From 86b357c5096eead6fbd7d98214e1f35c8577698d Mon Sep 17 00:00:00 2001 From: Hasini Samarathunga Date: Thu, 19 Sep 2024 17:35:12 +0530 Subject: [PATCH] Update IS 7.0.0 Applications yaml document to match the API definition --- .../7.0.0/docs/apis/restapis/application.yaml | 459 +++++++++++------- 1 file changed, 295 insertions(+), 164 deletions(-) diff --git a/en/identity-server/7.0.0/docs/apis/restapis/application.yaml b/en/identity-server/7.0.0/docs/apis/restapis/application.yaml index 066775db90..032aebbb8c 100644 --- a/en/identity-server/7.0.0/docs/apis/restapis/application.yaml +++ b/en/identity-server/7.0.0/docs/apis/restapis/application.yaml @@ -1,10 +1,17 @@ openapi: 3.0.0 info: description: > - This document specifies an **Application Management RESTful API** for WSO2 Identity Server. + This document specifies an **Application Management RESTful API** for **WSO2 Identity Server**. version: "v1" - title: Application Management Rest API - + title: WSO2 Identity Server - Application Management Rest API + termsOfService: 'http://swagger.io/terms/' + contact: + name: WSO2 + url: 'http://wso2.com/products/identity-server/' + email: architecture@wso2.org + license: + name: Apache 2.0 + url: 'http://www.apache.org/licenses/LICENSE-2.0.html' security: - OAuth2: [] - BasicAuth: [] @@ -15,9 +22,9 @@ paths: - Applications operationId: getAllApplications summary: | - List applications + List applications. description: | - This API provides the capability to retrieve the list of applications.
+ This API provides the capability to retrieve the list of applications.
Scope(Permission) required: `internal_application_mgt_view` parameters: - $ref: '#/components/parameters/limitQueryParam' @@ -67,16 +74,15 @@ paths: curl -X 'GET' \ 'https://localhost:9443/api/server/v1/applications?limit=30&offset=0' \ -H 'accept: application/json' \ - -H 'Authorization: Basic YWRtaW46YWRtaW4=' + -H 'Authorization: Basic YWRtaW46YWRtaW4=' post: tags: - Applications summary: | - Add application + Add application. operationId: createApplication description: > - This API provides the capability to store the application information - that is provided by users.
+ This API provides the capability to store the application information that is provided by users.
Scope(Permission) required: `internal_application_mgt_create` parameters: - in: query @@ -383,7 +389,7 @@ paths: operationId: importApplication description: > This API provides the capability to create an application based on the - information provided in an XML, YAML, or JSON file.
+ information provided in an XML, YAML, or JSON file.
Scope(Permission) required: `internal_application_mgt_create` requestBody: content: @@ -438,7 +444,7 @@ paths: operationId: importApplicationForUpdate description: > This API provides the capability to update an application based on the - information provided in an XML, YAML, or JSON file.
+ information provided in an XML, YAML, or JSON file.
Scope(Permission) required: `internal_application_mgt_update` requestBody: content: @@ -496,11 +502,10 @@ paths: tags: - Applications summary: | - Retrieve application by ID + Retrieve application by ID. operationId: getApplication description: > - This API provides the capability to retrieve the application information - by ID.
+ This API provides the capability to retrieve the application information by ID.
Scope(Permission) required: `internal_application_mgt_view` parameters: - name: applicationId @@ -558,10 +563,10 @@ paths: tags: - Applications summary: | - Partially update application by ID + Partially update application by ID. operationId: patchApplication description: | - This API provides the capability to partially update an application by ID.
+ This API provides the capability to partially update an application by ID.
Scope(Permission) required: `internal_application_mgt_update` parameters: - name: applicationId @@ -716,7 +721,7 @@ paths: tags: - Applications summary: | - Delete application by ID + Delete application by ID. operationId: deleteApplication description: | This API provides the capability to delete an application by ID.
@@ -766,9 +771,9 @@ paths: - Applications operationId: exportApplication summary: | - Export application as an XML file + Export application as an XML file. description: | - This API provides the capability to retrieve the application as an XML file.
+ This API provides the capability to retrieve the application as an XML file.
Scope(Permission) required: `internal_application_mgt_view` parameters: - name: applicationId @@ -822,11 +827,8 @@ paths: summary: | Export application in XML, YAML, or JSON file formats. description: | - This API provides the capability to retrieve the application in XML, YAML, or JSON format.
