From 01c6af7a2b5d7e0d2eab1f5c419ac7a2833c3d67 Mon Sep 17 00:00:00 2001 From: Tushar Pandey Date: Wed, 21 Aug 2024 11:42:44 +0530 Subject: [PATCH 1/3] client credentials code changes SDK-4541 --- .../__generated/managers/clients-manager.ts | 64 ++++++--- .../managers/organizations-manager.ts | 68 +++++++++ .../managers/resource-servers-manager.ts | 9 +- src/management/__generated/models/index.ts | 131 +++++++++++++++++- 4 files changed, 248 insertions(+), 24 deletions(-) diff --git a/src/management/__generated/managers/clients-manager.ts b/src/management/__generated/managers/clients-manager.ts index f012342e5..2ed8bb095 100644 --- a/src/management/__generated/managers/clients-manager.ts +++ b/src/management/__generated/managers/clients-manager.ts @@ -79,15 +79,18 @@ export class ClientsManager extends BaseAPI { } /** - * Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude - * may also be specified. Note: + * Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. + * For more information, read Applications in Auth0 and Single Sign-On. + * * * @@ -148,6 +150,14 @@ export class ClientsManager extends BaseAPI { key: 'include_totals', config: {}, }, + { + key: 'from', + config: {}, + }, + { + key: 'take', + config: {}, + }, { key: 'is_global', config: {}, @@ -160,6 +170,14 @@ export class ClientsManager extends BaseAPI { key: 'app_type', config: {}, }, + { + key: 'client_ids', + config: {}, + }, + { + key: 'q', + config: {}, + }, ]); const response = await this.request( @@ -175,14 +193,17 @@ export class ClientsManager extends BaseAPI { } /** - * Retrieve client details. A list of fields to include or exclude may also be specified. Note: + * Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. + * For more information, read Applications in Auth0 and Single Sign-On. * * - * Get a client + * Get client by ID * * @throws {RequiredError} */ @@ -298,6 +317,8 @@ export class ClientsManager extends BaseAPI { } /** + * Updates a client's settings. For more information, read Applications in Auth0 and Single Sign-On. + * * Notes: * - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope. * - The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use @@ -371,7 +392,8 @@ export class ClientsManager extends BaseAPI { } /** - * Create a new client (application or SSO integration). + * Create a new client (application or SSO integration). For more information, read Create Applications + * API Endpoints for Single Sign-On. * * Notes: * - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret. diff --git a/src/management/__generated/managers/organizations-manager.ts b/src/management/__generated/managers/organizations-manager.ts index 110db67f8..2b2d5ff2d 100644 --- a/src/management/__generated/managers/organizations-manager.ts +++ b/src/management/__generated/managers/organizations-manager.ts @@ -8,6 +8,7 @@ import type { GetInvitations200Response, GetInvitations200ResponseOneOfInner, GetMembers200Response, + GetOrganizationClientGrants200Response, GetOrganizationMemberRoles200Response, GetOrganizations200Response, GetOrganizations200ResponseOneOfInner, @@ -23,6 +24,8 @@ import type { GetInvitations200ResponseOneOf, GetMembers200ResponseOneOf, GetMembers200ResponseOneOfInner, + GetOrganizationClientGrants200ResponseOneOf, + GetOrganizationClientGrants200ResponseOneOfInner, GetOrganizationMemberRoles200ResponseOneOf, GetOrganizationMemberRoles200ResponseOneOfInner, GetOrganizations200ResponseOneOf, @@ -37,6 +40,7 @@ import type { GetInvitationsByInvitationIdRequest, GetMembersRequest, GetNameByNameRequest, + GetOrganizationClientGrantsRequest, GetOrganizationMemberRolesRequest, GetOrganizationsRequest, GetOrganizationsByIdRequest, @@ -483,6 +487,70 @@ export class OrganizationsManager extends BaseAPI { return runtime.JSONApiResponse.fromResponse(response); } + /** + * Get client grants associated to an organization + * + * @throws {RequiredError} + */ + async getOrganizationClientGrants( + requestParameters: GetOrganizationClientGrantsRequest & { include_totals: true }, + initOverrides?: InitOverride + ): Promise>; + async getOrganizationClientGrants( + requestParameters?: GetOrganizationClientGrantsRequest, + initOverrides?: InitOverride + ): Promise>>; + async getOrganizationClientGrants( + requestParameters: GetOrganizationClientGrantsRequest, + initOverrides?: InitOverride + ): Promise> { + runtime.validateRequiredRequestParams(requestParameters, ['id']); + + const queryParameters = runtime.applyQueryParams(requestParameters, [ + { + key: 'audience', + config: {}, + }, + { + key: 'client_id', + config: {}, + }, + { + key: 'grant_ids', + config: { + isArray: true, + isCollectionFormatMulti: true, + }, + }, + { + key: 'page', + config: {}, + }, + { + key: 'per_page', + config: {}, + }, + { + key: 'include_totals', + config: {}, + }, + ]); + + const response = await this.request( + { + path: `/organizations/{id}/client-grants`.replace( + '{id}', + encodeURIComponent(String(requestParameters.id)) + ), + method: 'GET', + query: queryParameters, + }, + initOverrides + ); + + return runtime.JSONApiResponse.fromResponse(response); + } + /** * Get the roles assigned to an organization member * diff --git a/src/management/__generated/managers/resource-servers-manager.ts b/src/management/__generated/managers/resource-servers-manager.ts index 689957943..15ad8931a 100644 --- a/src/management/__generated/managers/resource-servers-manager.ts +++ b/src/management/__generated/managers/resource-servers-manager.ts @@ -45,7 +45,7 @@ export class ResourceServersManager extends BaseAPI { } /** - * Retrieve APIs (also known as resource servers) that you can consume from your authorized applications. + * Retrieve details of all APIs associated with your tenant. * Get resource servers * * @throws {RequiredError} @@ -63,6 +63,13 @@ export class ResourceServersManager extends BaseAPI { initOverrides?: InitOverride ): Promise> { const queryParameters = runtime.applyQueryParams(requestParameters, [ + { + key: 'identifiers', + config: { + isArray: true, + isCollectionFormatMulti: true, + }, + }, { key: 'page', config: {}, diff --git a/src/management/__generated/models/index.ts b/src/management/__generated/models/index.ts index d534bdf92..ba42dc8c1 100644 --- a/src/management/__generated/models/index.ts +++ b/src/management/__generated/models/index.ts @@ -4903,7 +4903,10 @@ export interface GetClientGrants200ResponseOneOf { /** * */ -export type GetClients200Response = Array | GetClients200ResponseOneOf; +export type GetClients200Response = + | Array + | GetClients200ResponseOneOf + | GetClients200ResponseOneOf1; /** * */ @@ -4921,6 +4924,17 @@ export interface GetClients200ResponseOneOf { */ clients: Array; } +/** + * + */ +export interface GetClients200ResponseOneOf1 { + /** + */ + next: string; + /** + */ + clients: Array; +} /** * */ @@ -6292,6 +6306,54 @@ export const GetMessageTypes200ResponseMessageTypesEnum = { export type GetMessageTypes200ResponseMessageTypesEnum = (typeof GetMessageTypes200ResponseMessageTypesEnum)[keyof typeof GetMessageTypes200ResponseMessageTypesEnum]; +/** + * + */ +export type GetOrganizationClientGrants200Response = + | Array + | GetOrganizationClientGrants200ResponseOneOf; +/** + * + */ +export interface GetOrganizationClientGrants200ResponseOneOf { + /** + */ + start: number; + /** + */ + limit: number; + /** + */ + total: number; + /** + */ + grants: Array; +} +/** + * + */ +export interface GetOrganizationClientGrants200ResponseOneOfInner { + /** + * ID of the client grant. + * + */ + id: string; + /** + * ID of the client. + * + */ + client_id: string; + /** + * The audience (API identifier) of this client grant + * + */ + audience: string; + /** + * Scopes allowed for this client grant. + * + */ + scope: Array; +} /** * */ @@ -13467,6 +13529,16 @@ export interface GetClientsRequest { * */ include_totals?: boolean; + /** + * Optional Id from which to start selection. + * + */ + from?: string; + /** + * Number of results per page. Defaults to 50. + * + */ + take?: number; /** * Optional filter on the global client parameter. * @@ -13482,6 +13554,16 @@ export interface GetClientsRequest { * */ app_type?: string; + /** + * A comma separated list of client_ids used to filter the returned clients + * + */ + client_ids?: string; + /** + * Query in Lucene query string syntax. + * + */ + q?: string; } /** * @@ -14665,6 +14747,46 @@ export interface GetNameByNameRequest { */ name: string; } +/** + * + */ +export interface GetOrganizationClientGrantsRequest { + /** + * Organization identifier + * + */ + id: string; + /** + * Optional filter on audience of the client