diff --git a/EXAMPLES.md b/EXAMPLES.md index 8c04d8c0..1ccbf8a0 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -193,4 +193,27 @@ if err != nil { log.Fatalf("error was %+v", err) } log.Printf("User %s", user.GetOurCustomID()) -``` \ No newline at end of file +``` + +To handle nullable fields, create a custom struct without the omitempty tag and set it to null using a custom request. + +```go +// Define a custom struct similar to the `Tenant` struct exposed by the SDK but without the `omitempty` tag. +type CustomTenant struct { +AcrValuesSupported *[]string `json:"acr_values_supported"` +MTLS *management.MTLSConfiguration `json:"mtls"` +} + +// Create a custom request to set the nullable fields to null. +nullableTenantSettings := &CustomTenant{ +AcrValuesSupported: nil, +MTLS: nil, +} + +err := auth0API.Request(context.Background(), http.MethodPatch, auth0API.URI("tenants", "settings"), nullableTenantSettings) +if err != nil { +log.Fatalf("error was %+v", err) +} + +log.Printf("Tenant %+v", tenant) +``` diff --git a/management/client.go b/management/client.go index f4e546c9..d0131443 100644 --- a/management/client.go +++ b/management/client.go @@ -118,6 +118,75 @@ type Client struct { // URLs that are valid to call back from Auth0 for OIDC logout. OIDCLogout *OIDCLogout `json:"oidc_logout,omitempty"` + + // SignedRequestObject JWT-secured Authorization Requests (JAR) settings for the client. + SignedRequestObject *SignedRequestObject `json:"signed_request_object,omitempty"` + + // ComplianceLevel Defines the compliance level for this client, which may restrict it's capabilities + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/clients/{id} + // + // { + // "compliance_level": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + ComplianceLevel *string `json:"compliance_level,omitempty"` + + // RequireProofOfPossession Makes the use of Proof-of-Possession mandatory for this client (default: false). + RequireProofOfPossession *bool `json:"require_proof_of_possession,omitempty"` +} + +// SignedRequestObject is used to configure JWT-secured Authorization Requests (JAR) settings for our Client. +type SignedRequestObject struct { + // Indicates whether the JAR requests are mandatory + Required *bool `json:"required,omitempty"` + + // Credentials used to sign the JAR requests + Credentials *[]Credential `json:"credentials,omitempty"` +} + +// CleanForPatch removes unnecessary fields from the client object before patching. +func (c *Client) CleanForPatch() { + if c.SignedRequestObject != nil && c.SignedRequestObject.Credentials != nil { + var credentials []Credential + for _, cred := range *c.SignedRequestObject.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.SignedRequestObject.Credentials = &credentials + } + if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.TLSClientAuth != nil && c.ClientAuthenticationMethods.TLSClientAuth.Credentials != nil { + var credentials []Credential + for _, cred := range *c.ClientAuthenticationMethods.TLSClientAuth.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.ClientAuthenticationMethods.TLSClientAuth.Credentials = &credentials + } + if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.SelfSignedTLSClientAuth != nil && c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials != nil { + var credentials []Credential + for _, cred := range *c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials = &credentials + } + if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.PrivateKeyJWT != nil && c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials != nil { + var credentials []Credential + for _, cred := range *c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials = &credentials + } } // ClientJWTConfiguration is used to configure JWT settings for our Client. @@ -131,7 +200,7 @@ type ClientJWTConfiguration struct { Scopes *map[string]string `json:"scopes,omitempty"` - // Algorithm used to sign JWTs. Can be "HS256" or "RS256" + // Algorithm used to sign JWTs. Can be `HS256` or `RS256`. `PS256` available via addon" Algorithm *string `json:"alg,omitempty"` } @@ -215,11 +284,37 @@ type Credential struct { UpdatedAt *time.Time `json:"updated_at,omitempty"` // The time that this credential will expire. ExpiresAt *time.Time `json:"expires_at,omitempty"` + // Subject Distinguished Name. Mutually exclusive with `pem` property. + SubjectDN *string `json:"subject_dn,omitempty"` + // The SHA256 thumbprint of the x509_cert certificate. + ThumbprintSHA256 *string `json:"thumbprint_sha256,omitempty"` } // ClientAuthenticationMethods defines client authentication method settings for the client. type ClientAuthenticationMethods struct { PrivateKeyJWT *PrivateKeyJWT `json:"private_key_jwt,omitempty"` + + // TLSClientAuth defines the `tls_client_auth` client authentication method settings for the client. + // If the property is defined, the client is configured to use CA-based mTLS authentication method + TLSClientAuth *TLSClientAuth `json:"tls_client_auth,omitempty"` + + // SelfSignedTLSClientAuth defines the `self_signed_tls_client_auth` client authentication method settings for the client. + // If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate + SelfSignedTLSClientAuth *SelfSignedTLSClientAuth `json:"self_signed_tls_client_auth,omitempty"` +} + +// TLSClientAuth defines the `tls_client_auth` client authentication method settings for the client. +type TLSClientAuth struct { + // Fully defined credentials that will be enabled on the client for CA-based mTLS authentication. + // A list of unique and previously created credential IDs enabled on the client for CA-based mTLS authentication. + Credentials *[]Credential `json:"credentials,omitempty"` +} + +// SelfSignedTLSClientAuth defines the `self_signed_tls_client_auth` client authentication method settings for the client. +type SelfSignedTLSClientAuth struct { + // Fully defined credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificate. + // A list of unique and previously created credential IDs enabled on the client for mTLS authentication utilizing self-signed certificate. + Credentials *[]Credential `json:"credentials,omitempty"` } // PrivateKeyJWT defines the `private_key_jwt` client authentication method settings for the client. @@ -560,6 +655,7 @@ func (m *ClientManager) List(ctx context.Context, opts ...RequestOption) (c *Cli // // See: https://auth0.com/docs/api/management/v2#!/Clients/patch_clients_by_id func (m *ClientManager) Update(ctx context.Context, id string, c *Client, opts ...RequestOption) (err error) { + c.CleanForPatch() return m.management.Request(ctx, "PATCH", m.management.URI("clients", id), c, opts...) } diff --git a/management/client_test.go b/management/client_test.go index 73e4dade..f7d073ae 100644 --- a/management/client_test.go +++ b/management/client_test.go @@ -30,6 +30,223 @@ func TestClient_Create(t *testing.T) { }) } +func TestClientSignedRequestObject(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := &Client{ + Name: auth0.Stringf("Test Client (%s)", time.Now().Format(time.StampMilli)), + Description: auth0.String("This is just a test client."), + SignedRequestObject: &SignedRequestObject{ + Required: auth0.Bool(true), + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("public_key"), + PEM: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe +3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R +tHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao +JnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I +3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X +AWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG +I+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu ++a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8 +r38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW +i/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL +JbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f +aibASY5pIRiKENmbZELDtucCAwEAAQ== +-----END PUBLIC KEY-----`), + }, + }, + }, + JWTConfiguration: &ClientJWTConfiguration{Algorithm: auth0.String("PS256")}, + RequirePushedAuthorizationRequests: auth0.Bool(true), + ComplianceLevel: auth0.String("fapi1_adv_pkj_par"), + RequireProofOfPossession: auth0.Bool(true), + } + + err := api.Client.Create(context.Background(), expectedClient) + assert.NoError(t, err) + assert.NotEmpty(t, expectedClient.GetClientID()) + assert.Equal(t, true, expectedClient.GetSignedRequestObject().GetRequired()) + assert.Equal(t, "fapi1_adv_pkj_par", expectedClient.GetComplianceLevel()) + assert.Equal(t, "PS256", expectedClient.GetJWTConfiguration().GetAlgorithm()) + assert.Equal(t, true, expectedClient.GetRequirePushedAuthorizationRequests()) + assert.Equal(t, true, expectedClient.GetRequireProofOfPossession()) + + clientID := expectedClient.GetClientID() + expectedClient.ClientID = nil // Read-Only: Additional properties not allowed. + expectedClient.SigningKeys = nil // Read-Only: Additional properties not allowed. + expectedClient.JWTConfiguration.SecretEncoded = nil // Read-Only: Additional properties not allowed. + + updatedClient := expectedClient + updatedClient.SignedRequestObject.Required = auth0.Bool(false) + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + updatedClient.RequireProofOfPossession = auth0.Bool(false) + + err = api.Client.Update(context.Background(), clientID, updatedClient) + assert.NoError(t, err) + + assert.Equal(t, false, updatedClient.GetSignedRequestObject().GetRequired()) + assert.Equal(t, "fapi1_adv_mtls_par", updatedClient.GetComplianceLevel()) + assert.Equal(t, false, updatedClient.GetRequirePushedAuthorizationRequests()) + assert.Equal(t, "RS256", updatedClient.GetJWTConfiguration().GetAlgorithm()) + assert.Equal(t, false, updatedClient.GetRequireProofOfPossession()) + t.Cleanup(func() { + cleanupClient(t, expectedClient.GetClientID()) + }) +} + +func TestClientAuthenticationMethods(t *testing.T) { + updateAndVerifyClient := func(t *testing.T, clientID string, updatedClient *Client) { + err := api.Client.Update(context.Background(), clientID, updatedClient) + assert.NoError(t, err) + assert.Equal(t, "fapi1_adv_mtls_par", updatedClient.GetComplianceLevel()) + assert.Equal(t, false, updatedClient.GetRequirePushedAuthorizationRequests()) + assert.Equal(t, "RS256", updatedClient.GetJWTConfiguration().GetAlgorithm()) + } + + cleanupTestClient := func(t *testing.T, clientID string) { + t.Cleanup(func() { + cleanupClient(t, clientID) + }) + } + + t.Run("GetTLSClientAuth", func(t *testing.T) { + configureHTTPTestRecordings(t) + client := givenAClientAuthenticationMethodsClient(t, &TLSClientAuth{ + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("cert_subject_dn"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK +UDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM +BkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3 +MjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv +a3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV +BAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF +XrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9 +J3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL +msYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq +df6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj +mx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +qzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM +z3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9 +R6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf +mAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv +lmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr +So6zun26vAUJTu1o9CIjxw== +-----END CERTIFICATE-----`), + }, + }, + }) + + clientID := client.GetClientID() + client.ClientID = nil + client.SigningKeys = nil + client.JWTConfiguration.SecretEncoded = nil + + updatedClient := client + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + + updateAndVerifyClient(t, clientID, updatedClient) + cleanupTestClient(t, client.GetClientID()) + }) + + t.Run("GetSelfSignedTLSClientAuth", func(t *testing.T) { + configureHTTPTestRecordings(t) + client := givenAClientAuthenticationMethodsClient(t, &SelfSignedTLSClientAuth{ + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("x509_cert"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ +MQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh +bms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0 +REQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi +GA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC +SlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH +U3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG +A1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN +Tchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC +N6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi +MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC +fE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB +oaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD +aHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw +b3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1 +cHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4 +xiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw +9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ +jerREgM= +-----END CERTIFICATE-----`), + }, + }, + }) + + clientID := client.GetClientID() + client.ClientID = nil + client.SigningKeys = nil + client.JWTConfiguration.SecretEncoded = nil + + updatedClient := client + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + + updateAndVerifyClient(t, clientID, updatedClient) + cleanupTestClient(t, client.GetClientID()) + }) + + t.Run("GetPrivateKeyJWT", func(t *testing.T) { + configureHTTPTestRecordings(t) + client := givenAClientAuthenticationMethodsClient(t, &PrivateKeyJWT{ + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("public_key"), + PEM: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo +0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M +6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi +TSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi +yMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb +/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw +++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE +TjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH +PPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF +1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4 +XzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y +0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ== +-----END PUBLIC KEY-----`), + }, + }, + }) + + clientID := client.GetClientID() + client.ClientID = nil + client.SigningKeys = nil + client.JWTConfiguration.SecretEncoded = nil + + updatedClient := client + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + + updateAndVerifyClient(t, clientID, updatedClient) + cleanupTestClient(t, client.GetClientID()) + }) +} + func TestClient_Read(t *testing.T) { configureHTTPTestRecordings(t) @@ -290,6 +507,119 @@ func TestClient_DeleteCredential(t *testing.T) { assert.Implements(t, (*Error)(nil), err) assert.Equal(t, http.StatusNotFound, err.(Error).Status()) } +func TestClient_CreateAllCredential(t *testing.T) { + t.Run("Should create PrivateJWT Credential", func(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := givenAClient(t) + + credential := &Credential{ + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("public_key"), + PEM: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo +0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M +6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi +TSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi +yMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb +/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw +++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE +TjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH +PPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF +1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4 +XzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y +0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ== +-----END PUBLIC KEY-----`), + } + + err := api.Client.CreateCredential(context.Background(), expectedClient.GetClientID(), credential) + assert.NoError(t, err) + assert.NotEmpty(t, credential.GetID()) + + t.Cleanup(func() { + cleanupCredential(t, expectedClient.GetClientID(), credential.GetID()) + }) + }) + t.Run("Should create TLSClientAuth Credential", func(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := givenAClient(t) + + credential := &Credential{ + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("cert_subject_dn"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK +UDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM +BkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3 +MjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv +a3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV +BAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF +XrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9 +J3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL +msYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq +df6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj +mx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +qzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM +z3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9 +R6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf +mAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv +lmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr +So6zun26vAUJTu1o9CIjxw== +-----END CERTIFICATE-----`), + } + + err := api.Client.CreateCredential(context.Background(), expectedClient.GetClientID(), credential) + assert.NoError(t, err) + assert.NotEmpty(t, credential.GetID()) + + t.Cleanup(func() { + cleanupCredential(t, expectedClient.GetClientID(), credential.GetID()) + }) + }) + t.Run("Should create SelfSignedTLSClientAuth Credential", func(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := givenAClient(t) + + credential := &Credential{ + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("x509_cert"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ +MQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh +bms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0 +REQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi +GA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC +SlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH +U3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG +A1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN +Tchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC +N6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi +MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC +fE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB +oaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD +aHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw +b3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1 +cHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4 +xiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw +9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ +jerREgM= +-----END CERTIFICATE-----`), + } + + err := api.Client.CreateCredential(context.Background(), expectedClient.GetClientID(), credential) + assert.NoError(t, err) + assert.NotEmpty(t, credential.GetID()) + + t.Cleanup(func() { + cleanupCredential(t, expectedClient.GetClientID(), credential.GetID()) + }) + }) +} func givenASimpleClient(t *testing.T) *Client { t.Helper() @@ -356,6 +686,41 @@ aibASY5pIRiKENmbZELDtucCAwEAAQ== return client } +func givenAClientAuthenticationMethodsClient(t *testing.T, authMethod interface{}) *Client { + client := &Client{ + Name: auth0.Stringf("Test Client (%s)", time.Now().Format(time.StampMilli)), + Description: auth0.String("This is just a test client."), + ClientAuthenticationMethods: &ClientAuthenticationMethods{ + TLSClientAuth: nil, + SelfSignedTLSClientAuth: nil, + PrivateKeyJWT: nil, + }, + JWTConfiguration: &ClientJWTConfiguration{Algorithm: auth0.String("PS256")}, + RequirePushedAuthorizationRequests: auth0.Bool(true), + ComplianceLevel: auth0.String("fapi1_adv_pkj_par"), + } + + switch v := authMethod.(type) { + case *TLSClientAuth: + client.ClientAuthenticationMethods.TLSClientAuth = v + case *SelfSignedTLSClientAuth: + client.ClientAuthenticationMethods.SelfSignedTLSClientAuth = v + case *PrivateKeyJWT: + client.ClientAuthenticationMethods.PrivateKeyJWT = v + default: + t.Fatalf("Unsupported authentication method") + } + + err := api.Client.Create(context.Background(), client) + assert.NoError(t, err) + assert.NotEmpty(t, client.GetClientID()) + assert.Equal(t, "fapi1_adv_pkj_par", client.GetComplianceLevel()) + assert.Equal(t, "PS256", client.GetJWTConfiguration().GetAlgorithm()) + assert.Equal(t, true, client.GetRequirePushedAuthorizationRequests()) + + return client +} + func cleanupClient(t *testing.T, clientID string) { t.Helper() diff --git a/management/connection.go b/management/connection.go index 08de8553..a4b58ace 100644 --- a/management/connection.go +++ b/management/connection.go @@ -454,12 +454,12 @@ type ConnectionOptionsAttributes struct { // ConnectionOptionsAttributeIdentifier defines whether an attribute is active as an identifier. type ConnectionOptionsAttributeIdentifier struct { - Active *bool `json:"active"` + Active *bool `json:"active,omitempty"` } // ConnectionOptionsAttributeSignup defines signup settings for an attribute. type ConnectionOptionsAttributeSignup struct { - Status *string `json:"status"` + Status *string `json:"status,omitempty"` // Verification settings for an attribute. Only applicable to email and phone_number attributes. Verification *ConnectionOptionsAttributeVerification `json:"verification,omitempty"` @@ -483,7 +483,7 @@ func (c *ConnectionOptionsUsernameAttribute) MarshalJSON() ([]byte, error) { // ConnectionOptionsAttributeVerification defines verification settings for an attribute. type ConnectionOptionsAttributeVerification struct { - Active *bool `json:"active"` + Active *bool `json:"active,omitempty"` } // ConnectionOptionsAttributeValidation defines validation settings for an attribute. @@ -495,21 +495,21 @@ type ConnectionOptionsAttributeValidation struct { // ConnectionOptionsAttributeAllowedTypes defines allowed types for an attribute. type ConnectionOptionsAttributeAllowedTypes struct { - Email *bool `json:"email"` - PhoneNumber *bool `json:"phone_number"` + Email *bool `json:"email,omitempty"` + PhoneNumber *bool `json:"phone_number,omitempty"` } // ConnectionOptionsEmailAttribute defines configuration settings for email attributes. type ConnectionOptionsEmailAttribute struct { Identifier *ConnectionOptionsAttributeIdentifier `json:"identifier,omitempty"` - ProfileRequired *bool `json:"profile_required"` + ProfileRequired *bool `json:"profile_required,omitempty"` Signup *ConnectionOptionsAttributeSignup `json:"signup,omitempty"` } // ConnectionOptionsUsernameAttribute defines configuration settings for username attributes. type ConnectionOptionsUsernameAttribute struct { Identifier *ConnectionOptionsAttributeIdentifier `json:"identifier,omitempty"` - ProfileRequired *bool `json:"profile_required"` + ProfileRequired *bool `json:"profile_required,omitempty"` Signup *ConnectionOptionsAttributeSignup `json:"signup,omitempty"` Validation *ConnectionOptionsAttributeValidation `json:"validation,omitempty"` } @@ -518,7 +518,7 @@ type ConnectionOptionsUsernameAttribute struct { // This attribute is available only when the Prompt 'identifier first' setting is enabled. type ConnectionOptionsPhoneNumberAttribute struct { Identifier *ConnectionOptionsAttributeIdentifier `json:"identifier,omitempty"` - ProfileRequired *bool `json:"profile_required"` + ProfileRequired *bool `json:"profile_required,omitempty"` Signup *ConnectionOptionsAttributeSignup `json:"signup,omitempty"` } diff --git a/management/connection_test.go b/management/connection_test.go index 693e88ab..e4875fc3 100644 --- a/management/connection_test.go +++ b/management/connection_test.go @@ -553,6 +553,14 @@ var Auth0ConnectionTestCase = []connectionTestCase{ Signup: &ConnectionOptionsAttributeSignup{ Status: auth0.String("required"), }, + Validation: &ConnectionOptionsAttributeValidation{ + MinLength: auth0.Int(1), + MaxLength: auth0.Int(5), + AllowedTypes: &ConnectionOptionsAttributeAllowedTypes{ + Email: auth0.Bool(true), + PhoneNumber: auth0.Bool(false), + }, + }, }, }, }, diff --git a/management/management.gen.go b/management/management.gen.go index d1ee414b..801ac4ee 100644 --- a/management/management.gen.go +++ b/management/management.gen.go @@ -673,6 +673,19 @@ func (a *AuthenticationMethods) String() string { return Stringify(a) } +// GetType returns the Type field if it's non-nil, zero value otherwise. +func (a *AuthorizationDetails) GetType() string { + if a == nil || a.Type == nil { + return "" + } + return *a.Type +} + +// String returns a string representation of AuthorizationDetails. +func (a *AuthorizationDetails) String() string { + return Stringify(a) +} + // GetLifetimeInSeconds returns