@boxyhq/saml-jackson 1.32.0 → 1.33.1-beta.1

package/dist/src/controller/api.js

@@ -0,0 +1,806 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import * as dbutils from '../db/utils';
+import * as metrics from '../opentelemetry/metrics';
+import { JacksonError } from './error';
+import { IndexNames, appID, transformConnections, transformConnection, isConnectionActive } from './utils';
+import oidcConnection from './connection/oidc';
+import samlConnection from './connection/saml';
+export class ConnectionAPIController {
+    constructor({ connectionStore, opts, eventController, oryController }) {
+        this.connectionStore = connectionStore;
+        this.opts = opts;
+        this.eventController = eventController;
+        this.oryController = oryController;
+    }
+    /**
+     * @swagger
+     * definitions:
+     *    Connection:
+     *      type: object
+     *      example:
+     *          {
+     *            "idpMetadata": {
+     *              "sso": {
+     *                "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxsso/saml",
+     *                "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxsso/saml"
+     *              },
+     *              "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
+     *              "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
+     *              "loginType": "idp",
+     *              "provider": "okta.com"
+     *            },
+     *            "defaultRedirectUrl": "https://hoppscotch.io/",
+     *            "redirectUrl": ["https://hoppscotch.io/"],
+     *            "tenant": "hoppscotch.io",
+     *            "product": "API Engine",
+     *            "name": "Hoppscotch-SP",
+     *            "description": "SP for hoppscotch.io",
+     *            "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
+     *            "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
+     *            "deactivated": false
+     *          }
+     *    validationErrorsPost:
+     *      description: Please provide rawMetadata or encodedRawMetadata | Please provide a defaultRedirectUrl | Please provide redirectUrl | redirectUrl is invalid | Exceeded maximum number of allowed redirect urls | defaultRedirectUrl is invalid | Please provide tenant | Please provide product | Please provide a friendly name | Description should not exceed 100 characters | Strategy: xxxx not supported | Please provide the clientId from OpenID Provider | Please provide the clientSecret from OpenID Provider | Please provide the discoveryUrl for the OpenID Provider
+     *
+     * parameters:
+     *   nameParamPost:
+     *     name: name
+     *     description: Name/identifier for the connection
+     *     type: string
+     *     in: formData
+     *   labelParamPost:
+     *     name: label
+     *     description: An internal label to identify the connection
+     *     type: string
+     *     in: formData
+     *   descriptionParamPost:
+     *     name: description
+     *     description: A short description for the connection not more than 100 characters
+     *     type: string
+     *     in: formData
+     *   encodedRawMetadataParamPost:
+     *     name: encodedRawMetadata
+     *     description: Base64 encoding of the XML metadata
+     *     in: formData
+     *     type: string
+     *   rawMetadataParamPost:
+     *     name: rawMetadata
+     *     description: Raw XML metadata
+     *     in: formData
+     *     type: string
+     *   metadataUrlParamPost:
+     *     name: metadataUrl
+     *     description: URL containing raw XML metadata
+     *     in: formData
+     *     type: string
+     *   defaultRedirectUrlParamPost:
+     *     name: defaultRedirectUrl
+     *     description: The redirect URL to use in the IdP login flow
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   redirectUrlParamPost:
+     *     name: redirectUrl
+     *     description: JSON encoded array containing a list of allowed redirect URLs
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   tenantParamPost:
+     *     name: tenant
+     *     description: Tenant
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   productParamPost:
+     *     name: product
+     *     description: Product
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   oidcDiscoveryUrlPost:
+     *     name: oidcDiscoveryUrl
+     *     description: well-known URL where the OpenID Provider configuration is exposed
+     *     in: formData
+     *     type: string
+     *   oidcMetadataPost:
+     *     name: oidcMetadata
+     *     description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
+     *     in: formData
+     *     type: string
+     *   oidcClientIdPost:
+     *     name: oidcClientId
+     *     description: clientId of the application set up on the OpenID Provider
+     *     in: formData
+     *     type: string
+     *   oidcClientSecretPost:
+     *     name: oidcClientSecret
+     *     description: clientSecret of the application set up on the OpenID Provider
+     *     in: formData
+     *     type: string
+     *   sortOrder:
+     *    name: sortOrder
+     *    description: Indicate the position of the connection in the IdP selection screen
+     *    in: formData
+     *    type: number
+     *    required: false
+     *   forceAuthn:
+     *     name: forceAuthn
+     *     description: Require a new authentication instead of reusing an existing session.