grant. + * + */ + audience?: string; + /** + * Optional filter on client_id of the client grant. + * + */ + client_id?: string; + /** + * A list of grant ids, which will filter the results. + * + */ + grant_ids?: Array; + /** + * Page index of the results to return. First page is 0. + * + */ + page?: number; + /** + * Number of results per page. Defaults to 50. + * + */ + per_page?: number; + /** + * Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). + * + */ + include_totals?: boolean; +} /** * */ @@ -15118,13 +15240,18 @@ export interface DeleteResourceServersByIdRequest { * */ export interface GetResourceServersRequest { + /** + * A list of URI encoded identifiers to filter the results by. Consider URL limits when using this parameter, if the URL is too long, consider chunking the requests + * + */ + identifiers?: Array; /** * Page index of the results to return. First page is 0. * */ page?: number; /** - * Number of results per page. Paging is disabled if parameter not sent. + * Number of results per page. * */ per_page?: number; From d986c5efeffa71a5f19cabac1735a19f6c3c9306 Mon Sep 17 00:00:00 2001 From: Tushar Pandey Date: Fri, 23 Aug 2024 23:46:32 +0530 Subject: [PATCH 2/3] Client creds tests updated --- test/management/client.test.ts | 26 ++++--- test/management/organizations.test.ts | 90 +++++++++++++++++++++++- test/management/resource-servers.test.ts | 20 ++++-- 3 files changed, 121 insertions(+), 15 deletions(-) diff --git a/test/management/client.test.ts b/test/management/client.test.ts index 8bfca27f0..c0518df8a 100644 --- a/test/management/client.test.ts +++ b/test/management/client.test.ts @@ -12,6 +12,7 @@ import { PostCredentialsOperationRequest, PostCredentialsRequest, ManagementClient, + GetClientsRequest, } from '../../src/index.js'; import { RequiredError } from '../../src/lib/errors.js'; @@ -138,16 +139,25 @@ describe('ClientsManager', () => { it('should pass the parameters in the query-string', (done) => { nock.cleanAll(); + const queryParameters: GetClientsRequest | any = { + fields: 'name,email', + include_fields: true, + page: 0, + per_page: 50, + include_totals: false, + from: '12345', + take: 50, + is_global: true, + is_first_party: false, + app_type: 'web,mobile', + client_ids: 'client1,client2,client3', + q: 'name:John AND email:john@example.com', + }; + const data = [{ client_id: '1' }]; - const request = nock(API_URL) - .get('/clients') - .query({ - include_fields: true, - fields: 'test', - }) - .reply(200, data); + const request = nock(API_URL).get('/clients').query(queryParameters).reply(200, data); - clients.getAll({ include_fields: true, fields: 'test' }).then(() => { + clients.getAll({ ...queryParameters }).then(() => { expect(request.isDone()).toBe(true); done(); }); diff --git a/test/management/organizations.test.ts b/test/management/organizations.test.ts index 248c184c2..0fb9eef0b 100644 --- a/test/management/organizations.test.ts +++ b/test/management/organizations.test.ts @@ -2,7 +2,14 @@ import nock from 'nock'; const API_URL = 'https://tenant.auth0.com/api/v2'; -import { OrganizationsManager, ManagementClient, RequiredError } from '../../src/index.js'; +import { + OrganizationsManager, + ManagementClient, + RequiredError, + GetOrganizationClientGrantsRequest, + GetOrganizationClientGrants200Response, + ApiResponse, +} from '../../src/index.js'; describe('OrganizationsManager', () => { let organizations: OrganizationsManager; @@ -1386,4 +1393,85 @@ describe('OrganizationsManager', () => { }); }); }); + + describe('#getOrganizationClientGrants', () => { + const token = 'test_token'; + + const data: GetOrganizationClientGrantsRequest | any = { + id: 'org_123', + audience: 'audience', + client_id: 'client_id', + grant_ids: ['grant_id1', 'grant_id2'], + page: 1, + per_page: 10, + include_totals: true, + }; + + beforeEach(() => { + request = nock(API_URL) + .get(`/organizations/${data.id}/client-grants`) + .query({ + audience: data.audience, + client_id: data.client_id, + grant_ids: data.grant_ids, + page: data.page, + per_page: data.per_page, + include_totals: data.include_totals, + }) + .reply(200, { grants: [] }); + }); + + afterEach(() => { + nock.cleanAll(); + }); + + it('should return a promise if no callback is given', async () => { + const promise = organizations.getOrganizationClientGrants(data); + expect(promise).toBeInstanceOf(Promise); + await promise; + }); + + it('should perform a GET request to /api/v2/organizations/:id/client-grants', async () => { + await organizations.getOrganizationClientGrants(data); + expect(request.isDone()).toBe(true); + }); + + it('should include the token in the Authorization header', async () => { + const scope = nock(API_URL, { + reqheaders: { + authorization: `Bearer ${token}`, + }, + }) + .get(`/organizations/${data.id}/client-grants`) + .query({ + audience: data.audience, + client_id: data.client_id, + grant_ids: data.grant_ids, + page: data.page, + per_page: data.per_page, + include_totals: data.include_totals, + }) + .reply(200, { grants: [] }); + + const result: ApiResponse = + await organizations.getOrganizationClientGrants(data); + expect(result.status).toBe(200); + }); + + it('should pass the query parameters correctly', async () => { + await organizations.getOrganizationClientGrants(data); + expect(request.isDone()).toBe(true); + }); + + it('should pass any errors to the promise catch handler', async () => { + request = nock(API_URL) + .get(`/organizations/${data.id}/client-grants`) + .query(true) + .reply(500, {}); + + organizations.getOrganizationClientGrants(data).catch((err) => { + expect(err).toBeDefined(); + }); + }); + }); }); diff --git a/test/management/resource-servers.test.ts b/test/management/resource-servers.test.ts index 118710038..0be3df254 100644 --- a/test/management/resource-servers.test.ts +++ b/test/management/resource-servers.test.ts @@ -1,4 +1,5 @@ import nock from 'nock'; +import queryString from 'querystring'; const API_URL = 'https://tenant.auth0.com/api/v2'; @@ -81,18 +82,25 @@ describe('ResourceServersManager', () => { }); }); - it('should include the token in the Authorization header', (done) => { + it('should include the token in the Authorization header', async () => { nock.cleanAll(); + const queryParams = { + identifiers: ['123'], + page: 0, + per_page: 10, + include_totals: true, + include_fields: true, + }; + const request = nock(API_URL) - .get('/resource-servers') + .get(`/resource-servers?${queryString.stringify(queryParams)}`) .matchHeader('Authorization', `Bearer ${token}`) + // .query(queryParams) .reply(200, []); - resourceServers.getAll().then(() => { - expect(request.isDone()).toBe(true); - done(); - }); + await resourceServers.getAll(queryParams); + expect(request.isDone()).toBe(true); }); }); From e0002826576e3120c1982b19a12f9ef96029ec48 Mon Sep 17 00:00:00 2001 From: Tushar Pandey Date: Wed, 28 Aug 2024 14:25:04 +0530 Subject: [PATCH 3/3] added missing fields related to SS changes --- src/management/__generated/models/index.ts | 125 +++++++++++++++------ 1 file changed, 90 insertions(+), 35 deletions(-) diff --git a/src/management/__generated/models/index.ts b/src/management/__generated/models/index.ts index ba42dc8c1..678ac2c28 100644 --- a/src/management/__generated/models/index.ts +++ b/src/management/__generated/models/index.ts @@ -175,10 +175,13 @@ export interface Client { initiate_login_uri: string; /** */ - native_social_login: ClientNativeSocialLogin | null; + native_social_login: any | null; /** */ refresh_token: ClientRefreshToken | null; + /** + */ + default_organization: ClientDefaultOrganization | null; /** * Defines how to proceed during an authentication transaction with regards an organization. Can be `deny` (default), `allow` or `require`. * @@ -197,14 +200,14 @@ export interface Client { * */ require_pushed_authorization_requests: boolean; - /** - */ - signed_request_object: ClientSignedRequestObject; /** * Makes the use of Proof-of-Possession mandatory for this client * */ require_proof_of_possession: boolean; + /** + */ + signed_request_object: ClientSignedRequestObject; /** * Defines the compliance level for this client, which may restrict it's capabilities * @@ -1174,10 +1177,10 @@ export interface ClientCreateAddons { azure_sb?: ClientCreateAddonsAzureSb; /** */ - rms?: ClientAddonsRms; + rms?: ClientCreateAddonsRms; /** */ - mscrm?: ClientAddonsMscrm; + mscrm?: ClientCreateAddonsMscrm; /** */ slack?: ClientAddonsSlack; @@ -1442,6 +1445,17 @@ export interface ClientCreateAddonsFirebase { */ lifetime_in_seconds?: number; } +/** + * Microsoft Dynamics CRM SSO configuration. + */ +export