@boxyhq/saml-jackson 1.36.0 → 1.37.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/dist/controller/api.d.ts +524 -475
  2. package/dist/controller/api.js +527 -479
  3. package/dist/controller/api.js.map +1 -1
  4. package/dist/controller/connection/oidc.d.ts +3 -2
  5. package/dist/controller/connection/oidc.js +26 -2
  6. package/dist/controller/connection/oidc.js.map +1 -1
  7. package/dist/controller/connection/saml.d.ts +3 -2
  8. package/dist/controller/connection/saml.js +26 -2
  9. package/dist/controller/connection/saml.js.map +1 -1
  10. package/dist/controller/oauth.d.ts +88 -87
  11. package/dist/controller/oauth.js +146 -101
  12. package/dist/controller/oauth.js.map +1 -1
  13. package/dist/controller/setup-link.d.ts +343 -234
  14. package/dist/controller/setup-link.js +343 -234
  15. package/dist/controller/setup-link.js.map +1 -1
  16. package/dist/db/sql/sql.js +3 -3
  17. package/dist/db/sql/sql.js.map +1 -1
  18. package/dist/directory-sync/scim/DirectoryConfig.d.ts +265 -224
  19. package/dist/directory-sync/scim/DirectoryConfig.js +266 -225
  20. package/dist/directory-sync/scim/DirectoryConfig.js.map +1 -1
  21. package/dist/directory-sync/scim/Groups.d.ts +82 -87
  22. package/dist/directory-sync/scim/Groups.js +82 -87
  23. package/dist/directory-sync/scim/Groups.js.map +1 -1
  24. package/dist/directory-sync/scim/Users.d.ts +63 -49
  25. package/dist/directory-sync/scim/Users.js +63 -49
  26. package/dist/directory-sync/scim/Users.js.map +1 -1
  27. package/dist/directory-sync/scim/WebhookEventsLogger.d.ts +52 -61
  28. package/dist/directory-sync/scim/WebhookEventsLogger.js +52 -61
  29. package/dist/directory-sync/scim/WebhookEventsLogger.js.map +1 -1
  30. package/dist/directory-sync/types.d.ts +1 -1
  31. package/dist/directory-sync/types.js +1 -1
  32. package/dist/directory-sync/types.js.map +1 -1
  33. package/dist/ee/identity-federation/app.d.ts +292 -212
  34. package/dist/ee/identity-federation/app.js +294 -214
  35. package/dist/ee/identity-federation/app.js.map +1 -1
  36. package/dist/ee/identity-federation/idp-login.js +1 -1
  37. package/dist/ee/identity-federation/idp-login.js.map +1 -1
  38. package/dist/ee/ory/ory.d.ts +18 -0
  39. package/dist/ee/ory/ory.js +202 -0
  40. package/dist/ee/ory/ory.js.map +1 -0
  41. package/dist/ee/product/index.d.ts +2 -2
  42. package/dist/ee/product/index.js +1 -1
  43. package/dist/ee/product/index.js.map +1 -1
  44. package/dist/index.js +7 -1
  45. package/dist/index.js.map +1 -1
  46. package/dist/sso-traces/index.d.ts +67 -66
  47. package/dist/sso-traces/index.js +67 -66
  48. package/dist/sso-traces/index.js.map +1 -1
  49. package/dist/sso-traces/types.d.ts +1 -0
  50. package/dist/typings.d.ts +7 -0
  51. package/package.json +11 -11
package/dist/controller/api.js CHANGED
@@ -53,169 +53,324 @@ const utils_1 = require("./utils");
53
53
  const oidc_1 = __importDefault(require("./connection/oidc"));
54
54
  const saml_1 = __importDefault(require("./connection/saml"));
55
55
  class ConnectionAPIController {
56
- constructor({ connectionStore, opts, eventController }) {
56
+ constructor({ connectionStore, opts, eventController, oryController }) {
57
57
  this.connectionStore = connectionStore;
58
58
  this.opts = opts;
59
59
  this.eventController = eventController;
60
+ this.oryController = oryController;
60
61
  }
61
62
  /**
62
- * @swagger
63
- * definitions:
64
- * Connection:
65
- * type: object
66
- * example:
67
- * {
68
- * "idpMetadata": {
69
- * "sso": {
70
- * "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxsso/saml",
71
- * "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxsso/saml"
72
- * },
73
- * "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
74
- * "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
75
- * "loginType": "idp",
76
- * "provider": "okta.com"
77
- * },
78
- * "defaultRedirectUrl": "https://hoppscotch.io/",
79
- * "redirectUrl": ["https://hoppscotch.io/"],
80
- * "tenant": "hoppscotch.io",
81
- * "product": "API Engine",
82
- * "name": "Hoppscotch-SP",
83
- * "description": "SP for hoppscotch.io",
84
- * "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
85
- * "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
86
- * "deactivated": false
87
- * }
88
- * validationErrorsPost:
89
- * description: Please provide rawMetadata or encodedRawMetadata | Please provide a defaultRedirectUrl | Please provide redirectUrl | redirectUrl is invalid | Exceeded maximum number of allowed redirect urls | defaultRedirectUrl is invalid | Please provide tenant | Please provide product | Please provide a friendly name | Description should not exceed 100 characters | Strategy: xxxx not supported | Please provide the clientId from OpenID Provider | Please provide the clientSecret from OpenID Provider | Please provide the discoveryUrl for the OpenID Provider
