diff --git a/api/pom.xml b/api/pom.xml
index c2f0bb9db96..8bd2be16f5b 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -21,7 +21,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
okta-sdk-api
diff --git a/coverage/pom.xml b/coverage/pom.xml
index 37d0b3cc6af..7e1f3904332 100644
--- a/coverage/pom.xml
+++ b/coverage/pom.xml
@@ -21,7 +21,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
okta-sdk-coverage
diff --git a/examples/pom.xml b/examples/pom.xml
index d6fe4fd00ba..84083235827 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -21,7 +21,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
okta-sdk-examples
diff --git a/examples/quickstart/pom.xml b/examples/quickstart/pom.xml
index d8c0ab4533c..a33767f3f76 100644
--- a/examples/quickstart/pom.xml
+++ b/examples/quickstart/pom.xml
@@ -20,7 +20,7 @@
com.okta.sdk
okta-sdk-examples
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
../pom.xml
diff --git a/examples/quickstart/src/main/java/quickstart/ReadmeSnippets.java b/examples/quickstart/src/main/java/quickstart/ReadmeSnippets.java
index 9bc6e015dba..e0c685fac37 100644
--- a/examples/quickstart/src/main/java/quickstart/ReadmeSnippets.java
+++ b/examples/quickstart/src/main/java/quickstart/ReadmeSnippets.java
@@ -33,11 +33,12 @@
import com.okta.sdk.resource.user.User;
import com.okta.sdk.resource.user.UserBuilder;
import com.okta.sdk.resource.user.UserList;
-import com.okta.sdk.resource.user.factor.Factor;
-import com.okta.sdk.resource.user.factor.FactorList;
-import com.okta.sdk.resource.user.factor.SmsFactor;
+import com.okta.sdk.resource.user.factor.ActivateFactorRequest;
+import com.okta.sdk.resource.user.factor.UserFactor;
+import com.okta.sdk.resource.user.factor.UserFactorList;
+import com.okta.sdk.resource.user.factor.SmsUserFactor;
import com.okta.sdk.resource.user.factor.VerifyFactorRequest;
-import com.okta.sdk.resource.user.factor.VerifyFactorResponse;
+import com.okta.sdk.resource.user.factor.VerifyUserFactorResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -137,27 +138,27 @@ private void addUserToGroup() {
}
private void listUserFactors() {
- FactorList factors = user.listFactors();
+ UserFactorList factors = user.listFactors();
}
private void enrollUserInFactor() {
- SmsFactor smsFactor = client.instantiate(SmsFactor.class);
+ SmsUserFactor smsFactor = client.instantiate(SmsUserFactor.class);
smsFactor.getProfile().setPhoneNumber("555 867 5309");
- user.addFactor(smsFactor);
+ user.enrollFactor(smsFactor);
}
private void activateFactor() {
- Factor factor = user.getFactor("factorId");
- VerifyFactorRequest verifyFactorRequest = client.instantiate(VerifyFactorRequest.class);
- verifyFactorRequest.setPassCode("123456");
- factor.activate(verifyFactorRequest);
+ UserFactor factor = user.getFactor("factorId");
+ ActivateFactorRequest activateFactorRequest = client.instantiate(ActivateFactorRequest.class);
+ activateFactorRequest.setPassCode("123456");
+ factor.activate(activateFactorRequest);
}
private void verifyFactor() {
- Factor factor = user.getFactor("factorId");
+ UserFactor factor = user.getFactor("factorId");
VerifyFactorRequest verifyFactorRequest = client.instantiate(VerifyFactorRequest.class);
verifyFactorRequest.setPassCode("123456");
- VerifyFactorResponse response = factor.verify(verifyFactorRequest);
+ VerifyUserFactorResponse verifyUserFactorResponse = factor.setVerify(verifyFactorRequest).verify();
}
private void listApplication() {
diff --git a/httpclients/httpclient/pom.xml b/httpclients/httpclient/pom.xml
index 27fb7510210..4890078d5bd 100644
--- a/httpclients/httpclient/pom.xml
+++ b/httpclients/httpclient/pom.xml
@@ -21,7 +21,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
../..
diff --git a/httpclients/okhttp/pom.xml b/httpclients/okhttp/pom.xml
index 15882b4113b..3d9ca2f4aa9 100644
--- a/httpclients/okhttp/pom.xml
+++ b/httpclients/okhttp/pom.xml
@@ -21,7 +21,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
../..
diff --git a/impl/pom.xml b/impl/pom.xml
index 74a66e0e3f2..6920eadd894 100644
--- a/impl/pom.xml
+++ b/impl/pom.xml
@@ -21,7 +21,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
okta-sdk-impl
diff --git a/impl/src/main/java/com/okta/sdk/impl/ds/DiscriminatorRegistry.java b/impl/src/main/java/com/okta/sdk/impl/ds/DiscriminatorRegistry.java
index 87af2b2a77a..a242174cd8b 100644
--- a/impl/src/main/java/com/okta/sdk/impl/ds/DiscriminatorRegistry.java
+++ b/impl/src/main/java/com/okta/sdk/impl/ds/DiscriminatorRegistry.java
@@ -19,7 +19,7 @@
/**
* A DiscriminatorRegistry allows for the resolution of a specific type, based on the data of the object.
- * For example, the Factors API return a collection of {@link com.okta.sdk.resource.user.factor.Factor Factor} objects,
+ * For example, the Factors API return a collection of {@link com.okta.sdk.resource.user.factor.UserFactor UserFactor} objects,
* The actual type is dependent on a property of the data map 'factorType'.
*
* @since 0.8.0
diff --git a/impl/src/test/groovy/com/okta/sdk/impl/ds/DefaultResourceFactoryTest.groovy b/impl/src/test/groovy/com/okta/sdk/impl/ds/DefaultResourceFactoryTest.groovy
index 3bcfe858005..9f66192d0a1 100644
--- a/impl/src/test/groovy/com/okta/sdk/impl/ds/DefaultResourceFactoryTest.groovy
+++ b/impl/src/test/groovy/com/okta/sdk/impl/ds/DefaultResourceFactoryTest.groovy
@@ -15,9 +15,9 @@
*/
package com.okta.sdk.impl.ds
-import com.okta.sdk.resource.user.factor.Factor
+import com.okta.sdk.resource.user.factor.UserFactor
import com.okta.sdk.resource.user.factor.FactorType
-import com.okta.sdk.resource.user.factor.TotpFactor
+import com.okta.sdk.resource.user.factor.TotpUserFactor
import org.testng.annotations.Test
import static org.hamcrest.Matchers.equalTo
@@ -39,8 +39,8 @@ class DefaultResourceFactoryTest {
def map = [
factorType: "token:software:totp"
]
- Factor factor = resourceFactory.instantiate(Factor, map)
- assertThat factor, instanceOf(TotpFactor)
+ UserFactor factor = resourceFactory.instantiate(UserFactor, map)
+ assertThat factor, instanceOf(TotpUserFactor)
assertThat factor.getFactorType(), equalTo(FactorType.TOKEN_SOFTWARE_TOTP)
}
}
\ No newline at end of file
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index ffc0b58d9b0..c6c2f9ffab5 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -20,7 +20,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
../pom.xml
diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/FactorsIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/FactorsIT.groovy
index f1b2db19868..401033c2dd9 100644
--- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/FactorsIT.groovy
+++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/FactorsIT.groovy
@@ -15,26 +15,25 @@
*/
package com.okta.sdk.tests.it
-import com.google.common.collect.Lists;
+import com.google.common.collect.Lists
+
import com.okta.sdk.client.Client
import com.okta.sdk.resource.user.User
-import com.okta.sdk.resource.user.UserBuilder
-import com.okta.sdk.resource.user.factor.CallFactor
-import com.okta.sdk.resource.user.factor.Factor
-import com.okta.sdk.resource.user.factor.FactorList
-import com.okta.sdk.resource.user.factor.FactorResultType
+import com.okta.sdk.resource.user.factor.ActivateFactorRequest
+import com.okta.sdk.resource.user.factor.CallUserFactor
+import com.okta.sdk.resource.user.factor.FactorProvider
import com.okta.sdk.resource.user.factor.FactorStatus
-import com.okta.sdk.resource.user.factor.PushFactor
-import com.okta.sdk.resource.user.factor.SecurityQuestionFactor
+import com.okta.sdk.resource.user.factor.PushUserFactor
+import com.okta.sdk.resource.user.factor.SecurityQuestionUserFactor
import com.okta.sdk.resource.user.factor.SecurityQuestionList
-import com.okta.sdk.resource.user.factor.SmsFactor
-import com.okta.sdk.resource.user.factor.SmsFactorProfile
-import com.okta.sdk.resource.user.factor.TotpFactor
+import com.okta.sdk.resource.user.factor.SmsUserFactor
+import com.okta.sdk.resource.user.factor.TotpUserFactor
+import com.okta.sdk.resource.user.factor.UserFactor
+import com.okta.sdk.resource.user.factor.UserFactorList
import com.okta.sdk.resource.user.factor.VerifyFactorRequest
-import com.okta.sdk.resource.user.factor.VerifyFactorResponse
+import com.okta.sdk.resource.user.factor.VerifyUserFactorResponse
import com.okta.sdk.tests.it.util.ITSupport
import org.jboss.aerogear.security.otp.Totp
-import org.jboss.aerogear.security.otp.api.Base32
import org.testng.annotations.Test
import static org.hamcrest.Matchers.*
@@ -42,7 +41,6 @@ import static org.hamcrest.MatcherAssert.assertThat
class FactorsIT extends ITSupport {
-
private String smsTestNumber = "162 840 01133"
@Test
@@ -53,25 +51,25 @@ class FactorsIT extends ITSupport {
assertThat user.listFactors(), emptyIterable()
- SmsFactor smsFactor = client.instantiate(SmsFactor)
- smsFactor.getProfile().phoneNumber = smsTestNumber
- user.addFactor(smsFactor)
+ SmsUserFactor smsUserFactor = client.instantiate(SmsUserFactor)
+ smsUserFactor.getProfile().setPhoneNumber(smsTestNumber)
+ user.enrollFactor(smsUserFactor)
- SecurityQuestionFactor securityQuestionFactor = client.instantiate(SecurityQuestionFactor)
- securityQuestionFactor.getProfile()
- .setQuestion("disliked_food")
- .setAnswer("pizza")
- user.addFactor(securityQuestionFactor)
+ SecurityQuestionUserFactor securityQuestionUserFactor = client.instantiate(SecurityQuestionUserFactor)
+ securityQuestionUserFactor.getProfile()
+ .setQuestion("disliked_food")
+ .setAnswer("pizza")
+ user.enrollFactor(securityQuestionUserFactor)
- FactorList factorsList = user.listFactors()
- List factorsArrayList = Lists.newArrayList(factorsList)
+ UserFactorList factorsList = user.listFactors()
+ List factorsArrayList = Lists.newArrayList(factorsList)
assertThat factorsArrayList, allOf(hasSize(2), containsInAnyOrder(
- allOf(
- instanceOf(SmsFactor),
- hasProperty("id", is(smsFactor.getId()))),
- allOf(
- instanceOf(SecurityQuestionFactor),
- hasProperty("id", is(securityQuestionFactor.getId())))))
+ allOf(
+ instanceOf(SmsUserFactor),
+ hasProperty("id", is(smsUserFactor.getId()))),
+ allOf(
+ instanceOf(SecurityQuestionUserFactor),
+ hasProperty("id", is(securityQuestionUserFactor.getId())))))
}
@Test
@@ -81,14 +79,14 @@ class FactorsIT extends ITSupport {
assertThat user.listFactors(), emptyIterable()
- SecurityQuestionFactor securityQuestionFactor = client.instantiate(SecurityQuestionFactor)
- securityQuestionFactor.getProfile()
- .setQuestion("disliked_food")
- .setAnswer("pizza")
+ SecurityQuestionUserFactor securityQuestionUserFactor = client.instantiate(SecurityQuestionUserFactor)
+ securityQuestionUserFactor.getProfile()
+ .setQuestion("disliked_food")
+ .setAnswer("pizza")
- assertThat securityQuestionFactor.id, nullValue()
- assertThat securityQuestionFactor, sameInstance(user.addFactor(securityQuestionFactor))
- assertThat securityQuestionFactor.id, notNullValue()
+ assertThat securityQuestionUserFactor.id, nullValue()
+ assertThat securityQuestionUserFactor, sameInstance(user.enrollFactor(securityQuestionUserFactor))
+ assertThat securityQuestionUserFactor.id, notNullValue()
}
@Test
@@ -98,12 +96,12 @@ class FactorsIT extends ITSupport {
assertThat user.listFactors(), emptyIterable()
- CallFactor callFactor = client.instantiate(CallFactor)
- callFactor.getProfile().phoneNumber = smsTestNumber
+ CallUserFactor callUserFactor = client.instantiate(CallUserFactor)
+ callUserFactor.getProfile().setPhoneNumber(smsTestNumber)
- assertThat callFactor.id, nullValue()
- assertThat callFactor, sameInstance(user.addFactor(callFactor))
- assertThat callFactor.id, notNullValue()
+ assertThat callUserFactor.id, nullValue()
+ assertThat callUserFactor, sameInstance(user.enrollFactor(callUserFactor))
+ assertThat callUserFactor.id, notNullValue()
}
@Test
@@ -113,12 +111,12 @@ class FactorsIT extends ITSupport {
assertThat user.listFactors(), emptyIterable()
- SmsFactor smsFactor = client.instantiate(SmsFactor)
- smsFactor.getProfile().phoneNumber = smsTestNumber
+ SmsUserFactor smsUserFactor = client.instantiate(SmsUserFactor)
+ smsUserFactor.getProfile().setPhoneNumber(smsTestNumber)
- assertThat smsFactor.id, nullValue()
- assertThat smsFactor, sameInstance(user.addFactor(smsFactor))
- assertThat smsFactor.id, notNullValue()
+ assertThat smsUserFactor.id, nullValue()
+ assertThat smsUserFactor, sameInstance(user.enrollFactor(smsUserFactor))
+ assertThat smsUserFactor.id, notNullValue()
}
@Test
@@ -127,10 +125,10 @@ class FactorsIT extends ITSupport {
User user = randomUser()
assertThat user.listFactors(), emptyIterable()
- PushFactor pushFactor = client.instantiate(PushFactor)
- assertThat pushFactor.id, nullValue()
- assertThat pushFactor, sameInstance(user.addFactor(pushFactor))
- assertThat pushFactor.id, notNullValue()
+ PushUserFactor pushUserFactor = client.instantiate(PushUserFactor)
+ assertThat pushUserFactor.id, nullValue()
+ assertThat pushUserFactor, sameInstance(user.enrollFactor(pushUserFactor))
+ assertThat pushUserFactor.id, notNullValue()
}
@Test
@@ -143,7 +141,7 @@ class FactorsIT extends ITSupport {
@Test
void testAvailableFactorsNotEmpty() {
User user = randomUser()
- FactorList factors = user.listSupportedFactors()
+ UserFactorList factors = user.listSupportedFactors()
assertThat factors, iterableWithSize(greaterThan(1))
}
@@ -151,33 +149,33 @@ class FactorsIT extends ITSupport {
void activateTotpFactor() {
User user = randomUser()
assertThat user.listFactors(), emptyIterable()
- TotpFactor totpFactor = client.instantiate(TotpFactor)
- user.addFactor(totpFactor)
+ TotpUserFactor totpUserFactor = client.instantiate(TotpUserFactor)
+ user.enrollFactor(totpUserFactor)
- assertThat totpFactor.getStatus(), is(FactorStatus.PENDING_ACTIVATION)
- Totp totp = new Totp(totpFactor.getEmbedded().get("activation").get("sharedSecret"))
+ assertThat totpUserFactor.getStatus(), is(FactorStatus.PENDING_ACTIVATION)
+ Totp totp = new Totp(totpUserFactor.getEmbedded().get("activation").get("sharedSecret"))
- VerifyFactorRequest verifyFactorRequest = client.instantiate(VerifyFactorRequest)
- verifyFactorRequest.passCode = totp.now()
- Factor factorResult = totpFactor.activate(verifyFactorRequest)
+ ActivateFactorRequest activateFactorRequest = client.instantiate(ActivateFactorRequest)
+ activateFactorRequest.setPassCode(totp.now())
+ UserFactor factorResult = totpUserFactor.activate(activateFactorRequest)
assertThat factorResult.getStatus(), is(FactorStatus.ACTIVE)
- assertThat factorResult, instanceOf(TotpFactor)
+ assertThat factorResult, instanceOf(TotpUserFactor)
}
@Test
void verifyQuestionFactor() {
User user = randomUser()
- SecurityQuestionFactor securityQuestionFactor = client.instantiate(SecurityQuestionFactor)
- securityQuestionFactor.getProfile()
- .setQuestion("disliked_food")
- .setAnswer("pizza")
- user.addFactor(securityQuestionFactor)
+ SecurityQuestionUserFactor securityQuestionUserFactor = client.instantiate(SecurityQuestionUserFactor)
+ securityQuestionUserFactor.getProfile()
+ .setQuestion("disliked_food")
+ .setAnswer("pizza")
+ user.enrollFactor(securityQuestionUserFactor)
VerifyFactorRequest request = client.instantiate(VerifyFactorRequest)
- request.answer = "pizza"
- VerifyFactorResponse response = securityQuestionFactor.verify(request)
- assertThat response.getFactorResult(), is(FactorResultType.SUCCESS)
+ request.setAnswer("pizza")
+ VerifyUserFactorResponse response = securityQuestionUserFactor.verify(request, null, null)
+ assertThat response.getFactorResult(), is(VerifyUserFactorResponse.FactorResultEnum.SUCCESS)
}
@Test
@@ -185,9 +183,9 @@ class FactorsIT extends ITSupport {
User user = randomUser()
assertThat user.listFactors(), emptyIterable()
- TotpFactor totpFactor = client.instantiate(TotpFactor)
- totpFactor.provider = "OKTA"
- user.addFactor(totpFactor)
- totpFactor.delete()
+ TotpUserFactor totpUserFactor = client.instantiate(TotpUserFactor)
+ totpUserFactor.setProvider(FactorProvider.OKTA)
+ user.enrollFactor(totpUserFactor)
+ totpUserFactor.delete()
}
}
diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupRulesIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupRulesIT.groovy
index f227eca4c4a..e8f50919645 100644
--- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupRulesIT.groovy
+++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupRulesIT.groovy
@@ -68,7 +68,7 @@ class GroupRulesIT implements CrudTestSupport {
rule.getActions().setAssignUserToGroups(client.instantiate(GroupRuleGroupAssignment))
rule.getActions().getAssignUserToGroups().setGroupIds(Collections.singletonList(group.getId()))
- rule = client.createRule(rule)
+ rule = client.createGroupRule(rule)
registerForCleanup(rule)
return rule
@@ -76,7 +76,7 @@ class GroupRulesIT implements CrudTestSupport {
@Override
def read(Client client, String id) {
- return client.getRule(id)
+ return client.getGroupRule(id)
}
@Override
@@ -92,7 +92,7 @@ class GroupRulesIT implements CrudTestSupport {
@Override
Iterator getResourceCollectionIterator(Client client) {
- return client.listRules().iterator()
+ return client.listGroupRules().iterator()
}
@Test
@@ -139,15 +139,15 @@ class GroupRulesIT implements CrudTestSupport {
.setActions(client.instantiate(GroupRuleAction)
.setAssignUserToGroups(client.instantiate(GroupRuleGroupAssignment)
.setGroupIds(Collections.singletonList(group.getId()))))
- rule = client.createRule(rule)
+ rule = client.createGroupRule(rule)
registerForCleanup(rule)
rule.activate()
- GroupRule readRule = client.getRule(rule.getId())
+ GroupRule readRule = client.getGroupRule(rule.getId())
assertThat readRule.getStatus(), equalTo(GroupRuleStatus.ACTIVE)
// 3. List group rules
- assertPresent(client.listRules(), rule)
+ assertPresent(client.listGroupRules(), rule)
// 4. Deactivate the rule and update it
rule.deactivate()
@@ -157,7 +157,7 @@ class GroupRulesIT implements CrudTestSupport {
rule.update()
rule.activate()
- readRule = client.getRule(rule.getId())
+ readRule = client.getGroupRule(rule.getId())
assertThat readRule.getStatus(), equalTo(GroupRuleStatus.ACTIVE)
// 5. delete rule
diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy
index b0fa09e5351..7d32a9741d1 100644
--- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy
+++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/GroupsIT.groovy
@@ -98,7 +98,7 @@ class GroupsIT implements CrudTestSupport {
validateGroup(group, groupName)
// 2. Search the group by name
- assertPresent(client.listGroups(groupName, null, null), group)
+ assertPresent(client.listGroups(groupName, null), group)
}
@Test
diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy
index 0ecd0b5d13f..5ddfc5abb91 100644
--- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy
+++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/PolicyRulesIT.groovy
@@ -23,12 +23,10 @@ import com.okta.sdk.resource.policy.OktaSignOnPolicyRuleActions
import com.okta.sdk.resource.policy.OktaSignOnPolicyRuleConditions
import com.okta.sdk.resource.policy.OktaSignOnPolicyRuleSignonActions
import com.okta.sdk.resource.policy.OktaSignOnPolicyRuleSignonSessionActions
-import com.okta.sdk.resource.policy.PasswordPolicy
import com.okta.sdk.resource.policy.PasswordPolicyRule
import com.okta.sdk.resource.policy.PasswordPolicyRuleAction
import com.okta.sdk.resource.policy.PasswordPolicyRuleActions
import com.okta.sdk.resource.policy.PasswordPolicyRuleConditions
-import com.okta.sdk.resource.policy.Policy
import com.okta.sdk.resource.policy.PolicyNetworkCondition
import com.okta.sdk.resource.policy.PolicyPeopleCondition
import com.okta.sdk.resource.policy.PolicyRule
@@ -85,7 +83,7 @@ class PolicyRulesIT extends ITSupport implements CrudTestSupport {
}
@Test
- void activateDeactivateTest() {
+ void deactivateTest() {
def group = randomGroup()
def policy = randomSignOnPolicy(group.getId())
@@ -96,13 +94,10 @@ class PolicyRulesIT extends ITSupport implements CrudTestSupport {
.setActions(client.instantiate(OktaSignOnPolicyRuleActions)
.setSignon(client.instantiate(OktaSignOnPolicyRuleSignonActions)
.setAccess(OktaSignOnPolicyRuleSignonActions.AccessEnum.DENY)
- .setRequireFactor(false))), false)
+ .setRequireFactor(false))))
registerForCleanup(policyRule)
- assertThat(policyRule.getStatus(), is(PolicyRule.StatusEnum.INACTIVE))
- // activate
- policyRule.activate()
- policyRule = policy.getPolicyRule(policyRule.getId())
+ // policy rule is ACTIVE by default
assertThat(policyRule.getStatus(), is(PolicyRule.StatusEnum.ACTIVE))
// deactivate
diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy
index af8125f998e..d1c30095440 100644
--- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy
+++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/UsersIT.groovy
@@ -36,11 +36,11 @@ import com.okta.sdk.resource.user.PasswordCredential
import com.okta.sdk.resource.user.RecoveryQuestionCredential
import com.okta.sdk.resource.user.ResetPasswordToken
import com.okta.sdk.resource.user.Role
-import com.okta.sdk.resource.user.TempPassword
import com.okta.sdk.resource.user.User
import com.okta.sdk.resource.user.UserBuilder
import com.okta.sdk.resource.user.UserCredentials
import com.okta.sdk.resource.user.UserList
+import com.okta.sdk.resource.user.UserStatus
import com.okta.sdk.tests.Scenario
import com.okta.sdk.tests.it.util.ITSupport
import org.testng.Assert
@@ -328,7 +328,7 @@ class UsersIT extends ITSupport implements CrudTestSupport {
client.getUser(user.getId())
}
- @Test
+ @Test(expectedExceptions = ResourceException)
@Scenario("user-change-recovery-question")
void changeRecoveryQuestionTest() {
@@ -339,12 +339,12 @@ class UsersIT extends ITSupport implements CrudTestSupport {
// 1. Create a user with password & recovery question
User user = UserBuilder.instance()
- .setEmail(email)
- .setFirstName(firstName)
- .setLastName(lastName)
- .setPassword(password.toCharArray())
- .setActive(true)
- .buildAndCreate(client)
+ .setEmail(email)
+ .setFirstName(firstName)
+ .setLastName(lastName)
+ .setPassword(password.toCharArray())
+ .setActive(true)
+ .buildAndCreate(client)
registerForCleanup(user)
validateUser(user, firstName, lastName, email)
@@ -362,8 +362,9 @@ class UsersIT extends ITSupport implements CrudTestSupport {
// 3. Update the user password through updated recovery question
userCredentials.getPassword().value = '!2@3#Passw0rd'.toCharArray()
userCredentials.getRecoveryQuestion().answer = 'forty two'
- ForgotPasswordResponse response = user.forgotPassword(null, userCredentials)
- assertThat response.getResetPasswordUrl(), nullValue()
+
+ // below would throw HTTP 403 exception
+ user.changeRecoveryQuestion(userCredentials)
// 4. make the test recording happy, and call a get on the user
// TODO: fix har file
@@ -389,8 +390,8 @@ class UsersIT extends ITSupport implements CrudTestSupport {
registerForCleanup(user)
validateUser(user, firstName, lastName, email)
- ForgotPasswordResponse response = user.forgotPassword(false, null)
- assertThat response.getResetPasswordUrl(), containsString("/reset-password/")
+ ResetPasswordToken response = user.resetPassword(false)
+ assertThat response.getResetPasswordUrl(), containsString("/reset_password/")
}
@Test
@@ -413,9 +414,10 @@ class UsersIT extends ITSupport implements CrudTestSupport {
registerForCleanup(user)
validateUser(user, firstName, lastName, email)
- // 2. Expire the user's password with tempPassword=true
- TempPassword tempPassword = user.expirePassword(true)
- assertThat tempPassword.getTempPassword(), notNullValue()
+ // 2. Expire the user's password
+ User updatedUser = user.expirePassword()
+ assertThat updatedUser, notNullValue()
+ assertThat updatedUser.getStatus(), is(UserStatus.PASSWORD_EXPIRED)
}
@@ -440,7 +442,7 @@ class UsersIT extends ITSupport implements CrudTestSupport {
validateUser(user, firstName, lastName, email)
// 2. Get the reset password link
- ResetPasswordToken token = user.resetPassword(null, false)
+ ResetPasswordToken token = user.resetPassword(false)
assertThat token.getResetPasswordUrl(), notNullValue()
}
diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy
index 07c15d8ba54..1d4fb654ca5 100644
--- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy
+++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ClientProvider.groovy
@@ -162,7 +162,7 @@ trait ClientProvider implements IHookable {
void deleteRule(String ruleName, Client client) {
Util.ignoring(ResourceException) {
- GroupRuleList rules = client.listRules()
+ GroupRuleList rules = client.listGroupRules()
rules.each {rule ->
if (ruleName.equals(rule.name)) {
if (rule.status == GroupRuleStatus.ACTIVE) {
diff --git a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ITSupport.groovy b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ITSupport.groovy
index 129d6ae4c97..5ae2ebc6d82 100644
--- a/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ITSupport.groovy
+++ b/integration-tests/src/test/groovy/com/okta/sdk/tests/it/util/ITSupport.groovy
@@ -124,7 +124,6 @@ abstract class ITSupport implements ClientProvider {
.setGroups(client.instantiate(GroupCondition)
.setInclude([groupId]))))
.setName("policy-java-" + UUID.randomUUID().toString())
- .setStatus(Policy.StatusEnum.ACTIVE)
.setDescription("IT created Policy")
.setStatus(Policy.StatusEnum.ACTIVE))
diff --git a/pom.xml b/pom.xml
index 4d1a9ab66ea..be3bd7ec548 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
pom
Okta Java SDK
@@ -72,27 +72,27 @@
com.okta.sdk
okta-sdk-api
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
com.okta.sdk
okta-sdk-impl
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
com.okta.sdk
okta-api-swagger-templates
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
com.okta.sdk
okta-sdk-httpclient
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
com.okta.sdk
okta-sdk-okhttp
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
@@ -131,14 +131,14 @@
com.okta.sdk
okta-sdk-integration-tests
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
com.okta.sdk
okta-sdk-examples-quickstart
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
@@ -315,7 +315,7 @@
com.okta.sdk
okta-api-swagger-templates
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
@@ -330,7 +330,7 @@
com.github.siom79.japicmp
japicmp-maven-plugin
- 0.13.0
+ 0.14.3
@@ -342,7 +342,7 @@
true
- true
+ false
true
${root.dir}/src/japicmp/postAnalysisScript.groovy
diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml
index 07b2d084463..8289fae2a3a 100644
--- a/src/swagger/api.yaml
+++ b/src/swagger/api.yaml
@@ -1,5 +1,5 @@
#
-# Copyright 2017 Okta
+# Copyright 2020-Present Okta, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@ info:
license:
name: Apache-2.0
url: 'http://www.apache.org/licenses/LICENSE-2.0.html'
- version: 1.11.0
+ version: 2.0.0
externalDocs:
description: Find more info here
url: 'http://developer.okta.com/docs/api/getting_started/design_principles.html'
@@ -112,6 +112,9 @@ paths:
in: query
name: activate
type: boolean
+ - in: header
+ name: OktaAccessGateway-Agent
+ type: string
produces:
- application/json
responses:
@@ -197,6 +200,179 @@ paths:
summary: Update Application
tags:
- Application
+ '/api/v1/apps/{appId}/credentials/csrs':
+ get:
+ consumes:
+ - application/json
+ description: Enumerates CSRs for an application
+ operationId: listCsrsForApplication
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/CSR'
+ type: array
+ security:
+ - api_token: []
+ summary: List CSRs for Application
+ tags:
+ - Application
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Generates a new key pair and returns the Certificate Signing Request for
+ it.