+     *     in: formData
+     *     type: boolean
+     *     required: false
+     * /api/v1/sso:
+     *   post:
+     *     summary: Create SSO connection
+     *     operationId: create-sso-connection
+     *     tags: [Single Sign-On]
+     *     produces:
+     *      - application/json
+     *     consumes:
+     *      - application/x-www-form-urlencoded
+     *      - application/json
+     *     parameters:
+     *      - $ref: '#/parameters/nameParamPost'
+     *      - $ref: '#/parameters/labelParamPost'
+     *      - $ref: '#/parameters/descriptionParamPost'
+     *      - $ref: '#/parameters/encodedRawMetadataParamPost'
+     *      - $ref: '#/parameters/rawMetadataParamPost'
+     *      - $ref: '#/parameters/metadataUrlParamPost'
+     *      - $ref: '#/parameters/defaultRedirectUrlParamPost'
+     *      - $ref: '#/parameters/redirectUrlParamPost'
+     *      - $ref: '#/parameters/tenantParamPost'
+     *      - $ref: '#/parameters/productParamPost'
+     *      - $ref: '#/parameters/oidcDiscoveryUrlPost'
+     *      - $ref: '#/parameters/oidcMetadataPost'
+     *      - $ref: '#/parameters/oidcClientIdPost'
+     *      - $ref: '#/parameters/oidcClientSecretPost'
+     *      - $ref: '#/parameters/sortOrder'
+     *      - $ref: '#/parameters/forceAuthn'
+     *     responses:
+     *       200:
+     *         description: Success
+     *         schema:
+     *           $ref: '#/definitions/Connection'
+     *       400:
+     *           $ref: '#/definitions/validationErrorsPost'
+     *       401:
+     *         description: Unauthorized
+     */
+    createSAMLConnection(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            metrics.increment('createConnection');
+            const connection = yield samlConnection.create(body, this.connectionStore, this.oryController);
+            yield this.eventController.notify('sso.created', connection);
+            return connection;
+        });
+    }
+    // For backwards compatibility
+    config(...args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.createSAMLConnection(...args);
+        });
+    }
+    createOIDCConnection(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            metrics.increment('createConnection');
+            if (!this.opts.oidcPath) {
+                throw new JacksonError('Please set OpenID response handler path (oidcPath) on Jackson', 500);
+            }
+            const connection = yield oidcConnection.create(body, this.connectionStore, this.oryController);
+            yield this.eventController.notify('sso.created', connection);
+            return connection;
+        });
+    }
+    /**
+     * @swagger
+     * definitions:
+     *   validationErrorsPatch:
+     *     description: Please provide clientID | Please provide clientSecret | clientSecret mismatch | Tenant/Product config mismatch with IdP metadata | Description should not exceed 100 characters| redirectUrl is invalid | Exceeded maximum number of allowed redirect urls | defaultRedirectUrl is invalid | Tenant/Product config mismatch with OIDC Provider metadata
+     * parameters:
+     *   clientIDParamPatch:
+     *     name: clientID
+     *     description: Client ID for the connection
+     *     type: string
+     *     in: formData
+     *     required: true
+     *   clientSecretParamPatch:
+     *     name: clientSecret
+     *     description: Client Secret for the connection
+     *     type: string
+     *     in: formData
+     *     required: true
+     *   tenantParamPatch:
+     *     name: tenant
+     *     description: Tenant
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   productParamPatch:
+     *     name: product
+     *     description: Product
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   nameParamPatch:
+     *     name: name
+     *     description: Name/identifier for the connection
+     *     type: string
+     *     in: formData
+     *   labelParamPatch:
+     *     name: label
+     *     description: An internal label to identify the connection
+     *     type: string
+     *     in: formData
+     *   descriptionParamPatch:
+     *     name: description
+     *     description: A short description for the connection not more than 100 characters
+     *     type: string
+     *     in: formData
+     *   encodedRawMetadataParamPatch:
+     *     name: encodedRawMetadata
+     *     description: Base64 encoding of the XML metadata
+     *     in: formData
+     *     type: string
+     *   rawMetadataParamPatch:
+     *     name: rawMetadata
+     *     description: Raw XML metadata
+     *     in: formData
+     *     type: string
+     *   metadataUrlParamPatch:
+     *     name: metadataUrl
+     *     description: URL containing raw XML metadata
+     *     in: formData
+     *     type: string
+     *   oidcDiscoveryUrlPatch:
+     *     name: oidcDiscoveryUrl
+     *     description: well-known URL where the OpenID Provider configuration is exposed
+     *     in: formData
+     *     type: string
+     *   oidcMetadataPatch:
+     *     name: oidcMetadata
+     *     description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
+     *     in: formData
+     *     type: string
+     *   oidcClientIdPatch:
+     *     name: oidcClientId
+     *     description: clientId of the application set up on the OpenID Provider
+     *     in: formData
+     *     type: string
+     *   oidcClientSecretPatch:
+     *     name: oidcClientSecret
+     *     description: clientSecret of the application set up on the OpenID Provider
+     *     in: formData
+     *     type: string
