scimitar 1.5.2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b55b1f0a0a700b57690cb05fc02241cf47f60a4ad8c92946a32366c90ee56d8c
-  data.tar.gz: a7143dcd7d1381250e66529c70288659a2018fb26fc16639c14ba796acc805d5
+  metadata.gz: 95a2166cc921a400959f9d8d4398f6bf8ecb772f8d7a0a0a73950892e85d808a
+  data.tar.gz: cdf5aab3812f10f69c96304e738a150f4208850267527b66d36eeb99548d7b1f
 SHA512:
-  metadata.gz: fb740b528770a918fc3237cabdc953affcde23fa7787cc9e9383a6d71b104e2d6325c2829545d367983a3bb64435179a0523b6d785d8e6d3eb7b2bfdb6c82748
-  data.tar.gz: 9f73bcafefbd7de57f258d1dc1c18e020b8dd7bca6330f7b288e308168daf7cb698051a9f2d4eaee9717139978df4e7a9fe854ba269ab94b2b46f1030d2ab9db
+  metadata.gz: f0925517599b107e44fd93db9be142aebe608892c2c5069c50d22b353c51238290710474b062a002fdb010be3d783c4dea3b314f72f47b4aca3c2385a8fc1377
+  data.tar.gz: eef6eebfc64bb2d4adabfca110f26e3a6c9e227f47387da6fb384925899ddf0ae260cf68176f24040a6bb356cf34f6576c920bd44264d4a1fee415aeadc237e6

data/app/controllers/scimitar/active_record_backed_resources_controller.rb

@@ -21,8 +21,6 @@ module Scimitar
 
     rescue_from ActiveRecord::RecordNotFound, with: :handle_resource_not_found # See Scimitar::ApplicationController
 
-    before_action :obtain_id_column_name_from_attribute_map
-
     # GET (list)
     #
     def index
@@ -39,13 +37,12 @@ module Scimitar
       pagination_info = scim_pagination_info(query.count())
 
       page_of_results = query
-        .order(@id_column => :asc)
         .offset(pagination_info.offset)
         .limit(pagination_info.limit)
         .to_a()
 
       super(pagination_info, page_of_results) do | record |
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record.id))
       end
     end
 
@@ -54,7 +51,7 @@ module Scimitar
     def show
       super do |record_id|
         record = self.find_record(record_id)
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record_id))
       end
     end
 
@@ -66,7 +63,7 @@ module Scimitar
           record = self.storage_class().new
           record.from_scim!(scim_hash: scim_resource.as_json())
           self.save!(record)
-          record_to_scim(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -79,7 +76,7 @@ module Scimitar
           record = self.find_record(record_id)
           record.from_scim!(scim_hash: scim_resource.as_json())
           self.save!(record)
-          record_to_scim(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -92,7 +89,7 @@ module Scimitar
           record = self.find_record(record_id)
           record.from_scim_patch!(patch_hash: patch_hash)
           self.save!(record)
-          record_to_scim(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -140,14 +137,7 @@ module Scimitar
       # +record_id+:: Record ID (SCIM schema 'id' value - "our" ID).
       #
       def find_record(record_id)
-        self.storage_scope().find_by!(@id_column => record_id)
-      end
-
-      # DRY up controller actions - pass a record; returns the SCIM
-      # representation, with a "show" location specified via #url_for.
-      #
-      def record_to_scim(record)
-        record.to_scim(location: url_for(action: :show, id: record.send(@id_column)))
+        self.storage_scope().find(record_id)
       end
 
       # Save a record, dealing with validation exceptions by raising SCIM
@@ -186,16 +176,5 @@ module Scimitar
         end
       end
 
