From 9f2a15b074162084a45504ebcacc75879ca95b43 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Tue, 6 Aug 2024 16:53:16 +0530 Subject: [PATCH 1/4] Add Support for HRI Features. --- EXAMPLES.md | 25 +- management/client.go | 98 ++++- management/client_test.go | 365 ++++++++++++++++++ management/management.gen.go | 272 +++++++++++++ management/management.gen_test.go | 333 ++++++++++++++++ management/resource_server.go | 97 ++++- management/resource_server_test.go | 37 +- management/tenant.go | 38 ++ management/tenant_test.go | 8 + .../GetPrivateKeyJWT.yaml | 110 ++++++ .../GetSelfSignedTLSClientAuth.yaml | 110 ++++++ .../GetTLSClientAuth.yaml | 110 ++++++ .../TestClientSignedRequestObject.yaml | 110 ++++++ .../Should_create_PrivateJWT_Credential.yaml | 145 +++++++ ...te_SelfSignedTLSClientAuth_Credential.yaml | 145 +++++++ ...hould_create_TLSClientAuth_Credential.yaml | 145 +++++++ .../recordings/TestResourceServer_Create.yaml | 18 +- test/data/recordings/TestTenantManager.yaml | 42 +- 18 files changed, 2173 insertions(+), 35 deletions(-) create mode 100644 test/data/recordings/TestClientAuthenticationMethods/GetPrivateKeyJWT.yaml create mode 100644 test/data/recordings/TestClientAuthenticationMethods/GetSelfSignedTLSClientAuth.yaml create mode 100644 test/data/recordings/TestClientAuthenticationMethods/GetTLSClientAuth.yaml create mode 100644 test/data/recordings/TestClientSignedRequestObject.yaml create mode 100644 test/data/recordings/TestClient_CreateAllCredential/Should_create_PrivateJWT_Credential.yaml create mode 100644 test/data/recordings/TestClient_CreateAllCredential/Should_create_SelfSignedTLSClientAuth_Credential.yaml create mode 100644 test/data/recordings/TestClient_CreateAllCredential/Should_create_TLSClientAuth_Credential.yaml diff --git a/EXAMPLES.md b/EXAMPLES.md index 8c04d8c0..4b60a57c 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -193,4 +193,27 @@ if err != nil { log.Fatalf("error was %+v", err) } log.Printf("User %s", user.GetOurCustomID()) -``` \ No newline at end of file +``` + +To handle nullable fields, create a custom struct without the omitempty tag and set it to null using a custom request. + +```go +// Define a custom struct similar to the `Tenant` struct exposed by the SDK but without the `omitempty` tag. +type Tenant struct { +AcrValuesSupported *[]string `json:"acr_values_supported"` +MTLS *management.MTLSConfiguration `json:"mtls"` +} + +// Create a custom request to handle nullable fields. +var tenant Tenant + +// Set AcrValuesSupported and MTLS to null +tenant.AcrValuesSupported = nil +tenant.MTLS = nil + +err := auth0API.Request(context.Background(), http.MethodPatch, auth0API.URI("tenants", "settings"), &tenant) +if err != nil { +log.Fatalf("error was %+v", err) +} +log.Printf("Tenant %+v", tenant) +``` diff --git a/management/client.go b/management/client.go index f4e546c9..d0131443 100644 --- a/management/client.go +++ b/management/client.go @@ -118,6 +118,75 @@ type Client struct { // URLs that are valid to call back from Auth0 for OIDC logout. OIDCLogout *OIDCLogout `json:"oidc_logout,omitempty"` + + // SignedRequestObject JWT-secured Authorization Requests (JAR) settings for the client. + SignedRequestObject *SignedRequestObject `json:"signed_request_object,omitempty"` + + // ComplianceLevel Defines the compliance level for this client, which may restrict it's capabilities + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/clients/{id} + // + // { + // "compliance_level": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + ComplianceLevel *string `json:"compliance_level,omitempty"` + + // RequireProofOfPossession Makes the use of Proof-of-Possession mandatory for this client (default: false). + RequireProofOfPossession *bool `json:"require_proof_of_possession,omitempty"` +} + +// SignedRequestObject is used to configure JWT-secured Authorization Requests (JAR) settings for our Client. +type SignedRequestObject struct { + // Indicates whether the JAR requests are mandatory + Required *bool `json:"required,omitempty"` + + // Credentials used to sign the JAR requests + Credentials *[]Credential `json:"credentials,omitempty"` +} + +// CleanForPatch removes unnecessary fields from the client object before patching. +func (c *Client) CleanForPatch() { + if c.SignedRequestObject != nil && c.SignedRequestObject.Credentials != nil { + var credentials []Credential + for _, cred := range *c.SignedRequestObject.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.SignedRequestObject.Credentials = &credentials + } + if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.TLSClientAuth != nil && c.ClientAuthenticationMethods.TLSClientAuth.Credentials != nil { + var credentials []Credential + for _, cred := range *c.ClientAuthenticationMethods.TLSClientAuth.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.ClientAuthenticationMethods.TLSClientAuth.Credentials = &credentials + } + if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.SelfSignedTLSClientAuth != nil && c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials != nil { + var credentials []Credential + for _, cred := range *c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.ClientAuthenticationMethods.SelfSignedTLSClientAuth.Credentials = &credentials + } + if c.ClientAuthenticationMethods != nil && c.ClientAuthenticationMethods.PrivateKeyJWT != nil && c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials != nil { + var credentials []Credential + for _, cred := range *c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials { + if cred.ID != nil && *cred.ID != "" { + credentials = append(credentials, Credential{ID: cred.ID}) + } + } + c.ClientAuthenticationMethods.PrivateKeyJWT.Credentials = &credentials + } } // ClientJWTConfiguration is used to configure JWT settings for our Client. @@ -131,7 +200,7 @@ type ClientJWTConfiguration struct { Scopes *map[string]string `json:"scopes,omitempty"` - // Algorithm used to sign JWTs. Can be "HS256" or "RS256" + // Algorithm used to sign JWTs. Can be `HS256` or `RS256`. `PS256` available via addon" Algorithm *string `json:"alg,omitempty"` } @@ -215,11 +284,37 @@ type Credential struct { UpdatedAt *time.Time `json:"updated_at,omitempty"` // The time that this credential will expire. ExpiresAt *time.Time `json:"expires_at,omitempty"` + // Subject Distinguished Name. Mutually exclusive with `pem` property. + SubjectDN *string `json:"subject_dn,omitempty"` + // The SHA256 thumbprint of the x509_cert certificate. + ThumbprintSHA256 *string `json:"thumbprint_sha256,omitempty"` } // ClientAuthenticationMethods defines client authentication method settings for the client. type ClientAuthenticationMethods struct { PrivateKeyJWT *PrivateKeyJWT `json:"private_key_jwt,omitempty"` + + // TLSClientAuth defines the `tls_client_auth` client authentication method settings for the client. + // If the property is defined, the client is configured to use CA-based mTLS authentication method + TLSClientAuth *TLSClientAuth `json:"tls_client_auth,omitempty"` + + // SelfSignedTLSClientAuth defines the `self_signed_tls_client_auth` client authentication method settings for the client. + // If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate + SelfSignedTLSClientAuth *SelfSignedTLSClientAuth `json:"self_signed_tls_client_auth,omitempty"` +} + +// TLSClientAuth defines the `tls_client_auth` client authentication method settings for the client. +type TLSClientAuth struct { + // Fully defined credentials that will be enabled on the client for CA-based mTLS authentication. + // A list of unique and previously created credential IDs enabled on the client for CA-based mTLS authentication. + Credentials *[]Credential `json:"credentials,omitempty"` +} + +// SelfSignedTLSClientAuth defines the `self_signed_tls_client_auth` client authentication method settings for the client. +type SelfSignedTLSClientAuth struct { + // Fully defined credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificate. + // A list of unique and previously created credential IDs enabled on the client for mTLS authentication utilizing self-signed certificate. + Credentials *[]Credential `json:"credentials,omitempty"` } // PrivateKeyJWT defines the `private_key_jwt` client authentication method settings for the client. @@ -560,6 +655,7 @@ func (m *ClientManager) List(ctx context.Context, opts ...RequestOption) (c *Cli // // See: https://auth0.com/docs/api/management/v2#!/Clients/patch_clients_by_id func (m *ClientManager) Update(ctx context.Context, id string, c *Client, opts ...RequestOption) (err error) { + c.CleanForPatch() return m.management.Request(ctx, "PATCH", m.management.URI("clients", id), c, opts...) } diff --git a/management/client_test.go b/management/client_test.go index 73e4dade..f7d073ae 100644 --- a/management/client_test.go +++ b/management/client_test.go @@ -30,6 +30,223 @@ func TestClient_Create(t *testing.T) { }) } +func TestClientSignedRequestObject(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := &Client{ + Name: auth0.Stringf("Test Client (%s)", time.Now().Format(time.StampMilli)), + Description: auth0.String("This is just a test client."), + SignedRequestObject: &SignedRequestObject{ + Required: auth0.Bool(true), + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("public_key"), + PEM: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe +3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R +tHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao +JnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I +3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X +AWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG +I+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu ++a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8 +r38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW +i/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL +JbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f +aibASY5pIRiKENmbZELDtucCAwEAAQ== +-----END PUBLIC KEY-----`), + }, + }, + }, + JWTConfiguration: &ClientJWTConfiguration{Algorithm: auth0.String("PS256")}, + RequirePushedAuthorizationRequests: auth0.Bool(true), + ComplianceLevel: auth0.String("fapi1_adv_pkj_par"), + RequireProofOfPossession: auth0.Bool(true), + } + + err := api.Client.Create(context.Background(), expectedClient) + assert.NoError(t, err) + assert.NotEmpty(t, expectedClient.GetClientID()) + assert.Equal(t, true, expectedClient.GetSignedRequestObject().GetRequired()) + assert.Equal(t, "fapi1_adv_pkj_par", expectedClient.GetComplianceLevel()) + assert.Equal(t, "PS256", expectedClient.GetJWTConfiguration().GetAlgorithm()) + assert.Equal(t, true, expectedClient.GetRequirePushedAuthorizationRequests()) + assert.Equal(t, true, expectedClient.GetRequireProofOfPossession()) + + clientID := expectedClient.GetClientID() + expectedClient.ClientID = nil // Read-Only: Additional properties not allowed. + expectedClient.SigningKeys = nil // Read-Only: Additional properties not allowed. + expectedClient.JWTConfiguration.SecretEncoded = nil // Read-Only: Additional properties not allowed. + + updatedClient := expectedClient + updatedClient.SignedRequestObject.Required = auth0.Bool(false) + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + updatedClient.RequireProofOfPossession = auth0.Bool(false) + + err = api.Client.Update(context.Background(), clientID, updatedClient) + assert.NoError(t, err) + + assert.Equal(t, false, updatedClient.GetSignedRequestObject().GetRequired()) + assert.Equal(t, "fapi1_adv_mtls_par", updatedClient.GetComplianceLevel()) + assert.Equal(t, false, updatedClient.GetRequirePushedAuthorizationRequests()) + assert.Equal(t, "RS256", updatedClient.GetJWTConfiguration().GetAlgorithm()) + assert.Equal(t, false, updatedClient.GetRequireProofOfPossession()) + t.Cleanup(func() { + cleanupClient(t, expectedClient.GetClientID()) + }) +} + +func TestClientAuthenticationMethods(t *testing.T) { + updateAndVerifyClient := func(t *testing.T, clientID string, updatedClient *Client) { + err := api.Client.Update(context.Background(), clientID, updatedClient) + assert.NoError(t, err) + assert.Equal(t, "fapi1_adv_mtls_par", updatedClient.GetComplianceLevel()) + assert.Equal(t, false, updatedClient.GetRequirePushedAuthorizationRequests()) + assert.Equal(t, "RS256", updatedClient.GetJWTConfiguration().GetAlgorithm()) + } + + cleanupTestClient := func(t *testing.T, clientID string) { + t.Cleanup(func() { + cleanupClient(t, clientID) + }) + } + + t.Run("GetTLSClientAuth", func(t *testing.T) { + configureHTTPTestRecordings(t) + client := givenAClientAuthenticationMethodsClient(t, &TLSClientAuth{ + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("cert_subject_dn"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK +UDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM +BkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3 +MjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv +a3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV +BAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF +XrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9 +J3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL +msYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq +df6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj +mx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +qzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM +z3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9 +R6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf +mAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv +lmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr +So6zun26vAUJTu1o9CIjxw== +-----END CERTIFICATE-----`), + }, + }, + }) + + clientID := client.GetClientID() + client.ClientID = nil + client.SigningKeys = nil + client.JWTConfiguration.SecretEncoded = nil + + updatedClient := client + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + + updateAndVerifyClient(t, clientID, updatedClient) + cleanupTestClient(t, client.GetClientID()) + }) + + t.Run("GetSelfSignedTLSClientAuth", func(t *testing.T) { + configureHTTPTestRecordings(t) + client := givenAClientAuthenticationMethodsClient(t, &SelfSignedTLSClientAuth{ + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("x509_cert"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ +MQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh +bms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0 +REQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi +GA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC +SlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH +U3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG +A1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN +Tchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC +N6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi +MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC +fE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB +oaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD +aHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw +b3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1 +cHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4 +xiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw +9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ +jerREgM= +-----END CERTIFICATE-----`), + }, + }, + }) + + clientID := client.GetClientID() + client.ClientID = nil + client.SigningKeys = nil + client.JWTConfiguration.SecretEncoded = nil + + updatedClient := client + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + + updateAndVerifyClient(t, clientID, updatedClient) + cleanupTestClient(t, client.GetClientID()) + }) + + t.Run("GetPrivateKeyJWT", func(t *testing.T) { + configureHTTPTestRecordings(t) + client := givenAClientAuthenticationMethodsClient(t, &PrivateKeyJWT{ + Credentials: &[]Credential{ + { + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("public_key"), + PEM: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo +0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M +6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi +TSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi +yMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb +/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw +++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE +TjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH +PPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF +1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4 +XzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y +0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ== +-----END PUBLIC KEY-----`), + }, + }, + }) + + clientID := client.GetClientID() + client.ClientID = nil + client.SigningKeys = nil + client.JWTConfiguration.SecretEncoded = nil + + updatedClient := client + updatedClient.ComplianceLevel = auth0.String("fapi1_adv_mtls_par") + updatedClient.RequirePushedAuthorizationRequests = auth0.Bool(false) + updatedClient.JWTConfiguration.Algorithm = auth0.String("RS256") + + updateAndVerifyClient(t, clientID, updatedClient) + cleanupTestClient(t, client.GetClientID()) + }) +} + func TestClient_Read(t *testing.T) { configureHTTPTestRecordings(t) @@ -290,6 +507,119 @@ func TestClient_DeleteCredential(t *testing.T) { assert.Implements(t, (*Error)(nil), err) assert.Equal(t, http.StatusNotFound, err.(Error).Status()) } +func TestClient_CreateAllCredential(t *testing.T) { + t.Run("Should create PrivateJWT Credential", func(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := givenAClient(t) + + credential := &Credential{ + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("public_key"), + PEM: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo +0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M +6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi +TSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi +yMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb +/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw +++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE +TjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH +PPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF +1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4 +XzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y +0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ== +-----END PUBLIC KEY-----`), + } + + err := api.Client.CreateCredential(context.Background(), expectedClient.GetClientID(), credential) + assert.NoError(t, err) + assert.NotEmpty(t, credential.GetID()) + + t.Cleanup(func() { + cleanupCredential(t, expectedClient.GetClientID(), credential.GetID()) + }) + }) + t.Run("Should create TLSClientAuth Credential", func(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := givenAClient(t) + + credential := &Credential{ + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("cert_subject_dn"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK +UDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM +BkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3 +MjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv +a3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV +BAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF +XrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9 +J3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL +msYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq +df6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj +mx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +qzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM +z3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9 +R6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf +mAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv +lmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr +So6zun26vAUJTu1o9CIjxw== +-----END CERTIFICATE-----`), + } + + err := api.Client.CreateCredential(context.Background(), expectedClient.GetClientID(), credential) + assert.NoError(t, err) + assert.NotEmpty(t, credential.GetID()) + + t.Cleanup(func() { + cleanupCredential(t, expectedClient.GetClientID(), credential.GetID()) + }) + }) + t.Run("Should create SelfSignedTLSClientAuth Credential", func(t *testing.T) { + configureHTTPTestRecordings(t) + + expectedClient := givenAClient(t) + + credential := &Credential{ + Name: auth0.Stringf("Test Credential (%s)", time.Now().Format(time.StampMilli)), + CredentialType: auth0.String("x509_cert"), + PEM: auth0.String(`-----BEGIN CERTIFICATE----- +MIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ +MQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh +bms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0 +REQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi +GA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC +SlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH +U3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG +A1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN +Tchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC +N6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi +MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC +fE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB +oaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD +aHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw +b3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1 +cHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4 +xiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw +9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ +jerREgM= +-----END CERTIFICATE-----`), + } + + err := api.Client.CreateCredential(context.Background(), expectedClient.GetClientID(), credential) + assert.NoError(t, err) + assert.NotEmpty(t, credential.GetID()) + + t.Cleanup(func() { + cleanupCredential(t, expectedClient.GetClientID(), credential.GetID()) + }) + }) +} func givenASimpleClient(t *testing.T) *Client { t.Helper() @@ -356,6 +686,41 @@ aibASY5pIRiKENmbZELDtucCAwEAAQ== return client } +func givenAClientAuthenticationMethodsClient(t *testing.T, authMethod interface{}) *Client { + client := &Client{ + Name: auth0.Stringf("Test Client (%s)", time.Now().Format(time.StampMilli)), + Description: auth0.String("This is just a test client."), + ClientAuthenticationMethods: &ClientAuthenticationMethods{ + TLSClientAuth: nil, + SelfSignedTLSClientAuth: nil, + PrivateKeyJWT: nil, + }, + JWTConfiguration: &ClientJWTConfiguration{Algorithm: auth0.String("PS256")}, + RequirePushedAuthorizationRequests: auth0.Bool(true), + ComplianceLevel: auth0.String("fapi1_adv_pkj_par"), + } + + switch v := authMethod.(type) { + case *TLSClientAuth: + client.ClientAuthenticationMethods.TLSClientAuth = v + case *SelfSignedTLSClientAuth: + client.ClientAuthenticationMethods.SelfSignedTLSClientAuth = v + case *PrivateKeyJWT: + client.ClientAuthenticationMethods.PrivateKeyJWT = v + default: + t.Fatalf("Unsupported authentication method") + } + + err := api.Client.Create(context.Background(), client) + assert.NoError(t, err) + assert.NotEmpty(t, client.GetClientID()) + assert.Equal(t, "fapi1_adv_pkj_par", client.GetComplianceLevel()) + assert.Equal(t, "PS256", client.GetJWTConfiguration().GetAlgorithm()) + assert.Equal(t, true, client.GetRequirePushedAuthorizationRequests()) + + return client +} + func cleanupClient(t *testing.T, clientID string) { t.Helper() diff --git a/management/management.gen.go b/management/management.gen.go index 8c64196a..6f831661 100644 --- a/management/management.gen.go +++ b/management/management.gen.go @@ -673,6 +673,19 @@ func (a *AuthenticationMethods) String() string { return Stringify(a) } +// GetType returns the Type field if it's non-nil, zero value otherwise. +func (a *AuthorizationDetails) GetType() string { + if a == nil || a.Type == nil { + return "" + } + return *a.Type +} + +// String returns a string representation of AuthorizationDetails. +func (a *AuthorizationDetails) String() string { + return Stringify(a) +} + // GetLifetimeInSeconds returns the LifetimeInSeconds field if it's non-nil, zero value otherwise. func (a *AWSClientAddon) GetLifetimeInSeconds() int { if a == nil || a.LifetimeInSeconds == nil { @@ -1287,6 +1300,14 @@ func (c *Client) GetClientSecret() string { return *c.ClientSecret } +// GetComplianceLevel returns the ComplianceLevel field if it's non-nil, zero value otherwise. +func (c *Client) GetComplianceLevel() string { + if c == nil || c.ComplianceLevel == nil { + return "" + } + return *c.ComplianceLevel +} + // GetCrossOriginAuth returns the CrossOriginAuth field if it's non-nil, zero value otherwise. func (c *Client) GetCrossOriginAuth() bool { if c == nil || c.CrossOriginAuth == nil { @@ -1471,6 +1492,14 @@ func (c *Client) GetRefreshToken() *ClientRefreshToken { return c.RefreshToken } +// GetRequireProofOfPossession returns the RequireProofOfPossession field if it's non-nil, zero value otherwise. +func (c *Client) GetRequireProofOfPossession() bool { + if c == nil || c.RequireProofOfPossession == nil { + return false + } + return *c.RequireProofOfPossession +} + // GetRequirePushedAuthorizationRequests returns the RequirePushedAuthorizationRequests field if it's non-nil, zero value otherwise. func (c *Client) GetRequirePushedAuthorizationRequests() bool { if c == nil || c.RequirePushedAuthorizationRequests == nil { @@ -1479,6 +1508,14 @@ func (c *Client) GetRequirePushedAuthorizationRequests() bool { return *c.RequirePushedAuthorizationRequests } +// GetSignedRequestObject returns the SignedRequestObject field. +func (c *Client) GetSignedRequestObject() *SignedRequestObject { + if c == nil { + return nil + } + return c.SignedRequestObject +} + // GetSSO returns the SSO field if it's non-nil, zero value otherwise. func (c *Client) GetSSO() bool { if c == nil || c.SSO == nil { @@ -1761,6 +1798,22 @@ func (c *ClientAuthenticationMethods) GetPrivateKeyJWT() *PrivateKeyJWT { return c.PrivateKeyJWT } +// GetSelfSignedTLSClientAuth returns the SelfSignedTLSClientAuth field. +func (c *ClientAuthenticationMethods) GetSelfSignedTLSClientAuth() *SelfSignedTLSClientAuth { + if c == nil { + return nil + } + return c.SelfSignedTLSClientAuth +} + +// GetTLSClientAuth returns the TLSClientAuth field. +func (c *ClientAuthenticationMethods) GetTLSClientAuth() *TLSClientAuth { + if c == nil { + return nil + } + return c.TLSClientAuth +} + // String returns a string representation of ClientAuthenticationMethods. func (c *ClientAuthenticationMethods) String() string { return Stringify(c) @@ -5792,6 +5845,22 @@ func (c *Credential) GetPEM() string { return *c.PEM } +// GetSubjectDN returns the SubjectDN field if it's non-nil, zero value otherwise. +func (c *Credential) GetSubjectDN() string { + if c == nil || c.SubjectDN == nil { + return "" + } + return *c.SubjectDN +} + +// GetThumbprintSHA256 returns the ThumbprintSHA256 field if it's non-nil, zero value otherwise. +func (c *Credential) GetThumbprintSHA256() string { + if c == nil || c.ThumbprintSHA256 == nil { + return "" + } + return *c.ThumbprintSHA256 +} + // GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise. func (c *Credential) GetUpdatedAt() time.Time { if c == nil || c.UpdatedAt == nil { @@ -6363,6 +6432,43 @@ func (e *EmailTemplate) String() string { return Stringify(e) } +// GetAlg returns the Alg field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetAlg() string { + if e == nil || e.Alg == nil { + return "" + } + return *e.Alg +} + +// GetKid returns the Kid field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetKid() string { + if e == nil || e.Kid == nil { + return "" + } + return *e.Kid +} + +// GetName returns the Name field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetName() string { + if e == nil || e.Name == nil { + return "" + } + return *e.Name +} + +// GetPem returns the Pem field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetPem() string { + if e == nil || e.Pem == nil { + return "" + } + return *e.Pem +} + +// String returns a string representation of EncryptionKey. +func (e *EncryptionKey) String() string { + return Stringify(e) +} + // GetEnrolledAt returns the EnrolledAt field if it's non-nil, zero value otherwise. func (e *Enrollment) GetEnrolledAt() time.Time { if e == nil || e.EnrolledAt == nil { @@ -7307,6 +7413,19 @@ func (m *MSCRMClientAddon) String() string { return Stringify(m) } +// GetEnableEndpointAliases returns the EnableEndpointAliases field if it's non-nil, zero value otherwise. +func (m *MTLSConfiguration) GetEnableEndpointAliases() bool { + if m == nil || m.EnableEndpointAliases == nil { + return false + } + return *m.EnableEndpointAliases +} + +// String returns a string representation of MTLSConfiguration. +func (m *MTLSConfiguration) String() string { + return Stringify(m) +} + // GetEnabled returns the Enabled field if it's non-nil, zero value otherwise. func (m *MultiFactor) GetEnabled() bool { if m == nil || m.Enabled == nil { @@ -8235,6 +8354,27 @@ func (p *PromptPartials) String() string { return Stringify(p) } +// GetMechanism returns the Mechanism field if it's non-nil, zero value otherwise. +func (p *ProofOfPossession) GetMechanism() string { + if p == nil || p.Mechanism == nil { + return "" + } + return *p.Mechanism +} + +// GetRequired returns the Required field if it's non-nil, zero value otherwise. +func (p *ProofOfPossession) GetRequired() bool { + if p == nil || p.Required == nil { + return false + } + return *p.Required +} + +// String returns a string representation of ProofOfPossession. +func (p *ProofOfPossession) String() string { + return Stringify(p) +} + // GetClientID returns the ClientID field if it's non-nil, zero value otherwise. func (r *RefreshToken) GetClientID() string { if r == nil || r.ClientID == nil { @@ -8338,6 +8478,22 @@ func (r *ResourceServer) GetAllowOfflineAccess() bool { return *r.AllowOfflineAccess } +// GetAuthorizationDetails returns the AuthorizationDetails field if it's non-nil, zero value otherwise. +func (r *ResourceServer) GetAuthorizationDetails() []AuthorizationDetails { + if r == nil || r.AuthorizationDetails == nil { + return nil + } + return *r.AuthorizationDetails +} + +// GetConsentPolicy returns the ConsentPolicy field if it's non-nil, zero value otherwise. +func (r *ResourceServer) GetConsentPolicy() string { + if r == nil || r.ConsentPolicy == nil { + return "" + } + return *r.ConsentPolicy +} + // GetEnforcePolicies returns the EnforcePolicies field if it's non-nil, zero value otherwise. func (r *ResourceServer) GetEnforcePolicies() bool { if r == nil || r.EnforcePolicies == nil { @@ -8378,6 +8534,14 @@ func (r *ResourceServer) GetOptions() map[string]string { return *r.Options } +// GetProofOfPossession returns the ProofOfPossession field. +func (r *ResourceServer) GetProofOfPossession() *ProofOfPossession { + if r == nil { + return nil + } + return r.ProofOfPossession +} + // GetScopes returns the Scopes field if it's non-nil, zero value otherwise. func (r *ResourceServer) GetScopes() []ResourceServerScope { if r == nil || r.Scopes == nil { @@ -8418,6 +8582,14 @@ func (r *ResourceServer) GetTokenDialect() string { return *r.TokenDialect } +// GetTokenEncryption returns the TokenEncryption field. +func (r *ResourceServer) GetTokenEncryption() *TokenEncryption { + if r == nil { + return nil + } + return r.TokenEncryption +} + // GetTokenLifetime returns the TokenLifetime field if it's non-nil, zero value otherwise. func (r *ResourceServer) GetTokenLifetime() int { if r == nil || r.TokenLifetime == nil { @@ -9076,6 +9248,19 @@ func (s *SCIMToken) String() string { return Stringify(s) } +// GetCredentials returns the Credentials field if it's non-nil, zero value otherwise. +func (s *SelfSignedTLSClientAuth) GetCredentials() []Credential { + if s == nil || s.Credentials == nil { + return nil + } + return *s.Credentials +} + +// String returns a string representation of SelfSignedTLSClientAuth. +func (s *SelfSignedTLSClientAuth) String() string { + return Stringify(s) +} + // GetBaseURL returns the BaseURL field if it's non-nil, zero value otherwise. func (s *SentryClientAddon) GetBaseURL() string { if s == nil || s.BaseURL == nil { @@ -9118,6 +9303,27 @@ func (s *SharePointClientAddon) String() string { return Stringify(s) } +// GetCredentials returns the Credentials field if it's non-nil, zero value otherwise. +func (s *SignedRequestObject) GetCredentials() []Credential { + if s == nil || s.Credentials == nil { + return nil + } + return *s.Credentials +} + +// GetRequired returns the Required field if it's non-nil, zero value otherwise. +func (s *SignedRequestObject) GetRequired() bool { + if s == nil || s.Required == nil { + return false + } + return *s.Required +} + +// String returns a string representation of SignedRequestObject. +func (s *SignedRequestObject) String() string { + return Stringify(s) +} + // GetCert returns the Cert field if it's non-nil, zero value otherwise. func (s *SigningKey) GetCert() string { if s == nil || s.Cert == nil { @@ -9324,6 +9530,14 @@ func (s *SuspiciousIPThrottling) String() string { return Stringify(s) } +// GetAcrValuesSupported returns the AcrValuesSupported field if it's non-nil, zero value otherwise. +func (t *Tenant) GetAcrValuesSupported() []string { + if t == nil || t.AcrValuesSupported == nil { + return nil + } + return *t.AcrValuesSupported +} + // GetAllowedLogoutURLs returns the AllowedLogoutURLs field if it's non-nil, zero value otherwise. func (t *Tenant) GetAllowedLogoutURLs() []string { if t == nil || t.AllowedLogoutURLs == nil { @@ -9436,6 +9650,14 @@ func (t *Tenant) GetIdleSessionLifetime() float64 { return *t.IdleSessionLifetime } +// GetMTLS returns the MTLS field. +func (t *Tenant) GetMTLS() *MTLSConfiguration { + if t == nil { + return nil + } + return t.MTLS +} + // GetPictureURL returns the PictureURL field if it's non-nil, zero value otherwise. func (t *Tenant) GetPictureURL() string { if t == nil || t.PictureURL == nil { @@ -9444,6 +9666,14 @@ func (t *Tenant) GetPictureURL() string { return *t.PictureURL } +// GetPushedAuthorizationRequestsSupported returns the PushedAuthorizationRequestsSupported field if it's non-nil, zero value otherwise. +func (t *Tenant) GetPushedAuthorizationRequestsSupported() bool { + if t == nil || t.PushedAuthorizationRequestsSupported == nil { + return false + } + return *t.PushedAuthorizationRequestsSupported +} + // GetSandboxVersion returns the SandboxVersion field if it's non-nil, zero value otherwise. func (t *Tenant) GetSandboxVersion() string { if t == nil || t.SandboxVersion == nil { @@ -9768,6 +9998,14 @@ func (t *TenantFlags) GetNoDisclosureEnterpriseConnections() bool { return *t.NoDisclosureEnterpriseConnections } +// GetRemoveAlgFromJWKS returns the RemoveAlgFromJWKS field if it's non-nil, zero value otherwise. +func (t *TenantFlags) GetRemoveAlgFromJWKS() bool { + if t == nil || t.RemoveAlgFromJWKS == nil { + return false + } + return *t.RemoveAlgFromJWKS +} + // GetRequirePushedAuthorizationRequests returns the RequirePushedAuthorizationRequests field if it's non-nil, zero value otherwise. func (t *TenantFlags) GetRequirePushedAuthorizationRequests() bool { if t == nil || t.RequirePushedAuthorizationRequests == nil { @@ -9979,6 +10217,40 @@ func (t *Ticket) String() string { return Stringify(t) } +// GetCredentials returns the Credentials field if it's non-nil, zero value otherwise. +func (t *TLSClientAuth) GetCredentials() []Credential { + if t == nil || t.Credentials == nil { + return nil + } + return *t.Credentials +} + +// String returns a string representation of TLSClientAuth. +func (t *TLSClientAuth) String() string { + return Stringify(t) +} + +// GetEncryptionKey returns the EncryptionKey field. +func (t *TokenEncryption) GetEncryptionKey() *EncryptionKey { + if t == nil { + return nil + } + return t.EncryptionKey +} + +// GetFormat returns the Format field if it's non-nil, zero value otherwise. +func (t *TokenEncryption) GetFormat() string { + if t == nil || t.Format == nil { + return "" + } + return *t.Format +} + +// String returns a string representation of TokenEncryption. +func (t *TokenEncryption) String() string { + return Stringify(t) +} + // GetAppMetadata returns the AppMetadata field if it's non-nil, zero value otherwise. func (u *User) GetAppMetadata() map[string]interface{} { if u == nil || u.AppMetadata == nil { diff --git a/management/management.gen_test.go b/management/management.gen_test.go index 420bbca1..67108e62 100644 --- a/management/management.gen_test.go +++ b/management/management.gen_test.go @@ -855,6 +855,24 @@ func TestAuthenticationMethods_String(t *testing.T) { } } +func TestAuthorizationDetails_GetType(tt *testing.T) { + var zeroValue string + a := &AuthorizationDetails{Type: &zeroValue} + a.GetType() + a = &AuthorizationDetails{} + a.GetType() + a = nil + a.GetType() +} + +func TestAuthorizationDetails_String(t *testing.T) { + var rawJSON json.RawMessage + v := &AuthorizationDetails{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestAWSClientAddon_GetLifetimeInSeconds(tt *testing.T) { var zeroValue int a := &AWSClientAddon{LifetimeInSeconds: &zeroValue} @@ -1640,6 +1658,16 @@ func TestClient_GetClientSecret(tt *testing.T) { c.GetClientSecret() } +func TestClient_GetComplianceLevel(tt *testing.T) { + var zeroValue string + c := &Client{ComplianceLevel: &zeroValue} + c.GetComplianceLevel() + c = &Client{} + c.GetComplianceLevel() + c = nil + c.GetComplianceLevel() +} + func TestClient_GetCrossOriginAuth(tt *testing.T) { var zeroValue bool c := &Client{CrossOriginAuth: &zeroValue} @@ -1852,6 +1880,16 @@ func TestClient_GetRefreshToken(tt *testing.T) { c.GetRefreshToken() } +func TestClient_GetRequireProofOfPossession(tt *testing.T) { + var zeroValue bool + c := &Client{RequireProofOfPossession: &zeroValue} + c.GetRequireProofOfPossession() + c = &Client{} + c.GetRequireProofOfPossession() + c = nil + c.GetRequireProofOfPossession() +} + func TestClient_GetRequirePushedAuthorizationRequests(tt *testing.T) { var zeroValue bool c := &Client{RequirePushedAuthorizationRequests: &zeroValue} @@ -1862,6 +1900,13 @@ func TestClient_GetRequirePushedAuthorizationRequests(tt *testing.T) { c.GetRequirePushedAuthorizationRequests() } +func TestClient_GetSignedRequestObject(tt *testing.T) { + c := &Client{} + c.GetSignedRequestObject() + c = nil + c.GetSignedRequestObject() +} + func TestClient_GetSSO(tt *testing.T) { var zeroValue bool c := &Client{SSO: &zeroValue} @@ -2128,6 +2173,20 @@ func TestClientAuthenticationMethods_GetPrivateKeyJWT(tt *testing.T) { c.GetPrivateKeyJWT() } +func TestClientAuthenticationMethods_GetSelfSignedTLSClientAuth(tt *testing.T) { + c := &ClientAuthenticationMethods{} + c.GetSelfSignedTLSClientAuth() + c = nil + c.GetSelfSignedTLSClientAuth() +} + +func TestClientAuthenticationMethods_GetTLSClientAuth(tt *testing.T) { + c := &ClientAuthenticationMethods{} + c.GetTLSClientAuth() + c = nil + c.GetTLSClientAuth() +} + func TestClientAuthenticationMethods_String(t *testing.T) { var rawJSON json.RawMessage v := &ClientAuthenticationMethods{} @@ -7182,6 +7241,26 @@ func TestCredential_GetPEM(tt *testing.T) { c.GetPEM() } +func TestCredential_GetSubjectDN(tt *testing.T) { + var zeroValue string + c := &Credential{SubjectDN: &zeroValue} + c.GetSubjectDN() + c = &Credential{} + c.GetSubjectDN() + c = nil + c.GetSubjectDN() +} + +func TestCredential_GetThumbprintSHA256(tt *testing.T) { + var zeroValue string + c := &Credential{ThumbprintSHA256: &zeroValue} + c.GetThumbprintSHA256() + c = &Credential{} + c.GetThumbprintSHA256() + c = nil + c.GetThumbprintSHA256() +} + func TestCredential_GetUpdatedAt(tt *testing.T) { var zeroValue time.Time c := &Credential{UpdatedAt: &zeroValue} @@ -7924,6 +8003,54 @@ func TestEmailTemplate_String(t *testing.T) { } } +func TestEncryptionKey_GetAlg(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Alg: &zeroValue} + e.GetAlg() + e = &EncryptionKey{} + e.GetAlg() + e = nil + e.GetAlg() +} + +func TestEncryptionKey_GetKid(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Kid: &zeroValue} + e.GetKid() + e = &EncryptionKey{} + e.GetKid() + e = nil + e.GetKid() +} + +func TestEncryptionKey_GetName(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Name: &zeroValue} + e.GetName() + e = &EncryptionKey{} + e.GetName() + e = nil + e.GetName() +} + +func TestEncryptionKey_GetPem(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Pem: &zeroValue} + e.GetPem() + e = &EncryptionKey{} + e.GetPem() + e = nil + e.GetPem() +} + +func TestEncryptionKey_String(t *testing.T) { + var rawJSON json.RawMessage + v := &EncryptionKey{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestEnrollment_GetEnrolledAt(tt *testing.T) { var zeroValue time.Time e := &Enrollment{EnrolledAt: &zeroValue} @@ -9140,6 +9267,24 @@ func TestMSCRMClientAddon_String(t *testing.T) { } } +func