+     *   defaultRedirectUrlParamPatch:
+     *     name: defaultRedirectUrl
+     *     description: The redirect URL to use in the IdP login flow
+     *     in: formData
+     *     type: string
+     *   redirectUrlParamPatch:
+     *     name: redirectUrl
+     *     description: JSON encoded array containing a list of allowed redirect URLs
+     *     in: formData
+     *     type: string
+     *   deactivatedParamPatch:
+     *     name: deactivated
+     *     description: Connection status
+     *     in: formData
+     *     required: false
+     *     type: boolean
+     *   sortOrderParamPatch:
+     *     name: sortOrder
+     *     description: Indicate the position of the connection in the IdP selection screen
+     *     in: formData
+     *     type: number
+     *     required: false
+     *   forceAuthnParamPatch:
+     *     name: forceAuthn
+     *     description: Require a new authentication instead of reusing an existing session.
+     *     in: formData
+     *     type: boolean
+     *     required: false
+     * /api/v1/sso:
+     *   patch:
+     *     summary: Update SSO Connection
+     *     operationId: update-sso-connection
+     *     tags: [Single Sign-On]
+     *     consumes:
+     *       - application/json
+     *       - application/x-www-form-urlencoded
+     *     parameters:
+     *       - $ref: '#/parameters/clientIDParamPatch'
+     *       - $ref: '#/parameters/clientSecretParamPatch'
+     *       - $ref: '#/parameters/nameParamPatch'
+     *       - $ref: '#/parameters/labelParamPatch'
+     *       - $ref: '#/parameters/descriptionParamPatch'
+     *       - $ref: '#/parameters/encodedRawMetadataParamPatch'
+     *       - $ref: '#/parameters/rawMetadataParamPatch'
+     *       - $ref: '#/parameters/metadataUrlParamPatch'
+     *       - $ref: '#/parameters/oidcDiscoveryUrlPatch'
+     *       - $ref: '#/parameters/oidcMetadataPatch'
+     *       - $ref: '#/parameters/oidcClientIdPatch'
+     *       - $ref: '#/parameters/oidcClientSecretPatch'
+     *       - $ref: '#/parameters/defaultRedirectUrlParamPatch'
+     *       - $ref: '#/parameters/redirectUrlParamPatch'
+     *       - $ref: '#/parameters/tenantParamPatch'
+     *       - $ref: '#/parameters/productParamPatch'
+     *       - $ref: '#/parameters/deactivatedParamPatch'
+     *       - $ref: '#/parameters/sortOrderParamPatch'
+     *       - $ref: '#/parameters/forceAuthnParamPatch'
+     *     responses:
+     *       204:
+     *         description: Success
+     *       400:
+     *         $ref: '#/definitions/validationErrorsPatch'
+     *       401:
+     *         description: Unauthorized
+     *       500:
+     *         description: Please set OpenID response handler path (oidcPath) on Jackson
+     */
+    updateSAMLConnection(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const connection = yield samlConnection.update(body, this.connectionStore, this.getConnections.bind(this), this.oryController);
+            if ('deactivated' in body) {
+                if (isConnectionActive(connection)) {
+                    yield this.eventController.notify('sso.activated', connection);
+                }
+                else {
+                    yield this.eventController.notify('sso.deactivated', connection);
+                }
+            }
+        });
+    }
+    // For backwards compatibility
+    updateConfig(...args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.updateSAMLConnection(...args);
+        });
+    }
+    updateOIDCConnection(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.opts.oidcPath) {
+                throw new JacksonError('Please set OpenID response handler path (oidcPath) on Jackson', 500);
+            }
+            const connection = yield oidcConnection.update(body, this.connectionStore, this.getConnections.bind(this), this.oryController);
+            if ('deactivated' in body) {
+                if (isConnectionActive(connection)) {
+                    yield this.eventController.notify('sso.activated', connection);
+                }
+                else {
+                    yield this.eventController.notify('sso.deactivated', connection);
+                }
+            }
+        });
+    }
+    getIDPEntityID(body) {
+        const tenant = 'tenant' in body ? body.tenant : undefined;
+        const product = 'product' in body ? body.product : undefined;
+        if (!tenant || !product) {
+            throw new JacksonError('Please provide `tenant` and `product`.', 400);
+        }
+        else {
+            return `${this.opts.samlAudience}/${appID(tenant, product)}`;
+        }
+    }
+    /**
+     * @swagger
+     * parameters:
+     *  tenantParamGet:
+     *     in: query
+     *     name: tenant
+     *     type: string
+     *     description: Tenant (Optional if clientID provided)
+     *  productParamGet:
+     *     in: query
+     *     name: product
+     *     type: string
+     *     description: Product (Optional if clientID provided)
+     *  clientIDParamGet:
+     *     in: query
+     *     name: clientID
+     *     type: string
+     *     description: Client ID (Optional if tenant/product provided)
+     *  strategyParamGet:
+     *     in: query
+     *     name: strategy
+     *     type: string
+     *     description: Strategy which can help to filter connections with tenant/product query
+     *  sortParamGet:
+     *     in: query
+     *     name: sort
+     *     type: string
+     *     description: If present, the connections will be sorted by `sortOrder`. It won't consider if pagination is used.