-      # Called via +before_action+ - stores in @id_column the name of whatever
-      # model column is used to store the record ID, via
-      # Scimitar::Resources::Mixin::scim_attributes_map.
-      #
-      # Default is <tt>:id</tt>.
-      #
-      def obtain_id_column_name_from_attribute_map
-        attrs      = storage_class().scim_attributes_map() || {}
-        @id_column = attrs[:id] || :id
-      end
-
   end
 end

data/app/controllers/scimitar/application_controller.rb

@@ -25,12 +25,10 @@ module Scimitar
       #
       # ...to "globally" invoke this handler if you wish.
       #
+      # +_exception+:: Exception instance (currently unused).
       #
-      # +exception+:: Exception instance, used for a configured error reporter
-      #               via #handle_scim_error (if present).
-      #
-      def handle_resource_not_found(exception)
-        handle_scim_error(NotFoundError.new(params[:id]), exception)
+      def handle_resource_not_found(_exception)
+        handle_scim_error(NotFoundError.new(params[:id]))
       end
 
       # This base controller uses:
@@ -40,22 +38,9 @@ module Scimitar
       # ...to "globally" invoke this handler for all Scimitar errors (including
       # subclasses).
       #
-      # Mandatory parameters are:
-      #
       # +error_response+:: Scimitar::ErrorResponse (or subclass) instance.
       #
-      # Optional parameters are:
-      #
-      # *exception+:: If a Ruby exception was the reason this method is being
-      #               called, pass it here. Any configured exception reporting
-      #               mechanism will be invokved with the given parameter.
-      #               Otherwise, the +error_response+ value is reported.
-      #
-      def handle_scim_error(error_response, exception = error_response)
-        unless Scimitar.engine_configuration.exception_reporter.nil?
-          Scimitar.engine_configuration.exception_reporter.call(exception)
-        end
-
+      def handle_scim_error(error_response)
         render json: error_response, status: error_response.status
       end
 
@@ -70,7 +55,7 @@ module Scimitar
       # +exception+:: Exception instance.
       #
       def handle_bad_json_error(exception)
-        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"), exception)
+        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"))
       end
 
       # This base controller uses:
@@ -83,7 +68,7 @@ module Scimitar
       #
       def handle_unexpected_error(exception)
         Rails.logger.error("#{exception.message}\n#{exception.backtrace}")
-        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message), exception)
+        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message))
       end
 
     # =========================================================================
@@ -97,17 +82,12 @@ module Scimitar
       # request and subclass processing.
       #
       def require_scim
-        scim_mime_type = Mime::Type.lookup_by_extension(:scim).to_s
-
-        if request.media_type.nil? || request.media_type.empty?
-          request.format = :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
-        elsif request.media_type.downcase == scim_mime_type
+        if request.content_type&.downcase == Mime::Type.lookup_by_extension(:scim).to_s
           request.format = :scim
         elsif request.format == :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
+          request.headers['CONTENT_TYPE'] = Mime::Type.lookup_by_extension(:scim).to_s
         else
-          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{scim_mime_type} type is accepted."))
+          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{Mime::Type.lookup_by_extension(:scim)} type is accepted."))
         end
       end
 

data/app/models/scimitar/engine_configuration.rb

@@ -9,17 +9,13 @@ module Scimitar
 
     attr_accessor :basic_authenticator,
                   :token_authenticator,
-                  :application_controller_mixin,
-                  :exception_reporter,
-                  :optional_value_fields_required
+                  :application_controller_mixin
 
     def initialize(attributes = {})
 
-      # Set defaults that may be overridden by the initializer.
+      # No defaults yet - reserved for future use.
       #
-      defaults = {
-        optional_value_fields_required: true
-      }
+      defaults = {}
 
       super(defaults.merge(attributes))
     end

data/app/models/scimitar/error_response.rb

@@ -16,17 +16,5 @@ module Scimitar
       data['scimType'] = scimType if scimType
       data
     end
-
-    # Originally Scimitar used attribute "detail" for exception text; it was
-    # only for JSON responses at the time, but in hindsight was a bad choice.
-    # It should have been "message" given inheritance from StandardError, which
-    # then works properly with e.g. error reporting services.
-    #
-    # The "detail" attribute is still present, for backwards compatibility with
-    # any client code that might be using this class.
-    #
-    def message
-      self.detail
-    end
   end
 end

data/app/models/scimitar/errors.rb

@@ -1,6 +1,6 @@
 module Scimitar
   module Errors
-    def add_errors_from_hash(errors_hash, prefix: nil)
+    def add_errors_from_hash(errors_hash:, prefix: nil)
       errors_hash.each_pair do |key, value|
         new_key = prefix.nil? ? key : "#{prefix}.#{key}".to_sym
         if value.is_a?(Array)

data/app/models/scimitar/lists/query_parser.rb

@@ -78,7 +78,7 @@ module Scimitar
       #                   method's return value here.
       #
       def initialize(attribute_map)
-        @attribute_map = attribute_map.with_indifferent_case_insensitive_access()
+        @attribute_map = attribute_map
       end
 