+ operationId: generateCsrForApplication
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: body
+ name: metadata
+ required: true
+ schema:
+ $ref: '#/definitions/CSRMetadata'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ '201':
+ description: Created
+ schema:
+ $ref: '#/definitions/CSR'
+ security:
+ - api_token: []
+ summary: Generate CSR for Application
+ tags:
+ - Application
+ '/api/v1/apps/{appId}/credentials/csrs/{csrId}':
+ delete:
+ consumes:
+ - application/json
+ operationId: revokeCSRFromApplication
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: path
+ name: csrId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - Application
+ get:
+ consumes:
+ - application/json
+ operationId: getCsrForApplication
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: path
+ name: csrId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/CSR'
+ security:
+ - api_token: []
+ tags:
+ - Application
+ '/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish':
+ post:
+ consumes:
+ - application/json
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: path
+ name: csrId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '201':
+ description: Created
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ tags:
+ - Application
+ x-okta-multi-operation:
+ - consumes:
+ - application/x-x509-ca-cert
+ encoding: base64
+ operationId: publishCerCert
+ parameters:
+ - in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/x-x509-ca-cert
+ operationId: publishBinaryCerCert
+ parameters:
+ - format: binary
+ in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/pkix-cert
+ encoding: base64
+ operationId: publishDerCert
+ parameters:
+ - in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/pkix-cert
+ operationId: publishBinaryDerCert
+ parameters:
+ - format: binary
+ in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/x-pem-file
+ operationId: publishBinaryPemCert
+ parameters:
+ - format: binary
+ in: body
+ name: certificate
+ required: true
+ type: string
'/api/v1/apps/{appId}/credentials/keys':
get:
consumes:
@@ -222,13 +398,36 @@ paths:
summary: List Key Credentials for Application
tags:
- Application
+ '/api/v1/apps/{appId}/credentials/keys/generate':
+ post:
+ consumes:
+ - application/json
+ description: Generates a new X.509 certificate for an application key credential
+ operationId: generateApplicationKey
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: query
+ name: validityYears
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '201':
+ description: Created
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ tags:
+ - Application
'/api/v1/apps/{appId}/credentials/keys/{keyId}':
get:
consumes:
- application/json
- description: >-
- Gets a specific [application key
- credential](#application-key-credential-model) by `kid`
+ description: Gets a specific application key credential by kid
operationId: getApplicationKey
parameters:
- in: path
@@ -285,6 +484,111 @@ paths:
summary: Clone Application Key Credential
tags:
- Application
+ '/api/v1/apps/{appId}/grants':
+ get:
+ consumes:
+ - application/json
+ description: Lists all scope consent grants for the application
+ operationId: listScopeConsentGrants
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/OAuth2ScopeConsentGrant'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - Application
+ post:
+ consumes:
+ - application/json
+ description: Grants consent for the application to request an OAuth 2.0 Okta scope
+ operationId: grantConsentToScope
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: body
+ name: oAuth2ScopeConsentGrant
+ required: true
+ schema:
+ $ref: '#/definitions/OAuth2ScopeConsentGrant'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/OAuth2ScopeConsentGrant'
+ security:
+ - api_token: []
+ tags:
+ - Application
+ '/api/v1/apps/{appId}/grants/{grantId}':
+ delete:
+ consumes:
+ - application/json
+ description: Revokes permission for the application to request the given scope
+ operationId: revokeScopeConsentGrant
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: path
+ name: grantId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - Application
+ get:
+ consumes:
+ - application/json
+ description: Fetches a single scope consent grant for the application
+ operationId: getScopeConsentGrant
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: path
+ name: grantId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/OAuth2ScopeConsentGrant'
+ security:
+ - api_token: []
+ tags:
+ - Application
'/api/v1/apps/{appId}/groups':
get:
consumes:
@@ -453,41 +757,47 @@ paths:
summary: Deactivate Application
tags:
- Application
- '/api/v1/apps/{appId}/users':
+ '/api/v1/apps/{appId}/tokens':
+ delete:
+ consumes:
+ - application/json
+ description: Revokes all tokens for the specified application
+ operationId: revokeOAuth2TokensForApplication
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Application
get:
consumes:
- application/json
- description: >-
- Enumerates all assigned [application users](#application-user-model) for
- an application.
- operationId: listApplicationUsers
+ description: Lists all tokens for the application
+ operationId: listOAuth2TokensForApplication
parameters:
- in: path
name: appId
required: true
type: string
- in: query
- name: q
+ name: expand
type: string
- in: query
- name: query_scope
- type: string
- - description: specifies the pagination cursor for the next page of assignments
- in: query
name: after
type: string
- - default: -1
- description: specifies the number of results for a page
+ - default: 20
format: int32
in: query
name: limit
type: integer
- - in: query
- name: filter
- type: string
- - in: query
- name: expand
- type: string
produces:
- application/json
responses:
@@ -495,20 +805,120 @@ paths:
description: Success
schema:
items:
- $ref: '#/definitions/AppUser'
+ $ref: '#/definitions/OAuth2Token'
type: array
security:
- api_token: []
- summary: List Users Assigned to Application
tags:
- Application
- post:
+ '/api/v1/apps/{appId}/tokens/{tokenId}':
+ delete:
consumes:
- application/json
- description: >-
- Assigns an user to an application with
- [credentials](#application-user-credentials-object) and an app-specific
- [profile](#application-user-profile-object). Profile mappings defined
+ description: Revokes the specified token for the specified application
+ operationId: revokeOAuth2TokenForApplication
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: path
+ name: tokenId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Application
+ get:
+ consumes:
+ - application/json
+ description: Gets a token for the specified application
+ operationId: getOAuth2TokenForApplication
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: path
+ name: tokenId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/OAuth2Token'
+ security:
+ - api_token: []
+ tags:
+ - Application
+ '/api/v1/apps/{appId}/users':
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Enumerates all assigned [application users](#application-user-model) for
+ an application.
+ operationId: listApplicationUsers
+ parameters:
+ - in: path
+ name: appId
+ required: true
+ type: string
+ - in: query
+ name: q
+ type: string
+ - in: query
+ name: query_scope
+ type: string
+ - description: specifies the pagination cursor for the next page of assignments
+ in: query
+ name: after
+ type: string
+ - default: -1
+ description: specifies the number of results for a page
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ - in: query
+ name: filter
+ type: string
+ - in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/AppUser'
+ type: array
+ security:
+ - api_token: []
+ summary: List Users Assigned to Application
+ tags:
+ - Application
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Assigns an user to an application with
+ [credentials](#application-user-credentials-object) and an app-specific
+ [profile](#application-user-profile-object). Profile mappings defined
for the application are first applied before applying any profile
properties specified in the request.
operationId: assignUserToApplication
@@ -624,36 +1034,21 @@ paths:
summary: Update Application Profile for Assigned User
tags:
- Application
- /api/v1/groups:
+ /api/v1/authorizationServers:
get:
consumes:
- application/json
- description: >-
- Enumerates groups in your organization with pagination. A subset of
- groups can be returned that match a supported filter expression or
- query.
- operationId: listGroups
+ description: Success
+ operationId: listAuthorizationServers
parameters:
- - description: Searches the name property of groups for matching value
- in: query
+ - in: query
name: q
type: string
- - description: Filter expression for groups
- in: query
- name: filter
- type: string
- - description: Specifies the pagination cursor for the next page of groups
- in: query
- name: after
- type: string
- - default: -1
- description: Specifies the number of group results in a page
- format: int32
- in: query
+ - in: query
name: limit
- type: integer
+ type: string
- in: query
- name: expand
+ name: after
type: string
produces:
- application/json
@@ -662,184 +1057,168 @@ paths:
description: Success
schema:
items:
- $ref: '#/definitions/Group'
+ $ref: '#/definitions/AuthorizationServer'
type: array
security:
- api_token: []
- summary: List Groups
tags:
- - Group
+ - AuthorizationServer
post:
consumes:
- application/json
- description: Adds a new group with `OKTA_GROUP` type to your organization.
- operationId: createGroup
+ description: Success
+ operationId: createAuthorizationServer
parameters:
- in: body
- name: group
+ name: authorizationServer
required: true
schema:
- $ref: '#/definitions/Group'
+ $ref: '#/definitions/AuthorizationServer'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/Group'
+ $ref: '#/definitions/AuthorizationServer'
+ '201':
+ description: Success
security:
- api_token: []
- summary: Add Group
tags:
- - Group
- /api/v1/groups/rules:
- get:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}':
+ delete:
consumes:
- application/json
- description: Lists all group rules for your organization.
- operationId: listRules
+ description: Success
+ operationId: deleteAuthorizationServer
parameters:
- - default: -1
- description: Specifies the number of rule results in a page
- format: int32
- in: query
- name: limit
- type: integer
- - description: Specifies the pagination cursor for the next page of rules
- in: query
- name: after
- type: string
- - default: ''
- in: query
- name: expand
+ - in: path
+ name: authServerId
+ required: true
type: string
- x-okta-added-version: 1.3.0
produces:
- application/json
responses:
'200':
description: Success
- schema:
- items:
- $ref: '#/definitions/GroupRule'
- type: array
security:
- api_token: []
- summary: List Group Rules
tags:
- - Group
- post:
+ - AuthorizationServer
+ get:
consumes:
- application/json
- description: >-
- Creates a group rule to dynamically add users to the specified group if
- they match the condition
- operationId: createRule
+ description: Success
+ operationId: getAuthorizationServer
parameters:
- - in: body
- name: groupRule
+ - in: path
+ name: authServerId
required: true
- schema:
- $ref: '#/definitions/GroupRule'
+ type: string
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/GroupRule'
+ $ref: '#/definitions/AuthorizationServer'
security:
- api_token: []
- summary: Create Group Rule
tags:
- - Group
- '/api/v1/groups/rules/{ruleId}':
- delete:
+ - AuthorizationServer
+ put:
consumes:
- application/json
- description: Removes a specific group rule by id from your organization
- operationId: deleteRule
+ description: Success
+ operationId: updateAuthorizationServer
parameters:
- in: path
- name: ruleId
+ name: authServerId
required: true
type: string
- - default: false
- in: query
- name: removeUsers
- type: boolean
+ - in: body
+ name: authorizationServer
+ required: true
+ schema:
+ $ref: '#/definitions/AuthorizationServer'
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/AuthorizationServer'
security:
- api_token: []
- summary: Delete a group Rule
tags:
- - Group
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/claims':
get:
consumes:
- application/json
- description: Fetches a specific group rule by id from your organization
- operationId: getRule
+ description: Success
+ operationId: listOAuth2Claims
parameters:
- in: path
- name: ruleId
+ name: authServerId
required: true
type: string
- - default: ''
- in: query
- name: expand
- type: string
- x-okta-added-version: 1.3.0
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/GroupRule'
+ items:
+ $ref: '#/definitions/OAuth2Claim'
+ type: array
security:
- api_token: []
- summary: Get Group Rule
tags:
- - Group
- put:
+ - AuthorizationServer
+ post:
consumes:
- application/json
description: Success
- operationId: updateRule
+ operationId: createOAuth2Claim
parameters:
- in: path
- name: ruleId
+ name: authServerId
required: true
type: string
- in: body
- name: groupRule
+ name: oAuth2Claim
required: true
schema:
- $ref: '#/definitions/GroupRule'
+ $ref: '#/definitions/OAuth2Claim'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/GroupRule'
+ $ref: '#/definitions/OAuth2Claim'
+ '201':
+ description: Success
security:
- api_token: []
tags:
- - Group
- '/api/v1/groups/rules/{ruleId}/lifecycle/activate':
- post:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/claims/{claimId}':
+ delete:
consumes:
- application/json
- description: Activates a specific group rule by id from your organization
- operationId: activateRule
+ description: Success
+ operationId: deleteOAuth2Claim
parameters:
- in: path
- name: ruleId
+ name: authServerId
+ required: true
+ type: string
+ - in: path
+ name: claimId
required: true
type: string
produces:
@@ -849,18 +1228,20 @@ paths:
description: Success
security:
- api_token: []
- summary: Activate a group Rule
tags:
- - Group
- '/api/v1/groups/rules/{ruleId}/lifecycle/deactivate':
- post:
+ - AuthorizationServer
+ get:
consumes:
- application/json
- description: Deactivates a specific group rule by id from your organization
- operationId: deactivateRule
+ description: Success
+ operationId: getOAuth2Claim
parameters:
- in: path
- name: ruleId
+ name: authServerId
+ required: true
+ type: string
+ - in: path
+ name: claimId
required: true
type: string
produces:
@@ -868,114 +1249,115 @@ paths:
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/OAuth2Claim'
security:
- api_token: []
- summary: Deactivate a group Rule
tags:
- - Group
- '/api/v1/groups/{groupId}':
- delete:
+ - AuthorizationServer
+ put:
consumes:
- application/json
- description: Removes a group with `OKTA_GROUP` type from your organization.
- operationId: deleteGroup
+ description: Success
+ operationId: updateOAuth2Claim
parameters:
- in: path
- name: groupId
+ name: authServerId
+ required: true
+ type: string
+ - in: path
+ name: claimId
required: true
type: string
+ - in: body
+ name: oAuth2Claim
+ required: true
+ schema:
+ $ref: '#/definitions/OAuth2Claim'
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/OAuth2Claim'
security:
- api_token: []
- summary: Remove Group
tags:
- - Group
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/clients':
get:
consumes:
- application/json
- description: Lists all group rules for your organization.
- operationId: getGroup
+ description: Success
+ operationId: listOAuth2ClientsForAuthorizationServer
parameters:
- in: path
- name: groupId
+ name: authServerId
required: true
type: string
- - in: query
- name: expand
- type: string
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/Group'
+ items:
+ $ref: '#/definitions/OAuth2Client'
+ type: array
security:
- api_token: []
- summary: List Group Rules
tags:
- - Group
- put:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens':
+ delete:
consumes:
- application/json
- description: >-
- Updates the profile for a group with `OKTA_GROUP` type from your
- organization.
- operationId: updateGroup
+ description: Success
+ operationId: revokeRefreshTokensForAuthorizationServerAndClient
parameters:
- in: path
- name: groupId
+ name: authServerId
required: true
type: string
- - in: body
- name: group
+ - in: path
+ name: clientId
required: true
- schema:
- $ref: '#/definitions/Group'
+ type: string
produces:
- application/json
responses:
'200':
description: Success
- schema:
- $ref: '#/definitions/Group'
security:
- api_token: []
- summary: Update Group
tags:
- - Group
- '/api/v1/groups/{groupId}/users':
+ - AuthorizationServer
get:
consumes:
- application/json
- description: >-
- Enumerates all [users](/docs/api/resources/users.html#user-model) that
- are a member of a group.
- operationId: listGroupUsers
+ description: Success
+ operationId: listRefreshTokensForAuthorizationServerAndClient
parameters:
- in: path
- name: groupId
+ name: authServerId
required: true
type: string
- - description: Specifies the pagination cursor for the next page of users
- in: query
+ - in: path
+ name: clientId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ - in: query
name: after
type: string
- default: -1
- description: Specifies the number of user results in a page
format: int32
in: query
name: limit
type: integer
- - default: all
- in: query
- name: managedBy
- type: string
- x-okta-added-version: 1.3.0
produces:
- application/json
responses:
@@ -983,28 +1365,29 @@ paths:
description: Success
schema:
items:
- $ref: '#/definitions/User'
+ $ref: '#/definitions/OAuth2RefreshToken'
type: array
security:
- api_token: []
- summary: List Group Members
tags:
- - Group
- '/api/v1/groups/{groupId}/users/{userId}':
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}':
delete:
consumes:
- application/json
- description: >-
- Removes a [user](users.html#user-model) from a group with `OKTA_GROUP`
- type.
- operationId: removeGroupUser
+ description: Success
+ operationId: revokeRefreshTokenForAuthorizationServerAndClient
parameters:
- in: path
- name: groupId
+ name: authServerId
required: true
type: string
- in: path
- name: userId
+ name: clientId
+ required: true
+ type: string
+ - in: path
+ name: tokenId
required: true
type: string
produces:
@@ -1014,64 +1397,50 @@ paths:
description: Success
security:
- api_token: []
- summary: Remove User from Group
tags:
- - Group
- put:
+ - AuthorizationServer
+ get:
consumes:
- application/json
- description: 'Adds a [user](users.html#user-model) to a group with `OKTA_GROUP` type.'
- operationId: addUserToGroup
+ description: Success
+ operationId: getRefreshTokenForAuthorizationServerAndClient
parameters:
- in: path
- name: groupId
+ name: authServerId
required: true
type: string
- in: path
- name: userId
+ name: clientId
+ required: true
+ type: string
+ - in: path
+ name: tokenId
required: true
type: string
+ - in: query
+ name: expand
+ type: string
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/OAuth2RefreshToken'
security:
- api_token: []
- summary: Add User to Group
tags:
- - Group
- /api/v1/logs:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/credentials/keys':
get:
consumes:
- application/json
- description: >-
- The Okta System Log API provides read access to your organization’s
- system log. This API provides more functionality than the Events API
- operationId: getLogs
+ description: Success
+ operationId: listAuthorizationServerKeys
parameters:
- - in: query
- name: until
- type: string
- - in: query
- name: since
- type: string
- - in: query
- name: filter
- type: string
- - in: query
- name: q
- type: string
- - default: 100
- in: query
- name: limit
- type: integer
- - default: ASCENDING
- in: query
- name: sortOrder
- type: string
- - in: query
- name: after
+ - in: path
+ name: authServerId
+ required: true
type: string
produces:
- application/json
@@ -1080,39 +1449,28 @@ paths:
description: Success
schema:
items:
- $ref: '#/definitions/LogEvent'
+ $ref: '#/definitions/JsonWebKey'
type: array
security:
- api_token: []
- summary: Fetch a list of events from your Okta organization system log.
tags:
- - Log
- /api/v1/policies:
- get:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate':
+ post:
consumes:
- application/json
- description: ''
- operationId: listPolicies
+ description: Success
+ operationId: rotateAuthorizationServerKeys
parameters:
- - in: query
- name: type
+ - in: path
+ name: authServerId
required: true
type: string
- - in: query
- name: status
- type: string
- - in: query
- name: after
- type: string
- - default: -1
- format: int32
- in: query
- name: limit
- type: integer
- - default: ''
- in: query
- name: expand
- type: string
+ - in: body
+ name: use
+ required: true
+ schema:
+ $ref: '#/definitions/JwkUse'
produces:
- application/json
responses:
@@ -1120,47 +1478,41 @@ paths:
description: Success
schema:
items:
- $ref: '#/definitions/Policy'
+ $ref: '#/definitions/JsonWebKey'
type: array
security:
- api_token: []
tags:
- - Policy
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/lifecycle/activate':
post:
consumes:
- application/json
- description: ''
- operationId: createPolicy
+ description: Success
+ operationId: activateAuthorizationServer
parameters:
- - in: body
- name: policy
+ - in: path
+ name: authServerId
required: true
- schema:
- $ref: '#/definitions/Policy'
- - default: true
- in: query
- name: activate
- type: boolean
+ type: string
produces:
- application/json
responses:
'200':
description: Success
- schema:
- $ref: '#/definitions/Policy'
security:
- api_token: []
tags:
- - Policy
- '/api/v1/policies/{policyId}':
- delete:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate':
+ post:
consumes:
- application/json
- description: ''
- operationId: deletePolicy
+ description: Success
+ operationId: deactivateAuthorizationServer
parameters:
- in: path
- name: policyId
+ name: authServerId
required: true
type: string
produces:
@@ -1171,47 +1523,46 @@ paths:
security:
- api_token: []
tags:
- - Policy
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/policies':
get:
consumes:
- application/json
- description: ''
- operationId: getPolicy
+ description: Success
+ operationId: listAuthorizationServerPolicies
parameters:
- in: path
- name: policyId
+ name: authServerId
required: true
type: string
- - default: ''
- in: query
- name: expand
- type: string
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/Policy'
+ items:
+ $ref: '#/definitions/Policy'
+ type: array
security:
- api_token: []
tags:
- - Policy
- put:
+ - AuthorizationServer
+ post:
consumes:
- application/json
- description: ''
- operationId: updatePolicy
+ description: Success
+ operationId: createAuthorizationServerPolicy
parameters:
+ - in: path
+ name: authServerId
+ required: true
+ type: string
- in: body
name: policy
required: true
schema:
$ref: '#/definitions/Policy'
- - in: path
- name: policyId
- required: true
- type: string
produces:
- application/json
responses:
@@ -1219,37 +1570,23 @@ paths:
description: Success
schema:
$ref: '#/definitions/Policy'
+ '201':
+ description: Success
security:
- api_token: []
tags:
- - Policy
- '/api/v1/policies/{policyId}/lifecycle/activate':
- post:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/policies/{policyId}':
+ delete:
consumes:
- application/json
- description: ''
- operationId: activatePolicy
+ description: Success
+ operationId: deleteAuthorizationServerPolicy
parameters:
- in: path
- name: policyId
+ name: authServerId
required: true
type: string
- produces:
- - application/json
- responses:
- '200':
- description: Success
- security:
- - api_token: []
- tags:
- - Policy
- '/api/v1/policies/{policyId}/lifecycle/deactivate':
- post:
- consumes:
- - application/json
- description: ''
- operationId: deactivatePolicy
- parameters:
- in: path
name: policyId
required: true
@@ -1262,14 +1599,17 @@ paths:
security:
- api_token: []
tags:
- - Policy
- '/api/v1/policies/{policyId}/rules':
+ - AuthorizationServer
get:
consumes:
- application/json
- description: ''
- operationId: listPolicyRules
+ description: Success
+ operationId: getAuthorizationServerPolicy
parameters:
+ - in: path
+ name: authServerId
+ required: true
+ type: string
- in: path
name: policyId
required: true
@@ -1280,135 +1620,143 @@ paths:
'200':
description: Success
schema:
- items:
- $ref: '#/definitions/PolicyRule'
- type: array
+ $ref: '#/definitions/Policy'
security:
- api_token: []
tags:
- - Policy
- post:
+ - AuthorizationServer
+ put:
consumes:
- application/json
- description: ''
- operationId: addPolicyRule
+ description: Success
+ operationId: updateAuthorizationServerPolicy
parameters:
+ - in: path
+ name: authServerId
+ required: true
+ type: string
- in: path
name: policyId
required: true
type: string
- in: body
- name: policyRule
+ name: policy
required: true
schema:
- $ref: '#/definitions/PolicyRule'
- - default: true
- in: query
- name: activate
- type: boolean
+ $ref: '#/definitions/Policy'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/PolicyRule'
+ $ref: '#/definitions/Policy'
security:
- api_token: []
tags:
- - Policy
- '/api/v1/policies/{policyId}/rules/{ruleId}':
- delete:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/scopes':
+ get:
consumes:
- application/json
- description: ''
- operationId: deletePolicyRule
+ description: Success
+ operationId: listOAuth2Scopes
parameters:
- in: path
- name: policyId
- required: true
- type: string
- - in: path
- name: ruleId
+ name: authServerId
required: true
type: string
+ - in: query
+ name: q
+ type: string
+ - in: query
+ name: filter
+ type: string
+ - in: query
+ name: cursor
+ type: string
+ - default: -1
+ format: int32
+ in: query
+ name: limit
+ type: integer
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ items:
+ $ref: '#/definitions/OAuth2Scope'
+ type: array
security:
- api_token: []
tags:
- - Policy
- get:
+ - AuthorizationServer
+ post:
consumes:
- application/json
- description: ''
- operationId: getPolicyRule
+ description: Success
+ operationId: createOAuth2Scope
parameters:
- in: path
- name: policyId
+ name: authServerId
required: true
type: string
- - in: path
- name: ruleId
+ - in: body
+ name: oAuth2Scope
required: true
- type: string
+ schema:
+ $ref: '#/definitions/OAuth2Scope'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/PolicyRule'
+ $ref: '#/definitions/OAuth2Scope'
+ '201':
+ description: Success
security:
- api_token: []
tags:
- - Policy
- put:
+ - AuthorizationServer
+ '/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}':
+ delete:
consumes:
- application/json
- description: ''
- operationId: updatePolicyRule
+ description: Success
+ operationId: deleteOAuth2Scope
parameters:
- in: path
- name: policyId
+ name: authServerId
required: true
type: string
- in: path
- name: ruleId
+ name: scopeId
required: true
type: string
- - in: body
- name: policyRule
- required: true
- schema:
- $ref: '#/definitions/PolicyRule'
produces:
- application/json
responses:
'200':
description: Success
- schema:
- $ref: '#/definitions/PolicyRule'
security:
- api_token: []
tags:
- - Policy
- '/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate':
- post:
+ - AuthorizationServer
+ get:
consumes:
- application/json
- description: ''
- operationId: activatePolicyRule
+ description: Success
+ operationId: getOAuth2Scope
parameters:
- in: path
- name: policyId
+ name: authServerId
required: true
type: string
- in: path
- name: ruleId
+ name: scopeId
required: true
type: string
produces:
@@ -1416,71 +1764,93 @@ paths:
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/OAuth2Scope'
security:
- api_token: []
tags:
- - Policy
- '/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate':
- post:
+ - AuthorizationServer
+ put:
consumes:
- application/json
- description: ''
- operationId: deactivatePolicyRule
+ description: Success
+ operationId: updateOAuth2Scope
parameters:
- in: path
- name: policyId
+ name: authServerId
required: true
type: string
- in: path
- name: ruleId
+ name: scopeId
required: true
type: string
+ - in: body
+ name: oAuth2Scope
+ required: true
+ schema:
+ $ref: '#/definitions/OAuth2Scope'
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/OAuth2Scope'
security:
- api_token: []
tags:
- - Policy
- /api/v1/sessions:
+ - AuthorizationServer
+ /api/v1/eventHooks:
+ get:
+ consumes:
+ - application/json
+ description: Success
+ operationId: listEventHooks
+ parameters: []
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/EventHook'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - EventHook
post:
consumes:
- application/json
- description: >-
- Creates a new session for a user with a valid session token. Use this
- API if, for example, you want to set the session cookie yourself instead
- of allowing Okta to set it, or want to hold the session ID in order to
- delete a session via the API instead of visiting the logout URL.
- operationId: createSession
+ description: Success
+ operationId: createEventHook
parameters:
- in: body
- name: createSessionRequest
+ name: eventHook
required: true
schema:
- $ref: '#/definitions/CreateSessionRequest'
+ $ref: '#/definitions/EventHook'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/Session'
+ $ref: '#/definitions/EventHook'
security:
- api_token: []
- summary: Create Session with Session Token
tags:
- - Session
- '/api/v1/sessions/{sessionId}':
+ - EventHook
+ '/api/v1/eventHooks/{eventHookId}':
delete:
consumes:
- application/json
- description: ''
- operationId: endSession
+ description: Success
+ operationId: deleteEventHook
parameters:
- in: path
- name: sessionId
+ name: eventHookId
required: true
type: string
produces:
@@ -1490,17 +1860,16 @@ paths:
description: Success
security:
- api_token: []
- summary: Close Session
tags:
- - Session
+ - EventHook
get:
consumes:
- application/json
- description: Get details about a session.
- operationId: getSession
+ description: Success
+ operationId: getEventHook
parameters:
- in: path
- name: sessionId
+ name: eventHookId
required: true
type: string
produces:
@@ -1509,73 +1878,47 @@ paths:
'200':
description: Success
schema:
- $ref: '#/definitions/Session'
+ $ref: '#/definitions/EventHook'
security:
- api_token: []
tags:
- - Session
- '/api/v1/sessions/{sessionId}/lifecycle/refresh':
- post:
+ - EventHook
+ put:
consumes:
- application/json
- description: ''
- operationId: refreshSession
+ description: Success
+ operationId: updateEventHook
parameters:
- in: path
- name: sessionId
+ name: eventHookId
required: true
type: string
+ - in: body
+ name: eventHook
+ required: true
+ schema:
+ $ref: '#/definitions/EventHook'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/Session'
+ $ref: '#/definitions/EventHook'
security:
- api_token: []
- summary: Refresh Session
tags:
- - Session
- /api/v1/users:
- get:
+ - EventHook
+ '/api/v1/eventHooks/{eventHookId}/lifecycle/activate':
+ post:
consumes:
- application/json
- description: >-
- Lists users in your organization with pagination in most cases. A
- subset of users can be returned that match a supported filter expression
- or search criteria.
- operationId: listUsers
+ description: Success
+ operationId: activateEventHook
parameters:
- - description: 'Finds a user that matches firstName, lastName, and email properties'
- in: query
- name: q
- type: string
- - description: Specifies the pagination cursor for the next page of users
- in: query
- name: after
- type: string
- - default: -1
- description: Specifies the number of results returned
- format: int32
- in: query
- name: limit
- type: integer
- - description: Filters users with a supported expression for a subset of properties
- in: query
- name: filter
- type: string
- - in: query
- name: format
- type: string
- - description: >-
- Searches for users with a supported filtering expression for most
- properties
- in: query
- name: search
- type: string
- - in: query
- name: expand
+ - in: path
+ name: eventHookId
+ required: true
type: string
produces:
- application/json
@@ -1583,162 +1926,108 @@ paths:
'200':
description: Success
schema:
- items:
- $ref: '#/definitions/User'
- type: array
+ $ref: '#/definitions/EventHook'
security:
- api_token: []
- summary: List Users
tags:
- - User
+ - EventHook
+ '/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate':
post:
consumes:
- application/json
- description: >-
- Creates a new user in your Okta organization with or without
- credentials.
- operationId: createUser
+ description: Success
+ operationId: deactivateEventHook
parameters:
- - in: body
- name: body
+ - in: path
+ name: eventHookId
required: true
- schema:
- $ref: '#/definitions/User'
- - default: true
- description: Executes activation lifecycle operation when creating the user
- in: query
- name: activate
- type: boolean
- - default: false
- description: >-
- Indicates whether to create a user with a specified authentication
- provider
- in: query
- name: provider
- type: boolean
- - default: ''
- description: >-
- With activate=true, set nextLogin to "changePassword" to have the
- password be EXPIRED, so user must change it the next time they log
- in.
- in: query
- name: nextLogin
type: string
- x-okta-added-version: 0.14.0
- x-openapi-v3-schema-ref: '#/definitions/UserNextLogin'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/User'
+ $ref: '#/definitions/EventHook'
security:
- api_token: []
- summary: Create User
tags:
- - User
- '/api/v1/users/{userId}':
- delete:
+ - EventHook
+ '/api/v1/eventHooks/{eventHookId}/lifecycle/verify':
+ post:
consumes:
- application/json
- description: >-
- Deletes a user permanently. This operation can only be performed on
- users that have a `DEPROVISIONED` status. **This action cannot be
- recovered!**
- operationId: deactivateOrDeleteUser
+ description: Success
+ operationId: verifyEventHook
parameters:
- in: path
- name: userId
+ name: eventHookId
required: true
type: string
- - default: false
- in: query
- name: sendEmail
- type: boolean
- x-okta-added-version: 1.5.0
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/EventHook'
security:
- api_token: []
- summary: Delete User
tags:
- - User
+ - EventHook
+ /api/v1/features:
get:
consumes:
- application/json
- description: Fetches a user from your Okta organization.