the LifetimeInSeconds field if it's non-nil, zero value otherwise. func (a *AWSClientAddon) GetLifetimeInSeconds() int { if a == nil || a.LifetimeInSeconds == nil { @@ -1287,6 +1300,14 @@ func (c *Client) GetClientSecret() string { return *c.ClientSecret } +// GetComplianceLevel returns the ComplianceLevel field if it's non-nil, zero value otherwise. +func (c *Client) GetComplianceLevel() string { + if c == nil || c.ComplianceLevel == nil { + return "" + } + return *c.ComplianceLevel +} + // GetCrossOriginAuth returns the CrossOriginAuth field if it's non-nil, zero value otherwise. func (c *Client) GetCrossOriginAuth() bool { if c == nil || c.CrossOriginAuth == nil { @@ -1471,6 +1492,14 @@ func (c *Client) GetRefreshToken() *ClientRefreshToken { return c.RefreshToken } +// GetRequireProofOfPossession returns the RequireProofOfPossession field if it's non-nil, zero value otherwise. +func (c *Client) GetRequireProofOfPossession() bool { + if c == nil || c.RequireProofOfPossession == nil { + return false + } + return *c.RequireProofOfPossession +} + // GetRequirePushedAuthorizationRequests returns the RequirePushedAuthorizationRequests field if it's non-nil, zero value otherwise. func (c *Client) GetRequirePushedAuthorizationRequests() bool { if c == nil || c.RequirePushedAuthorizationRequests == nil { @@ -1479,6 +1508,14 @@ func (c *Client) GetRequirePushedAuthorizationRequests() bool { return *c.RequirePushedAuthorizationRequests } +// GetSignedRequestObject returns the SignedRequestObject field. +func (c *Client) GetSignedRequestObject() *SignedRequestObject { + if c == nil { + return nil + } + return c.SignedRequestObject +} + // GetSSO returns the SSO field if it's non-nil, zero value otherwise. func (c *Client) GetSSO() bool { if c == nil || c.SSO == nil { @@ -1761,6 +1798,22 @@ func (c *ClientAuthenticationMethods) GetPrivateKeyJWT() *PrivateKeyJWT { return c.PrivateKeyJWT } +// GetSelfSignedTLSClientAuth returns the SelfSignedTLSClientAuth field. +func (c *ClientAuthenticationMethods) GetSelfSignedTLSClientAuth() *SelfSignedTLSClientAuth { + if c == nil { + return nil + } + return c.SelfSignedTLSClientAuth +} + +// GetTLSClientAuth returns the TLSClientAuth field. +func (c *ClientAuthenticationMethods) GetTLSClientAuth() *TLSClientAuth { + if c == nil { + return nil + } + return c.TLSClientAuth +} + // String returns a string representation of ClientAuthenticationMethods. func (c *ClientAuthenticationMethods) String() string { return Stringify(c) @@ -6029,6 +6082,22 @@ func (c *Credential) GetPEM() string { return *c.PEM } +// GetSubjectDN returns the SubjectDN field if it's non-nil, zero value otherwise. +func (c *Credential) GetSubjectDN() string { + if c == nil || c.SubjectDN == nil { + return "" + } + return *c.SubjectDN +} + +// GetThumbprintSHA256 returns the ThumbprintSHA256 field if it's non-nil, zero value otherwise. +func (c *Credential) GetThumbprintSHA256() string { + if c == nil || c.ThumbprintSHA256 == nil { + return "" + } + return *c.ThumbprintSHA256 +} + // GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise. func (c *Credential) GetUpdatedAt() time.Time { if c == nil || c.UpdatedAt == nil { @@ -6600,6 +6669,43 @@ func (e *EmailTemplate) String() string { return Stringify(e) } +// GetAlg returns the Alg field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetAlg() string { + if e == nil || e.Alg == nil { + return "" + } + return *e.Alg +} + +// GetKid returns the Kid field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetKid() string { + if e == nil || e.Kid == nil { + return "" + } + return *e.Kid +} + +// GetName returns the Name field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetName() string { + if e == nil || e.Name == nil { + return "" + } + return *e.Name +} + +// GetPem returns the Pem field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetPem() string { + if e == nil || e.Pem == nil { + return "" + } + return *e.Pem +} + +// String returns a string representation of EncryptionKey. +func (e *EncryptionKey) String() string { + return Stringify(e) +} + // GetEnrolledAt returns the EnrolledAt field if it's non-nil, zero value otherwise. func (e *Enrollment) GetEnrolledAt() time.Time { if e == nil || e.EnrolledAt == nil { @@ -7544,6 +7650,19 @@ func (m *MSCRMClientAddon) String() string { return Stringify(m) } +// GetEnableEndpointAliases returns the EnableEndpointAliases field if it's non-nil, zero value otherwise. +func (m *MTLSConfiguration) GetEnableEndpointAliases() bool { + if m == nil || m.EnableEndpointAliases == nil { + return false + } + return *m.EnableEndpointAliases +} + +// String returns a string representation of MTLSConfiguration. +func (m *MTLSConfiguration) String() string { + return Stringify(m) +} + // GetEnabled returns the Enabled field if it's non-nil, zero value otherwise. func (m *MultiFactor) GetEnabled() bool { if m == nil || m.Enabled == nil { @@ -8472,6 +8591,27 @@ func (p *PromptPartials) String() string { return Stringify(p) } +// GetMechanism returns the Mechanism field if it's non-nil, zero value otherwise. +func (p *ProofOfPossession) GetMechanism() string { + if p == nil || p.Mechanism == nil { + return "" + } + return *p.Mechanism +} + +// GetRequired returns the Required field if it's non-nil, zero value otherwise. +func (p *ProofOfPossession) GetRequired() bool { + if p == nil || p.Required == nil { + return false + } + return *p.Required +} + +// String returns a string representation of ProofOfPossession. +func (p *ProofOfPossession) String() string { + return Stringify(p) +} + // GetClientID returns the ClientID field if it's non-nil, zero value otherwise. func (r *RefreshToken) GetClientID() string { if r == nil || r.ClientID == nil { @@ -8575,6 +8715,22 @@ func (r *ResourceServer) GetAllowOfflineAccess() bool { return *r.AllowOfflineAccess } +// GetAuthorizationDetails returns the AuthorizationDetails field if it's non-nil, zero value otherwise. +func (r *ResourceServer) GetAuthorizationDetails() []AuthorizationDetails { + if r == nil || r.AuthorizationDetails == nil { + return nil + } + return *r.AuthorizationDetails +} + +// GetConsentPolicy returns the ConsentPolicy field if it's non-nil, zero value otherwise. +func (r *ResourceServer) GetConsentPolicy() string { + if r == nil || r.ConsentPolicy == nil { + return "" + } + return *r.ConsentPolicy +} + // GetEnforcePolicies returns the EnforcePolicies field if it's non-nil, zero value otherwise. func (r *ResourceServer) GetEnforcePolicies() bool { if r == nil || r.EnforcePolicies == nil { @@ -8615,6 +8771,14 @@ func (r *ResourceServer) GetOptions() map[string]string { return *r.Options } +// GetProofOfPossession returns the ProofOfPossession field. +func (r *ResourceServer) GetProofOfPossession() *ProofOfPossession { + if r == nil { + return nil + } + return r.ProofOfPossession +} + // GetScopes returns the Scopes field if it's non-nil, zero value otherwise. func (r *ResourceServer) GetScopes() []ResourceServerScope { if r == nil || r.Scopes == nil { @@ -8655,6 +8819,14 @@ func (r *ResourceServer) GetTokenDialect() string { return *r.TokenDialect } +// GetTokenEncryption returns the TokenEncryption field. +func (r *ResourceServer) GetTokenEncryption() *TokenEncryption { + if r == nil { + return nil + } + return r.TokenEncryption +} + // GetTokenLifetime returns the TokenLifetime field if it's non-nil, zero value otherwise. func (r *ResourceServer) GetTokenLifetime() int { if r == nil || r.TokenLifetime == nil { @@ -9418,6 +9590,19 @@ func (s *SelfServiceProfileUserAttributes) String() string { return Stringify(s) } +// GetCredentials returns the Credentials field if it's non-nil, zero value otherwise. +func (s *SelfSignedTLSClientAuth) GetCredentials() []Credential { + if s == nil || s.Credentials == nil { + return nil + } + return *s.Credentials +} + +// String returns a string representation of SelfSignedTLSClientAuth. +func (s *SelfSignedTLSClientAuth) String() string { + return Stringify(s) +} + // GetBaseURL returns the BaseURL field if it's non-nil, zero value otherwise. func (s *SentryClientAddon) GetBaseURL() string { if s == nil || s.BaseURL == nil { @@ -9460,6 +9645,27 @@ func (s *SharePointClientAddon) String() string { return Stringify(s) } +// GetCredentials returns the Credentials field if it's non-nil, zero value otherwise. +func (s *SignedRequestObject) GetCredentials() []Credential { + if s == nil || s.Credentials == nil { + return nil + } + return *s.Credentials +} + +// GetRequired returns the Required field if it's non-nil, zero value otherwise. +func (s *SignedRequestObject) GetRequired() bool { + if s == nil || s.Required == nil { + return false + } + return *s.Required +} + +// String returns a string representation of SignedRequestObject. +func (s *SignedRequestObject) String() string { + return Stringify(s) +} + // GetCert returns the Cert field if it's non-nil, zero value otherwise. func (s *SigningKey) GetCert() string { if s == nil || s.Cert == nil { @@ -9666,6 +9872,14 @@ func (s *SuspiciousIPThrottling) String() string { return Stringify(s) } +// GetAcrValuesSupported returns the AcrValuesSupported field if it's non-nil, zero value otherwise. +func (t *Tenant) GetAcrValuesSupported() []string { + if t == nil || t.AcrValuesSupported == nil { + return nil + } + return *t.AcrValuesSupported +} + // GetAllowedLogoutURLs returns the AllowedLogoutURLs field if it's non-nil, zero value otherwise. func (t *Tenant) GetAllowedLogoutURLs() []string { if t == nil || t.AllowedLogoutURLs == nil { @@ -9778,6 +9992,14 @@ func (t *Tenant) GetIdleSessionLifetime() float64 { return *t.IdleSessionLifetime } +// GetMTLS returns the MTLS field. +func (t *Tenant) GetMTLS() *MTLSConfiguration { + if t == nil { + return nil + } + return t.MTLS +} + // GetPictureURL returns the PictureURL field if it's non-nil, zero value otherwise. func (t *Tenant) GetPictureURL() string { if t == nil || t.PictureURL == nil { @@ -9786,6 +10008,14 @@ func (t *Tenant) GetPictureURL() string { return *t.PictureURL } +// GetPushedAuthorizationRequestsSupported returns the PushedAuthorizationRequestsSupported field if it's non-nil, zero value otherwise. +func (t *Tenant) GetPushedAuthorizationRequestsSupported() bool { + if t == nil || t.PushedAuthorizationRequestsSupported == nil { + return false + } + return *t.PushedAuthorizationRequestsSupported +} + // GetSandboxVersion returns the SandboxVersion field if it's non-nil, zero value otherwise. func (t *Tenant) GetSandboxVersion() string { if t == nil || t.SandboxVersion == nil { @@ -10110,6 +10340,14 @@ func (t *TenantFlags) GetNoDisclosureEnterpriseConnections() bool { return *t.NoDisclosureEnterpriseConnections } +// GetRemoveAlgFromJWKS returns the RemoveAlgFromJWKS field if it's non-nil, zero value otherwise. +func (t *TenantFlags) GetRemoveAlgFromJWKS() bool { + if t == nil || t.RemoveAlgFromJWKS == nil { + return false + } + return *t.RemoveAlgFromJWKS +} + // GetRequirePushedAuthorizationRequests returns the RequirePushedAuthorizationRequests field if it's non-nil, zero value otherwise. func (t *TenantFlags) GetRequirePushedAuthorizationRequests() bool { if t == nil || t.RequirePushedAuthorizationRequests == nil { @@ -10321,6 +10559,40 @@ func (t *Ticket) String() string { return Stringify(t) } +// GetCredentials returns the Credentials field if it's non-nil, zero value otherwise. +func (t *TLSClientAuth) GetCredentials() []Credential { + if t == nil || t.Credentials == nil { + return nil + } + return *t.Credentials +} + +// String returns a string representation of TLSClientAuth. +func (t *TLSClientAuth) String() string { + return Stringify(t) +} + +// GetEncryptionKey returns the EncryptionKey field. +func (t *TokenEncryption) GetEncryptionKey() *EncryptionKey { + if t == nil { + return nil + } + return t.EncryptionKey +} + +// GetFormat returns the Format field if it's non-nil, zero value otherwise. +func (t *TokenEncryption) GetFormat() string { + if t == nil || t.Format == nil { + return "" + } + return *t.Format +} + +// String returns a string representation of TokenEncryption. +func (t *TokenEncryption) String() string { + return Stringify(t) +} + // GetAppMetadata returns the AppMetadata field if it's non-nil, zero value otherwise. func (u *User) GetAppMetadata() map[string]interface{} { if u == nil || u.AppMetadata == nil { diff --git a/management/management.gen_test.go b/management/management.gen_test.go index 786a9b5a..af32d548 100644 --- a/management/management.gen_test.go +++ b/management/management.gen_test.go @@ -855,6 +855,24 @@ func TestAuthenticationMethods_String(t *testing.T) { } } +func TestAuthorizationDetails_GetType(tt *testing.T) { + var zeroValue string + a := &AuthorizationDetails{Type: &zeroValue} + a.GetType() + a = &AuthorizationDetails{} + a.GetType() + a = nil + a.GetType() +} + +func TestAuthorizationDetails_String(t *testing.T) { + var rawJSON json.RawMessage + v := &AuthorizationDetails{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestAWSClientAddon_GetLifetimeInSeconds(tt *testing.T) { var zeroValue int a := &AWSClientAddon{LifetimeInSeconds: &zeroValue} @@ -1640,6 +1658,16 @@ func TestClient_GetClientSecret(tt *testing.T) { c.GetClientSecret() } +func TestClient_GetComplianceLevel(tt *testing.T) { + var zeroValue string + c := &Client{ComplianceLevel: &zeroValue} + c.GetComplianceLevel() + c = &Client{} + c.GetComplianceLevel() + c = nil + c.GetComplianceLevel() +} + func TestClient_GetCrossOriginAuth(tt *testing.T) { var zeroValue bool c := &Client{CrossOriginAuth: &zeroValue} @@ -1852,6 +1880,16 @@ func TestClient_GetRefreshToken(tt *testing.T) { c.GetRefreshToken() } +func TestClient_GetRequireProofOfPossession(tt *testing.T) { + var zeroValue bool + c := &Client{RequireProofOfPossession: &zeroValue} + c.GetRequireProofOfPossession() + c = &Client{} + c.GetRequireProofOfPossession() + c = nil + c.GetRequireProofOfPossession() +} + func TestClient_GetRequirePushedAuthorizationRequests(tt *testing.T) { var zeroValue bool c := &Client{RequirePushedAuthorizationRequests: &zeroValue} @@ -1862,6 +1900,13 @@ func TestClient_GetRequirePushedAuthorizationRequests(tt *testing.T) { c.GetRequirePushedAuthorizationRequests() } +func TestClient_GetSignedRequestObject(tt *testing.T) { + c := &Client{} + c.GetSignedRequestObject() + c = nil + c.GetSignedRequestObject() +} + func TestClient_GetSSO(tt *testing.T) { var zeroValue bool c := &Client{SSO: &zeroValue} @@ -2128,6 +2173,20 @@ func TestClientAuthenticationMethods_GetPrivateKeyJWT(tt *testing.T) { c.GetPrivateKeyJWT() } +func TestClientAuthenticationMethods_GetSelfSignedTLSClientAuth(tt *testing.T) { + c := &ClientAuthenticationMethods{} + c.GetSelfSignedTLSClientAuth() + c = nil + c.GetSelfSignedTLSClientAuth() +} + +func TestClientAuthenticationMethods_GetTLSClientAuth(tt *testing.T) { + c := &ClientAuthenticationMethods{} + c.GetTLSClientAuth() + c = nil + c.GetTLSClientAuth() +} + func TestClientAuthenticationMethods_String(t *testing.T) { var rawJSON json.RawMessage v := &ClientAuthenticationMethods{} @@ -7455,6 +7514,26 @@ func TestCredential_GetPEM(tt *testing.T) { c.GetPEM() } +func TestCredential_GetSubjectDN(tt *testing.T) { + var zeroValue string + c := &Credential{SubjectDN: &zeroValue} + c.GetSubjectDN() + c = &Credential{} + c.GetSubjectDN() + c = nil + c.GetSubjectDN() +} + +func TestCredential_GetThumbprintSHA256(tt *testing.T) { + var zeroValue string + c := &Credential{ThumbprintSHA256: &zeroValue} + c.GetThumbprintSHA256() + c = &Credential{} + c.GetThumbprintSHA256() + c = nil + c.GetThumbprintSHA256() +} + func TestCredential_GetUpdatedAt(tt *testing.T) { var zeroValue time.Time c := &Credential{UpdatedAt: &zeroValue} @@ -8197,6 +8276,54 @@ func TestEmailTemplate_String(t *testing.T) { } } +func TestEncryptionKey_GetAlg(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Alg: &zeroValue} + e.GetAlg() + e = &EncryptionKey{} + e.GetAlg() + e = nil + e.GetAlg() +} + +func TestEncryptionKey_GetKid(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Kid: &zeroValue} + e.GetKid() + e = &EncryptionKey{} + e.GetKid() + e = nil + e.GetKid() +} + +func TestEncryptionKey_GetName(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Name: &zeroValue} + e.GetName() + e = &EncryptionKey{} + e.GetName() + e = nil + e.GetName() +} + +func TestEncryptionKey_GetPem(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Pem: &zeroValue} + e.GetPem() + e = &EncryptionKey{} + e.GetPem() + e = nil + e.GetPem() +} + +func TestEncryptionKey_String(t *testing.T) { + var rawJSON json.RawMessage + v := &EncryptionKey{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestEnrollment_GetEnrolledAt(tt *testing.T) { var zeroValue time.Time e := &Enrollment{EnrolledAt: &zeroValue} @@ -9413,6 +9540,24 @@ func TestMSCRMClientAddon_String(t *testing.T) { } } +func TestMTLSConfiguration_GetEnableEndpointAliases(tt *testing.T) { + var zeroValue bool + m := &MTLSConfiguration{EnableEndpointAliases: &zeroValue} + m.GetEnableEndpointAliases() + m = &MTLSConfiguration{} + m.GetEnableEndpointAliases() + m = nil + m.GetEnableEndpointAliases() +} + +func TestMTLSConfiguration_String(t *testing.T) { + var rawJSON json.RawMessage + v := &MTLSConfiguration{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestMultiFactor_GetEnabled(tt *testing.T) { var zeroValue bool m := &MultiFactor{Enabled: &zeroValue} @@ -10628,6 +10773,34 @@ func TestPromptPartials_String(t *testing.T) { } } +func TestProofOfPossession_GetMechanism(tt *testing.T) { + var zeroValue string + p := &ProofOfPossession{Mechanism: &zeroValue} + p.GetMechanism() + p = &ProofOfPossession{} + p.GetMechanism() + p = nil + p.GetMechanism() +} + +func TestProofOfPossession_GetRequired(tt *testing.T) { + var zeroValue bool + p := &ProofOfPossession{Required: &zeroValue} + p.GetRequired() + p = &ProofOfPossession{} + p.GetRequired() + p = nil + p.GetRequired() +} + +func TestProofOfPossession_String(t *testing.T) { + var rawJSON json.RawMessage + v := &ProofOfPossession{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestRefreshToken_GetClientID(tt *testing.T) { var zeroValue string r := &RefreshToken{ClientID: &zeroValue} @@ -10762,6 +10935,26 @@ func TestResourceServer_GetAllowOfflineAccess(tt *testing.T) { r.GetAllowOfflineAccess() } +func TestResourceServer_GetAuthorizationDetails(tt *testing.T) { + var zeroValue []AuthorizationDetails + r := &ResourceServer{AuthorizationDetails: &zeroValue} + r.GetAuthorizationDetails() + r = &ResourceServer{} + r.GetAuthorizationDetails() + r = nil + r.GetAuthorizationDetails() +} + +func TestResourceServer_GetConsentPolicy(tt *testing.T) { + var zeroValue string + r := &ResourceServer{ConsentPolicy: &zeroValue} + r.GetConsentPolicy() + r = &ResourceServer{} + r.GetConsentPolicy() + r = nil + r.GetConsentPolicy() +} + func TestResourceServer_GetEnforcePolicies(tt *testing.T) { var zeroValue bool r := &ResourceServer{EnforcePolicies: &zeroValue} @@ -10812,6 +11005,13 @@ func TestResourceServer_GetOptions(tt *testing.T) { r.GetOptions() } +func TestResourceServer_GetProofOfPossession(tt *testing.T) { + r := &ResourceServer{} + r.GetProofOfPossession() + r = nil + r.GetProofOfPossession() +} + func TestResourceServer_GetScopes(tt *testing.T) { var zeroValue []ResourceServerScope r := &ResourceServer{Scopes: &zeroValue} @@ -10862,6 +11062,13 @@ func TestResourceServer_GetTokenDialect(tt *testing.T) { r.GetTokenDialect() } +func TestResourceServer_GetTokenEncryption(tt *testing.T) { + r := &ResourceServer{} + r.GetTokenEncryption() + r = nil + r.GetTokenEncryption() +} + func TestResourceServer_GetTokenLifetime(tt *testing.T) { var zeroValue int r := &ResourceServer{TokenLifetime: &zeroValue} @@ -11847,6 +12054,24 @@ func TestSelfServiceProfileUserAttributes_String(t *testing.T) { } } +func TestSelfSignedTLSClientAuth_GetCredentials(tt *testing.T) { + var zeroValue []Credential + s := &SelfSignedTLSClientAuth{Credentials: &zeroValue} + s.GetCredentials() + s = &SelfSignedTLSClientAuth{} + s.GetCredentials() + s = nil + s.GetCredentials() +} + +func TestSelfSignedTLSClientAuth_String(t *testing.T) { + var rawJSON json.RawMessage + v := &SelfSignedTLSClientAuth{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestSentryClientAddon_GetBaseURL(tt *testing.T) { var zeroValue string s := &SentryClientAddon{BaseURL: &zeroValue} @@ -11903,6 +12128,34 @@ func TestSharePointClientAddon_String(t *testing.T) { } } +func TestSignedRequestObject_GetCredentials(tt *testing.T) { + var zeroValue []Credential + s := &SignedRequestObject{Credentials: &zeroValue} + s.GetCredentials() + s = &SignedRequestObject{} + s.GetCredentials() + s = nil + s.GetCredentials() +} + +func TestSignedRequestObject_GetRequired(tt *testing.T) { + var zeroValue bool + s := &SignedRequestObject{Required: &zeroValue} + s.GetRequired() + s = &SignedRequestObject{} + s.GetRequired() + s = nil + s.GetRequired() +} + +func TestSignedRequestObject_String(t *testing.T) { + var rawJSON json.RawMessage + v := &SignedRequestObject{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestSigningKey_GetCert(tt *testing.T) { var zeroValue string s := &SigningKey{Cert: &zeroValue} @@ -12162,6 +12415,16 @@ func TestSuspiciousIPThrottling_String(t *testing.T) { } } +func TestTenant_GetAcrValuesSupported(tt *testing.T) { + var zeroValue []string + t := &Tenant{AcrValuesSupported: &zeroValue} + t.GetAcrValuesSupported() + t = &Tenant{} + t.GetAcrValuesSupported() + t = nil + t.GetAcrValuesSupported() +} + func TestTenant_GetAllowedLogoutURLs(tt *testing.T) { var zeroValue []string t := &Tenant{AllowedLogoutURLs: &zeroValue} @@ -12287,6 +12550,13 @@ func TestTenant_GetIdleSessionLifetime(tt *testing.T) { t.GetIdleSessionLifetime() } +func TestTenant_GetMTLS(tt *testing.T) { + t := &Tenant{} + t.GetMTLS() + t = nil + t.GetMTLS() +} + func TestTenant_GetPictureURL(tt *testing.T) { var zeroValue string t := &Tenant{PictureURL: &zeroValue} @@ -12297,6 +12567,16 @@ func TestTenant_GetPictureURL(tt *testing.T) { t.GetPictureURL() } +func TestTenant_GetPushedAuthorizationRequestsSupported(tt *testing.T) { + var zeroValue bool + t := &Tenant{PushedAuthorizationRequestsSupported: &zeroValue} + t.GetPushedAuthorizationRequestsSupported() + t = &Tenant{} + t.GetPushedAuthorizationRequestsSupported() + t = nil + t.GetPushedAuthorizationRequestsSupported() +} + func TestTenant_GetSandboxVersion(tt *testing.T) { var zeroValue string t := &Tenant{SandboxVersion: &zeroValue} @@ -12700,6 +12980,16 @@ func TestTenantFlags_GetNoDisclosureEnterpriseConnections(tt *testing.T) { t.GetNoDisclosureEnterpriseConnections() } +func TestTenantFlags_GetRemoveAlgFromJWKS(tt *testing.T) { + var zeroValue bool + t := &TenantFlags{RemoveAlgFromJWKS: &zeroValue} + t.GetRemoveAlgFromJWKS() + t = &TenantFlags{} + t.GetRemoveAlgFromJWKS() + t = nil + t.GetRemoveAlgFromJWKS() +} + func TestTenantFlags_GetRequirePushedAuthorizationRequests(tt *testing.T) { var zeroValue bool t := &TenantFlags{RequirePushedAuthorizationRequests: &zeroValue} @@ -12970,6 +13260,49 @@ func TestTicket_String(t *testing.T) { } } +func TestTLSClientAuth_GetCredentials(tt *testing.T) { + var zeroValue []Credential + t := &TLSClientAuth{Credentials: &zeroValue} + t.GetCredentials() + t = &TLSClientAuth{} + t.GetCredentials() + t = nil + t.GetCredentials() +} + +func TestTLSClientAuth_String(t *testing.T) { + var rawJSON json.RawMessage + v := &TLSClientAuth{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + +func TestTokenEncryption_GetEncryptionKey(tt *testing.T) { + t := &TokenEncryption{} + t.GetEncryptionKey() + t = nil + t.GetEncryptionKey() +} + +func TestTokenEncryption_GetFormat(tt *testing.T) { + var zeroValue string + t := &TokenEncryption{Format: &zeroValue} + t.GetFormat() + t = &TokenEncryption{} + t.GetFormat() + t = nil + t.GetFormat() +} + +func TestTokenEncryption_String(t *testing.T) { + var rawJSON json.RawMessage + v := &TokenEncryption{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestUser_GetAppMetadata(tt *testing.T) { var zeroValue map[string]interface{} u := &User{AppMetadata: &zeroValue} diff --git a/management/resource_server.go b/management/resource_server.go index f3b767fa..82916e96 100644 --- a/management/resource_server.go +++ b/management/resource_server.go @@ -18,7 +18,7 @@ type ResourceServer struct { // Scopes supported by the resource server. Scopes *[]ResourceServerScope `json:"scopes,omitempty"` - // The algorithm used to sign tokens ["HS256" or "RS256"]. + // Algorithm used to sign JWTs. Can be `HS256` or `RS256`. `PS256` available via addon. SigningAlgorithm *string `json:"signing_alg,omitempty"` // The secret used to sign tokens when using symmetric algorithms. @@ -59,6 +59,101 @@ type ResourceServer struct { // Note: RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API." // For more details, see the Access Token Profiles documentation : https://auth0.com/docs/secure/tokens/access-tokens/access-token-profiles. TokenDialect *string `json:"token_dialect,omitempty"` + + // ConsentPolicy specifies the consent policy for the resource server. + // + // Available options: + // - "transactional-authorization-with-mfa" + // - null + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/resource-servers/{id} + // + // { + // "consent_policy": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + ConsentPolicy *string `json:"consent_policy,omitempty"` + + // The list of authorization details for the resource server. + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/resource-servers/{id} + // + // { + // "authorization_details": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + AuthorizationDetails *[]AuthorizationDetails `json:"authorization_details,omitempty"` + + // TokenEncryption specifies the token encryption for the resource server. + // + // Available options: + // - "compact-nested-jwe" + // - null + TokenEncryption *TokenEncryption `json:"token_encryption,omitempty"` + + // Proof-of-Possession configuration for access tokens. + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/resource-servers/{id} + // + // { + // "proof_of_possession": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + ProofOfPossession *ProofOfPossession `json:"proof_of_possession,omitempty"` +} + +// AuthorizationDetails specifies the authorization details for the resource server. +type AuthorizationDetails struct { + // The authorization_detail type identifier. + Type *string `json:"type,omitempty"` +} + +// ProofOfPossession specifies the proof-of-possession configuration for access tokens. +type ProofOfPossession struct { + // Intended mechanism for Proof-of-Possession. + // + // Available options: + // - "mtls" + Mechanism *string `json:"mechanism,omitempty"` + + // Whether the use of Proof-of-Possession is required for the resource server. + Required *bool `json:"required,omitempty"` +} + +// TokenEncryption specifies the token encryption for the resource server. +type TokenEncryption struct { + // Format of the encrypted JWT payload. + Format *string `json:"format,omitempty"` + + // EncryptionKey specifies the encryption key for the token encryption. + EncryptionKey *EncryptionKey `json:"encryption_key,omitempty"` +} + +// EncryptionKey specifies the encryption key for the token encryption. +type EncryptionKey struct { + // Name of the encryption key. + Name *string `json:"name,omitempty"` + + // Algorithm used to encrypt the token. + Alg *string `json:"alg,omitempty"` + + // Key ID. + Kid *string `json:"kid,omitempty"` + + // PEM-formatted public key. Must be JSON escaped + Pem *string `json:"pem,omitempty"` } // ResourceServerScope defines the specific actions, resource servers can be allowed to do. diff --git a/management/resource_server_test.go b/management/resource_server_test.go index 40435a71..d79c027c 100644 --- a/management/resource_server_test.go +++ b/management/resource_server_test.go @@ -18,7 +18,7 @@ func TestResourceServer_Create(t *testing.T) { expectedResourceServer := &ResourceServer{ Name: auth0.Stringf("Test Resource Server (%s)", time.Now().Format(time.StampMilli)), Identifier: auth0.String("https://api.example.com/"), - SigningAlgorithm: auth0.String("HS256"), + SigningAlgorithm: auth0.String("PS256"), TokenLifetime: auth0.Int(7200), TokenLifetimeForWeb: auth0.Int(3600), Scopes: &[]ResourceServerScope{ @@ -29,6 +29,41 @@ func TestResourceServer_Create(t *testing.T) { }, EnforcePolicies: auth0.Bool(true), TokenDialect: auth0.String("rfc9068_profile_authz"), + ConsentPolicy: auth0.String("transactional-authorization-with-mfa"), + AuthorizationDetails: &[]AuthorizationDetails{ + { + Type: auth0.String("payment"), + }, + { + Type: auth0.String("my custom type"), + }, + }, + TokenEncryption: &TokenEncryption{ + Format: auth0.String("compact-nested-jwe"), + EncryptionKey: &EncryptionKey{ + Name: auth0.String("my JWE public key"), + Alg: auth0.String("RSA-OAEP-256"), + Kid: auth0.String("my-key-id"), + Pem: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe +3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R +tHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao +JnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I +3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X +AWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG +I+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu ++a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8 +r38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW +i/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL +JbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f +aibASY5pIRiKENmbZELDtucCAwEAAQ== +-----END PUBLIC KEY-----`), + }, + }, + ProofOfPossession: &ProofOfPossession{ + Mechanism: auth0.String("mtls"), + Required: auth0.Bool(true), + }, } err := api.ResourceServer.Create(context.Background(), expectedResourceServer) diff --git a/management/tenant.go b/management/tenant.go index def8920b..04419be6 100644 --- a/management/tenant.go +++ b/management/tenant.go @@ -87,6 +87,41 @@ type Tenant struct { // If `true`, flexible factors will be enabled for MFA in the PostLogin action. CustomizeMFAInPostLoginAction *bool `json:"customize_mfa_in_postlogin_action,omitempty"` + + // AcrValuesSupported Supported ACR values + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/tenants/settings + // { + // "acr_values_supported": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + AcrValuesSupported *[]string `json:"acr_values_supported,omitempty"` + + // MTLS configuration for the tenant. Default is false. + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/tenants/settings + // { + // "mtls": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + MTLS *MTLSConfiguration `json:"mtls,omitempty"` + + // Enables the use of Pushed Authorization Requests + PushedAuthorizationRequestsSupported *bool `json:"pushed_authorization_requests_supported,omitempty"` +} + +// MTLSConfiguration hold settings for mTLS. If true, enables mTLS endpoint aliases. +type MTLSConfiguration struct { + // If true, enables mTLS endpoint aliases + EnableEndpointAliases *bool `json:"enable_endpoint_aliases,omitempty"` } // MarshalJSON is a custom serializer for the Tenant type. @@ -253,6 +288,9 @@ type TenantFlags struct { // If `true`, all Clients will be required to use Pushed Authorization Requests. // This feature currently must be enabled for your tenant. RequirePushedAuthorizationRequests *bool `json:"require_pushed_authorization_requests,omitempty"` + + // Removes alg property from jwks .well-known endpoint + RemoveAlgFromJWKS *bool `json:"remove_alg_from_jwks,omitempty"` } // TenantUniversalLogin holds universal login settings. diff --git a/management/tenant_test.go b/management/tenant_test.go index e3f9ce04..56034a45 100644 --- a/management/tenant_test.go +++ b/management/tenant_test.go @@ -3,6 +3,7 @@ package management import ( "context" "encoding/json" + "net/http" "testing" "github.com/stretchr/testify/assert" @@ -41,6 +42,11 @@ func TestTenantManager(t *testing.T) { Sessions: &TenantSessions{ OIDCLogoutPromptEnabled: auth0.Bool(false), }, + AcrValuesSupported: &[]string{"foo", "bar"}, + PushedAuthorizationRequestsSupported: auth0.Bool(true), + MTLS: &MTLSConfiguration{ + EnableEndpointAliases: auth0.Bool(true), + }, } err = api.Tenant.Update(context.Background(), newTenantSettings) assert.NoError(t, err) @@ -58,6 +64,88 @@ func TestTenantManager(t *testing.T) { assert.Equal(t, newTenantSettings.GetEnabledLocales(), actualTenantSettings.GetEnabledLocales()) assert.Equal(t, newTenantSettings.GetSandboxVersion(), actualTenantSettings.GetSandboxVersion()) assert.Equal(t, newTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled(), actualTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled()) + assert.Equal(t, newTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + assert.Equal(t, newTenantSettings.GetPushedAuthorizationRequestsSupported(), actualTenantSettings.GetPushedAuthorizationRequestsSupported()) + assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) + + // If AcrValuesSupported and MTLS is not Passed Should not change the values. + updatedNewTenant := &Tenant{ + MTLS: nil, + AcrValuesSupported: nil, + FriendlyName: auth0.String("My Example Tenant"), + } + err = api.Tenant.Update(context.Background(), updatedNewTenant) + assert.NoError(t, err) + + newActualTenantSettings, err := api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Equal(t, newActualTenantSettings.GetFriendlyName(), actualTenantSettings.GetFriendlyName()) + assert.Equal(t, newActualTenantSettings.GetIdleSessionLifetime(), actualTenantSettings.GetIdleSessionLifetime()) + assert.Equal(t, newActualTenantSettings.GetIdleSessionLifetime(), 720.0) // it got rounded off + assert.Equal(t, newActualTenantSettings.GetSessionLifetime(), actualTenantSettings.GetSessionLifetime()) + assert.Equal(t, newActualTenantSettings.GetSupportEmail(), actualTenantSettings.GetSupportEmail()) + assert.Equal(t, newActualTenantSettings.GetSupportURL(), actualTenantSettings.GetSupportURL()) + assert.Equal(t, newActualTenantSettings.GetSessionCookie().GetMode(), actualTenantSettings.GetSessionCookie().GetMode()) + assert.Equal(t, newActualTenantSettings.GetAllowedLogoutURLs(), actualTenantSettings.GetAllowedLogoutURLs()) + assert.Equal(t, newActualTenantSettings.GetEnabledLocales(), actualTenantSettings.GetEnabledLocales()) + assert.Equal(t, newActualTenantSettings.GetSandboxVersion(), actualTenantSettings.GetSandboxVersion()) + assert.Equal(t, newActualTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled(), actualTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled()) + assert.Equal(t, newActualTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + assert.Equal(t, newActualTenantSettings.GetPushedAuthorizationRequestsSupported(), actualTenantSettings.GetPushedAuthorizationRequestsSupported()) + assert.Equal(t, newActualTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) +} + +func TestTenantManager_NullableFields(t *testing.T) { + configureHTTPTestRecordings(t) + + initialSettings, err := api.Tenant.Read(context.Background()) + assert.NoError(t, err) + + t.Cleanup(func() { + initialSettings.SandboxVersionAvailable = nil + initialSettings.UniversalLogin = nil + initialSettings.Flags = nil + err := api.Tenant.Update(context.Background(), initialSettings) + require.NoError(t, err) + }) + newTenantSettings := &Tenant{ + AcrValuesSupported: &[]string{"foo", "bar"}, + MTLS: &MTLSConfiguration{ + EnableEndpointAliases: auth0.Bool(true), + }, + } + err = api.Tenant.Update(context.Background(), newTenantSettings) + assert.NoError(t, err) + actualTenantSettings, err := api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Equal(t, newTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) + + // Set empty array values for AcrValuesSupported + emptyAcrValuesSupported := &Tenant{ + AcrValuesSupported: &[]string{}, + } + err = api.Tenant.Update(context.Background(), emptyAcrValuesSupported) + assert.NoError(t, err) + actualTenantSettings, err = api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Equal(t, emptyAcrValuesSupported.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + + // Set null values create a new Tenant Struct without omitting the fields + type CustomTenant struct { + AcrValuesSupported *[]string `json:"acr_values_supported"` + MTLS *MTLSConfiguration `json:"mtls"` + } + nullableTenantSettings := &CustomTenant{ + AcrValuesSupported: nil, + MTLS: nil, + } + err = api.Request(context.Background(), http.MethodPatch, api.URI("tenants", "settings"), nullableTenantSettings) + assert.NoError(t, err) + actualTenantSettings, err = api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Nil(t, actualTenantSettings.GetAcrValuesSupported()) + assert.Nil(t, actualTenantSettings.GetMTLS()) } func TestTenant_MarshalJSON(t *testing.T) { diff --git a/test/data/recordings/TestClientAuthenticationMethods/GetPrivateKeyJWT.yaml b/test/data/recordings/TestClientAuthenticationMethods/GetPrivateKeyJWT.yaml new file mode 100644 index 00000000..1d88c5fa --- /dev/null +++ b/test/data/recordings/TestClientAuthenticationMethods/GetPrivateKeyJWT.