       # Parse SCIM filter query into RPN stack
@@ -605,16 +605,6 @@ module Scimitar
 
           raise Scimitar::FilterError unless all_supported
 
-          unless case_sensitive
-            lc_scim_attribute = scim_attribute.downcase()
-
-            case_sensitive = (
-              lc_scim_attribute == 'id' ||
-              lc_scim_attribute == 'externalid' ||
-              lc_scim_attribute.start_with?('meta.')
-            )
-          end
-
           column_names.each.with_index do | column_name, index |
             arel_column    = arel_table[column_name]
             arel_operation = case scim_operator
@@ -643,7 +633,7 @@ module Scimitar
               when 'pr'
                 arel_table.grouping(arel_column.not_eq_all(['', nil]))
               else
-                raise Scimitar::FilterError.new("Unsupported operator: '#{scim_operator}'")
+                raise Scimitar::FilterError
             end
 
             if index == 0
@@ -666,10 +656,10 @@ module Scimitar
         # +scim_attribute+:: SCIM attribute from a filter string.
         #
         def activerecord_columns(scim_attribute)
-          raise Scimitar::FilterError.new("No scim_attribute provided") if scim_attribute.blank?
+          raise Scimitar::FilterError if scim_attribute.blank?
 
           mapped_attribute = self.attribute_map()[scim_attribute]
-          raise Scimitar::FilterError.new("Unable to find domain attribute from SCIM attribute: '#{scim_attribute}'") if mapped_attribute.blank?
+          raise Scimitar::FilterError if mapped_attribute.blank?
 
           if mapped_attribute[:ignore]
             return []

data/app/models/scimitar/resources/base.rb

@@ -138,7 +138,7 @@ module Scimitar
       end
 
       def as_json(options = {})
-        self.meta = Meta.new unless self.meta && self.meta.is_a?(Meta)
+        self.meta = Meta.new unless self.meta
         meta.resourceType = self.class.resource_type_id
         original_hash = super(options).except('errors')
         original_hash.merge!('schemas' => self.class.schemas.map(&:id))

data/app/models/scimitar/resources/mixin.rb

@@ -443,30 +443,9 @@ module Scimitar
               ci_scim_hash = { 'root' => ci_scim_hash }.with_indifferent_case_insensitive_access()
             end
 
-            # Handle extension schema. Contributed by @bettysteger and
-            # @MorrisFreeman via:
-            #
-            #   https://github.com/RIPAGlobal/scimitar/issues/48
-            #   https://github.com/RIPAGlobal/scimitar/pull/49
-            #
-            # Note the ":" separating the schema ID (URN) from the attribute.
-            # The nature of JSON rendering / other payloads might lead you to
-            # expect a "." as with any complex types, but that's not the case;
-            # see https://tools.ietf.org/html/rfc7644#section-3.10, or
-            # https://tools.ietf.org/html/rfc7644#section-3.5.2 of which in
-            # particular, https://tools.ietf.org/html/rfc7644#page-35.
-            #
-            paths = []
-            self.class.scim_resource_type.extended_schemas.each do |schema|
-              path_str.downcase.split(schema.id.downcase + ':').drop(1).each do |path|
-                paths += [schema.id] + path.split('.')
-              end
-            end
-            paths = path_str.split('.') if paths.empty?
-
             self.from_patch_backend!(
               nature:        nature,
-              path:          paths,
+              path:          (path_str || '').split('.'),
               value:         value,
               altering_hash: ci_scim_hash
             )
@@ -637,19 +616,7 @@ module Scimitar
                 attrs_map_or_leaf_value.each do | scim_attribute, sub_attrs_map_or_leaf_value |
                   next if scim_attribute&.to_s&.downcase == 'id' && path.empty?
 