TestMTLSConfiguration_GetEnableEndpointAliases(tt *testing.T) { + var zeroValue bool + m := &MTLSConfiguration{EnableEndpointAliases: &zeroValue} + m.GetEnableEndpointAliases() + m = &MTLSConfiguration{} + m.GetEnableEndpointAliases() + m = nil + m.GetEnableEndpointAliases() +} + +func TestMTLSConfiguration_String(t *testing.T) { + var rawJSON json.RawMessage + v := &MTLSConfiguration{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestMultiFactor_GetEnabled(tt *testing.T) { var zeroValue bool m := &MultiFactor{Enabled: &zeroValue} @@ -10355,6 +10500,34 @@ func TestPromptPartials_String(t *testing.T) { } } +func TestProofOfPossession_GetMechanism(tt *testing.T) { + var zeroValue string + p := &ProofOfPossession{Mechanism: &zeroValue} + p.GetMechanism() + p = &ProofOfPossession{} + p.GetMechanism() + p = nil + p.GetMechanism() +} + +func TestProofOfPossession_GetRequired(tt *testing.T) { + var zeroValue bool + p := &ProofOfPossession{Required: &zeroValue} + p.GetRequired() + p = &ProofOfPossession{} + p.GetRequired() + p = nil + p.GetRequired() +} + +func TestProofOfPossession_String(t *testing.T) { + var rawJSON json.RawMessage + v := &ProofOfPossession{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestRefreshToken_GetClientID(tt *testing.T) { var zeroValue string r := &RefreshToken{ClientID: &zeroValue} @@ -10489,6 +10662,26 @@ func TestResourceServer_GetAllowOfflineAccess(tt *testing.T) { r.GetAllowOfflineAccess() } +func TestResourceServer_GetAuthorizationDetails(tt *testing.T) { + var zeroValue []AuthorizationDetails + r := &ResourceServer{AuthorizationDetails: &zeroValue} + r.GetAuthorizationDetails() + r = &ResourceServer{} + r.GetAuthorizationDetails() + r = nil + r.GetAuthorizationDetails() +} + +func TestResourceServer_GetConsentPolicy(tt *testing.T) { + var zeroValue string + r := &ResourceServer{ConsentPolicy: &zeroValue} + r.GetConsentPolicy() + r = &ResourceServer{} + r.GetConsentPolicy() + r = nil + r.GetConsentPolicy() +} + func TestResourceServer_GetEnforcePolicies(tt *testing.T) { var zeroValue bool r := &ResourceServer{EnforcePolicies: &zeroValue} @@ -10539,6 +10732,13 @@ func TestResourceServer_GetOptions(tt *testing.T) { r.GetOptions() } +func TestResourceServer_GetProofOfPossession(tt *testing.T) { + r := &ResourceServer{} + r.GetProofOfPossession() + r = nil + r.GetProofOfPossession() +} + func TestResourceServer_GetScopes(tt *testing.T) { var zeroValue []ResourceServerScope r := &ResourceServer{Scopes: &zeroValue} @@ -10589,6 +10789,13 @@ func TestResourceServer_GetTokenDialect(tt *testing.T) { r.GetTokenDialect() } +func TestResourceServer_GetTokenEncryption(tt *testing.T) { + r := &ResourceServer{} + r.GetTokenEncryption() + r = nil + r.GetTokenEncryption() +} + func TestResourceServer_GetTokenLifetime(tt *testing.T) { var zeroValue int r := &ResourceServer{TokenLifetime: &zeroValue} @@ -11440,6 +11647,24 @@ func TestSCIMToken_String(t *testing.T) { } } +func TestSelfSignedTLSClientAuth_GetCredentials(tt *testing.T) { + var zeroValue []Credential + s := &SelfSignedTLSClientAuth{Credentials: &zeroValue} + s.GetCredentials() + s = &SelfSignedTLSClientAuth{} + s.GetCredentials() + s = nil + s.GetCredentials() +} + +func TestSelfSignedTLSClientAuth_String(t *testing.T) { + var rawJSON json.RawMessage + v := &SelfSignedTLSClientAuth{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestSentryClientAddon_GetBaseURL(tt *testing.T) { var zeroValue string s := &SentryClientAddon{BaseURL: &zeroValue} @@ -11496,6 +11721,34 @@ func TestSharePointClientAddon_String(t *testing.T) { } } +func TestSignedRequestObject_GetCredentials(tt *testing.T) { + var zeroValue []Credential + s := &SignedRequestObject{Credentials: &zeroValue} + s.GetCredentials() + s = &SignedRequestObject{} + s.GetCredentials() + s = nil + s.GetCredentials() +} + +func TestSignedRequestObject_GetRequired(tt *testing.T) { + var zeroValue bool + s := &SignedRequestObject{Required: &zeroValue} + s.GetRequired() + s = &SignedRequestObject{} + s.GetRequired() + s = nil + s.GetRequired() +} + +func TestSignedRequestObject_String(t *testing.T) { + var rawJSON json.RawMessage + v := &SignedRequestObject{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestSigningKey_GetCert(tt *testing.T) { var zeroValue string s := &SigningKey{Cert: &zeroValue} @@ -11755,6 +12008,16 @@ func TestSuspiciousIPThrottling_String(t *testing.T) { } } +func TestTenant_GetAcrValuesSupported(tt *testing.T) { + var zeroValue []string + t := &Tenant{AcrValuesSupported: &zeroValue} + t.GetAcrValuesSupported() + t = &Tenant{} + t.GetAcrValuesSupported() + t = nil + t.GetAcrValuesSupported() +} + func TestTenant_GetAllowedLogoutURLs(tt *testing.T) { var zeroValue []string t := &Tenant{AllowedLogoutURLs: &zeroValue} @@ -11880,6 +12143,13 @@ func TestTenant_GetIdleSessionLifetime(tt *testing.T) { t.GetIdleSessionLifetime() } +func TestTenant_GetMTLS(tt *testing.T) { + t := &Tenant{} + t.GetMTLS() + t = nil + t.GetMTLS() +} + func TestTenant_GetPictureURL(tt *testing.T) { var zeroValue string t := &Tenant{PictureURL: &zeroValue} @@ -11890,6 +12160,16 @@ func TestTenant_GetPictureURL(tt *testing.T) { t.GetPictureURL() } +func TestTenant_GetPushedAuthorizationRequestsSupported(tt *testing.T) { + var zeroValue bool + t := &Tenant{PushedAuthorizationRequestsSupported: &zeroValue} + t.GetPushedAuthorizationRequestsSupported() + t = &Tenant{} + t.GetPushedAuthorizationRequestsSupported() + t = nil + t.GetPushedAuthorizationRequestsSupported() +} + func TestTenant_GetSandboxVersion(tt *testing.T) { var zeroValue string t := &Tenant{SandboxVersion: &zeroValue} @@ -12293,6 +12573,16 @@ func TestTenantFlags_GetNoDisclosureEnterpriseConnections(tt *testing.T) { t.GetNoDisclosureEnterpriseConnections() } +func TestTenantFlags_GetRemoveAlgFromJWKS(tt *testing.T) { + var zeroValue bool + t := &TenantFlags{RemoveAlgFromJWKS: &zeroValue} + t.GetRemoveAlgFromJWKS() + t = &TenantFlags{} + t.GetRemoveAlgFromJWKS() + t = nil + t.GetRemoveAlgFromJWKS() +} + func TestTenantFlags_GetRequirePushedAuthorizationRequests(tt *testing.T) { var zeroValue bool t := &TenantFlags{RequirePushedAuthorizationRequests: &zeroValue} @@ -12563,6 +12853,49 @@ func TestTicket_String(t *testing.T) { } } +func TestTLSClientAuth_GetCredentials(tt *testing.T) { + var zeroValue []Credential + t := &TLSClientAuth{Credentials: &zeroValue} + t.GetCredentials() + t = &TLSClientAuth{} + t.GetCredentials() + t = nil + t.GetCredentials() +} + +func TestTLSClientAuth_String(t *testing.T) { + var rawJSON json.RawMessage + v := &TLSClientAuth{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + +func TestTokenEncryption_GetEncryptionKey(tt *testing.T) { + t := &TokenEncryption{} + t.GetEncryptionKey() + t = nil + t.GetEncryptionKey() +} + +func TestTokenEncryption_GetFormat(tt *testing.T) { + var zeroValue string + t := &TokenEncryption{Format: &zeroValue} + t.GetFormat() + t = &TokenEncryption{} + t.GetFormat() + t = nil + t.GetFormat() +} + +func TestTokenEncryption_String(t *testing.T) { + var rawJSON json.RawMessage + v := &TokenEncryption{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestUser_GetAppMetadata(tt *testing.T) { var zeroValue map[string]interface{} u := &User{AppMetadata: &zeroValue} diff --git a/management/resource_server.go b/management/resource_server.go index f3b767fa..82916e96 100644 --- a/management/resource_server.go +++ b/management/resource_server.go @@ -18,7 +18,7 @@ type ResourceServer struct { // Scopes supported by the resource server. Scopes *[]ResourceServerScope `json:"scopes,omitempty"` - // The algorithm used to sign tokens ["HS256" or "RS256"]. + // Algorithm used to sign JWTs. Can be `HS256` or `RS256`. `PS256` available via addon. SigningAlgorithm *string `json:"signing_alg,omitempty"` // The secret used to sign tokens when using symmetric algorithms. @@ -59,6 +59,101 @@ type ResourceServer struct { // Note: RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API." // For more details, see the Access Token Profiles documentation : https://auth0.com/docs/secure/tokens/access-tokens/access-token-profiles. TokenDialect *string `json:"token_dialect,omitempty"` + + // ConsentPolicy specifies the consent policy for the resource server. + // + // Available options: + // - "transactional-authorization-with-mfa" + // - null + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/resource-servers/{id} + // + // { + // "consent_policy": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + ConsentPolicy *string `json:"consent_policy,omitempty"` + + // The list of authorization details for the resource server. + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/resource-servers/{id} + // + // { + // "authorization_details": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + AuthorizationDetails *[]AuthorizationDetails `json:"authorization_details,omitempty"` + + // TokenEncryption specifies the token encryption for the resource server. + // + // Available options: + // - "compact-nested-jwe" + // - null + TokenEncryption *TokenEncryption `json:"token_encryption,omitempty"` + + // Proof-of-Possession configuration for access tokens. + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/resource-servers/{id} + // + // { + // "proof_of_possession": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + ProofOfPossession *ProofOfPossession `json:"proof_of_possession,omitempty"` +} + +// AuthorizationDetails specifies the authorization details for the resource server. +type AuthorizationDetails struct { + // The authorization_detail type identifier. + Type *string `json:"type,omitempty"` +} + +// ProofOfPossession specifies the proof-of-possession configuration for access tokens. +type ProofOfPossession struct { + // Intended mechanism for Proof-of-Possession. + // + // Available options: + // - "mtls" + Mechanism *string `json:"mechanism,omitempty"` + + // Whether the use of Proof-of-Possession is required for the resource server. + Required *bool `json:"required,omitempty"` +} + +// TokenEncryption specifies the token encryption for the resource server. +type TokenEncryption struct { + // Format of the encrypted JWT payload. + Format *string `json:"format,omitempty"` + + // EncryptionKey specifies the encryption key for the token encryption. + EncryptionKey *EncryptionKey `json:"encryption_key,omitempty"` +} + +// EncryptionKey specifies the encryption key for the token encryption. +type EncryptionKey struct { + // Name of the encryption key. + Name *string `json:"name,omitempty"` + + // Algorithm used to encrypt the token. + Alg *string `json:"alg,omitempty"` + + // Key ID. + Kid *string `json:"kid,omitempty"` + + // PEM-formatted public key. Must be JSON escaped + Pem *string `json:"pem,omitempty"` } // ResourceServerScope defines the specific actions, resource servers can be allowed to do. diff --git a/management/resource_server_test.go b/management/resource_server_test.go index 40435a71..d79c027c 100644 --- a/management/resource_server_test.go +++ b/management/resource_server_test.go @@ -18,7 +18,7 @@ func TestResourceServer_Create(t *testing.T) { expectedResourceServer := &ResourceServer{ Name: auth0.Stringf("Test Resource Server (%s)", time.Now().Format(time.StampMilli)), Identifier: auth0.String("https://api.example.com/"), - SigningAlgorithm: auth0.String("HS256"), + SigningAlgorithm: auth0.String("PS256"), TokenLifetime: auth0.Int(7200), TokenLifetimeForWeb: auth0.Int(3600), Scopes: &[]ResourceServerScope{ @@ -29,6 +29,41 @@ func TestResourceServer_Create(t *testing.T) { }, EnforcePolicies: auth0.Bool(true), TokenDialect: auth0.String("rfc9068_profile_authz"), + ConsentPolicy: auth0.String("transactional-authorization-with-mfa"), + AuthorizationDetails: &[]AuthorizationDetails{ + { + Type: auth0.String("payment"), + }, + { + Type: auth0.String("my custom type"), + }, + }, + TokenEncryption: &TokenEncryption{ + Format: auth0.String("compact-nested-jwe"), + EncryptionKey: &EncryptionKey{ + Name: auth0.String("my JWE public key"), + Alg: auth0.String("RSA-OAEP-256"), + Kid: auth0.String("my-key-id"), + Pem: auth0.String(`-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe +3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R +tHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao +JnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I +3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X +AWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG +I+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu ++a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8 +r38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW +i/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL +JbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f +aibASY5pIRiKENmbZELDtucCAwEAAQ== +-----END PUBLIC KEY-----`), + }, + }, + ProofOfPossession: &ProofOfPossession{ + Mechanism: auth0.String("mtls"), + Required: auth0.Bool(true), + }, } err := api.ResourceServer.Create(context.Background(), expectedResourceServer) diff --git a/management/tenant.go b/management/tenant.go index def8920b..04419be6 100644 --- a/management/tenant.go +++ b/management/tenant.go @@ -87,6 +87,41 @@ type Tenant struct { // If `true`, flexible factors will be enabled for MFA in the PostLogin action. CustomizeMFAInPostLoginAction *bool `json:"customize_mfa_in_postlogin_action,omitempty"` + + // AcrValuesSupported Supported ACR values + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/tenants/settings + // { + // "acr_values_supported": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + AcrValuesSupported *[]string `json:"acr_values_supported,omitempty"` + + // MTLS