63
+ * @openapi
64
+ * components:
65
+ * schemas:
66
+ * Connection:
67
+ * type: object
68
+ * properties:
69
+ * clientID:
70
+ * type: string
71
+ * description: Connection clientID
72
+ * clientSecret:
73
+ * type: string
74
+ * description: Connection clientSecret
75
+ * name:
76
+ * type: string
77
+ * description: Connection name
78
+ * label:
79
+ * type: string
80
+ * description: Connection label
81
+ * description:
82
+ * type: string
83
+ * description: Connection description
84
+ * redirectUrl:
85
+ * type: array
86
+ * items:
87
+ * type: string
88
+ * description: A list of allowed redirect URLs
89
+ * defaultRedirectUrl:
90
+ * type: string
91
+ * description: The redirect URL to use in the IdP login flow
92
+ * tenant:
93
+ * type: string
94
+ * description: Connection tenant
95
+ * product:
96
+ * type: string
97
+ * description: Connection product
98
+ * idpMetadata:
99
+ * type: object
100
+ * properties: {}
101
+ * description: SAML IdP metadata
102
+ * oidcProvider:
103
+ * type: object
104
+ * properties: {}
105
+ * description: OIDC IdP metadata
106
+ * deactivated:
107
+ * type: boolean
108
+ * description: Connection status
109
+ * sortOrder:
110
+ * type: number
111
+ * description: Connection sort order
112
+ * example:
113
+ * idpMetadata:
114
+ * sso:
115
+ * postUrl: https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxsso/saml
116
+ * redirectUrl: https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxsso/saml
117
+ * entityID: http://www.okta.com/xxxxxxxxxxxxx
118
+ * thumbprint: Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad
119
+ * loginType: idp
120
+ * provider: okta.com
121
+ * defaultRedirectUrl: https://hoppscotch.io/
122
+ * redirectUrl:
123
+ * - https://hoppscotch.io/
124
+ * tenant: hoppscotch.io
125
+ * product: API Engine
126
+ * name: Hoppscotch-SP
127
+ * description: SP for hoppscotch.io
128
+ * clientID: Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk
129
+ * clientSecret: 00e3e11a3426f97d8000000738300009130cd45419c5943
130
+ * deactivated: false
131
+ * validationErrorsPost:
132
+ * description: Please provide rawMetadata or encodedRawMetadata | Please provide a defaultRedirectUrl | Please provide redirectUrl | redirectUrl is invalid | Exceeded maximum number of allowed redirect urls | defaultRedirectUrl is invalid | Please provide tenant | Please provide product | Please provide a friendly name | Description should not exceed 100 characters | Strategy: xxxx not supported | Please provide the clientId from OpenID Provider | Please provide the clientSecret from OpenID Provider | Please provide the discoveryUrl for the OpenID Provider
133
+ * validationErrorsPatch:
134
+ * description: Please provide clientID | Please provide clientSecret | clientSecret mismatch | Tenant/Product config mismatch with IdP metadata | Description should not exceed 100 characters| redirectUrl is invalid | Exceeded maximum number of allowed redirect urls | defaultRedirectUrl is invalid | Tenant/Product config mismatch with OIDC Provider metadata
135
+ * responses:
136
+ * 200Get:
137
+ * description: Success
138
+ * content:
139
+ * application/json:
140
+ * schema:
141
+ * type: array
142
+ * items:
143
+ * $ref: "#/components/schemas/Connection"
144
+ * 400Get:
145
+ * description: Please provide a `product`.
146
+ * content: {}
147
+ * 401Get:
148
+ * description: Unauthorized
149
+ * content: {}
150
+ * 200GetByProduct:
151
+ * description: Success
152
+ * content:
153
+ * application/json:
154
+ * schema:
155
+ * type: array
156
+ * items:
157
+ * $ref: "#/components/schemas/Connection"
158
+ * parameters:
159
+ * tenantParamGet:
160
+ * name: tenant
161
+ * in: query
162
+ * description: Tenant
163
+ * required: true
164
+ * schema:
165
+ * type: string
166
+ * productParamGet:
167
+ * name: product
168
+ * in: query
169
+ * description: Product
170
+ * required: true
171
+ * schema:
172
+ * type: string
173
+ * clientIDParamGet:
174
+ * name: clientID
175
+ * in: query
176
+ * description: Client ID (Optional if tenant/product provided)
177
+ * schema:
178
+ * type: string
179
+ * strategyParamGet:
180
+ * name: strategy
181
+ * in: query
182
+ * description: Strategy which can help to filter connections with tenant/product query
183
+ * schema:
184
+ * type: string
185
+ * sortParamGet:
186
+ * name: sort
187
+ * in: query
188
+ * description: If present, the connections will be sorted by `sortOrder`. It won't consider if pagination is used.