-                  # Handle extension schema. Contributed by @bettysteger and
-                  # @MorrisFreeman via:
-                  #
-                  #   https://github.com/RIPAGlobal/scimitar/issues/48
-                  #   https://github.com/RIPAGlobal/scimitar/pull/49
-                  #
-                  attribute_tree = []
-                  resource_class.extended_schemas.each do |schema|
-                    attribute_tree << schema.id and break if schema.scim_attributes.any? { |attribute| attribute.name == scim_attribute.to_s }
-                  end
-                  attribute_tree << scim_attribute.to_s
-
-                  sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(*attribute_tree)
+                  sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(scim_attribute.to_s)
 
                   self.from_scim_backend!(
                     attrs_map_or_leaf_value: sub_attrs_map_or_leaf_value,
@@ -934,86 +901,10 @@ module Scimitar
                   else
                     altering_hash[path_component] = value
                   end
-
                 when 'replace'
-                  if path_component == 'root'
-                    altering_hash[path_component].merge!(value)
-                  else
-                    altering_hash[path_component] = value
-                  end
-
-                # The array check handles payloads seen from e.g. Microsoft for
-                # remove-user-from-group, where contrary to examples in the RFC
-                # which would imply "payload removes all users", there is the
-                # clear intent to remove just one.
-                #
-                # https://tools.ietf.org/html/rfc7644#section-3.5.2.2
-                # https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-remove-members
-                #
-                # Since remove-all in the face of remove-one is destructive, we
-                # do a special check here to see if there's an array value for
-                # the array path that the payload yielded. If so, we can match
-                # each value against array items and remove just those items.
-                #
-                # There is an additional special case to handle a bad example
-                # from Salesforce:
-                #
-                #   https://help.salesforce.com/s/articleView?id=sf.identity_scim_manage_groups.htm&type=5
-                #
+                  altering_hash[path_component] = value
                 when 'remove'
-                  if altering_hash[path_component].is_a?(Array) && value.present?
-
-                    # Handle bad Salesforce example. That might be simply a
-                    # documentation error, but just in case...
-                    #
-                    value = value.values.first if (
-                      path_component&.downcase == 'members' &&
-                      value.is_a?(Hash)                     &&
-                      value.keys.size == 1                  &&
-                      value.keys.first&.downcase == 'members'
-                    )
-
-                    # The Microsoft example provides an array of values, but we
-                    # may as well cope with a value specified 'flat'. Promote
-                    # such a thing to an Array to simplify the following code.
-                    #
-                    value = [value] unless value.is_a?(Array)
-
-                    # For each value item, delete matching array entries. The
-                    # concept of "matching" is:
-                    #
-                    # * For simple non-Hash values (if possible) just delete on
-                    #   an exact match
-                    #
-                    # * For Hash-based values, only delete if all 'patch' keys
-                    #   are present in the resource and all values thus match.
-                    #
-                    # Special case to ignore '$ref' from the Microsoft payload.
-                    #
-                    # Note coercion to strings to account for SCIM vs the usual
-                    # tricky case of underlying implementations with (say)
-                    # integer primary keys, which all end up as strings anyway.
-                    #
-                    value.each do | value_item |
-                      altering_hash[path_component].delete_if do | item |
-                        if item.is_a?(Hash) && value_item.is_a?(Hash)
-                          matched_all = true
-                          value_item.each do | value_key, value_value |
-                            next if value_key == '$ref'
-                            if ! item.key?(value_key) || item[value_key]&.to_s != value_value&.to_s
-                              matched_all = false
-                            end
-                          end
-                          matched_all
-                        else
-                          item&.to_s == value_item&.to_s
-                        end
-                      end
-                    end
-                  else
-                    altering_hash.delete(path_component)
-                  end
-
+                  altering_hash.delete(path_component)
               end
             end
           end

data/app/models/scimitar/schema/address.rb

@@ -10,7 +10,6 @@ module Scimitar
       def self.scim_attributes
         @scim_attributes ||= [
           Attribute.new(name: 'type',          type: 'string'),
-          Attribute.new(name: 'primary',       type: 'boolean'),
           Attribute.new(name: 'formatted',     type: 'string'),
           Attribute.new(name: 'streetAddress', type: 'string'),
           Attribute.new(name: 'locality',      type: 'string'),