configuration for the tenant. Default is false. + // + // To unset values (set to null), use a PATCH request like this: + // + // PATCH /api/v2/tenants/settings + // { + // "mtls": null + // } + // + // For more details on making custom requests, refer to the Auth0 Go SDK examples: + // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct + MTLS *MTLSConfiguration `json:"mtls,omitempty"` + + // Enables the use of Pushed Authorization Requests + PushedAuthorizationRequestsSupported *bool `json:"pushed_authorization_requests_supported,omitempty"` +} + +// MTLSConfiguration hold settings for mTLS. If true, enables mTLS endpoint aliases. +type MTLSConfiguration struct { + // If true, enables mTLS endpoint aliases + EnableEndpointAliases *bool `json:"enable_endpoint_aliases,omitempty"` } // MarshalJSON is a custom serializer for the Tenant type. @@ -253,6 +288,9 @@ type TenantFlags struct { // If `true`, all Clients will be required to use Pushed Authorization Requests. // This feature currently must be enabled for your tenant. RequirePushedAuthorizationRequests *bool `json:"require_pushed_authorization_requests,omitempty"` + + // Removes alg property from jwks .well-known endpoint + RemoveAlgFromJWKS *bool `json:"remove_alg_from_jwks,omitempty"` } // TenantUniversalLogin holds universal login settings. diff --git a/management/tenant_test.go b/management/tenant_test.go index e3f9ce04..0dffa4a3 100644 --- a/management/tenant_test.go +++ b/management/tenant_test.go @@ -41,6 +41,11 @@ func TestTenantManager(t *testing.T) { Sessions: &TenantSessions{ OIDCLogoutPromptEnabled: auth0.Bool(false), }, + AcrValuesSupported: &[]string{"foo", "bar"}, + PushedAuthorizationRequestsSupported: auth0.Bool(true), + MTLS: &MTLSConfiguration{ + EnableEndpointAliases: auth0.Bool(true), + }, } err = api.Tenant.Update(context.Background(), newTenantSettings) assert.NoError(t, err) @@ -58,6 +63,9 @@ func TestTenantManager(t *testing.T) { assert.Equal(t, newTenantSettings.GetEnabledLocales(), actualTenantSettings.GetEnabledLocales()) assert.Equal(t, newTenantSettings.GetSandboxVersion(), actualTenantSettings.GetSandboxVersion()) assert.Equal(t, newTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled(), actualTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled()) + assert.Equal(t, newTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + assert.Equal(t, newTenantSettings.GetPushedAuthorizationRequestsSupported(), actualTenantSettings.GetPushedAuthorizationRequestsSupported()) + assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) } func TestTenant_MarshalJSON(t *testing.T) { diff --git a/test/data/recordings/TestClientAuthenticationMethods/GetPrivateKeyJWT.yaml b/test/data/recordings/TestClientAuthenticationMethods/GetPrivateKeyJWT.yaml new file mode 100644 index 00000000..1d88c5fa --- /dev/null +++ b/test/data/recordings/TestClientAuthenticationMethods/GetPrivateKeyJWT.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1180 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:13:39.570)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo\n0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M\n6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi\nTSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi\nyMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb\n/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw\n++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE\nTjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH\nPPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF\n1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4\nXzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y\n0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ==\n-----END PUBLIC KEY-----"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","client_id":"LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qNv47ogmUPrVAsjjTDe6iE","name":"Test Credential (Aug 6 16:13:39.570)","kid":"QTtPEeOT2gWWuID0QDg6nHgh7foYRcWkOyJ9DhNIn_A","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:43:39.774Z","updated_at":"2024-08-06T10:43:39.774Z"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 448.114208ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 757 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qNv47ogmUPrVAsjjTDe6iE"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:39.570)","description":"This is just a test client.","client_id":"LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qNv47ogmUPrVAsjjTDe6iE"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 308.812708ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/LuhY9GRvYy4VCFUWgsDo60Xp7wBaVn7X + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 267.545417ms diff --git a/test/data/recordings/TestClientAuthenticationMethods/GetSelfSignedTLSClientAuth.yaml b/test/data/recordings/TestClientAuthenticationMethods/GetSelfSignedTLSClientAuth.yaml new file mode 100644 index 00000000..1861badc --- /dev/null +++ b/test/data/recordings/TestClientAuthenticationMethods/GetSelfSignedTLSClientAuth.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1763 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"name":"Test Credential (Aug 6 16:13:38.471)","credential_type":"x509_cert","pem":"-----BEGIN CERTIFICATE-----\nMIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ\nMQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh\nbms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0\nREQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi\nGA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC\nSlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH\nU3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG\nA1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\ngYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN\nTchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC\nN6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi\nMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC\nfE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB\noaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD\naHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw\nb3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1\ncHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4\nxiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw\n9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ\njerREgM=\n-----END CERTIFICATE-----"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","client_id":"T0F8eusctjE3OQjAVDes0kFySDBZVInJ","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"id":"cred_ec4qP1i6vDL4AoNZXxJNzT","name":"Test Credential (Aug 6 16:13:38.471)","credential_type":"x509_cert","created_at":"2024-08-06T10:43:38.677Z","updated_at":"2024-08-06T10:43:38.677Z","expires_at":"9999-12-31T23:59:59Z","thumbprint_sha256":"NTkulT-DcSrRSevqZd26aq0DCz8YbOFGjKVs-Expu4w"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 421.29475ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 769 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"id":"cred_ec4qP1i6vDL4AoNZXxJNzT"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/T0F8eusctjE3OQjAVDes0kFySDBZVInJ + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:38.471)","description":"This is just a test client.","client_id":"T0F8eusctjE3OQjAVDes0kFySDBZVInJ","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"self_signed_tls_client_auth":{"credentials":[{"id":"cred_ec4qP1i6vDL4AoNZXxJNzT"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 292.8755ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/T0F8eusctjE3OQjAVDes0kFySDBZVInJ + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 382.640375ms diff --git a/test/data/recordings/TestClientAuthenticationMethods/GetTLSClientAuth.yaml b/test/data/recordings/TestClientAuthenticationMethods/GetTLSClientAuth.yaml new file mode 100644 index 00000000..285c6d39 --- /dev/null +++ b/test/data/recordings/TestClientAuthenticationMethods/GetTLSClientAuth.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1575 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"name":"Test Credential (Aug 6 16:13:36.889)","credential_type":"cert_subject_dn","pem":"-----BEGIN CERTIFICATE-----\nMIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK\nUDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM\nBkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3\nMjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv\na3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV\nBAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF\nXrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9\nJ3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL\nmsYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq\ndf6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj\nmx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA\nqzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM\nz3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9\nR6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf\nmAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv\nlmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr\nSo6zun26vAUJTu1o9CIjxw==\n-----END CERTIFICATE-----"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","client_id":"8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"id":"cred_1xDDe5pMRUnr2Pnqzvi3t7","name":"Test Credential (Aug 6 16:13:36.889)","credential_type":"cert_subject_dn","created_at":"2024-08-06T10:43:37.617Z","updated_at":"2024-08-06T10:43:37.617Z","subject_dn":"C=JP\nST=Tokyo\nL=Chiyoda-ku\nO=Client\nCN=client.example.org"}]}},"require_pushed_authorization_requests":true,"compliance_level":"fapi1_adv_pkj_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 919.919542ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 757 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"id":"cred_1xDDe5pMRUnr2Pnqzvi3t7"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:36.889)","description":"This is just a test client.","client_id":"8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"client_authentication_methods":{"tls_client_auth":{"credentials":[{"id":"cred_1xDDe5pMRUnr2Pnqzvi3t7"}]}},"require_pushed_authorization_requests":false,"compliance_level":"fapi1_adv_mtls_par"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 311.838833ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/8uDprY0eL5b8gqQRSumRNoNfDTUjYY0E + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 344.8815ms diff --git a/test/data/recordings/TestClientSignedRequestObject.yaml b/test/data/recordings/TestClientSignedRequestObject.yaml new file mode 100644 index 00000000..39945735 --- /dev/null +++ b/test/data/recordings/TestClientSignedRequestObject.yaml @@ -0,0 +1,110 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1203 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","jwt_configuration":{"alg":"PS256"},"require_pushed_authorization_requests":true,"signed_request_object":{"required":true,"credentials":[{"name":"Test Credential (Aug 6 16:13:21.503)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]},"compliance_level":"fapi1_adv_pkj_par","require_proof_of_possession":true} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","client_id":"PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"PS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"require_pushed_authorization_requests":true,"signed_request_object":{"required":true,"credentials":[{"id":"cred_2gJgywmzp5d8bnr7aFRv1H","name":"Test Credential (Aug 6 16:13:21.503)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:43:22.182Z","updated_at":"2024-08-06T10:43:22.182Z"}]},"compliance_level":"fapi1_adv_pkj_par","require_proof_of_possession":true}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 937.416167ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 865 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","client_secret":"513sOsQQTUeCC2ypir7PO1HwgV2r1hexW9rt3cVyhD9W2IB6i-s0FhXWahXU1DTb","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"alg":"RS256"},"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"require_pushed_authorization_requests":false,"signed_request_object":{"required":false,"credentials":[{"id":"cred_2gJgywmzp5d8bnr7aFRv1H"}]},"compliance_level":"fapi1_adv_mtls_par","require_proof_of_possession":false} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Test Client (Aug 6 16:13:21.502)","description":"This is just a test client.","client_id":"PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"require_pushed_authorization_requests":false,"signed_request_object":{"required":false,"credentials":[{"id":"cred_2gJgywmzp5d8bnr7aFRv1H"}]},"compliance_level":"fapi1_adv_mtls_par","require_proof_of_possession":false}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 348.067458ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/PvsSTwMgPQ9KOCVolhpG2OX9fhEAy28W + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 357.361792ms diff --git a/test/data/recordings/TestClient_CreateAllCredential/Should_create_PrivateJWT_Credential.yaml b/test/data/recordings/TestClient_CreateAllCredential/Should_create_PrivateJWT_Credential.yaml new file mode 100644 index 00000000..3997c986 --- /dev/null +++ b/test/data/recordings/TestClient_CreateAllCredential/Should_create_PrivateJWT_Credential.yaml @@ -0,0 +1,145 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1125 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:14:42.294)","description":"This is just a test client.","jwt_configuration":{"alg":"RS256"},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:14:42.294)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]}}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:14:42.294)","description":"This