- operationId: getUser
- parameters:
- - in: path
- name: userId
- required: true
- type: string
+ description: Success
+ operationId: listFeatures
+ parameters: []
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/User'
+ items:
+ $ref: '#/definitions/Feature'
+ type: array
security:
- api_token: []
- summary: Get User
tags:
- - User
- put:
+ - Feature
+ '/api/v1/features/{featureId}':
+ get:
consumes:
- application/json
- description: >-
- Update a user's profile and/or credentials using strict-update
- semantics.
- operationId: updateUser
+ description: Success
+ operationId: getFeature
parameters:
- - in: body
- name: user
- required: true
- schema:
- $ref: '#/definitions/User'
- in: path
- name: userId
+ name: featureId
required: true
type: string
- - in: query
- name: strict
- type: boolean
- x-okta-added-version: 1.10.0
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/User'
+ $ref: '#/definitions/Feature'
security:
- api_token: []
- summary: Update User
tags:
- - User
- '/api/v1/users/{userId}/appLinks':
+ - Feature
+ '/api/v1/features/{featureId}/dependencies':
get:
consumes:
- application/json
- description: >-
- Fetches appLinks for all direct or indirect (via group membership)
- assigned applications.
- operationId: listAppLinks
+ description: Success
+ operationId: listFeatureDependencies
parameters:
- in: path
- name: userId
+ name: featureId
required: true
type: string
- - default: false
- in: query
- name: showAll
- type: boolean
produces:
- application/json
responses:
@@ -1746,175 +2035,155 @@ paths:
description: Success
schema:
items:
- $ref: '#/definitions/AppLink'
+ $ref: '#/definitions/Feature'
type: array
security:
- api_token: []
- summary: Get Assigned App Links
tags:
- - User
- '/api/v1/users/{userId}/credentials/change_password':
- post:
+ - Feature
+ '/api/v1/features/{featureId}/dependents':
+ get:
consumes:
- application/json
- description: >-
- Changes a user's password by validating the user's current password.
- This operation can only be performed on users in `STAGED`, `ACTIVE`,
- `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid [password
- credential](#password-object)
- operationId: changePassword
+ description: Success
+ operationId: listFeatureDependents
parameters:
- - in: body
- name: changePasswordRequest
- required: true
- schema:
- $ref: '#/definitions/ChangePasswordRequest'
- in: path
- name: userId
+ name: featureId
required: true
type: string
- - in: query
- name: strict
- type: boolean
- x-okta-added-version: 1.10.0
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/UserCredentials'
+ items:
+ $ref: '#/definitions/Feature'
+ type: array
security:
- api_token: []
- summary: Change Password
tags:
- - User
- '/api/v1/users/{userId}/credentials/change_recovery_question':
+ - Feature
+ '/api/v1/features/{featureId}/{lifecycle}':
post:
consumes:
- application/json
- description: >-
- Changes a user's recovery question & answer credential by validating the
- user's current password. This operation can only be performed on users
- in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid
- [password credential](#password-object)
- operationId: changeRecoveryQuestion
+ description: Success
+ operationId: updateFeatureLifecycle
parameters:
- - in: body
- name: userCredentials
+ - in: path
+ name: featureId
required: true
- schema:
- $ref: '#/definitions/UserCredentials'
+ type: string
- in: path
- name: userId
+ name: lifecycle
required: true
type: string
+ - in: query
+ name: mode
+ type: string
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/UserCredentials'
+ $ref: '#/definitions/Feature'
security:
- api_token: []
- summary: Change Recovery Question
tags:
- - User
- '/api/v1/users/{userId}/credentials/forgot_password':
- post:
+ - Feature
+ /api/v1/groups:
+ get:
consumes:
- application/json
description: >-
- Generates a one-time token (OTT) that can be used to reset a user's
- password. The user will be required to validate their security
- question's answer when visiting the reset link. This operation can only
- be performed on users with a valid [recovery question
- credential](#recovery-question-object) and have an `ACTIVE` status.
- operationId: forgotPassword
+ Enumerates groups in your organization with pagination. A subset of
+ groups can be returned that match a supported filter expression or
+ query.
+ operationId: listGroups
parameters:
- - in: body
- name: userCredentials
- schema:
- $ref: '#/definitions/UserCredentials'
- - in: path
- name: userId
- required: true
+ - description: Searches the name property of groups for matching value
+ in: query
+ name: q
type: string
- - default: true
+ - description: Filter expression for groups
in: query
- name: sendEmail
- type: boolean
+ name: filter
+ type: string
+ - description: Specifies the pagination cursor for the next page of groups
+ in: query
+ name: after
+ type: string
+ - default: 10000
+ description: Specifies the number of group results in a page
+ format: int32
+ in: query
+ name: limit
+ type: integer
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/ForgotPasswordResponse'
+ items:
+ $ref: '#/definitions/Group'
+ type: array
security:
- api_token: []
- summary: Forgot Password
+ summary: List Groups
tags:
- - User
- '/api/v1/users/{userId}/factors':
- get:
+ - Group
+ post:
consumes:
- application/json
- description: Enumerates all the enrolled factors for the specified user
- operationId: listFactors
+ description: Adds a new group with `OKTA_GROUP` type to your organization.
+ operationId: createGroup
parameters:
- - in: path
- name: userId
+ - in: body
+ name: group
required: true
- type: string
+ schema:
+ $ref: '#/definitions/Group'
produces:
- application/json
responses:
'200':
description: Success
schema:
- items:
- $ref: '#/definitions/Factor'
- type: array
+ $ref: '#/definitions/Group'
security:
- api_token: []
+ summary: Add Group
tags:
- - UserFactor
- post:
+ - Group
+ /api/v1/groups/rules:
+ get:
consumes:
- application/json
- description: 'Enrolls a user with a supported [factor](#list-factors-to-enroll)'
- operationId: addFactor
+ description: Lists all group rules for your organization.
+ operationId: listGroupRules
parameters:
- - in: path
- name: userId
- required: true
- type: string
- - description: Factor
- in: body
- name: body
- required: true
- schema:
- $ref: '#/definitions/Factor'
- - default: false
+ - default: 50
+ description: Specifies the number of rule results in a page
+ format: int32
in: query
- name: updatePhone
- type: boolean
- - description: id of SMS template (only for SMS factor)
+ name: limit
+ type: integer
+ - description: Specifies the pagination cursor for the next page of rules
in: query
- name: templateId
+ name: after
type: string
- - default: 300
- format: int32
+ - description: Specifies the keyword to search fules for
in: query
- name: tokenLifetimeSeconds
- type: integer
- x-okta-added-version: 1.3.0
- - default: false
+ name: search
+ type: string
+ - description: 'If specified as `groupIdToGroupNameMap`, then show group names'
in: query
- name: activate
- type: boolean
+ name: expand
+ type: string
x-okta-added-version: 1.3.0
produces:
- application/json
@@ -1922,401 +2191,331 @@ paths:
'200':
description: Success
schema:
- $ref: '#/definitions/Factor'
+ items:
+ $ref: '#/definitions/GroupRule'
+ type: array
security:
- api_token: []
- summary: Enroll Factor
+ summary: List Group Rules
tags:
- - UserFactor
- '/api/v1/users/{userId}/factors/catalog':
- get:
+ - Group
+ post:
consumes:
- application/json
description: >-
- Enumerates all the [supported factors](#supported-factors-for-providers)
- that can be enrolled for the specified user
- operationId: listSupportedFactors
+ Creates a group rule to dynamically add users to the specified group if
+ they match the condition
+ operationId: createGroupRule
parameters:
- - in: path
- name: userId
+ - in: body
+ name: groupRule
required: true
- type: string
+ schema:
+ $ref: '#/definitions/GroupRule'
produces:
- application/json
responses:
'200':
description: Success
schema:
- items:
- $ref: '#/definitions/Factor'
- type: array
+ $ref: '#/definitions/GroupRule'
security:
- api_token: []
+ summary: Create Group Rule
tags:
- - UserFactor
- '/api/v1/users/{userId}/factors/questions':
- get:
+ - Group
+ '/api/v1/groups/rules/{ruleId}':
+ delete:
consumes:
- application/json
- description: >-
- Enumerates all available security questions for a user's `question`
- factor
- operationId: listSupportedSecurityQuestions
+ description: Removes a specific group rule by id from your organization
+ operationId: deleteGroupRule
parameters:
- in: path
- name: userId
+ name: ruleId
required: true
type: string
produces:
- application/json
responses:
- '200':
- description: Success
- schema:
- items:
- $ref: '#/definitions/SecurityQuestion'
- type: array
+ '202':
+ description: Accepted
security:
- api_token: []
+ summary: Delete a group Rule
tags:
- - UserFactor
- '/api/v1/users/{userId}/factors/{factorId}':
- delete:
+ - Group
+ get:
consumes:
- application/json
- description: >-
- Unenrolls an existing factor for the specified user, allowing the user
- to enroll a new factor.
- operationId: deleteFactor
+ description: Fetches a specific group rule by id from your organization
+ operationId: getGroupRule
parameters:
- in: path
- name: userId
+ name: ruleId
required: true
type: string
- - in: path
- name: factorId
- required: true
+ - in: query
+ name: expand
type: string
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/GroupRule'
security:
- api_token: []
+ summary: Get Group Rule
tags:
- - UserFactor
- get:
+ - Group
+ put:
consumes:
- application/json
- description: Fetches a factor for the specified user
- operationId: getFactor
+ description: Updates a group rule. Only `INACTIVE` rules can be updated.
+ operationId: updateGroupRule
parameters:
- in: path
- name: userId
+ name: ruleId
required: true
type: string
- - in: path
- name: factorId
+ - in: body
+ name: groupRule
required: true
- type: string
+ schema:
+ $ref: '#/definitions/GroupRule'
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/Factor'
+ $ref: '#/definitions/GroupRule'
security:
- api_token: []
tags:
- - UserFactor
- '/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate':
+ - Group
+ '/api/v1/groups/rules/{ruleId}/lifecycle/activate':
post:
consumes:
- application/json
- description: >-
- The `sms` and `token:software:totp` [factor types](#factor-type) require
- activation to complete the enrollment process.
- operationId: activateFactor
+ description: Activates a specific group rule by id from your organization
+ operationId: activateGroupRule
parameters:
- in: path
- name: userId
- required: true
- type: string
- - in: path
- name: factorId
+ name: ruleId
required: true
type: string
- - in: body
- name: body
- required: true
- schema:
- $ref: '#/definitions/VerifyFactorRequest'
produces:
- application/json
responses:
- '200':
- description: Success
- schema:
- $ref: '#/definitions/Factor'
- type: object
+ '204':
+ description: No Content
security:
- api_token: []
- summary: Activate Factor
+ summary: Activate a group Rule
tags:
- - UserFactor
- '/api/v1/users/{userId}/factors/{factorId}/verify':
+ - Group
+ '/api/v1/groups/rules/{ruleId}/lifecycle/deactivate':
post:
consumes:
- application/json
- description: 'Verifies an OTP for a `token` or `token:hardware` factor'
- operationId: verifyFactor
+ description: Deactivates a specific group rule by id from your organization
+ operationId: deactivateGroupRule
parameters:
- in: path
- name: userId
- required: true
- type: string
- - in: path
- name: factorId
- required: true
- type: string
- - in: query
- name: templateId
- type: string
- - default: 300
- format: int32
- in: query
- name: tokenLifetimeSeconds
- type: integer
- x-okta-added-version: 1.3.0
- - in: body
- name: body
+ name: ruleId
required: true
- schema:
- $ref: '#/definitions/VerifyFactorRequest'
- - in: header
- name: X-Forwarded-For
- type: string
- x-okta-added-version: 1.11.0
- - in: header
- name: User-Agent
type: string
- x-okta-added-version: 1.11.0
produces:
- application/json
responses:
- '200':
- description: Success
- schema:
- $ref: '#/definitions/VerifyFactorResponse'
+ '204':
+ description: No Content
security:
- api_token: []
- summary: Verify MFA Factor
+ summary: Deactivate a group Rule
tags:
- - UserFactor
- '/api/v1/users/{userId}/groups':
- get:
+ - Group
+ '/api/v1/groups/{groupId}':
+ delete:
consumes:
- application/json
- description: Fetches the groups of which the user is a member.
- operationId: listUserGroups
+ description: Removes a group with `OKTA_GROUP` type from your organization.
+ operationId: deleteGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- - in: query
- name: after
- type: string
- - default: -1
- format: int32
- in: query
- name: limit
- type: integer
produces:
- application/json
responses:
- '200':
- description: Success
- schema:
- items:
- $ref: '#/definitions/Group'
- type: array
+ '204':
+ description: No Content
security:
- api_token: []
- summary: Get Member Groups
+ summary: Remove Group
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/activate':
- post:
+ - Group
+ get:
consumes:
- application/json
- description: >-
- Activates a user. This operation can only be performed on users with a
- `STAGED` status. Activation of a user is an asynchronous operation.
- The user will have the `transitioningToStatus` property with a value of
- `ACTIVE` during activation to indicate that the user hasn't completed
- the asynchronous operation. The user will have a status of `ACTIVE`
- when the activation process is complete.
- operationId: activateUser
+ description: Lists all group rules for your organization.
+ operationId: getGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- - default: true
- description: Sends an activation email to the user if true
- in: query
- name: sendEmail
- required: true
- type: boolean
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/UserActivationToken'
+ $ref: '#/definitions/Group'
security:
- api_token: []
- summary: Activate User
+ summary: List Group Rules
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/deactivate':
- post:
+ - Group
+ put:
consumes:
- application/json
description: >-
- Deactivates a user. This operation can only be performed on users that
- do not have a `DEPROVISIONED` status. Deactivation of a user is an
- asynchronous operation. The user will have the `transitioningToStatus`
- property with a value of `DEPROVISIONED` during deactivation to indicate
- that the user hasn't completed the asynchronous operation. The user
- will have a status of `DEPROVISIONED` when the deactivation process is
- complete.
- operationId: deactivateUser
+ Updates the profile for a group with `OKTA_GROUP` type from your
+ organization.
+ operationId: updateGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- - default: false
- in: query
- name: sendEmail
- type: boolean
- x-okta-added-version: 1.5.0
+ - in: body
+ name: group
+ required: true
+ schema:
+ $ref: '#/definitions/Group'
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/Group'
security:
- api_token: []
- summary: Deactivate User
+ summary: Update Group
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/expire_password':
- post:
+ - Group
+ '/api/v1/groups/{groupId}/apps':
+ get:
consumes:
- application/json
- description: >-
- This operation transitions the user to the status of `PASSWORD_EXPIRED`
- so that the user is required to change their password at their next
- login.
- operationId: expirePassword
+ description: Enumerates all applications that are assigned to a group.
+ operationId: listAssignedApplicationsForGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- - default: false
- description: 'Sets the user''s password to a temporary password, if true'
+ - description: Specifies the pagination cursor for the next page of apps
in: query
- name: tempPassword
- type: boolean
+ name: after
+ type: string
+ - default: 20
+ description: Specifies the number of app results for a page
+ format: int32
+ in: query
+ name: limit
+ type: integer
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/TempPassword'
+ items:
+ $ref: '#/definitions/Application'
+ type: array
security:
- api_token: []
- summary: Expire Password
+ summary: List Assigned Applications
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/reset_factors':
- post:
+ - Group
+ '/api/v1/groups/{groupId}/roles':
+ get:
consumes:
- application/json
- description: >-
- This operation resets all factors for the specified user. All MFA factor
- enrollments returned to the unenrolled state. The user's status remains
- ACTIVE. This link is present only if the user is currently enrolled in
- one or more MFA factors.
- operationId: resetAllFactors
+ description: Success
+ operationId: listGroupAssignedRoles
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
+ - in: query
+ name: expand
+ type: string
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ items:
+ $ref: '#/definitions/Role'
+ type: array
security:
- api_token: []
- summary: Reset Factors
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/reset_password':
+ - Group
post:
consumes:
- application/json
- description: >-
- Generates a one-time token (OTT) that can be used to reset a user's
- password. The OTT link can be automatically emailed to the user or
- returned to the API caller and distributed using a custom flow.
- operationId: resetPassword
+ description: Assigns a Role to a Group
+ operationId: assignRoleToGroup
parameters:
+ - in: body
+ name: assignRoleRequest
+ required: true
+ schema:
+ $ref: '#/definitions/AssignRoleRequest'
- in: path
- name: userId
+ name: groupId
required: true
type: string
- in: query
- name: provider
+ name: disableNotifications
type: string
- x-openapi-v3-schema-ref: '#/definitions/AuthenticationProviderType'
- - in: query
- name: sendEmail
- type: boolean
produces:
- application/json
responses:
'200':
description: Success
schema:
- $ref: '#/definitions/ResetPasswordToken'
+ $ref: '#/definitions/Role'
+ '201':
+ description: Success
security:
- api_token: []
- summary: Reset Password
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/suspend':
- post:
+ - Group
+ '/api/v1/groups/{groupId}/roles/{roleId}':
+ delete:
consumes:
- application/json
- description: >-
- Suspends a user. This operation can only be performed on users with an
- `ACTIVE` status. The user will have a status of `SUSPENDED` when the
- process is complete.
- operationId: suspendUser
+ description: Unassigns a Role from a Group
+ operationId: removeRoleFromGroup
parameters:
- in: path
- name: userId
+ name: groupId
+ required: true
+ type: string
+ - in: path
+ name: roleId
required: true
type: string
produces:
@@ -2326,20 +2525,20 @@ paths:
description: Success
security:
- api_token: []
- summary: Suspend User
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/unlock':
- post:
+ - Group
+ get:
consumes:
- application/json
- description: >-
- Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE`
- status. Users will be able to login with their current password.
- operationId: unlockUser
+ description: Success
+ operationId: getRole
parameters:
- in: path
- name: userId
+ name: groupId
+ required: true
+ type: string
+ - in: path
+ name: roleId
required: true
type: string
produces:
@@ -2347,120 +2546,181 @@ paths:
responses:
'200':
description: Success
+ schema:
+ $ref: '#/definitions/Role'
security:
- api_token: []
- summary: Unlock User
tags:
- - User
- '/api/v1/users/{userId}/lifecycle/unsuspend':
- post:
+ - Group
+ '/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps':
+ get:
consumes:
- application/json
description: >-
- Unsuspends a user and returns them to the `ACTIVE` state. This
- operation can only be performed on users that have a `SUSPENDED` status.
- operationId: unsuspendUser
+ Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This
+ methods return list may include full Applications or Instances. The
+ response for an instance will have an `ID` value, while Application will
+ not have an ID.
+ operationId: listApplicationTargetsForApplicationAdministratorRoleForGroup
parameters:
- in: path
- name: userId
+ name: groupId
+ required: true
+ type: string
+ - in: path
+ name: roleId
required: true
type: string
+ - in: query
+ name: after
+ type: string
+ - default: 20
+ format: int32
+ in: query
+ name: limit
+ type: integer
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ items:
+ $ref: '#/definitions/Application'
+ type: array
security:
- api_token: []
- summary: Unsuspend User
tags:
- - User
- '/api/v1/users/{userId}/roles':
- get:
+ - Group
+ '/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}':
+ delete:
consumes:
- application/json
- description: Lists all roles assigned to a user.
- operationId: listAssignedRoles
+ description: Success
+ operationId: removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- - in: query
- name: expand
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: appName
+ required: true
type: string
produces:
- application/json
responses:
'200':
description: Success
- schema:
- items:
- $ref: '#/definitions/Role'
- type: array
security:
- api_token: []
tags:
- - User
- post:
+ - Group
+ put:
consumes:
- application/json
- description: Assigns a role to a user.
- operationId: addRoleToUser
+ description: Success
+ operationId: addApplicationTargetToAdminRoleGivenToGroup
parameters:
- - in: body
- name: role
+ - in: path
+ name: groupId
required: true
- schema:
- $ref: '#/definitions/Role'
+ type: string
- in: path
- name: userId
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: appName
required: true
type: string
produces:
- application/json
responses:
- '201':
+ '200':
description: Success
- schema:
- $ref: '#/definitions/Role'
security:
- api_token: []
tags:
- - User
- '/api/v1/users/{userId}/roles/{roleId}':
+ - Group
+ '/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}':
delete:
consumes:
- application/json
- description: Unassigns a role from a user.
- operationId: removeRoleFromUser
+ description: Remove App Instance Target to App Administrator Role given to a Group
+ operationId: removeApplicationTargetFromAdministratorRoleGivenToGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- in: path
name: roleId
required: true
type: string
+ - in: path
+ name: appName
+ required: true
+ type: string
+ - in: path
+ name: applicationId
+ required: true
+ type: string
produces:
- application/json
responses:
- '200':
- description: Success
+ '204':
+ description: No Content
security:
- api_token: []
+ summary: Remove App Instance Target to App Administrator Role given to a Group
tags:
- - User
- '/api/v1/users/{userId}/roles/{roleId}/targets/groups':
+ - Group
+ put:
+ consumes:
+ - application/json
+ description: Add App Instance Target to App Administrator Role given to a Group
+ operationId: addApplicationInstanceTargetToAppAdminRoleGivenToGroup
+ parameters:
+ - in: path
+ name: groupId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: appName
+ required: true
+ type: string
+ - in: path
+ name: applicationId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ summary: Add App Instance Target to App Administrator Role given to a Group
+ tags:
+ - Group
+ '/api/v1/groups/{groupId}/roles/{roleId}/targets/groups':
get:
consumes:
- application/json
description: Success
- operationId: listGroupTargetsForRole
+ operationId: listGroupTargetsForGroupRole
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- in: path
@@ -2470,7 +2730,7 @@ paths:
- in: query
name: after
type: string
- - default: -1
+ - default: 20
format: int32
in: query
name: limit
@@ -2487,16 +2747,16 @@ paths:
security:
- api_token: []
tags:
- - User
- '/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}':
+ - Group
+ '/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}':
delete:
consumes:
- application/json
- description: Success
- operationId: removeGroupTargetFromRole
+ description: ''
+ operationId: removeGroupTargetFromGroupAdministratorRoleGivenToGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- in: path
@@ -2504,410 +2764,5223 @@ paths:
required: true
type: string
- in: path
- name: groupId
+ name: targetGroupId
required: true
type: string
produces:
- application/json
responses:
- '200':
- description: Success
+ '204':
+ description: No Content
security:
- api_token: []
tags:
- - User
+ - Group
put:
consumes:
- application/json
- description: Success
- operationId: addGroupTargetToRole
+ description: ''
+ operationId: addGroupTargetToGroupAdministratorRoleForGroup
parameters:
- in: path
- name: userId
+ name: groupId
required: true
type: string
- in: path
name: roleId
required: true
type: string
+ - in: path
+ name: targetGroupId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - Group
+ '/api/v1/groups/{groupId}/users':
+ get:
+ consumes:
+ - application/json
+ description: Enumerates all users that are a member of a group.
+ operationId: listGroupUsers
+ parameters:
- in: path
name: groupId
required: true
type: string
+ - description: Specifies the pagination cursor for the next page of users
+ in: query
+ name: after
+ type: string
+ - default: 1000
+ description: Specifies the number of user results in a page
+ format: int32
+ in: query
+ name: limit
+ type: integer
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ items:
+ $ref: '#/definitions/User'
+ type: array
security:
- api_token: []
+ summary: List Group Members
tags:
- - User
- '/api/v1/users/{userId}/sessions':
+ - Group
+ '/api/v1/groups/{groupId}/users/{userId}':
delete:
consumes:
- application/json
- description: >-
- Removes all active identity provider sessions. This forces the user to
- authenticate on the next operation. Optionally revokes OpenID Connect
- and OAuth refresh and access tokens issued to the user.
- operationId: endAllUserSessions
+ description: Removes a user from a group with 'OKTA_GROUP' type.
+ operationId: removeUserFromGroup
parameters:
+ - in: path
+ name: groupId
+ required: true
+ type: string
- in: path
name: userId
required: true
type: string
- - default: false
- description: Revoke issued OpenID Connect and OAuth refresh and access tokens
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ summary: Remove User from Group
+ tags:
+ - Group
+ put:
+ consumes:
+ - application/json
+ description: Adds a user to a group with 'OKTA_GROUP' type.
+ operationId: addUserToGroup
+ parameters:
+ - in: path
+ name: groupId
+ required: true
+ type: string
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ summary: Add User to Group
+ tags:
+ - Group
+ /api/v1/idps:
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Enumerates IdPs in your organization with pagination. A subset of IdPs
+ can be returned that match a supported filter expression or query.
+ operationId: listIdentityProviders
+ parameters:
+ - description: Searches the name property of IdPs for matching value
in: query
- name: oauthTokens
- type: boolean
+ name: q
+ type: string
+ - description: Specifies the pagination cursor for the next page of IdPs
+ in: query
+ name: after
+ type: string
+ - default: 20
+ description: Specifies the number of IdP results in a page
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ - description: Filters IdPs by type
+ in: query
+ name: type
+ type: string
produces:
- application/json
responses:
'200':
description: Success
+ schema:
+ items:
+ $ref: '#/definitions/IdentityProvider'
+ type: array
security:
- api_token: []
+ summary: List Identity Providers
tags:
- - User
-definitions:
- AppLink:
- properties:
- appAssignmentId:
- readOnly: true
- type: string
- appInstanceId:
- readOnly: true
- type: string
- appName:
- readOnly: true
- type: string
- credentialsSetup:
- readOnly: true
- type: boolean
- hidden:
- readOnly: true
- type: boolean
- id:
- readOnly: true
- type: string
- label:
- readOnly: true
- type: string
- linkUrl:
- readOnly: true
- type: string
- logoUrl:
- readOnly: true
- type: string
- sortOrder:
- readOnly: true
- type: integer
- type: object
- x-okta-tags:
- - User
- AppUser:
- properties:
- _embedded:
- additionalProperties:
- type: object
- readOnly: true
- type: object
- _links:
- additionalProperties:
- type: object
- readOnly: true
- type: object
- created:
- format: date-time
- readOnly: true
- type: string
- credentials:
- $ref: '#/definitions/AppUserCredentials'
- externalId:
- readOnly: true
- type: string
- id:
+ - IdentityProvider
+ post:
+ consumes:
+ - application/json
+ description: Adds a new IdP to your organization.
+ operationId: createIdentityProvider
+ parameters:
+ - in: body
+ name: identityProvider
+ required: true
+ schema:
+ $ref: '#/definitions/IdentityProvider'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/IdentityProvider'
+ security:
+ - api_token: []
+ summary: Add Identity Provider
+ tags:
+ - IdentityProvider
+ /api/v1/idps/credentials/keys:
+ get:
+ consumes:
+ - application/json
+ description: Enumerates IdP key credentials.
+ operationId: listIdentityProviderKeys
+ parameters:
+ - description: Specifies the pagination cursor for the next page of keys
+ in: query
+ name: after
+ type: string
+ - default: 20
+ description: Specifies the number of key results in a page
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/JsonWebKey'
+ type: array
+ security:
+ - api_token: []
+ summary: List Keys
+ tags:
+ - IdentityProvider
+ post:
+ consumes:
+ - application/json
+ description: Adds a new X.509 certificate credential to the IdP key store.
+ operationId: createIdentityProviderKey
+ parameters:
+ - in: body
+ name: jsonWebKey
+ required: true
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ summary: Add X.509 Certificate Public Key
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/credentials/keys/{keyId}':
+ delete:
+ consumes:
+ - application/json
+ description: >-
+ Deletes a specific IdP Key Credential by `kid` if it is not currently
+ being used by an Active or Inactive IdP.
+ operationId: deleteIdentityProviderKey
+ parameters:
+ - in: path
+ name: keyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ summary: Delete Key
+ tags:
+ - IdentityProvider
+ get:
+ consumes:
+ - application/json
+ description: Gets a specific IdP Key Credential by `kid`
+ operationId: getIdentityProviderKey
+ parameters:
+ - in: path
+ name: keyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ summary: Get Key
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}':
+ delete:
+ consumes:
+ - application/json
+ description: Removes an IdP from your organization.
+ operationId: deleteIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ summary: Delete Identity Provider
+ tags:
+ - IdentityProvider
+ get:
+ consumes:
+ - application/json
+ description: Fetches an IdP by `id`.
+ operationId: getIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/IdentityProvider'
+ security:
+ - api_token: []
+ summary: Get Identity Provider
+ tags:
+ - IdentityProvider
+ put:
+ consumes:
+ - application/json
+ description: Updates the configuration for an IdP.
+ operationId: updateIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: body
+ name: identityProvider
+ required: true
+ schema:
+ $ref: '#/definitions/IdentityProvider'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/IdentityProvider'
+ security:
+ - api_token: []
+ summary: Update Identity Provider
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/credentials/csrs':
+ get:
+ consumes:
+ - application/json
+ description: Enumerates signing CSRs for an IdP
+ operationId: listCsrsForIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/CSR'
+ type: array
+ security:
+ - api_token: []
+ summary: List Signing CSRs for IdP
+ tags:
+ - IdentityProvider
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Generates a new key pair and returns a Certificate Signing Request for
+ it.
+ operationId: generateCsrForIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: body
+ name: metadata
+ required: true
+ schema:
+ $ref: '#/definitions/CSRMetadata'
+ produces:
+ - application/pkcs10
+ responses:
+ '201':
+ description: Created
+ schema:
+ $ref: '#/definitions/CSR'
+ security:
+ - api_token: []
+ summary: Generate Signing CSR for IdP
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/credentials/csrs/{csrId}':
+ delete:
+ consumes:
+ - application/json
+ description: Revoke a CSR and delete the key pair from the IdP
+ operationId: revokeCsrForIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: csrId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - IdentityProvider
+ get:
+ consumes:
+ - application/json
+ description: Gets a specific CSR model by id
+ operationId: getCsrForIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: csrId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/CSR'
+ security:
+ - api_token: []
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Update the CSR with a signed X.509 certificate and add it into the
+ signing key credentials for the IdP.