+     * definitions:
+     *   Connection:
+     *      type: object
+     *      properties:
+     *        clientID:
+     *          type: string
+     *          description: Connection clientID
+     *        clientSecret:
+     *          type: string
+     *          description: Connection clientSecret
+     *        name:
+     *          type: string
+     *          description: Connection name
+     *        label:
+     *          type: string
+     *          description: Connection label
+     *        description:
+     *          type: string
+     *          description: Connection description
+     *        redirectUrl:
+     *          type: string
+     *          description: A list of allowed redirect URLs
+     *        defaultRedirectUrl:
+     *          type: string
+     *          description: The redirect URL to use in the IdP login flow
+     *        tenant:
+     *          type: string
+     *          description: Connection tenant
+     *        product:
+     *          type: string
+     *          description: Connection product
+     *        idpMetadata:
+     *          type: object
+     *          description: SAML IdP metadata
+     *        oidcProvider:
+     *          type: object
+     *          description: OIDC IdP metadata
+     *        deactivated:
+     *          type: boolean
+     *          description: Connection status
+     *        sortOrder:
+     *          type: number
+     *          description: Connection sort order
+     * responses:
+     *   '200Get':
+     *     description: Success
+     *     schema:
+     *       type: array
+     *       items:
+     *         $ref: '#/definitions/Connection'
+     *   '400Get':
+     *     description: Please provide `clientID` or `tenant` and `product`.
+     *   '401Get':
+     *     description: Unauthorized
+     * /api/v1/sso:
+     *   get:
+     *     summary: Get SSO Connections
+     *     parameters:
+     *       - $ref: '#/parameters/tenantParamGet'
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/clientIDParamGet'
+     *       - $ref: '#/parameters/strategyParamGet'
+     *       - $ref: '#/parameters/sortParamGet'
+     *     operationId: get-connections
+     *     tags: [Single Sign-On]
+     *     responses:
+     *      '200':
+     *        $ref: '#/responses/200Get'
+     *      '400':
+     *        $ref: '#/responses/400Get'
+     *      '401':
+     *        $ref: '#/responses/401Get'
+     */
+    getConnections(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const clientID = 'clientID' in body ? body.clientID : undefined;
+            const tenant = 'tenant' in body ? body.tenant : undefined;
+            const product = 'product' in body ? body.product : undefined;
+            const strategy = 'strategy' in body ? body.strategy : undefined;
+            const entityId = 'entityId' in body ? body.entityId : undefined;
+            metrics.increment('getConnections');
+            let connections = null;
+            // Fetch connections by entityId
+            if (entityId) {
+                const result = yield this.connectionStore.getByIndex({
+                    name: IndexNames.EntityID,
+                    value: entityId,
+                });
+                if (!result || typeof result !== 'object') {
+                    connections = [];
+                }
+                else {
+                    connections = result.data;
+                }
+            }
+            // Fetch connections by clientID
+            else if (clientID) {
+                const result = yield this.connectionStore.get(clientID);
+                if (!result || typeof result !== 'object') {
+                    connections = [];
+                }
+                else {
+                    connections = [result];
+                }
+            }
+            // Fetch connections by multiple tenants
+            else if (tenant && product && Array.isArray(tenant)) {
+                const tenants = tenant.filter((t) => t).filter((t, i, a) => a.indexOf(t) === i);
+                const result = yield Promise.all(tenants.map((t) => __awaiter(this, void 0, void 0, function* () {
+                    return this.connectionStore.getByIndex({
+                        name: IndexNames.TenantProduct,
+                        value: dbutils.keyFromParts(t, product),
+                    });
+                })));