interface ClientCreateAddonsMscrm { + [key: string]: any | any; + /** + * Microsoft Dynamics CRM application URL. + * + */ + url: string; +} /** * New Relic SSO configuration. */ @@ -1469,6 +1483,17 @@ export interface ClientCreateAddonsOffice365 { */ connection?: string; } +/** + * Active Directory Rights Management Service SSO configuration. + */ +export interface ClientCreateAddonsRms { + [key: string]: any | any; + /** + * URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it. + * + */ + url: string; +} /** * Salesforce SSO configuration. */ @@ -2004,6 +2029,28 @@ export interface ClientCreateSignedRequestObject { */ credentials?: Array; } +/** + * Defines the default Organization ID and flows + */ +export interface ClientDefaultOrganization { + /** + * The default Organization ID to be used + * + */ + organization_id: string; + /** + * The default Organization usage + * + */ + flows: Array; +} + +export const ClientDefaultOrganizationFlowsEnum = { + client_credentials: 'client_credentials', +} as const; +export type ClientDefaultOrganizationFlowsEnum = + (typeof ClientDefaultOrganizationFlowsEnum)[keyof typeof ClientDefaultOrganizationFlowsEnum]; + /** * Encryption used for WsFed responses with this client. */ @@ -2150,47 +2197,55 @@ export interface ClientMobileIos { app_bundle_identifier: string; } /** - * Configure native social settings - */ -export interface ClientNativeSocialLogin { - /** - */ - apple: ClientNativeSocialLoginApple | null; - /** - */ - facebook: ClientNativeSocialLoginFacebook | null; -} -/** - * Native Social Login support for the Apple connection + * Configuration for OIDC backchannel logout */ -export interface ClientNativeSocialLoginApple { +export interface ClientOidcLogout { + [key: string]: any | any; /** - * Determine whether or not to allow signing in natively using an Apple authorization code + * Comma-separated list of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. * */ - enabled: boolean; -} -/** - * Native Social Login support for the Facebook connection - */ -export interface ClientNativeSocialLoginFacebook { + backchannel_logout_urls: Array; /** - * Determine whether or not to allow signing in natively using Facebook - * */ - enabled: boolean; + backchannel_logout_initiators: ClientOidcLogoutBackchannelLogoutInitiators; } /** - * Configuration for OIDC backchannel logout + * Configuration for OIDC backchannel logout initiators */ -export interface ClientOidcLogout { +export interface ClientOidcLogoutBackchannelLogoutInitiators { [key: string]: any | any; /** - * Comma-separated list of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. + * The `mode` property determines the configuration method for enabling initiators. `custom` enables only the initiators listed in the selected_initiators array, `all` enables all current and future initiators. * */ - backchannel_logout_urls: Array; + mode: ClientOidcLogoutBackchannelLogoutInitiatorsModeEnum; + /** + */ + selected_initiators: Array; } + +export const ClientOidcLogoutBackchannelLogoutInitiatorsModeEnum = { + custom: 'custom', + all: 'all', +} as const; +export type ClientOidcLogoutBackchannelLogoutInitiatorsModeEnum = + (typeof ClientOidcLogoutBackchannelLogoutInitiatorsModeEnum)[keyof typeof ClientOidcLogoutBackchannelLogoutInitiatorsModeEnum]; + +export const ClientOidcLogoutBackchannelLogoutInitiatorsSelectedInitiatorsEnum = { + rp_logout: 'rp-logout', + idp_logout: 'idp-logout', + password_changed: 'password-changed', + session_expired: 'session-expired', + session_revoked: 'session-revoked', + account_deleted: 'account-deleted', + email_identifier_changed: 'email-identifier-changed', + mfa_phone_unenrolled: 'mfa-phone-unenrolled', + account_deactivated: 'account-deactivated', +} as const; +export type ClientOidcLogoutBackchannelLogoutInitiatorsSelectedInitiatorsEnum = + (typeof ClientOidcLogoutBackchannelLogoutInitiatorsSelectedInitiatorsEnum)[keyof typeof ClientOidcLogoutBackchannelLogoutInitiatorsSelectedInitiatorsEnum]; + /** * Refresh token configuration */ @@ -2538,10 +2593,10 @@ export interface ClientUpdateAddons { azure_sb?: ClientCreateAddonsAzureSb; /** */ - rms?: ClientAddonsRms; + rms?: ClientCreateAddonsRms; /** */ - mscrm?: ClientAddonsMscrm; + mscrm?: ClientCreateAddonsMscrm; /** */ slack?: ClientAddonsSlack;