From d71e26bdabcfa03290e43d11c1810fe68770b43f Mon Sep 17 00:00:00 2001 From: Brian Demers Date: Tue, 10 Jan 2023 15:20:13 -0500 Subject: [PATCH 1/3] Add additional Runscope SCIM tests Adds tests for: * PUT /Users/ - add attributes * PATCH /Users/ - disable user * POST /Groups - create group * GET /Groups/ - get group * PUT /Groups/ - update group * PATCH /Groups/ - update group users * DELETE /Groups/ - delete group --- .../SCIM/SCIMFiles/Initial_Script_Spec.txt | 18 +- .../SCIMFiles/Okta-SCIM-20-SPEC-Test.json | 821 ++++++++++++++---- 2 files changed, 657 insertions(+), 182 deletions(-) diff --git a/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Initial_Script_Spec.txt b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Initial_Script_Spec.txt index 19af5fd5012..2db42e8b5a6 100644 --- a/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Initial_Script_Spec.txt +++ b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Initial_Script_Spec.txt @@ -4,7 +4,7 @@ function generate_lastname() var lower_alphabets = "abcdefghijklmnopqrstuvwxyz"; var upper_alphabets = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; var digits = "0123456789"; - + lastname += upper_alphabets.charAt(Math.floor(Math.random() * upper_alphabets.length)); for( var i=0; i < 8; i++ ) @@ -16,23 +16,27 @@ function generate_lastname() return lastname; } -function generate_firstname() +function generate_name() { - var firstname = "Runscope"; + var name = "Runscope"; var digits = "0123456789"; for( var j=0; j < 3; j++ ) - firstname += digits.charAt(Math.floor(Math.random() * digits.length)); - return firstname; + name += digits.charAt(Math.floor(Math.random() * digits.length)); + return name; } -var firstname = generate_firstname(); +var firstname = generate_name(); var lastname = generate_lastname(); var email = firstname + lastname + "@atko.com"; +var groupName = generate_name(); +// Users variables.set("randomGivenName", firstname); variables.set("randomFamilyName", lastname); variables.set("randomEmail", email); variables.set("randomUsername", email); variables.set("InvalidUserEmail", "abcdefgh@atko.com"); variables.set("UserIdThatDoesNotExist", "010101001010101011001010101011"); -variables.set("randomUsernameCaps",email.toUpperCase()); \ No newline at end of file +variables.set("randomUsernameCaps",email.toUpperCase()); +// Groups +variables.set("randomGroupName",groupName); diff --git a/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Okta-SCIM-20-SPEC-Test.json b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Okta-SCIM-20-SPEC-Test.json index 87b87935132..ac67278a5a7 100644 --- a/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Okta-SCIM-20-SPEC-Test.json +++ b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/Okta-SCIM-20-SPEC-Test.json @@ -1,22 +1,16 @@ { - "trigger_url": "https://api.runscope.com/radar/542c3c9f-2fd0-4272-8869-3e7222ce9b01/trigger", - "name": "Okta SCIM 2.0 SPEC Test", "version": "1.0", - "exported_at": 1502143364, + "exported_at": 1673379131, + "name": "Okta SCIM 2.0 SPEC Test", + "description": "Basic tests to see if your SCIM server will work with Okta", + "trigger_url": "https://api.runscope.com/radar/afd73385-c39f-49ff-989c-70d24f86ac4b/trigger", "steps": [ { - "url": "{{SCIMBaseURL}}/Users?count=1&startIndex=1", - "variables": [ - { - "source": "response_json", - "property": "Resources[0].id", - "name": "ISVUserid" - } - ], - "multipart_form": [], "step_type": "request", - "auth": {}, + "skipped": false, "note": "Required Test: Test Users endpoint", + "url": "{{SCIMBaseURL}}/Users?count=1&startIndex=1", + "auth": {}, "headers": { "Accept-Charset": [ "utf-8" @@ -34,94 +28,100 @@ "OKTA SCIM Integration" ] }, + "method": "GET", "assertions": [ { "comparison": "equal_number", - "value": "200", - "source": "response_status" + "source": "response_status", + "value": "200" }, { "comparison": "not_empty", - "property": "Resources", + "source": "response_json", "value": null, - "source": "response_json" + "property": "Resources" }, { "comparison": "has_value", - "property": "schemas", + "source": "response_json", "value": "urn:ietf:params:scim:api:messages:2.0:ListResponse", - "source": "response_json" + "property": "schemas" }, { "comparison": "is_a_number", - "property": "itemsPerPage", + "source": "response_json", "value": null, - "source": "response_json" + "property": "itemsPerPage" }, { "comparison": "is_a_number", - "property": "startIndex", + "source": "response_json", "value": null, - "source": "response_json" + "property": "startIndex" }, { "comparison": "is_a_number", - "property": "totalResults", + "source": "response_json", "value": null, - "source": "response_json" + "property": "totalResults" }, { "comparison": "not_empty", - "property": "Resources[0].id", + "source": "response_json", "value": null, - "source": "response_json" + "property": "Resources[0].id" }, { "comparison": "not_empty", - "property": "Resources[0].name.familyName", + "source": "response_json", "value": null, - "source": "response_json" + "property": "Resources[0].name.familyName" }, { "comparison": "not_empty", - "property": "Resources[0].name.givenName", + "source": "response_json", "value": null, - "source": "response_json" + "property": "Resources[0].name.givenName" }, { "comparison": "not_empty", - "property": "Resources[0].userName", + "source": "response_json", "value": null, - "source": "response_json" + "property": "Resources[0].userName" }, { "comparison": "not_empty", - "property": "Resources[0].active", + "source": "response_json", "value": null, - "source": "response_json" + "property": "Resources[0].active" }, { "comparison": "not_empty", - "property": "Resources[0].emails[0].value", + "source": "response_json", "value": null, - "source": "response_json" + "property": "Resources[0].emails[0].value" + } + ], + "variables": [ + { + "source": "response_json", + "name": "ISVUserid", + "property": "Resources[0].id" } ], "scripts": [], - "before_scripts": [], - "method": "GET" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { - "url": "{{SCIMBaseURL}}/Users/{{ISVUserid}}", - "variables": [], - "multipart_form": [], "step_type": "request", - "auth": {}, + "skipped": false, "note": "Required Test: Get Users/{{id}} ", + "url": "{{SCIMBaseURL}}/Users/{{ISVUserid}}", + "auth": {}, "headers": { "Accept-Charset": [ "utf-8" @@ -139,70 +139,70 @@ "OKTA SCIM Integration" ] }, + "method": "GET", "assertions": [ { "comparison": "equal_number", - "value": "200", - "source": "response_status" + "source": "response_status", + "value": "200" }, { "comparison": "not_empty", - "property": "id", + "source": "response_json", "value": null, - "source": "response_json" + "property": "id" }, { "comparison": "not_empty", - "property": "name.familyName", + "source": "response_json", "value": null, - "source": "response_json" + "property": "name.familyName" }, { "comparison": "not_empty", - "property": "name.givenName", + "source": "response_json", "value": null, - "source": "response_json" + "property": "name.givenName" }, { "comparison": "not_empty", - "property": "userName", + "source": "response_json", "value": null, - "source": "response_json" + "property": "userName" }, { "comparison": "not_empty", - "property": "active", + "source": "response_json", "value": null, - "source": "response_json" + "property": "active" }, { "comparison": "not_empty", - "property": "emails[0].value", + "source": "response_json", "value": null, - "source": "response_json" + "property": "emails[0].value" }, { "comparison": "equal", - "property": "id", + "source": "response_json", "value": "{{ISVUserid}}", - "source": "response_json" + "property": "id" } ], + "variables": [], "scripts": [], - "before_scripts": [], - "method": "GET" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { - "url": "{{SCIMBaseURL}}/Users?filter=userName eq \"{{InvalidUserEmail}}\"", - "variables": [], - "multipart_form": [], "step_type": "request", - "auth": {}, + "skipped": false, "note": "Required Test: Test invalid User by username", + "url": "{{SCIMBaseURL}}/Users?filter=userName eq \"{{InvalidUserEmail}}\"", + "auth": {}, "headers": { "Accept-Charset": [ "utf-8" @@ -220,40 +220,40 @@ "OKTA SCIM Integration" ] }, + "method": "GET", "assertions": [ { "comparison": "equal_number", - "value": "200", - "source": "response_status" + "source": "response_status", + "value": "200" }, { "comparison": "has_value", - "property": "schemas", + "source": "response_json", "value": "urn:ietf:params:scim:api:messages:2.0:ListResponse", - "source": "response_json" + "property": "schemas" }, { "comparison": "equal", - "property": "totalResults", + "source": "response_json", "value": "0", - "source": "response_json" + "property": "totalResults" } ], + "variables": [], "scripts": [], - "before_scripts": [], - "method": "GET" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { - "url": "{{SCIMBaseURL}}/Users/{{UserIdThatDoesNotExist}}", - "variables": [], - "multipart_form": [], "step_type": "request", - "auth": {}, + "skipped": false, "note": "Required Test: Test invalid User by ID", + "url": "{{SCIMBaseURL}}/Users/{{UserIdThatDoesNotExist}}", + "auth": {}, "headers": { "Accept-Charset": [ "utf-8" @@ -271,40 +271,40 @@ "OKTA SCIM Integration" ] }, + "method": "GET", "assertions": [ { "comparison": "equal_number", - "value": "404", - "source": "response_status" + "source": "response_status", + "value": "404" }, { "comparison": "not_empty", - "property": "detail", + "source": "response_json", "value": null, - "source": "response_json" + "property": "detail" }, { "comparison": "has_value", - "property": "schemas", + "source": "response_json", "value": "urn:ietf:params:scim:api:messages:2.0:Error", - "source": "response_json" + "property": "schemas" } ], + "variables": [], "scripts": [], - "before_scripts": [], - "method": "GET" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { - "url": "{{SCIMBaseURL}}/Users?filter=userName eq \"{{randomEmail}}\"", - "variables": [], - "multipart_form": [], "step_type": "request", - "auth": {}, + "skipped": false, "note": "Required Test: Make sure random user doesn't exist", + "url": "{{SCIMBaseURL}}/Users?filter=userName eq \"{{randomEmail}}\"", + "auth": {}, "headers": { "Accept-Charset": [ "utf-8" @@ -322,124 +322,128 @@ "OKTA SCIM Integration" ] }, + "method": "GET", "assertions": [ { "comparison": "equal_number", - "value": "200", - "source": "response_status" + "source": "response_status", + "value": "200" }, { "comparison": "equal_number", - "property": "totalResults", + "source": "response_json", "value": "0", - "source": "response_json" + "property": "totalResults" }, { "comparison": "has_value", - "property": "schemas", + "source": "response_json", "value": "urn:ietf:params:scim:api:messages:2.0:ListResponse", - "source": "response_json" + "property": "schemas" } ], + "variables": [], "scripts": [], - "before_scripts": [], - "method": "GET" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { + "step_type": "request", + "skipped": false, + "note": "Required Test: Create Okta user with realisitic values", "body": "{\"schemas\":[\"urn:ietf:params:scim:schemas:core:2.0:User\"],\"userName\":\"{{randomUsername}}\",\"name\":{\"givenName\":\"{{randomGivenName}}\",\"familyName\":\"{{randomFamilyName}}\"},\"emails\":[{\"primary\":true,\"value\":\"{{randomEmail}}\",\"type\":\"work\"}],\"displayName\":\"{{randomGivenName}} {{randomFamilyName}}\",\"active\":true}", "form": {}, "url": "{{SCIMBaseURL}}/Users", - "variables": [ - { - "source": "response_json", - "property": "id", - "name": "idUserOne" - }, - { - "source": "response_json", - "property": "emails[0].value", - "name": "randomUserEmail" - } - ], - "multipart_form": [], - "step_type": "request", "auth": {}, - "note": "Required Test: Create Okta user with realistic values", + "method": "POST", "headers": { "Content-Type": [ - "application/json" + "application/scim+json" ], "Authorization": [ "{{auth}}" ], "Accept": [ "application/scim+json; charset=utf-8" + ], + "User-Agent": [ + "OKTA SCIM Integration" ] }, + "multipart_form": [], "assertions": [ { "comparison": "equal_number", - "value": "201", - "source": "response_status" + "source": "response_status", + "value": "201" }, { "comparison": "equal", - "property": "active", + "source": "response_json", "value": "true", - "source": "response_json" + "property": "active" }, { "comparison": "not_empty", - "property": "id", + "source": "response_json", "value": null, - "source": "response_json" + "property": "id" }, { "comparison": "equal", - "property": "name.familyName", + "source": "response_json", "value": "{{randomFamilyName}}", - "source": "response_json" + "property": "name.familyName" }, { "comparison": "equal", - "property": "name.givenName", + "source": "response_json", "value": "{{randomGivenName}}", - "source": "response_json" + "property": "name.givenName" }, { "comparison": "contains", - "property": "schemas", + "source": "response_json", "value": "urn:ietf:params:scim:schemas:core:2.0:User", - "source": "response_json" + "property": "schemas" }, { "comparison": "equal", - "property": "userName", + "source": "response_json", "value": "{{randomUsername}}", - "source": "response_json" + "property": "userName" + } + ], + "variables": [ + { + "source": "response_json", + "name": "idUserOne", + "property": "id" + }, + { + "source": "response_json", + "name": "randomUserEmail", + "property": "emails[0].value" } ], "scripts": [ - "" + "var data = JSON.parse(response.body);\nassert.notEqual(data.userName.toLowerCase(),variables.get(\"randomUsername\"),'ISVuserNameLower matches with InitialuserName');" ], - "before_scripts": [], - "method": "POST" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { - "url": "{{SCIMBaseURL}}/Users/{{idUserOne}}", - "variables": [], - "multipart_form": [], "step_type": "request", - "auth": {}, + "skipped": false, "note": "Required Test: Verify that user was created", + "url": "{{SCIMBaseURL}}/Users/{{idUserOne}}", + "auth": {}, "headers": { "Accept-Charset": [ "utf-8" @@ -457,81 +461,213 @@ "OKTA SCIM Integration" ] }, + "method": "GET", + "multipart_form": [], "assertions": [ { "comparison": "equal_number", - "value": "200", - "source": "response_status" + "source": "response_status", + "value": "200" }, { "comparison": "equal", - "property": "userName", + "source": "response_json", "value": "{{randomUsername}}", - "source": "response_json" + "property": "userName" }, { "comparison": "equal", - "property": "name.familyName", + "source": "response_json", "value": "{{randomFamilyName}}", - "source": "response_json" + "property": "name.familyName" }, { "comparison": "equal", - "property": "name.givenName", + "source": "response_json", "value": "{{randomGivenName}}", - "source": "response_json" + "property": "name.givenName" } ], + "variables": [], "scripts": [], - "before_scripts": [], - "method": "GET" + "before_scripts": [] }, { "duration": 10, "step_type": "pause" }, { + "step_type": "request", + "skipped": false, + "note": "Required Test: Expect failure when recreating user with same values", "body": "{\"schemas\":[\"urn:ietf:params:scim:schemas:core:2.0:User\"],\"userName\":\"{{randomUsername}}\",\"name\":{\"givenName\":\"{{randomGivenName}}\",\"familyName\":\"{{randomFamilyName}}\"},\"emails\":[{\"primary\":true,\"value\":\"{{randomUsername}}\",\"type\":\"work\"}],\"displayName\":\"{{randomGivenName}} {{randomFamilyName}}\",\"active\":true}", "form": {}, + "multipart_form": [], + "headers": { + "Accept": [ + "application/scim+json; charset=utf-8" + ], + "Authorization": [ + "{{auth}}" + ], + "Content-Type": [ + "application/scim+json" + ] + }, + "auth": {}, + "method": "POST", "url": "{{SCIMBaseURL}}/Users", + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "409" + } + ], "variables": [], - "multipart_form": [], + "scripts": [], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { "step_type": "request", + "skipped": false, + "note": "Required Test: Username Case Sensitivity Check", + "url": "{{SCIMBaseURL}}/Users?filter=userName eq \"{{randomUsernameCaps}}\"", "auth": {}, - "note": "Required Test: Expect failure when recreating user with same values", "headers": { + "Accept-Charset": [ + "utf-8" + ], "Content-Type": [ - "application/json" + "application/scim+json; charset=utf-8" ], "Authorization": [ "{{auth}}" ], "Accept": [ - "application/scim+json; charset=utf-8" + "application/scim+json" + ], + "User-Agent": [ + "OKTA SCIM Integration" ] }, + "method": "GET", + "multipart_form": [], "assertions": [ { "comparison": "equal_number", - "value": "409", - "source": "response_status" + "source": "response_status", + "value": "200" } ], + "variables": [], "scripts": [], - "before_scripts": [], - "method": "POST" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { - "url": "{{SCIMBaseURL}}/Users?filter=userName eq \"{{randomUsernameCaps}}\"", - "variables": [], + "step_type": "request", + "skipped": false, + "note": "Required Test: Update User", + "body": "{\"schemas\":[\"urn:ietf:params:scim:schemas:core:2.0:User\"],\"id\":\"{{idUserOne}}\",\"userName\":\"{{randomUsername}}\",\"name\":{\"givenName\":\"{{randomGivenName}}\",\"familyName\":\"{{randomFamilyName}}\"},\"emails\":[{\"primary\":true,\"value\":\"{{randomEmail}}\",\"type\":\"work\"}],\"displayName\":\"{{randomGivenName}} {{randomFamilyName}}\",\"active\":true,\"phoneNumbers\": [{\"value\": \"555-555-5555\",\"type\": \"work\"}]}", + "form": {}, "multipart_form": [], + "headers": { + "Accept": [ + "application/scim+json; charset=utf-8" + ], + "Authorization": [ + "{{auth}}" + ], + "Content-Type": [ + "application/scim+json" + ] + }, + "auth": {}, + "method": "PUT", + "url": "{{SCIMBaseURL}}/Users/{{idUserOne}}", + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "200" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "true", + "property": "active" + }, + { + "comparison": "not_empty", + "source": "response_json", + "value": null, + "property": "id" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{randomFamilyName}}", + "property": "name.familyName" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{randomGivenName}}", + "property": "name.givenName" + }, + { + "comparison": "contains", + "source": "response_json", + "value": "urn:ietf:params:scim:schemas:core:2.0:User", + "property": "schemas" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{randomUsername}}", + "property": "userName" + }, + { + "comparison": "not_empty", + "source": "response_json", + "value": null, + "property": "phoneNumbers" + }, + { + "comparison": "not_empty", + "source": "response_json", + "value": null, + "property": "phoneNumbers[0].value" + }, + { + "comparison": "not_empty", + "source": "response_json", + "value": null, + "property": "phoneNumbers[0].type" + } + ], + "variables": [], + "scripts": [], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { "step_type": "request", + "skipped": false, + "note": "Optional