189
+ * schema:
190
+ * type: string
191
+ * clientIDDel:
192
+ * name: clientID
193
+ * in: query
194
+ * description: Client ID (Optional if tenant/product provided)
195
+ * schema:
196
+ * type: string
197
+ * clientSecretDel:
198
+ * name: clientSecret
199
+ * in: query
200
+ * description: Client Secret (Optional if tenant/product provided)
201
+ * schema:
202
+ * type: string
203
+ * tenantDel:
204
+ * name: tenant
205
+ * in: query
206
+ * description: Tenant (Optional if clientID/Secret provided)
207
+ * schema:
208
+ * type: string
209
+ * productDel:
210
+ * name: product
211
+ * in: query
212
+ * description: Product (Optional if clientID/Secret provided)
213
+ * schema:
214
+ * type: string
215
+ * strategyDel:
216
+ * name: strategy
217
+ * in: query
218
+ * description: Strategy which can help to filter connections with tenant/product query
219
+ * schema:
220
+ * type: string
221
+ * securitySchemes:
222
+ * apiKey:
223
+ * type: apiKey
224
+ * name: Authorization
225
+ * in: header
90
226
  *
91
- * parameters:
92
- * nameParamPost:
93
- * name: name
94
- * description: Name/identifier for the connection
95
- * type: string
96
- * in: formData
97
- * labelParamPost:
98
- * name: label
99
- * description: An internal label to identify the connection
100
- * type: string
101
- * in: formData
102
- * descriptionParamPost:
103
- * name: description
104
- * description: A short description for the connection not more than 100 characters
105
- * type: string
106
- * in: formData
107
- * encodedRawMetadataParamPost:
108
- * name: encodedRawMetadata
109
- * description: Base64 encoding of the XML metadata
110
- * in: formData
111
- * type: string
112
- * rawMetadataParamPost:
113
- * name: rawMetadata
114
- * description: Raw XML metadata
115
- * in: formData
116
- * type: string
117
- * metadataUrlParamPost:
118
- * name: metadataUrl
119
- * description: URL containing raw XML metadata
120
- * in: formData
121
- * type: string
122
- * defaultRedirectUrlParamPost:
123
- * name: defaultRedirectUrl
124
- * description: The redirect URL to use in the IdP login flow
125
- * in: formData
126
- * required: true
127
- * type: string
128
- * redirectUrlParamPost:
129
- * name: redirectUrl
130
- * description: JSON encoded array containing a list of allowed redirect URLs
131
- * in: formData
132
- * required: true
133
- * type: string
134
- * tenantParamPost:
135
- * name: tenant
136
- * description: Tenant
137
- * in: formData
138
- * required: true
139
- * type: string
140
- * productParamPost:
141
- * name: product
142
- * description: Product
143
- * in: formData
144
- * required: true
145
- * type: string
146
- * oidcDiscoveryUrlPost:
147
- * name: oidcDiscoveryUrl
148
- * description: well-known URL where the OpenID Provider configuration is exposed
149
- * in: formData
150
- * type: string
151
- * oidcMetadataPost:
152
- * name: oidcMetadata
153
- * description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
154
- * in: formData
155
- * type: string
156
- * oidcClientIdPost:
157
- * name: oidcClientId
158
- * description: clientId of the application set up on the OpenID Provider
159
- * in: formData
160
- * type: string
161
- * oidcClientSecretPost:
162
- * name: oidcClientSecret
163
- * description: clientSecret of the application set up on the OpenID Provider
164
- * in: formData
165
- * type: string
166
- * sortOrder:
167
- * name: sortOrder
168
- * description: Indicate the position of the connection in the IdP selection screen
169
- * in: formData
170
- * type: number
171
- * required: false
172
- * forceAuthn:
173
- * name: forceAuthn
174
- * description: Require a new authentication instead of reusing an existing session.
175
- * in: formData
176
- * type: boolean
177
- * required: false
227
+ */
228
+ /**
229
+ *
230
+ * @openapi
178
231
  * /api/v1/sso:
179
232
  * post:
233
+ * tags:
234
+ * - Single Sign-On
180
235
  * summary: Create SSO connection
181
236
  * operationId: create-sso-connection
182
- * tags: [Single Sign-On]
183
- * produces:
184
- * - application/json
185
- * consumes:
186
- * - application/x-www-form-urlencoded
187
- * - application/json
188
- * parameters:
189
- * - $ref: '#/parameters/nameParamPost'
190
- * - $ref: '#/parameters/labelParamPost'
191
- * - $ref: '#/parameters/descriptionParamPost'
192
- * - $ref: '#/parameters/encodedRawMetadataParamPost'
193
- * - $ref: '#/parameters/rawMetadataParamPost'
194
- * - $ref: '#/parameters/metadataUrlParamPost'
195
- * - $ref: '#/parameters/defaultRedirectUrlParamPost'
196
- * - $ref: '#/parameters/redirectUrlParamPost'
197
- * - $ref: '#/parameters/tenantParamPost'
198
- * - $ref: '#/parameters/productParamPost'
199
- * - $ref: '#/parameters/oidcDiscoveryUrlPost'
200
- * - $ref: '#/parameters/oidcMetadataPost'
201
- * - $ref: '#/parameters/oidcClientIdPost'
202
- * - $ref: '#/parameters/oidcClientSecretPost'
203
- * - $ref: '#/parameters/sortOrder'
204
- * - $ref: '#/parameters/forceAuthn'
237
+ * requestBody:
238
+ * content:
239
+ * application/x-www-form-urlencoded:
240
+ * schema:
241
+ * required:
242
+ * - defaultRedirectUrl
243
+ * - product
244
+ * - redirectUrl
245
+ * - tenant
246
+ * type: object
247
+ * properties:
248
+ * name:
249
+ * type: string
250
+ * description: Name of connection
251
+ * label:
252
+ * type: string
253
+ * description: An internal label to identify the connection
254
+ * description:
255
+ * type: string
256
+ * description: A short description for the connection not more than 100 characters
257
+ * encodedRawMetadata:
258
+ * type: string
259
+ * description: Base64 encoding of the XML metadata
260
+ * rawMetadata:
261
+ * type: string
262
+ * description: Raw XML metadata
263
+ * metadataUrl:
264
+ * type: string
265
+ * description: URL containing raw XML metadata
266
+ * defaultRedirectUrl:
267
+ * type: string
268
+ * description: The redirect URL to use in the IdP login flow
269
+ * redirectUrl:
270
+ * type: array
271
+ * items:
272
+ * type: string
273
+ * description: JSON encoded array containing a list of allowed redirect URLs
274
+ * tenant:
275
+ * type: string
276
+ * description: Tenant
277
+ * product:
278
+ * type: string
279
+ * description: Product
280
+ * oidcDiscoveryUrl:
281
+ * type: string
282
+ * description: well-known URL where the OpenID Provider configuration is exposed
283
+ * oidcMetadata:
284
+ * type: string
285
+ * description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
286
+ * oidcClientId:
287
+ * type: string
288
+ * description: clientId of the application set up on the OpenID Provider
289
+ * oidcClientSecret:
290
+ * type: string
291
+ * description: clientSecret of the application set up on the OpenID Provider
292
+ * sortOrder:
293
+ * type: number
294
+ * description: Indicate the position of the connection in the IdP selection screen
295
+ * forceAuthn:
296
+ * type: boolean
297
+ * description: Require a new authentication instead of reusing an existing session.
