diff --git a/MIGRATING.md b/MIGRATING.md index 40d5304e7a6..01b7d4e4186 100644 --- a/MIGRATING.md +++ b/MIGRATING.md @@ -2,6 +2,248 @@ This SDK uses semantic versioning and follows Okta's [library version policy](https://developer.okta.com/code/library-versions/). In short, we do not make breaking changes unless the major version changes! +## Migrating from 2.x.x to 3.0.0 + +Version 3.0.0 of this SDK introduces a number of breaking changes from previous versions. +In addition to many new classes/interfaces, some existing classes/interfaces are no longer backward compatible due to method renaming and signature changes. + +[Custom HOTP Factor](https://developer.okta.com/docs/reference/api/factors/#enroll-custom-hotp-factor) is supported now. +Define a separate Policy model for Authorization Servers. +Define a separate Policy Rule model for Authorization Servers. +[SAML Multiple ACS URLs](https://developer.okta.com/docs/reference/api/apps/#acs-endpoint-object) is supported now. + +### Package `com.okta.sdk.client.Client` + +Below method has been added. +- `void deleteIdentityProviderKey(String keyId)` + +Below methods have undergone a signature change. +- `listGroups(String groupName, String filter)` signature changed to `listGroups(String groupName, String filter, String expand)` + - New param `expand` has been added. It is `optional` and would need to be specified only while using search queries. + +- `listPolicies(String type)` return type changed from `com.okta.sdk.resource.policy.PolicyList` to `com.okta.sdk.resource.authorization.server.AuthorizationServerPolicyList` + +### Package `com.okta.sdk.impl.client.DefaultClientBuilder` + +The method `ClientBuilder setPrivateKey(String privateKey)` has been overloaded. +- The method `ClientBuilder setPrivateKey(String privateKey)` could be used to set a path to private key PEM file. +- Also, the method `ClientBuilder setPrivateKey(String privateKey)` could be used to set full PEM payload. +- The method `ClientBuilder setPrivateKey(Path privateKeyPath)` allows setting a path to private key PEM file. +- The method `ClientBuilder setPrivateKey(InputStream privateKeyStream)` allows setting an InputStream with private key PEM file content. +- The method `ClientBuilder setPrivateKey(PrivateKey privateKey)` allows setting the privateKey instance. + +### Package `com.okta.sdk.resource.application.AcsEndpoint` + +This is a newly created interface with methods listed below. +- `Integer getIndex()` +- `AcsEndpoint setIndex(Integer index)` +- `String getUrl()` +- `AcsEndpoint setUrl(String url)` + +### Package `com.okta.sdk.resource.application.Application` + +- Added `ApplicationGroupAssignment createApplicationGroupAssignment(String groupId)` method. + - This method allows assigning a group to an Application. + +### Package `com.okta.sdk.resource.application.OpenIdConnectApplicationSettingsClient` + +Below methods have been added. +- `OpenIdConnectApplicationSettingsRefreshToken getRefreshToken()` +- `OpenIdConnectApplicationSettingsRefreshToken setRefreshToken(OpenIdConnectApplicationSettingsRefreshToken refreshToken)` +- `OpenIdConnectApplicationSettingsClientKeys getJwks()` +- `OpenIdConnectApplicationSettingsClient setJwks(OpenIdConnectApplicationSettingsClientKeys jwks)` + +### Package `com.okta.sdk.resource.application.OpenIdConnectApplicationSettingsClientKeys` + +This is a newly created interface with methods listed below. +- `JsonWebKeyList getKeys()` +- `OpenIdConnectApplicationSettingsClientKeys setKeys(JsonWebKeyList keys)` + +### Package `com.okta.sdk.resource.application.OpenIdConnectApplicationSettingsRefreshToken` + +This is a newly created interface with methods listed below. +- `Integer getLeeway()` +- `OpenIdConnectRefreshTokenRotationType getRotationType()` +- `OpenIdConnectApplicationSettingsRefreshToken setLeeway(Integer leeway)` +- `OpenIdConnectApplicationSettingsRefreshToken setRotationType(OpenIdConnectRefreshTokenRotationType rotationType)` + +With the introduction of enum type `OpenIdConnectRefreshTokenRotationType`, +operations `getRotationType()` and `setRotationType(OpenIdConnectRefreshTokenRotationType rotationType)` will use this new enum type. + +Enum `OpenIdConnectRefreshTokenRotationType` has the below fields defined: +- `ROTATE("rotate")` +- `STATIC("static")` + +### Package `com.okta.sdk.resource.application.SamlApplicationSettingsSignOn` + +Below methods have been added. +- `List getAcsEndpoints()` +- `Boolean getAllowMultipleAcsEndpoints()` +- `SamlApplicationSettingsSignOn setAcsEndpoints(List acsEndpoints)` +- `SamlApplicationSettingsSignOn setAllowMultipleAcsEndpoints(Boolean allowMultipleAcsEndpoints)` + +### Package `com.okta.sdk.resource.application.SamlApplicationV1` + +This is a newly created interface with methods listed below. +- `SamlApplicationSettings getSettings()` +- `SamlApplicationV1 setSettings(SamlApplicationSettings settings)` + +### Package `com.okta.sdk.resource.application.SamlAttributeStatement` + +Below methods have been added. +- `String getFilterType()` +- `String