+                if (!result || !result.length) {
+                    connections = [];
+                }
+                else {
+                    connections = result.flatMap((r) => r.data);
+                }
+            }
+            // Fetch connections by tenant and product
+            else if (tenant && product && !Array.isArray(tenant)) {
+                const result = yield this.connectionStore.getByIndex({
+                    name: IndexNames.TenantProduct,
+                    value: dbutils.keyFromParts(tenant, product),
+                });
+                if (!result || !result.data.length) {
+                    connections = [];
+                }
+                else {
+                    connections = result.data;
+                }
+                // Filter connections by strategy
+                if (connections && connections.length > 0 && strategy) {
+                    connections = connections.filter((connection) => {
+                        if (strategy === 'saml') {
+                            return 'idpMetadata' in connection;
+                        }
+                        if (strategy === 'oidc') {
+                            return 'oidcProvider' in connection;
+                        }
+                        return false;
+                    });
+                }
+            }
+            if (connections) {
+                const sort = 'sort' in body ? body.sort : false;
+                if (sort) {
+                    connections.sort((a, b) => (b.sortOrder || 0) - (a.sortOrder || 0));
+                }
+                return transformConnections(connections);
+            }
+            throw new JacksonError('Please provide `clientID` or `tenant` and `product`.', 400);
+        });
+    }
+    getConfig(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const clientID = 'clientID' in body ? body.clientID : undefined;
+            const tenant = 'tenant' in body ? body.tenant : undefined;
+            const product = 'product' in body ? body.product : undefined;
+            metrics.increment('getConnections');
+            if (clientID) {
+                const samlConfig = yield this.connectionStore.get(clientID);
+                return samlConfig || {};
+            }
+            if (tenant && product) {
+                const samlConfigs = (yield this.connectionStore.getByIndex({
+                    name: IndexNames.TenantProduct,
+                    value: dbutils.keyFromParts(tenant, product),
+                })).data;
+                if (!samlConfigs || !samlConfigs.length) {
+                    return {};
+                }
+                return Object.assign({}, samlConfigs[0]);
+            }
+            throw new JacksonError('Please provide `clientID` or `tenant` and `product`.', 400);
+        });
+    }
+    /**
+     * @swagger
+     * parameters:
+     *   clientIDDel:
+     *     name: clientID
+     *     in: query
+     *     type: string
+     *     description: Client ID (Optional if tenant/product provided)
+     *   clientSecretDel:
+     *     name: clientSecret
+     *     in: query
+     *     type: string
+     *     description: Client Secret (Optional if tenant/product provided)
+     *   tenantDel:
+     *     name: tenant
+     *     in: query
+     *     type: string
+     *     description: Tenant (Optional if clientID/Secret provided)
+     *   productDel:
+     *     name: product
+     *     in: query
+     *     type: string
+     *     description: Product (Optional if clientID/Secret provided)
+     *   strategyDel:
+     *     name: strategy
+     *     in: query
+     *     type: string
+     *     description: Strategy which can help to filter connections with tenant/product query
+     * /api/v1/sso:
+     *   delete:
+     *     parameters:
+     *      - $ref: '#/parameters/clientIDDel'
+     *      - $ref: '#/parameters/clientSecretDel'
+     *      - $ref: '#/parameters/tenantDel'
+     *      - $ref: '#/parameters/productDel'
+     *      - $ref: '#/parameters/strategyDel'
+     *     summary: Delete SSO Connections
+     *     operationId: delete-sso-connection
+     *     tags: [Single Sign-On]
+     *     responses:
+     *       '200':
+     *         description: Success
+     *       '400':
+     *         description: clientSecret mismatch | Please provide `clientID` and `clientSecret` or `tenant` and `product`.