is just a test client.","client_id":"e39BM6w1btNy0Rf6Col8jI3nloH9Trvz","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_uePxAqu3pekDAL8jJcwo81","name":"Test Credential (Aug 6 16:14:42.294)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:44:42.999Z","updated_at":"2024-08-06T10:44:42.999Z"}]}}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 981.620542ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 901 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Credential (Aug 6 16:14:43.277)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3njxXJoHnuN4hByBhSUo\n0kIbXkJTA0wP0fig87MyVz5KgohPrPJgbRSZ7yz/MmXa4qRNHkWiClJybMS2a98M\n6ELOFG8pfDb6J7JaJqx0Kvqn6xsGInbpwsth3K582Cxrp+Y+GBNja++8wDY5IqAi\nTSKSZRNies0GO0grzQ7kj2p0+R7a0c86mdLO4JnGrHoBqEY1HcsfnJvkJkqETlGi\nyMzDQw8Wkux7P59N/3wuroAI83+HMYl1fV39ek3L/GrsLjECrNe5/CVFtblNltyb\n/va9+pAP7Ye5p6tTW2oj3fzUvdX3dYzENWEtRB7DBHXnfEHMjTaBiQeWb2yDHBCw\n++Uh1OCKw9ZLYzoE6gcDQspYf+fFU3F0kuU4c//gSoNuj/iEjaNmOEK6S3xGy8fE\nTjsC+0oF6YaokDZO9+NreL/sGxFfOAysybrKWrMoaYwa81RlpcmBGZM7H1M00zLH\nPPfCYVhGhFs5X3Qzzt6MQE+msgMt9zeGH7liJbOSW2NGSJwbmn7q35YYIfJEoXRF\n1iefT/9fJB9vhQhtYfCOe3AEpTQq6Yz5ViLhToBdsVDBbz2gmRLALs9/D91SE9T4\nXzvXjHGyxWVu0jdvS9hyhJzP4165k1cYDgx8mmg0VxR7j79LmCUDsFcvvSrAOf6y\n0zY7r4pmNyQQ0r4in/gs/wkCAwEAAQ==\n-----END PUBLIC KEY-----"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/e39BM6w1btNy0Rf6Col8jI3nloH9Trvz/credentials + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 260 + uncompressed: false + body: '{"id":"cred_n2FhK8PGRa9oQub38vNng1","credential_type":"public_key","kid":"QTtPEeOT2gWWuID0QDg6nHgh7foYRcWkOyJ9DhNIn_A","alg":"RS256","name":"Test Credential (Aug 6 16:14:43.277)","created_at":"2024-08-06T10:44:43.477Z","updated_at":"2024-08-06T10:44:43.477Z"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 290.07175ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/e39BM6w1btNy0Rf6Col8jI3nloH9Trvz/credentials/cred_n2FhK8PGRa9oQub38vNng1 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 265.03525ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/e39BM6w1btNy0Rf6Col8jI3nloH9Trvz + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 335.680542ms diff --git a/test/data/recordings/TestClient_CreateAllCredential/Should_create_SelfSignedTLSClientAuth_Credential.yaml b/test/data/recordings/TestClient_CreateAllCredential/Should_create_SelfSignedTLSClientAuth_Credential.yaml new file mode 100644 index 00000000..d824cb8b --- /dev/null +++ b/test/data/recordings/TestClient_CreateAllCredential/Should_create_SelfSignedTLSClientAuth_Credential.yaml @@ -0,0 +1,145 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1125 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:14:45.584)","description":"This is just a test client.","jwt_configuration":{"alg":"RS256"},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:14:45.584)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]}}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:14:45.584)","description":"This is just a test client.","client_id":"B1h6RVXJBx48NSLDvambwNrPLHQgzV8l","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_qJCg1RtcTsELNSBFtZgNkw","name":"Test Credential (Aug 6 16:14:45.584)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:44:45.785Z","updated_at":"2024-08-06T10:44:45.785Z"}]}}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 427.570292ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1472 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Credential (Aug 6 16:14:46.012)","credential_type":"x509_cert","pem":"-----BEGIN CERTIFICATE-----\nMIIDwTCCAyqgAwIBAgICDh4wDQYJKoZIhvcNAQEFBQAwgZsxCzAJBgNVBAYTAkpQ\nMQ4wDAYDVQQIEwVUb2t5bzEQMA4GA1UEBxMHQ2h1by1rdTERMA8GA1UEChMIRnJh\nbms0REQxGDAWBgNVBAsTD1dlYkNlcnQgU3VwcG9ydDEYMBYGA1UEAxMPRnJhbms0\nREQgV2ViIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZyYW5rNGRkLmNvbTAi\nGA8wMDAwMDEwMTAwMDAwMVoYDzk5OTkxMjMxMjM1OTU5WjCBgTELMAkGA1UEBhMC\nSlAxDjAMBgNVBAgTBVRva3lvMREwDwYDVQQKEwhGcmFuazRERDEQMA4GA1UECxMH\nU3VwcG9ydDEiMCAGCSqGSIb3DQEJARYTcHVibGljQGZyYW5rNGRkLmNvbTEZMBcG\nA1UEAxMQd3d3LmZyYW5rNGRkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\ngYEA4rkBL30FzR2ZHZ1vpF9kGBO0DMwhu2pcrkcLJ0SEuf52ggo+md0tPis8f1KN\nTchxj6DtxWT3c7ECW0c1ALpu6mNVE+GaM94KsckSDehoPfbLjT9Apcc/F0mqvDsC\nN6fPdDixWrjx6xKT7xXi3lCy1yIKRMHA6Ha+T4qPyyCyMPECAwEAAaOCASYwggEi\nMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRWKE5tXPIyS0pC\nfE5taGO5Q84gyTCB0AYDVR0jBIHIMIHFgBRi83vtBtSx1Zx/SOXvxckVYf3ZEaGB\noaSBnjCBmzELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRAwDgYDVQQHEwdD\naHVvLWt1MREwDwYDVQQKEwhGcmFuazRERDEYMBYGA1UECxMPV2ViQ2VydCBTdXBw\nb3J0MRgwFgYDVQQDEw9GcmFuazRERCBXZWIgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1\ncHBvcnRAZnJhbms0ZGQuY29tggkAxscECbwiW6AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwDQYJKoZIhvcNAQEFBQADgYEAfXCfXcePJwnMKc06qLa336cEPpXEsPed1bw4\nxiIXfgZ39duBnN+Nv4a49Yl2kbh4JO8tcr5h8WYAI/a/69w8qBFQBUAjTEY/+lcw\n9/6wU7UA3kh7yexeqDiNTRflnPUv3sfiVdLDTjqLWWAxGS8L26PjVaCUFfJLNiYJ\njerREgM=\n-----END CERTIFICATE-----"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/B1h6RVXJBx48NSLDvambwNrPLHQgzV8l/credentials + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 299 + uncompressed: false + body: '{"id":"cred_2dDJX2xyhm3Ho5ADp6KVUk","credential_type":"x509_cert","name":"Test Credential (Aug 6 16:14:46.012)","thumbprint_sha256":"NTkulT-DcSrRSevqZd26aq0DCz8YbOFGjKVs-Expu4w","created_at":"2024-08-06T10:44:46.311Z","updated_at":"2024-08-06T10:44:46.311Z","expires_at":"9999-12-31T23:59:59.000Z"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 462.588959ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/B1h6RVXJBx48NSLDvambwNrPLHQgzV8l/credentials/cred_2dDJX2xyhm3Ho5ADp6KVUk + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 239.831375ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/B1h6RVXJBx48NSLDvambwNrPLHQgzV8l + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 341.571792ms diff --git a/test/data/recordings/TestClient_CreateAllCredential/Should_create_TLSClientAuth_Credential.yaml b/test/data/recordings/TestClient_CreateAllCredential/Should_create_TLSClientAuth_Credential.yaml new file mode 100644 index 00000000..22045fab --- /dev/null +++ b/test/data/recordings/TestClient_CreateAllCredential/Should_create_TLSClientAuth_Credential.yaml @@ -0,0 +1,145 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1125 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Client (Aug 6 16:14:44.169)","description":"This is just a test client.","jwt_configuration":{"alg":"RS256"},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"name":"Test Credential (Aug 6 16:14:44.169)","credential_type":"public_key","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}]}}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Test Client (Aug 6 16:14:44.169)","description":"This is just a test client.","client_id":"IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"alg":"RS256"},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"organization_usage":"allow","client_authentication_methods":{"private_key_jwt":{"credentials":[{"id":"cred_n8CtWJe6dK4V3jz3Awg49G","name":"Test Credential (Aug 6 16:14:44.169)","kid":"4e7yYf0TKdyTLbVnpq2wLN6mZ8t7eb9UJkMksyHj9iU","credential_type":"public_key","alg":"RS256","created_at":"2024-08-06T10:44:44.374Z","updated_at":"2024-08-06T10:44:44.374Z"}]}}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 463.714375ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1296 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Test Credential (Aug 6 16:14:44.633)","credential_type":"cert_subject_dn","pem":"-----BEGIN CERTIFICATE-----\nMIIDPDCCAiQCCQDWNMOIuzwDfzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK\nUDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMCkNoaXlvZGEta3UxDzANBgNVBAoM\nBkNsaWVudDEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMB4XDTE5MTAyODA3\nMjczMFoXDTIwMTAyNzA3MjczMFowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRv\na3lvMRMwEQYDVQQHDApDaGl5b2RhLWt1MQ8wDQYDVQQKDAZDbGllbnQxGzAZBgNV\nBAMMEmNsaWVudC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBAK2Oyc+BV4N5pYcp47opUwsb2NaJq4X+d5Itq8whpFlZ9uCCHzF5TWSF\nXrpYscOp95veGPF42eT1grfxYyvjFotE76caHhBLCkIbBh6Vf222IGMwwBbSZfO9\nJ3eURtEADBvsZ117HkPVdjYqvt3Pr4RxdR12zG1TcBAoTLGchyr8nBqRADFhUTCL\nmsYaz1ADiQ/xbJN7VUNQpKhzRWHCdYS03HpbGjYCtAbl9dJnH2EepNF0emGiSPFq\ndf6taToyCr7oZjM7ufmKPjiiEDbeSYTf6kbPNmmjtoPNNLeejHjP9p0IYx7l0Gkj\nmx4kSMLp4vSDftrFgGfcxzaMmKBsosMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA\nqzdDYbntFLPBlbwAQlpwIjvmvwzvkQt6qgZ9Y0oMAf7pxq3i9q7W1bDol0UF4pIM\nz3urEJCHO8w18JRlfOnOENkcLLLntrjOUXuNkaCDLrnv8pnp0yeTQHkSpsyMtJi9\nR6r6JT9V57EJ/pWQBgKlN6qMiBkIvX7U2hEMmhZ00h/E5xMmiKbySBiJV9fBzDRf\nmAy1p9YEgLsEMLnGjKHTok+hd0BLvcmXVejdUsKCg84F0zqtXEDXLCiKcpXCeeWv\nlmmXxC5PH/GEMkSPiGSR7+b1i0sSotsq+M3hbdwabpJ6nQLLbKkFSGcsQ87yL+gr\nSo6zun26vAUJTu1o9CIjxw==\n-----END CERTIFICATE-----"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9/credentials + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 276 + uncompressed: false + body: '{"id":"cred_5XaGkLkUJFv4ZaLhqajHMG","credential_type":"cert_subject_dn","name":"Test Credential (Aug 6 16:14:44.633)","subject_dn":"C=JP\nST=Tokyo\nL=Chiyoda-ku\nO=Client\nCN=client.example.org","created_at":"2024-08-06T10:44:44.931Z","updated_at":"2024-08-06T10:44:44.931Z"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 386.010875ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9/credentials/cred_5XaGkLkUJFv4ZaLhqajHMG + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 244.576958ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/IxqGVjVrF23k6dyhBSuqM5OGzBAqUrq9 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 318.35275ms diff --git a/test/data/recordings/TestResourceServer_Create.yaml b/test/data/recordings/TestResourceServer_Create.yaml index af134b70..0253695b 100644 --- a/test/data/recordings/TestResourceServer_Create.yaml +++ b/test/data/recordings/TestResourceServer_Create.yaml @@ -6,20 +6,20 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 303 + content_length: 1446 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"} + {"name":"Test Resource Server (Aug 6 16:12:15.127)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"PS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz","consent_policy":"transactional-authorization-with-mfa","authorization_details":[{"type":"payment"},{"type":"my custom type"}],"token_encryption":{"format":"compact-nested-jwe","encryption_key":{"name":"my JWE public key","alg":"RSA-OAEP-256","kid":"my-key-id","pem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAua6LXMfgDE/tDdkOL1Oe\n3oWUwg1r4dSTg9L7RCcI5hItUzmkVofHtWN0H4CH2lm2ANmaJUsnhzctYowYW2+R\ntHvU9afTmtbdhpy993972hUqZSYLsE3iGziphYkOKVsqq38+VRH3TNg93zSLoRao\nJnTTkMXseVqiyqYRmFN8+gQQoEclHSGPUWQG5XMZ+hhuXeFyo+Yw/qbZWca/6/2I\n3rsca9jXR1alhxhHrXrg8N4Dm3gBgGbmiht6YYYT2Tyl1OqB9+iOI/9D7dfoCF6X\nAWJXRE454cmC8k8oucpjZVpflA+ocKshwPDR6YTLQYbXYiaWxEoaz0QGUErNQBnG\nI+sr9jDY3ua/s6HF6h0qyi/HVZH4wx+m4CtOfJoYTjrGBbaRszzUxhtSN2/MhXDu\n+a35q9/2zcu/3fjkkfVvGUt+NyyiYOKQ9vsJC1g/xxdUWtowjNwjfZE2zcG4usi8\nr38Bp0lmiipAsMLduZM/D5dFXkRdWCBNDfULmmg/4nv2wwjbjQuLemAMh7mmrztW\ni/85WMnjKQZT8NqS43pmgyIzg1gK1neMqdS90YmQ/PvJ36qALxCs245w1JpN9BAL\nJbwxCg/dbmKT7PalfWrksx9hGcJxtGqebldaOpw+5GVIPxxtC1C0gVr9BKeiDS3f\naibASY5pIRiKENmbZELDtucCAwEAAQ==\n-----END PUBLIC KEY-----"}},"proof_of_possession":{"mechanism":"mtls","required":true}} form: {} headers: Content-Type: - application/json User-Agent: - - Go-Auth0/1.6.0 + - Go-Auth0/1.8.0 url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers method: POST response: @@ -28,15 +28,15 @@ interactions: proto_minor: 0 transfer_encoding: [] trailer: {} - content_length: 471 + content_length: 807 uncompressed: false - body: '{"id":"666848cb019f67554fa3c298","name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"}' + body: '{"id":"66b1fe07da0f5b2d35c5c011","name":"Test Resource Server (Aug 6 16:12:15.127)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"PS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz","consent_policy":"transactional-authorization-with-mfa","authorization_details":[{"type":"payment"},{"type":"my custom type"}],"token_encryption":{"format":"compact-nested-jwe","encryption_key":{"name":"my JWE public key","alg":"RSA-OAEP-256","kid":"my-key-id"}},"proof_of_possession":{"mechanism":"mtls","required":true}}' headers: Content-Type: - application/json; charset=utf-8 status: 201 Created code: 201 - duration: 675.655583ms + duration: 937.989542ms - id: 1 request: proto: HTTP/1.1 @@ -54,8 +54,8 @@ interactions: Content-Type: - application/json User-Agent: - - Go-Auth0/1.6.0 - url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848cb019f67554fa3c298 + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/66b1fe07da0f5b2d35c5c011 method: DELETE response: proto: HTTP/2.0 @@ -71,4 +71,4 @@ interactions: - application/json; charset=utf-8 status: 204 No Content code: 204 - duration: 377.692875ms + duration: 318.871542ms diff --git a/test/data/recordings/TestTenantManager.yaml b/test/data/recordings/TestTenantManager.yaml index 1a048ac3..86d62c88 100644 --- a/test/data/recordings/TestTenantManager.yaml +++ b/test/data/recordings/TestTenantManager.yaml @@ -6,20 +6,19 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 5 + content_length: 0 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" - body: | - null + body: "" form: {} headers: Content-Type: - application/json User-Agent: - - Go-Auth0/latest + - Go-Auth0/1.8.0 url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings method: GET response: @@ -30,32 +29,32 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":[],"change_password":{"enabled":false,"html":"My Custom Reset Password Page"},"default_audience":"","default_directory":"","default_redirection_uri":"https://example.com/login","enabled_locales":["de","fr"],"error_page":{"html":"","show_log_link":false,"url":""},"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"disable_management_api_sms_obfuscation":true,"enable_public_signup_user_exists_error":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"use_scope_descriptions_for_consent":false,"no_disclose_enterprise_connections":false,"revoke_refresh_token_grant":false,"disable_fields_map_fix":true,"require_signed_request_object":false,"dashboard_new_onboarding":false,"mfa_show_factor_list_on_enrollment":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Test Tenant","guardian_mfa_page":{"enabled":false,"html":"My Custom MFA Page"},"idle_session_lifetime":72,"picture_url":"https://mycompany.org/logo.png","sandbox_version":"16","session_lifetime":168,"support_email":"support@mycompany.org","support_url":"https://mycompany.org/support","sessions":{"oidc_logout_prompt_enabled":true},"universal_login":{"colors":{"primary":"#0059d6","page_background":"#000000"}},"session_cookie":{"mode":"persistent"},"sandbox_versions_available":["18","16"]}' + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","sandbox_version":"12","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":false,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"sandbox_versions_available":["18","16","12"]}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 295.362625ms + duration: 1.172538667s - id: 1 request: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 427 + content_length: 551 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"friendly_name":"My Example Tenant","support_email":"support@example.com","support_url":"https://support.example.com","allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"session_lifetime":1080,"idle_session_lifetime":720,"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"session_cookie":{"mode":"non-persistent"},"sessions":{"oidc_logout_prompt_enabled":false}} + {"friendly_name":"My Example Tenant","support_email":"support@example.com","support_url":"https://support.example.com","allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"session_lifetime":1080,"idle_session_lifetime":720,"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"session_cookie":{"mode":"non-persistent"},"sessions":{"oidc_logout_prompt_enabled":false},"acr_values_supported":["foo","bar"],"mtls":{"enable_endpoint_aliases":true},"pushed_authorization_requests_supported":true} form: {} headers: Content-Type: - application/json User-Agent: - - Go-Auth0/latest + - Go-Auth0/1.8.0 url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings method: PATCH response: @@ -66,32 +65,31 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"change_password":{"enabled":false,"html":"My Custom Reset Password Page"},"default_audience":"","default_directory":"","default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"error_page":{"html":"","show_log_link":false,"url":""},"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"disable_management_api_sms_obfuscation":true,"enable_public_signup_user_exists_error":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"use_scope_descriptions_for_consent":false,"no_disclose_enterprise_connections":false,"revoke_refresh_token_grant":false,"disable_fields_map_fix":true,"require_signed_request_object":false,"dashboard_new_onboarding":false,"mfa_show_factor_list_on_enrollment":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":false,"html":"My Custom MFA Page"},"idle_session_lifetime":720,"picture_url":"https://mycompany.org/logo.png","sandbox_version":"16","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"universal_login":{"colors":{"primary":"#0059d6","page_background":"#000000"},"is_custom_theme_set":false,"is_custom_template_set":false},"session_cookie":{"mode":"non-persistent"}}' + body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 202.159625ms + duration: 300.267ms - id: 2 request: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 5 + content_length: 0 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" - body: | - null + body: "" form: {} headers: Content-Type: - application/json User-Agent: - - Go-Auth0/latest + - Go-Auth0/1.8.0 url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings method: GET response: @@ -102,32 +100,32 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"change_password":{"enabled":false,"html":"My Custom Reset Password Page"},"default_audience":"","default_directory":"","default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"error_page":{"html":"","show_log_link":false,"url":""},"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"disable_management_api_sms_obfuscation":true,"enable_public_signup_user_exists_error":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"use_scope_descriptions_for_consent":false,"no_disclose_enterprise_connections":false,"revoke_refresh_token_grant":false,"disable_fields_map_fix":true,"require_signed_request_object":false,"dashboard_new_onboarding":false,"mfa_show_factor_list_on_enrollment":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":false,"html":"My Custom MFA Page"},"idle_session_lifetime":720,"picture_url":"https://mycompany.org/logo.png","sandbox_version":"16","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"universal_login":{"colors":{"primary":"#0059d6","page_background":"#000000"}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16"]}' + body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 102.815625ms + duration: 252.255667ms - id: 3 request: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 810 + content_length: 314 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"change_password":{"enabled":false,"html":"\u003chtml\u003e\u003cbody\u003eMy Custom Reset Password Page\u003c/body\u003e\u003c/html\u003e"},"guardian_mfa_page":{"enabled":false,"html":"\u003chtml\u003e\u003cbody\u003eMy Custom MFA Page\u003c/body\u003e\u003c/html\u003e"},"default_audience":"","default_directory":"","error_page":{"html":"","show_log_link":false,"url":""},"friendly_name":"My Test Tenant","picture_url":"https://mycompany.org/logo.png","support_email":"support@mycompany.org","support_url":"https://mycompany.org/support","allowed_logout_urls":[],"session_lifetime":168,"idle_session_lifetime":72,"sandbox_version":"16","default_redirection_uri":"https://example.com/login","enabled_locales":["de","fr"],"session_cookie":{"mode":"persistent"},"sessions":{"oidc_logout_prompt_enabled":true}} + {"friendly_name":"My Example Tenant","allowed_logout_urls":[],"sandbox_version":"12","enabled_locales":["en"],"sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"acr_values_supported":[],"mtls":{"enable_endpoint_aliases":true},"pushed_authorization_requests_supported":false} form: {} headers: Content-Type: - application/json User-Agent: - - Go-Auth0/latest + - Go-Auth0/1.8.0 url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings method: PATCH response: @@ -138,10 +136,10 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":[],"change_password":{"enabled":false,"html":"My Custom Reset Password Page"},"default_audience":"","default_directory":"","default_redirection_uri":"https://example.com/login","enabled_locales":["de","fr"],"error_page":{"html":"","show_log_link":false,"url":""},"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"disable_management_api_sms_obfuscation":true,"enable_public_signup_user_exists_error":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"use_scope_descriptions_for_consent":false,"no_disclose_enterprise_connections":false,"revoke_refresh_token_grant":false,"disable_fields_map_fix":true,"require_signed_request_object":false,"dashboard_new_onboarding":false,"mfa_show_factor_list_on_enrollment":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Test Tenant","guardian_mfa_page":{"enabled":false,"html":"My Custom MFA Page"},"idle_session_lifetime":72,"picture_url":"https://mycompany.org/logo.png","sandbox_version":"16","session_lifetime":168,"support_email":"support@mycompany.org","support_url":"https://mycompany.org/support","sessions":{"oidc_logout_prompt_enabled":true},"universal_login":{"colors":{"primary":"#0059d6","page_background":"#000000"},"is_custom_theme_set":false,"is_custom_template_set":false},"session_cookie":{"mode":"persistent"}}' + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":false,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 200.583709ms + duration: 289.094333ms From a6fe27c297c91000d9fce6fe3c0819b478743bd6 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Mon, 12 Aug 2024 12:30:58 +0530 Subject: [PATCH 2/4] Added testcase for Nullable Fields --- EXAMPLES.md | 18 +- management/tenant_test.go | 44 ++++ .../TestTenantManager_NullableFields.yaml | 216 ++++++++++++++++++ 3 files changed, 269 insertions(+), 9 deletions(-) create mode 100644 test/data/recordings/TestTenantManager_NullableFields.yaml diff --git a/EXAMPLES.md b/EXAMPLES.md index 4b60a57c..1ccbf8a0 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -199,21 +199,21 @@ To handle nullable fields, create a custom struct without the omitempty tag and ```go // Define a custom struct similar to the `Tenant` struct exposed by the SDK but without the `omitempty` tag. -type Tenant struct { -AcrValuesSupported *[]string `json:"acr_values_supported"` +type CustomTenant struct { +AcrValuesSupported *[]string `json:"acr_values_supported"` MTLS *management.MTLSConfiguration `json:"mtls"` } -// Create a custom request to handle nullable fields. -var tenant Tenant - -// Set AcrValuesSupported and MTLS to null -tenant.AcrValuesSupported = nil -tenant.MTLS = nil +// Create a custom request to set the nullable fields to null. +nullableTenantSettings := &CustomTenant{ +AcrValuesSupported: nil, +MTLS: nil, +} -err := auth0API.Request(context.Background(), http.MethodPatch, auth0API.URI("tenants", "settings"), &tenant) +err := auth0API.Request(context.Background(), http.MethodPatch, auth0API.URI("tenants", "settings"), nullableTenantSettings) if err != nil { log.Fatalf("error was %+v", err) } + log.Printf("Tenant %+v", tenant) ``` diff --git a/management/tenant_test.go b/management/tenant_test.go index 0dffa4a3..1c0ebe85 100644 --- a/management/tenant_test.go +++ b/management/tenant_test.go @@ -3,6 +3,7 @@ package management import ( "context" "encoding/json" + "net/http" "testing" "github.com/stretchr/testify/assert" @@ -68,6 +69,49 @@ func TestTenantManager(t *testing.T) { assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) } +func TestTenantManager_NullableFields(t *testing.T) { + configureHTTPTestRecordings(t) + + initialSettings, err := api.Tenant.Read(context.Background()) + assert.NoError(t, err) + + t.Cleanup(func() { + initialSettings.SandboxVersionAvailable = nil + initialSettings.UniversalLogin = nil + initialSettings.Flags = nil + err := api.Tenant.Update(context.Background(), initialSettings) + require.NoError(t, err) + }) + newTenantSettings := &Tenant{ + AcrValuesSupported: &[]string{"foo", "bar"}, + MTLS: &MTLSConfiguration{ + EnableEndpointAliases: auth0.Bool(true), + }, + } + err = api.Tenant.Update(context.Background(), newTenantSettings) + assert.NoError(t, err) + actualTenantSettings, err := api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Equal(t, newTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) + + // Set null values create a new Tenant Struct without omitting the fields + type CustomTenant struct { + AcrValuesSupported *[]string `json:"acr_values_supported"` + MTLS *MTLSConfiguration `json:"mtls"` + } + nullableTenantSettings := &CustomTenant{ + AcrValuesSupported: nil, + MTLS: nil, + } + err = api.Request(context.Background(), http.MethodPatch, api.URI("tenants", "settings"), nullableTenantSettings) + assert.NoError(t, err) + actualTenantSettings, err = api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Nil(t, actualTenantSettings.GetAcrValuesSupported()) + assert.Nil(t, actualTenantSettings.GetMTLS()) +} + func TestTenant_MarshalJSON(t *testing.T) { for tenant, expected := range map[*Tenant]string{ {}: `{}`, diff --git a/test/data/recordings/TestTenantManager_NullableFields.yaml b/test/data/recordings/TestTenantManager_NullableFields.yaml new file mode 100644 index 00000000..0071ffd0 --- /dev/null +++ b/test/data/recordings/TestTenantManager_NullableFields.yaml @@ -0,0 +1,216 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 958.711958ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 79 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"acr_values_supported":["foo","bar"],"mtls":{"enable_endpoint_aliases":true}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 293.285667ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 230.3085ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 42 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"acr_values_supported":null,"mtls":null} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 245.5495ms + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 222.896834ms + - id: 5 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3370 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"guardian_mfa_page":{"enabled":true,"html":"\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003e2nd Factor Authentication\u003c/title\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no\" /\u003e\n \u003cmeta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"\u003e\n \u003cstyle type=\"text/css\"\u003e\n\n html, body { padding: 0; margin: 0; }\n\n .table {\n display: table;\n position: absolute;\n height: 100%;\n width: 100%;\n background-color: {{ pageBackgroundColor | default: '#2b2b33' }};\n }\n\n .cell {\n display: table-cell;\n vertical-align: middle;\n }\n\n .content {\n padding: 25px 0px 25px 0px;\n margin-left: auto;\n margin-right: auto;\n width: 280px; /* login widget width */\n }\n\n \u003c/style\u003e\n\u003c/head\u003e\n\n\u003cbody\u003e\n\n \u003cdiv class=\"table\"\u003e\n \u003cdiv class=\"cell\"\u003e\n \u003cdiv class=\"content\"\u003e\n \u003c!