Test: Verify Groups endpoint", + "url": "{{SCIMBaseURL}}/Groups", "auth": {}, - "note": "Required Test: Username Case Sensitivity Check", "headers": { "Accept-Charset": [ "utf-8" @@ -539,73 +675,408 @@ "Content-Type": [ "application/scim+json; charset=utf-8" ], + "Accept": [ + "application/scim+json" + ], "Authorization": [ "{{auth}}" ], + "User-Agent": [ + "OKTA SCIM Integration" + ] + }, + "method": "GET", + "multipart_form": [], + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "200" + }, + { + "comparison": "is_less_than", + "source": "response_time", + "value": "600" + } + ], + "variables": [], + "scripts": [ + "var data = JSON.parse(response.body);\nvar max = data.totalResults;\nvar res = data.Resources;\nvar exists = false;\n\nif (max === 0)\n\tassert(\"nogroups\", \"No Groups found in the endpoint\");\nelse if (max >= 1 && Array.isArray(res)) {\n exists = true;\n assert.ok(exists, \"Resources is of type Array\");\n\tlog(exists);\n}" + ], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { + "step_type": "request", + "skipped": false, + "note": "Optional Test: Create Group with members", + "body": "{\r\n \"schemas\": [\r\n \"urn:ietf:params:scim:schemas:core:2.0:Group\"\r\n ],\r\n \"displayName\": \"{{randomGroupName}}\",\r\n \"members\": [\r\n {\r\n \"value\": \"{{idUserOne}}\",\r\n \"display\": \"{{randomUserEmail}}\"\r\n }\r\n ]\r\n}", + "form": {}, + "multipart_form": [], + "headers": { "Accept": [ + "application/scim+json; charset=utf-8" + ], + "Authorization": [ + "{{auth}}" + ], + "Content-Type": [ "application/scim+json" ], "User-Agent": [ "OKTA SCIM Integration" ] }, + "auth": {}, + "method": "POST", + "url": "{{SCIMBaseURL}}/Groups", "assertions": [ { "comparison": "equal_number", - "value": "200", - "source": "response_status" + "source": "response_status", + "value": "201" + }, + { + "comparison": "is_less_than", + "source": "response_time", + "value": "600" + }, + { + "comparison": "not_empty", + "source": "response_json", + "value": null, + "property": "members" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{idUserOne}}", + "property": "members[0].value" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{randomUserEmail}}", + "property": "members[0].display" + } + ], + "variables": [ + { + "source": "response_json", + "name": "idGroupOne", + "property": "id" } ], "scripts": [], - "before_scripts": [], - "method": "GET" + "before_scripts": [] }, { "duration": 5, "step_type": "pause" }, { - "url": "{{SCIMBaseURL}}/Groups", - "variables": [], - "multipart_form": [], "step_type": "request", - "auth": {}, - "note": "Optional Test: Verify Groups endpoint", + "skipped": false, + "note": "Optional Test: Verify Group was created", + "multipart_form": [], "headers": { - "Accept-Charset": [ - "utf-8" + "Accept": [ + "application/scim+json; charset=utf-8" + ], + "Authorization": [ + "{{auth}}" ], "Content-Type": [ + "application/scim+json" + ], + "User-Agent": [ + "OKTA SCIM Integration" + ] + }, + "auth": {}, + "method": "GET", + "url": "{{SCIMBaseURL}}/Groups/{{idGroupOne}}", + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "200" + }, + { + "comparison": "is_less_than", + "source": "response_time", + "value": "600" + }, + { + "comparison": "not_empty", + "source": "response_json", + "value": null, + "property": "members" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{idUserOne}}", + "property": "members[0].value" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{randomUserEmail}}", + "property": "members[0].display" + } + ], + "variables": [], + "scripts": [], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { + "step_type": "request", + "skipped": false, + "note": "Optional Test: Remove User From Group ", + "body": "{\r\n \"schemas\": [\r\n \"urn:ietf:params:scim:api:messages:2.0:PatchOp\"\r\n ],\r\n \"Operations\": [\r\n {\r\n \"op\": \"remove\",\r\n \"path\": \"members[value eq \\\"{{idUserOne}}\\\"]\"\r\n }\r\n ]\r\n}", + "form": {}, + "multipart_form": [], + "headers": { + "Accept": [ "application/scim+json; charset=utf-8" ], + "Authorization": [ + "{{auth}}" + ], + "Content-Type": [ + "application/scim+json" + ], + "User-Agent": [ + "OKTA SCIM Integration" + ] + }, + "auth": {}, + "method": "PATCH", + "url": "{{SCIMBaseURL}}/Groups/{{idGroupOne}}", + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "200" + }, + { + "comparison": "is_less_than", + "source": "response_time", + "value": "600" + } + ], + "variables": [], + "scripts": [ + "var data = JSON.parse(response.body);\n// the non-script assertion 'isEmpty' checks if a string is empty, the ChaiJS version can handle arrays\nexpect(data.members).to.be.empty;" + ], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { + "step_type": "request", + "skipped": false, + "note": "Optional Test: Add User To Group", + "body": "{\r\n \"schemas\": [\r\n \"urn:ietf:params:scim:api:messages:2.0:PatchOp\"\r\n ],\r\n \"Operations\": [\r\n {\r\n \"op\": \"add\",\r\n \"path\": \"members\",\r\n \"value\": [\r\n {\r\n \"value\": \"{{idUserOne}}\",\r\n \"display\": \"{{randomUserEmail}}\"\r\n }\r\n ]\r\n }\r\n ]\r\n}", + "form": {}, + "multipart_form": [], + "headers": { "Accept": [ + "application/scim+json; charset=utf-8" + ], + "Authorization": [ + "{{auth}}" + ], + "Content-Type": [ "application/scim+json" ], + "User-Agent": [ + "OKTA SCIM Integration" + ] + }, + "auth": {}, + "method": "PATCH", + "url": "{{SCIMBaseURL}}/Groups/{{idGroupOne}}", + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "200" + }, + { + "comparison": "is_less_than", + "source": "response_time", + "value": "600" + }, + { + "comparison": "not_empty", + "source": "response_json", + "value": null, + "property": "members" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{idUserOne}}", + "property": "members[0].value" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "{{randomUserEmail}}", + "property": "members[0].display" + } + ], + "variables": [], + "scripts": [], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { + "step_type": "request", + "skipped": false, + "note": "Optional Test: Remove Group Members w/ PUT", + "body": "{\r\n \"schemas\": [\r\n \"urn:ietf:params:scim:schemas:core:2.0:Group\"\r\n ],\r\n \"displayName\": \"{{randomGroupName}}\",\r\n \"members\": [\r\n ]\r\n}", + "form": {}, + "multipart_form": [], + "headers": { + "Accept": [ + "application/scim+json; charset=utf-8" + ], "Authorization": [ "{{auth}}" ], + "Content-Type": [ + "application/scim+json" + ], "User-Agent": [ "OKTA SCIM Integration" ] }, + "auth": {}, + "method": "PUT", + "url": "{{SCIMBaseURL}}/Groups/{{idGroupOne}}", "assertions": [ { "comparison": "equal_number", - "value": "200", - "source": "response_status" + "source": "response_status", + "value": "200" }, { "comparison": "is_less_than", - "value": "600", - "source": "response_time" + "source": "response_time", + "value": "600" } ], + "variables": [], "scripts": [ - "var data = JSON.parse(response.body);\nvar max = data.totalResults;\nvar res = data.Resources;\nvar exists = false;\n\nif (max === 0)\n\tassert(\"nogroups\", \"No Groups found in the endpoint\");\nelse if (max >= 1 && Array.isArray(res)) {\n exists = true;\n assert.ok(exists, \"Resources is of type Array\");\n\tlog(exists);\n}" + "var data = JSON.parse(response.body);\n// the non-script assertion 'isEmpty' checks if a string is empty, the ChaiJS version can handle arrays\nexpect(data.members).to.be.empty;" + ], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { + "step_type": "request", + "skipped": false, + "note": "Optional Test: Delete Group", + "body": "", + "form": {}, + "multipart_form": [], + "headers": { + "Accept": [ + "application/scim+json; charset=utf-8" + ], + "Authorization": [ + "{{auth}}" + ], + "Content-Type": [ + "application/scim+json" + ], + "User-Agent": [ + "OKTA SCIM Integration" + ] + }, + "auth": {}, + "method": "DELETE", + "url": "{{SCIMBaseURL}}/Groups/{{idGroupOne}}", + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "204" + }, + { + "comparison": "is_less_than", + "source": "response_time", + "value": "600" + } + ], + "variables": [], + "scripts": [], + "before_scripts": [] + }, + { + "duration": 5, + "step_type": "pause" + }, + { + "step_type": "request", + "skipped": false, + "note": "Required Test: Deactivate User", + "body": "{\r\n \"schemas\": [\r\n \"urn:ietf:params:scim:api:messages:2.0:PatchOp\"\r\n ],\r\n \"Operations\": [\r\n {\r\n \"op\": \"replace\",\r\n \"value\": {\r\n \"active\": false\r\n }\r\n }\r\n ]\r\n}", + "form": {}, + "multipart_form": [], + "headers": { + "Accept": [ + "application/scim+json; charset=utf-8" + ], + "Authorization": [ + "{{auth}}" + ], + "Content-Type": [ + "application/scim+json" + ] + }, + "auth": {}, + "method": "PATCH", + "url": "{{SCIMBaseURL}}/Users/{{idUserOne}}", + "assertions": [ + { + "comparison": "equal_number", + "source": "response_status", + "value": "200" + }, + { + "comparison": "is_less_than", + "source": "response_time", + "value": "600" + }, + { + "comparison": "equal", + "source": "response_json", + "value": "false", + "property": "active" + } ], - "before_scripts": [], - "method": "GET" + "variables": [], + "scripts": [], + "before_scripts": [] } - ], - "description": "Basic tests to see if your SCIM server will work with Okta" + ] } From 871d0d3686f6318409b261d02ba68c8028db3f16 Mon Sep 17 00:00:00 2001 From: Brian Demers Date: Fri, 20 Jan 2023 13:37:23 -0500 Subject: [PATCH 2/3] Add OpenAPIv3 spec for Okta required SCIM endpoints --- .../SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml | 1193 +++++++++++++++++ 1 file changed, 1193 insertions(+) create mode 100644 packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml diff --git a/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml new file mode 100644 index 00000000000..28e62896f29 --- /dev/null +++ b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml @@ -0,0 +1,1193 @@ +openapi: 3.0.1 +info: + title: SCIM API + description: SCIM V2 API + version: 0.1.0 +servers: + - url: 'https://your-server/' +tags: + - name: SCIM V2 +paths: + /Users: + get: + tags: + - User + - OIN + - Custom Apps + summary: Search or list users + operationId: searchUsers + parameters: + - name: filter + in: query + description: Okta checks that the User object exists on the SCIM server through a GET method request with the `filter=userName` parameter (or any other filter parameter that was configured with the SCIM integration). This check is performed using the `eq` (equal) operator and is the only one necessary to successfully provision users with Okta. + schema: + type: string + - name: startIndex + in: query + description: start index (1-based) + schema: + type: integer + format: int32 + default: 1 + - name: count + in: query + description: page size + schema: + type: integer + format: int32 + default: 100 + responses: + 200: + description: successful operation + content: + application/scim+json: + schema: + $ref: '#/components/schemas/UserSearchResponse' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + post: + tags: + - User + - OIN + - Custom Apps + summary: Create a user. + operationId: createUser + requestBody: + description: A new user without 'id'. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/User' + application/json: + schema: + $ref: '#/components/schemas/User' + required: true + responses: + 201: + description: successfully created user + content: + application/scim+json: + schema: + $ref: '#/components/schemas/User' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 409: + description: duplicate email + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + /Users/{id}: + get: + tags: + - User + - OIN + - Custom Apps + summary: Get a user by id. + operationId: getUser + parameters: + - name: id + in: path + description: User id. + required: true + schema: + type: string + responses: + 200: + description: successful operation + content: + application/scim+json: + schema: + $ref: '#/components/schemas/User' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + put: + tags: + - User + - Custom Apps + summary: Fully update/replace a user. + operationId: updateUser + parameters: + - name: id + in: path + description: User id + required: true + schema: + type: string + requestBody: + description: An updated user. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/User' + application/json: + schema: + $ref: '#/components/schemas/User' + required: true + responses: + 200: + description: successfully updated a user + content: + application/scim+json: + schema: + $ref: '#/components/schemas/User' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 409: + description: duplicate email + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + patch: + tags: + - User + - OIN + summary: Partially update/patch a user. + operationId: patchUser + parameters: + - name: id + in: path + description: user id + required: true + schema: + type: string + requestBody: + description: Patch operations list. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Patch' + application/json: + schema: + $ref: '#/components/schemas/Patch' + required: false + responses: + 200: + description: successfully updated user + content: + application/scim+json: + schema: + $ref: '#/components/schemas/User' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 409: + description: duplicate email + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + /Groups: + get: + tags: + - Group + - OIN + - Custom Apps + summary: Search or list Groups + operationId: searchGroups + parameters: + - name: startIndex + in: query + description: start index (1-based) + schema: + type: integer + format: int32 + default: 1 + - name: count + in: query + description: page size + schema: + type: integer + format: int32 + default: 100 + responses: + 200: + description: successful operation + content: + application/scim+json: + schema: + $ref: '#/components/schemas/GroupSearchResponse' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + post: + tags: + - Group + - OIN + - Custom Apps + summary: Create a group. + operationId: createGroup + requestBody: + description: A new group without 'id'. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Group' + application/json: + schema: + $ref: '#/components/schemas/Group' + required: true + responses: + 201: + description: successfully created group + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Group' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 409: + description: duplicate email + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + /Groups/{id}: + get: + tags: + - Group + - OIN + - Custom Apps + summary: Get a group by id. + operationId: getGroup + parameters: + - name: id + in: path + description: Group id. + required: true + schema: + type: string + responses: + 200: + description: successful operation + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Group' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + put: + tags: + - Group + - Custom Apps + summary: Fully update/replace a group. + operationId: updateGroup + parameters: + - name: id + in: path + description: Group id + required: true + schema: + type: string + requestBody: + description: An updated group. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Group' + application/json: + schema: + $ref: '#/components/schemas/Group' + required: true + responses: + 200: + description: successfully updated a group + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Group' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + patch: + tags: + - Group + - OIN + summary: Partially update/patch a group. + operationId: patchGroup + parameters: + - name: id + in: path + description: group id + required: true + schema: + type: string + requestBody: + description: Patch operations list. + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Patch' + application/json: + schema: + $ref: '#/components/schemas/Patch' + required: false + responses: + 200: + description: successfully updated group + content: + application/scim+json: + schema: + $ref: '#/components/schemas/Group' + 400: + description: bad request + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + delete: + tags: + - Group + - OIN + - Custom Apps + summary: Delete a group. + operationId: deleteGroup + parameters: + - name: id + in: path + description: group id + required: true + schema: + type: string + responses: + 204: + description: successfully deleted + content: {} + 401: + description: authorization failure + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 403: + description: permissions denied + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 404: + description: not found + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 429: + description: too many requests + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' + 500: + description: internal server error + content: + application/scim+json: + schema: + $ref: '#/components/schemas/ErrorResponse' +components: + schemas: + Address: + type: object + properties: + formatted: + type: string + description: The full mailing address, formatted for display or use with a mailing label. This attribute MAY contain newlines. + streetAddress: + type: string + description: The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute MAY contain newlines. + locality: + type: string + description: The city or locality component. + region: + type: string + description: The state or region component. + postalCode: + type: string + description: The zip code or postal code component. + country: + type: string + description: The country name component. + type: + type: string + description: A label indicating the attribute's function, e.g., 'work' or 'home'. + enum: + - work + - home + - other + Email: + type: object + properties: + type: + type: string + description: A label indicating the attribute's function, e.g., 'work' or 'home'. + enum: + - work + - home + - other + value: + type: string + description: Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. + display: + type: string + description: A human-readable name, primarily used for display purposes. + primary: + type: boolean + description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'true' MUST appear no more than once. + EnterpriseUser: + type: object + properties: + employeeNumber: + type: string + description: Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization. + costCenter: + type: string + description: Identifies the name of a cost center. + organization: + type: string + description: Identifies the name of an organization. + division: + type: string + description: Identifies the name of a division. + department: + type: string + description: Identifies the name of a department. + manager: + $ref: '#/components/schemas/Manager' + Entitlement: + type: object + properties: + value: + type: string + description: The value of an entitlement. + display: + type: string + description: A