data/app/models/scimitar/schema/attribute.rb

@@ -88,7 +88,7 @@ module Scimitar
         end
         value.class.schema.valid?(value)
         return true if value.errors.empty?
-        add_errors_from_hash(value.errors.to_hash, prefix: self.name)
+        add_errors_from_hash(errors_hash: value.errors.to_hash, prefix: self.name)
         false
       end
 

data/app/models/scimitar/schema/base.rb

@@ -26,7 +26,9 @@ module Scimitar
       #
       def self.valid?(resource)
         cloned_scim_attributes.each do |scim_attribute|
-          resource.add_errors_from_hash(scim_attribute.errors.to_hash) unless scim_attribute.valid?(resource.send(scim_attribute.name))
+          unless scim_attribute.valid?(resource.send(scim_attribute.name))
+            resource.add_errors_from_hash(errors_hash: scim_attribute.errors.to_hash)
+          end
         end
       end
 

data/app/models/scimitar/schema/vdtp.rb

@@ -7,7 +7,7 @@ module Scimitar
     class Vdtp < Base
       def self.scim_attributes
         @scim_attributes ||= [
-          Attribute.new(name: 'value',   type: 'string', required: Scimitar.engine_configuration.optional_value_fields_required),
+          Attribute.new(name: 'value',   type: 'string', required: true),
           Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
           Attribute.new(name: 'type',    type: 'string'),
           Attribute.new(name: 'primary', type: 'boolean'),

data/config/initializers/scimitar.rb

@@ -2,101 +2,85 @@
 #
 # For supporting information and rationale, please see README.md.
 
-# =============================================================================
-# SERVICE PROVIDER CONFIGURATION
-# =============================================================================
-#
-# This is a Ruby abstraction over a SCIM entity that declares the capabilities
-# supported by a particular implementation.
-#
-# Typically this is used to declare parts of the standard unsupported, if you
-# don't need them and don't want to provide subclass support.
-#
-Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
+Rails.application.config.to_prepare do # (required for >= Rails 7 / Zeitwerk)
 
-  # See https://tools.ietf.org/html/rfc7643#section-8.5 for properties.
+  # ===========================================================================
+  # SERVICE PROVIDER CONFIGURATION
+  # ===========================================================================
   #
-  # See Gem source file 'app/models/scimitar/service_provider_configuration.rb'
-  # for defaults. Define Hash keys here that override defaults; e.g. to declare
-  # that filters are not supported so that calling clients shouldn't use them:
+  # This is a Ruby abstraction over a SCIM entity that declares the
+  # capabilities supported by a particular implementation.
   #
-  #   filter: Scimitar::Supported.unsupported
+  # Typically this is used to declare parts of the standard unsupported, if you
+  # don't need them and don't want to provide subclass support.
+  #
+  Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
 
-})
+    # See https://tools.ietf.org/html/rfc7643#section-8.5 for properties.
+    #
+    # See Gem file 'app/models/scimitar/service_provider_configuration.rb'
+    # for defaults. Define Hash keys here that override defaults; e.g. to
+    # declare that filters are not supported so that calling clients shouldn't
+    # use them:
+    #
+    #   filter: Scimitar::Supported.unsupported
 
-# =============================================================================
-# ENGINE CONFIGURATION
-# =============================================================================
-#
-# This is where you provide callbacks for things like authorisation or mixins
-# that get included into all Scimitar-derived controllers (for things like
-# before-actions that apply to all Scimitar controller-based routes).
-#
-Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
+  })
 