- Permission required:
- * /permission/admin/manage/identity/applicationmgt/view
- Scope required:
- * internal_application_mgt_view + This API provides the capability to retrieve the application in XML, YAML, or JSON format.
+ Scope(Permission) required: `internal_application_mgt_view` parameters: - name: applicationId in: path @@ -891,9 +893,9 @@ paths: - Applications operationId: changeApplicationOwner summary: | - Change application owner + Change application owner. description: | - This API provides the capability to change the application owner.
+ This API provides the capability to change the application owner.
Scope(Permission) required: `internal_organization_admin` parameters: - name: applicationId @@ -948,11 +950,11 @@ paths: tags: - Authenticators summary: | - Get configured authenticators + Get configured authenticators. operationId: getConfiguredAuthenticators description: | - This API provides the capability to retrieve the configured authenticators. - Scope(Permission) required: `internal_application_mgt_view` + This API provides the capability to retrieve the configured authenticators.
+ Scope(Permission) required: `internal_application_mgt_view` parameters: - name: applicationId in: path @@ -1006,8 +1008,7 @@ paths: Get authorized APIs of the application. operationId: getAuthorizedAPIs description: | - This API provides the capability to retrieve all the authorized APIs of the application.
- + This API provides the capability to retrieve all the authorized APIs of the application.
Scope(Permission) required: `internal_application_mgt_view` parameters: - name: applicationId @@ -1046,11 +1047,10 @@ paths: tags: - Authorized APIs summary: | - Authorized an API to the application + Authorized an API to the application. operationId: addAuthorizedAPI description: | - This API provides the capability to authorized an API to the application.
- + This API provides the capability to authorized an API to the application.
Scope(Permission) required: `internal_application_mgt_update` parameters: - name: applicationId @@ -1099,17 +1099,15 @@ paths: ] }' x-codegen-request-body-name: body - /applications/{applicationId}/authorized-apis/{apiId}: patch: tags: - Authorized APIs summary: | - Update authorized API scopes + Update authorized API scopes. operationId: patchAuthorizedAPI description: | - This API provides the capability to update an authorized API of the application.
- + This API provides the capability to update an authorized API of the application.
Scope(Permission) required: `internal_application_mgt_update` parameters: - name: applicationId @@ -1169,11 +1167,10 @@ paths: tags: - Authorized APIs summary: | - Remove API authorization from the application + Remove API authorization from the application. operationId: deleteAuthorizedAPI description: | - This API provides the capability to delete an authorized API of the application.
- + This API provides the capability to delete an authorized API of the application.
Scope(Permission) required: `internal_application_mgt_update` parameters: - name: applicationId @@ -1211,11 +1208,10 @@ paths: tags: - Resident Application summary: | - Get Resident application + Get resident application. operationId: getResidentApplication description: | - This API provides the capability to retrieve the resident application information. -
+ This API provides the capability to retrieve the resident application information.
Scope(Permission) required: `internal_application_mgt_view` responses: '200': @@ -1257,10 +1253,10 @@ paths: tags: - Resident Application summary: | - Update resident application + Update resident application. operationId: updateResidentApplication description: > - This API provides the capability to update the Resident Application Configuration.
+ This API provides the capability to update the resident application configuration.
Scope(Permission) required: `internal_application_mgt_update` responses: '200': @@ -1339,11 +1335,10 @@ paths: tags: - Inbound Protocols summary: | - Retrieve inbound protocol configurations + Retrieve inbound protocol configurations. operationId: getInboundAuthenticationConfigurations description: > - This API provides the capability to retrieve authentication protocol - configurations of an application.
+ This API provides the capability to retrieve authentication protocol configurations of an application.
Scope(Permission) required: `internal_application_mgt_view` parameters: - name: applicationId @@ -1393,11 +1388,10 @@ paths: tags: - Inbound Protocols - SAML summary: | - Retrieve SAML2 authentication protocol parameters + Retrieve SAML2 authentication protocol parameters. operationId: getInboundSAMLConfiguration description: > - This API provides the capability to retrieve SAML2 authentication - protocol parameters of an application.
+ This API provides the capability to retrieve SAML2 authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_view` parameters: - name: applicationId @@ -1446,11 +1440,10 @@ paths: tags: - Inbound Protocols - SAML summary: | - Update SAML2 authentication protocol parameters + Update SAML2 authentication protocol parameters. operationId: updateInboundSAMLConfiguration description: > - This API provides the capability to store SAML2 authentication protocol - parameters of an application.