298
+ * application/json:
299
+ * schema:
300
+ * required:
301
+ * - defaultRedirectUrl
302
+ * - product
303
+ * - redirectUrl
304
+ * - tenant
305
+ * type: object
306
+ * properties:
307
+ * name:
308
+ * type: string
309
+ * description: Name of connection
310
+ * label:
311
+ * type: string
312
+ * description: An internal label to identify the connection
313
+ * description:
314
+ * type: string
315
+ * description: A short description for the connection not more than 100 characters
316
+ * encodedRawMetadata:
317
+ * type: string
318
+ * description: Base64 encoding of the XML metadata
319
+ * rawMetadata:
320
+ * type: string
321
+ * description: Raw XML metadata
322
+ * metadataUrl:
323
+ * type: string
324
+ * description: URL containing raw XML metadata
325
+ * defaultRedirectUrl:
326
+ * type: string
327
+ * description: The redirect URL to use in the IdP login flow
328
+ * redirectUrl:
329
+ * type: array
330
+ * items:
331
+ * type: string
332
+ * description: JSON encoded array containing a list of allowed redirect URLs
333
+ * tenant:
334
+ * type: string
335
+ * description: Tenant
336
+ * product:
337
+ * type: string
338
+ * description: Product
339
+ * oidcDiscoveryUrl:
340
+ * type: string
341
+ * description: well-known URL where the OpenID Provider configuration is exposed
342
+ * oidcMetadata:
343
+ * type: string
344
+ * description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
345
+ * oidcClientId:
346
+ * type: string
347
+ * description: clientId of the application set up on the OpenID Provider
348
+ * oidcClientSecret:
349
+ * type: string
350
+ * description: clientSecret of the application set up on the OpenID Provider
351
+ * sortOrder:
352
+ * type: number
353
+ * description: Indicate the position of the connection in the IdP selection screen
354
+ * forceAuthn:
355
+ * type: boolean
356
+ * description: Require a new authentication instead of reusing an existing session.
357
+ * required: true
205
358
  * responses:
206
359
  * 200:
207
360
  * description: Success
208
- * schema:
209
- * $ref: '#/definitions/Connection'
210
- * 400:
211
- * $ref: '#/definitions/validationErrorsPost'
212
- * 401:
361
+ * content:
362
+ * application/json:
363
+ * schema:
364
+ * $ref: "#/components/schemas/Connection"
365
+ * "400":
366
+ * $ref: "#/components/schemas/validationErrorsPost"
367
+ * "401":
213
368
  * description: Unauthorized
214
369
  */
215
370
  createSAMLConnection(body) {
216
371
  return __awaiter(this, void 0, void 0, function* () {
217
372
  metrics.increment('createConnection');
218
- const connection = yield saml_1.default.create(body, this.connectionStore);
373
+ const connection = yield saml_1.default.create(body, this.connectionStore, this.oryController);
219
374
  yield this.eventController.notify('sso.created', connection);
220
375
  return connection;
221
376
  });
@@ -232,160 +387,174 @@ class ConnectionAPIController {
232
387
  if (!this.opts.oidcPath) {
233
388
  throw new error_1.JacksonError('Please set OpenID response handler path (oidcPath) on Jackson', 500);
234
389
  }
235
- const connection = yield oidc_1.default.create(body, this.connectionStore);
390
+ const connection = yield oidc_1.default.create(body, this.connectionStore, this.oryController);
236
391
  yield this.eventController.notify('sso.created', connection);
237
392
  return connection;
238
393
  });
239
394
  }
240
395
  /**
241
- * @swagger
242
- * definitions:
243
- * validationErrorsPatch:
244
- * description: Please provide clientID | Please provide clientSecret | clientSecret mismatch | Tenant/Product config mismatch with IdP metadata | Description should not exceed 100 characters| redirectUrl is invalid | Exceeded maximum number of allowed redirect urls | defaultRedirectUrl is invalid | Tenant/Product config mismatch with OIDC Provider metadata
245
- * parameters:
246
- * clientIDParamPatch:
247
- * name: clientID
248
- * description: Client ID for the connection
249
- * type: string
250
- * in: formData
251
- * required: true
252
- * clientSecretParamPatch:
253
- * name: clientSecret
254
- * description: Client Secret for the connection
255
- * type: string
256
- * in: formData
257
- * required: true
258
- * tenantParamPatch:
259
- * name: tenant
260
- * description: Tenant
261
- * in: formData
262