-  # If you have filters you want to run for any Scimitar action/route, you can
-  # define them here. For example, you might use a before-action to set up some
-  # multi-tenancy related state, or skip Rails CSRF token verification/
-  #
-  # For example:
-  #
-  #     application_controller_mixin: Module.new do
-  #       def self.included(base)
-  #         base.class_eval do
+  # ===========================================================================
+  # ENGINE CONFIGURATION
+  # ===========================================================================
   #
-  #           # Anything here is written just as you'd write it at the top of
-  #           # one of your controller classes, but it gets included in all
-  #           # Scimitar classes too.
+  # This is where you provide callbacks for things like authorisation or mixins
+  # that get included into all Scimitar-derived controllers (for things like
+  # before-actions that apply to all Scimitar controller-based routes).
   #
-  #           skip_before_action    :verify_authenticity_token
-  #           prepend_before_action :setup_some_kind_of_multi_tenancy_data
-  #         end
-  #       end
-  #     end, # ...other configuration entries might follow...
+  Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
 
-  # If you want to support username/password authentication:
-  #
-  #     basic_authenticator: Proc.new do | username, password |
-  #       # Check username/password and return 'true' if valid, else 'false'.
-  #     end, # ...other configuration entries might follow...
-  #
-  # The 'username' and 'password' parameters come from Rails:
-  #
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic/ControllerMethods.html#method-i-authenticate_with_http_basic
+    # If you have filters you want to run for any Scimitar action/route, you
+    # can define them here. For example, you might use a before-action to set
+    # up some multi-tenancy related state, or skip Rails CSRF token
+    # verification. For example:
+    #
+    #     application_controller_mixin: Module.new do
+    #       def self.included(base)
+    #         base.class_eval do
+    #
+    #           # Anything here is written just as you'd write it at the top of
+    #           # one of your controller classes, but it gets included in all
+    #           # Scimitar classes too.
+    #
+    #           skip_before_action    :verify_authenticity_token
+    #           prepend_before_action :setup_some_kind_of_multi_tenancy_data
+    #         end
+    #       end
+    #     end, # ...other configuration entries might follow...
 
-  # If you want to support HTTP bearer token (OAuth-style) authentication:
-  #
-  #     token_authenticator: Proc.new do | token, options |
-  #       # Check token and return 'true' if valid, else 'false'.
-  #     end, # ...other configuration entries might follow...
-  #
-  # The 'token' and 'options' parameters come from Rails:
-  #
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token/ControllerMethods.html#method-i-authenticate_with_http_token
-  #
-  # Note that both basic and token authentication can be declared, with the
-  # parameters in the inbound HTTP request determining which is invoked.
+    # If you want to support username/password authentication:
+    #
+    #     basic_authenticator: Proc.new do | username, password |
+    #       # Check username/password and return 'true' if valid, else 'false'.
+    #     end, # ...other configuration entries might follow...
+    #
+    # The 'username' and 'password' parameters come from Rails:
+    #
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic/ControllerMethods.html#method-i-authenticate_with_http_basic
 
-  # Scimitar rescues certain error cases and exceptions, in order to return a
-  # JSON response to the API caller. If you want exceptions to also be
-  # reported to a third party system such as sentry.io or raygun.com, you can
-  # configure a Proc to do so. It is passed a Ruby exception subclass object.
-  # For example, a minimal sentry.io reporter might do this:
-  #
-  #     exception_reporter: Proc.new do | exception |
-  #       Sentry.capture_exception(exception)
-  #     end
-  #
-  # You will still need to configure your reporting system according to its
-  # documentation (e.g. via a Rails "config/initializers/<foo>.rb" file).
+    # If you want to support HTTP bearer token (OAuth-style) authentication:
+    #
+    #     token_authenticator: Proc.new do | token, options |
+    #       # Check token and return 'true' if valid, else 'false'.
+    #     end, # ...other configuration entries might follow...
+    #
+    # The 'token' and 'options' parameters come from Rails:
+    #
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token/ControllerMethods.html#method-i-authenticate_with_http_token
+    #
+    # Note that both basic and token authentication can be declared, with the
+    # parameters in the inbound HTTP request determining which is invoked.
 
-  # Scimilar treats "VDTP" (Value, Display, Type, Primary) attribute values,
-  # used for e.g. e-mail addresses or phone numbers, as required by default.
-  # If you encounter a service which calls these with e.g. "null" value data,
-  # you can configure all values to be optional. You'll need to deal with
-  # whatever that means for you receiving system in your model code.
-  #
-  #     optional_value_fields_required: false
-})
+  })
+
+end