+ This API provides the capability to store SAML2 authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_update` - There are three methods to create/update SAML2 authentication protocol configuration. @@ -1581,11 +1574,10 @@ paths: tags: - Inbound Protocols - SAML summary: | - Delete SAML2 authentication protocol parameters + Delete SAML2 authentication protocol parameters. operationId: deleteInboundSAMLConfiguration description: > - This API provides the capability to delete SAML2 authentication protocol - parameters of an application.
+ This API provides the capability to delete SAML2 authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_delete` parameters: - name: applicationId @@ -1631,10 +1623,9 @@ paths: tags: - Inbound Protocols - OAuth / OIDC summary: | - Retrieve OIDC authentication protocol parameters + Retrieve OIDC authentication protocol parameters. description: > - This API provides the capability to retrieve OIDC authentication - protocol parameters of an application.
+ This API provides the capability to retrieve OIDC authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_view` operationId: getInboundOAuthConfiguration parameters: @@ -1684,10 +1675,9 @@ paths: tags: - Inbound Protocols - OAuth / OIDC summary: | - Update OIDC authentication protocol parameters + Update OIDC authentication protocol parameters. description: > - This API provides the capability to store OIDC authentication protocol - parameters of an application.
+ This API provides the capability to store OIDC authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_update` operationId: updateInboundOAuthConfiguration parameters: @@ -1808,10 +1798,9 @@ paths: tags: - Inbound Protocols - OAuth / OIDC summary: | - Delete OIDC authentication protocol parameters + Delete OIDC authentication protocol parameters. description: > - This API provides the capability to delete OIDC authentication protocol - parameters of an application.
+ This API provides the capability to delete OIDC authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_delete` operationId: deleteInboundOAuthConfiguration parameters: @@ -1858,7 +1847,7 @@ paths: tags: - Inbound Protocols - OAuth / OIDC summary: | - Regenerate the OAuth2/OIDC client secret + Regenerate the OAuth2/OIDC client secret. description: | This API regenerates the OAuth2/OIDC client secret.
Scope(Permission) required: `internal_application_mgt_create` @@ -1912,9 +1901,10 @@ paths: tags: - Inbound Protocols - OAuth / OIDC summary: | - Revoke the OAuth2/OIDC client of application + Revoke the OAuth2/OIDC client of application. description: | - This API revokes the OAuth2/OIDC client secret. To re-activate the client, the client secret needs to be regenerated.
+ This API revokes the OAuth2/OIDC client secret. + To re-activate the client, the client secret needs to be regenerated.
Scope(Permission) required: `internal_application_mgt_create` operationId: revokeOAuthClient parameters: @@ -1962,7 +1952,7 @@ paths: tags: - Inbound Protocols - Passive STS summary: > - Retrieve Passive STS authentication protocol parameters + Retrieve Passive STS authentication protocol parameters. description: > This API provides the capability to retrieve Passive STS authentication protocol parameters of an application.
@@ -2015,10 +2005,9 @@ paths: tags: - Inbound Protocols - Passive STS summary: | - Update Passive STS authentication protocol parameters + Update Passive STS authentication protocol parameters. description: > - This API provides the capability to store passive STS authentication - protocol parameters of an application.
+ This API provides the capability to store passive STS authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_update` operationId: updatePassiveStsConfiguration parameters: @@ -2093,7 +2082,7 @@ paths: tags: - Inbound Protocols - Passive STS summary: | - Delete Passive STS authentication protocol parameters + Delete Passive STS authentication protocol parameters. description: > This API provides the capability to delete Passive STS authentication protocol parameters of an application.
@@ -2143,7 +2132,7 @@ paths: tags: - Inbound Protocols - WS Trust summary: | - Retrieve WS Trust authentication protocol parameters + Retrieve WS Trust authentication protocol parameters. description: > This API provides the capability to retrieve Passive STS authentication protocol parameters of an application.
@@ -2196,10 +2185,9 @@ paths: tags: - Inbound Protocols - WS Trust summary: | - Update WS Trust authentication protocol parameters + Update WS Trust authentication protocol parameters. description: > - This API provides the capability to store WS Trust authentication - protocol parameters of an application.
+ This API provides the capability to store WS Trust authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_update` operationId: updateWSTrustConfiguration parameters: @@ -2274,10 +2262,9 @@ paths: tags: - Inbound Protocols - WS Trust summary: | - Delete WS Trust authentication protocol parameters + Delete WS Trust authentication protocol parameters. description: > - This API provides the capability to delete WS Trust authentication - protocol parameters of an application.