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1180 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:13:39.570)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo\n0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M\n6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi\nTSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi\nyMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb\n/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw\n++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE\nTjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH\nPPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF\n1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4\nXzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y\n0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ==\n-----END PUBLIC KEY-----"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","client_id":"LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qNv47ogmUPrVAsjjTDe6iE","name":"Test Credential (Aug 6 16:13:39.570)","kid":"QTtPEeOT2gWWuID0QDg6nHgh7foYRcWkOyJ9DhNIn_A","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:43:39.774Z","updated_at":"2024-08-06T10:43:39.774Z"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 448.114208ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 757 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qNv47ogmUPrVAsjjTDe6iE"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","client_id":"LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qNv47ogmUPrVAsjjTDe6iE"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 308.812708ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 267.545417ms diff --git a/test/data/recordings/TestClientAuthenticationMethods/GetSelfSignedTLSClientAuth.yaml b/test/data/recordings/TestClientAuthenticationMethods/GetSelfSignedTLSClientAuth.yaml new file mode 100644 index 00000000..1861badc --- /dev/null +++ b/test/data/recordings/TestClientAuthenticationMethods/GetSelfSignedTLSClientAuth.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1763 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"name":"Test Credential (Aug 6 16:13:38.471)","credential_type":"x509_cert","pem":"-----BEGIN CERTIFICATE-----\nMIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ\nMQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh\nbms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0\nREQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi\nGA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC\nSlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH\nU3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG\nA1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\ngYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN\nTchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC\nN6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi\nMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC\nfE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB\noaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD\naHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw\nb3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1\ncHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4\nxiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw\n9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ\njerREgM=\n-----END CERTIFICATE-----"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","client_id":"T0F8eusctjE3OQjAVDes0kFySDBZVInJ","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"id":"cred_ec4qP1i6vDL4AoNZXxJNzT","name":"Test Credential (Aug 6 16:13:38.471)","credential_type":"x509_cert","created_at":"2024-08-06T10:43:38.677Z","updated_at":"2024-08-06T10:43:38.677Z","expires_at":"9999-12-31T23:59:59Z","thumbprint_sha256":"NTkulT-DcSrRSevqZd26aq0DCz8YbOFGjKVs-Expu4w"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 421.29475ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 769 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"id":"cred_ec4qP1i6vDL4AoNZXxJNzT"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/T0F8eusctjE3OQjAVDes0kFySDBZVInJ + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","client_id":"T0F8eusctjE3OQjAVDes0kFySDBZVInJ","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"id":"cred_ec4qP1i6vDL4AoNZXxJNzT"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 292.8755ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/T0F8eusctjE3OQjAVDes0kFySDBZVInJ + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 382.640375ms diff --git a/test/data/recordings/TestClientAuthenticationMethods/GetTLSClientAuth.yaml b/test/data/recordings/TestClientAuthenticationMethods/GetTLSClientAuth.yaml new file mode 100644 index 00000000..285c6d39 --- /dev/null +++ b/test/data/recordings/TestClientAuthenticationMethods/GetTLSClientAuth.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1575 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"name":"Test Credential (Aug 6 16:13:36.889)","credential_type":"cert_subject_dn","pem":"-----BEGIN CERTIFICATE-----\nMIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK\nUDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM\nBkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3\nMjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv\na3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV\nBAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF\nXrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9\nJ3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL\nmsYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq\ndf6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj\nmx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA\nqzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM\nz3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9\nR6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf\nmAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv\nlmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr\nSo6zun26vAUJTu1o9CIjxw==\n-----END CERTIFICATE-----"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","client_id":"8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"id":"cred_1xDDe5pMRUnr2Pnqzvi3t7","name":"Test Credential (Aug 6 16:13:36.889)","credential_type":"cert_subject_dn","created_at":"2024-08-06T10:43:37.617Z","updated_at":"2024-08-06T10:43:37.617Z","subject_dn":"C=JP\nST=Tokyo\nL=Chiyoda-ku\nO=Client\nCN=client.example.org"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 919.919542ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 757 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"id":"cred_1xDDe5pMRUnr2Pnqzvi3t7"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","client_id":"8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"id":"cred_1xDDe5pMRUnr2Pnqzvi3t7"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 311.838833ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 344.8815ms diff --git a/test/data/recordings/TestClientSignedRequestObject.yaml b/test/data/recordings/TestClientSignedRequestObject.yaml new file mode 100644 index 00000000..39945735 --- /dev/null +++ b/test/data/recordings/TestClientSignedRequestObject.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1203 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"require_pushed_authorization_requests":true,"signed_request_object":{"required":true,"credentials":[{"name":"Test Credential (Aug 6 16:13:21.503)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]},"compliance_level":"fapi1_adv_pkj_par","require_proof_of_possession":true} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","client_id":"PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"require_pushed_authorization_requests":true,"signed_request_object":{"required":true,"credentials":[{"id":"cred_2gJgywmzp5d8bnr7aFRv1H","name":"Test Credential (Aug 6 16:13:21.503)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:43:22.182Z","updated_at":"2024-08-06T10:43:22.182Z"}]},"compliance_level":"fapi1_adv_pkj_par","require_proof_of_possession":true}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 937.416167ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 865 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","client_secret":"513sOsQQTUeCC2ypir7PO1HwgV2r1hexW9rt3cVyhD9W2IB6i-s0FhXWahXU1DTb","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"require_pushed_authorization_requests":false,"signed_request_object":{"required":false,"credentials":[{"id":"cred_2gJgywmzp5d8bnr7aFRv1H"}]},"compliance_level":"fapi1_adv_mtls_par","require_proof_of_possession":false} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","client_id":"PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"require_pushed_authorization_requests":false,"signed_request_object":{"required":false,"credentials":[{"id":"cred_2gJgywmzp5d8bnr7aFRv1H"}]},"compliance_level":"fapi1_adv_mtls_par","require_proof_of_possession":false}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 348.067458ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 357.361792ms diff --git a/test/data/recordings/TestClient_CreateAllCredential/Should_create_PrivateJWT_Credential.yaml b/test/data/recordings/TestClient_CreateAllCredential/Should_create_PrivateJWT_Credential.yaml new file mode 100644 index 00000000..3997c986 --- /dev/null +++ b/test/data/recordings/TestClient_CreateAllCredential/Should_create_PrivateJWT_Credential.yaml @@ -0,0 +1,145 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1125 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:14:42.294)","description":"This is just a test client.","jwt_configuration":{"alg":"RS256"},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:14:42.294)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]}}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:14:42.294)","description":"This is just a test client.","client_id":"e39BM6w1btNy0Rf6Col8jI3nloH9Trvz","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_uePxAqu3pekDAL8jJcwo81","name":"Test Credential (Aug 6 16:14:42.294)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:44:42.999Z","updated_at":"2024-08-06T10:44:42.999Z"}]}}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 981.620542ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 901 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Credential (Aug 6 16:14:43.277)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo\n0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M\n6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi\nTSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi\nyMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb\n/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw\n++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE\nTjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH\nPPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF\n1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4\nXzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y\n0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ==\n-----END PUBLIC KEY-----"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/e39BM6w1btNy0Rf6Col8jI3nloH9Trvz/credentials + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 260 + uncompressed: false + body: '{"id":"cred_n2FhK8PGRa9oQub38vNng1","credential_type":"public_key","kid":"QTtPEeOT2gWWuID0QDg6nHgh7foYRcWkOyJ9DhNIn_A","alg":"RS256","name":"Test Credential (Aug 6 16:14:43.277)","created_at":"2024-08-06T10:44:43.477Z","updated_at":"2024-08-06T10:44:43.477Z"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 290.07175ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/e39BM6w1btNy0Rf6Col8jI3nloH9Trvz/credentials/cred_n2FhK8PGRa9oQub38vNng1 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 265.03525ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/e39BM6w1btNy0Rf6Col8jI3nloH9Trvz + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 335.680542ms diff --git a/test/data/recordings/TestClient_CreateAllCredential/Should_create_SelfSignedTLSClientAuth_Credential.yaml b/test/data/recordings/TestClient_CreateAllCredential/Should_create_SelfSignedTLSClientAuth_Credential.yaml new file mode 100644 index 00000000..d824cb8b --- /dev/null +++ b/test/data/recordings/TestClient_CreateAllCredential/Should_create_SelfSignedTLSClientAuth_Credential.yaml @@ -0,0 +1,145 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1125 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:14:45.584)","description":"This is just a test client.","jwt_configuration":{"alg":"RS256"},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:14:45.584)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]}}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:14:45.584)","description":"This is just a test client.","client_id":"B1h6RVXJBx48NSLDvambwNrPLHQgzV8l","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qJCg1RtcTsELNSBFtZgNkw","name":"Test Credential (Aug 6 16:14:45.584)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:44:45.785Z","updated_at":"2024-08-06T10:44:45.785Z"}]}}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 427.570292ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1472 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Credential (Aug 6 16:14:46.012)","credential_type":"x509_cert","pem":"-----BEGIN