getFilterValue()` +- `SamlAttributeStatement setFilterType(String filterType)` +- `SamlAttributeStatement setFilterValue(String filterValue)` + +### Package `com.okta.sdk.resource.authorization.server.AuthorizationServer` + +Below methods have undergone a signature change. +- `createPolicy(com.okta.sdk.resource.policy.Policy policy)` signature changed to `createPolicy(com.okta.sdk.resource.authorization.server.AuthorizationServerPolicy policy)`, return value type changed from `com.okta.sdk.resource.policy.Policy` to `com.okta.sdk.resource.authorization.server.AuthorizationServerPolicy` +- `getPolicy(String policyId)` return type changed from `com.okta.sdk.resource.policy.Policy` to `com.okta.sdk.resource.authorization.server.AuthorizationServerPolicy` +- `listPolicies()` return type changed from `com.okta.sdk.resource.policy.PolicyList` to `com.okta.sdk.resource.authorization.server.AuthorizationServerPolicyList` +- `updatePolicy(String policyId, com.okta.sdk.resource.policy.Policy policy)` signature changed to `updatePolicy(String policyId, com.okta.sdk.resource.authorization.server.AuthorizationServerPolicy policy)`, return value type changed from `com.okta.sdk.resource.policy.Policy` to `com.okta.sdk.resource.authorization.server.AuthorizationServerPolicy` + +### Package `com.okta.sdk.resource.authorization.server.AuthorizationServerPolicy` + +This is a newly created interface with methods listed below. +- `AuthorizationServerPolicyRule createPolicyRule(String authServerId, AuthorizationServerPolicyRule policyRule)` +- `void deletePolicy(String policyId)` +- `PolicyRuleConditions getConditions()` +- `Date getCreated()` +- `String getDescription()` +- `Map getEmbedded()` +- `String getId()` +- `Date getLastUpdated()` +- `Map getLinks()` +- `String getName()` +- `AuthorizationServerPolicyRule getPolicyRule(String authServerId, String ruleId)` +- `Integer getPriority()` +- `StatusEnum getStatus()` +- `Boolean getSystem()` +- `PolicyType getType()` +- `AuthorizationServerPolicyRuleList listPolicyRules(String authServerId)` +- `AuthorizationServerPolicy setConditions(PolicyRuleConditions conditions)` +- `AuthorizationServerPolicy setDescription(String description)` +- `AuthorizationServerPolicy setName(String name)` +- `AuthorizationServerPolicy setPriority(Integer priority)` +- `AuthorizationServerPolicy setStatus(StatusEnum status)` +- `AuthorizationServerPolicy setSystem(Boolean system)` +- `AuthorizationServerPolicy setType(PolicyType type)` +- `AuthorizationServerPolicy updatePolicy(String policyId, AuthorizationServerPolicy policy)` + +With the introduction of enum type `AuthorizationServerPolicy$StatusEnum`, +operations `getStatus()` and `setStatus(StatusEnum status)` will use this new enum type. + +Enum `StatusEnum` has below fields defined: +- `ACTIVE("ACTIVE")` +- `INACTIVE("INACTIVE")` + +### Package `com.okta.sdk.resource.authorization.server.policy.AuthorizationServerPolicyRule` + +This is a newly created interface with methods listed below. +- `void activate()` +- `void deactivate()` +- `deletePolicyRule(String authServerId)` +- `AuthorizationServerPolicyRuleActions getActions()` +- `AuthorizationServerPolicyRuleConditions getConditions()` +- `Date getCreated()` +- `String getId()` +- `Date getLastUpdated()` +- `String getName()` +- `Integer getPriority()` +- `StatusEnum getStatus()` +- `Boolean getSystem()` +- `TypeEnum getType()` +- `AuthorizationServerPolicyRule setActions(AuthorizationServerPolicyRuleActions actions)` +- `AuthorizationServerPolicyRule setConditions(AuthorizationServerPolicyRuleConditions conditions)` +- `AuthorizationServerPolicyRule setName(String name)` +- `AuthorizationServerPolicyRule setPriority(Integer priority)` +- `AuthorizationServerPolicyRule setStatus(StatusEnum status)` +- `AuthorizationServerPolicyRule setSystem(Boolean system)` +- `AuthorizationServerPolicyRule setType(TypeEnum type)` +- `AuthorizationServerPolicyRule update(String authServerId)` + +With the introduction of enum type `AuthorizationServerPolicyRule$StatusEnum`, operations `getStatus()` and `setStatus(StatusEnum status)` +will use this new enum type. + +Enum `StatusEnum` has below fields defined: +- `ACTIVE("ACTIVE")` +- `INACTIVE("INACTIVE")` + +### Package `com.okta.sdk.resource.authorization.server.policy.AuthorizationServerPolicyRuleActions` + +This is a newly created interface with methods listed below. +- `TokenAuthorizationServerPolicyRuleAction getToken()` +- `AuthorizationServerPolicyRuleActions setToken(TokenAuthorizationServerPolicyRuleAction token)` + +### Package `com.okta.sdk.resource.authorization.server.policy.AuthorizationServerPolicyRuleConditions` + +This is a newly created interface with methods listed below. +- `ClientPolicyCondition getClients()` +- `GrantTypePolicyRuleCondition getGrantTypes()` +- `PolicyPeopleCondition getPeople()` +- `OAuth2ScopesMediationPolicyRuleCondition getScopes()` +- `AuthorizationServerPolicyRuleConditions setClients(ClientPolicyCondition clients)` +- `AuthorizationServerPolicyRuleConditions