- * required: true
263
- * type: string
264
- * productParamPatch:
265
- * name: product
266
- * description: Product
267
- * in: formData
268
- * required: true
269
- * type: string
270
- * nameParamPatch:
271
- * name: name
272
- * description: Name/identifier for the connection
273
- * type: string
274
- * in: formData
275
- * labelParamPatch:
276
- * name: label
277
- * description: An internal label to identify the connection
278
- * type: string
279
- * in: formData
280
- * descriptionParamPatch:
281
- * name: description
282
- * description: A short description for the connection not more than 100 characters
283
- * type: string
284
- * in: formData
285
- * encodedRawMetadataParamPatch:
286
- * name: encodedRawMetadata
287
- * description: Base64 encoding of the XML metadata
288
- * in: formData
289
- * type: string
290
- * rawMetadataParamPatch:
291
- * name: rawMetadata
292
- * description: Raw XML metadata
293
- * in: formData
294
- * type: string
295
- * metadataUrlParamPatch:
296
- * name: metadataUrl
297
- * description: URL containing raw XML metadata
298
- * in: formData
299
- * type: string
300
- * oidcDiscoveryUrlPatch:
301
- * name: oidcDiscoveryUrl
302
- * description: well-known URL where the OpenID Provider configuration is exposed
303
- * in: formData
304
- * type: string
305
- * oidcMetadataPatch:
306
- * name: oidcMetadata
307
- * description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
308
- * in: formData
309
- * type: string
310
- * oidcClientIdPatch:
311
- * name: oidcClientId
312
- * description: clientId of the application set up on the OpenID Provider
313
- * in: formData
314
- * type: string
315
- * oidcClientSecretPatch:
316
- * name: oidcClientSecret
317
- * description: clientSecret of the application set up on the OpenID Provider
318
- * in: formData
319
- * type: string
320
- * defaultRedirectUrlParamPatch:
321
- * name: defaultRedirectUrl
322
- * description: The redirect URL to use in the IdP login flow
323
- * in: formData
324
- * type: string
325
- * redirectUrlParamPatch:
326
- * name: redirectUrl
327
- * description: JSON encoded array containing a list of allowed redirect URLs
328
- * in: formData
329
- * type: string
330
- * deactivatedParamPatch:
331
- * name: deactivated
332
- * description: Connection status
333
- * in: formData
334
- * required: false
335
- * type: boolean
336
- * sortOrderParamPatch:
337
- * name: sortOrder
338
- * description: Indicate the position of the connection in the IdP selection screen
339
- * in: formData
340
- * type: number
341
- * required: false
342
- * forceAuthnParamPatch:
343
- * name: forceAuthn
344
- * description: Require a new authentication instead of reusing an existing session.
345
- * in: formData
346
- * type: boolean
347
- * required: false
396
+ * @openapi
348
397
  * /api/v1/sso:
349
398
  * patch:
399
+ * tags:
400
+ * - Single Sign-On
350
401
  * summary: Update SSO Connection
351
402
  * operationId: update-sso-connection
352
- * tags: [Single Sign-On]
353
- * consumes:
354
- * - application/json
355
- * - application/x-www-form-urlencoded
356
- * parameters:
357
- * - $ref: '#/parameters/clientIDParamPatch'
358
- * - $ref: '#/parameters/clientSecretParamPatch'
359
- * - $ref: '#/parameters/nameParamPatch'
360
- * - $ref: '#/parameters/labelParamPatch'
361
- * - $ref: '#/parameters/descriptionParamPatch'
362
- * - $ref: '#/parameters/encodedRawMetadataParamPatch'
363
- * - $ref: '#/parameters/rawMetadataParamPatch'
364
- * - $ref: '#/parameters/metadataUrlParamPatch'
365
- * - $ref: '#/parameters/oidcDiscoveryUrlPatch'
366
- * - $ref: '#/parameters/oidcMetadataPatch'
367
- * - $ref: '#/parameters/oidcClientIdPatch'
368
- * - $ref: '#/parameters/oidcClientSecretPatch'
369
- * - $ref: '#/parameters/defaultRedirectUrlParamPatch'
370
- * - $ref: '#/parameters/redirectUrlParamPatch'
371
- * - $ref: '#/parameters/tenantParamPatch'
372
- * - $ref: '#/parameters/productParamPatch'
373
- * - $ref: '#/parameters/deactivatedParamPatch'
374
- * - $ref: '#/parameters/sortOrderParamPatch'
375
- * - $ref: '#/parameters/forceAuthnParamPatch'
403
+ * requestBody:
404
+ * content:
405
+ * application/json:
406
+ * schema:
407
+ * required:
408
+ * - clientID
409
+ * - clientSecret
410
+ * - product
411
+ * - tenant
412
+ * type: object
413
