(limit, "")) + localVarQueryParams.Add("offset", a.Configuration.APIClient.ParameterToString(offset, "")) // to determine the Content-Type header localVarHttpContentTypes := []string{"application/json"} @@ -483,22 +487,22 @@ func (a WardenApi) GetGroup(id string) (*Group, *APIResponse, error) { if localVarHttpHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHttpHeaderAccept } - var successPayload = new(Group) + var successPayload = new([]Group) localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) var localVarURL, _ = url.Parse(localVarPath) localVarURL.RawQuery = localVarQueryParams.Encode() - var localVarAPIResponse = &APIResponse{Operation: "GetGroup", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + var localVarAPIResponse = &APIResponse{Operation: "ListGroups", Method: localVarHttpMethod, RequestURL: localVarURL.String()} if localVarHttpResponse != nil { localVarAPIResponse.Response = localVarHttpResponse.RawResponse localVarAPIResponse.Payload = localVarHttpResponse.Body() } if err != nil { - return successPayload, localVarAPIResponse, err + return *successPayload, localVarAPIResponse, err } err = json.Unmarshal(localVarHttpResponse.Body(), &successPayload) - return successPayload, localVarAPIResponse, err + return *successPayload, localVarAPIResponse, err } /** diff --git a/sdk/js/swagger/README.md b/sdk/js/swagger/README.md index b145e84c86d..8f7dc6aa93f 100644 --- a/sdk/js/swagger/README.md +++ b/sdk/js/swagger/README.md @@ -155,8 +155,8 @@ Class | Method | HTTP request | Description *HydraOAuth2OpenIdConnectServer.WardenApi* | [**deleteGroup**](docs/WardenApi.md#deleteGroup) | **DELETE** /warden/groups/{id} | Delete a group by id *HydraOAuth2OpenIdConnectServer.WardenApi* | [**doesWardenAllowAccessRequest**](docs/WardenApi.md#doesWardenAllowAccessRequest) | **POST** /warden/allowed | Check if an access request is valid (without providing an access token) *HydraOAuth2OpenIdConnectServer.WardenApi* | [**doesWardenAllowTokenAccessRequest**](docs/WardenApi.md#doesWardenAllowTokenAccessRequest) | **POST** /warden/token/allowed | Check if an access request is valid (providing an access token) -*HydraOAuth2OpenIdConnectServer.WardenApi* | [**findGroupsByMember**](docs/WardenApi.md#findGroupsByMember) | **GET** /warden/groups | Find groups by member *HydraOAuth2OpenIdConnectServer.WardenApi* | [**getGroup**](docs/WardenApi.md#getGroup) | **GET** /warden/groups/{id} | Get a group by id +*HydraOAuth2OpenIdConnectServer.WardenApi* | [**listGroups**](docs/WardenApi.md#listGroups) | **GET** /warden/groups | List groups *HydraOAuth2OpenIdConnectServer.WardenApi* | [**removeMembersFromGroup**](docs/WardenApi.md#removeMembersFromGroup) | **DELETE** /warden/groups/{id}/members | Remove members from a group diff --git a/sdk/js/swagger/docs/ConsentRequest.md b/sdk/js/swagger/docs/ConsentRequest.md index 35c3f8c7e69..6b248e778b4 100644 --- a/sdk/js/swagger/docs/ConsentRequest.md +++ b/sdk/js/swagger/docs/ConsentRequest.md @@ -4,11 +4,9 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **clientId** | **String** | ClientID is the client id that initiated the OAuth2 request. | [optional] +**expiresAt** | **Date** | ExpiresAt is the time where the access request will expire. | [optional] **id** | **String** | ID is the id of this consent request. | [optional] **redirectUrl** | **String** | Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] -**requestedAcr** | **[String]** | | [optional] -**requestedMaxAge** | **Number** | | [optional] -**requestedPrompt** | **String** | | [optional] **requestedScopes** | **[String]** | RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. | [optional] diff --git a/sdk/js/swagger/docs/ConsentRequestAcceptance.md b/sdk/js/swagger/docs/ConsentRequestAcceptance.md index 01a939f8af5..8e53bc0e108 100644 --- a/sdk/js/swagger/docs/ConsentRequestAcceptance.md +++ b/sdk/js/swagger/docs/ConsentRequestAcceptance.md @@ -4,10 +4,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **accessTokenExtra** | **{String: Object}** | AccessTokenExtra represents arbitrary data that will be added to the access token and that will be returned on introspection and warden requests. | [optional] -**authTime** | **Number** | AuthTime is the time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. | [optional] **grantScopes** | **[String]** | A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request. | [optional] **idTokenExtra** | **{String: Object}** | IDTokenExtra represents arbitrary data that will be added to the ID token. The ID token will only be issued if the user agrees to it and if the client requested an ID token. | [optional] -**providedAcr** | **String** | ProvidedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. | [optional] **subject** | **String** | Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the OAuth2 request. | [optional] diff --git a/sdk/js/swagger/docs/ConsentRequestRejection.md b/sdk/js/swagger/docs/ConsentRequestRejection.md index 68dfe70f2a6..f847951907e 100644 --- a/sdk/js/swagger/docs/ConsentRequestRejection.md +++ b/sdk/js/swagger/docs/ConsentRequestRejection.md @@ -3,7 +3,6 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**error** | **String** | Error can be used to return an OpenID Connect or OAuth 2.0 error to the OAuth 2.0 client, such as login_required, interaction_required, consent_required. | [optional] **reason** | **String** | Reason represents the reason why the user rejected the consent request. | [optional] diff --git a/sdk/js/swagger/docs/Context.md b/sdk/js/swagger/docs/Context.md index 2588d725aea..8c303729c57 100644 --- a/sdk/js/swagger/docs/Context.md +++ b/sdk/js/swagger/docs/Context.md @@ -5,7 +5,9 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **accessTokenExtra** | **{String: Object}** | Extra represents arbitrary session data. | [optional] **clientId** | **String** | ClientID is id of the client the token was issued for.. | [optional] +**expiresAt** | **Date** | ExpiresAt is the expiry timestamp. | [optional] **grantedScopes** | **[String]** | GrantedScopes is a list of scopes that the subject authorized when asked for consent. | [optional] +**issuedAt** | **Date** | IssuedAt is the token creation time stamp. | [optional] **issuer** | **String** | Issuer is the id of the issuer, typically an hydra instance. | [optional] **subject** | **String** | Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too. | [optional] diff --git a/sdk/js/swagger/docs/OAuth2consentRequest.md b/sdk/js/swagger/docs/OAuth2consentRequest.md index 8b62e99cd76..c67a830f775 100644 --- a/sdk/js/swagger/docs/OAuth2consentRequest.md +++ b/sdk/js/swagger/docs/OAuth2consentRequest.md @@ -6,10 +6,7 @@ Name | Type | Description | Notes **clientId** | **String** | ClientID is the client id that initiated the OAuth2 request. | [optional] **expiresAt** | **String** | ExpiresAt is the time where the access request will expire. | [optional] **id** | **String** | ID is the id of this consent request. | [optional] -**redirectUrl** | **String** | RedirectURL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] -**requestedAcr** | **[String]** | RequestedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. | [optional] -**requestedMaxAge** | **Number** | MaxAge specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. | [optional] -**requestedPrompt** | **String** | Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none: The consent app MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required. This can be used as a method to check for existing authentication and/or consent. login: The consent app SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required. consent: The consent app SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required. select_account: The consent app SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required. The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request. If this parameter contains none with any other value, an error is returned. | [optional] +**redirectUrl** | **String** | Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. | [optional] **requestedScopes** | **[String]** | RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. | [optional] diff --git a/sdk/js/swagger/docs/WardenApi.md b/sdk/js/swagger/docs/WardenApi.md index f8cf482d65c..acf0c0e7060 100644 --- a/sdk/js/swagger/docs/WardenApi.md +++ b/sdk/js/swagger/docs/WardenApi.md @@ -9,8 +9,8 @@ Method | HTTP request | Description [**deleteGroup**](WardenApi.md#deleteGroup) | **DELETE** /warden/groups/{id} | Delete