+ This API provides the capability to delete WS Trust authentication protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_delete` operationId: deleteWSTrustConfiguration parameters: @@ -2324,7 +2311,7 @@ paths: tags: - Inbound Protocols - Custom summary: > - Retrieve custom inbound authentication protocol parameters + Retrieve custom inbound authentication protocol parameters. description: > This API provides the capability to retrieve custom inbound authentication protocol parameters of an application.
@@ -2383,10 +2370,10 @@ paths: tags: - Inbound Protocols - Custom summary: | - Update the custom inbound authentication protocol parameters + Update the custom inbound authentication protocol parameters. description: > - This API provides the capability to store custom inbound authentication protocol parameters of an application. -
+ This API provides the capability to store custom inbound authentication + protocol parameters of an application.
Scope(Permission) required: `internal_application_mgt_update` operationId: updateCustomInboundConfiguration parameters: @@ -2474,7 +2461,7 @@ paths: tags: - Inbound Protocols - Custom summary: > - Delete custom inbound authentication protocol parameters + Delete custom inbound authentication protocol parameters. description: > This API provides the capability to delete custom inbound authentication protocol of an application.
Scope(Permission) required: `internal_application_mgt_delete` @@ -2529,11 +2516,10 @@ paths: tags: - Application Metadata summary: | - Retrieve the list of inbound authentication protocols available + Retrieve the list of inbound authentication protocols available. description: > This API provides the capability to retrieve the list of inbound authentication protocols available. - If the query parameter 'customOnly' is set to true, only custom inbound protocols will be listed. -
+ If the query parameter 'customOnly' is set to true, only custom inbound protocols will be listed.
Scope(Permission) required: `internal_application_mgt_view` operationId: getInboundProtocols parameters: @@ -2578,7 +2564,7 @@ paths: tags: - Application Metadata summary: | - Retrieve all the metadata related to the auth protocol SAML + Retrieve all the metadata related to the auth protocol SAML. description: > This API provides the capability to retrieve all the metadata related to the auth protocol SAML.
Scope(Permission) required: `internal_application_mgt_view` @@ -2626,9 +2612,10 @@ paths: tags: - Application Metadata summary: | - Retrieve all the metadata related to the authentication protocol OAuth / OIDC + Retrieve all the metadata related to the authentication protocol OAuth / OIDC. description: > - This API provides the capability to retrieve all the metadata related to the authentication protocol OAuth / OIDC.
+ This API provides the capability to retrieve all the metadata related + to the authentication protocol OAuth / OIDC.
Scope(Permission) required: `internal_application_mgt_view` operationId: getOIDCMetadata responses: @@ -2666,7 +2653,7 @@ paths: tags: - Application Metadata summary: | - Retrieve all the metadata related to the auth protocol WS Trust + Retrieve all the metadata related to the auth protocol WS Trust. description: > This API provides the capability to retrieve all the metadata related to the auth protocol WS_Trust.
Scope(Permission) required: `internal_application_mgt_view` @@ -2706,10 +2693,10 @@ paths: tags: - Application Metadata summary: | - Retrieve all the metadata related to the custom auth protocol identified by the inboundProtocolId + Retrieve all the metadata related to the custom auth protocol identified by the inboundProtocolId. description: > This API provides the capability to retrieve all the metadata related to the custom auth protocol - identified by the inboundProtocolId. The URL encoded inbound protocol name is used as inboundProtocolId.
+ identified by the inboundProtocolId. The URL encoded inbound protocol name is used as inboundProtocolId.
Scope(Permission) required: `internal_application_mgt_view` operationId: getCustomProtocolMetadata parameters: @@ -2754,7 +2741,7 @@ paths: tags: - Application Metadata summary: | - Retrieve adaptive authentication sample templates + Retrieve adaptive authentication sample templates. description: > This API provides the capability to retrieve the sample adaptive authentication templates.
Scope(Permission) required: `internal_application_mgt_view` @@ -2795,7 +2782,7 @@ paths: - Application Templates operationId: getAllApplicationTemplates summary: | - List application templates + List application templates. description: | This API provides the capability to retrieve the list of templates available.
Scope(Permission) required: `internal_application_mgt_view` @@ -2849,7 +2836,7 @@ paths: tags: - Application Templates summary: | - Add application template + Add application template. operationId: createApplicationTemplate description: > This API provides the capability to store the application template provided by users.