+ * properties:
414
+ * clientID:
415
+ * type: string
416
+ * description: Client ID for the connection
417
+ * clientSecret:
418
+ * type: string
419
+ * description: Client Secret for the connection
420
+ * name:
421
+ * type: string
422
+ * description: Name/identifier for the connection
423
+ * label:
424
+ * type: string
425
+ * description: An internal label to identify the connection
426
+ * description:
427
+ * type: string
428
+ * description: A short description for the connection not more than 100 characters
429
+ * encodedRawMetadata:
430
+ * type: string
431
+ * description: Base64 encoding of the XML metadata
432
+ * rawMetadata:
433
+ * type: string
434
+ * description: Raw XML metadata
435
+ * metadataUrl:
436
+ * type: string
437
+ * description: URL containing raw XML metadata
438
+ * oidcDiscoveryUrl:
439
+ * type: string
440
+ * description: well-known URL where the OpenID Provider configuration is exposed
441
+ * oidcMetadata:
442
+ * type: string
443
+ * description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
444
+ * oidcClientId:
445
+ * type: string
446
+ * description: clientId of the application set up on the OpenID Provider
447
+ * oidcClientSecret:
448
+ * type: string
449
+ * description: clientSecret of the application set up on the OpenID Provider
450
+ * defaultRedirectUrl:
451
+ * type: string
452
+ * description: The redirect URL to use in the IdP login flow
453
+ * redirectUrl:
454
+ * type: array
455
+ * items:
456
+ * type: string
457
+ * description: JSON encoded array containing a list of allowed redirect URLs
458
+ * tenant:
459
+ * type: string
460
+ * description: Tenant
461
+ * product:
462
+ * type: string
463
+ * description: Product
464
+ * deactivated:
465
+ * type: boolean
466
+ * description: Connection status
467
+ * sortOrder:
468
+ * type: number
469
+ * description: Indicate the position of the connection in the IdP selection screen
470
+ * forceAuthn:
471
+ * type: boolean
472
+ * description: Require a new authentication instead of reusing an existing session.
473
+ * application/x-www-form-urlencoded:
474
+ * schema:
475
+ * required:
476
+ * - clientID
477
+ * - clientSecret
478
+ * - product
479
+ * - tenant
480
+ * type: object
481
+ * properties:
482
+ * clientID:
483
+ * type: string
484
+ * description: Client ID for the connection
485
+ * clientSecret:
486
+ * type: string
487
+ * description: Client Secret for the connection
488
+ * name:
489
+ * type: string
490
+ * description: Name/identifier for the connection
491
+ * label:
492
+ * type: string
493
+ * description: An internal label to identify the connection
494
+ * description:
495
+ * type: string
496
+ * description: A short description for the connection not more than 100 characters
497
+ * encodedRawMetadata:
498
+ * type: string
499
+ * description: Base64 encoding of the XML metadata
500
+ * rawMetadata:
501
+ * type: string
502
+ * description: Raw XML metadata
503
+ * metadataUrl:
504
+ * type: string
505
+ * description: URL containing raw XML metadata
506
+ * oidcDiscoveryUrl:
507
+ * type: string
508
+ * description: well-known URL where the OpenID Provider configuration is exposed
509
+ * oidcMetadata:
510
+ * type: string
511
+ * description: metadata (JSON) for the OpenID Provider in the absence of discoveryUrl
512
+ * oidcClientId:
513
+ * type: string
514
+ * description: clientId of the application set up on the OpenID Provider
515
+ * oidcClientSecret:
516
+ * type: string
517
+ * description: clientSecret of the application set up on the OpenID Provider
518
+ * defaultRedirectUrl:
519
+ * type: string
520
+ * description: The redirect URL to use in the IdP login flow
521
+ * redirectUrl:
522
+ * type: array
523
+ * items:
524
+ * type: string
525
+ * description: JSON encoded array containing a list of allowed redirect URLs
526
+ * tenant:
527
+ * type: string
528
+ * description: Tenant
529
+ * product:
530
+ * type: string
531
+ * description: Product
532
+ * deactivated:
533
+ * type: boolean
534
+ * description: Connection status
535
+ * sortOrder:
536
+ * type: number
537
+ * description: Indicate the position of the connection in the IdP selection screen
538
+ * forceAuthn:
539
+ * type: boolean
540
+ * description: Require a new authentication instead of reusing an existing session.