a group by id [**doesWardenAllowAccessRequest**](WardenApi.md#doesWardenAllowAccessRequest) | **POST** /warden/allowed | Check if an access request is valid (without providing an access token) [**doesWardenAllowTokenAccessRequest**](WardenApi.md#doesWardenAllowTokenAccessRequest) | **POST** /warden/token/allowed | Check if an access request is valid (providing an access token) -[**findGroupsByMember**](WardenApi.md#findGroupsByMember) | **GET** /warden/groups | Find groups by member [**getGroup**](WardenApi.md#getGroup) | **GET** /warden/groups/{id} | Get a group by id +[**listGroups**](WardenApi.md#listGroups) | **GET** /warden/groups | List groups [**removeMembersFromGroup**](WardenApi.md#removeMembersFromGroup) | **DELETE** /warden/groups/{id}/members | Remove members from a group @@ -276,13 +276,13 @@ Name | Type | Description | Notes - **Content-Type**: application/json - **Accept**: application/json - -# **findGroupsByMember** -> [Group] findGroupsByMember(member) + +# **getGroup** +> Group getGroup(id) -Find groups by member +Get a group by id -The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` +The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` ### Example ```javascript @@ -295,7 +295,7 @@ oauth2.accessToken = 'YOUR ACCESS TOKEN'; var apiInstance = new HydraOAuth2OpenIdConnectServer.WardenApi(); -var member = "member_example"; // String | The id of the member to look up. +var id = "id_example"; // String | The id of the group to look up. var callback = function(error, data, response) { @@ -305,18 +305,18 @@ var callback = function(error, data, response) { console.log('API called successfully. Returned data: ' + data); } }; -apiInstance.findGroupsByMember(member, callback); +apiInstance.getGroup(id, callback); ``` ### Parameters Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **member** | **String**| The id of the member to look up. | + **id** | **String**| The id of the group to look up. | ### Return type -[**[Group]**](Group.md) +[**Group**](Group.md) ### Authorization @@ -327,13 +327,13 @@ Name | Type | Description | Notes - **Content-Type**: application/json - **Accept**: application/json - -# **getGroup** -> Group getGroup(id) + +# **listGroups** +> [Group] listGroups(opts) -Get a group by id +List groups -The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` +The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` ### Example ```javascript @@ -346,8 +346,11 @@ oauth2.accessToken = 'YOUR ACCESS TOKEN'; var apiInstance = new HydraOAuth2OpenIdConnectServer.WardenApi(); -var id = "id_example"; // String | The id of the group to look up. - +var opts = { + 'member': "member_example", // String | The id of the member to look up. + 'limit': 789, // Number | The maximum amount of policies returned. + 'offset': 789 // Number | The offset from where to start looking. +}; var callback = function(error, data, response) { if (error) { @@ -356,18 +359,20 @@ var callback = function(error, data, response) { console.log('API called successfully. Returned data: ' + data); } }; -apiInstance.getGroup(id, callback); +apiInstance.listGroups(opts, callback); ``` ### Parameters Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **id** | **String**| The id of the group to look up. | + **member** | **String**| The id of the member to look up. | [optional] + **limit** | **Number**| The maximum amount of policies returned. | [optional] + **offset** | **Number**| The offset from where to start looking. | [optional] ### Return type -[**Group**](Group.md) +[**[Group]**](Group.md) ### Authorization diff --git a/sdk/js/swagger/src/api/WardenApi.js b/sdk/js/swagger/src/api/WardenApi.js index 177dd77a940..1112fb757cc 100644 --- a/sdk/js/swagger/src/api/WardenApi.js +++ b/sdk/js/swagger/src/api/WardenApi.js @@ -332,44 +332,44 @@ } /** - * Callback function to receive the result of the findGroupsByMember operation. - * @callback module:api/WardenApi~findGroupsByMemberCallback + * Callback function to receive the result of the getGroup operation. + * @callback module:api/WardenApi~getGroupCallback * @param {String} error Error message, if any. - * @param {Array.