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: csrId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '201':
+ description: Created
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ tags:
+ - IdentityProvider
+ x-okta-multi-operation:
+ - consumes:
+ - application/x-x509-ca-cert
+ encoding: base64
+ operationId: publishCerCertForIdentityProvider
+ parameters:
+ - in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/x-x509-ca-cert
+ operationId: publishBinaryCerCertForIdentityProvider
+ parameters:
+ - format: binary
+ in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/pkix-cert
+ encoding: base64
+ operationId: publishDerCertForIdentityProvider
+ parameters:
+ - in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/pkix-cert
+ operationId: publishBinaryDerCertForIdentityProvider
+ parameters:
+ - format: binary
+ in: body
+ name: certificate
+ required: true
+ type: string
+ - consumes:
+ - application/x-pem-file
+ operationId: publishBinaryPemCertForIdentityProvider
+ parameters:
+ - format: binary
+ in: body
+ name: certificate
+ required: true
+ type: string
+ '/api/v1/idps/{idpId}/credentials/keys':
+ get:
+ consumes:
+ - application/json
+ description: Enumerates signing key credentials for an IdP
+ operationId: listIdentityProviderSigningKeys
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/JsonWebKey'
+ type: array
+ security:
+ - api_token: []
+ summary: List Signing Key Credentials for IdP
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/credentials/keys/generate':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Generates a new X.509 certificate for an IdP signing key credential to
+ be used for signing assertions sent to the IdP
+ operationId: generateIdentityProviderSigningKey
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - description: expiry of the IdP Key Credential
+ format: int32
+ in: query
+ name: validityYears
+ required: true
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ summary: Generate New IdP Signing Key Credential
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/credentials/keys/{keyId}':
+ get:
+ consumes:
+ - application/json
+ description: Gets a specific IdP Key Credential by `kid`
+ operationId: getIdentityProviderSigningKey
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: keyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ summary: Get Signing Key Credential for IdP
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Clones a X.509 certificate for an IdP signing key credential from a
+ source IdP to target IdP
+ operationId: cloneIdentityProviderKey
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: keyId
+ required: true
+ type: string
+ - in: query
+ name: targetIdpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/JsonWebKey'
+ security:
+ - api_token: []
+ summary: Clone Signing Key Credential for IdP
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/lifecycle/activate':
+ post:
+ consumes:
+ - application/json
+ description: Activates an inactive IdP.
+ operationId: activateIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/IdentityProvider'
+ security:
+ - api_token: []
+ summary: Activate Identity Provider
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/lifecycle/deactivate':
+ post:
+ consumes:
+ - application/json
+ description: Deactivates an active IdP.
+ operationId: deactivateIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/IdentityProvider'
+ security:
+ - api_token: []
+ summary: Deactivate Identity Provider
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/users':
+ get:
+ consumes:
+ - application/json
+ description: Find all the users linked to an identity provider
+ operationId: listIdentityProviderApplicationUsers
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/IdentityProviderApplicationUser'
+ type: array
+ security:
+ - api_token: []
+ summary: Find Users
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/users/{userId}':
+ delete:
+ consumes:
+ - application/json
+ description: Removes the link between the Okta user and the IdP user.
+ operationId: unlinkUserFromIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ summary: Unlink User from IdP
+ tags:
+ - IdentityProvider
+ get:
+ consumes:
+ - application/json
+ description: Fetches a linked IdP user by ID
+ operationId: getIdentityProviderApplicationUser
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/IdentityProviderApplicationUser'
+ security:
+ - api_token: []
+ tags:
+ - IdentityProvider
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Links an Okta user to an existing Social Identity Provider. This does
+ not support the SAML2 Identity Provider Type
+ operationId: linkUserToIdentityProvider
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: body
+ name: userIdentityProviderLinkRequest
+ required: true
+ schema:
+ $ref: '#/definitions/UserIdentityProviderLinkRequest'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/IdentityProviderApplicationUser'
+ security:
+ - api_token: []
+ summary: Link a user to a Social IdP without a transaction
+ tags:
+ - IdentityProvider
+ '/api/v1/idps/{idpId}/users/{userId}/credentials/tokens':
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Fetches the tokens minted by the Social Authentication Provider when the
+ user authenticates with Okta via Social Auth.
+ operationId: listSocialAuthTokens
+ parameters:
+ - in: path
+ name: idpId
+ required: true
+ type: string
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/SocialAuthToken'
+ type: array
+ security:
+ - api_token: []
+ summary: Social Authentication Token Operation
+ tags:
+ - IdentityProvider
+ /api/v1/inlineHooks:
+ get:
+ consumes:
+ - application/json
+ description: Success
+ operationId: listInlineHooks
+ parameters:
+ - in: query
+ name: type
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/InlineHook'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ post:
+ consumes:
+ - application/json
+ description: Success
+ operationId: createInlineHook
+ parameters:
+ - in: body
+ name: inlineHook
+ required: true
+ schema:
+ $ref: '#/definitions/InlineHook'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/InlineHook'
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ '/api/v1/inlineHooks/{inlineHookId}':
+ delete:
+ consumes:
+ - application/json
+ description: >-
+ Deletes the Inline Hook matching the provided id. Once deleted, the
+ Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks
+ with a status of INACTIVE are eligible for deletion.
+ operationId: deleteInlineHook
+ parameters:
+ - in: path
+ name: inlineHookId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ get:
+ consumes:
+ - application/json
+ description: Gets an inline hook by ID
+ operationId: getInlineHook
+ parameters:
+ - in: path
+ name: inlineHookId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/InlineHook'
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ put:
+ consumes:
+ - application/json
+ description: Updates an inline hook by ID
+ operationId: updateInlineHook
+ parameters:
+ - in: path
+ name: inlineHookId
+ required: true
+ type: string
+ - in: body
+ name: inlineHook
+ required: true
+ schema:
+ $ref: '#/definitions/InlineHook'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/InlineHook'
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ '/api/v1/inlineHooks/{inlineHookId}/execute':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Executes the Inline Hook matching the provided inlineHookId using the
+ request body as the input. This will send the provided data through the
+ Channel and return a response if it matches the correct data contract.
+ This execution endpoint should only be used for testing purposes.
+ operationId: executeInlineHook
+ parameters:
+ - in: path
+ name: inlineHookId
+ required: true
+ type: string
+ - in: body
+ name: payloadData
+ required: true
+ schema:
+ $ref: '#/definitions/InlineHookPayload'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/InlineHookResponse'
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ '/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate':
+ post:
+ consumes:
+ - application/json
+ description: Activates the Inline Hook matching the provided id
+ operationId: activateInlineHook
+ parameters:
+ - in: path
+ name: inlineHookId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/InlineHook'
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ '/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate':
+ post:
+ consumes:
+ - application/json
+ description: Deactivates the Inline Hook matching the provided id
+ operationId: deactivateInlineHook
+ parameters:
+ - in: path
+ name: inlineHookId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/InlineHook'
+ security:
+ - api_token: []
+ tags:
+ - InlineHook
+ /api/v1/logs:
+ get:
+ consumes:
+ - application/json
+ description: >-
+ The Okta System Log API provides read access to your organization’s
+ system log. This API provides more functionality than the Events API
+ operationId: getLogs
+ parameters:
+ - in: query
+ name: until
+ type: string
+ - in: query
+ name: since
+ type: string
+ - in: query
+ name: filter
+ type: string
+ - in: query
+ name: q
+ type: string
+ - default: 100
+ in: query
+ name: limit
+ type: integer
+ - default: ASCENDING
+ in: query
+ name: sortOrder
+ type: string
+ - in: query
+ name: after
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/LogEvent'
+ type: array
+ security:
+ - api_token: []
+ summary: Fetch a list of events from your Okta organization system log.
+ tags:
+ - Log
+ /api/v1/meta/schemas/user/linkedObjects:
+ get:
+ consumes:
+ - application/json
+ description: Success
+ operationId: listLinkedObjectDefinitions
+ parameters: []
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/LinkedObject'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - LinkedObject
+ post:
+ consumes:
+ - application/json
+ description: Success
+ operationId: addLinkedObjectDefinition
+ parameters:
+ - in: body
+ name: linkedObject
+ required: true
+ schema:
+ $ref: '#/definitions/LinkedObject'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/LinkedObject'
+ security:
+ - api_token: []
+ tags:
+ - LinkedObject
+ '/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}':
+ delete:
+ consumes:
+ - application/json
+ description: Success
+ operationId: deleteLinkedObjectDefinition
+ parameters:
+ - in: path
+ name: linkedObjectName
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - LinkedObject
+ get:
+ consumes:
+ - application/json
+ description: Success
+ operationId: getLinkedObjectDefinition
+ parameters:
+ - in: path
+ name: linkedObjectName
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/LinkedObject'
+ security:
+ - api_token: []
+ tags:
+ - LinkedObject
+ /api/v1/meta/types/user:
+ get:
+ consumes:
+ - application/json
+ description: Fetches all User Types in your org
+ operationId: listUserTypes
+ parameters: []
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/UserType'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - UserType
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Creates a new User Type. A default User Type is automatically created
+ along with your org, and you may add another 9 User Types for a maximum
+ of 10.
+ operationId: createUserType
+ parameters:
+ - in: body
+ name: userType
+ required: true
+ schema:
+ $ref: '#/definitions/UserType'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserType'
+ security:
+ - api_token: []
+ tags:
+ - UserType
+ '/api/v1/meta/types/user/{typeId}':
+ delete:
+ consumes:
+ - application/json
+ description: >-
+ Deletes a User Type permanently. This operation is not permitted for the
+ default type, nor for any User Type that has existing users
+ operationId: deleteUserType
+ parameters:
+ - in: path
+ name: typeId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - UserType
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Fetches a User Type by ID. The special identifier `default` may be used
+ to fetch the default User Type.
+ operationId: getUserType
+ parameters:
+ - in: path
+ name: typeId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserType'
+ security:
+ - api_token: []
+ tags:
+ - UserType
+ post:
+ consumes:
+ - application/json
+ description: Updates an existing User Type
+ operationId: updateUserType
+ parameters:
+ - in: path
+ name: typeId
+ required: true
+ type: string
+ - in: body
+ name: userType
+ required: true
+ schema:
+ $ref: '#/definitions/UserType'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserType'
+ security:
+ - api_token: []
+ tags:
+ - UserType
+ put:
+ consumes:
+ - application/json
+ description: Replace an existing User Type
+ operationId: replaceUserType
+ parameters:
+ - in: path
+ name: typeId
+ required: true
+ type: string
+ - in: body
+ name: userType
+ required: true
+ schema:
+ $ref: '#/definitions/UserType'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserType'
+ security:
+ - api_token: []
+ tags:
+ - UserType
+ /api/v1/policies:
+ get:
+ consumes:
+ - application/json
+ description: Gets all policies with the specified type.
+ operationId: listPolicies
+ parameters:
+ - in: query
+ name: type
+ required: true
+ type: string
+ - in: query
+ name: status
+ type: string
+ - default: ''
+ in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/Policy'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ post:
+ consumes:
+ - application/json
+ description: Creates a policy.
+ operationId: createPolicy
+ parameters:
+ - in: body
+ name: policy
+ required: true
+ schema:
+ $ref: '#/definitions/Policy'
+ - default: true
+ in: query
+ name: activate
+ type: boolean
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/Policy'
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ '/api/v1/policies/{policyId}':
+ delete:
+ consumes:
+ - application/json
+ description: Removes a policy.
+ operationId: deletePolicy
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ get:
+ consumes:
+ - application/json
+ description: Gets a policy.
+ operationId: getPolicy
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ - default: ''
+ in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/Policy'
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ put:
+ consumes:
+ - application/json
+ description: Updates a policy.
+ operationId: updatePolicy
+ parameters:
+ - in: body
+ name: policy
+ required: true
+ schema:
+ $ref: '#/definitions/Policy'
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/Policy'
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ '/api/v1/policies/{policyId}/lifecycle/activate':
+ post:
+ consumes:
+ - application/json
+ description: Activates a policy.
+ operationId: activatePolicy
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ '/api/v1/policies/{policyId}/lifecycle/deactivate':
+ post:
+ consumes:
+ - application/json
+ description: Deactivates a policy.
+ operationId: deactivatePolicy
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ '/api/v1/policies/{policyId}/rules':
+ get:
+ consumes:
+ - application/json
+ description: Enumerates all policy rules.
+ operationId: listPolicyRules
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/PolicyRule'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ post:
+ consumes:
+ - application/json
+ description: Creates a policy rule.
+ operationId: createPolicyRule
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ - in: body
+ name: policyRule
+ required: true
+ schema:
+ $ref: '#/definitions/PolicyRule'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/PolicyRule'
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ '/api/v1/policies/{policyId}/rules/{ruleId}':
+ delete:
+ consumes:
+ - application/json
+ description: Removes a policy rule.
+ operationId: deletePolicyRule
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ - in: path
+ name: ruleId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ get:
+ consumes:
+ - application/json
+ description: Gets a policy rule.
+ operationId: getPolicyRule
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ - in: path
+ name: ruleId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/PolicyRule'
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ put:
+ consumes:
+ - application/json
+ description: Updates a policy rule.
+ operationId: updatePolicyRule
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ - in: path
+ name: ruleId
+ required: true
+ type: string
+ - in: body
+ name: policyRule
+ required: true
+ schema:
+ $ref: '#/definitions/PolicyRule'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/PolicyRule'
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ '/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate':
+ post:
+ consumes:
+ - application/json
+ description: Activates a policy rule.
+ operationId: activatePolicyRule
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ - in: path
+ name: ruleId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ '/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate':
+ post:
+ consumes:
+ - application/json
+ description: Deactivates a policy rule.
+ operationId: deactivatePolicyRule
+ parameters:
+ - in: path
+ name: policyId
+ required: true
+ type: string
+ - in: path
+ name: ruleId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - Policy
+ /api/v1/sessions:
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Creates a new session for a user with a valid session token. Use this
+ API if, for example, you want to set the session cookie yourself instead
+ of allowing Okta to set it, or want to hold the session ID in order to
+ delete a session via the API instead of visiting the logout URL.
+ operationId: createSession
+ parameters:
+ - in: body
+ name: createSessionRequest
+ required: true
+ schema:
+ $ref: '#/definitions/CreateSessionRequest'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/Session'
+ security:
+ - api_token: []
+ summary: Create Session with Session Token
+ tags:
+ - Session
+ '/api/v1/sessions/{sessionId}':
+ delete:
+ consumes:
+ - application/json
+ description: ''
+ operationId: endSession
+ parameters:
+ - in: path
+ name: sessionId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ summary: Close Session
+ tags:
+ - Session
+ get:
+ consumes:
+ - application/json
+ description: Get details about a session.
+ operationId: getSession
+ parameters:
+ - in: path
+ name: sessionId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/Session'
+ security:
+ - api_token: []
+ tags:
+ - Session
+ '/api/v1/sessions/{sessionId}/lifecycle/refresh':
+ post:
+ consumes:
+ - application/json
+ description: ''
+ operationId: refreshSession
+ parameters:
+ - in: path
+ name: sessionId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/Session'
+ security:
+ - api_token: []
+ summary: Refresh Session
+ tags:
+ - Session
+ /api/v1/templates/sms:
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Enumerates custom SMS templates in your organization. A subset of
+ templates can be returned that match a template type.
+ operationId: listSmsTemplates
+ parameters:
+ - in: query
+ name: templateType
+ type: string
+ x-openapi-v3-schema-ref: '#/definitions/SmsTemplateType'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/SmsTemplate'
+ type: array
+ security:
+ - api_token: []
+ summary: List SMS Templates
+ tags:
+ - Template
+ post:
+ consumes:
+ - application/json
+ description: Adds a new custom SMS template to your organization.
+ operationId: createSmsTemplate
+ parameters:
+ - in: body
+ name: smsTemplate
+ required: true
+ schema:
+ $ref: '#/definitions/SmsTemplate'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/SmsTemplate'
+ security:
+ - api_token: []
+ summary: Add SMS Template
+ tags:
+ - Template
+ '/api/v1/templates/sms/{templateId}':
+ delete:
+ consumes:
+ - application/json
+ description: Removes an SMS template.
+ operationId: deleteSmsTemplate
+ parameters:
+ - in: path
+ name: templateId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ summary: Remove SMS Template
+ tags:
+ - Template
+ get:
+ consumes:
+ - application/json
+ description: Fetches a specific template by `id`
+ operationId: getSmsTemplate
+ parameters:
+ - in: path
+ name: templateId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/SmsTemplate'
+ security:
+ - api_token: []
+ summary: Get SMS Template
+ tags:
+ - Template
+ post:
+ consumes:
+ - application/json
+ description: 'Updates only some of the SMS template properties:'
+ operationId: partialUpdateSmsTemplate
+ parameters:
+ - in: path
+ name: templateId
+ required: true
+ type: string
+ - in: body
+ name: smsTemplate
+ required: true
+ schema:
+ $ref: '#/definitions/SmsTemplate'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/SmsTemplate'
+ security:
+ - api_token: []
+ summary: Partial SMS Template Update
+ tags:
+ - Template
+ put:
+ consumes:
+ - application/json
+ description: Updates the SMS template.
+ operationId: updateSmsTemplate
+ parameters:
+ - in: path
+ name: templateId
+ required: true
+ type: string
+ - in: body
+ name: smsTemplate
+ required: true
+ schema:
+ $ref: '#/definitions/SmsTemplate'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/SmsTemplate'
+ security:
+ - api_token: []
+ summary: Update SMS Template
+ tags:
+ - Template
+ /api/v1/trustedOrigins:
+ get:
+ consumes:
+ - application/json
+ description: Success
+ operationId: listOrigins
+ parameters:
+ - in: query
+ name: q
+ type: string
+ - in: query
+ name: filter
+ type: string
+ - in: query
+ name: after
+ type: string
+ - default: -1
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/TrustedOrigin'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - TrustedOrigin
+ post:
+ consumes:
+ - application/json
+ description: Success
+ operationId: createOrigin
+ parameters:
+ - in: body
+ name: trustedOrigin
+ required: true
+ schema:
+ $ref: '#/definitions/TrustedOrigin'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/TrustedOrigin'
+ security:
+ - api_token: []
+ tags:
+ - TrustedOrigin
+ '/api/v1/trustedOrigins/{trustedOriginId}':
+ delete:
+ consumes:
+ - application/json
+ description: Success
+ operationId: deleteOrigin
+ parameters:
+ - in: path
+ name: trustedOriginId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - TrustedOrigin
+ get:
+ consumes:
+ - application/json
+ description: Success
+ operationId: getOrigin
+ parameters:
+ - in: path
+ name: trustedOriginId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/TrustedOrigin'
+ security:
+ - api_token: []
+ tags:
+ - TrustedOrigin
+ put:
+ consumes:
+ - application/json
+ description: Success
+ operationId: updateOrigin
+ parameters:
+ - in: path
+ name: trustedOriginId
+ required: true
+ type: string
+ - in: body
+ name: trustedOrigin
+ required: true
+ schema:
+ $ref: '#/definitions/TrustedOrigin'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/TrustedOrigin'
+ security:
+ - api_token: []
+ tags:
+ - TrustedOrigin
+ '/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate':
+ post:
+ consumes:
+ - application/json
+ description: Success
+ operationId: activateOrigin
+ parameters:
+ - in: path
+ name: trustedOriginId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/TrustedOrigin'
+ security:
+ - api_token: []
+ tags:
+ - TrustedOrigin
+ '/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate':
+ post:
+ consumes:
+ - application/json
+ description: Success
+ operationId: deactivateOrigin
+ parameters:
+ - in: path
+ name: trustedOriginId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/TrustedOrigin'
+ security:
+ - api_token: []
+ tags:
+ - TrustedOrigin
+ /api/v1/users:
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Lists users in your organization with pagination in most cases. A
+ subset of users can be returned that match a supported filter expression
+ or search criteria.
+ operationId: listUsers
+ parameters:
+ - description: 'Finds a user that matches firstName, lastName, and email properties'
+ in: query
+ name: q
+ type: string
+ - description: Specifies the pagination cursor for the next page of users
+ in: query
+ name: after
+ type: string
+ - default: 10
+ description: Specifies the number of results returned
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ - description: Filters users with a supported expression for a subset of properties
+ in: query
+ name: filter
+ type: string
+ - description: >-
+ Searches for users with a supported filtering expression for most
+ properties
+ in: query
+ name: search
+ type: string
+ - in: query
+ name: sortBy
+ type: string
+ - in: query
+ name: sortOrder
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/User'
+ type: array
+ security:
+ - api_token: []
+ summary: List Users
+ tags:
+ - User
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Creates a new user in your Okta organization with or without
+ credentials.
+ operationId: createUser
+ parameters:
+ - in: body
+ name: body
+ required: true
+ schema:
+ $ref: '#/definitions/User'
+ - default: true
+ description: Executes activation lifecycle operation when creating the user
+ in: query
+ name: activate
+ type: boolean
+ - default: false
+ description: >-
+ Indicates whether to create a user with a specified authentication
+ provider
+ in: query
+ name: provider
+ type: boolean
+ - default: ''
+ description: >-
+ With activate=true, set nextLogin to "changePassword" to have the
+ password be EXPIRED, so user must change it the next time they log
+ in.
+ in: query
+ name: nextLogin
+ type: string
+ x-okta-added-version: 0.14.0
+ x-openapi-v3-schema-ref: '#/definitions/UserNextLogin'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/User'
+ security:
+ - api_token: []
+ summary: Create User
+ tags:
+ - User
+ '/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}':
+ put:
+ consumes:
+ - application/json
+ operationId: setLinkedObjectForUser
+ parameters:
+ - in: path
+ name: associatedUserId
+ required: true
+ type: string
+ - in: path
+ name: primaryRelationshipName
+ required: true
+ type: string
+ - in: path
+ name: primaryUserId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}':
+ delete:
+ consumes:
+ - application/json
+ description: >-
+ Deletes a user permanently. This operation can only be performed on
+ users that have a `DEPROVISIONED` status. **This action cannot be
+ recovered!**
+ operationId: deactivateOrDeleteUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - default: false
+ in: query
+ name: sendEmail
+ type: boolean
+ x-okta-added-version: 1.5.0
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: ACCEPTED
+ security:
+ - api_token: []
+ summary: Delete User
+ tags:
+ - User
+ get:
+ consumes:
+ - application/json
+ description: Fetches a user from your Okta organization.
+ operationId: getUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/User'
+ security:
+ - api_token: []
+ summary: Get User
+ tags:
+ - User
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Fetch a user by `id`, `login`, or `login shortname` if the short name is
+ unambiguous.
+ operationId: partialUpdateUser
+ parameters:
+ - in: body
+ name: user
+ required: true
+ schema:
+ $ref: '#/definitions/User'
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: query
+ name: strict
+ type: boolean
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/User'
+ security:
+ - api_token: []
+ tags:
+ - User
+ put:
+ consumes:
+ - application/json
+ description: >-
+ Update a user's profile and/or credentials using strict-update
+ semantics.
+ operationId: updateUser
+ parameters:
+ - in: body
+ name: user
+ required: true
+ schema:
+ $ref: '#/definitions/User'
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: query
+ name: strict
+ type: boolean
+ x-okta-added-version: 1.10.0
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/User'
+ security:
+ - api_token: []
+ summary: Update User
+ tags:
+ - User
+ '/api/v1/users/{userId}/appLinks':
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Fetches appLinks for all direct or indirect (via group membership)
+ assigned applications.
+ operationId: listAppLinks
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/AppLink'
+ type: array
+ security:
+ - api_token: []
+ summary: Get Assigned App Links
+ tags:
+ - User
+ '/api/v1/users/{userId}/clients':
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Lists all client resources for which the specified user has grants or
+ tokens.
+ operationId: listUserClients
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/OAuth2Client'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/clients/{clientId}/grants':
+ delete:
+ consumes:
+ - application/json
+ description: Revokes all grants for the specified user and client
+ operationId: revokeGrantsForUserAndClient
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: clientId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ get:
+ consumes:
+ - application/json
+ description: Lists all grants for a specified user and client
+ operationId: listGrantsForUserAndClient
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: clientId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ - in: query
+ name: after
+ type: string
+ - default: 20
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/OAuth2ScopeConsentGrant'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/clients/{clientId}/tokens':
+ delete:
+ consumes:
+ - application/json
+ description: Revokes all refresh tokens issued for the specified User and Client.
+ operationId: revokeTokensForUserAndClient
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: clientId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - User
+ get:
+ consumes:
+ - application/json
+ description: Lists all refresh tokens issued for the specified User and Client.
+ operationId: listRefreshTokensForUserAndClient
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: clientId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ - in: query
+ name: after
+ type: string
+ - default: 20
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/OAuth2RefreshToken'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}':
+ delete:
+ consumes:
+ - application/json
+ description: Revokes the specified refresh token.
+ operationId: revokeTokenForUserAndClient
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: clientId
+ required: true
+ type: string
+ - in: path
+ name: tokenId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - User
+ get:
+ consumes:
+ - application/json
+ description: Gets a refresh token issued for the specified User and Client.
+ operationId: getRefreshTokenForUserAndClient
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: clientId
+ required: true
+ type: string
+ - in: path
+ name: tokenId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ - default: 20
+ in: query
+ name: limit
+ type: integer
+ - in: query
+ name: after
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/OAuth2RefreshToken'
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/credentials/change_password':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Changes a user's password by validating the user's current password.
+ This operation can only be performed on users in `STAGED`, `ACTIVE`,
+ `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password
+ credential
+ operationId: changePassword
+ parameters:
+ - in: body
+ name: changePasswordRequest
+ required: true
+ schema:
+ $ref: '#/definitions/ChangePasswordRequest'
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: query
+ name: strict
+ type: boolean
+ x-okta-added-version: 1.10.0
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserCredentials'
+ security:
+ - api_token: []
+ summary: Change Password
+ tags:
+ - User
+ '/api/v1/users/{userId}/credentials/change_recovery_question':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Changes a user's recovery question & answer credential by validating the
+ user's current password. This operation can only be performed on users
+ in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid
+ password credential
+ operationId: changeRecoveryQuestion
+ parameters:
+ - in: body
+ name: userCredentials
+ required: true
+ schema:
+ $ref: '#/definitions/UserCredentials'
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserCredentials'
+ security:
+ - api_token: []
+ summary: Change Recovery Question
+ tags:
+ - User
+ '/api/v1/users/{userId}/credentials/forgot_password':
+ post:
+ consumes:
+ - application/json
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/ForgotPasswordResponse'
+ security:
+ - api_token: []
+ summary: Forgot Password
+ tags:
+ - User
+ x-okta-multi-operation:
+ - description: >-
+ Generates a one-time token (OTT) that can be used to reset a user's
+ password
+ operationId: forgotPasswordGenerateOneTimeToken
+ parameters:
+ - default: true
+ in: query
+ name: sendEmail
+ type: boolean
+ - description: >-
+ Sets a new password for a user by validating the user's answer to
+ their current recovery question
+ operationId: forgotPasswordSetNewPassword
+ parameters:
+ - in: body
+ name: user
+ required: true
+ schema:
+ $ref: '#/definitions/UserCredentials'
+ - default: true
+ in: query
+ name: sendEmail
+ type: boolean
+ '/api/v1/users/{userId}/factors':
+ get:
+ consumes:
+ - application/json
+ description: Enumerates all the enrolled factors for the specified user
+ operationId: listFactors
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/UserFactor'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - UserFactor
+ post:
+ consumes:
+ - application/json
+ description: Enrolls a user with a supported factor.
+ operationId: enrollFactor
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - description: Factor
+ in: body
+ name: body
+ required: true
+ schema:
+ $ref: '#/definitions/UserFactor'
+ - default: false
+ in: query
+ name: updatePhone
+ type: boolean
+ - description: id of SMS template (only for SMS factor)
+ in: query
+ name: templateId
+ type: string
+ - default: 300
+ format: int32
+ in: query
+ name: tokenLifetimeSeconds
+ type: integer
+ x-okta-added-version: 1.3.0
+ - default: false
+ in: query
+ name: activate
+ type: boolean
+ x-okta-added-version: 1.3.0
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserFactor'
+ security:
+ - api_token: []
+ summary: Enroll Factor
+ tags:
+ - UserFactor
+ '/api/v1/users/{userId}/factors/catalog':
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Enumerates all the supported factors that can be enrolled for the
+ specified user
+ operationId: listSupportedFactors
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/UserFactor'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - UserFactor
+ '/api/v1/users/{userId}/factors/questions':
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Enumerates all available security questions for a user's `question`
+ factor
+ operationId: listSupportedSecurityQuestions
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/SecurityQuestion'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - UserFactor
+ '/api/v1/users/{userId}/factors/{factorId}':
+ delete:
+ consumes:
+ - application/json
+ description: >-
+ Unenrolls an existing factor for the specified user, allowing the user
+ to enroll a new factor.
+ operationId: deleteFactor
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: factorId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - UserFactor
+ get:
+ consumes:
+ - application/json
+ description: Fetches a factor for the specified user
+ operationId: getFactor
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: factorId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserFactor'
+ security:
+ - api_token: []
+ tags:
+ - UserFactor
+ '/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ The `sms` and `token:software:totp` factor types require activation to
+ complete the enrollment process.
+ operationId: activateFactor
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: factorId
+ required: true
+ type: string
+ - in: body
+ name: body
+ schema:
+ $ref: '#/definitions/ActivateFactorRequest'
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserFactor'
+ security:
+ - api_token: []
+ summary: Activate Factor
+ tags:
+ - UserFactor
+ '/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}':
+ get:
+ consumes:
+ - application/json
+ description: Polls factors verification transaction for status.