human-readable name, primarily used or display purposes. + type: + type: string + description: A label indicating the attribute's function. + primary: + type: boolean + description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once. + ErrorResponse: + type: object + properties: + detail: + type: string + description: detail error message + schemas: + type: array + items: + type: string + enum: + - urn:ietf:params:scim:api:messages:2.0:Error + scimType: + type: string + description: bad request type when status code is 400 + enum: + - uniqueness + - tooMany + - mutability + - sensitive + - invalidSyntax + - invalidFilter + - invalidPath + - invalidValue + - invalidVers + - noTarget + status: + type: string + description: same as HTTP status code, e.g. 400, 401, etc. + Group: + required: + - schemas + - displayName + type: object + properties: + id: + type: string + description: A unique identifier for a SCIM resource as defined by the service provider. + readOnly: true + externalId: + type: string + description: A String that is an identifier for the resource as defined by the provisioning client. + displayName: + type: string + description: A human-readable name for the Group. + members: + type: array + description: A list of members of the Group. + items: + $ref: '#/components/schemas/GroupMembership' + schemas: + type: array + items: + type: string + enum: + - urn:ietf:params:scim:schemas:core:2.0:Group + meta: + $ref: '#/components/schemas/Meta' + GroupMembership: + type: object + properties: + value: + type: string + description: The identifier of the group. + readOnly: true + '$ref': + type: string + description: The URI corresponding to a SCIM resource that is a member of this Group. + readOnly: true + display: + type: string + description: A human-readable name, primarily used for display purposes. + readOnly: true + type: + type: string + description: A label indicating the attribute's function, e.g., 'direct'/'indirect', or 'User'/'Group'. + readOnly: true + GroupSearchResponse: + type: object + properties: + Resources: + type: array + description: Group search result. + items: + $ref: '#/components/schemas/Group' + itemsPerPage: + type: integer + format: int64 + schemas: + type: array + items: + type: string + enum: + - urn:ietf:params:scim:api:messages:2.0:ListResponse + startIndex: + type: integer + description: The 1-based index of the first result in the current set of list results. + format: int64 + totalResults: + type: integer + description: The total number of results returned by the list or query operation. + format: int64 + InstantMessageAddress: + type: object + properties: + value: + type: string + description: Instant messaging address for the User. + display: + type: string + description: A human-readable name, primarily used for display purposes. + type: + type: string + description: A label indicating the attribute's function, e.g., 'aim', 'gtalk', 'xmpp'. + enum: + - aim + - gtalk + - icq + - xmpp + - msn + - skype + - qq + - yahoo + primary: + type: boolean + description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred messenger or primary messenger. The primary attribute value 'true' MUST appear no more than once. + Meta: + type: object + properties: + created: + type: string + format: date-time + lastModified: + type: string + format: date-time + location: + type: string + description: resource location URI + resourceType: + type: string + enum: + - User + - Group + description: resource metadata + Manager: + type: object + description: The User's manager. A complex type that optionally allows service providers to represent organizational hierarchy by referencing the 'id' attribute of another User. + properties: + value: + type: string + description: The id of the SCIM resource representing the User's manager. + '$ref': + type: string + description: The URI of the SCIM resource representing the User's manager. + displayName: + type: string + description: The displayName of the User's manager. + readOnly: true + Name: + type: object + description: The components of the user's real name. + properties: + formatted: + type: string + description: The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., 'Ms. Barbara J Jensen, III'). + familyName: + type: string + description: The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III'). + givenName: + type: string + description: The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III'). + middleName: + type: string + description: The middle name(s) of the User (e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III'). + honorificPrefix: + type: string + description: The honorific prefix(es) of the User, or title in most Western languages (e.g., 'Ms.' given the full name 'Ms. Barbara J Jensen, III'). + honorificSuffix: + type: string + description: The honorific suffix(es) of the User, or suffix in most Western languages (e.g., 'III' given the full name 'Ms. Barbara J Jensen, III'). + Patch: + required: + - Operations + - schemas + type: object + properties: + Operations: + type: array + description: Patch operations list. + items: + $ref: '#/components/schemas/PatchOperation' + schemas: + type: array + items: + type: string + enum: + - urn:ietf:params:scim:api:messages:2.0:PatchOp + PatchOperation: + required: + - op + type: object + properties: + op: + type: string + enum: + - add + - replace + - remove + path: + type: string + description: The "path" attribute value is a String containing an attribute path describing the target of the operation. The "path" attribute is OPTIONAL for "add" and "replace" and is REQUIRED for "remove" operations. + value: + type: object + properties: {} + description: Corresponding 'value' of that field specified by 'path' + PhoneNumber: + type: object + properties: + type: + type: string + description: A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'. + enum: + - work + - mobile + - other + value: + type: string + description: Phone number of the User. + display: + type: string + description: A human-readable name, primarily used for display purposes. + primary: + type: boolean + description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred phone number or primary phone number. The primary attribute value 'true' MUST appear no more than once. + Photo: + type: object + properties: + type: + type: string + description: A label indicating the attribute's function, i.e., 'photo' or 'thumbnail'. + enum: + - photo + - thumbnail + value: + type: string + description: URL of a photo of the User. + primary: + type: boolean + description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred photo or thumbnail. The primary attribute value 'true' MUST appear no more than once. + display: + type: string + description: A human-readable name, primarily used for display purposes. + Role: + type: object + properties: + value: + type: string + description: The value of a role. + display: + type: string + description: A human-readable name, primarily used for display purposes. + type: + type: string + description: A label indicating the attribute's function. + primary: + type: boolean + description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once. + User: + required: + - schemas + - userName + type: object + properties: + active: + type: boolean + description: A Boolean value indicating the User's administrative status. + default: true + addresses: + type: array + description: A physical mailing address for this User. Canonical type values of 'work', 'home', and 'other'. + items: + $ref: '#/components/schemas/Address' + emails: + type: array + description: Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'. + items: + $ref: '#/components/schemas/Email' + externalId: + type: string + description: A String that is an identifier for the resource as defined by the provisioning client. + id: + type: string + description: A unique identifier for a SCIM resource as defined by the service provider. + readOnly: true + name: + $ref: '#/components/schemas/Name' + displayName: + type: string + description: The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known. + nickName: + type: string + description: The casual way to address the user in real life, e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or 'mpepperidge'). + profileUrl: + type: string + description: A fully qualified URL pointing to a page representing the User's online profile. + title: + type: string + description: The user's title, such as \"Vice President.\" + userType: + type: string + description: Used to identify the relationship between the organization and the user. Typical values used might be 'Contractor', 'Employee', 'Intern', 'Temp', 'External', and 'Unknown', but any value may be used. + preferredLanguage: + type: string + description: Indicates the User's preferred written or spoken language. Generally used for selecting a localized user interface; e.g., 'en_US' specifies the language English and country US. + locale: + type: string + description: Used to indicate the User's default location for purposes of localizing items such as currency, date time format, or numerical representations. + timezone: + type: string + description: The User's time zone in the 'Olson' time zone database format, e.g., 'America/Los_Angeles'. + password: + type: string + description: The User's cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. + phoneNumbers: + type: array + description: Phone numbers for the User. The value SHOULD be canonicalized by the service provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'. + items: + $ref: '#/components/schemas/PhoneNumber' + photos: + type: array + description: URLs of photos of the User. + items: + $ref: '#/components/schemas/Photo' + ims: + type: array + description: Instant messaging addresses for the User. + items: + $ref: '#/components/schemas/InstantMessageAddress' + groups: + type: array + description: A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated. + items: + $ref: '#/components/schemas/GroupMembership' + readOnly: true + entitlements: + type: array + description: A list of entitlements for the User that represent a thing the User has. + items: + $ref: '#/components/schemas/Entitlement' + roles: + type: array + description: A list of roles for the User that collectively represent who the User is, e.g., 'Student', 'Faculty'. + items: + $ref: '#/components/schemas/Role' + x509Certificates: + type: array + description: A list of certificates issued to the User. + items: + $ref: '#/components/schemas/X509Certificate' + schemas: + type: array + items: + type: string + enum: + - urn:ietf:params:scim:schemas:core:2.0:User + - urn:ietf:params:scim:schemas:extension:enterprise:2.0:User + 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User': + $ref: '#/components/schemas/EnterpriseUser' + userName: + type: string + description: Unique identifier for the User, typically used by the user to directly authenticate to the service provider. + meta: + $ref: '#/components/schemas/Meta' + UserSearchResponse: + type: object + properties: + Resources: + type: array + description: User search result. + items: + $ref: '#/components/schemas/User' + itemsPerPage: + type: integer + format: int64 + schemas: + type: array + items: + type: string + enum: + - urn:ietf:params:scim:api:messages:2.0:ListResponse + startIndex: + type: integer + description: The 1-based index of the first result in the current set of list results. + format: int64 + totalResults: + type: integer + description: The total number of results returned by the list or query operation. + format: int64 + X509Certificate: + type: object + properties: + value: + type: string + format: binary + description: The value of an X.509 certificate. + display: + type: string + description: A human-readable name, primarily used for display purposes. + type: + type: string + description: A label indicating the attribute's function. + primary: + type: boolean + description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once. From ebf5334252a162df58bcee3619a007742d952f22 Mon Sep 17 00:00:00 2001 From: Brian Demers Date: Mon, 23 Jan 2023 14:05:25 -0500 Subject: [PATCH 3/3] Add missing OIN tag --- .../public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml index 28e62896f29..01a053f1adf 100644 --- a/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml +++ b/packages/@okta/vuepress-site/.vuepress/public/standards/SCIM/SCIMFiles/SCIM-20-OPENAPI.yaml @@ -194,6 +194,7 @@ paths: put: tags: - User + - OIN - Custom Apps summary: Fully update/replace a user. operationId: updateUser