} data The data returned by the service call. + * @param {module:model/Group} data The data returned by the service call. * @param {String} response The complete HTTP response. */ /** - * Find groups by member - * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` - * @param {String} member The id of the member to look up. - * @param {module:api/WardenApi~findGroupsByMemberCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link Array.} + * Get a group by id + * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` + * @param {String} id The id of the group to look up. + * @param {module:api/WardenApi~getGroupCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link module:model/Group} */ - this.findGroupsByMember = function(member, callback) { + this.getGroup = function(id, callback) { var postBody = null - // verify the required parameter 'member' is set - if (member === undefined || member === null) { + // verify the required parameter 'id' is set + if (id === undefined || id === null) { throw new Error( - "Missing the required parameter 'member' when calling findGroupsByMember" + "Missing the required parameter 'id' when calling getGroup" ) } - var pathParams = {} - var queryParams = { - member: member + var pathParams = { + id: id } + var queryParams = {} var headerParams = {} var formParams = {} var authNames = ['oauth2'] var contentTypes = ['application/json'] var accepts = ['application/json'] - var returnType = [Group] + var returnType = Group return this.apiClient.callApi( - '/warden/groups', + '/warden/groups/{id}', 'GET', pathParams, queryParams, @@ -385,44 +385,43 @@ } /** - * Callback function to receive the result of the getGroup operation. - * @callback module:api/WardenApi~getGroupCallback + * Callback function to receive the result of the listGroups operation. + * @callback module:api/WardenApi~listGroupsCallback * @param {String} error Error message, if any. - * @param {module:model/Group} data The data returned by the service call. + * @param {Array.} data The data returned by the service call. * @param {String} response The complete HTTP response. */ /** - * Get a group by id - * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` - * @param {String} id The id of the group to look up. - * @param {module:api/WardenApi~getGroupCallback} callback The callback function, accepting three arguments: error, data, response - * data is of type: {@link module:model/Group} + * List groups + * The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` + * @param {Object} opts Optional parameters + * @param {String} opts.member The id of the member to look up. + * @param {Number} opts.limit The maximum amount of policies returned. + * @param {Number} opts.offset The offset from where to start looking. + * @param {module:api/WardenApi~listGroupsCallback} callback The callback function, accepting three arguments: error, data, response + * data is of type: {@link Array.} */ - this.getGroup = function(id, callback) { + this.listGroups = function(opts, callback) { + opts = opts || {} var postBody = null - // verify the required parameter 'id' is set - if (id === undefined || id === null) { - throw new Error( - "Missing the required parameter 'id' when calling getGroup" - ) - } - - var pathParams = { - id: id + var pathParams = {} + var queryParams = { + member: opts['member'], + limit: opts['limit'], + offset: opts['offset'] } - var queryParams = {} var headerParams = {} var formParams = {} var authNames = ['oauth2'] var contentTypes = ['application/json'] var accepts = ['application/json'] - var returnType = Group + var returnType = [Group] return this.apiClient.callApi( - '/warden/groups/{id}', + '/warden/groups', 'GET', pathParams, queryParams, diff --git a/sdk/js/swagger/src/model/ConsentRequest.js b/sdk/js/swagger/src/model/ConsentRequest.js index 64d88c55b25..f26b2216f5f 100644 --- a/sdk/js/swagger/src/model/ConsentRequest.js +++ b/sdk/js/swagger/src/model/ConsentRequest.js @@ -62,6 +62,9 @@ if (data.hasOwnProperty('clientId')) { obj['clientId'] = ApiClient.convertToType(data['clientId'], 'String') } + if (data.hasOwnProperty('expiresAt')) { + obj['expiresAt'] = ApiClient.convertToType(data['expiresAt'], 'Date') + } if (data.hasOwnProperty('id')) { obj['id'] = ApiClient.convertToType(data['id'], 'String') } @@ -71,23 +74,6 @@ 