+ operationId: getFactorTransactionStatus
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: factorId
+ required: true
+ type: string
+ - in: path
+ name: transactionId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/VerifyUserFactorResponse'
+ security:
+ - api_token: []
+ tags:
+ - UserFactor
+ '/api/v1/users/{userId}/factors/{factorId}/verify':
+ post:
+ consumes:
+ - application/json
+ description: 'Verifies an OTP for a `token` or `token:hardware` factor'
+ operationId: verifyFactor
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: factorId
+ required: true
+ type: string
+ - in: query
+ name: templateId
+ type: string
+ - default: 300
+ format: int32
+ in: query
+ name: tokenLifetimeSeconds
+ type: integer
+ x-okta-added-version: 1.3.0
+ - in: body
+ name: body
+ schema:
+ $ref: '#/definitions/VerifyFactorRequest'
+ - in: header
+ name: X-Forwarded-For
+ type: string
+ x-okta-added-version: 1.11.0
+ - in: header
+ name: User-Agent
+ type: string
+ x-okta-added-version: 1.11.0
+ - in: header
+ name: Accept-Language
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/VerifyUserFactorResponse'
+ security:
+ - api_token: []
+ summary: Verify MFA Factor
+ tags:
+ - UserFactor
+ '/api/v1/users/{userId}/grants':
+ delete:
+ consumes:
+ - application/json
+ description: Revokes all grants for a specified user
+ operationId: revokeUserGrants
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - User
+ get:
+ consumes:
+ - application/json
+ description: Lists all grants for the specified user
+ operationId: listUserGrants
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: query
+ name: scopeId
+ type: string
+ - in: query
+ name: expand
+ type: string
+ - in: query
+ name: after
+ type: string
+ - default: 20
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/OAuth2ScopeConsentGrant'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/grants/{grantId}':
+ delete:
+ consumes:
+ - application/json
+ description: Revokes one grant for a specified user
+ operationId: revokeUserGrant
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: grantId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ tags:
+ - User
+ get:
+ consumes:
+ - application/json
+ description: Gets a grant for the specified user
+ operationId: getUserGrant
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: grantId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/OAuth2ScopeConsentGrant'
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/groups':
+ get:
+ consumes:
+ - application/json
+ description: Fetches the groups of which the user is a member.
+ operationId: listUserGroups
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/Group'
+ type: array
+ security:
+ - api_token: []
+ summary: Get Member Groups
+ tags:
+ - User
+ '/api/v1/users/{userId}/idps':
+ get:
+ consumes:
+ - application/json
+ description: Lists the IdPs associated with the user.
+ operationId: listUserIdentityProviders
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/IdentityProvider'
+ type: array
+ security:
+ - api_token: []
+ summary: Listing IdPs associated with a user
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/activate':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Activates a user. This operation can only be performed on users with a
+ `STAGED` status. Activation of a user is an asynchronous operation. The
+ user will have the `transitioningToStatus` property with a value of
+ `ACTIVE` during activation to indicate that the user hasn't completed
+ the asynchronous operation. The user will have a status of `ACTIVE`
+ when the activation process is complete.
+ operationId: activateUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - default: true
+ description: Sends an activation email to the user if true
+ in: query
+ name: sendEmail
+ required: true
+ type: boolean
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserActivationToken'
+ security:
+ - api_token: []
+ summary: Activate User
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/deactivate':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Deactivates a user. This operation can only be performed on users that
+ do not have a `DEPROVISIONED` status. Deactivation of a user is an
+ asynchronous operation. The user will have the `transitioningToStatus`
+ property with a value of `DEPROVISIONED` during deactivation to indicate
+ that the user hasn't completed the asynchronous operation. The user
+ will have a status of `DEPROVISIONED` when the deactivation process is
+ complete.
+ operationId: deactivateUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - default: false
+ in: query
+ name: sendEmail
+ type: boolean
+ x-okta-added-version: 1.5.0
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: OK
+ security:
+ - api_token: []
+ summary: Deactivate User
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ This operation transitions the user to the status of `PASSWORD_EXPIRED`
+ so that the user is required to change their password at their next
+ login.
+ operationId: expirePassword
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/User'
+ security:
+ - api_token: []
+ summary: Expire Password
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ This operation transitions the user to the status of `PASSWORD_EXPIRED`
+ and the user's password is reset to a temporary password that is
+ returned.
+ operationId: expirePasswordAndGetTemporaryPassword
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/TempPassword'
+ security:
+ - api_token: []
+ summary: Expire Password
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/reactivate':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Reactivates a user. This operation can only be performed on users with
+ a `PROVISIONED` status. This operation restarts the activation workflow
+ if for some reason the user activation was not completed when using the
+ activationToken from [Activate User](#activate-user).
+ operationId: reactivateUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - default: false
+ description: Sends an activation email to the user if true
+ in: query
+ name: sendEmail
+ type: boolean
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/UserActivationToken'
+ security:
+ - api_token: []
+ summary: Reactivate User
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/reset_factors':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ This operation resets all factors for the specified user. All MFA factor
+ enrollments returned to the unenrolled state. The user's status remains
+ ACTIVE. This link is present only if the user is currently enrolled in
+ one or more MFA factors.
+ operationId: resetFactors
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: OK
+ security:
+ - api_token: []
+ summary: Reset Factors
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/reset_password':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Generates a one-time token (OTT) that can be used to reset a user's
+ password. The OTT link can be automatically emailed to the user or
+ returned to the API caller and distributed using a custom flow.
+ operationId: resetPassword
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: query
+ name: sendEmail
+ required: true
+ type: boolean
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ $ref: '#/definitions/ResetPasswordToken'
+ security:
+ - api_token: []
+ summary: Reset Password
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/suspend':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Suspends a user. This operation can only be performed on users with an
+ `ACTIVE` status. The user will have a status of `SUSPENDED` when the
+ process is complete.
+ operationId: suspendUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: OK
+ security:
+ - api_token: []
+ summary: Suspend User
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/unlock':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE`
+ status. Users will be able to login with their current password.
+ operationId: unlockUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: OK
+ security:
+ - api_token: []
+ summary: Unlock User
+ tags:
+ - User
+ '/api/v1/users/{userId}/lifecycle/unsuspend':
+ post:
+ consumes:
+ - application/json
+ description: >-
+ Unsuspends a user and returns them to the `ACTIVE` state. This
+ operation can only be performed on users that have a `SUSPENDED` status.
+ operationId: unsuspendUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: OK
+ security:
+ - api_token: []
+ summary: Unsuspend User
+ tags:
+ - User
+ '/api/v1/users/{userId}/linkedObjects/{relationshipName}':
+ delete:
+ consumes:
+ - application/json
+ description: >-
+ Delete linked objects for a user, relationshipName can be ONLY a primary
+ relationship name
+ operationId: removeLinkedObjectForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: relationshipName
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Get linked objects for a user, relationshipName can be a primary or
+ associated relationship name
+ operationId: getLinkedObjectsForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: relationshipName
+ required: true
+ type: string
+ - in: query
+ name: after
+ type: string
+ - default: -1
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/ResponseLinks'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/roles':
+ get:
+ consumes:
+ - application/json
+ description: Lists all roles assigned to a user.
+ operationId: listAssignedRolesForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: query
+ name: expand
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/Role'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ post:
+ consumes:
+ - application/json
+ description: Assigns a role to a user.
+ operationId: assignRoleToUser
+ parameters:
+ - in: body
+ name: assignRoleRequest
+ required: true
+ schema:
+ $ref: '#/definitions/AssignRoleRequest'
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: query
+ name: disableNotifications
+ type: string
+ produces:
+ - application/json
+ responses:
+ '201':
+ description: Success
+ schema:
+ $ref: '#/definitions/Role'
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/roles/{roleId}':
+ delete:
+ consumes:
+ - application/json
+ description: Unassigns a role from a user.
+ operationId: removeRoleFromUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps':
+ get:
+ consumes:
+ - application/json
+ description: >-
+ Lists all App targets for an `APP_ADMIN` Role assigned to a User. This
+ methods return list may include full Applications or Instances. The
+ response for an instance will have an `ID` value, while Application will
+ not have an ID.
+ operationId: listApplicationTargetsForApplicationAdministratorRoleForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: query
+ name: after
+ type: string
+ - default: 20
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/Application'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ put:
+ consumes:
+ - application/json
+ description: Success
+ operationId: addAllAppsAsTargetToRole
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}':
+ delete:
+ consumes:
+ - application/json
+ description: Success
+ operationId: removeApplicationTargetFromApplicationAdministratorRoleForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: appName
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ put:
+ consumes:
+ - application/json
+ description: Success
+ operationId: addApplicationTargetToAdminRoleForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: appName
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}':
+ delete:
+ consumes:
+ - application/json
+ description: Remove App Instance Target to App Administrator Role given to a User
+ operationId: removeApplicationTargetFromAdministratorRoleForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: appName
+ required: true
+ type: string
+ - in: path
+ name: applicationId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ summary: Remove App Instance Target to App Administrator Role given to a User
+ tags:
+ - User
+ put:
+ consumes:
+ - application/json
+ description: Add App Instance Target to App Administrator Role given to a User
+ operationId: addApplicationTargetToAppAdminRoleForUser
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: appName
+ required: true
+ type: string
+ - in: path
+ name: applicationId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '204':
+ description: No Content
+ security:
+ - api_token: []
+ summary: Add App Instance Target to App Administrator Role given to a User
+ tags:
+ - User
+ '/api/v1/users/{userId}/roles/{roleId}/targets/groups':
+ get:
+ consumes:
+ - application/json
+ description: Success
+ operationId: listGroupTargetsForRole
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: query
+ name: after
+ type: string
+ - default: 20
+ format: int32
+ in: query
+ name: limit
+ type: integer
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ schema:
+ items:
+ $ref: '#/definitions/Group'
+ type: array
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}':
+ delete:
+ consumes:
+ - application/json
+ description: Success
+ operationId: removeGroupTargetFromRole
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: groupId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ put:
+ consumes:
+ - application/json
+ description: Success
+ operationId: addGroupTargetToRole
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - in: path
+ name: roleId
+ required: true
+ type: string
+ - in: path
+ name: groupId
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+ '/api/v1/users/{userId}/sessions':
+ delete:
+ consumes:
+ - application/json
+ description: >-
+ Removes all active identity provider sessions. This forces the user to
+ authenticate on the next operation. Optionally revokes OpenID Connect
+ and OAuth refresh and access tokens issued to the user.
+ operationId: clearUserSessions
+ parameters:
+ - in: path
+ name: userId
+ required: true
+ type: string
+ - default: false
+ description: Revoke issued OpenID Connect and OAuth refresh and access tokens
+ in: query
+ name: oauthTokens
+ type: boolean
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: Success
+ security:
+ - api_token: []
+ tags:
+ - User
+definitions:
+ ActivateFactorRequest:
+ properties:
+ attestation:
+ type: string
+ clientData:
+ type: string
+ passCode:
+ type: string
+ registrationData:
+ type: string
+ stateToken:
+ type: string
+ x-okta-tags:
+ - UserFactor
+ AppAndInstanceConditionEvaluatorAppOrInstance:
+ properties:
+ id:
+ readOnly: true
+ type: string
+ name:
+ type: string
+ type:
+ enum:
+ - APP_TYPE
+ - APP
+ type: string
+ type: object
+ AppAndInstancePolicyRuleCondition:
+ properties:
+ exclude:
+ items:
+ $ref: '#/definitions/AppAndInstanceConditionEvaluatorAppOrInstance'
+ type: array
+ include:
+ items:
+ $ref: '#/definitions/AppAndInstanceConditionEvaluatorAppOrInstance'
+ type: array
+ type: object
+ AppInstancePolicyRuleCondition:
+ properties:
+ exclude:
+ items:
+ type: string
+ type: array
+ include:
+ items:
+ type: string
+ type: array
+ type: object
+ AppLink:
+ properties:
+ appAssignmentId:
+ readOnly: true
+ type: string
+ appInstanceId:
+ readOnly: true
+ type: string
+ appName:
+ readOnly: true
+ type: string
+ credentialsSetup:
+ readOnly: true
+ type: boolean
+ hidden:
+ readOnly: true
+ type: boolean
+ id:
+ readOnly: true
+ type: string
+ label:
+ readOnly: true
+ type: string
+ linkUrl:
+ readOnly: true
+ type: string
+ logoUrl:
+ readOnly: true
+ type: string
+ sortOrder:
+ readOnly: true
+ type: integer
+ type: object
+ x-okta-tags:
+ - User
+ AppUser:
+ properties:
+ _embedded:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ created:
+ format: date-time
+ readOnly: true
+ type: string
+ credentials:
+ $ref: '#/definitions/AppUserCredentials'
+ externalId:
+ readOnly: true
+ type: string
+ id:
+ type: string
+ lastSync:
+ format: date-time
+ readOnly: true
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ passwordChanged:
+ format: date-time
+ readOnly: true
+ type: string
+ profile:
+ additionalProperties:
+ type: object
+ type: object
+ scope:
+ type: string
+ status:
+ readOnly: true
+ type: string
+ statusChanged:
+ format: date-time
+ readOnly: true
+ type: string
+ syncState:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-crud:
+ - alias: update
+ arguments:
+ - dest: appId
+ parentSrc: appId
+ - dest: userId
+ src: id
+ - dest: appUser
+ self: true
+ operationId: updateApplicationUser
+ - alias: delete
+ arguments:
+ - dest: appId
+ parentSrc: appId
+ - dest: userId
+ src: id
+ operationId: deleteApplicationUser
+ x-okta-tags:
+ - Application
+ AppUserCredentials:
+ properties:
+ password:
+ $ref: '#/definitions/AppUserPasswordCredential'
+ userName:
+ type: string
+ type: object
+ x-okta-tags:
+ - Application
+ AppUserPasswordCredential:
+ properties:
+ value:
+ format: password
+ type: string
+ x-okta-tags:
+ - Application
+ Application:
+ properties:
+ _embedded:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ accessibility:
+ $ref: '#/definitions/ApplicationAccessibility'
+ created:
+ format: date-time
+ readOnly: true
+ type: string
+ credentials:
+ $ref: '#/definitions/ApplicationCredentials'
+ features:
+ items:
+ type: string
+ type: array
+ id:
+ readOnly: true
+ type: string
+ label:
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ licensing:
+ $ref: '#/definitions/ApplicationLicensing'
+ name:
+ readOnly: true
+ type: string
+ profile:
+ additionalProperties:
+ type: object
+ type: object
+ settings:
+ $ref: '#/definitions/ApplicationSettings'
+ signOnMode:
+ $ref: '#/definitions/ApplicationSignOnMode'
+ status:
+ enum:
+ - ACTIVE
+ - INACTIVE
+ - DELETED
+ readOnly: true
+ type: string
+ visibility:
+ $ref: '#/definitions/ApplicationVisibility'
+ type: object
+ x-okta-crud:
+ - alias: read
+ arguments:
+ - dest: appId
+ src: id
+ operationId: getApplication
+ - alias: update
+ arguments:
+ - dest: appId
+ src: id
+ - dest: application
+ self: true
+ operationId: updateApplication
+ - alias: delete
+ arguments:
+ - dest: appId
+ src: id
+ operationId: deleteApplication
+ x-okta-operations:
+ - alias: activate
+ arguments:
+ - dest: appId
+ src: id
+ operationId: activateApplication
+ - alias: deactivate
+ arguments:
+ - dest: appId
+ src: id
+ operationId: deactivateApplication
+ - alias: listApplicationUsers
+ arguments:
+ - dest: appId
+ src: id
+ operationId: listApplicationUsers
+ - alias: assignUserToApplication
+ arguments:
+ - dest: appId
+ src: id
+ operationId: assignUserToApplication
+ - alias: getApplicationUser
+ arguments:
+ - dest: appId
+ src: id
+ operationId: getApplicationUser
+ - alias: createApplicationGroupAssignment
+ arguments:
+ - dest: appId
+ src: id
+ operationId: createApplicationGroupAssignment
+ - alias: getApplicationGroupAssignment
+ arguments:
+ - dest: appId
+ src: id
+ operationId: getApplicationGroupAssignment
+ - alias: cloneApplicationKey
+ arguments:
+ - dest: appId
+ src: id
+ operationId: cloneApplicationKey
+ - alias: getApplicationKey
+ arguments:
+ - dest: appId
+ src: id
+ operationId: getApplicationKey
+ - alias: listGroupAssignments
+ arguments:
+ - dest: appId
+ src: id
+ operationId: listApplicationGroupAssignments
+ - alias: listKeys
+ arguments:
+ - dest: appId
+ src: id
+ operationId: listApplicationKeys
+ - alias: generateKey
+ arguments:
+ - dest: appId
+ src: id
+ operationId: generateApplicationKey
+ - alias: generateCsr
+ arguments:
+ - dest: appId
+ src: id
+ operationId: generateCsrForApplication
+ - alias: getCsr
+ arguments:
+ - dest: appId
+ src: id
+ operationId: getCsrForApplication
+ - alias: revokeCSR
+ arguments:
+ - dest: appId
+ src: id
+ operationId: revokeCSRFromApplication
+ - alias: listCsrs
+ arguments:
+ - dest: appId
+ src: id
+ operationId: listCsrsForApplication
+ - alias: publishCerCert
+ arguments:
+ - dest: appId
+ src: id
+ operationId: publishCerCert
+ - alias: publishBinaryCerCert
+ arguments:
+ - dest: appId
+ src: id
+ operationId: publishBinaryCerCert
+ - alias: publishDerCert
+ arguments:
+ - dest: appId
+ src: id
+ operationId: publishDerCert
+ - alias: publishBinaryDerCert
+ arguments:
+ - dest: appId
+ src: id
+ operationId: publishBinaryDerCert
+ - alias: publishBinaryPemCert
+ arguments:
+ - dest: appId
+ src: id
+ operationId: publishBinaryPemCert
+ - alias: listOAuth2Tokens
+ arguments:
+ - dest: appId
+ src: id
+ operationId: listOAuth2TokensForApplication
+ - alias: revokeOAuth2TokenForApplication
+ arguments:
+ - dest: appId
+ src: id
+ operationId: revokeOAuth2TokenForApplication
+ - alias: getOAuth2Token
+ arguments:
+ - dest: appId
+ src: id
+ operationId: getOAuth2TokenForApplication
+ - alias: revokeOAuth2Tokens
+ arguments:
+ - dest: appId
+ src: id
+ operationId: revokeOAuth2TokensForApplication
+ - alias: listScopeConsentGrants
+ arguments:
+ - dest: appId
+ src: id
+ operationId: listScopeConsentGrants
+ - alias: grantConsentToScope
+ arguments:
+ - dest: appId
+ src: id
+ operationId: grantConsentToScope
+ - alias: revokeScopeConsentGrant
+ arguments:
+ - dest: appId
+ src: id
+ operationId: revokeScopeConsentGrant
+ - alias: getScopeConsentGrant
+ arguments:
+ - dest: appId
+ src: id
+ operationId: getScopeConsentGrant
+ x-okta-tags:
+ - Application
+ x-openapi-v3-discriminator:
+ mapping:
+ AUTO_LOGIN: '#/definitions/AutoLoginApplication'
+ BASIC_AUTH: '#/definitions/BasicAuthApplication'
+ BOOKMARK: '#/definitions/BookmarkApplication'
+ BROWSER_PLUGIN: '#/definitions/BrowserPluginApplication'
+ OPENID_CONNECT: '#/definitions/OpenIdConnectApplication'
+ SAML_2_0: '#/definitions/SamlApplication'
+ SECURE_PASSWORD_STORE: '#/definitions/SecurePasswordStoreApplication'
+ WS_FEDERATION: '#/definitions/WsFederationApplication'
+ propertyName: signOnMode
+ ApplicationAccessibility:
+ properties:
+ errorRedirectUrl:
+ type: string
+ loginRedirectUrl:
+ type: string
+ selfService:
+ type: boolean
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationCredentials:
+ properties:
+ signing:
+ $ref: '#/definitions/ApplicationCredentialsSigning'
+ userNameTemplate:
+ $ref: '#/definitions/ApplicationCredentialsUsernameTemplate'
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationCredentialsOAuthClient:
+ properties:
+ autoKeyRotation:
+ type: boolean
+ client_id:
+ type: string
+ client_secret:
+ type: string
+ token_endpoint_auth_method:
+ $ref: '#/definitions/OAuthEndpointAuthenticationMethod'
+ x-okta-tags:
+ - Application
+ ApplicationCredentialsScheme:
+ enum:
+ - SHARED_USERNAME_AND_PASSWORD
+ - EXTERNAL_PASSWORD_SYNC
+ - EDIT_USERNAME_AND_PASSWORD
+ - EDIT_PASSWORD_ONLY
+ - ADMIN_SETS_CREDENTIALS
+ type: string
+ x-okta-tags:
+ - Application
+ ApplicationCredentialsSigning:
+ properties:
+ kid:
+ type: string
+ lastRotated:
+ format: date-time
+ readOnly: true
+ type: string
+ nextRotation:
+ format: date-time
+ readOnly: true
+ type: string
+ rotationMode:
+ type: string
+ use:
+ $ref: '#/definitions/ApplicationCredentialsSigningUse'
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationCredentialsSigningUse:
+ enum:
+ - sig
+ type: string
+ x-okta-tags:
+ - AuthorizationServer
+ ApplicationCredentialsUsernameTemplate:
+ properties:
+ suffix:
+ type: string
+ template:
+ type: string
+ type:
+ type: string
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationGroupAssignment:
+ properties:
+ _embedded:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ id:
+ readOnly: true
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ priority:
+ type: integer
+ profile:
+ additionalProperties:
+ type: object
+ type: object
+ type: object
+ x-okta-crud:
+ - alias: delete
+ arguments:
+ - dest: appId
+ parentSrc: appId
+ - dest: groupId
+ src: id
+ operationId: deleteApplicationGroupAssignment
+ x-okta-tags:
+ - Application
+ ApplicationLicensing:
+ properties:
+ seatCount:
+ type: integer
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationSettings:
+ properties:
+ app:
+ $ref: '#/definitions/ApplicationSettingsApplication'
+ implicitAssignment:
+ type: boolean
+ inlineHookId:
+ type: string
+ notifications:
+ $ref: '#/definitions/ApplicationSettingsNotifications'
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationSettingsApplication:
+ x-okta-tags:
+ - Application
+ ApplicationSettingsNotifications:
+ properties:
+ vpn:
+ $ref: '#/definitions/ApplicationSettingsNotificationsVpn'
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationSettingsNotificationsVpn:
+ properties:
+ helpUrl:
+ type: string
+ message:
+ type: string
+ network:
+ $ref: '#/definitions/ApplicationSettingsNotificationsVpnNetwork'
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationSettingsNotificationsVpnNetwork:
+ properties:
+ connection:
+ type: string
+ exclude:
+ items:
+ type: string
+ type: array
+ include:
+ items:
+ type: string
+ type: array
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationSignOnMode:
+ enum:
+ - BOOKMARK
+ - BASIC_AUTH
+ - BROWSER_PLUGIN
+ - SECURE_PASSWORD_STORE
+ - AUTO_LOGIN
+ - WS_FEDERATION
+ - SAML_2_0
+ - OPENID_CONNECT
+ - SAML_1_1
+ type: string
+ x-okta-tags:
+ - Application
+ ApplicationVisibility:
+ properties:
+ appLinks:
+ additionalProperties:
+ type: boolean
+ type: object
+ autoSubmitToolbar:
+ type: boolean
+ hide:
+ $ref: '#/definitions/ApplicationVisibilityHide'
+ type: object
+ x-okta-tags:
+ - Application
+ ApplicationVisibilityHide:
+ properties:
+ iOS:
+ type: boolean
+ web:
+ type: boolean
+ type: object
+ x-okta-tags:
+ - Application
+ AssignRoleRequest:
+ properties:
+ type:
+ $ref: '#/definitions/RoleType'
+ readOnly: false
+ x-okta-tags:
+ - Role
+ AuthenticationProvider:
+ properties:
+ name:
+ type: string
+ type:
+ $ref: '#/definitions/AuthenticationProviderType'
+ type: object
+ x-okta-tags:
+ - User
+ AuthenticationProviderType:
+ enum:
+ - ACTIVE_DIRECTORY
+ - FEDERATION
+ - LDAP
+ - OKTA
+ - SOCIAL
+ - IMPORT
+ type: string
+ x-okta-tags:
+ - User
+ AuthorizationServer:
+ properties:
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ audiences:
+ items:
+ type: string
+ type: array
+ created:
+ format: date-time
+ readOnly: true
+ type: string
+ credentials:
+ $ref: '#/definitions/AuthorizationServerCredentials'
+ description:
+ type: string
+ id:
+ readOnly: true
+ type: string
+ issuer:
+ type: string
+ issuerMode:
+ enum:
+ - ORG_URL
+ - CUSTOM_URL
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ name:
+ type: string
+ status:
+ enum:
+ - ACTIVE
+ - INACTIVE
+ type: string
+ type: object
+ x-okta-crud:
+ - alias: create
+ arguments:
+ - dest: authorizationServer
+ self: true
+ operationId: createAuthorizationServer
+ - alias: read
+ arguments: []
+ operationId: getAuthorizationServer
+ - alias: update
+ arguments:
+ - dest: authServerId
+ src: id
+ - dest: authorizationServer
+ self: true
+ operationId: updateAuthorizationServer
+ - alias: delete
+ arguments:
+ - dest: authServerId
+ src: id
+ - dest: authorizationServer
+ self: true
+ operationId: deleteAuthorizationServer
+ x-okta-operations:
+ - alias: listOAuth2Claims
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: listOAuth2Claims