-- WIDGET --\u003e\n \u003cdiv class=\"js-mfa-container mfa-container\" id=\"container\"\u003e\u003c/div\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n\n \u003cscript src=\"//cdn.auth0.com/js/mfa-widget/mfa-widget-1.8.min.js\"\u003e\u003c/script\u003e\n\n \u003cscript\u003e\n (function() {\n return new Auth0MFAWidget({\n container: \"container\",\n\n theme: {\n icon: \"{{ iconUrl | default: '//cdn.auth0.com/styleguide/1.0.0/img/badge.png' }}\",\n primaryColor: \"{{ primaryColor | default: '#ea5323' }}\"\n },\n\n requesterErrors: [\n {% for error in errors %}\n { message: \"{{ error.message }}\", errorCode: \"{{ error.code }}\" }\n {% endfor %}\n ],\n\n mfaServerUrl: \"{{ mfaServerUrl }}\",\n {% if ticket %}\n ticket: \"{{ ticket }}\",\n {% else %}\n requestToken: \"{{ requestToken }}\",\n {% endif %}\n postActionURL: \"{{ postActionURL }}\",\n\n userData: {\n userId: \"{{ userData.userId }}\",\n email: \"{{ userData.email }}\",\n friendlyUserId: \"{{ userData.friendlyUserId }}\",\n tenant: \"{{ userData.tenant }}\",\n {% if userData.tenantFriendlyName %}\n tenantFriendlyName: \"{{ userData.tenantFriendlyName }}\"\n {% endif %}\n },\n globalTrackingId: \"{{ globalTrackingId }}\",\n {% if allowRememberBrowser %}allowRememberBrowser: {{ allowRememberBrowser }}, {% endif %}\n {% if stateCheckingMechanism %}stateCheckingMechanism: \"{{ stateCheckingMechanism }}\", {% endif %}\n });\n })();\n \u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n"},"friendly_name":"My Example Tenant","support_email":"support@example.com","support_url":"https://support.example.com","allowed_logout_urls":[],"session_lifetime":1080,"idle_session_lifetime":720,"sandbox_version":"12","default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"session_cookie":{"mode":"non-persistent"},"sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"acr_values_supported":[],"mtls":{"enable_endpoint_aliases":true},"pushed_authorization_requests_supported":true} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 257.600667ms From 734ed02dea65445491b41dbd6e11744c29795df7 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Tue, 13 Aug 2024 12:42:20 +0530 Subject: [PATCH 3/4] Updated testcase for Nullable Fields --- management/tenant_test.go | 10 +++ .../TestTenantManager_NullableFields.yaml | 87 +++++++++++++++++-- 2 files changed, 89 insertions(+), 8 deletions(-) diff --git a/management/tenant_test.go b/management/tenant_test.go index 1c0ebe85..4d3021f1 100644 --- a/management/tenant_test.go +++ b/management/tenant_test.go @@ -95,6 +95,16 @@ func TestTenantManager_NullableFields(t *testing.T) { assert.Equal(t, newTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) + // Set empty array values for AcrValuesSupported + emptyAcrValuesSupported := &Tenant{ + AcrValuesSupported: &[]string{}, + } + err = api.Tenant.Update(context.Background(), emptyAcrValuesSupported) + assert.NoError(t, err) + actualTenantSettings, err = api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Equal(t, emptyAcrValuesSupported.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + // Set null values create a new Tenant Struct without omitting the fields type CustomTenant struct { AcrValuesSupported *[]string `json:"acr_values_supported"` diff --git a/test/data/recordings/TestTenantManager_NullableFields.yaml b/test/data/recordings/TestTenantManager_NullableFields.yaml index 0071ffd0..b84e0514 100644 --- a/test/data/recordings/TestTenantManager_NullableFields.yaml +++ b/test/data/recordings/TestTenantManager_NullableFields.yaml @@ -35,7 +35,7 @@ interactions: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 958.711958ms + duration: 662.812ms - id: 1 request: proto: HTTP/1.1 @@ -71,7 +71,7 @@ interactions: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 293.285667ms + duration: 243.27225ms - id: 2 request: proto: HTTP/1.1 @@ -106,8 +106,79 @@ interactions: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 230.3085ms + duration: 227.861667ms - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 28 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"acr_values_supported":[]} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 258.725083ms + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 209.557958ms + - id: 5 request: proto: HTTP/1.1 proto_major: 1 @@ -142,8 +213,8 @@ interactions: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 245.5495ms - - id: 4 + duration: 251.500375ms + - id: 6 request: proto: HTTP/1.1 proto_major: 1 @@ -177,8 +248,8 @@ interactions: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 222.896834ms - - id: 5 + duration: 209.123958ms + - id: 7 request: proto: HTTP/1.1 proto_major: 1 @@ -213,4 +284,4 @@ interactions: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 257.600667ms + duration: 252.963792ms From a284bd8b4e81c2bc17bbf6b44f13377a2801daa3 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Tue, 13 Aug 2024 18:54:59 +0530 Subject: [PATCH 4/4] Updated testcase for TestTenantManager --- management/tenant_test.go | 26 ++++++ test/data/recordings/TestTenantManager.yaml | 91 ++++++++++++++++++--- 2 files changed, 107 insertions(+), 10 deletions(-) diff --git a/management/tenant_test.go b/management/tenant_test.go index 4d3021f1..56034a45 100644 --- a/management/tenant_test.go +++ b/management/tenant_test.go @@ -67,6 +67,32 @@ func TestTenantManager(t *testing.T) { assert.Equal(t, newTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) assert.Equal(t, newTenantSettings.GetPushedAuthorizationRequestsSupported(), actualTenantSettings.GetPushedAuthorizationRequestsSupported()) assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) + + // If AcrValuesSupported and MTLS is not Passed Should not change the values. + updatedNewTenant := &Tenant{ + MTLS: nil, + AcrValuesSupported: nil, + FriendlyName: auth0.String("My Example Tenant"), + } + err = api.Tenant.Update(context.Background(), updatedNewTenant) + assert.NoError(t, err) + + newActualTenantSettings, err := api.Tenant.Read(context.Background()) + assert.NoError(t, err) + assert.Equal(t, newActualTenantSettings.GetFriendlyName(), actualTenantSettings.GetFriendlyName()) + assert.Equal(t, newActualTenantSettings.GetIdleSessionLifetime(), actualTenantSettings.GetIdleSessionLifetime()) + assert.Equal(t, newActualTenantSettings.GetIdleSessionLifetime(), 720.0) // it got rounded off + assert.Equal(t, newActualTenantSettings.GetSessionLifetime(), actualTenantSettings.GetSessionLifetime()) + assert.Equal(t, newActualTenantSettings.GetSupportEmail(), actualTenantSettings.GetSupportEmail()) + assert.Equal(t, newActualTenantSettings.GetSupportURL(), actualTenantSettings.GetSupportURL()) + assert.Equal(t, newActualTenantSettings.GetSessionCookie().GetMode(), actualTenantSettings.GetSessionCookie().GetMode()) + assert.Equal(t, newActualTenantSettings.GetAllowedLogoutURLs(), actualTenantSettings.GetAllowedLogoutURLs()) + assert.Equal(t, newActualTenantSettings.GetEnabledLocales(), actualTenantSettings.GetEnabledLocales()) + assert.Equal(t, newActualTenantSettings.GetSandboxVersion(), actualTenantSettings.GetSandboxVersion()) + assert.Equal(t, newActualTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled(), actualTenantSettings.GetSessions().GetOIDCLogoutPromptEnabled()) + assert.Equal(t, newActualTenantSettings.GetAcrValuesSupported(), actualTenantSettings.GetAcrValuesSupported()) + assert.Equal(t, newActualTenantSettings.GetPushedAuthorizationRequestsSupported(), actualTenantSettings.GetPushedAuthorizationRequestsSupported()) + assert.Equal(t, newActualTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases()) } func TestTenantManager_NullableFields(t *testing.T) { diff --git a/test/data/recordings/TestTenantManager.yaml b/test/data/recordings/TestTenantManager.yaml index 86d62c88..47000fce 100644 --- a/test/data/recordings/TestTenantManager.yaml +++ b/test/data/recordings/TestTenantManager.yaml @@ -29,13 +29,13 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":[],"acr_values_supported":[],"enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","sandbox_version":"12","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":false,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"sandbox_versions_available":["18","16","12"]}' + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 1.172538667s + duration: 590.746791ms - id: 1 request: proto: HTTP/1.1 @@ -65,13 +65,13 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' + body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 300.267ms + duration: 254.967583ms - id: 2 request: proto: HTTP/1.1 @@ -100,26 +100,26 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' + body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 252.255667ms + duration: 215.02ms - id: 3 request: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 314 + content_length: 38 transfer_encoding: [] trailer: {} host: go-auth0-dev.eu.auth0.com remote_addr: "" request_uri: "" body: | - {"friendly_name":"My Example Tenant","allowed_logout_urls":[],"sandbox_version":"12","enabled_locales":["en"],"sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"acr_values_supported":[],"mtls":{"enable_endpoint_aliases":true},"pushed_authorization_requests_supported":false} + {"friendly_name":"My Example Tenant"} form: {} headers: Content-Type: @@ -136,10 +136,81 @@ interactions: trailer: {} content_length: -1 uncompressed: true - body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":false,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' + body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' headers: Content-Type: - application/json; charset=utf-8 status: 200 OK code: 200 - duration: 289.094333ms + duration: 276.706708ms + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 220.032958ms + - id: 5 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3370 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"guardian_mfa_page":{"enabled":true,"html":"\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003e2nd Factor Authentication\u003c/title\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no\" /\u003e\n \u003cmeta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"\u003e\n \u003cstyle type=\"text/css\"\u003e\n\n html, body { padding: 0; margin: 0; }\n\n .table {\n display: table;\n position: absolute;\n height: 100%;\n width: 100%;\n background-color: {{ pageBackgroundColor | default: '#2b2b33' }};\n }\n\n .cell {\n display: table-cell;\n vertical-align: middle;\n }\n\n .content {\n padding: 25px 0px 25px 0px;\n margin-left: auto;\n margin-right: auto;\n width: 280px; /* login widget width */\n }\n\n \u003c/style\u003e\n\u003c/head\u003e\n\n\u003cbody\u003e\n\n \u003cdiv class=\"table\"\u003e\n \u003cdiv class=\"cell\"\u003e\n \u003cdiv class=\"content\"\u003e\n \u003c!-- WIDGET --\u003e\n \u003cdiv class=\"js-mfa-container mfa-container\" id=\"container\"\u003e\u003c/div\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n\n \u003cscript src=\"//cdn.auth0.com/js/mfa-widget/mfa-widget-1.8.min.js\"\u003e\u003c/script\u003e\n\n \u003cscript\u003e\n (function() {\n return new Auth0MFAWidget({\n container: \"container\",\n\n theme: {\n icon: \"{{ iconUrl | default: '//cdn.auth0.com/styleguide/1.0.0/img/badge.png' }}\",\n primaryColor: \"{{ primaryColor | default: '#ea5323' }}\"\n },\n\n requesterErrors: [\n {% for error in errors %}\n { message: \"{{ error.message }}\", errorCode: \"{{ error.code }}\" }\n {% endfor %}\n ],\n\n mfaServerUrl: \"{{ mfaServerUrl }}\",\n {% if ticket %}\n ticket: \"{{ ticket }}\",\n {% else %}\n requestToken: \"{{ requestToken }}\",\n {% endif %}\n postActionURL: \"{{ postActionURL }}\",\n\n userData: {\n userId: \"{{ userData.userId }}\",\n email: \"{{ userData.email }}\",\n friendlyUserId: \"{{ userData.friendlyUserId }}\",\n tenant: \"{{ userData.tenant }}\",\n {% if userData.tenantFriendlyName %}\n tenantFriendlyName: \"{{ userData.tenantFriendlyName }}\"\n {% endif %}\n },\n globalTrackingId: \"{{ globalTrackingId }}\",\n {% if allowRememberBrowser %}allowRememberBrowser: {{ allowRememberBrowser }}, {% endif %}\n {% if stateCheckingMechanism %}stateCheckingMechanism: \"{{ stateCheckingMechanism }}\", {% endif %}\n });\n })();\n \u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n"},"friendly_name":"My Example Tenant","support_email":"support@example.com","support_url":"https://support.example.com","allowed_logout_urls":[],"session_lifetime":1080,"idle_session_lifetime":720,"sandbox_version":"12","default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"session_cookie":{"mode":"non-persistent"},"sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"acr_values_supported":[],"mtls":{"enable_endpoint_aliases":true},"pushed_authorization_requests_supported":true} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/tenants/settings + method: PATCH + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n
\n
\n
\n \n
\n
\n
\n
\n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 269.356792ms