+     *       '401':
+     *         description: Unauthorized
+     */
+    deleteConnections(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const clientID = 'clientID' in body ? body.clientID : undefined;
+            const clientSecret = 'clientSecret' in body ? body.clientSecret : undefined;
+            const tenant = 'tenant' in body ? body.tenant : undefined;
+            const product = 'product' in body ? body.product : undefined;
+            const strategy = 'strategy' in body ? body.strategy : undefined;
+            metrics.increment('deleteConnections');
+            if (clientID && clientSecret) {
+                const connection = yield this.connectionStore.get(clientID);
+                if (!connection) {
+                    return;
+                }
+                if (connection.clientSecret === clientSecret) {
+                    yield this.connectionStore.delete(clientID);
+                    yield this.eventController.notify('sso.deleted', transformConnection(connection));
+                }
+                else {
+                    throw new JacksonError('clientSecret mismatch', 400);
+                }
+                return;
+            }
+            if (tenant && product) {
+                const connections = (yield this.connectionStore.getByIndex({
+                    name: IndexNames.TenantProduct,
+                    value: dbutils.keyFromParts(tenant, product),
+                })).data;
+                if (!connections || !connections.length) {
+                    return;
+                }
+                // filter if strategy is passed
+                const filteredConnections = strategy
+                    ? connections.filter((connection) => {
+                        if (strategy === 'saml') {
+                            if (connection.idpMetadata) {
+                                return true;
+                            }
+                        }
+                        if (strategy === 'oidc') {
+                            if (connection.oidcProvider) {
+                                return true;
+                            }
+                        }
+                        return false;
+                    })
+                    : connections;
+                for (const conf of transformConnections(filteredConnections)) {
+                    yield this.connectionStore.delete(conf.clientID);
+                    yield this.eventController.notify('sso.deleted', conf);
+                }
+                return;
+            }
+            throw new JacksonError('Please provide `clientID` and `clientSecret` or `tenant` and `product`.', 400);
+        });
+    }
+    deleteConfig(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.deleteConnections(Object.assign(Object.assign({}, body), { strategy: 'saml' }));
+        });
+    }
+    /**
+     * @swagger
+     * parameters:
+     *  productParamGet:
+     *     in: query
+     *     name: product
+     *     type: string
+     *     description: Product
+     *     required: true
+     * definitions:
+     *   Connection:
+     *      type: object
+     *      properties:
+     *        clientID:
+     *          type: string
+     *          description: Connection clientID
+     *        clientSecret:
+     *          type: string
+     *          description: Connection clientSecret
+     *        name:
+     *          type: string
+     *          description: Connection name
+     *        description:
+     *          type: string
+     *          description: Connection description
+     *        redirectUrl:
+     *          type: string
+     *          description: A list of allowed redirect URLs
+     *        defaultRedirectUrl:
+     *          type: string
+     *          description: The redirect URL to use in the IdP login flow
+     *        tenant:
+     *          type: string
+     *          description: Connection tenant
+     *        product:
+     *          type: string
+     *          description: Connection product
+     *        idpMetadata:
+     *          type: object
+     *          description: SAML IdP metadata
+     *        oidcProvider:
+     *          type: object
+     *          description: OIDC IdP metadata
+     * responses:
+     *   '200GetByProduct':
+     *     description: Success
+     *     content:
+     *      application/json:
+     *         schema:
+     *           type: object
+     *           properties:
+     *             data:
+     *               type: array
+     *               items:
+     *                 $ref: '#/definitions/Connection'
+     *             pageToken:
+     *               type: string
+     *               description: token for pagination
+     *   '400Get':
+     *     description: Please provide a `product`.
+     *   '401Get':
+     *     description: Unauthorized
+     * /api/v1/sso/product:
+     *   get:
+     *     summary: Get SSO Connections by product
+     *     parameters:
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/pageOffset'
+     *       - $ref: '#/parameters/pageLimit'
+     *       - $ref: '#/parameters/pageToken'
+     *     operationId: get-connections-by-product
+     *     tags: [Single Sign-On]
+     *     responses:
+     *      '200':
+     *        $ref: '#/responses/200GetByProduct'
+     *      '400':
+     *        $ref: '#/responses/400Get'
+     *      '401':
+     *        $ref: '#/responses/401Get'
+     */
+    getConnectionsByProduct(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { product, pageOffset, pageLimit, pageToken } = body;
+            if (!product) {
+                throw new JacksonError('Please provide a `product`.', 400);
+            }
+            const connections = yield this.connectionStore.getByIndex({
+                name: IndexNames.Product,
+                value: product,
+            }, pageOffset, pageLimit, pageToken);
+            return { data: transformConnections(connections.data), pageToken };
+        });
+    }
+    getCount(idx) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield this.connectionStore.getCount(idx);
+        });
+    }
+}
+//# sourceMappingURL=api.js.map