fix(config-api): issues in the API and attributes #2227
Description
Documentation
- Examples for patch requests are incorrect, as they lack the leading
\
in the path. If the slash is not provided, the server responds with a 500 (which should probably be fixed to be a 400).
API discrepancies
JansFido2DynConfiguration
- API missing attribute
MetricReporterEnabled
ADDRESSED
Reported issue fixed in Spec
Attributes
- API missing attribute
Selected
- API missing attribute
Custom
- API missing attribute
Required
(spelled 'requred' in the response object) - API missing attribute
AdminCanAccess
- API missing attribute
AdminCanView
- API missing attribute
AdminCanEdit
- API missing attribute
UserCanAccess
- API missing attribute
UserCanView
- API missing attribute
UserCanEdit
- API missing attribute
WhitePagesCanView
- API missing attribute
BaseDn
- Response is missing attribute
nameIdType
- Response is missing attribute
jansHideOnDiscovery
- Response is missing attribute
attributeValidation
- Response is missing attribute
salt
- Response is missing attribute
scimCustomAttr
- Response is missing attribute
seeAlso
- Response is missing attribute
sourceAttribute
- Response is missing attribute
tooltip
- Response is missing attribute
usageType
ADDRESSED
Reported issue fixed in Spec
Response is missing attribute - if values is null then that attribute is not part of response.
Few attributes were redundant hence removed from spec
CouchbaseConfig
- API missing attribute
KVTimeout
- API missing attribute
QueryTimeout
ADDRESSED
Reported issue fixed in Spec
Custom scripts
- API missing attribute
LocationType
- API missing attribute
BaseDN
ADDRESSED
Reported issue fixed in Spec
AuthConfig
- Type mismatch for
authorizationRequestCustomAllowedParameters
, according to API it should be array of strings, but server returns array of `CustomAllowedParameter
ADDRESSED
authorizationRequestCustomAllowedParameters returns array of AuthorizationRequestCustomParameter and spec is correct
NativePersistenceConfiguration
- API missing attribute
DisableAttemptUpdateBeforeInsert
ADDRESSED
Reported issue fixed in Spec
JWKs
DELETE
on/jans-config-api/api/v1/config/jwks/{kid}:
expects a scopehttps://jans.io/oauth/config/jwks.write
, but instead it should behttps://jans.io/oauth/config/jwks.delete
, if it's to be consistent with otherDELETE
operations.
ADDRESSED
Modified DELETE on /jans-config-api/api/v1/config/jwks/{kid} to use https://jans.io/oauth/config/jwks.delete scope
UMAResource
Rev
attribute is required, but not marked as such in the API. Not providing it results in a 500 error (it should be a 400). Also it should probably be of type int, asrev
attributes in other entities are of type int and it seems to be parsed to an int by the server anyway.
ADDRESSED
by @yuriyz in 2e02d5e
ClientAttributes
runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims
is a very long attribute name, a shorter name should be considered .
ADDRESSED
in #2391
CustomAttribute
- API missing attribute
displayValue
- API missing attribute
value
ADDRESSED
Reported issue fixed in Spec
OIDC Client
logoUri
defined as string, but get objectclientUri
defined as string, but get objectpolicyUri
defined as string, but get objecttosUri
defined as string, but get objectlastAccessTime
defined as string, but get intlastLogonTime
defined as string, but get intbackchannelUserCodeParameter
defined as boolean, but get string- API missing attribute
authenticationMethod
- API missing attribute
tokenBindingSupported
- API missing attribute
baseDn
- API missing attribute
clientName
ADDRESSED
-logoUri: rectified to LocalizedString - had not done the change earlier as it was supposed to be changed back to string in auth
-clientUri: rectified to LocalizedString - had not done the change earlier as it was supposed to be changed back to string in auth
-policyUri: rectified to LocalizedString - had not done the change earlier as it was supposed to be changed back to string in auth
-tosUri: rectified to LocalizedString - had not done the change earlier as it was supposed to be changed back to string in auth
-lastAccessTime: no change done as date is defined in swagger as string of date-time format
-lastLogonTime : no change done as date is defined in swagger as string of date-time format
Following and other missing attributes added:
-authenticationMethod
-tokenBindingSupported
-baseDn
-clientName
NativePersistenceCacheConfiguration
- API missing attribute
disableAttemptUpdateBeforeInsert
Scope
- API missing attribute
baseDn
Organization
- API missing attribute
dn
- API missing attribute
baseDn
- API missing attribute
organizationTitle
(maybe that's calledtitle
in the API, because that one is missing in the response) - API has attribute
CountryName
which doesn't exist in the backend - API has attribute
Status
which doesn't exist in the backend - API has attribute
CustomMessages
which doesn't exist in the backend - API has attribute
Title
which doesn't exist in the backend - API has attribute
JsLogoPath
which doesn't exist in the backend - API has attribute
JsFaviconPath
which doesn't exist in the backend
SMTP
- Updating an existing SMTP only changes
host
,port
,password
fields. All other fields are not changed
LDAP configuration
- Cannot change
useSSL
attribute
Couchbase configuration
- Cannot update the attributes
SSLTrustStoreFormat
,OperationTracingEnabled
,ComputationPoolSize
- Many attributes are marked as required by the API, however, don't seem to be required and also it doesn't make sense for them to be required
All database configurations
- whenever a get request is done on any of the database endpoints in the test system, I get a
auth_ldap_server
configID as a response, even if all the other fields are not set. This behaviour is not really clear, nor is it documented. What is the intention behind it?
AdminPermission
- should naming be
AdminPermission
,AdminUIPermission
,AdminUIUserPermission
? - no
get
for individual permission, only possible to get all permissions at once. At the same time permissions can be individually updated or deleted. - which attribute should be the ID?
permission
? - ideally
delete
should only take the ID of the entity, e.g.permission
ADDRESSED
in #2390
AdminRole
- same concerns as for
AdminPermission
ADDRESSED
in #2390
AdminRolePermissionMapping
- same concerns as for
AdminPermission
AdminUI permission
- API is missing attribute
defaultPermissionInToken
ADDRESSED
in #2390
AgamaFlow
- For newly created flows, it's not possible to retrieve the source attribute.
- For newly created flows, the revision is set to -1, despite providing 1 as input
ANSWERED
in #2227 (comment)
CustomUser
- When creating a new custom user, I get the following exception:
2022-09-14 12:52:15.706:WARN :oejs.HttpChannel:qtp762476028-14: /jans-config-api/mgt/configuser
org.jboss.resteasy.spi.UnhandledException: io.jans.orm.exception.EntryPersistenceException: Failed to persist entry: 'inum=7bbc68cc-3afe-47d1-b977-f7ebc58996d7,ou=people,o=jans'
...
Caused by:
io.jans.orm.exception.EntryPersistenceException: Failed to persist entry: 'inum=7bbc68cc-3afe-47d1-b977-f7ebc58996d7,ou=people,o=jans'
at io.jans.orm.sql.impl.SqlEntryManager.persist(SqlEntryManager.java:218)
...
at io.jans.orm.PersistenceEntryManager$EntityManager$722412412$Proxy$_$$_WeldClientProxy.persist(Unknown Source)
at io.jans.as.common.service.common.UserService.addUser(UserService.java:168)
at io.jans.configapi.plugin.mgt.service.UserMgmtService$Proxy$_$$_WeldClientProxy.addUser(Unknown Source)
at io.jans.configapi.plugin.mgt.rest.UserResource.createUser(UserResource.java:158)
at io.jans.configapi.plugin.mgt.rest.UserResource$Proxy$_$$_WeldSubclass.createUser$$super(Unknown Source)
...
Caused by:
java.lang.NullPointerException
at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntryImpl(SqlOperationServiceImpl.java:185)
at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntry(SqlOperationServiceImpl.java:169)
...
at io.jans.orm.PersistenceEntryManager$EntityManager$722412412$Proxy$_$$_WeldClientProxy.persist(Unknown Source)
at io.jans.as.common.service.common.UserService.addUser(UserService.java:168)
at io.jans.configapi.plugin.mgt.service.UserMgmtService$Proxy$_$$_WeldClientProxy.addUser(Unknown Source)
at io.jans.configapi.plugin.mgt.rest.UserResource.createUser(UserResource.java:158)
at io.jans.configapi.plugin.mgt.rest.UserResource$Proxy$_$$_WeldSubclass.createUser$$super(Unknown Source)
...