CERTIFICATE-----\nMIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ\nMQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh\nbms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0\nREQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi\nGA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC\nSlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH\nU3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG\nA1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\ngYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN\nTchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC\nN6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi\nMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC\nfE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB\noaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD\naHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw\nb3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1\ncHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4\nxiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw\n9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ\njerREgM=\n-----END CERTIFICATE-----"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/B1h6RVXJBx48NSLDvambwNrPLHQgzV8l/credentials + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 299 + uncompressed: false + body: '{"id":"cred_2dDJX2xyhm3Ho5ADp6KVUk","credential_type":"x509_cert","name":"Test Credential (Aug 6 16:14:46.012)","thumbprint_sha256":"NTkulT-DcSrRSevqZd26aq0DCz8YbOFGjKVs-Expu4w","created_at":"2024-08-06T10:44:46.311Z","updated_at":"2024-08-06T10:44:46.311Z","expires_at":"9999-12-31T23:59:59.000Z"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 462.588959ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/B1h6RVXJBx48NSLDvambwNrPLHQgzV8l/credentials/cred_2dDJX2xyhm3Ho5ADp6KVUk + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 239.831375ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/B1h6RVXJBx48NSLDvambwNrPLHQgzV8l + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 341.571792ms diff --git a/test/data/recordings/TestClient_CreateAllCredential/Should_create_TLSClientAuth_Credential.yaml b/test/data/recordings/TestClient_CreateAllCredential/Should_create_TLSClientAuth_Credential.yaml new file mode 100644 index 00000000..22045fab --- /dev/null +++ b/test/data/recordings/TestClient_CreateAllCredential/Should_create_TLSClientAuth_Credential.yaml @@ -0,0 +1,145 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1125 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:14:44.169)","description":"This is just a test client.","jwt_configuration":{"alg":"RS256"},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:14:44.169)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]}}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:14:44.169)","description":"This is just a test client.","client_id":"IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_n8CtWJe6dK4V3jz3Awg49G","name":"Test Credential (Aug 6 16:14:44.169)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:44:44.374Z","updated_at":"2024-08-06T10:44:44.374Z"}]}}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 463.714375ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1296 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Credential (Aug 6 16:14:44.633)","credential_type":"cert_subject_dn","pem":"-----BEGIN CERTIFICATE-----\nMIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK\nUDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM\nBkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3\nMjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv\na3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV\nBAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF\nXrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9\nJ3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL\nmsYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq\ndf6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj\nmx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA\nqzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM\nz3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9\nR6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf\nmAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv\nlmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr\nSo6zun26vAUJTu1o9CIjxw==\n-----END CERTIFICATE-----"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9/credentials + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 276 + uncompressed: false + body: '{"id":"cred_5XaGkLkUJFv4ZaLhqajHMG","credential_type":"cert_subject_dn","name":"Test Credential (Aug 6 16:14:44.633)","subject_dn":"C=JP\nST=Tokyo\nL=Chiyoda-ku\nO=Client\nCN=client.example.org","created_at":"2024-08-06T10:44:44.931Z","updated_at":"2024-08-06T10:44:44.931Z"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 386.010875ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9/credentials/cred_5XaGkLkUJFv4ZaLhqajHMG + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 244.576958ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 318.35275ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Attribute_required_in_profile_but_inactive_on_signup.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Attribute_required_in_profile_but_inactive_on_signup.yaml index 0f35d570..147a777c 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Attribute_required_in_profile_but_inactive_on_signup.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Attribute_required_in_profile_but_inactive_on_signup.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 252 + content_length: 301 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-Attribute-Inactive-On-Signup-1720679132","strategy":"auth0","options":{"attributes":{"phone_number":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"inactive","verification":{"active":false}}}}}} + {"name":"Test-Auth0-Connection-Attribute-Inactive-On-Signup-1722944272","strategy":"auth0","options":{"precedence":["username","email","phone_number"],"attributes":{"phone_number":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"inactive","verification":{"active":false}}}}}} form: {} headers: Content-Type: @@ -36,4 +36,4 @@ interactions: - application/json; charset=utf-8 status: 400 Bad Request code: 400 - duration: 349.747667ms + duration: 236.792042ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_requires_username_and_attributes_together.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_requires_username_and_attributes_together.yaml index 48397043..d7ad6ed8 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_requires_username_and_attributes_together.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_requires_username_and_attributes_together.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 249 + content_length: 298 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-Invalid-1720679132","strategy":"auth0","options":{"requires_username":true,"attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}}}} + {"name":"Test-Auth0-Connection-Invalid-1722944272","strategy":"auth0","options":{"requires_username":true,"precedence":["username","email","phone_number"],"attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}}}} form: {} headers: Content-Type: @@ -36,4 +36,4 @@ interactions: - application/json; charset=utf-8 status: 400 Bad Request code: 400 - duration: 376.519916ms + duration: 230.9955ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_validation_and_attributes_together.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_validation_and_attributes_together.yaml index 9c1a7a8c..7b94b254 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_validation_and_attributes_together.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_Cannot_set_both_validation_and_attributes_together.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 383 + content_length: 432 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-Attributes-And-Validation-1720679132","strategy":"auth0","options":{"validation":{"username":{"max":5,"min":1}},"attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":true}}},"username":{"identifier":{"active":true},"profile_required":false,"signup":{"status":"required"}}}}} + {"name":"Test-Auth0-Connection-Attributes-And-Validation-1722944272","strategy":"auth0","options":{"validation":{"username":{"max":5,"min":1}},"precedence":["username","email","phone_number"],"attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}},"username":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required"}}}}} form: {} headers: Content-Type: @@ -36,4 +36,4 @@ interactions: - application/json; charset=utf-8 status: 400 Bad Request code: 400 - duration: 516.528375ms + duration: 278.591625ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_No_attribute_is_active.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_No_attribute_is_active.yaml index 0e0120ef..a38d6335 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_No_attribute_is_active.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_No_attribute_is_active.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 473 + content_length: 519 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-No-Active-Attributes-1720679132","strategy":"auth0","options":{"attributes":{"email":{"identifier":{"active":false},"profile_required":false,"signup":{"status":"required","verification":{"active":false}}},"phone_number":{"identifier":{"active":false},"profile_required":false,"signup":{"status":"required","verification":{"active":false}}},"username":{"identifier":{"active":false},"profile_required":false,"signup":{"status":"required"}}}}} + {"name":"Test-Auth0-Connection-No-Active-Attributes-1722944272","strategy":"auth0","options":{"precedence":["username","email","phone_number"],"attributes":{"email":{"identifier":{"active":false},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}},"username":{"identifier":{"active":false},"profile_required":true,"signup":{"status":"required"}},"phone_number":{"identifier":{"active":false},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}}}} form: {} headers: Content-Type: @@ -36,4 +36,4 @@ interactions: - application/json; charset=utf-8 status: 400 Bad Request code: 400 - duration: 357.934708ms + duration: 235.546625ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_RequireUsername.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_RequireUsername.yaml index 2b4ed516..bf2b1f0f 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_RequireUsername.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_With_RequireUsername.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 116 + content_length: 165 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-RequireUsername-1720679132","strategy":"auth0","options":{"requires_username":true}} + {"name":"Test-Auth0-Connection-RequireUsername-1722944272","strategy":"auth0","options":{"requires_username":true,"precedence":["username","email","phone_number"]}} form: {} headers: Content-Type: @@ -28,15 +28,15 @@ interactions: proto_minor: 0 transfer_encoding: [] trailer: {} - content_length: 577 + content_length: 626 uncompressed: false - body: '{"id":"con_m9a3URYUtiwf0BGT","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","requires_username":true,"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-RequireUsername-1720679132","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-RequireUsername-1720679132"]}' + body: '{"id":"con_5IOlGu2ZxeX9Sk1E","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","requires_username":true,"precedence":["username","email","phone_number"],"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-RequireUsername-1722944272","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-RequireUsername-1722944272"]}' headers: Content-Type: - application/json; charset=utf-8 status: 201 Created code: 201 - duration: 966.438125ms + duration: 902.643167ms - id: 1 request: proto: HTTP/1.1 @@ -55,7 +55,7 @@ interactions: - application/json User-Agent: - Go-Auth0/1.8.0 - url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_m9a3URYUtiwf0BGT + url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_5IOlGu2ZxeX9Sk1E method: DELETE response: proto: HTTP/2.0 @@ -65,10 +65,10 @@ interactions: trailer: {} content_length: 41 uncompressed: false - body: '{"deleted_at":"2024-07-11T06:25:33.377Z"}' + body: '{"deleted_at":"2024-08-06T11:37:54.076Z"}' headers: Content-Type: - application/json; charset=utf-8 status: 202 Accepted code: 202 - duration: 367.648416ms + duration: 288.051167ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Email_as_Identifier.