setGrantTypes(GrantTypePolicyRuleCondition grantTypes)` +- `AuthorizationServerPolicyRuleConditions setPeople(PolicyPeopleCondition people)` +- `AuthorizationServerPolicyRuleConditions setScopes(OAuth2ScopesMediationPolicyRuleCondition scopes)` + +### Package `com.okta.sdk.resource.authorization.server.policy.TokenAuthorizationServerPolicyRuleAction` + +This is a newly created interface with methods listed below. +- `Integer getAccessTokenLifetimeMinutes()` +- `Integer getRefreshTokenLifetimeMinutes()` +- `Integer getRefreshTokenWindowMinutes()` +- `TokenAuthorizationServerPolicyRuleAction setAccessTokenLifetimeMinutes(Integer accessTokenLifetimeMinutes)` +- `TokenAuthorizationServerPolicyRuleAction setRefreshTokenLifetimeMinutes(Integer refreshTokenLifetimeMinutes)` +- `TokenAuthorizationServerPolicyRuleAction setRefreshTokenWindowMinutes(Integer refreshTokenWindowMinutes)` + +### Package `com.okta.sdk.resource.identity.provider.IdentityProvider` + +Below method has been removed. +- `deleteSigningKey(String keyId)` + +### Package `com.okta.sdk.resource.policy.PolicyList` + +The Interface has been removed. +The Interface `com.okta.sdk.resource.authorization.server.AuthorizationServerPolicyList` should be used instead. + +### Package `com.okta.sdk.resource.user.factor.CustomHotpUserFactor` + +This is a newly created interface with methods listed below. +- `String getFactorProfileId()` +- `CustomHotpUserFactorProfile getProfile()` +- `CustomHotpUserFactor setFactorProfileId(String factorProfileId)` +- `CustomHotpUserFactor setProfile(CustomHotpUserFactorProfile profile)` + +### Package `com.okta.sdk.resource.user.factor.CustomHotpUserFactorProfile` + +This is a newly created interface with methods listed below. +- `String getSharedSecret()` +- `CustomHotpUserFactorProfile setSharedSecret(String sharedSecret)` + +### Package `com.okta.sdk.resource.user.factor.VerifyUserFactorResponse` + +Below method has undergone a signature change. +- `getExpiresAt()` return type changed from `String` to `Date` + - The property's `expiresAt` type is a date-time string, so it becomes convenient to use `Date` type + +### Package `com.okta.sdk.resource.user.PasswordCredentialHash` + +Below methods have been renamed for the sake of clarity. +- Renamed `getWorkerFactor()` to `getWorkFactor()` +- Renamed `setWorkerFactor(Integer workFactor)` to `setWorkFactor(Integer workFactor)` + +### Package `com.okta.sdk.resource.user.UserBuilder` + +Below methods have been added. +- `UserBuilder setType(UserType userType)` +- `UserBuilder setType(String userTypeId)` +- `UserBuilder usePasswordHookForImport()` +- `UserBuilder usePasswordHookForImport(String type)` + + ## Migrating from 1.x.x to 2.0.0 Version 2.0.0 of this SDK introduces a number of breaking changes from previous versions. diff --git a/api/pom.xml b/api/pom.xml index 272cb6b0645..6b326a85c21 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -21,7 +21,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT okta-sdk-api diff --git a/coverage/pom.xml b/coverage/pom.xml index 5dcadb02889..ff86d5dc0c9 100644 --- a/coverage/pom.xml +++ b/coverage/pom.xml @@ -21,7 +21,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT okta-sdk-coverage diff --git a/examples/pom.xml b/examples/pom.xml index 7900bdf651e..e063c3e2110 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -21,7 +21,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT okta-sdk-examples diff --git a/examples/quickstart/pom.xml b/examples/quickstart/pom.xml index 01880a922d3..0738924db76 100644 --- a/examples/quickstart/pom.xml +++ b/examples/quickstart/pom.xml @@ -20,7 +20,7 @@ com.okta.sdk okta-sdk-examples - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT ../pom.xml diff --git a/httpclients/httpclient/pom.xml b/httpclients/httpclient/pom.xml index a21d7aad30e..2e14f26a19f 100644 --- a/httpclients/httpclient/pom.xml +++ b/httpclients/httpclient/pom.xml @@ -21,7 +21,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT ../.. diff --git a/httpclients/okhttp/pom.xml b/httpclients/okhttp/pom.xml index 297e3220e2a..5a06a87883a 100644 --- a/httpclients/okhttp/pom.xml +++ b/httpclients/okhttp/pom.xml @@ -21,7 +21,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT ../.. diff --git a/impl/pom.xml b/impl/pom.xml index 45e7959149a..9adbcbdfff5 100644 --- a/impl/pom.xml +++ b/impl/pom.xml @@ -21,7 +21,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT okta-sdk-impl @@ -121,12 +121,6 @@ slf4j-simple test - - com.okta.sdk - okta-sdk-api - 2.0.1-SNAPSHOT - - diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml index 69034129199..153ccdd1429 100644 --- a/integration-tests/pom.xml +++ b/integration-tests/pom.xml @@ -20,7 +20,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT ../pom.xml diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/ApplicationsIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/ApplicationsIT.groovy index e6710cb2a60..4aa597a4efb 100644 --- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/ApplicationsIT.groovy +++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/ApplicationsIT.groovy @@ -17,7 +17,6 @@ package com.okta.sdk.tests.it import com.okta.sdk.client.Client import com.okta.sdk.resource.ResourceException - import com.okta.sdk.resource.application.