@@ -3161,7 +3148,7 @@ paths: tags: - Application Templates summary: | - Retrieve application template by ID + Retrieve application template by ID. operationId: getApplicationTemplate description: > This API provides the capability to retrieve the application template from the template id.
@@ -3217,7 +3204,7 @@ paths: tags: - Application Templates summary: | - Update the application template by the template ID + Update the application template by the template ID. operationId: updateApplicationTemplate description: | This API provides the capability to update an application template by the template ID.
@@ -3524,7 +3511,7 @@ paths: tags: - Application Templates summary: | - Delete application template by template ID + Delete application template by template ID. operationId: deleteApplicationTemplate description: | This API provides the capability to delete an application template by template ID.
@@ -3571,9 +3558,7 @@ paths: summary: | Share the application from the root organization to the given organization(s). description: | - This API provides the capability to share an application with organizations. -
- + This API provides the capability to share an application with organizations.
Scope(Permission) required: `internal_shared_application_create` operationId: shareOrgApplication parameters: @@ -3636,9 +3621,7 @@ paths: summary: | List of organizations that the application is shared to. description: | - This API returns the list of organizations that the application is shared to. -

- + This API returns the list of organizations that the application is shared to.
Scope(Permission) required: `internal_shared_application_view` operationId: shareOrgApplicationGet parameters: @@ -3690,9 +3673,7 @@ paths: summary: | List of shared applications along with its organization. description: | - This API returns the list of shared app ids along with the shared organization id. -

- + This API returns the list of shared app ids along with the shared organization id.
Scope(Permission) required: `internal_shared_application_view` operationId: sharedApplicationsGet parameters: @@ -3741,9 +3722,8 @@ paths: -H 'Authorization: Basic YWRtaW46YWRtaW4=' delete: description: | - This API provides the capability to stop sharing an application to all organizations the application is shared to. -

- + This API provides the capability to stop sharing an application to all organizations + the application is shared to.
Scope(Permission) required: `internal_shared_application_delete` summary: | Stop sharing an application with all organizations. @@ -3791,9 +3771,7 @@ paths: /applications/{applicationId}/share/{shared-organization-id}: delete: description: | - This API provides the capability to stop sharing an application to an organization by providing its ID. -

- + This API provides the capability to stop sharing an application to an organization by providing its ID.
Scope(Permission) required: `internal_shared_application_delete` summary: | Stop sharing an application to a organization. @@ -3924,9 +3902,10 @@ components: required: false description: | Specifies the required parameters in the response. - Only 'advancedConfigurations', 'templateId', 'clientId', and 'issuer' attributes are currently supported. + Only 'advancedConfigurations', 'templateId', 'clientId', 'issuer', and 'associatedRoles.allowedAudience' + attributes are currently supported. - /applications?attributes=advancedConfigurations,templateId,clientId,issuer + /applications?attributes=advancedConfigurations,templateId,clientId,issuer,associatedRoles.allowedAudience schema: type: string exportSecretsQueryParam: @@ -3992,7 +3971,6 @@ components: rel: type: string example: "next" - ApplicationListResponse: type: object properties: @@ -4016,7 +3994,6 @@ components: type: array items: $ref: '#/components/schemas/Link' - ApplicationListItem: type: object properties: @@ -4041,6 +4018,9 @@ components: issuer: type: string example: 'http://idp.example.com/metadata.php' + realm: + type: string + example: 'PassiveSTSSampleApp' access: type: string enum: @@ -4055,7 +4035,9 @@ components: templateId: type: string example: "980b8tester24c64a8a09a0d80abf8c337bd2555" - + associatedRoles: + type: object + $ref: '#/components/schemas/AssociatedRolesConfig' ApplicationModel: type: object required: @@ -4088,6 +4070,13 @@ components: type: boolean example: false description: Decides whether the application used to access System APIs + isB2BSelfServiceApp: + default: false + type: boolean + example: false + description: Decides whether the application used to for