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Email_as_Identifier.yaml index 445c2fc4..ac2379db 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Email_as_Identifier.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Email_as_Identifier.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 222 + content_length: 271 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-Email-1720679132","strategy":"auth0","options":{"attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}}}} + {"name":"Test-Auth0-Connection-Email-1722944272","strategy":"auth0","options":{"precedence":["username","email","phone_number"],"attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}}}} form: {} headers: Content-Type: @@ -28,15 +28,15 @@ interactions: proto_minor: 0 transfer_encoding: [] trailer: {} - content_length: 673 + content_length: 722 uncompressed: false - body: '{"id":"con_79cNlTmqfsIeaCep","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}},"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-Email-1720679132","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-Email-1720679132"]}' + body: '{"id":"con_0XAEEFvSK34smafH","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","precedence":["username","email","phone_number"],"attributes":{"email":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}},"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-Email-1722944272","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-Email-1722944272"]}' headers: Content-Type: - application/json; charset=utf-8 status: 201 Created code: 201 - duration: 419.663875ms + duration: 269.858042ms - id: 1 request: proto: HTTP/1.1 @@ -55,7 +55,7 @@ interactions: - application/json User-Agent: - Go-Auth0/1.8.0 - url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_79cNlTmqfsIeaCep + url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_0XAEEFvSK34smafH method: DELETE response: proto: HTTP/2.0 @@ -65,10 +65,10 @@ interactions: trailer: {} content_length: 41 uncompressed: false - body: '{"deleted_at":"2024-07-11T06:25:35.112Z"}' + body: '{"deleted_at":"2024-08-06T11:37:55.197Z"}' headers: Content-Type: - application/json; charset=utf-8 status: 202 Accepted code: 202 - duration: 505.959625ms + duration: 304.755625ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_PhoneNumber_as_Identifier.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_PhoneNumber_as_Identifier.yaml index f4a4fe08..4b4b83cf 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_PhoneNumber_as_Identifier.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_PhoneNumber_as_Identifier.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 229 + content_length: 278 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-Phone-1720679132","strategy":"auth0","options":{"attributes":{"phone_number":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}}}} + {"name":"Test-Auth0-Connection-Phone-1722944272","strategy":"auth0","options":{"precedence":["username","email","phone_number"],"attributes":{"phone_number":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}}}} form: {} headers: Content-Type: @@ -28,15 +28,15 @@ interactions: proto_minor: 0 transfer_encoding: [] trailer: {} - content_length: 680 + content_length: 729 uncompressed: false - body: '{"id":"con_o3oE5KvCvPLkZh4d","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","attributes":{"phone_number":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}},"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-Phone-1720679132","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-Phone-1720679132"]}' + body: '{"id":"con_3wxxbtjncdDdzJwE","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","precedence":["username","email","phone_number"],"attributes":{"phone_number":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required","verification":{"active":false}}}},"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-Phone-1722944272","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-Phone-1722944272"]}' headers: Content-Type: - application/json; charset=utf-8 status: 201 Created code: 201 - duration: 400.634334ms + duration: 271.787583ms - id: 1 request: proto: HTTP/1.1 @@ -55,7 +55,7 @@ interactions: - application/json User-Agent: - Go-Auth0/1.8.0 - url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_o3oE5KvCvPLkZh4d + url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_3wxxbtjncdDdzJwE method: DELETE response: proto: HTTP/2.0 @@ -65,10 +65,10 @@ interactions: trailer: {} content_length: 41 uncompressed: false - body: '{"deleted_at":"2024-07-11T06:25:34.174Z"}' + body: '{"deleted_at":"2024-08-06T11:37:54.617Z"}' headers: Content-Type: - application/json; charset=utf-8 status: 202 Accepted code: 202 - duration: 400.471542ms + duration: 256.782333ms diff --git a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Username_as_Identifier.yaml b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Username_as_Identifier.yaml index 3a4a2bdc..b7589a5c 100644 --- a/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Username_as_Identifier.yaml +++ b/test/data/recordings/TestConnectionManager_CreateDBConnectionWithDifferentOptions/It_handles_Auth0_Connection_with_Username_as_Identifier.yaml @@ -6,14 +6,14 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 196 + content_length: 342 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test-Auth0-Connection-Username-1720679132","strategy":"auth0","options":{"attributes":{"username":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required"}}}}} + {"name":"Test-Auth0-Connection-Username-1722944272","strategy":"auth0","options":{"precedence":["username","email","phone_number"],"attributes":{"username":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required"},"validation":{"min_length":1,"max_length":5,"allowed_types":{"email":true,"phone_number":false}}}}}} form: {} headers: Content-Type: @@ -28,15 +28,15 @@ interactions: proto_minor: 0 transfer_encoding: [] trailer: {} - content_length: 749 + content_length: 796 uncompressed: false - body: '{"id":"con_j4m7pWHVBIcSXNEJ","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","attributes":{"username":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required"},"validation":{"min_length":1,"max_length":15,"allowed_types":{"email":false,"phone_number":false}}}},"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-Username-1720679132","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-Username-1720679132"]}' + body: '{"id":"con_cNqCz9BIYRnYqtyH","options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"good","precedence":["username","email","phone_number"],"attributes":{"username":{"identifier":{"active":true},"profile_required":true,"signup":{"status":"required"},"validation":{"min_length":1,"max_length":5,"allowed_types":{"email":true,"phone_number":false}}}},"strategy_version":2,"authentication_methods":{"password":{"enabled":true},"passkey":{"enabled":false}},"passkey_options":{"challenge_ui":"both","progressive_enrollment_enabled":true,"local_enrollment_enabled":true},"brute_force_protection":true},"strategy":"auth0","name":"Test-Auth0-Connection-Username-1722944272","is_domain_connection":false,"enabled_clients":[],"realms":["Test-Auth0-Connection-Username-1722944272"]}' headers: Content-Type: - application/json; charset=utf-8 status: 201 Created code: 201 - duration: 426.863959ms + duration: 263.157833ms - id: 1 request: proto: HTTP/1.1 @@ -55,7 +55,7 @@ interactions: - application/json User-Agent: - Go-Auth0/1.8.0 - url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_j4m7pWHVBIcSXNEJ + url: https://go-auth0-dev.eu.auth0.com/api/v2/connections/con_cNqCz9BIYRnYqtyH method: DELETE response: proto: HTTP/2.0 @@ -65,10 +65,10 @@ interactions: trailer: {} content_length: 41 uncompressed: false - body: '{"deleted_at":"2024-07-11T06:25:35.951Z"}' + body: '{"deleted_at":"2024-08-06T11:37:55.716Z"}' headers: Content-Type: - application/json; charset=utf-8 status: 202 Accepted code: 202 - duration: 414.330208ms + duration: 247.652208ms diff --git a/test/data/recordings/TestResourceServer_Create.yaml b/test/data/recordings/TestResourceServer_Create.yaml index af134b70..0253695b 100644 --- a/test/data/recordings/TestResourceServer_Create.yaml +++ b/test/data/recordings/TestResourceServer_Create.yaml @@ -6,20 +6,20 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 303 + content_length: 1446 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"} + {"name":"Test Resource Server (Aug 6 16:12:15.127)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"PS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz","consent_policy":"transactional-authorization-with-mfa","authorization_details":[{"type":"payment"},{"type":"my custom type"}],"token_encryption":{"format":"compact-nested-jwe","encryption_key":{"name":"my JWE public key","alg":"RSA-OAEP-256","kid":"my-key-id","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}},"proof_of_possession":{"mechanism":"mtls","required":true}} form: {} headers: Content-Type: - application/json User-Agent: - - Go-Auth0/1.6.0 + - Go-Auth0/1.8.0 url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers method: POST response: @@ -28,15 +28,15 @@ interactions: proto_minor: 0 transfer_encoding: [] trailer: {} - content_length: 471 + content_length: 807 uncompressed: false - body: '{"id":"666848cb019f67554fa3c298","name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"}' + body: '{"id":"66b1fe07da0f5b2d35c5c011","name":"Test Resource Server (Aug 6 16:12:15.127)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"PS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz","consent_policy":"transactional-authorization-with-mfa","authorization_details":[{"type":"payment"},{"type":"my custom type"}],"token_encryption":{"format":"compact-nested-jwe","encryption_key":{"name":"my JWE public key","alg":"RSA-OAEP-256","kid":"my-key-id"}},"proof_of_possession":{"mechanism":"mtls","required":true}}' headers: Content-Type: - application/json; charset=utf-8 status: 201 Created code: 201 - duration: 675.655583ms + duration: 937.989542ms - id: 1 request: proto: HTTP/1.1 @@ -54,8 +54,8 @@ interactions: Content-Type: - application/json User-Agent: - - Go-Auth0/1.6.0 - url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848cb019f67554fa3c298 + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/66b1fe07da0f5b2d35c5c011 method: DELETE response: proto: HTTP/2.0 @@ -71,4 +71,4 @@ interactions: - application/json; charset=utf-8 status: 204 No Content code: 204 - duration: 377.692875ms + duration: 318.871542ms diff --git a/test/data/recordings/TestTenantManager.yaml b/test/data/recordings/TestTenantManager.yaml index 1a048ac3..47000fce 100644 --- a/test/data/recordings/TestTenantManager.yaml +++ b/test/data/recordings/TestTenantManager.yaml @@ -6,20 +6,19 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 5 + content_length: 0 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" - body: | - null + body: "" form: {} headers: Content-Type: - application/json User-Agent: - - Go-Auth0/latest + - Go-Auth0/1.8.0 url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings method: GET response: @@ -30,32 +29,32 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":[],"change_password":{"enabled":false,"html":"
My Custom Reset Password Page"},"default_audience":"","default_directory":"","default_redirection_uri":"https://example.com/login","enabled_locales":["de","fr"],"error_page":{"html":"","show_log_link":false,"url":""},"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"disable_management_api_sms_obfuscation":true,"enable_public_signup_user_exists_error":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"use_scope_descriptions_for_consent":false,"no_disclose_enterprise_connections":false,"revoke_refresh_token_grant":false,"disable_fields_map_fix":true,"require_signed_request_object":false,"dashboard_new_onboarding":false,"mfa_show_factor_list_on_enrollment":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Test Tenant","guardian_mfa_page":{"enabled":false,"html":"My Custom MFA Page"},"idle_session_lifetime":72,"picture_url":"https://mycompany.org/logo.png","sandbox_version":"16","session_lifetime":168,"support_email":"support@mycompany.org","support_url":"https://mycompany.org/support","sessions":{"oidc_logout_prompt_enabled":true},"universal_login":{"colors":{"primary":"#0059d6","page_background":"#000000"}},"session_cookie":{"mode":"persistent"},"sandbox_versions_available":["18","16"]}' + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n