541
+ * required: true
376
542
  * responses:
377
- * 204:
543
+ * "204":
378
544
  * description: Success
379
- * 400:
380
- * $ref: '#/definitions/validationErrorsPatch'
381
- * 401:
545
+ * content: {}
546
+ * "400":
547
+ * $ref: "#/components/schemas/validationErrorsPatch"
548
+ * "401":
382
549
  * description: Unauthorized
383
- * 500:
550
+ * content: {}
551
+ * "500":
384
552
  * description: Please set OpenID response handler path (oidcPath) on Jackson
553
+ * content: {}
385
554
  */
386
555
  updateSAMLConnection(body) {
387
556
  return __awaiter(this, void 0, void 0, function* () {
388
- const connection = yield saml_1.default.update(body, this.connectionStore, this.getConnections.bind(this));
557
+ const connection = yield saml_1.default.update(body, this.connectionStore, this.getConnections.bind(this), this.oryController);
389
558
  if ('deactivated' in body) {
390
559
  if ((0, utils_1.isConnectionActive)(connection)) {
391
560
  yield this.eventController.notify('sso.activated', connection);
@@ -407,7 +576,7 @@ class ConnectionAPIController {
407
576
  if (!this.opts.oidcPath) {
408
577
  throw new error_1.JacksonError('Please set OpenID response handler path (oidcPath) on Jackson', 500);
409
578
  }
410
- const connection = yield oidc_1.default.update(body, this.connectionStore, this.getConnections.bind(this));
579
+ const connection = yield oidc_1.default.update(body, this.connectionStore, this.getConnections.bind(this), this.oryController);
411
580
  if ('deactivated' in body) {
412
581
  if ((0, utils_1.isConnectionActive)(connection)) {
413
582
  yield this.eventController.notify('sso.activated', connection);
@@ -429,105 +598,48 @@ class ConnectionAPIController {
429
598
  }
430
599
  }
431
600
  /**
432
- * @swagger
433
- * parameters:
434
- * tenantParamGet:
435
- * in: query
436
- * name: tenant
437
- * type: string
438
- * description: Tenant (Optional if clientID provided)
439
- * productParamGet:
440
- * in: query
441
- * name: product
442
- * type: string
443
- * description: Product (Optional if clientID provided)
444
- * clientIDParamGet:
445
- * in: query
446
- * name: clientID
447
- * type: string
448
- * description: Client ID (Optional if tenant/product provided)
449
- * strategyParamGet:
450
- * in: query
451
- * name: strategy
452
- * type: string
453
- * description: Strategy which can help to filter connections with tenant/product query
454
- * sortParamGet:
455
- * in: query
456
- * name: sort
457
- * type: string
458
- * description: If present, the connections will be sorted by `sortOrder`. It won't consider if pagination is used.
459
- * definitions:
460
- * Connection:
461
- * type: object
462
- * properties:
463
- * clientID:
464
- * type: string
465
- * description: Connection clientID
466
- * clientSecret:
467
- * type: string
468
- * description: Connection clientSecret
469
- * name:
470
- * type: string
471
- * description: Connection name
472
- * label:
473
- * type: string
474
- * description: Connection label
475
- * description:
476
- * type: string
477
- * description: Connection description
478
- * redirectUrl:
479
- * type: string
480
- * description: A list of allowed redirect URLs
481
- * defaultRedirectUrl:
482
- * type: string
483
- * description: The redirect URL to use in the IdP login flow
484
- * tenant:
485
- * type: string
486
- * description: Connection tenant
487
- * product:
488
- * type: string
489
- * description: Connection product
490
- * idpMetadata:
491
- * type: object
492
- * description: SAML IdP metadata
493
- * oidcProvider:
494
- * type: object
495
- * description: OIDC IdP metadata
496
- * deactivated:
497
- * type: boolean
498
- * description: Connection status
499
- * sortOrder:
500
- * type: number
501
- * description: Connection sort order
502
- * responses:
503
- * '200Get':
504
- * description: Success
505
- * schema:
506
- * type: array
507
- * items:
508
- * $ref: '#/definitions/Connection'
509
- * '400Get':
510
- * description: Please provide `clientID` or `tenant` and `product`.
511
- * '401Get':
512
- * description: Unauthorized
601
+ * @openapi
513
602
  * /api/v1/sso:
514
603
  * get:
604
+ * tags:
605
+ * - Single Sign-On
515
606
  * summary: Get SSO Connections
516
- * parameters:
517
- * - $ref: '#/parameters/tenantParamGet'
518
- * - $ref: '#/parameters/productParamGet'
519
- * - $ref: '#/parameters/clientIDParamGet'
520
- * - $ref: '#/parameters/strategyParamGet'
521
- * - $ref: '#/parameters/sortParamGet'
522
607
  * operationId: get-connections
523
- * tags: [Single Sign-On]
608
+ * parameters:
609
+ * - name: tenant
610
+ * in: query
611
+ * description: Tenant
612
+ * required: true
613
+ * schema:
614
+ * type: string
615
+ * - name: product
616
+ * in: query
617
+ * description: Product
618
+ * required: true
619
+ * schema:
620
+ * type: string
621
+ * - name: clientID
622
+ * in: query
623
+ * description: Client ID (Optional if tenant/product provided)
624
+ * schema:
625
+ * type: string
626
+ * - name: strategy
627
+ * in: query
628
+ * description: Strategy which can help to filter connections with tenant/product query
629
+ * schema:
630
+ * type: string
631
+ * - name: sort
632
+ * in: query
633
+ * description: If present, the connections will be sorted by `sortOrder`. It won't consider if pagination is used.
634
+ * schema:
635
+ * type: string
524
636
  * responses:
525
637
  * '200':
526
- * $ref: '#/responses/200Get'
638
+ * $ref: '#/components/responses/200Get'
527
639
  * '400':
528
- * $ref: '#/responses/400Get'
640
+ * $ref: '#/components/responses/400Get'
529
641
  * '401':
530
- * $ref: '#/responses/401Get'
642
+ * $ref: '#/components/responses/401Get'
531
643
  */
532
644
  getConnections(body) {
533
645
  return __awaiter(this, void 0, void 0, function* () {
@@ -636,44 +748,39 @@ class ConnectionAPIController {
636
748
  });
637
749
  }
638
750
  /**
639
- * @swagger
640
- * parameters:
641
- * clientIDDel:
642
- * name: clientID
643
- * in: query
644
- * type: string
645
- * description: Client ID (Optional if tenant/product provided)
646
- * clientSecretDel:
647
- * name: clientSecret
648
- * in: query
649
- * type: string
650
- * description: Client Secret (Optional if tenant/product provided)
651
- * tenantDel:
652
- * name: tenant
653
- * in: query
654
- * type: string
655
- * description: Tenant (Optional if clientID/Secret provided)
656
- * productDel:
657
- * name: product
658
- * in: query
659
- * type: string
660
- * description: Product (Optional if clientID/Secret provided)
661
- * strategyDel:
662
- * name: strategy
663
- * in: query
664
- * type: string
665
- * description: Strategy which can help to filter connections with tenant/product query
751
+ * @openapi
666
752
  * /api/v1/sso:
667
753
  * delete:
668
- * parameters:
669
- * - $ref: '#/parameters/clientIDDel'
670
- * - $ref: '#/parameters/clientSecretDel'
671
- * - $ref: '#/parameters/tenantDel'
672
- * - $ref: '#/parameters/productDel'
673
- * - $ref: '#/parameters/strategyDel'
754
+ * tags:
755
+ * - Single Sign-On
674
756
  * summary: Delete SSO Connections
675
757
  * operationId: delete-sso-connection
676
- * tags: [Single Sign-On]
758
+ * parameters:
759
+ * - name: clientID
760
+ * in: query
761
+ * description: Client ID (Optional if tenant/product provided)
762
+ * schema:
763
+ * type: string
764
+ * - name: clientSecret
765
+ * in: query
766
+ * description: Client Secret (Optional if tenant/product provided)
767
+ * schema:
768
+ * type: string
769
+ * - name: tenant
770
+ * in: query
771
+ * description: Tenant (Optional if clientID/Secret provided)
772
+ * schema:
773
+ * type: string
774
+ * - name: product
775
+ * in: query
776
+ * description: Product (Optional if clientID/Secret provided)
777
+ * schema:
778
+ * type: string
779
+ * - name: strategy
780
+ * in: query
781
+ * description: Strategy which can help to filter connections with tenant/product query
782
+ * schema:
783
+ * type: string
677
784
  * responses:
678
785
  * '200':
679
786
  * description: Success
@@ -743,84 +850,25 @@ class ConnectionAPIController {
743
850
  });
744
851
  }
745
852
  /**
746
- * @swagger
747
- * parameters:
748
- * productParamGet:
749
- * in: query
750
- * name: product
751
- * type: string
752
- * description: Product
753
- * required: true
754
- * definitions:
755
- * Connection:
756
- * type: object
757
- * properties:
758
- * clientID:
759
- * type: string
760
- * description: Connection clientID
761
- * clientSecret:
762
- * type: string
763
- * description: Connection clientSecret
764
- * name:
765
- * type: string
766
- * description: Connection name
767
- * description:
768
- * type: string
769
- * description: Connection description
770
- * redirectUrl:
771
- * type: string
772
- * description: A list of allowed redirect URLs
773
- * defaultRedirectUrl:
774
- * type: string
775
- * description: The redirect URL to use in the IdP login flow
776
- * tenant:
777
- * type: string
778
- * description: Connection tenant
779
- * product:
780
- * type: string
781
- * description: Connection product
782
- * idpMetadata:
783
- * type: object
784
- * description: SAML IdP metadata
785
- * oidcProvider:
786
- * type: object
787
- * description: OIDC IdP metadata
788
- * responses:
789
- * '200GetByProduct':
790
- * description: Success
791
- * content:
792
- * application/json:
793
- * schema:
794
- * type: object
795
- * properties:
796
- * data:
797
- * type: array
798
- * items:
799
- * $ref: '#/definitions/Connection'
800
- * pageToken:
801
- * type: string
802
- * description: token for pagination
803
- * '400Get':
804
- * description: Please provide a `product`.
805
- * '401Get':
806
- * description: Unauthorized
853
+ * @openapi
807
854
  * /api/v1/sso/product:
808
855
  * get:
856
+ * tags:
857
+ * - Single Sign-On
809
858
  * summary: Get SSO Connections by product
810
- * parameters:
811
- * - $ref: '#/parameters/productParamGet'
812
- * - $ref: '#/parameters/pageOffset'
813
- * - $ref: '#/parameters/pageLimit'
814
- * - $ref: '#/parameters/pageToken'
815
859
  * operationId: get-connections-by-product
816
- * tags: [Single Sign-On]
860
+ * parameters:
861
+ * - $ref: '#/components/parameters/productParamGet'
862
+ * - $ref: '#/components/parameters/pageOffset'
863
+ * - $ref: '#/components/parameters/pageLimit'
864
+ * - $ref: '#/components/parameters/pageToken'
817
865
  * responses:
818
866
  * '200':
819
- * $ref: '#/responses/200GetByProduct'
867
+ * $ref: '#/components/responses/200GetByProduct'
820
868
  * '400':
821
- * $ref: '#/responses/400Get'
869
+ * $ref: '#/components/responses/400Get'
822
870
  * '401':
823
- * $ref: '#/responses/401Get'
871
+ * $ref: '#/components/responses/401Get'
824
872
  */
825
873
  getConnectionsByProduct(body) {
826
874
  return __awaiter(this, void 0, void 0, function* () {