B2B self service + associatedRoles: + $ref: '#/components/schemas/AssociatedRolesConfig' claimConfiguration: $ref: '#/components/schemas/ClaimConfiguration' inboundProtocolConfiguration: @@ -4098,7 +4087,6 @@ components: $ref: '#/components/schemas/AdvancedApplicationConfiguration' provisioningConfigurations: $ref: '#/components/schemas/ProvisioningConfiguration' - ApplicationResponseModel: type: object required: @@ -4129,6 +4117,9 @@ components: issuer: type: string example: 'http://idp.example.com/metadata.php' + realm: + type: string + example: 'PassiveSTSSampleApp' templateId: type: string example: "adwefi2429asdfdf94444rraf44" @@ -4136,6 +4127,12 @@ components: type: boolean example: false description: Decides whether the application used to access System APIs + isB2BSelfServiceApp: + type: boolean + example: false + description: Decides whether the application used to for B2B self service + associatedRoles: + $ref: '#/components/schemas/AssociatedRolesConfig' claimConfiguration: $ref: '#/components/schemas/ClaimConfiguration' inboundProtocols: @@ -4152,7 +4149,6 @@ components: - READ - WRITE default: READ - ApplicationPatchModel: type: object properties: @@ -4174,6 +4170,8 @@ components: templateId: type: string example: "adwefi2429asdfdf94444rraf44" + associatedRoles: + $ref: '#/components/schemas/AssociatedRolesConfig' claimConfiguration: $ref: '#/components/schemas/ClaimConfiguration' authenticationSequence: @@ -4182,13 +4180,11 @@ components: $ref: '#/components/schemas/AdvancedApplicationConfiguration' provisioningConfigurations: $ref: '#/components/schemas/ProvisioningConfiguration' - ResidentApplication: type: object properties: provisioningConfigurations: $ref: '#/components/schemas/ProvisioningConfiguration' - ProvisioningConfiguration: type: object properties: @@ -4210,7 +4206,6 @@ components: description: >- This property becomes only applicable if the proxy-mode config is set to false - OutboundProvisioningConfiguration: type: object properties: @@ -4229,6 +4224,8 @@ components: jit: type: boolean example: false + description: >- + This property is disabled by default as of Identity Server version 7.0 onwards. ConfiguredAuthenticatorsModal: type: object properties: @@ -4285,6 +4282,33 @@ components: type: boolean description: Decides whether authorization policies needs to be engaged during authentication flows. example: true + fragment: + type: boolean + description: Decides whether application is a fragment application. + example: false + enableAPIBasedAuthentication: + type: boolean + description: Decides whether API Based Authentication is enabled for this application. + example: false + attestationMetaData: + type: object + description: Decides the client attestation meta data for the application. + properties: + enableClientAttestation: + type: boolean + description: Decides whether client attestation enabled for this application. + example: false + androidPackageName: + type: string + description: Decides the android package name of the application. + example: "com.wso2.mobile.sample" + androidAttestationServiceCredentials: + type: object + description: Decides the credentials for the service account to access Google Play Integrity Service. + appleAppId: + type: string + description: Decides the apple app id which denotes {apple-teamId}.{bundleId}. + example: "APPLETEAMID.com.wso2.mobile.sample" additionalSpProperties: $ref: '#/components/schemas/AdditionalProperties' AdditionalProperties: @@ -4334,12 +4358,10 @@ components: type: array items: $ref: '#/components/schemas/CustomInboundProtocolConfiguration' - InboundProtocolsListResponse: type: array items: $ref: '#/components/schemas/InboundProtocolListItem' - InboundProtocolListItem: type: object required: @@ -4356,7 +4378,6 @@ components: self: type: string example: "/api/server/v1/applications/29048810-1447-4ea0-a348-30d15ab65fa3/inbound-protocols/saml" - ClaimConfiguration: type: object properties: @@ -4392,6 +4413,9 @@ components: useMappedLocalSubject: type: boolean example: false + mappedLocalSubjectMandatory: + type: boolean + example: false RoleConfig: type: object properties: @@ -4416,6 +4440,33 @@ components: applicationRole: type: string example: Administrator + AssociatedRolesConfig: + type: object + required: + - allowedAudience + properties: + allowedAudience: + type: string + example: "ORGANIZATION" + enum: + - ORGANIZATION + - APPLICATION + default: ORGANIZATION + roles: + type: array + items: + $ref: '#/components/schemas/Role' + Role: + type: object + required: + - id + properties: + id: + type: string + example: "bf5abd05-3667-4a2a-a6c2-2fb9f4d26e47" + name: + type: string + example: "RoleA" RequestedClaimConfiguration: type: object required: @@ -4458,7 +4509,6 @@ components: type: string example: Username readOnly: true - SAML2Configuration: type: object properties: @@ -4470,7 +4520,6 @@ components: example: 'https://example.com/samlsso/meta' manualConfiguration: $ref: '#/components/schemas/SAML2ServiceProvider' - SingleSignOnProfile: type: object properties: @@ -4482,23 +4531,18 @@ components: - HTTP_POST - HTTP_REDIRECT - ARTIFACT - enableSignatureValidationForArtifactBinding: type: boolean description: Enables Signature validation for SAML Artifact Binding. Applicable only if SAML Artifact binding is enabled through the bindings option. default: false - attributeConsumingServiceIndex: type: string readOnly: true - enableIdpInitiatedSingleSignOn: type: boolean default: false - assertion: $ref: '#/components/schemas/SAMLAssertionConfiguration' - SAMLAttributeProfile: type: object properties: @@ -4508,7 +4552,6 @@ components: alwaysIncludeAttributesInResponse: type: boolean default: false - SingleLogoutProfile: type: object properties: @@ -4529,7 +4572,6 @@ components: - FRONTCHANNEL_HTTP_POST idpInitiatedSingleLogout: $ref: '#/components/schemas/IdpInitiatedSingleLogout' - IdpInitiatedSingleLogout: type: object properties: @@ -4540,7 +4582,6 @@ components: type: array items: type: string - SAMLAssertionConfiguration: type: object properties: @@ -4548,7 +4589,6 @@ components: type: string default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' example: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' - audiences: type: array description: Additional audience values to be added to the SAML Assertions @@ -4556,7 +4596,6 @@ components: - 'https://app.example.com/saml' items: type: string - recipients: type: array description: Additional recipient values to be added to the SAML Assertions @@ -4564,14 +4603,12 @@ components: - 'https://app.example.com/saml' items: type: string - digestAlgorithm: type: string default: "http://www.w3.org/2000/09/xmldsig#sha1" example: "http://www.w3.org/2000/09/xmldsig#sha1" encryption: $ref: '#/components/schemas/AssertionEncryptionConfiguration' - AssertionEncryptionConfiguration: type: object properties: @@ -4584,7 +4621,6 @@ components: keyEncryptionAlgorithm: type: string default: "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" - SAMLRequestValidation: type: object properties: @@ -4593,7 +4629,6 @@ components: default: true signatureValidationCertAlias: type: string - SAMLResponseSigning: type: object properties: @@ -4602,13 +4637,11 @@ components: default: true signingAlgorithm: type: string - SAML2ServiceProvider: type: object required: - issuer - assertionConsumerUrls - properties: issuer: type: string @@ -4625,26 +4658,19 @@ components: idpEntityIdAlias: type: string description: "Default value is the IdP Entity ID value specified in Resident IdP." - singleSignOnProfile: $ref: '#/components/schemas/SingleSignOnProfile' - attributeProfile: $ref: '#/components/schemas/SAMLAttributeProfile' - singleLogoutProfile: $ref: '#/components/schemas/SingleLogoutProfile' - requestValidation: $ref: '#/components/schemas/SAMLRequestValidation' - responseSigning: $ref: '#/components/schemas/SAMLResponseSigning' - enableAssertionQueryProfile: type: boolean default: false - OpenIDConnectConfiguration: type: object required: @@ -4696,6 +4722,8 @@ components: $ref: '#/components/schemas/AccessTokenConfiguration' refreshToken: $ref: '#/components/schemas/RefreshTokenConfiguration' + subjectToken: + $ref: '#/components/schemas/SubjectTokenConfiguration' idToken: $ref: '#/components/schemas/IdTokenConfiguration' logout: @@ -4711,6 +4739,19 @@ components: - XACML Scope Validator items: type: string + clientAuthentication: + $ref: '#/components/schemas/ClientAuthenticationConfiguration' + requestObject: + $ref: '#/components/schemas/RequestObjectConfiguration' + pushAuthorizationRequest: + $ref: '#/components/schemas/PushAuthorizationRequestConfiguration' + subject: + $ref: '#/components/schemas/SubjectConfiguration' + isFAPIApplication: + type: boolean + default: false + description: Enabling this option will make the application FAPI conformant. + example: false OAuth2PKCEConfiguration: type: object properties: @@ -4759,6 +4800,15 @@ components: description: Decides whether the refresh token needs to be renewed during refresh grant flow. type: boolean example: true + SubjectTokenConfiguration: + type: object + properties: + enable: + type: boolean + description: "If enabled, subject token can be issued for token exchange grant type." + applicationSubjectTokenExpiryInSeconds: + type: integer + example: 3600 IdTokenConfiguration: type: object properties: @@ -4773,6 +4823,9 @@ components: - 'http://idp.abc.com' items: type: string + idTokenSignedResponseAlg: + type: string + example: 'PS256' encryption: $ref: '#/components/schemas/IdTokenEncryptionConfiguration' IdTokenEncryptionConfiguration: @@ -4788,6 +4841,50 @@ components: method: type: string example: A128CBC+HS256 + ClientAuthenticationConfiguration: + type: object + properties: + tokenEndpointAuthMethod: + type: string + example: 'client_secret_basic' + tokenEndpointAuthSigningAlg: + type: string + example: 'PS256' + tlsClientAuthSubjectDn: + type: string + example: 'CN=John Doe,OU=OrgUnit,O=Organization,L=Colombo,ST=Western,C=LK' + RequestObjectConfiguration: + type: object + properties: + requestObjectSigningAlg: + type: string + example: 'PS256' + encryption: + $ref: '#/components/schemas/RequestObjectEncryptionConfiguration' + RequestObjectEncryptionConfiguration: + type: object + properties: + algorithm: + type: string + example: RSA-OAEP + method: + type: string + example: A128CBC+HS256 + PushAuthorizationRequestConfiguration: + type: object + properties: + requirePushAuthorizationRequest: + type: boolean + example: false + SubjectConfiguration: + type: object + properties: + subjectType: + type: string + example: 'public' + sectorIdentifierUri: + type: string + example: 'https://app.example.com' OIDCLogoutConfiguration: type: object properties: @@ -4807,6 +4904,8 @@ components: type: string replyTo: type: string + replyToLogout: + type: string WSTrustConfiguration: type: object required: @@ -4879,7 +4978,6 @@ components: type: integer default: 1 example: 1 - AuthenticationStepModel: type: object required: @@ -4907,7 +5005,6 @@ components: authenticator: type: string example: basic - AuthProtocolMetadata: type: object properties: @@ -4928,6 +5025,31 @@ components: defaultValue: type: string example: 'Option 1' + ClientAuthenticationMethodMetadata: + type: object + properties: + options: + type: array + items: + $ref: '#/components/schemas/ClientAuthenticationMethod' + FapiMetadata: + type: object + properties: + allowedSignatureAlgorithms: + $ref: '#/components/schemas/MetadataProperty' + allowedEncryptionAlgorithms: + $ref: '#/components/schemas/MetadataProperty' + tokenEndpointAuthMethod: + $ref: '#/components/schemas/ClientAuthenticationMethodMetadata' + ClientAuthenticationMethod: + type: object + properties: + name: + type: string + example: private_key_jwt + displayName: + type: string + example: Private Key JWT GrantTypeMetaData: type: object properties: @@ -4987,6 +5109,22 @@ components: $ref: '#/components/schemas/MetadataProperty' accessTokenBindingType: $ref: '#/components/schemas/MetadataProperty' + tokenEndpointAuthMethod: + $ref: '#/components/schemas/ClientAuthenticationMethodMetadata' + tokenEndpointSignatureAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + idTokenSignatureAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + requestObjectSignatureAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + requestObjectEncryptionAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + requestObjectEncryptionMethod: + $ref: '#/components/schemas/MetadataProperty' + subjectType: + $ref: '#/components/schemas/MetadataProperty' + fapiMetadata: + $ref: '#/components/schemas/FapiMetadata' WSTrustMetaData: type: object properties: @@ -5043,14 +5181,12 @@ components: isConfidential: type: boolean default: false - AdaptiveAuthTemplates: type: object properties: templatesJSON: type: string example: 'Adaptive Auth Templates JSON' - FileUpload: type: object properties: @@ -5065,7 +5201,6 @@ components: type: array items: $ref: '#/components/schemas/ApplicationTemplatesListItem' - ApplicationTemplatesListItem: type: object properties: @@ -5175,7 +5310,6 @@ components: type: array items: $ref: '#/components/schemas/AuthorizedScope' - AuthorizedScope: type: object properties: @@ -5188,7 +5322,6 @@ components: displayName: type: string example: Read Bookings - AuthorizedAPICreationModel: type: object properties: @@ -5203,7 +5336,6 @@ components: items: type: string example: bookings:read - AuthorizedAPIPatchModel: type: object properties: @@ -5291,7 +5423,6 @@ components: ref: type: string example: '/t/wso2.com/api/server/v1/organizations/b4526d91-a8bf-43d2-8b14-c548cf73065b' - servers: - url: 'https://{serverUrl}/t/{tenantDomain}/api/server/v1' variables: