feat: Add default domain endpoints, connection key provisioning, tenant SCIM listing; remove MiiCard/Renren providers (#801)

### Changes

#### New API Endpoints
- Add `custom_domains.get_default()`- retrieve the tenant's default
domain (`GET /custom-domains/default`)
- Add `custom_domains.set_default(domain)` - set the default custom
domain for the tenant (`PATCH /custom-domains/default`)
- Add `connections.keys.create(id, request)` - provision initial
connection keys for Okta/OIDC strategies enabling zero-downtime Private
Key JWT transitions (`POST /connections/{id}/keys`)
- Add `connections.scim_configuration.list(from_, take)` - retrieve
paginated list of all SCIM configurations at the tenant level (`GET
/connections-scim-configurations`)

#### Updated Endpoints

**Client Grants**
- `client_grants.create()` -`client_id` is now optional; `audience` is
the first required parameter (signature reorder)

**LinkedIn Connections**
- Restructure `ConnectionOptionsLinkedin`- base class changed from
`ConnectionOptionsOAuth2Common` to `ConnectionOptionsCommon`
- Add new LinkedIn-specific types: `ConnectionClientIdLinkedin`,
`ConnectionClientSecretLinkedin`, `ConnectionFreeformScopesLinkedin`,
`ConnectionScopeLinkedin`
- Add `full_profile`, `network`, `openid` boolean fields to LinkedIn
options

**Documentation Improvements**
- Update Lucene query syntax links from HTTP to HTTPS across Users and
Custom Domains endpoints
- Add parameter descriptions for `oidc_backchannel_logout`,
`jwt_configuration`, `encryption_key`, `mobile` on Clients endpoints
- Improve `user_metadata` / `app_metadata` descriptions on Users
endpoints

#### Removed Types (Legacy Providers)
- Remove MiiCard connection support - `ConnectionOptionsMiicard`,
`ConnectionResponseContentMiicard`,
`CreateConnectionRequestContentMiicard` and related types
- Remove Renren connection support - `ConnectionOptionsRenren`,
`ConnectionResponseContentRenren`,
`CreateConnectionRequestContentRenren` and related types
- Remove `ConnectionDpopSigningAlgEnum` (deprecated)

#### New Types
- Add default domain response types:
`GetDefaultCanonicalDomainResponseContent`,
`GetDefaultCustomDomainResponseContent`,
`GetDefaultDomainResponseContent`, `UpdateDefaultDomainResponseContent`
- Add connection keys types: `PostConnectionKeysAlgEnum`,
`PostConnectionKeysRequestContent`,
`PostConnectionsKeysResponseContent`,
`PostConnectionsKeysResponseContentItem`
- Add `ListScimConfigurationsResponseContent`, `ScimConfiguration` for
tenant-level SCIM listing
- Add `SynchronizeGroupsEnum`, `SynchronizeGroupsEaEnum` for group
synchronization
- Add `ConnectionApiEnableGroups`, `ConnectionApiEnableGroupsGoogleApps`
for group enablement

### Testing

- 559 tests pass (1 skipped), 0 failures across the full test suite
- 4 new wire tests added: `test_customDomains_get_default`,
`test_customDomains_set_default`, `test_connections_keys_create`,
`test_connections_scimConfiguration_list_`

Co-authored-by: fern-api[bot] <115122769+fern-api[bot]@users.noreply.github.com>
Co-authored-by: Snehil Kishore <snehil.kishore@okta.com>

Author: fern-api[bot]

reference.md

@@ -260,6 +260,7 @@ def test(
             Destination of the testing phone notification
 
         delivery_method : typing.Optional[PhoneProviderDeliveryMethodEnum]
+            Medium to use to send the notification
 
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
@@ -572,6 +573,7 @@ async def test(
             Destination of the testing phone notification
 
         delivery_method : typing.Optional[PhoneProviderDeliveryMethodEnum]
+            Medium to use to send the notification
 
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.

src/auth0/management/branding/phone/templates/client.py

@@ -625,6 +625,7 @@ def test(
             Destination of the testing phone notification
 
         delivery_method : typing.Optional[PhoneProviderDeliveryMethodEnum]
+            Medium to use to send the notification
 
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
@@ -1311,6 +1312,7 @@ async def test(
             Destination of the testing phone notification
 
         delivery_method : typing.Optional[PhoneProviderDeliveryMethodEnum]
+            Medium to use to send the notification
 
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.

src/auth0/management/branding/phone/templates/raw_client.py

@@ -117,8 +117,8 @@ def list(
     def create(
         self,
         *,
-        client_id: str,
         audience: str,
+        client_id: typing.Optional[str] = OMIT,
         organization_usage: typing.Optional[ClientGrantOrganizationUsageEnum] = OMIT,
         allow_any_organization: typing.Optional[bool] = OMIT,
         scope: typing.Optional[typing.Sequence[str]] = OMIT,
@@ -132,12 +132,12 @@ def create(
 
         Parameters
         ----------
-        client_id : str
-            ID of the client.
-
         audience : str
             The audience (API identifier) of this client grant
 
+        client_id : typing.Optional[str]
+            ID of the client.
+
         organization_usage : typing.Optional[ClientGrantOrganizationUsageEnum]
 
         allow_any_organization : typing.Optional[bool]
@@ -170,13 +170,12 @@ def create(
             token="YOUR_TOKEN",
         )
         client.client_grants.create(
-            client_id="client_id",
             audience="audience",
         )
         """
         _response = self._raw_client.create(
-            client_id=client_id,
             audience=audience,
+            client_id=client_id,
             organization_usage=organization_usage,
             allow_any_organization=allow_any_organization,
             scope=scope,
@@ -423,8 +422,8 @@ async def main() -> None:
     async def create(
         self,
         *,
-        client_id: str,
         audience: str,
+        client_id: typing.Optional[str] = OMIT,
         organization_usage: typing.Optional[ClientGrantOrganizationUsageEnum] = OMIT,
         allow_any_organization: typing.Optional[bool] = OMIT,
         scope: typing.Optional[typing.Sequence[str]] = OMIT,
@@ -438,12 +437,12 @@ async def create(
 
         Parameters
         ----------
-        client_id : str
-            ID of the client.
-
         audience : str
             The audience (API identifier) of this client grant
 
+        client_id : typing.Optional[str]
+            ID of the client.
+
         organization_usage : typing.Optional[ClientGrantOrganizationUsageEnum]
 
         allow_any_organization : typing.Optional[bool]
@@ -481,16 +480,15 @@ async def create(
 
         async def main() -> None:
             await client.client_grants.create(
-                client_id="client_id",
                 audience="audience",
             )
 
 
         asyncio.run(main())
         """
         _response = await self._raw_client.create(
-            client_id=client_id,
             audience=audience,
+            client_id=client_id,
             organization_usage=organization_usage,
             allow_any_organization=allow_any_organization,
             scope=scope,

src/auth0/management/client_grants/client.py

@@ -152,8 +152,8 @@ def list(
     def create(
         self,
         *,
-        client_id: str,
         audience: str,
+        client_id: typing.Optional[str] = OMIT,
         organization_usage: typing.Optional[ClientGrantOrganizationUsageEnum] = OMIT,
         allow_any_organization: typing.Optional[bool] = OMIT,
         scope: typing.Optional[typing.Sequence[str]] = OMIT,
@@ -167,12 +167,12 @@ def create(
 
         Parameters
         ----------
-        client_id : str
-            ID of the client.
-
         audience : str
             The audience (API identifier) of this client grant
 
+        client_id : typing.Optional[str]
+            ID of the client.
+
         organization_usage : typing.Optional[ClientGrantOrganizationUsageEnum]
 
         allow_any_organization : typing.Optional[bool]
@@ -707,8 +707,8 @@ async def _get_next():
     async def create(
         self,
         *,
-        client_id: str,
         audience: str,
+        client_id: typing.Optional[str] = OMIT,
         organization_usage: typing.Optional[ClientGrantOrganizationUsageEnum] = OMIT,
         allow_any_organization: typing.Optional[bool] = OMIT,
         scope: typing.Optional[typing.Sequence[str]] = OMIT,
@@ -722,12 +722,12 @@ async def create(
 
         Parameters
         ----------
-        client_id : str
-            ID of the client.
-
         audience : str
             The audience (API identifier) of this client grant
 
+        client_id : typing.Optional[str]
+            ID of the client.
+
         organization_usage : typing.Optional[ClientGrantOrganizationUsageEnum]
 
         allow_any_organization : typing.Optional[bool]

src/auth0/management/client_grants/raw_client.py

@@ -151,7 +151,7 @@ def list(
             Optional filter by a comma-separated list of application types.
 
         q : typing.Optional[str]
-            Advanced Query in <a href="http://www.lucenetutorial.com/lucene-query-syntax.html">Lucene</a> syntax.<br /><b>Permitted Queries</b>:<br /><ul><li><i>client_grant.organization_id:{organization_id}</i></li><li><i>client_grant.allow_any_organization:true</i></li></ul><b>Additional Restrictions</b>:<br /><ul><li>Cannot be used in combination with other filters</li><li>Requires use of the <i>from</i> and <i>take</i> paging parameters (checkpoint paginatinon)</li><li>Reduced rate limits apply. See <a href="https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/enterprise-public">Rate Limit Configurations</a></li></ul><i><b>Note</b>: Recent updates may not be immediately reflected in query results</i>
+            Advanced Query in <a href="https://lucene.apache.org/core/2_9_4/queryparsersyntax.html">Lucene</a> syntax.<br /><b>Permitted Queries</b>:<br /><ul><li><i>client_grant.organization_id:{organization_id}</i></li><li><i>client_grant.allow_any_organization:true</i></li></ul><b>Additional Restrictions</b>:<br /><ul><li>Cannot be used in combination with other filters</li><li>Requires use of the <i>from</i> and <i>take</i> paging parameters (checkpoint paginatinon)</li><li>Reduced rate limits apply. See <a href="https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/enterprise-public">Rate Limit Configurations</a></li></ul><i><b>Note</b>: Recent updates may not be immediately reflected in query results</i>
 
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
@@ -288,6 +288,7 @@ def create(
         oidc_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
 
         oidc_backchannel_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
+            Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout)
 
         session_transfer : typing.Optional[ClientSessionTransferConfiguration]
 
@@ -677,6 +678,7 @@ def update(
         oidc_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
 
         oidc_backchannel_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
+            Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout)
 
         session_transfer : typing.Optional[ClientSessionTransferConfiguration]
 
@@ -699,8 +701,10 @@ def update(
             URLs that are valid to redirect to after logout from Auth0
 
         jwt_configuration : typing.Optional[ClientJwtConfiguration]
+            An object that holds settings related to how JWTs are created
 
         encryption_key : typing.Optional[ClientEncryptionKey]
+            The client's encryption key
 
         sso : typing.Optional[bool]
             <code>true</code> to use Auth0 instead of the IdP to do Single Sign On, <code>false</code> otherwise (default: <code>false</code>)
@@ -745,6 +749,7 @@ def update(
         client_metadata : typing.Optional[ClientMetadata]
 
         mobile : typing.Optional[ClientMobile]
+            Configuration related to native mobile apps
 
         initiate_login_uri : typing.Optional[str]
             Initiate login uri, must be https
@@ -1011,7 +1016,7 @@ async def list(
             Optional filter by a comma-separated list of application types.
 
         q : typing.Optional[str]
-            Advanced Query in <a href="http://www.lucenetutorial.com/lucene-query-syntax.html">Lucene</a> syntax.<br /><b>Permitted Queries</b>:<br /><ul><li><i>client_grant.organization_id:{organization_id}</i></li><li><i>client_grant.allow_any_organization:true</i></li></ul><b>Additional Restrictions</b>:<br /><ul><li>Cannot be used in combination with other filters</li><li>Requires use of the <i>from</i> and <i>take</i> paging parameters (checkpoint paginatinon)</li><li>Reduced rate limits apply. See <a href="https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/enterprise-public">Rate Limit Configurations</a></li></ul><i><b>Note</b>: Recent updates may not be immediately reflected in query results</i>
+            Advanced Query in <a href="https://lucene.apache.org/core/2_9_4/queryparsersyntax.html">Lucene</a> syntax.<br /><b>Permitted Queries</b>:<br /><ul><li><i>client_grant.organization_id:{organization_id}</i></li><li><i>client_grant.allow_any_organization:true</i></li></ul><b>Additional Restrictions</b>:<br /><ul><li>Cannot be used in combination with other filters</li><li>Requires use of the <i>from</i> and <i>take</i> paging parameters (checkpoint paginatinon)</li><li>Reduced rate limits apply. See <a href="https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/enterprise-public">Rate Limit Configurations</a></li></ul><i><b>Note</b>: Recent updates may not be immediately reflected in query results</i>
 
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
@@ -1157,6 +1162,7 @@ async def create(
         oidc_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
 
         oidc_backchannel_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
+            Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout)
 
         session_transfer : typing.Optional[ClientSessionTransferConfiguration]
 
@@ -1570,6 +1576,7 @@ async def update(
         oidc_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
 
         oidc_backchannel_logout : typing.Optional[ClientOidcBackchannelLogoutSettings]
+            Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout)
 
         session_transfer : typing.Optional[ClientSessionTransferConfiguration]
 
@@ -1592,8 +1599,10 @@ async def update(
             URLs that are valid to redirect to after logout from Auth0
 
         jwt_configuration : typing.Optional[ClientJwtConfiguration]
+            An object that holds settings related to how JWTs are created
 
         encryption_key : typing.Optional[ClientEncryptionKey]
+            The client's encryption key
 
         sso : typing.Optional[bool]
             <code>true</code> to use Auth0 instead of the IdP to do Single Sign On, <code>false</code> otherwise (default: <code>false</code>)
@@ -1638,6 +1647,7 @@ async def update(
         client_metadata : typing.Optional[ClientMetadata]
 
         mobile : typing.Optional[ClientMobile]
+            Configuration related to native mobile apps
 
         initiate_login_uri : typing.Optional[str]
             Initiate login uri, must be https

src/auth0/management/clients/client.py

@@ -78,6 +78,7 @@ def create(
         alg: typing.Optional[PublicKeyCredentialAlgorithmEnum] = OMIT,
         parse_expiry_from_cert: typing.Optional[bool] = OMIT,
         expires_at: typing.Optional[dt.datetime] = OMIT,
+        kid: typing.Optional[str] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> PostClientCredentialResponseContent:
         """
@@ -139,6 +140,9 @@ def create(
         expires_at : typing.Optional[dt.datetime]
             The ISO 8601 formatted date representing the expiration of the credential. If not specified (not recommended), the credential never expires. Applies to `public_key` credential type.
 
+        kid : typing.Optional[str]
+            Optional kid (Key ID), used to uniquely identify the credential. If not specified, a kid value will be auto-generated. The kid header parameter in JWTs sent by your client should match this value. Valid format is [0-9a-zA-Z-_]{10,64}
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -168,6 +172,7 @@ def create(
             alg=alg,
             parse_expiry_from_cert=parse_expiry_from_cert,
             expires_at=expires_at,
+            kid=kid,
             request_options=request_options,
         )
         return _response.data
@@ -364,6 +369,7 @@ async def create(
         alg: typing.Optional[PublicKeyCredentialAlgorithmEnum] = OMIT,
         parse_expiry_from_cert: typing.Optional[bool] = OMIT,
         expires_at: typing.Optional[dt.datetime] = OMIT,
+        kid: typing.Optional[str] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> PostClientCredentialResponseContent:
         """
@@ -425,6 +431,9 @@ async def create(
         expires_at : typing.Optional[dt.datetime]
             The ISO 8601 formatted date representing the expiration of the credential. If not specified (not recommended), the credential never expires. Applies to `public_key` credential type.
 
+        kid : typing.Optional[str]
+            Optional kid (Key ID), used to uniquely identify the credential. If not specified, a kid value will be auto-generated. The kid header parameter in JWTs sent by your client should match this value. Valid format is [0-9a-zA-Z-_]{10,64}
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -462,6 +471,7 @@ async def main() -> None:
             alg=alg,
             parse_expiry_from_cert=parse_expiry_from_cert,
             expires_at=expires_at,
+            kid=kid,
             request_options=request_options,
         )
         return _response.data

src/auth0/management/clients/credentials/client.py

@@ -126,6 +126,7 @@ def create(
         alg: typing.Optional[PublicKeyCredentialAlgorithmEnum] = OMIT,
         parse_expiry_from_cert: typing.Optional[bool] = OMIT,
         expires_at: typing.Optional[dt.datetime] = OMIT,
+        kid: typing.Optional[str] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[PostClientCredentialResponseContent]:
         """
@@ -187,6 +188,9 @@ def create(
         expires_at : typing.Optional[dt.datetime]
             The ISO 8601 formatted date representing the expiration of the credential. If not specified (not recommended), the credential never expires. Applies to `public_key` credential type.
 
+        kid : typing.Optional[str]
+            Optional kid (Key ID), used to uniquely identify the credential. If not specified, a kid value will be auto-generated. The kid header parameter in JWTs sent by your client should match this value. Valid format is [0-9a-zA-Z-_]{10,64}
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -206,6 +210,7 @@ def create(
                 "alg": alg,
                 "parse_expiry_from_cert": parse_expiry_from_cert,
                 "expires_at": expires_at,
+                "kid": kid,
             },
             headers={
                 "content-type": "application/json",
@@ -662,6 +667,7 @@ async def create(
         alg: typing.Optional[PublicKeyCredentialAlgorithmEnum] = OMIT,
         parse_expiry_from_cert: typing.Optional[bool] = OMIT,
         expires_at: typing.Optional[dt.datetime] = OMIT,
+        kid: typing.Optional[str] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[PostClientCredentialResponseContent]:
         """
@@ -723,6 +729,9 @@ async def create(
         expires_at : typing.Optional[dt.datetime]
             The ISO 8601 formatted date representing the expiration of the credential. If not specified (not recommended), the credential never expires. Applies to `public_key` credential type.
 
+        kid : typing.Optional[str]
+            Optional kid (Key ID), used to uniquely identify the credential. If not specified, a kid value will be auto-generated. The kid header parameter in JWTs sent by your client should match this value. Valid format is [0-9a-zA-Z-_]{10,64}
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -742,6 +751,7 @@ async def create(
                 "alg": alg,
                 "parse_expiry_from_cert": parse_expiry_from_cert,
                 "expires_at": expires_at,
+                "kid": kid,
             },
             headers={
                 "content-type": "application/json",