* import com.okta.sdk.resource.group.Group import com.okta.sdk.resource.group.GroupBuilder @@ -26,9 +25,8 @@ import com.okta.sdk.tests.it.util.ITSupport import org.testng.Assert import org.testng.annotations.Test -import static com.okta.sdk.tests.it.util.Util.assertPresent import static com.okta.sdk.tests.it.util.Util.assertNotPresent - +import static com.okta.sdk.tests.it.util.Util.assertPresent import static org.hamcrest.MatcherAssert.assertThat import static org.hamcrest.Matchers.* @@ -410,6 +408,10 @@ class ApplicationsIT extends ITSupport { assertThat(groupAssignment.priority, equalTo(2)) assertThat(app.listGroupAssignments().iterator().size(), equalTo(1)) + ApplicationGroupAssignment receivedGroupAssignment = app.getApplicationGroupAssignment(group.getId()) + assertThat(groupAssignment.getId(), equalTo(receivedGroupAssignment.getId())) + assertThat(groupAssignment.getPriority(), equalTo(receivedGroupAssignment.getPriority())) + // delete the assignment groupAssignment.delete() assertThat(app.listGroupAssignments().iterator().size(), equalTo(0)) diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/AuthorizationServerIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/AuthorizationServerIT.groovy index e59f572d039..898426c84af 100644 --- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/AuthorizationServerIT.groovy +++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/AuthorizationServerIT.groovy @@ -566,7 +566,7 @@ class AuthorizationServerIT extends ITSupport { assertThat(createdPolicyRule, notNullValue()) assertThat(createdPolicyRule.getType(), equalTo(AuthorizationServerPolicyRule.TypeEnum.ACCESS)) - retrievedPolicy.deletePolicyRule(createdAuthorizationServer.getId(), createdPolicyRule.getId()) + createdPolicyRule.deletePolicyRule(createdAuthorizationServer.getId()) // delete may not effect immediately in the backend sleep(getTestOperationDelay()) diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy index 3b64bc6b81f..93762a304d3 100644 --- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy +++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy @@ -99,7 +99,7 @@ class GroupsIT extends ITSupport implements CrudTestSupport { validateGroup(group, groupName) // 2. Search the group by name - assertPresent(client.listGroups(groupName, null), group) + assertPresent(client.listGroups(groupName, null, null), group) } @Test diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy index bb7e9af1054..341014c69d8 100644 --- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy +++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy @@ -92,6 +92,18 @@ class PolicyRulesIT extends ITSupport implements CrudTestSupport { assertThat(policyRule.getStatus(), is(PolicyRule.StatusEnum.INACTIVE)) } + @Test + void listPolicyRulesTest() { + def group = randomGroup() + def policy = randomSignOnPolicy(group.getId()) + + policy.listPolicyRules().forEach({policyItem -> + assertThat(policyItem, notNullValue()) + assertThat(policyItem.getId(), notNullValue()) + assertThat(policyItem, instanceOf(Policy.class)) + }) + } + @Test void createPasswordPolicyRule() { diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy index 99c56171c64..e9a85973f19 100644 --- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy +++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy @@ -568,7 +568,7 @@ class UsersIT extends ITSupport implements CrudTestSupport { Role role = user.assignRole(assignRoleRequest) // 3. Add Group Target to User Admin Role - user.addGroupTarget(role.id, group.id) + user.addGroupTarget(role.getId(), group.getId()) // 4. List Group Targets for Role assertGroupTargetPresent(user, group, role) diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy index 94c5633bef5..171f03718ae 100644 --- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy +++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy @@ -156,7 +156,7 @@ trait ClientProvider implements IHookable { void deleteGroup(String groupName, Client client) { Util.ignoring(ResourceException) { - GroupList groups = client.listGroups(groupName, null) + GroupList groups = client.listGroups(groupName, null, null) groups.each {group -> if (groupName.equals(group.profile.name)) { group.delete() diff --git a/pom.xml b/pom.xml index 2811f89b064..0a0dd6fce72 100644 --- a/pom.xml +++ b/pom.xml @@ -25,7 +25,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT pom Okta Java SDK @@ -39,7 +39,7 @@ 1.26 1.66 0.11.1 - 1.5.4 + 2.0.0 1.2.4 okta/okta-sdk-java @@ -72,27 +72,27 @@ com.okta.sdk okta-sdk-api - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT com.okta.sdk okta-sdk-impl - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT com.okta.sdk okta-api-swagger-templates - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT com.okta.sdk okta-sdk-httpclient - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT com.okta.sdk okta-sdk-okhttp - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT @@ -131,14 +131,14 @@ com.okta.sdk okta-sdk-integration-tests - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT com.okta.sdk okta-sdk-examples-quickstart - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT @@ -316,7 +316,7 @@ com.okta.sdk okta-api-swagger-templates - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT @@ -343,7 +343,7 @@ true - false + false true ${root.dir}/src/japicmp/postAnalysisScript.groovy diff --git a/src/findbugs/findbugs-exclude.xml b/src/findbugs/findbugs-exclude.xml index e3b5c10cb0c..606b2ba3ba7 100644 --- a/src/findbugs/findbugs-exclude.xml +++ b/src/findbugs/findbugs-exclude.xml @@ -88,6 +88,13 @@ + + + + + + + diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index 2d98502a3dd..8dfe7a56d6f 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -1711,14 +1711,16 @@ paths: schema: $ref: '#/definitions/AuthorizationServerPolicyRule' security: - - api_token: [ ] + - api_token: [] tags: - AuthorizationServer '/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}': delete: consumes: - application/json - description: Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy. + description: >- + Deletes a Policy Rule defined in the specified Custom Authorization + Server and Policy. operationId: deleteAuthorizationServerPolicyRule parameters: - in: path @@ -1739,13 +1741,15 @@ paths: '204': description: No Content security: - - api_token: [ ] + - api_token: [] tags: - AuthorizationServer get: consumes: - application/json - description: Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy. + description: >- + Returns a Policy Rule by ID that is defined in the specified Custom + Authorization Server and Policy. operationId: getAuthorizationServerPolicyRule parameters: - in: path @@ -1768,7 +1772,7 @@ paths: schema: $ref: '#/definitions/AuthorizationServerPolicyRule' security: - - api_token: [ ] + - api_token: [] tags: - AuthorizationServer put: @@ -2274,6 +2278,12 @@ paths: in: query name: limit type: integer + - description: >- + If specified, it causes additional metadata to be included in the + response. + in: query + name: expand + type: string produces: - application/json responses: @@ -3330,7 +3340,9 @@ paths: delete: consumes: - application/json - description: Revoke a Certificate Signing Request and delete the key pair from the IdP + description: >- + Revoke a Certificate Signing Request and delete the key pair from the + IdP operationId: revokeCsrForIdentityProvider parameters: - in: path @@ -3380,8 +3392,8 @@ paths: consumes: - application/json description: >- - Update the Certificate Signing Request with a signed X.509 certificate and add it into the - signing key credentials for the IdP. + Update the Certificate Signing Request with a signed X.509 certificate + and add it into the signing key credentials for the IdP. parameters: - in: path name: idpId @@ -3948,14 +3960,14 @@ paths: system log. This API provides more functionality than the Events API operationId: getLogs parameters: - - in: query + - format: date-time + in: query name: since type: string - format: date-time - - in: query + - format: date-time + in: query name: until type: string - format: date-time - in: query name: filter type: string @@ -4398,7 +4410,7 @@ paths: description: Success schema: items: - $ref: '#/definitions/AuthorizationServerPolicyRule' + $ref: '#/definitions/PolicyRule' type: array security: - api_token: [] @@ -6017,8 +6029,8 @@ paths: - application/json description: >- Activates a user. This operation can only be performed on users with a - `STAGED` status. Activation of a user is an asynchronous operation. - The user will have the `transitioningToStatus` property with a value of + `STAGED` status. Activation of a user is an asynchronous operation. The + user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of `ACTIVE` when the activation process is complete. @@ -6734,6 +6746,14 @@ paths: tags: - User definitions: + AcsEndpoint: + properties: + index: + type: integer + url: + type: string + x-okta-tags: + - Application ActivateFactorRequest: properties: attestation: @@ -7140,6 +7160,7 @@ definitions: BOOKMARK: '#/definitions/BookmarkApplication' BROWSER_PLUGIN: '#/definitions/BrowserPluginApplication' OPENID_CONNECT: '#/definitions/OpenIdConnectApplication' + SAML_1_1: '#/definitions/SamlApplicationV1' SAML_2_0: '#/definitions/SamlApplication' SECURE_PASSWORD_STORE: '#/definitions/SecurePasswordStoreApplication' WS_FEDERATION: '#/definitions/WsFederationApplication' @@ -7601,6 +7622,175 @@ definitions: type: string x-okta-tags: - AuthorizationServer + AuthorizationServerPolicy: + properties: + _embedded: + additionalProperties: + type: object + readOnly: true + type: object + _links: + additionalProperties: + type: object + readOnly: true + type: object + conditions: + $ref: '#/definitions/PolicyRuleConditions' + created: + format: date-time + readOnly: true + type: string + description: + type: string + id: + readOnly: true + type: string + lastUpdated: + format: date-time + readOnly: true + type: string + name: + type: string + priority: + type: integer + status: + enum: + - ACTIVE + - INACTIVE + type: string + system: + type: boolean + type: + $ref: '#/definitions/PolicyType' + type: object + x-okta-crud: + - alias: read + arguments: + - dest: policyId + src: id + operationId: getAuthorizationServerPolicy + - alias: updatePolicy + arguments: + - dest: policyId + src: id + operationId: updateAuthorizationServerPolicy + - alias: deletePolicy + arguments: + - dest: policyId + src: id + operationId: deleteAuthorizationServerPolicy + x-okta-operations: + - alias: listPolicyRules + arguments: + - dest: policyId + src: id + operationId: listAuthorizationServerPolicyRules + - alias: createPolicyRule + arguments: + - dest: policyId + src: id + operationId: createAuthorizationServerPolicyRule + - alias: getPolicyRule + arguments: + - dest: policyId + src: id + operationId: getAuthorizationServerPolicyRule + - alias: deletePolicyRule + arguments: + - dest: policyId + src: id + operationId: deleteAuthorizationServerPolicyRule + x-okta-tags: + - AuthorizationServer + AuthorizationServerPolicyRule: + properties: + actions: + $ref: '#/definitions/AuthorizationServerPolicyRuleActions' + conditions: + $ref: '#/definitions/AuthorizationServerPolicyRuleConditions' + created: + format: date-time + readOnly: true + type: string + id: + readOnly: true + type: string + lastUpdated: + format: date-time + readOnly: true + type: string + name: + type: string + priority: + type: integer + status: + default: ACTIVE + enum: + - ACTIVE + - INACTIVE + type: string + system: + default: false + type: boolean + type: + enum: + - RESOURCE_ACCESS + type: string + type: object + x-okta-crud: + - alias: update + arguments: + - dest: ruleId + src: id + - dest: policyRule + self: true + - dest: policyId + parentSrc: id + operationId: updateAuthorizationServerPolicyRule + - alias: deletePolicyRule + arguments: + - dest: ruleId + src: id + - dest: policyId + parentSrc: id + operationId: deleteAuthorizationServerPolicyRule + x-okta-operations: + - alias: activate + arguments: + - dest: ruleId + src: id + - dest: policyId + parentSrc: policyId + operationId: activatePolicyRule + - alias: deactivate + arguments: + - dest: ruleId + src: id + - dest: policyId + parentSrc: policyId + operationId: deactivatePolicyRule + x-okta-tags: + - AuthorizationServerPolicy + AuthorizationServerPolicyRuleActions: + properties: + token: + $ref: '#/definitions/TokenAuthorizationServerPolicyRuleAction' + type: object + x-okta-tags: + - AuthorizationServerPolicy + AuthorizationServerPolicyRuleConditions: + properties: + clients: + $ref: '#/definitions/ClientPolicyCondition' + grantTypes: + $ref: '#/definitions/GrantTypePolicyRuleCondition' + people: + $ref: '#/definitions/PolicyPeopleCondition' + scopes: + $ref: '#/definitions/OAuth2ScopesMediationPolicyRuleCondition' + type: object + x-okta-tags: + - AuthorizationServerPolicy AutoLoginApplication: properties: credentials: @@ -7702,42 +7892,57 @@ definitions: template_swa: '#/definitions/SwaApplication' template_swa3field: '#/definitions/SwaThreeFieldApplication' propertyName: name - CatalogApplication: + CallUserFactor: properties: - id: + profile: + $ref: '#/definitions/CallUserFactorProfile' + x-okta-parent: '#/definitions/UserFactor' + x-okta-tags: + - UserFactor + CallUserFactorProfile: + properties: + phoneExtension: + type: string + phoneNumber: type: string + x-okta-tags: + - UserFactor + CatalogApplication: + properties: + _links: + additionalProperties: + type: object readOnly: true - name: + type: object + category: + type: string + description: type: string displayName: type: string - description: + features: + items: + type: string + type: array + id: + readOnly: true type: string - status: - $ref: '#/definitions/CatalogApplicationStatus' lastUpdated: format: date-time readOnly: true type: string - category: - type: string - verificationStatus: - type: string - website: + name: type: string signOnModes: items: type: string type: array - features: - items: - type: string - type: array - _links: - additionalProperties: - type: object - readOnly: true - type: object + status: + $ref: '#/definitions/CatalogApplicationStatus' + verificationStatus: + type: string + website: + type: string x-okta-tags: - Role CatalogApplicationStatus: @@ -7747,16 +7952,64 @@ definitions: type: string x-okta-tags: - Role - Csr: + ChangePasswordRequest: properties: - created: - format: date-time - readOnly: true - type: string - csr: - readOnly: true - type: string - id: + newPassword: + $ref: '#/definitions/PasswordCredential' + oldPassword: + $ref: '#/definitions/PasswordCredential' + type: object + x-okta-tags: + - User + ClientPolicyCondition: + properties: + include: + items: + type: string + type: array + type: object + x-okta-tags: + - Policy + ContextPolicyRuleCondition: + properties: + expression: + type: string + type: object + x-okta-tags: + - Policy + CreateSessionRequest: + properties: + sessionToken: + type: string + type: object + x-okta-tags: + - Session + CreateUserRequest: + properties: + credentials: + $ref: '#/definitions/UserCredentials' + groupIds: + items: + type: string + type: array + profile: + $ref: '#/definitions/UserProfile' + type: + $ref: '#/definitions/UserType' + type: object + x-okta-parent: '#/definitions/User' + x-okta-tags: + - User + Csr: + properties: + created: + format: date-time + readOnly: true + type: string + csr: + readOnly: true + type: string + id: readOnly: true type: string kty: @@ -7797,69 +8050,21 @@ definitions: type: array x-okta-tags: - Application - CallUserFactor: + CustomHotpUserFactor: properties: + factorProfileId: + type: string profile: - $ref: '#/definitions/CallUserFactorProfile' + $ref: '#/definitions/CustomHotpUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor - CallUserFactorProfile: + CustomHotpUserFactorProfile: properties: - phoneExtension: - type: string - phoneNumber: + sharedSecret: type: string x-okta-tags: - UserFactor - ChangePasswordRequest: - properties: - newPassword: - $ref: '#/definitions/PasswordCredential' - oldPassword: - $ref: '#/definitions/PasswordCredential' - type: object - x-okta-tags: - - User - ClientPolicyCondition: - properties: - include: - items: - type: string - type: array - type: object - x-okta-tags: - - Policy - ContextPolicyRuleCondition: - properties: - expression: - type: string - type: object - x-okta-tags: - - Policy - CreateSessionRequest: - properties: - sessionToken: - type: string - type: object - x-okta-tags: - - Session - CreateUserRequest: - properties: - credentials: - $ref: '#/definitions/UserCredentials' - groupIds: - items: - type: string - type: array - profile: - $ref: '#/definitions/UserProfile' - type: - $ref: '#/definitions/UserType' - type: object - x-okta-parent: '#/definitions/User' - x-okta-tags: - - User DevicePolicyRuleCondition: properties: migrated: @@ -8072,6 +8277,7 @@ definitions: - SYMANTEC - DUO - YUBICO + - CUSTOM type: string x-okta-tags: - UserFactor @@ -8570,11 +8776,6 @@ definitions: - dest: idpId src: id operationId: getIdentityProviderSigningKey - - alias: deleteSigningKey - arguments: - - dest: idpId - src: id - operationId: deleteIdentityProviderKey - alias: cloneKey arguments: - dest: idpId @@ -8705,154 +8906,6 @@ definitions: x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy - AuthorizationServerPolicy: - properties: - _embedded: - additionalProperties: - type: object - readOnly: true - type: object - _links: - additionalProperties: - type: object - readOnly: true - type: object - conditions: - $ref: '#/definitions/PolicyRuleConditions' - created: - format: date-time - readOnly: true - type: string - description: - type: string - id: - readOnly: true - type: string - lastUpdated: - format: date-time - readOnly: true - type: string - name: - type: string - priority: - type: integer - status: - enum: - - ACTIVE - - INACTIVE - type: string - system: - type: boolean - type: - $ref: '#/definitions/PolicyType' - type: object - x-okta-crud: - - alias: read - arguments: - - dest: policyId - src: id - operationId: getAuthorizationServerPolicy - x-okta-operations: - - alias: listPolicyRules - arguments: - - dest: policyId - src: id - operationId: listAuthorizationServerPolicyRules - - alias: createPolicyRule - arguments: - - dest: policyId - src: id - operationId: createAuthorizationServerPolicyRule - - alias: getPolicyRule - arguments: - - dest: policyId - src: id - operationId: getAuthorizationServerPolicyRule - - alias: deletePolicyRule - arguments: - - dest: policyId - src: id - operationId: deleteAuthorizationServerPolicyRule - x-okta-tags: - - AuthorizationServer - AuthorizationServerPolicyRule: - properties: - actions: - $ref: '#/definitions/AuthorizationServerPolicyRuleActions' - conditions: - $ref: '#/definitions/AuthorizationServerPolicyRuleConditions' - created: - format: date-time - readOnly: true - type: string - id: - readOnly: true - type: string - lastUpdated: - format: date-time - readOnly: true - type: string - name: - type: string - priority: - type: integer - status: - default: ACTIVE - enum: - - ACTIVE - - INACTIVE - type: string - system: - default: false - type: boolean - type: - enum: - - RESOURCE_ACCESS - type: string - type: object - x-okta-crud: - - alias: update - arguments: - - dest: ruleId - src: id - - dest: policyRule - self: true - - dest: policyId - parentSrc: id - operationId: updateAuthorizationServerPolicyRule - x-okta-tags: - - AuthorizationServerPolicy - AuthorizationServerPolicyRuleActions: - properties: - token: - $ref: '#/definitions/TokenAuthorizationServerPolicyRuleAction' - type: object - x-okta-tags: - - AuthorizationServerPolicy - TokenAuthorizationServerPolicyRuleAction: - properties: - accessTokenLifetimeMinutes: - type: integer - refreshTokenLifetimeMinutes: - type: integer - refreshTokenWindowMinutes: - type: integer - type: object - x-okta-tags: - - AuthorizationServerPolicy - AuthorizationServerPolicyRuleConditions: - properties: - people: - $ref: '#/definitions/PolicyPeopleCondition' - clients: - $ref: '#/definitions/ClientPolicyCondition' - grantTypes: - $ref: '#/definitions/GrantTypePolicyRuleCondition' - scopes: - $ref: '#/definitions/OAuth2ScopesMediationPolicyRuleCondition' - type: object - x-okta-tags: - - AuthorizationServerPolicy IdentityProviderPolicyRuleCondition: properties: idpIds: @@ -9764,8 +9817,6 @@ definitions: type: object clientId: type: string - userId: - type: string created: format: date-time readOnly: true @@ -9787,6 +9838,8 @@ definitions: $ref: '#/definitions/OAuth2ScopeConsentGrantSource' status: $ref: '#/definitions/OAuth2ScopeConsentGrantStatus' + userId: + type: string type: object x-okta-tags: - Application @@ -10028,6 +10081,8 @@ definitions: type: string issuer_mode: $ref: '#/definitions/OpenIdConnectApplicationIssuerMode' + jwks: + $ref: '#/definitions/OpenIdConnectApplicationSettingsClientKeys' logo_uri: type: string policy_uri: @@ -10040,6 +10095,8 @@ definitions: items: type: string type: array + refresh_token: + $ref: '#/definitions/OpenIdConnectApplicationSettingsRefreshToken' response_types: items: $ref: '#/definitions/OAuthResponseType' @@ -10048,6 +10105,23 @@ definitions: type: string x-okta-tags: - Application + OpenIdConnectApplicationSettingsClientKeys: + properties: + keys: + items: + $ref: '#/definitions/JsonWebKey' + type: array + x-okta-tags: + - Application + OpenIdConnectApplicationSettingsRefreshToken: + properties: + leeway: + type: integer + rotation_type: + $ref: '#/definitions/OpenIdConnectRefreshTokenRotationType' + type: object + x-okta-tags: + - Application OpenIdConnectApplicationType: enum: - web @@ -10057,6 +10131,13 @@ definitions: type: string x-okta-tags: - Application + OpenIdConnectRefreshTokenRotationType: + enum: + - rotate + - static + type: string + x-okta-tags: + - Application PasswordCredential: properties: hash: @@ -10079,7 +10160,7 @@ definitions: type: string value: type: string - workerFactor: + workFactor: type: integer type: object x-okta-tags: @@ -11067,8 +11148,6 @@ definitions: $ref: '#/definitions/RoleType' type: string type: object - x-okta-tags: - - User x-okta-operations: - alias: addAdminGroupTarget arguments: @@ -11112,6 +11191,8 @@ definitions: - dest: userId parentSrc: id operationId: addApplicationTargetToAdminRoleForUser + x-okta-tags: + - User RoleAssignmentType: enum: - GROUP @@ -11147,6 +11228,13 @@ definitions: x-okta-parent: '#/definitions/Application' x-okta-tags: - Application + SamlApplicationV1: + properties: + settings: + $ref: '#/definitions/SamlApplicationSettings' + x-okta-parent: '#/definitions/Application' + x-okta-tags: + - Application SamlApplicationSettings: properties: signOn: @@ -11156,6 +11244,12 @@ definitions: - Application SamlApplicationSettingsSignOn: properties: + acsEndpoints: + items: + $ref: '#/definitions/AcsEndpoint' + type: array + allowMultipleAcsEndpoints: + type: boolean assertionSigned: type: boolean attributeStatements: @@ -11204,6 +11298,10 @@ definitions: - Application SamlAttributeStatement: properties: + filterType: + type: string + filterValue: + type: string name: type: string namespace: @@ -11619,6 +11717,17 @@ definitions: type: string x-okta-tags: - User + TokenAuthorizationServerPolicyRuleAction: + properties: + accessTokenLifetimeMinutes: + type: integer + refreshTokenLifetimeMinutes: + type: integer + refreshTokenWindowMinutes: + type: integer + type: object + x-okta-tags: + - AuthorizationServerPolicy TokenUserFactor: properties: profile: @@ -12110,6 +12219,7 @@ definitions: mapping: call: '#/definitions/CallUserFactor' email: '#/definitions/EmailUserFactor' + hotp: '#/definitions/CustomHotpUserFactor' push: '#/definitions/PushUserFactor' question: '#/definitions/SecurityQuestionUserFactor' sms: '#/definitions/SmsUserFactor' @@ -12388,6 +12498,8 @@ definitions: readOnly: true type: object expiresAt: + format: date-time + readOnly: true type: string factorResult: enum: @@ -12407,32 +12519,32 @@ definitions: type: object x-okta-tags: - UserFactor - WebUserFactor: + WebAuthnUserFactor: properties: profile: - $ref: '#/definitions/WebUserFactorProfile' + $ref: '#/definitions/WebAuthnUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor - WebUserFactorProfile: + WebAuthnUserFactorProfile: properties: + authenticatorName: + type: string credentialId: type: string x-okta-tags: - UserFactor - WebAuthnUserFactor: + WebUserFactor: properties: profile: - $ref: '#/definitions/WebAuthnUserFactorProfile' + $ref: '#/definitions/WebUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor - WebAuthnUserFactorProfile: + WebUserFactorProfile: properties: credentialId: type: string - authenticatorName: - type: string x-okta-tags: - UserFactor WsFederationApplication: diff --git a/swagger-templates/pom.xml b/swagger-templates/pom.xml index b9e461c9390..db4d6f72477 100644 --- a/swagger-templates/pom.xml +++ b/swagger-templates/pom.xml @@ -21,7 +21,7 @@ com.okta.sdk okta-sdk-root - 2.0.1-SNAPSHOT + 3.0.0-SNAPSHOT okta-api-swagger-templates