'String' ) } - if (data.hasOwnProperty('requestedAcr')) { - obj['requestedAcr'] = ApiClient.convertToType(data['requestedAcr'], [ - 'String' - ]) - } - if (data.hasOwnProperty('requestedMaxAge')) { - obj['requestedMaxAge'] = ApiClient.convertToType( - data['requestedMaxAge'], - 'Number' - ) - } - if (data.hasOwnProperty('requestedPrompt')) { - obj['requestedPrompt'] = ApiClient.convertToType( - data['requestedPrompt'], - 'String' - ) - } if (data.hasOwnProperty('requestedScopes')) { obj['requestedScopes'] = ApiClient.convertToType( data['requestedScopes'], @@ -103,6 +89,11 @@ * @member {String} clientId */ exports.prototype['clientId'] = undefined + /** + * ExpiresAt is the time where the access request will expire. + * @member {Date} expiresAt + */ + exports.prototype['expiresAt'] = undefined /** * ID is the id of this consent request. * @member {String} id @@ -113,18 +104,6 @@ * @member {String} redirectUrl */ exports.prototype['redirectUrl'] = undefined - /** - * @member {Array.} requestedAcr - */ - exports.prototype['requestedAcr'] = undefined - /** - * @member {Number} requestedMaxAge - */ - exports.prototype['requestedMaxAge'] = undefined - /** - * @member {String} requestedPrompt - */ - exports.prototype['requestedPrompt'] = undefined /** * RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. * @member {Array.} requestedScopes diff --git a/sdk/js/swagger/src/model/ConsentRequestAcceptance.js b/sdk/js/swagger/src/model/ConsentRequestAcceptance.js index 0cb371abdfd..cc76b317869 100644 --- a/sdk/js/swagger/src/model/ConsentRequestAcceptance.js +++ b/sdk/js/swagger/src/model/ConsentRequestAcceptance.js @@ -65,9 +65,6 @@ { String: Object } ) } - if (data.hasOwnProperty('authTime')) { - obj['authTime'] = ApiClient.convertToType(data['authTime'], 'Number') - } if (data.hasOwnProperty('grantScopes')) { obj['grantScopes'] = ApiClient.convertToType(data['grantScopes'], [ 'String' @@ -78,12 +75,6 @@ String: Object }) } - if (data.hasOwnProperty('providedAcr')) { - obj['providedAcr'] = ApiClient.convertToType( - data['providedAcr'], - 'String' - ) - } if (data.hasOwnProperty('subject')) { obj['subject'] = ApiClient.convertToType(data['subject'], 'String') } @@ -96,11 +87,6 @@ * @member {Object.} accessTokenExtra */ exports.prototype['accessTokenExtra'] = undefined - /** - * AuthTime is the time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. - * @member {Number} authTime - */ - exports.prototype['authTime'] = undefined /** * A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request. * @member {Array.} grantScopes @@ -111,11 +97,6 @@ * @member {Object.} idTokenExtra */ exports.prototype['idTokenExtra'] = undefined - /** - * ProvidedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. - * @member {String} providedAcr - */ - exports.prototype['providedAcr'] = undefined /** * Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the OAuth2 request. * @member {String} subject diff --git a/sdk/js/swagger/src/model/ConsentRequestRejection.js b/sdk/js/swagger/src/model/ConsentRequestRejection.js index d9a62d2ec35..1abeee8e0ae 100644 --- a/sdk/js/swagger/src/model/ConsentRequestRejection.js +++ b/sdk/js/swagger/src/model/ConsentRequestRejection.js @@ -59,9 +59,6 @@ if (data) { obj = obj || new exports() - if (data.hasOwnProperty('error')) { - obj['error'] = ApiClient.convertToType(data['error'], 'String') - } if (data.hasOwnProperty('reason')) { obj['reason'] = ApiClient.convertToType(data['reason'], 'String') } @@ -69,11 +66,6 @@ return obj } - /** - * Error can be used to return an OpenID Connect or OAuth 2.0 error to the OAuth 2.0 client, such as login_required, interaction_required, consent_required. - * @member {String} error - */ - exports.prototype['error'] = undefined /** * Reason represents the reason why the user rejected the consent request. * @member {String} reason diff --git a/sdk/js/swagger/src/model/Context.js b/sdk/js/swagger/src/model/Context.js index 2c3cab55493..ef5bb939987 100644 --- a/sdk/js/swagger/src/model/Context.js +++ b/sdk/js/swagger/src/model/Context.js @@ -69,11 +69,17 @@ if (data.hasOwnProperty('clientId')) { obj['clientId'] = ApiClient.convertToType(data['clientId'], 'String') } + if (data.hasOwnProperty('expiresAt')) { + obj['expiresAt'] = ApiClient.convertToType(data['expiresAt'], 'Date') + } if (data.hasOwnProperty('grantedScopes')) { obj['grantedScopes'] = ApiClient.convertToType(data['grantedScopes'], [ 'String' ]) } + if (data.hasOwnProperty('issuedAt')) { + obj['issuedAt'] = ApiClient.convertToType(data['issuedAt'], 'Date') + } if (data.hasOwnProperty('issuer')) { obj['issuer'] = ApiClient.convertToType(data['issuer'], 'String') } @@ -94,11 +100,21 @@ * @member {String} clientId */ exports.prototype['clientId'] = undefined + /** + * ExpiresAt is the expiry timestamp. + * @member {Date} expiresAt + */ + exports.prototype['expiresAt'] = undefined /** * GrantedScopes is a list of scopes that the subject authorized when asked for consent. * @member {Array.} grantedScopes */ exports.prototype['grantedScopes'] = undefined + /** + * IssuedAt is the token creation time stamp. + * @member {Date} issuedAt + */ + exports.prototype['issuedAt'] = undefined /** * Issuer is the id of the issuer, typically an hydra instance. * @member {String} issuer diff --git a/sdk/js/swagger/src/model/OAuth2ConsentRequest.js b/sdk/js/swagger/src/model/OAuth2ConsentRequest.js index 81f399c3698..888fa9b6b36 100644 --- a/sdk/js/swagger/src/model/OAuth2ConsentRequest.js +++ b/sdk/js/swagger/src/model/OAuth2ConsentRequest.js @@ -74,23 +74,6 @@ 'String' ) } - if (data.hasOwnProperty('requestedAcr')) { - obj['requestedAcr'] = ApiClient.convertToType(data['requestedAcr'], [ - 'String' - ]) - } - if (data.hasOwnProperty('requestedMaxAge')) { - obj['requestedMaxAge'] = ApiClient.convertToType( - data['requestedMaxAge'], - 'Number' - ) - } - if (data.hasOwnProperty('requestedPrompt')) { - obj['requestedPrompt'] = ApiClient.convertToType( - data['requestedPrompt'], - 'String' - ) - } if (data.hasOwnProperty('requestedScopes')) { obj['requestedScopes'] = ApiClient.convertToType( data['requestedScopes'], @@ -117,25 +100,10 @@ */ exports.prototype['id'] = undefined /** - * RedirectURL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. + * Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected. * @member {String} redirectUrl */ exports.prototype['redirectUrl'] = undefined - /** - * RequestedAuthenticationContextClassReference specifies an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value \"0\" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. In summary ISO/IEC 29115 defines four levels, broadly summarized as follows. acr=0 does not satisfy Level 1 and could be, for example, authentication using a long-lived browser cookie. Level 1 (acr=1): Minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. For example presenting a self-registered username or password. Level 2 (acr=2): There is some confidence in the asserted identity of the entity. For example confirming authentication using a mobile app (\"Something you have\"). Level 3 (acr=3): High confidence in an asserted identity of the entity. For example sending a code to a mobile phone or using Google Authenticator or a fingerprint scanner (\"Something you have and something you know\" / \"Something you are\") Level 4 (acr=4): Very high confidence in an asserted identity of the entity. Requires in-person identification. - * @member {Array.} requestedAcr - */ - exports.prototype['requestedAcr'] = undefined - /** - * MaxAge specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. - * @member {Number} requestedMaxAge - */ - exports.prototype['requestedMaxAge'] = undefined - /** - * Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none: The consent app MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required. This can be used as a method to check for existing authentication and/or consent. login: The consent app SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required. consent: The consent app SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required. select_account: The consent app SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required. The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request. If this parameter contains none with any other value, an error is returned. - * @member {String} requestedPrompt - */ - exports.prototype['requestedPrompt'] = undefined /** * RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator. * @member {Array.} requestedScopes