+ - alias: createOAuth2Claim
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: createOAuth2Claim
+ - alias: deleteOAuth2Claim
+ arguments:
+ - dest: authServerId
+ src: id
+ - dest: claimId
+ src: id
+ operationId: deleteOAuth2Claim
+ - alias: getOAuth2Claim
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: getOAuth2Claim
+ - alias: updateOAuth2Claim
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: updateOAuth2Claim
+ - alias: listOAuth2Clients
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: listOAuth2ClientsForAuthorizationServer
+ - alias: revokeRefreshTokensForClient
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: revokeRefreshTokensForAuthorizationServerAndClient
+ - alias: listRefreshTokensForClient
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: listRefreshTokensForAuthorizationServerAndClient
+ - alias: getRefreshTokenForClient
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: getRefreshTokenForAuthorizationServerAndClient
+ - alias: revokeRefreshTokenForClient
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: revokeRefreshTokenForAuthorizationServerAndClient
+ - alias: listKeys
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: listAuthorizationServerKeys
+ - alias: rotateKeys
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: rotateAuthorizationServerKeys
+ - alias: activate
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: activateAuthorizationServer
+ - alias: deactivate
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: deactivateAuthorizationServer
+ - alias: listPolicies
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: listAuthorizationServerPolicies
+ - alias: createPolicy
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: createAuthorizationServerPolicy
+ - alias: deletePolicy
+ arguments:
+ - dest: authServerId
+ src: id
+ - dest: policyId
+ src: id
+ operationId: deleteAuthorizationServerPolicy
+ - alias: getPolicy
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: getAuthorizationServerPolicy
+ - alias: updatePolicy
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: updateAuthorizationServerPolicy
+ - alias: listOAuth2Scopes
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: listOAuth2Scopes
+ - alias: createOAuth2Scope
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: createOAuth2Scope
+ - alias: deleteOAuth2Scope
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: deleteOAuth2Scope
+ - alias: getOAuth2Scope
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: getOAuth2Scope
+ - alias: updateOAuth2Scope
+ arguments:
+ - dest: authServerId
+ src: id
+ operationId: updateOAuth2Scope
+ x-okta-tags:
+ - AuthorizationServer
+ AuthorizationServerCredentials:
+ properties:
+ signing:
+ $ref: '#/definitions/AuthorizationServerCredentialsSigningConfig'
+ x-okta-tags:
+ - Application
+ AuthorizationServerCredentialsRotationMode:
+ enum:
+ - AUTO
+ - MANUAL
+ type: string
+ x-okta-tags:
+ - AuthorizationServer
+ AuthorizationServerCredentialsSigningConfig:
+ properties:
+ kid:
type: string
- lastSync:
+ lastRotated:
format: date-time
readOnly: true
type: string
- lastUpdated:
+ nextRotation:
format: date-time
readOnly: true
type: string
- passwordChanged:
+ rotationMode:
+ $ref: '#/definitions/AuthorizationServerCredentialsRotationMode'
+ use:
+ $ref: '#/definitions/AuthorizationServerCredentialsUse'
+ x-okta-tags:
+ - AuthorizationServer
+ AuthorizationServerCredentialsUse:
+ enum:
+ - sig
+ type: string
+ x-okta-tags:
+ - AuthorizationServer
+ AutoLoginApplication:
+ properties:
+ credentials:
+ $ref: '#/definitions/SchemeApplicationCredentials'
+ settings:
+ $ref: '#/definitions/AutoLoginApplicationSettings'
+ x-okta-parent: '#/definitions/Application'
+ x-okta-tags:
+ - Application
+ AutoLoginApplicationSettings:
+ properties:
+ signOn:
+ $ref: '#/definitions/AutoLoginApplicationSettingsSignOn'
+ x-okta-parent: '#/definitions/ApplicationSettings'
+ x-okta-tags:
+ - Application
+ AutoLoginApplicationSettingsSignOn:
+ properties:
+ loginUrl:
+ type: string
+ redirectUrl:
+ type: string
+ x-okta-tags:
+ - Application
+ BasicApplicationSettings:
+ properties:
+ app:
+ $ref: '#/definitions/BasicApplicationSettingsApplication'
+ x-okta-parent: '#/definitions/ApplicationSettings'
+ x-okta-tags:
+ - Application
+ BasicApplicationSettingsApplication:
+ properties:
+ authURL:
+ type: string
+ url:
+ type: string
+ x-okta-parent: '#/definitions/ApplicationSettingsApplication'
+ x-okta-tags:
+ - Application
+ BasicAuthApplication:
+ properties:
+ credentials:
+ $ref: '#/definitions/SchemeApplicationCredentials'
+ name:
+ default: template_basic_auth
+ settings:
+ $ref: '#/definitions/BasicApplicationSettings'
+ x-okta-defined-as:
+ name: template_basic_auth
+ x-okta-parent: '#/definitions/Application'
+ x-okta-tags:
+ - Application
+ BeforeScheduledActionPolicyRuleCondition:
+ properties:
+ duration:
+ $ref: '#/definitions/Duration'
+ lifecycleAction:
+ $ref: '#/definitions/ScheduledUserLifecycleAction'
+ type: object
+ BookmarkApplication:
+ properties:
+ name:
+ default: bookmark
+ settings:
+ $ref: '#/definitions/BookmarkApplicationSettings'
+ x-okta-defined-as:
+ name: bookmark
+ x-okta-parent: '#/definitions/Application'
+ x-okta-tags:
+ - Application
+ BookmarkApplicationSettings:
+ properties:
+ app:
+ $ref: '#/definitions/BookmarkApplicationSettingsApplication'
+ x-okta-parent: '#/definitions/ApplicationSettings'
+ x-okta-tags:
+ - Application
+ BookmarkApplicationSettingsApplication:
+ properties:
+ requestIntegration:
+ type: boolean
+ url:
+ type: string
+ x-okta-parent: '#/definitions/ApplicationSettingsApplication'
+ x-okta-tags:
+ - Application
+ BrowserPluginApplication:
+ properties:
+ credentials:
+ $ref: '#/definitions/SchemeApplicationCredentials'
+ x-okta-parent: '#/definitions/Application'
+ x-okta-tags:
+ - Application
+ x-openapi-v3-discriminator:
+ mapping:
+ template_swa: '#/definitions/SwaApplication'
+ template_swa3field: '#/definitions/SwaThreeFieldApplication'
+ propertyName: name
+ CSR:
+ properties:
+ created:
format: date-time
readOnly: true
type: string
- profile:
- additionalProperties:
- type: object
- type: object
- scope:
- type: string
- status:
+ csr:
readOnly: true
type: string
- statusChanged:
- format: date-time
+ id:
readOnly: true
type: string
- syncState:
+ kty:
readOnly: true
type: string
type: object
- x-okta-crud:
- - alias: update
- arguments:
- - dest: appId
- parentSrc: appId
- - dest: userId
- src: id
- - dest: appUser
- self: true
- operationId: updateApplicationUser
- - alias: delete
- arguments:
- - dest: appId
- parentSrc: appId
- - dest: userId
- src: id
- operationId: deleteApplicationUser
+ CSRMetadata:
+ properties:
+ subject:
+ $ref: '#/definitions/CSRMetadataSubject'
+ subjectAltNames:
+ $ref: '#/definitions/CSRMetadataSubjectAltNames'
x-okta-tags:
- - Application
- AppUserCredentials:
+ - Apps
+ CSRMetadataSubject:
properties:
- password:
- $ref: '#/definitions/AppUserPasswordCredential'
- userName:
+ commonName:
+ type: string
+ countryName:
+ type: string
+ localityName:
+ type: string
+ organizationName:
+ type: string
+ organizationalUnitName:
+ type: string
+ stateOrProvinceName:
+ type: string
+ x-okta-tags:
+ - Apps
+ CSRMetadataSubjectAltNames:
+ properties:
+ dnsNames:
+ items:
+ type: string
+ type: array
+ x-okta-tags:
+ - Apps
+ CallUserFactor:
+ properties:
+ profile:
+ $ref: '#/definitions/CallUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
+ x-okta-tags:
+ - UserFactor
+ CallUserFactorProfile:
+ properties:
+ phoneExtension:
+ type: string
+ phoneNumber:
type: string
+ x-okta-tags:
+ - UserFactor
+ ChangePasswordRequest:
+ properties:
+ newPassword:
+ $ref: '#/definitions/PasswordCredential'
+ oldPassword:
+ $ref: '#/definitions/PasswordCredential'
type: object
x-okta-tags:
- - Application
- AppUserPasswordCredential:
+ - User
+ ClientPolicyCondition:
properties:
- value:
- format: password
+ include:
+ items:
+ type: string
+ type: array
+ type: object
+ ContextPolicyRuleCondition:
+ properties:
+ expression:
+ type: string
+ type: object
+ CreateSessionRequest:
+ properties:
+ sessionToken:
type: string
+ type: object
x-okta-tags:
- - Application
- Application:
+ - Session
+ CreateUserRequest:
+ properties:
+ credentials:
+ $ref: '#/definitions/UserCredentials'
+ groupIds:
+ items:
+ type: string
+ type: array
+ profile:
+ $ref: '#/definitions/UserProfile'
+ type:
+ $ref: '#/definitions/UserType'
+ type: object
+ x-okta-parent: '#/definitions/User'
+ x-okta-tags:
+ - User
+ DevicePolicyRuleCondition:
+ properties:
+ migrated:
+ type: boolean
+ platform:
+ $ref: '#/definitions/DevicePolicyRuleConditionPlatform'
+ rooted:
+ type: boolean
+ trustLevel:
+ enum:
+ - ANY
+ - TRUSTED
+ type: string
+ type: object
+ DevicePolicyRuleConditionPlatform:
+ properties:
+ supportedMDMFrameworks:
+ items:
+ $ref: '#/definitions/MDMFrameworks'
+ type: array
+ types:
+ items:
+ $ref: '#/definitions/Platforms'
+ type: array
+ type: object
+ Duration:
+ properties:
+ number:
+ type: integer
+ unit:
+ type: string
+ type: object
+ EmailUserFactor:
+ properties:
+ profile:
+ $ref: '#/definitions/EmailUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
+ x-okta-tags:
+ - UserFactor
+ EmailUserFactorProfile:
+ properties:
+ email:
+ type: string
+ x-okta-tags:
+ - UserFactor
+ EnabledStatus:
+ enum:
+ - ENABLED
+ - DISABLED
+ type: string
+ x-okta-tags:
+ - Common
+ EventHook:
properties:
- _embedded:
- additionalProperties:
- type: object
- readOnly: true
- type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
- accessibility:
- $ref: '#/definitions/ApplicationAccessibility'
- created:
- format: date-time
- readOnly: true
- type: string
- credentials:
- $ref: '#/definitions/ApplicationCredentials'
- features:
- items:
- type: string
- type: array
- id:
+ channel:
+ $ref: '#/definitions/EventHookChannel'
+ created:
+ format: date-time
readOnly: true
type: string
- label:
+ createdBy:
+ type: string
+ events:
+ $ref: '#/definitions/EventSubscriptions'
+ id:
+ readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
- licensing:
- $ref: '#/definitions/ApplicationLicensing'
name:
- readOnly: true
type: string
- profile:
- additionalProperties:
- type: object
- type: object
- settings:
- $ref: '#/definitions/ApplicationSettings'
- signOnMode:
- $ref: '#/definitions/ApplicationSignOnMode'
status:
enum:
- ACTIVE
- INACTIVE
- - DELETED
- readOnly: true
type: string
- visibility:
- $ref: '#/definitions/ApplicationVisibility'
+ verificationStatus:
+ enum:
+ - UNVERIFIED
+ - VERIFIED
+ type: string
type: object
x-okta-crud:
- - alias: read
+ - alias: create
arguments:
- - dest: appId
- src: id
- operationId: getApplication
+ - dest: eventHook
+ self: true
+ operationId: createEventHook
+ - alias: read
+ arguments: []
+ operationId: getEventHook
- alias: update
arguments:
- - dest: appId
+ - dest: eventHookId
src: id
- - dest: application
+ - dest: eventHook
self: true
- operationId: updateApplication
+ operationId: updateEventHook
- alias: delete
arguments:
- - dest: appId
+ - dest: eventHookId
src: id
- operationId: deleteApplication
+ operationId: deleteEventHook
x-okta-operations:
- alias: activate
arguments:
- - dest: appId
+ - dest: eventHookId
src: id
- operationId: activateApplication
+ operationId: activateEventHook
- alias: deactivate
arguments:
- - dest: appId
- src: id
- operationId: deactivateApplication
- - alias: listApplicationUsers
- arguments:
- - dest: appId
- src: id
- operationId: listApplicationUsers
- - alias: assignUserToApplication
- arguments:
- - dest: appId
- src: id
- operationId: assignUserToApplication
- - alias: getApplicationUser
- arguments:
- - dest: appId
- src: id
- operationId: getApplicationUser
- - alias: createApplicationGroupAssignment
- arguments:
- - dest: appId
- src: id
- operationId: createApplicationGroupAssignment
- - alias: getApplicationGroupAssignment
- arguments:
- - dest: appId
- src: id
- operationId: getApplicationGroupAssignment
- - alias: cloneApplicationKey
- arguments:
- - dest: appId
- src: id
- operationId: cloneApplicationKey
- - alias: getApplicationKey
- arguments:
- - dest: appId
- src: id
- operationId: getApplicationKey
- - alias: listGroupAssignments
- arguments:
- - dest: appId
+ - dest: eventHookId
src: id
- operationId: listApplicationGroupAssignments
- - alias: listKeys
+ operationId: deactivateEventHook
+ - alias: verify
arguments:
- - dest: appId
+ - dest: eventHookId
src: id
- operationId: listApplicationKeys
+ operationId: verifyEventHook
x-okta-tags:
- - Application
- x-openapi-v3-discriminator:
- mapping:
- AUTO_LOGIN: '#/definitions/AutoLoginApplication'
- BASIC_AUTH: '#/definitions/BasicAuthApplication'
- BOOKMARK: '#/definitions/BookmarkApplication'
- BROWSER_PLUGIN: '#/definitions/BrowserPluginApplication'
- OPENID_CONNECT: '#/definitions/OpenIdConnectApplication'
- SAML_2_0: '#/definitions/SamlApplication'
- SECURE_PASSWORD_STORE: '#/definitions/SecurePasswordStoreApplication'
- WS_FEDERATION: '#/definitions/WsFederationApplication'
- propertyName: signOnMode
- ApplicationAccessibility:
+ - EventHook
+ EventHookChannel:
properties:
- errorRedirectUrl:
+ config:
+ $ref: '#/definitions/EventHookChannelConfig'
+ readOnly: false
+ type:
+ enum:
+ - HTTP
+ readOnly: false
type: string
- loginRedirectUrl:
+ version:
+ readOnly: false
type: string
- selfService:
- type: boolean
type: object
- x-okta-tags:
- - Application
- ApplicationCredentials:
+ EventHookChannelConfig:
properties:
- signing:
- $ref: '#/definitions/ApplicationCredentialsSigning'
- userNameTemplate:
- $ref: '#/definitions/ApplicationCredentialsUsernameTemplate'
+ authScheme:
+ $ref: '#/definitions/EventHookChannelConfigAuthScheme'
+ type: object
+ headers:
+ items:
+ $ref: '#/definitions/EventHookChannelConfigHeader'
+ type: array
+ uri:
+ type: string
+ type: object
+ EventHookChannelConfigAuthScheme:
+ properties:
+ key:
+ type: string
+ type:
+ $ref: '#/definitions/EventHookChannelConfigAuthSchemeType'
+ value:
+ type: string
type: object
+ EventHookChannelConfigAuthSchemeType:
+ enum:
+ - HEADER
+ type: string
x-okta-tags:
- - Application
- ApplicationCredentialsOAuthClient:
+ - EventHook
+ EventHookChannelConfigHeader:
properties:
- autoKeyRotation:
- type: boolean
- client_id:
+ key:
type: string
- client_secret:
+ value:
type: string
- token_endpoint_auth_method:
- $ref: '#/definitions/OAuthEndpointAuthenticationMethod'
+ type: object
+ EventSubscriptions:
+ properties:
+ items:
+ items:
+ type: string
+ type: array
+ type:
+ enum:
+ - EVENT_TYPE
+ - FLOW_EVENT
+ type: string
+ type: object
+ FactorProvider:
+ enum:
+ - OKTA
+ - RSA
+ - GOOGLE
+ - SYMANTEC
+ - DUO
+ - YUBICO
+ type: string
x-okta-tags:
- - Application
- ApplicationCredentialsScheme:
+ - UserFactor
+ FactorResultType:
enum:
- - SHARED_USERNAME_AND_PASSWORD
- - EXTERNAL_PASSWORD_SYNC
- - EDIT_USERNAME_AND_PASSWORD
- - EDIT_PASSWORD_ONLY
- - ADMIN_SETS_CREDENTIALS
+ - SUCCESS
+ - CHALLENGE
+ - WAITING
+ - FAILED
+ - REJECTED
+ - TIMEOUT
+ - TIME_WINDOW_EXCEEDED
+ - PASSCODE_REPLAYED
+ - ERROR
+ - CANCELLED
type: string
x-okta-tags:
- - Application
- ApplicationCredentialsSigning:
+ - UserFactor
+ FactorStatus:
+ enum:
+ - PENDING_ACTIVATION
+ - ACTIVE
+ - INACTIVE
+ - NOT_SETUP
+ - ENROLLED
+ - DISABLED
+ - EXPIRED
+ type: string
+ x-okta-tags:
+ - UserFactor
+ FactorType:
+ enum:
+ - call
+ - email
+ - push
+ - question
+ - sms
+ - 'token:hardware'
+ - 'token:hotp'
+ - 'token:software:totp'
+ - token
+ - u2f
+ - web
+ - webauthn
+ type: string
+ x-okta-tags:
+ - UserFactor
+ Feature:
properties:
- kid:
- type: string
- lastRotated:
- format: date-time
+ _links:
+ additionalProperties:
+ type: object
readOnly: true
+ type: object
+ description:
type: string
- nextRotation:
- format: date-time
+ id:
readOnly: true
type: string
- rotationMode:
+ name:
type: string
+ stage:
+ $ref: '#/definitions/FeatureStage'
+ status:
+ $ref: '#/definitions/EnabledStatus'
+ type:
+ $ref: '#/definitions/FeatureType'
+ type: object
+ x-okta-crud:
+ - alias: read
+ arguments: []
+ operationId: getFeature
+ x-okta-operations:
+ - alias: updateLifecycle
+ arguments:
+ - dest: featureId
+ src: id
+ operationId: updateFeatureLifecycle
+ - alias: getDependents
+ arguments:
+ - dest: featureId
+ src: id
+ operationId: listFeatureDependents
+ - alias: getDependencies
+ arguments:
+ - dest: featureId
+ src: id
+ operationId: listFeatureDependencies
+ x-okta-tags:
+ - Feature
+ FeatureStage:
+ properties:
+ state:
+ $ref: '#/definitions/FeatureStageState'
+ value:
+ $ref: '#/definitions/FeatureStageValue'
type: object
x-okta-tags:
- - Application
- ApplicationCredentialsUsernameTemplate:
+ - Feature
+ FeatureStageState:
+ enum:
+ - OPEN
+ - CLOSED
+ type: string
+ x-okta-tags:
+ - Feature
+ FeatureStageValue:
+ enum:
+ - EA
+ - BETA
+ type: string
+ x-okta-tags:
+ - Feature
+ FeatureType:
+ enum:
+ - self-service
+ type: string
+ x-okta-tags:
+ - Feature
+ ForgotPasswordResponse:
properties:
- suffix:
- type: string
- template:
- type: string
- type:
+ resetPasswordUrl:
+ readOnly: true
type: string
+ x-okta-tags:
+ - User
+ GrantTypePolicyRuleCondition:
+ properties:
+ include:
+ items:
+ type: string
+ type: array
type: object
- x-okta-tags:
- - Application
- ApplicationGroupAssignment:
+ Group:
properties:
_embedded:
additionalProperties:
@@ -2919,75 +7992,71 @@ definitions:
type: object
readOnly: true
type: object
+ created:
+ format: date-time
+ readOnly: true
+ type: string
id:
readOnly: true
type: string
+ lastMembershipUpdated:
+ format: date-time
+ readOnly: true
+ type: string
lastUpdated:
format: date-time
readOnly: true
type: string
- priority:
- type: integer
+ objectClass:
+ items:
+ type: string
+ readOnly: true
+ type: array
profile:
- additionalProperties:
- type: object
- type: object
+ $ref: '#/definitions/GroupProfile'
+ type:
+ $ref: '#/definitions/GroupType'
+ readOnly: true
+ type: string
type: object
x-okta-crud:
+ - alias: update
+ arguments:
+ - dest: groupId
+ src: id
+ - dest: group
+ self: true
+ operationId: updateGroup
- alias: delete
arguments:
- - dest: appId
- parentSrc: appId
- dest: groupId
src: id
- operationId: deleteApplicationGroupAssignment
- x-okta-tags:
- - Application
- ApplicationLicensing:
- properties:
- seatCount:
- type: integer
- type: object
- x-okta-tags:
- - Application
- ApplicationSettings:
- properties:
- app:
- $ref: '#/definitions/ApplicationSettingsApplication'
- implicitAssignment:
- type: boolean
- inlineHookId:
- type: string
- notifications:
- $ref: '#/definitions/ApplicationSettingsNotifications'
- type: object
- x-okta-tags:
- - Application
- ApplicationSettingsApplication:
- x-okta-tags:
- - Application
- ApplicationSettingsNotifications:
- properties:
- vpn:
- $ref: '#/definitions/ApplicationSettingsNotificationsVpn'
- type: object
- x-okta-tags:
- - Application
- ApplicationSettingsNotificationsVpn:
- properties:
- helpUrl:
- type: string
- message:
- type: string
- network:
- $ref: '#/definitions/ApplicationSettingsNotificationsVpnNetwork'
- type: object
+ operationId: deleteGroup
+ x-okta-operations:
+ - alias: removeUser
+ arguments:
+ - dest: groupId
+ src: id
+ operationId: removeUserFromGroup
+ - alias: listUsers
+ arguments:
+ - dest: groupId
+ src: id
+ operationId: listGroupUsers
+ - alias: listApplications
+ arguments:
+ - dest: groupId
+ src: id
+ operationId: listAssignedApplicationsForGroup
+ - alias: assignRole
+ arguments:
+ - dest: groupId
+ src: id
+ operationId: assignRoleToGroup
x-okta-tags:
- - Application
- ApplicationSettingsNotificationsVpnNetwork:
+ - Group
+ GroupCondition:
properties:
- connection:
- type: string
exclude:
items:
type: string
@@ -2996,380 +8065,330 @@ definitions:
items:
type: string
type: array
- type: object
- x-okta-tags:
- - Application
- ApplicationSignOnMode:
- enum:
- - BOOKMARK
- - BASIC_AUTH
- - BROWSER_PLUGIN
- - SECURE_PASSWORD_STORE
- - AUTO_LOGIN
- - WS_FEDERATION
- - SAML_2_0
- - OPENID_CONNECT
- - SAML_1_1
- type: string
- x-okta-tags:
- - Application
- ApplicationVisibility:
- properties:
- appLinks:
- additionalProperties:
- type: boolean
- type: object
- autoSubmitToolbar:
- type: boolean
- hide:
- $ref: '#/definitions/ApplicationVisibilityHide'
- type: object
x-okta-tags:
- - Application
- ApplicationVisibilityHide:
+ - Policy
+ GroupPolicyRuleCondition:
properties:
- iOS:
- type: boolean
- web:
- type: boolean
+ exclude:
+ items:
+ type: string
+ type: array
+ include:
+ items:
+ type: string
+ type: array
type: object
- x-okta-tags:
- - Application
- AuthenticationProvider:
+ GroupProfile:
properties:
+ description:
+ type: string
name:
type: string
- type:
- $ref: '#/definitions/AuthenticationProviderType'
type: object
x-okta-tags:
- - User
- AuthenticationProviderType:
- enum:
- - ACTIVE_DIRECTORY
- - FEDERATION
- - LDAP
- - OKTA
- - SOCIAL
- - IMPORT
- type: string
- x-okta-tags:
- - User
- AutoLoginApplication:
- properties:
- credentials:
- $ref: '#/definitions/SchemeApplicationCredentials'
- settings:
- $ref: '#/definitions/AutoLoginApplicationSettings'
- x-okta-parent: '#/definitions/Application'
- x-okta-tags:
- - Application
- AutoLoginApplicationSettings:
- properties:
- signOn:
- $ref: '#/definitions/AutoLoginApplicationSettingsSignOn'
- x-okta-parent: '#/definitions/ApplicationSettings'
- x-okta-tags:
- - Application
- AutoLoginApplicationSettingsSignOn:
+ - Group
+ GroupRule:
properties:
- loginUrl:
- type: string
- redirectUrl:
+ actions:
+ $ref: '#/definitions/GroupRuleAction'
+ conditions:
+ $ref: '#/definitions/GroupRuleConditions'
+ created:
+ format: date-time
+ readOnly: true
type: string
- x-okta-tags:
- - Application
- BasicApplicationSettings:
- properties:
- app:
- $ref: '#/definitions/BasicApplicationSettingsApplication'
- x-okta-parent: '#/definitions/ApplicationSettings'
- x-okta-tags:
- - Application
- BasicApplicationSettingsApplication:
- properties:
- authURL:
+ id:
+ readOnly: true
type: string
- url:
+ lastUpdated:
+ format: date-time
+ readOnly: true
type: string
- x-okta-parent: '#/definitions/ApplicationSettingsApplication'
- x-okta-tags:
- - Application
- BasicAuthApplication:
- properties:
- credentials:
- $ref: '#/definitions/SchemeApplicationCredentials'
- name:
- default: template_basic_auth
- settings:
- $ref: '#/definitions/BasicApplicationSettings'
- x-okta-defined-as:
- name: template_basic_auth
- x-okta-parent: '#/definitions/Application'
- x-okta-tags:
- - Application
- BookmarkApplication:
- properties:
name:
- default: bookmark
- settings:
- $ref: '#/definitions/BookmarkApplicationSettings'
- x-okta-defined-as:
- name: bookmark
- x-okta-parent: '#/definitions/Application'
- x-okta-tags:
- - Application
- BookmarkApplicationSettings:
- properties:
- app:
- $ref: '#/definitions/BookmarkApplicationSettingsApplication'
- x-okta-parent: '#/definitions/ApplicationSettings'
- x-okta-tags:
- - Application
- BookmarkApplicationSettingsApplication:
- properties:
- requestIntegration:
- type: boolean
- url:
type: string
- x-okta-parent: '#/definitions/ApplicationSettingsApplication'
+ status:
+ $ref: '#/definitions/GroupRuleStatus'
+ readOnly: true
+ type:
+ type: string
+ type: object
+ x-okta-crud:
+ - alias: update
+ arguments:
+ - dest: ruleId
+ src: id
+ - dest: groupRule
+ self: true
+ operationId: updateGroupRule
+ - alias: delete
+ arguments:
+ - dest: ruleId
+ src: id
+ operationId: deleteGroupRule
+ x-okta-operations:
+ - alias: activate
+ arguments:
+ - dest: ruleId
+ src: id
+ operationId: activateGroupRule
+ - alias: deactivate
+ arguments:
+ - dest: ruleId
+ src: id
+ operationId: deactivateGroupRule
x-okta-tags:
- - Application
- BrowserPluginApplication:
+ - GroupRule
+ GroupRuleAction:
properties:
- credentials:
- $ref: '#/definitions/SchemeApplicationCredentials'
- x-okta-parent: '#/definitions/Application'
+ assignUserToGroups:
+ $ref: '#/definitions/GroupRuleGroupAssignment'
+ type: object
x-okta-tags:
- - Application
- x-openapi-v3-discriminator:
- mapping:
- template_swa: '#/definitions/SwaApplication'
- template_swa3field: '#/definitions/SwaThreeFieldApplication'
- propertyName: name
- CallFactor:
+ - GroupRule
+ GroupRuleConditions:
properties:
- profile:
- $ref: '#/definitions/CallFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ expression:
+ $ref: '#/definitions/GroupRuleExpression'
+ people:
+ $ref: '#/definitions/GroupRulePeopleCondition'
+ type: object
x-okta-tags:
- - UserFactor
- CallFactorProfile:
+ - GroupRule
+ GroupRuleExpression:
properties:
- phoneExtension:
+ type:
type: string
- phoneNumber:
+ value:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
+ type: object
x-okta-tags:
- - UserFactor
- ChangePasswordRequest:
+ - GroupRule
+ GroupRuleGroupAssignment:
properties:
- newPassword:
- $ref: '#/definitions/PasswordCredential'
- oldPassword:
- $ref: '#/definitions/PasswordCredential'
+ groupIds:
+ items:
+ type: string
+ type: array
type: object
x-okta-tags:
- - User
- CreateSessionRequest:
+ - GroupRule
+ GroupRuleGroupCondition:
properties:
- sessionToken:
- type: string
+ exclude:
+ items:
+ type: string
+ type: array
+ include:
+ items:
+ type: string
+ type: array
type: object
x-okta-tags:
- - Session
- EmailAddress:
+ - GroupRule
+ GroupRulePeopleCondition:
properties:
- status:
- $ref: '#/definitions/EmailStatus'
- readOnly: true
- type:
- $ref: '#/definitions/EmailType'
- readOnly: true
- value:
- readOnly: true
- type: string
+ groups:
+ $ref: '#/definitions/GroupRuleGroupCondition'
+ users:
+ $ref: '#/definitions/GroupRuleUserCondition'
type: object
x-okta-tags:
- - User
- EmailFactor:
+ - GroupRule
+ GroupRuleStatus:
+ enum:
+ - ACTIVE
+ - INACTIVE
+ - INVALID
+ type: string
+ x-okta-tags:
+ - GroupRule
+ GroupRuleUserCondition:
+ properties:
+ exclude:
+ items:
+ type: string
+ type: array
+ include:
+ items:
+ type: string
+ type: array
+ type: object
+ x-okta-tags:
+ - GroupRule
+ GroupType:
+ enum:
+ - OKTA_GROUP
+ - APP_GROUP
+ - BUILT_IN
+ type: string
+ x-okta-tags:
+ - Group
+ HardwareUserFactor:
properties:
profile:
- $ref: '#/definitions/EmailFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ $ref: '#/definitions/HardwareUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
x-okta-tags:
- UserFactor
- EmailFactorProfile:
+ HardwareUserFactorProfile:
properties:
- email:
+ credentialId:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
x-okta-tags:
- UserFactor
- EmailStatus:
- enum:
- - VERIFIED
- - UNVERIFIED
- type: string
- x-okta-tags:
- - User
- EmailType:
- enum:
- - PRIMARY
- - SECONDARY
- type: string
- x-okta-tags:
- - User
- Factor:
+ IdentityProvider:
properties:
- _embedded:
- additionalProperties:
- type: object
- readOnly: true
- type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
- device:
- type: string
- deviceType:
+ created:
+ format: date-time
readOnly: true
type: string
- factorType:
- $ref: '#/definitions/FactorType'
id:
readOnly: true
type: string
- mfaStateTokenId:
+ issuerMode:
+ enum:
+ - ORG_URL
+ - CUSTOM_URL_DOMAIN
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
type: string
- x-okta-deprecated: 1.10.0
- profile:
- $ref: '#/definitions/FactorProfile'
- provider:
- $ref: '#/definitions/FactorProvider'
- rechallengeExistingFactor:
- type: boolean
- sessionId:
+ name:
type: string
+ policy:
+ $ref: '#/definitions/IdentityProviderPolicy'
+ protocol:
+ $ref: '#/definitions/Protocol'
status:
- $ref: '#/definitions/FactorStatus'
- readOnly: true
- tokenLifetimeSeconds:
- type: integer
- userId:
+ enum:
+ - ACTIVE
+ - INACTIVE
+ type: string
+ type:
+ enum:
+ - SAML2
+ - GOOGLE
+ - FACEBOOK
+ - LINKEDIN
+ - MICROSOFT
+ - OIDC
+ - OKTA
+ - IWA
+ - AgentlessDSSO
+ - X509
type: string
- verify:
- $ref: '#/definitions/VerifyFactorRequest'
type: object
x-okta-crud:
- - alias: delete
- arguments:
- - dest: factorId
- src: id
- - dest: userId
- parentSrc: id
- operationId: deleteFactor
- x-okta-operations:
- - alias: activate
+ - alias: create
arguments:
- - dest: factorId
- src: id
- - dest: userId
- parentSrc: id
- operationId: activateFactor
- - alias: verify
+ - dest: idpTrust
+ self: true
+ operationId: createIdentityProvider
+ - alias: read
+ arguments: []
+ operationId: getIdentityProvider
+ - alias: update
arguments:
- - dest: factorId
+ - dest: idpId
src: id
- - dest: userId
- parentSrc: id
- operationId: verifyFactor
- x-okta-tags:
- - UserFactor
- x-openapi-v3-discriminator:
- mapping:
- call: '#/definitions/CallFactor'
- email: '#/definitions/EmailFactor'
- push: '#/definitions/PushFactor'
- question: '#/definitions/SecurityQuestionFactor'
- sms: '#/definitions/SmsFactor'
- token: '#/definitions/TokenFactor'
- 'token:hardware': '#/definitions/HardwareFactor'
- 'token:software:totp': '#/definitions/TotpFactor'
- u2f: '#/definitions/U2fFactor'
- web: '#/definitions/WebFactor'
- propertyName: factorType
- FactorProfile:
- properties: {}
- x-okta-tags:
- - UserFactor
- FactorProvider:
- enum:
- - OKTA
- - RSA
- - GOOGLE
- - SYMANTEC
- - DUO
- - YUBICO
- - FIDO
- type: string
- x-okta-tags:
- - UserFactor
- FactorResultType:
- enum:
- - SUCCESS
- - CHALLENGE
- - WAITING
- - FAILED
- - REJECTED
- - TIMEOUT
- - TIME_WINDOW_EXCEEDED
- - PASSCODE_REPLAYED
- - ERROR
- type: string
- x-okta-tags:
- - UserFactor
- FactorStatus:
- enum:
- - PENDING_ACTIVATION
- - ACTIVE
- - INACTIVE
- - NOT_SETUP
- - ENROLLED
- - DISABLED
- - EXPIRED
- type: string
- x-okta-tags:
- - UserFactor
- FactorType:
- enum:
- - push
- - sms
- - call
- - token
- - 'token:software:totp'
- - 'token:hardware'
- - question
- - web
- - email
- - u2f
- - webauthn
- - 'token:software'
- - custom
- type: string
- x-okta-tags:
- - UserFactor
- ForgotPasswordResponse:
- properties:
- resetPasswordUrl:
- readOnly: true
- type: string
+ - dest: idpTrust
+ self: true
+ operationId: updateIdentityProvider
+ - alias: delete
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: deleteIdentityProvider
+ x-okta-operations:
+ - alias: listSigningCsrs
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: listCsrsForIdentityProvider
+ - alias: generateCsr
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: generateCsrForIdentityProvider
+ - alias: deleteSigningCsr
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: revokeCsrForIdentityProvider
+ - alias: getSigningCsr
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: getCsrForIdentityProvider
+ - alias: listSigningKeys
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: listIdentityProviderSigningKeys
+ - alias: generateSigningKey
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: generateIdentityProviderSigningKey
+ - alias: getSigningKey
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: getIdentityProviderSigningKey
+ - alias: deleteSigningKey
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: deleteIdentityProviderKey
+ - alias: cloneKey
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: cloneIdentityProviderKey
+ - alias: activate
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: activateIdentityProvider
+ - alias: deactivate
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: deactivateIdentityProvider
+ - alias: listUsers
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: listIdentityProviderApplicationUsers
+ - alias: unlinkUser
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: unlinkUserFromIdentityProvider
+ - alias: getUser
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: getIdentityProviderApplicationUser
+ - alias: linkUser
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: linkUserToIdentityProvider
+ - alias: listSocialAuthTokens
+ arguments:
+ - dest: idpId
+ src: id
+ operationId: listSocialAuthTokens
x-okta-tags:
- - User
- Group:
+ - IdentityProvider
+ IdentityProviderApplicationUser:
properties:
_embedded:
additionalProperties:
@@ -3382,91 +8401,100 @@ definitions:
readOnly: true
type: object
created:
- format: date-time
- readOnly: true
type: string
- id:
- readOnly: true
+ externalId:
type: string
- lastMembershipUpdated:
- format: date-time
+ id:
readOnly: true
type: string
lastUpdated:
- format: date-time
- readOnly: true
type: string
- objectClass:
- items:
- type: string
- readOnly: true
- type: array
profile:
- $ref: '#/definitions/GroupProfile'
- type:
- readOnly: true
+ additionalProperties:
+ type: object
+ type: object
+ type: object
+ IdentityProviderCredentials:
+ properties:
+ client:
+ $ref: '#/definitions/IdentityProviderCredentialsClient'
+ signing:
+ $ref: '#/definitions/IdentityProviderCredentialsSigning'
+ trust:
+ $ref: '#/definitions/IdentityProviderCredentialsTrust'
+ type: object
+ IdentityProviderCredentialsClient:
+ properties:
+ client_id:
+ type: string
+ client_secret:
type: string
type: object
- x-okta-crud:
- - alias: update
- arguments:
- - dest: groupId
- src: id
- - dest: group
- self: true
- operationId: updateGroup
- - alias: delete
- arguments:
- - dest: groupId
- src: id
- operationId: deleteGroup
- x-okta-operations:
- - alias: removeUser
- arguments:
- - dest: groupId
- src: id
- operationId: removeGroupUser
- - alias: listUsers
- arguments:
- - dest: groupId
- src: id
- operationId: listGroupUsers
+ IdentityProviderCredentialsSigning:
+ properties:
+ kid:
+ type: string
+ type: object
+ IdentityProviderCredentialsTrust:
+ properties:
+ audience:
+ type: string
+ issuer:
+ type: string
+ kid:
+ type: string
+ revocation:
+ enum:
+ - CRL
+ - DELTA_CRL
+ - OCSP
+ type: string
+ revocationCacheLifetime:
+ type: integer
+ type: object
+ IdentityProviderPolicy:
+ properties:
+ accountLink:
+ $ref: '#/definitions/PolicyAccountLink'
+ maxClockSkew:
+ type: integer
+ provisioning:
+ $ref: '#/definitions/Provisioning'
+ subject:
+ $ref: '#/definitions/PolicySubject'
+ type: object
+ x-okta-parent: '#/definitions/Policy'
x-okta-tags:
- - Group
- GroupCondition:
+ - Policy
+ IdentityProviderPolicyRuleCondition:
properties:
- exclude:
- items:
- type: string
- type: array
- include:
+ idpIds:
items:
type: string
type: array
- x-okta-tags:
- - Policy
- GroupProfile:
- properties:
- description:
+ provider:
+ enum:
+ - ANY
+ - OKTA
+ - SPECIFIC_IDP
type: string
- name:
+ type: object
+ InactivityPolicyRuleCondition:
+ properties:
+ number:
+ type: integer
+ unit:
type: string
type: object
- x-okta-tags:
- - Group
- GroupRule:
+ InlineHook:
properties:
- _embedded:
+ _links:
additionalProperties:
type: object
readOnly: true
type: object
- actions:
- $ref: '#/definitions/GroupRuleAction'
- allGroupsValid:
- type: boolean
- conditions:
- $ref: '#/definitions/GroupRuleConditions'
+ channel:
+ $ref: '#/definitions/InlineHookChannel'
created:
format: date-time
readOnly: true
@@ -3481,128 +8509,180 @@ definitions:
name:
type: string
status:
- $ref: '#/definitions/GroupRuleStatus'
- readOnly: true
+ enum:
+ - ACTIVE
+ - INACTIVE
+ type: string
type:
+ enum:
+ - TEST
+ - TEST2
+ - WEBHOOK
+ - OAUTH2_TOKEN_TRANSFORM
+ - SAML_ASSERTION_TRANSFORM
+ - PRE_REGISTRATION
+ - IMPORT_TRANSFORM
+ - PASSWORD_IMPORT
+ type: string
+ version:
type: string
type: object
x-okta-crud:
+ - alias: create
+ arguments:
+ - dest: inlineHook
+ self: true
+ operationId: createInlineHook
+ - alias: read
+ arguments: []
+ operationId: getInlineHook
- alias: update
arguments:
- - dest: ruleId
+ - dest: inlineHookId
src: id
- - dest: groupRule
+ - dest: inlineHook
self: true
- operationId: updateRule
+ operationId: updateInlineHook
- alias: delete
arguments:
- - dest: ruleId
+ - dest: inlineHookId
src: id
- operationId: deleteRule
+ operationId: deleteInlineHook
x-okta-operations:
- alias: activate
arguments:
- - dest: ruleId
+ - dest: inlineHookId
src: id
- operationId: activateRule
+ operationId: activateInlineHook
- alias: deactivate
arguments:
- - dest: ruleId
+ - dest: inlineHookId
src: id
- operationId: deactivateRule
- x-okta-tags:
- - GroupRule
- GroupRuleAction:
+ operationId: deactivateInlineHook
+ - alias: execute
+ arguments:
+ - dest: inlineHookId
+ src: id
+ operationId: executeInlineHook
+ InlineHookChannel:
properties:
- assignUserToGroups:
- $ref: '#/definitions/GroupRuleGroupAssignment'
+ config:
+ $ref: '#/definitions/InlineHookChannelConfig'
+ readOnly: false
+ type:
+ enum:
+ - HTTP
+ readOnly: false
+ type: string
+ version:
+ readOnly: false
+ type: string
type: object
- x-okta-tags:
- - GroupRule
- GroupRuleConditions:
+ InlineHookChannelConfig:
properties:
- expression:
- $ref: '#/definitions/GroupRuleExpression'
- people:
- $ref: '#/definitions/GroupRulePeopleCondition'
+ authScheme:
+ $ref: '#/definitions/InlineHookChannelConfigAuthScheme'
+ type: object
+ headers:
+ items:
+ $ref: '#/definitions/InlineHookChannelConfigHeaders'
+ type: array
+ uri:
+ type: string
type: object
- x-okta-tags:
- - GroupRule
- GroupRuleExpression:
+ InlineHookChannelConfigAuthScheme:
properties:
+ key:
+ type: string
type:
type: string
value:
type: string
type: object
- x-okta-tags:
- - GroupRule
- GroupRuleGroupAssignment:
+ InlineHookChannelConfigHeaders:
properties:
- groupIds:
- items:
- type: string
- type: array
+ key:
+ type: string
+ value:
+ type: string
type: object
- x-okta-tags:
- - GroupRule
- GroupRuleGroupCondition:
+ InlineHookPayload:
+ type: object
+ x-okta-extensible: true
+ InlineHookResponse:
properties:
- exclude:
+ commands:
items:
- type: string
+ $ref: '#/definitions/InlineHookResponseCommands'
type: array
- include:
+ type: object
+ InlineHookResponseCommandValue:
+ properties:
+ op:
+ type: string
+ path:
+ type: string
+ value:
+ type: string
+ InlineHookResponseCommands:
+ properties:
+ type:
+ type: string
+ value:
items:
- type: string
+ $ref: '#/definitions/InlineHookResponseCommandValue'
type: array
- type: object
- x-okta-tags:
- - GroupRule
- GroupRulePeopleCondition:
+ IonField:
properties:
- groups:
- $ref: '#/definitions/GroupRuleGroupCondition'
- users:
- $ref: '#/definitions/GroupRuleUserCondition'
+ form:
+ $ref: '#/definitions/IonForm'
+ label:
+ type: string
+ mutable:
+ type: boolean
+ name:
+ type: string
+ required:
+ type: boolean
+ secret:
+ type: boolean
+ type:
+ type: string
+ value:
+ additionalProperties:
+ type: object
+ type: object
+ visible:
+ type: boolean
type: object
- x-okta-tags:
- - GroupRule
- GroupRuleStatus:
- enum:
- - ACTIVE
- - INACTIVE
- - INVALID
- type: string
- x-okta-tags:
- - GroupRule
- GroupRuleUserCondition:
+ IonForm:
properties:
- exclude:
+ accepts:
+ type: string
+ href:
+ type: string
+ method:
+ type: string
+ name:
+ type: string
+ produces:
+ type: string
+ refresh:
+ type: integer
+ rel:
items:
type: string
type: array
- include:
+ relatesTo:
items:
type: string
type: array
+ value:
+ items:
+ $ref: '#/definitions/IonField'
+ readOnly: true
+ type: array
type: object
- x-okta-tags:
- - GroupRule
- HardwareFactor:
- properties:
- profile:
- $ref: '#/definitions/HardwareFactorProfile'
- x-okta-parent: '#/definitions/Factor'
- x-okta-tags:
- - UserFactor
- HardwareFactorProfile:
- properties:
- credentialId:
- type: string
- x-okta-parent: '#/definitions/FactorProfile'
- x-okta-tags:
- - UserFactor
JsonWebKey:
properties:
_links:
@@ -3621,8 +8701,6 @@ definitions:
readOnly: true
type: string
expiresAt:
- format: date-time
- readOnly: true
type: string
key_ops:
items:
@@ -3651,7 +8729,7 @@ definitions:
x5c:
items:
type: string
- readOnly: true
+ readOnly: false
type: array
x5t:
readOnly: true
@@ -3665,6 +8743,66 @@ definitions:
type: object
x-okta-tags:
- Application
+ JwkUse:
+ properties:
+ use:
+ enum:
+ - sig
+ type: string
+ LifecycleExpirationPolicyRuleCondition:
+ properties:
+ lifecycleStatus:
+ type: string
+ number:
+ type: integer
+ unit:
+ type: string
+ type: object
+ LinkedObject:
+ properties:
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ name:
+ type: string
+ associated:
+ $ref: '#/definitions/LinkedObjectDetails'
+ primary:
+ $ref: '#/definitions/LinkedObjectDetails'
+ type: object
+ x-okta-crud:
+ - alias: create
+ arguments:
+ - dest: linkedObjectDefinition
+ self: true
+ operationId: addLinkedObjectDefinition
+ - alias: read
+ arguments: []
+ operationId: getLinkedObjectDefinition
+ - alias: delete
+ arguments:
+ - dest: linkedObjectName
+ src: name
+ operationId: deleteLinkedObjectDefinition
+ x-okta-tags:
+ - LinkedObject
+ LinkedObjectDetails:
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ title:
+ type: string
+ type:
+ $ref: '#/definitions/LinkedObjectDetailsType'
+ type: object
+ LinkedObjectDetailsType:
+ enum:
+ - USER
+ type: string
LogActor:
properties:
alternateId:
@@ -3697,15 +8835,9 @@ definitions:
readOnly: true
type: integer
credentialProvider:
- items:
- $ref: '#/definitions/LogCredentialProvider'
- readOnly: true
- type: array
+ $ref: '#/definitions/LogCredentialProvider'
credentialType:
- items:
- $ref: '#/definitions/LogCredentialType'
- readOnly: true
- type: array
+ $ref: '#/definitions/LogCredentialType'
externalSessionId:
readOnly: true
type: string
@@ -3880,131 +9012,400 @@ definitions:
geographicalContext:
$ref: '#/definitions/LogGeographicalContext'
readOnly: true
- ip:
+ ip:
+ readOnly: true
+ type: string
+ source:
+ readOnly: true
+ type: string
+ version:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-tags:
+ - Log
+ LogIssuer:
+ properties:
+ id:
+ readOnly: true
+ type: string
+ type:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-tags:
+ - Log
+ LogOutcome:
+ properties:
+ reason:
+ readOnly: true
+ type: string
+ result:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-tags:
+ - Log
+ LogRequest:
+ properties:
+ ipChain:
+ items:
+ $ref: '#/definitions/LogIpAddress'
+ readOnly: true
+ type: array
+ type: object
+ x-okta-tags:
+ - Log
+ LogSecurityContext:
+ properties:
+ asNumber:
+ readOnly: true
+ type: integer
+ asOrg:
+ readOnly: true
+ type: string
+ domain:
+ readOnly: true
+ type: string
+ isProxy:
+ readOnly: true
+ type: boolean
+ isp:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-tags:
+ - Log
+ LogSeverity:
+ enum:
+ - DEBUG
+ - INFO
+ - WARN
+ - ERROR
+ type: string
+ x-okta-tags:
+ - Log
+ LogTarget:
+ properties:
+ alternateId:
+ readOnly: true
+ type: string
+ detailEntry:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ displayName:
+ readOnly: true
+ type: string
+ id:
+ readOnly: true
+ type: string
+ type:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-tags:
+ - Log
+ LogTransaction:
+ properties:
+ detail:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ id:
+ readOnly: true
+ type: string
+ type:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-tags:
+ - Log
+ LogUserAgent:
+ properties:
+ browser:
+ readOnly: true
+ type: string
+ os:
+ readOnly: true
+ type: string
+ rawUserAgent:
+ readOnly: true
+ type: string
+ type: object
+ x-okta-tags:
+ - Log
+ MDMEnrollmentPolicyRuleCondition:
+ properties:
+ blockNonSafeAndroid:
+ type: boolean
+ enrollment:
+ enum:
+ - OMM
+ - ANY_OR_NONE
+ type: string
+ type: object
+ MDMFrameworks:
+ enum:
+ - authorization_code
+ - implicit
+ - password
+ - refresh_token
+ - client_credentials
+ type: string
+ OAuth2Actor:
+ properties:
+ id:
+ readOnly: true
+ type: string
+ type:
+ type: string
+ type: object
+ OAuth2Claim:
+ properties:
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ alwaysIncludeInToken:
+ type: boolean
+ claimType:
+ enum:
+ - IDENTITY
+ - RESOURCE
+ type: string
+ conditions:
+ $ref: '#/definitions/OAuth2ClaimConditions'
+ group_filter_type:
+ enum:
+ - STARTS_WITH
+ - EQUALS
+ - CONTAINS
+ - REGEX
+ type: string
+ id:
+ readOnly: true
+ type: string
+ name:
+ type: string
+ status:
+ enum:
+ - ACTIVE
+ - INACTIVE
+ type: string
+ system:
+ type: boolean
+ value:
+ type: string
+ valueType:
+ enum:
+ - EXPRESSION
+ - GROUPS
+ - SYSTEM
+ type: string
+ type: object
+ OAuth2ClaimConditions:
+ properties:
+ scopes:
+ items:
+ type: string
+ type: array
+ type: object
+ x-okta-tags:
+ - AuthorizationServer
+ OAuth2Client:
+ properties:
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ client_id:
readOnly: true
type: string
- source:
+ client_name:
readOnly: true
type: string
- version:
+ client_uri:
+ readOnly: true
+ type: string
+ logo_uri:
readOnly: true
type: string
type: object
- x-okta-tags:
- - Log
- LogIssuer:
+ OAuth2RefreshToken:
properties:
- id:
+ _embedded:
+ additionalProperties:
+ type: object
readOnly: true
+ type: object
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ clientId:
type: string
- type:
+ created:
+ format: date-time
readOnly: true
type: string
- type: object
- x-okta-tags:
- - Log
- LogOutcome:
- properties:
- reason:
+ createdBy:
+ $ref: '#/definitions/OAuth2Actor'
+ expiresAt:
+ format: date-time
readOnly: true
type: string
- result:
+ id:
readOnly: true
type: string
- type: object
- x-okta-tags:
- - Log
- LogRequest:
- properties:
- ipChain:
- items:
- $ref: '#/definitions/LogIpAddress'
+ issuer:
+ type: string
+ lastUpdated:
+ format: date-time
readOnly: true
+ type: string
+ scopes:
+ items:
+ type: string
type: array
+ status:
+ enum:
+ - ACTIVE
+ - REVOKED
+ type: string
+ userId:
+ type: string
type: object
- x-okta-tags:
- - Log
- LogSecurityContext:
+ OAuth2Scope:
properties:
- asNumber:
- readOnly: true
- type: integer
- asOrg:
- readOnly: true
- type: string
- domain:
- readOnly: true
+ consent:
+ enum:
+ - REQUIRED
+ - IMPLICIT
+ - ADMIN
type: string
- isProxy:
- readOnly: true
+ default:
type: boolean
- isp:
+ description:
+ type: string
+ displayName:
+ type: string
+ id:
readOnly: true
type: string
+ metadataPublish:
+ enum:
+ - ALL_CLIENTS
+ - NO_CLIENTS
+ type: string
+ name:
+ type: string
+ system:
+ type: boolean
type: object
- x-okta-tags:
- - Log
- LogSeverity:
- enum:
- - DEBUG
- - INFO
- - WARN
- - ERROR
- type: string
- x-okta-tags:
- - Log
- LogTarget:
+ OAuth2ScopeConsentGrant:
properties:
- alternateId:
+ _embedded:
+ additionalProperties:
+ type: object
readOnly: true
- type: string
- detailEntry:
+ type: object
+ _links:
additionalProperties:
type: object
readOnly: true
type: object
- displayName:
+ clientId:
+ type: string
+ created:
+ format: date-time
readOnly: true
type: string
+ createdBy:
+ $ref: '#/definitions/OAuth2Actor'
id:
readOnly: true
type: string
- type:
+ issuer:
+ type: string
+ lastUpdated:
+ format: date-time
readOnly: true
type: string
+ scopeId:
+ type: string
+ source:
+ $ref: '#/definitions/OAuth2ScopeConsentGrantSource'
+ status:
+ $ref: '#/definitions/OAuth2ScopeConsentGrantStatus'
type: object
- x-okta-tags:
- - Log
- LogTransaction:
+ OAuth2ScopeConsentGrantSource:
+ enum:
+ - END_USER
+ - ADMIN
+ type: string
+ OAuth2ScopeConsentGrantStatus:
+ enum:
+ - ACTIVE
+ - REVOKED
+ type: string
+ OAuth2ScopesMediationPolicyRuleCondition:
properties:
- detail:
+ include:
+ items:
+ type: string
+ type: array
+ type: object
+ OAuth2Token:
+ properties:
+ _embedded:
additionalProperties:
type: object
readOnly: true
type: object
- id:
+ _links:
+ additionalProperties:
+ type: object
readOnly: true
+ type: object
+ clientId:
type: string
- type:
+ created:
+ format: date-time
readOnly: true
type: string
- type: object
- x-okta-tags:
- - Log
- LogUserAgent:
- properties:
- browser:
+ expiresAt:
+ format: date-time
readOnly: true
type: string
- os:
+ id:
readOnly: true
type: string
- rawUserAgent:
+ issuer:
+ type: string
+ lastUpdated:
+ format: date-time
readOnly: true
type: string
+ scopes:
+ items:
+ type: string
+ type: array
+ status:
+ enum:
+ - ACTIVE
+ - REVOKED
+ type: string
+ userId:
+ type: string
type: object
x-okta-tags:
- - Log
+ - Application
OAuthApplicationCredentials:
properties:
oauthClient:
@@ -4012,6 +9413,10 @@ definitions:
x-okta-parent: '#/definitions/ApplicationCredentials'
x-okta-tags:
- Application
+ OAuthAuthorizationPolicy:
+ x-okta-parent: '#/definitions/Policy'
+ x-okta-tags:
+ - Policy
OAuthEndpointAuthenticationMethod:
enum:
- none
@@ -4051,6 +9456,7 @@ definitions:
properties:
people:
$ref: '#/definitions/PolicyPeopleCondition'
+ x-okta-parent: '#/definition/PolicyRuleConditions'
x-okta-tags:
- Policy
OktaSignOnPolicyRule:
@@ -4140,6 +9546,11 @@ definitions:
type: string
x-okta-tags:
- Application
+ OpenIdConnectApplicationIssuerMode:
+ enum:
+ - CUSTOM_URL
+ - ORG_URL
+ type: string
OpenIdConnectApplicationSettings:
properties:
oauthClient:
@@ -4159,10 +9570,18 @@ definitions:
items:
$ref: '#/definitions/OAuthGrantType'
type: array
+ initiate_login_uri:
+ type: string
+ issuer_mode:
+ $ref: '#/definitions/OpenIdConnectApplicationIssuerMode'
logo_uri:
type: string
policy_uri:
type: string
+ post_logout_redirect_uris:
+ items:
+ type: string
+ type: array
redirect_uris:
items:
type: string
@@ -4186,12 +9605,48 @@ definitions:
- Application
PasswordCredential:
properties:
+ hash:
+ $ref: '#/definitions/PasswordCredentialHash'
+ hook:
+ $ref: '#/definitions/PasswordCredentialHook'
value:
format: password
type: string
type: object
x-okta-tags:
- User
+ PasswordCredentialHash:
+ properties:
+ algorithm:
+ $ref: '#/definitions/PasswordCredentialHashAlgorithm'
+ salt:
+ type: string
+ saltOrder:
+ type: string
+ value:
+ type: string
+ workerFactor:
+ type: integer
+ type: object
+ x-okta-tags:
+ - User
+ PasswordCredentialHashAlgorithm:
+ enum:
+ - BCRYPT
+ - SHA-512
+ - SHA-256
+ - SHA-1
+ - MD5
+ type: string
+ x-okta-tags:
+ - User
+ PasswordCredentialHook:
+ properties:
+ type:
+ type: string
+ type: object
+ x-okta-tags:
+ - User
PasswordDictionary:
properties:
common:
@@ -4207,6 +9662,13 @@ definitions:
type: object
x-okta-tags:
- Policy
+ PasswordExpirationPolicyRuleCondition:
+ properties:
+ number:
+ type: integer
+ unit:
+ type: string
+ type: object
PasswordPolicy:
properties:
conditions:
@@ -4239,6 +9701,7 @@ definitions:
$ref: '#/definitions/PasswordPolicyAuthenticationProviderCondition'
people:
$ref: '#/definitions/PolicyPeopleCondition'
+ x-okta-parent: '#/definition/PolicyRuleConditions'
x-okta-tags:
- Policy
PasswordPolicyDelegationSettings:
@@ -4471,6 +9934,62 @@ definitions:
type: object
x-okta-tags:
- Policy
+ Platforms:
+ enum:
+ - IOS
+ - ANDROID
+ - OSX
+ - WINDOWS
+ type: string
+ PlatformConditionEvaluatorPlatform:
+ properties:
+ os:
+ $ref: '#/definitions/PlatformConditionEvaluatorPlatformOperatingSystem'
+ type:
+ enum:
+ - DESKTOP
+ - MOBILE
+ - OTHER
+ - ANY
+ type: string
+ type: object
+ PlatformConditionEvaluatorPlatformOperatingSystem:
+ properties:
+ expression:
+ type: string
+ type:
+ enum:
+ - ANDROID
+ - IOS
+ - WINDOWS
+ - OSX
+ - OTHER
+ - ANY
+ type: string
+ version:
+ $ref: '#/definitions/PlatformConditionEvaluatorPlatformOperatingSystemVersion'
+ type: object
+ PlatformConditionEvaluatorPlatformOperatingSystemVersion:
+ properties:
+ matchType:
+ enum:
+ - EXPRESSION
+ - SEMVER
+ type: string
+ value:
+ type: string
+ type: object
+ PlatformPolicyRuleCondition:
+ properties:
+ exclude:
+ items:
+ $ref: '#/definitions/PlatformConditionEvaluatorPlatform'
+ type: array
+ include:
+ items:
+ $ref: '#/definitions/PlatformConditionEvaluatorPlatform'
+ type: array
+ type: object
Policy:
properties:
_embedded:
@@ -4483,6 +10002,8 @@ definitions:
type: object
readOnly: true
type: object
+ conditions:
+ $ref: '#/definitions/PolicyRuleConditions'
created:
format: date-time
readOnly: true
@@ -4548,7 +10069,7 @@ definitions:
arguments:
- dest: policyId
src: id
- operationId: addPolicyRule
+ operationId: createPolicyRule
- alias: getPolicyRule
arguments:
- dest: policyId
@@ -4558,9 +10079,33 @@ definitions:
- Policy
x-openapi-v3-discriminator:
mapping:
+ IDP_DISCOVERY: '#/definitions/IdentityProviderPolicy'
+ OAUTH_AUTHORIZATION_POLICY: '#/definitions/OAuthAuthorizationPolicy'
OKTA_SIGN_ON: '#/definitions/OktaSignOnPolicy'
PASSWORD: '#/definitions/PasswordPolicy'
propertyName: type
+ PolicyAccountLink:
+ properties:
+ action:
+ enum:
+ - AUTO
+ - DISABLED
+ type: string
+ filter:
+ $ref: '#/definitions/PolicyAccountLinkFilter'
+ type: object
+ PolicyAccountLinkFilter:
+ properties:
+ groups:
+ $ref: '#/definitions/PolicyAccountLinkFilterGroups'
+ type: object
+ PolicyAccountLinkFilterGroups:
+ properties:
+ include:
+ items:
+ type: string
+ type: array
+ type: object
PolicyNetworkCondition:
properties:
connection:
@@ -4595,6 +10140,7 @@ definitions:
readOnly: true
type: string
id:
+ readOnly: true
type: string
lastUpdated:
format: date-time
@@ -4666,36 +10212,276 @@ definitions:
type: object
x-okta-tags:
- Policy
+ PolicyRuleConditions:
+ properties:
+ app:
+ $ref: '#/definitions/AppAndInstancePolicyRuleCondition'
+ apps:
+ $ref: '#/definitions/AppInstancePolicyRuleCondition'
+ authContext:
+ $ref: '#/definitions/PolicyRuleAuthContextCondition'
+ authProvider:
+ $ref: '#/definitions/PasswordPolicyAuthenticationProviderCondition'
+ beforeScheduledAction:
+ $ref: '#/definitions/BeforeScheduledActionPolicyRuleCondition'
+ clients:
+ $ref: '#/definitions/ClientPolicyCondition'
+ context:
+ $ref: '#/definitions/ContextPolicyRuleCondition'
+ device:
+ $ref: '#/definitions/DevicePolicyRuleCondition'
+ grantTypes:
+ $ref: '#/definitions/GrantTypePolicyRuleCondition'
+ groups:
+ $ref: '#/definitions/GroupPolicyRuleCondition'
+ identityProvider:
+ $ref: '#/definitions/IdentityProviderPolicyRuleCondition'
+ mdmEnrollment:
+ $ref: '#/definitions/MDMEnrollmentPolicyRuleCondition'
+ network:
+ $ref: '#/definitions/PolicyNetworkCondition'
+ people:
+ $ref: '#/definitions/PolicyPeopleCondition'
+ platform:
+ $ref: '#/definitions/PlatformPolicyRuleCondition'
+ risk:
+ $ref: '#/definitions/RiskPolicyRuleCondition'
+ riskScore:
+ $ref: '#/definitions/RiskScorePolicyRuleCondition'
+ scopes:
+ $ref: '#/definitions/OAuth2ScopesMediationPolicyRuleCondition'
+ userIdentifier:
+ $ref: '#/definitions/UserIdentifierPolicyRuleCondition'
+ userStatus:
+ $ref: '#/definitions/UserStatusPolicyRuleCondition'
+ users:
+ $ref: '#/definitions/UserPolicyRuleCondition'
+ type: object
+ x-okta-tags:
+ - Policy
+ PolicySubject:
+ properties:
+ filter:
+ type: string
+ format:
+ items:
+ type: string
+ type: array
+ matchAttribute:
+ type: string
+ matchType:
+ $ref: '#/definitions/PolicySubjectMatchType'
+ userNameTemplate:
+ $ref: '#/definitions/PolicyUserNameTemplate'
+ type: object
+ PolicySubjectMatchType:
+ enum:
+ - USERNAME
+ - EMAIL
+ - USERNAME_OR_EMAIL
+ - CUSTOM_ATTRIBUTE
+ type: string
PolicyType:
enum:
- OAUTH_AUTHORIZATION_POLICY
- OKTA_SIGN_ON
- PASSWORD
+ - IDP_DISCOVERY
type: string
x-okta-tags:
- Policy
- PushFactor:
+ PolicyUserNameTemplate:
+ properties:
+ template:
+ type: string
+ type: object
+ Protocol:
+ properties:
+ algorithms:
+ $ref: '#/definitions/ProtocolAlgorithms'
+ credentials:
+ $ref: '#/definitions/IdentityProviderCredentials'
+ endpoints:
+ $ref: '#/definitions/ProtocolEndpoints'
+ issuer:
+ $ref: '#/definitions/ProtocolEndpoint'
+ relayState:
+ $ref: '#/definitions/ProtocolRelayState'
+ scopes:
+ items:
+ type: string
+ type: array
+ settings:
+ $ref: '#/definitions/ProtocolSettings'
+ type:
+ enum:
+ - SAML2
+ - OIDC
+ - OAUTH2
+ - MTLS
+ type: string
+ type: object
+ ProtocolAlgorithmType:
+ properties:
+ signature:
+ $ref: '#/definitions/ProtocolAlgorithmTypeSignature'
+ type: object
+ ProtocolAlgorithmTypeSignature:
+ properties:
+ algorithm:
+ type: string
+ scope:
+ enum:
+ - RESPONSE
+ - TOKEN
+ - ANY
+ - REQUEST
+ - NONE
+ type: string
+ type: object
+ ProtocolAlgorithms:
+ properties:
+ request:
+ $ref: '#/definitions/ProtocolAlgorithmType'
+ response:
+ $ref: '#/definitions/ProtocolAlgorithmType'
+ type: object
+ ProtocolEndpoint:
+ properties:
+ binding:
+ enum:
+ - POST
+ - REDIRECT
+ type: string
+ destination:
+ type: string
+ type:
+ enum:
+ - INSTANCE
+ - ORG
+ type: string
+ url:
+ type: string
+ type: object
+ ProtocolEndpoints:
+ properties:
+ acs:
+ $ref: '#/definitions/ProtocolEndpoint'
+ authorization:
+ $ref: '#/definitions/ProtocolEndpoint'
+ jwks:
+ $ref: '#/definitions/ProtocolEndpoint'
+ metadata:
+ $ref: '#/definitions/ProtocolEndpoint'
+ slo:
+ $ref: '#/definitions/ProtocolEndpoint'
+ sso:
+ $ref: '#/definitions/ProtocolEndpoint'
+ token:
+ $ref: '#/definitions/ProtocolEndpoint'
+ userInfo:
+ $ref: '#/definitions/ProtocolEndpoint'
+ type: object
+ ProtocolRelayState:
+ properties:
+ format:
+ $ref: '#/definitions/ProtocolRelayStateFormat'
+ type: object
+ ProtocolRelayStateFormat:
+ enum:
+ - OPAQUE
+ - FROM_URL
+ type: string
+ ProtocolSettings:
+ properties:
+ nameFormat:
+ type: string
+ type: object
+ Provisioning:
+ properties:
+ action:
+ enum:
+ - AUTO
+ - CALLOUT
+ - DISABLED
+ type: string
+ conditions:
+ $ref: '#/definitions/ProvisioningConditions'
+ groups:
+ $ref: '#/definitions/ProvisioningGroups'
+ profileMaster:
+ type: boolean
+ type: object
+ ProvisioningConditions:
+ properties:
+ deprovisioned:
+ $ref: '#/definitions/ProvisioningDeprovisionedCondition'
+ suspended:
+ $ref: '#/definitions/ProvisioningSuspendedCondition'
+ type: object
+ ProvisioningDeprovisionedCondition:
+ properties:
+ action:
+ enum:
+ - NONE
+ - REACTIVATE
+ type: string
+ type: object
+ ProvisioningGroups:
+ properties:
+ action:
+ enum:
+ - NONE
+ - APPEND
+ - SYNC
+ - ASSIGN
+ type: string
+ assignments:
+ items:
+ type: string
+ type: array
+ filter:
+ items:
+ type: string
+ type: array
+ sourceAttributeName:
+ type: string
+ type: object
+ ProvisioningSuspendedCondition:
+ properties:
+ action:
+ enum:
+ - NONE
+ - UNSUSPEND
+ type: string
+ type: object
+ PushUserFactor:
properties:
+ expiresAt:
+ format: date-time
+ type: string
+ readOnly: true
+ factorResult:
+ $ref: '#/definitions/FactorResultType'
profile:
- $ref: '#/definitions/PushFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ $ref: '#/definitions/PushUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
x-okta-tags:
- UserFactor
- PushFactorProfile:
+ PushUserFactorProfile:
properties:
credentialId:
type: string
+ deviceToken:
+ type: string
deviceType:
- readOnly: true
type: string
name:
type: string
platform:
- readOnly: true
type: string
version:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
x-okta-tags:
- UserFactor
RecoveryQuestionCredential:
@@ -4715,6 +10501,22 @@ definitions:
type: object
x-okta-tags:
- User
+ ResponseLinks:
+ properties: {}
+ type: object
+ RiskPolicyRuleCondition:
+ properties:
+ behaviors:
+ items:
+ type: string
+ type: array
+ uniqueItems: true
+ type: object
+ RiskScorePolicyRuleCondition:
+ properties:
+ level:
+ type: string
+ type: object
Role:
properties:
_embedded:
@@ -4728,9 +10530,7 @@ definitions:
readOnly: true
type: object
assignmentType:
- enum:
- - GROUP
- - USER
+ $ref: '#/definitions/RoleAssignmentType'
type: string
created:
format: date-time
@@ -4752,10 +10552,61 @@ definitions:
$ref: '#/definitions/RoleStatus'
readOnly: true
type:
+ $ref: '#/definitions/RoleType'
type: string
type: object
x-okta-tags:
- User
+ x-okta-operations:
+ - alias: addAdminGroup
+ arguments:
+ - dest: roleId
+ src: id
+ - dest: groupId
+ parentSrc: id
+ operationId: addGroupTargetToGroupAdministratorRoleForGroup
+ - alias: addAppInstanceTargetToAdminRole
+ arguments:
+ - dest: roleId
+ src: id
+ - dest: groupId
+ parentSrc: id
+ operationId: addApplicationInstanceTargetToAppAdminRoleGivenToGroup
+ - alias: addAppTargetToAdminRole
+ arguments:
+ - dest: roleId
+ src: id
+ - dest: groupId
+ parentSrc: id
+ operationId: addApplicationTargetToAdminRoleGivenToGroup
+ - alias: addAllAppsAsTargetToRole
+ arguments:
+ - dest: roleId
+ src: id
+ - dest: userId
+ parentSrc: id
+ operationId: addAllAppsAsTargetToRole
+ - alias: addAppTargetToAppAdminRoleForUser
+ arguments:
+ - dest: roleId
+ src: id
+ - dest: userId
+ parentSrc: id
+ operationId: addApplicationTargetToAppAdminRoleForUser
+ - alias: addAppTargetToAdminRoleForUser
+ arguments:
+ - dest: roleId
+ src: id
+ - dest: userId
+ parentSrc: id
+ operationId: addApplicationTargetToAdminRoleForUser
+ RoleAssignmentType:
+ enum:
+ - GROUP
+ - USER
+ type: string
+ x-okta-tags:
+ - Role
RoleStatus:
enum:
- ACTIVE
@@ -4763,6 +10614,20 @@ definitions:
type: string
x-okta-tags:
- User
+ RoleType:
+ enum:
+ - SUPER_ADMIN
+ - ORG_ADMIN
+ - APP_ADMIN
+ - USER_ADMIN
+ - HELP_DESK_ADMIN
+ - READ_ONLY_ADMIN
+ - MOBILE_ADMIN
+ - API_ACCESS_MANAGEMENT_ADMIN
+ - REPORT_ADMIN
+ type: string
+ x-okta-tags:
+ - Role
SamlApplication:
properties:
settings:
@@ -4839,6 +10704,20 @@ definitions:
type: array
x-okta-tags:
- Application
+ ScheduledUserLifecycleAction:
+ properties:
+ status:
+ enum:
+ - ACTIVE
+ - INACTIVE
+ - PENDING
+ - DELETED
+ - EXPIRED_PASSWORD
+ - ACTIVATING
+ - SUSPENDED
+ - DELETING
+ type: string
+ type: object
SchemeApplicationCredentials:
properties:
password:
@@ -4854,6 +10733,22 @@ definitions:
x-okta-parent: '#/definitions/ApplicationCredentials'
x-okta-tags:
- Application
+ Scope:
+ properties:
+ stringValue:
+ type: string
+ type:
+ $ref: '#/definitions/ScopeType'
+ type: object
+ x-okta-tags:
+ - Role
+ ScopeType:
+ enum:
+ - CORS
+ - REDIRECT
+ type: string
+ x-okta-tags:
+ - Role
SecurePasswordStoreApplication:
properties:
credentials:
@@ -4907,14 +10802,14 @@ definitions:
type: string
x-okta-tags:
- UserFactor
- SecurityQuestionFactor:
+ SecurityQuestionUserFactor:
properties:
profile:
- $ref: '#/definitions/SecurityQuestionFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ $ref: '#/definitions/SecurityQuestionUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
x-okta-tags:
- UserFactor
- SecurityQuestionFactorProfile:
+ SecurityQuestionUserFactorProfile:
properties:
answer:
type: string
@@ -4922,7 +10817,6 @@ definitions:
type: string
questionText:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
x-okta-tags:
- UserFactor
Session:
@@ -5032,20 +10926,104 @@ definitions:
type: string
x-okta-tags:
- Session
- SmsFactor:
+ SmsTemplate:
+ properties:
+ created:
+ format: date-time
+ readOnly: true
+ type: string
+ id:
+ readOnly: true
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ name:
+ type: string
+ template:
+ type: string
+ translations:
+ $ref: '#/definitions/SmsTemplateTranslations'
+ type:
+ $ref: '#/definitions/SmsTemplateType'
+ type: object
+ x-okta-crud:
+ - alias: create
+ arguments:
+ - dest: smsTemplate
+ self: true
+ operationId: createSmsTemplate
+ - alias: read
+ arguments: []
+ operationId: getSmsTemplate
+ - alias: update
+ arguments:
+ - dest: templateId
+ src: id
+ - dest: smsTemplate
+ self: true
+ operationId: updateSmsTemplate
+ - alias: delete
+ arguments:
+ - dest: templateId
+ src: id
+ operationId: deleteSmsTemplate
+ x-okta-operations:
+ - alias: partialUpdate
+ arguments:
+ - dest: templateId
+ src: id
+ - dest: smsTemplate
+ self: true
+ operationId: partialUpdateSmsTemplate
+ x-okta-tags:
+ - Template
+ SmsTemplateTranslations:
+ type: object
+ x-okta-extensible: true
+ SmsTemplateType:
+ enum:
+ - SMS_VERIFY_CODE
+ type: string
+ x-okta-tags:
+ - Template
+ SmsUserFactor:
properties:
profile:
- $ref: '#/definitions/SmsFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ $ref: '#/definitions/SmsUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
x-okta-tags:
- UserFactor
- SmsFactorProfile:
+ SmsUserFactorProfile:
properties:
phoneNumber:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
x-okta-tags:
- UserFactor
+ SocialAuthToken:
+ properties:
+ expiresAt:
+ format: date-time
+ readOnly: true
+ type: string
+ id:
+ readOnly: true
+ type: string
+ scopes:
+ items:
+ type: string
+ type: array
+ token:
+ type: string
+ tokenAuthScheme:
+ type: string
+ tokenType:
+ enum:
+ - ACCESS
+ - REFRESH
+ type: string
+ type: object
SwaApplication:
properties:
name:
@@ -5109,7 +11087,7 @@ definitions:
type: string
passwordSelector:
type: string
- targetUrl:
+ targetURL:
type: string
userNameSelector:
type: string
@@ -5123,43 +11101,99 @@ definitions:
type: string
x-okta-tags:
- User
- TokenFactor:
+ TokenUserFactor:
+ properties:
+ profile:
+ $ref: '#/definitions/TokenUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
+ x-okta-tags:
+ - UserFactor
+ TokenUserFactorProfile:
+ properties:
+ credentialId:
+ type: string
+ x-okta-tags:
+ - UserFactor
+ TotpUserFactor:
properties:
profile:
- $ref: '#/definitions/TokenFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ $ref: '#/definitions/TotpUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
x-okta-tags:
- UserFactor
- TokenFactorProfile:
+ TotpUserFactorProfile:
properties:
credentialId:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
x-okta-tags:
- - UserFactor
- TotpFactor:
+ - UserFactor
+ TrustedOrigin:
+ properties:
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ created:
+ format: date-time
+ readOnly: true
+ type: string
+ createdBy:
+ type: string
+ id:
+ readOnly: true
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ lastUpdatedBy:
+ type: string
+ name:
+ type: string
+ origin:
+ type: string
+ scopes:
+ items:
+ $ref: '#/definitions/Scope'
+ type: array
+ status:
+ type: string
+ type: object
+ x-okta-crud:
+ - alias: create
+ arguments:
+ - dest: trustedOrigin
+ self: true
+ operationId: createOrigin
+ - alias: read
+ arguments: []
+ operationId: getOrigin
+ - alias: update
+ arguments:
+ - dest: trustedOriginId
+ src: id
+ - dest: trustedOrigin
+ self: true
+ operationId: updateOrigin
+ - alias: delete
+ arguments:
+ - dest: trustedOriginId
+ src: id
+ operationId: deleteOrigin
+ x-okta-tags:
+ - TrustedOrigin
+ U2fUserFactor:
properties:
profile:
- $ref: '#/definitions/TotpFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ $ref: '#/definitions/U2fUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
x-okta-tags:
- UserFactor
- TotpFactorProfile:
+ U2fUserFactorProfile:
properties:
credentialId:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
- x-okta-tags:
- - UserFactor
- U2fFactor:
- properties:
- profile:
- $ref: '#/definitions/U2fFactorProfile'
- x-okta-parent: '#/definitions/Factor'
- x-okta-tags:
- - UserFactor
- U2fFactorProfile:
- x-okta-parent: '#/definitions/FactorProfile'
x-okta-tags:
- UserFactor
User:
@@ -5211,6 +11245,8 @@ definitions:
transitioningToStatus:
$ref: '#/definitions/UserStatus'
readOnly: true
+ type:
+ $ref: '#/definitions/UserType'
type: object
x-okta-crud:
- alias: create
@@ -5240,7 +11276,7 @@ definitions:
arguments:
- dest: userId
src: id
- operationId: endAllUserSessions
+ operationId: clearUserSessions
- alias: listAppLinks
arguments:
- dest: userId
@@ -5256,21 +11292,26 @@ definitions:
- dest: userId
src: id
operationId: changeRecoveryQuestion
- - alias: forgotPassword
+ - alias: forgotPasswordSetNewPassword
arguments:
- dest: userId
src: id
- operationId: forgotPassword
+ operationId: forgotPasswordSetNewPassword
+ - alias: forgotPasswordGenerateOneTimeToken
+ arguments:
+ - dest: userId
+ src: id
+ operationId: forgotPasswordGenerateOneTimeToken
- alias: listRoles
arguments:
- dest: userId
src: id
- operationId: listAssignedRoles
- - alias: addRole
+ operationId: listAssignedRolesForUser
+ - alias: assignRole
arguments:
- dest: userId
src: id
- operationId: addRoleToUser
+ operationId: assignRoleToUser
- alias: removeRole
arguments:
- dest: userId
@@ -5296,11 +11337,61 @@ definitions:
- dest: userId
src: id
operationId: listUserGroups
+ - alias: listGrants
+ arguments:
+ - dest: userId
+ src: id
+ operationId: listUserGrants
+ - alias: revokeGrants
+ arguments:
+ - dest: userId
+ src: id
+ operationId: revokeUserGrants
+ - alias: revokeGrant
+ arguments:
+ - dest: userId
+ src: id
+ operationId: revokeUserGrant
+ - alias: revokeGrantsForUserAndClient
+ arguments:
+ - dest: userId
+ src: id
+ operationId: revokeGrantsForUserAndClient
+ - alias: listRefreshTokensForUserAndClient
+ arguments:
+ - dest: userId
+ src: id
+ operationId: listRefreshTokensForUserAndClient
+ - alias: revokeTokenForUserAndClient
+ arguments:
+ - dest: userId
+ src: id
+ operationId: revokeTokenForUserAndClient
+ - alias: getRefreshTokenForUserAndClient
+ arguments:
+ - dest: userId
+ src: id
+ operationId: getRefreshTokenForUserAndClient
+ - alias: revokeTokensForUserAndClient
+ arguments:
+ - dest: userId
+ src: id
+ operationId: revokeTokensForUserAndClient
+ - alias: listClients
+ arguments:
+ - dest: userId
+ src: id
+ operationId: listUserClients
- alias: activate
arguments:
- dest: userId
src: id
operationId: activateUser
+ - alias: reactivate
+ arguments:
+ - dest: userId
+ src: id
+ operationId: reactivateUser
- alias: deactivate
arguments:
- dest: userId
@@ -5335,17 +11426,23 @@ definitions:
arguments:
- dest: userId
src: id
- operationId: resetAllFactors
+ operationId: resetFactors
+ - alias: deleteFactor
+ arguments:
+ - dest: userId
+ src: id
+ operationId: deleteFactor
- alias: addToGroup
arguments:
- dest: userId
src: id
+ description: Adds a user to a group with 'OKTA_GROUP' type
operationId: addUserToGroup
- - alias: addFactor
+ - alias: enrollFactor
arguments:
- dest: userId
src: id
- operationId: addFactor
+ operationId: enrollFactor
- alias: listSupportedFactors
arguments:
- dest: userId
@@ -5366,6 +11463,21 @@ definitions:
- dest: userId
src: id
operationId: getFactor
+ - alias: setLinkedObject
+ arguments:
+ - dest: associatedUserId
+ src: id
+ operationId: setLinkedObjectForUser
+ - alias: listIdentityProviders
+ arguments:
+ - dest: userId
+ src: id
+ operationId: listUserIdentityProviders
+ - alias: getLinkedObjects
+ arguments:
+ - dest: userId
+ src: id
+ operationId: getLinkedObjectsForUser
x-okta-tags:
- User
UserActivationToken:
@@ -5393,10 +11505,6 @@ definitions:
- Policy
UserCredentials:
properties:
- emails:
- items:
- $ref: '#/definitions/EmailAddress'
- type: array
password:
$ref: '#/definitions/PasswordCredential'
provider:
@@ -5406,59 +11514,313 @@ definitions:
type: object
x-okta-tags:
- User
+ UserFactor:
+ properties:
+ _embedded:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ created:
+ format: date-time
+ readOnly: true
+ type: string
+ factorType:
+ $ref: '#/definitions/FactorType'
+ id:
+ readOnly: true
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ provider:
+ $ref: '#/definitions/FactorProvider'
+ status:
+ $ref: '#/definitions/FactorStatus'
+ readOnly: true
+ type: string
+ verify:
+ $ref: '#/definitions/VerifyFactorRequest'
+ type: object
+ x-okta-crud:
+ - alias: deleteFactor
+ arguments:
+ - dest: factorId
+ src: id
+ - dest: userId
+ parentSrc: id
+ operationId: deleteFactor
+ x-okta-operations:
+ - alias: activate
+ arguments:
+ - dest: factorId
+ src: id
+ - dest: userId
+ parentSrc: id
+ operationId: activateFactor
+ - alias: verify
+ arguments:
+ - dest: factorId
+ src: id
+ - dest: userId
+ parentSrc: id
+ operationId: verifyFactor
+ x-okta-tags:
+ - UserFactor
+ x-openapi-v3-discriminator:
+ mapping:
+ call: '#/definitions/CallUserFactor'
+ email: '#/definitions/EmailUserFactor'
+ push: '#/definitions/PushUserFactor'
+ question: '#/definitions/SecurityQuestionUserFactor'
+ sms: '#/definitions/SmsUserFactor'
+ token: '#/definitions/TokenUserFactor'
+ 'token:hardware': '#/definitions/HardwareUserFactor'
+ 'token:software:totp': '#/definitions/TotpUserFactor'
+ u2f: '#/definitions/U2fUserFactor'
+ web: '#/definitions/WebUserFactor'
+ propertyName: factorType
+ UserIdentifierConditionEvaluatorPattern:
+ properties:
+ matchType:
+ enum:
+ - SUFFIX
+ - EXPRESSION
+ - STARTS_WITH
+ - EQUALS
+ - CONTAINS
+ type: string
+ value:
+ type: string
+ type: object
+ UserIdentifierPolicyRuleCondition:
+ properties:
+ attribute:
+ type: string
+ patterns:
+ items:
+ $ref: '#/definitions/UserIdentifierConditionEvaluatorPattern'
+ type: array
+ type:
+ enum:
+ - IDENTIFIER
+ - ATTRIBUTE
+ type: string
+ type: object
+ UserIdentityProviderLinkRequest:
+ properties:
+ externalId:
+ type: string
+ type: object
+ UserLifecycleAttributePolicyRuleCondition:
+ properties:
+ attributeName:
+ type: string
+ matchingValue:
+ type: string
+ type: object
UserNextLogin:
enum:
- changePassword
type: string
x-okta-tags:
- User
+ UserPolicyRuleCondition:
+ properties:
+ exclude:
+ items:
+ type: string
+ type: array
+ inactivity:
+ $ref: '#/definitions/InactivityPolicyRuleCondition'
+ include:
+ items:
+ type: string
+ type: array
+ lifecycleExpiration:
+ $ref: '#/definitions/LifecycleExpirationPolicyRuleCondition'
+ passwordExpiration:
+ $ref: '#/definitions/PasswordExpirationPolicyRuleCondition'
+ userLifecycleAttribute:
+ $ref: '#/definitions/UserLifecycleAttributePolicyRuleCondition'
+ type: object
UserProfile:
properties:
+ city:
+ type: string
+ costCenter:
+ type: string
+ countryCode:
+ type: string
+ department:
+ type: string
+ displayName:
+ type: string
+ division:
+ type: string
email:
type: string
+ employeeNumber:
+ type: string
firstName:
type: string
+ honorificPrefix:
+ type: string
+ honorificSuffix:
+ type: string
lastName:
type: string
+ locale:
+ type: string
login:
type: string
+ manager:
+ type: string
+ managerId:
+ type: string
+ middleName:
+ type: string
mobilePhone:
type: string
+ nickName:
+ type: string
+ organization:
+ type: string
+ postalAddress:
+ type: string
+ preferredLanguage:
+ type: string
+ primaryPhone:
+ type: string
+ profileUrl:
+ type: string
secondEmail:
type: string
+ state:
+ type: string
+ streetAddress:
+ type: string
+ timezone:
+ type: string
+ title:
+ type: string
+ userType:
+ type: string
+ zipCode:
+ type: string
type: object
x-okta-extensible: true
x-okta-tags:
- User
UserStatus:
enum:
- - STAGED
- - PROVISIONED
- ACTIVE
- - RECOVERY
- - PASSWORD_EXPIRED
- - LOCKED_OUT
- DEPROVISIONED
+ - LOCKED_OUT
+ - PASSWORD_EXPIRED
+ - PROVISIONED
+ - RECOVERY
+ - STAGED
- SUSPENDED
type: string
x-okta-tags:
- User
+ UserStatusPolicyRuleCondition:
+ properties:
+ value:
+ enum:
+ - ACTIVE
+ - INACTIVE
+ - PENDING
+ - DELETED
+ - EXPIRED_PASSWORD
+ - ACTIVATING
+ - SUSPENDED
+ - DELETING
+ type: string
+ type: object
+ UserType:
+ properties:
+ _links:
+ additionalProperties:
+ type: object
+ readOnly: true
+ type: object
+ created:
+ format: date-time
+ readOnly: true
+ type: string
+ createdBy:
+ readOnly: true
+ type: string
+ default:
+ readOnly: true
+ type: boolean
+ description:
+ type: string
+ displayName:
+ type: string
+ id:
+ type: string
+ lastUpdated:
+ format: date-time
+ readOnly: true
+ type: string
+ lastUpdatedBy:
+ readOnly: true
+ type: string
+ name:
+ type: string
+ type: object
+ x-okta-crud:
+ - alias: update
+ arguments:
+ - dest: typeId
+ src: id
+ operationId: updateUserType
+ - alias: read
+ arguments:
+ - dest: typeId
+ src: id
+ operationId: getUserType
+ - alias: delete
+ arguments:
+ - dest: typeId
+ src: id
+ operationId: deleteUserType
+ x-okta-operations:
+ - alias: replaceUserType
+ arguments:
+ - dest: roleId
+ src: id
+ operationId: replaceUserType
VerifyFactorRequest:
properties:
activationToken:
type: string
answer:
type: string
+ attestation:
+ type: string
+ clientData:
+ type: string
nextPassCode:
type: string
passCode:
type: string
- tokenLifetimeSeconds:
- type: integer
- type: object
+ registrationData:
+ type: string
+ stateToken:
+ type: string
x-okta-tags:
- UserFactor
- VerifyFactorResponse:
+ VerifyUserFactorResponse:
properties:
_embedded:
additionalProperties:
@@ -5471,30 +11833,36 @@ definitions:
readOnly: true
type: object
expiresAt:
- format: date-time
- readOnly: true
type: string
factorResult:
- $ref: '#/definitions/FactorResultType'
- readOnly: true
+ enum:
+ - SUCCESS
+ - EXPIRED
+ - CHALLENGE
+ - WAITING
+ - FAILED
+ - REJECTED
+ - TIMEOUT
+ - TIME_WINDOW_EXCEEDED
+ - PASSCODE_REPLAYED
+ - ERROR
+ type: string
factorResultMessage:
- readOnly: true
type: string
type: object
x-okta-tags:
- UserFactor
- WebFactor:
+ WebUserFactor:
properties:
profile:
- $ref: '#/definitions/WebFactorProfile'
- x-okta-parent: '#/definitions/Factor'
+ $ref: '#/definitions/WebUserFactorProfile'
+ x-okta-parent: '#/definitions/UserFactor'
x-okta-tags:
- UserFactor
- WebFactorProfile:
+ WebUserFactorProfile:
properties:
credentialId:
type: string
- x-okta-parent: '#/definitions/FactorProfile'
x-okta-tags:
- UserFactor
WsFederationApplication:
diff --git a/swagger-templates/pom.xml b/swagger-templates/pom.xml
index 23728a09b3d..d5df8637bc6 100644
--- a/swagger-templates/pom.xml
+++ b/swagger-templates/pom.xml
@@ -21,7 +21,7 @@
com.okta.sdk
okta-sdk-root
- 1.6.1-SNAPSHOT
+ 2.0.0-SNAPSHOT
okta-api-swagger-templates
diff --git a/swagger-templates/src/main/java/com/okta/swagger/codegen/AbstractOktaJavaClientCodegen.java b/swagger-templates/src/main/java/com/okta/swagger/codegen/AbstractOktaJavaClientCodegen.java
index 8880cf03361..c5e3dffa44f 100644
--- a/swagger-templates/src/main/java/com/okta/swagger/codegen/AbstractOktaJavaClientCodegen.java
+++ b/swagger-templates/src/main/java/com/okta/swagger/codegen/AbstractOktaJavaClientCodegen.java
@@ -282,10 +282,12 @@ private void addAllIfNotNull(List destList, List srcList
}
private void handleOktaLinkedOperations(Swagger swagger) {
- // we want to move any operations defined by the 'x-okta-operations' or 'x-okta-crud' vendor extension to the model
+ // we want to move any operations defined by the 'x-okta-operations' or 'x-okta-crud'
+ // or 'x-okta-multi-operation' vendor extension to the model
Map modelMap = swagger.getDefinitions().entrySet().stream()
.filter(e -> e.getValue().getVendorExtensions().containsKey("x-okta-operations")
- || e.getValue().getVendorExtensions().containsKey("x-okta-crud"))
+ || e.getValue().getVendorExtensions().containsKey("x-okta-crud")
+ || e.getValue().getVendorExtensions().containsKey("x-okta-multi-operation"))
.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
@@ -294,6 +296,7 @@ private void handleOktaLinkedOperations(Swagger swagger) {
addAllIfNotNull(linkNodes, (List) model.getVendorExtensions().get("x-okta-operations"));
addAllIfNotNull(linkNodes, (List) model.getVendorExtensions().get("x-okta-crud"));
+ addAllIfNotNull(linkNodes, (List) model.getVendorExtensions().get("x-okta-multi-operation"));
Map operationMap = new HashMap<>();
@@ -302,7 +305,10 @@ private void handleOktaLinkedOperations(Swagger swagger) {
// find the swagger path operation
swagger.getPaths().forEach((pathName, path) -> {
- Optional> operationEntry = path.getOperationMap().entrySet().stream().filter(e -> e.getValue().getOperationId().equals(operationId)).findFirst();
+ Optional> operationEntry =
+ path.getOperationMap().entrySet().stream().filter(
+ e -> e.getValue().getOperationId() != null &&
+ e.getValue().getOperationId().equals(operationId)).findFirst();
if (operationEntry.isPresent()) {
diff --git a/swagger-templates/src/main/resources/OktaJava/User.mustache b/swagger-templates/src/main/resources/OktaJava/User.mustache
deleted file mode 100644
index 538835f3ff8..00000000000
--- a/swagger-templates/src/main/resources/OktaJava/User.mustache
+++ /dev/null
@@ -1,62 +0,0 @@
-{{!
- Copyright 2018-Present Okta, Inc.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-}}
-
- /**
- * Enroll Factor
- * Enrolls a user with a supported factor.
- * @param updatePhone (optional, default to false)
- * @param templateId id of SMS template (only for SMS factor) (optional)
- * @param tokenLifetimeSeconds (optional, default to 300)
- * @param activate (optional, default to false)
- * @param body Factor (required)
- * @return Factor
- * @deprecated use {@link User#addFactor(Factor, Boolean, String, Integer, Boolean)}
- */
- @javax.annotation.Generated(
- value = "com.okta.swagger.codegen.OktaJavaClientApiCodegen",
- comments = "POST - /api/v1/users/{userId}/factors")
- @Deprecated
- Factor addFactor(Boolean updatePhone, String templateId, Integer tokenLifetimeSeconds, Boolean activate, Factor body);
-
- /**
- * Enroll Factor
- * Enrolls a user with a supported factor.
- * @param updatePhone (optional, default to false)
- * @param templateId id of SMS template (only for SMS factor) (optional)
- * @param body Factor (required)
- * @return Factor
- * @deprecated use {@link User#addFactor(Factor, Boolean, String)}
- */
- @javax.annotation.Generated(
- value = "com.okta.swagger.codegen.OktaJavaClientApiCodegen",
- comments = "POST - /api/v1/users/{userId}/factors")
- @Deprecated
- Factor addFactor(Boolean updatePhone, String templateId, Factor body);
-
- /**
- * Forgot Password
- * Generates a one-time token (OTT) that can be used to reset a user's password. The user will be required to validate their security question's answer when visiting the reset link.
- * This operation can only be performed on users with a valid [recovery question credential](#recovery-question-object) and have an `ACTIVE` status.
- * @param sendEmail (optional, default to true)
- * @param userCredentials (optional)
- * @return ForgotPasswordResponse
- * @deprecated use {@link User#forgotPassword(UserCredentials, Boolean)}
- */
- @javax.annotation.Generated(
- value = "com.okta.swagger.codegen.OktaJavaClientApiCodegen",
- comments = "POST - /api/v1/users/{userId}/credentials/forgot_password")
- @Deprecated
- ForgotPasswordResponse forgotPassword(Boolean sendEmail, UserCredentials userCredentials);
\ No newline at end of file
diff --git a/swagger-templates/src/main/resources/OktaJava/licenseInfo.mustache b/swagger-templates/src/main/resources/OktaJava/licenseInfo.mustache
index 2a94c35ce12..ff43812357d 100644
--- a/swagger-templates/src/main/resources/OktaJava/licenseInfo.mustache
+++ b/swagger-templates/src/main/resources/OktaJava/licenseInfo.mustache
@@ -1,5 +1,5 @@
{{!
- Copyright 2017 Okta
+ Copyright 2017-Present Okta, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/swagger-templates/src/main/resources/OktaJavaImpl/User.mustache b/swagger-templates/src/main/resources/OktaJavaImpl/User.mustache
deleted file mode 100644
index 62d74b7e056..00000000000
--- a/swagger-templates/src/main/resources/OktaJavaImpl/User.mustache
+++ /dev/null
@@ -1,29 +0,0 @@
-{{!
- Copyright 2018-Present Okta, Inc.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-}}
- @Override
- public Factor addFactor(Boolean updatePhone, String templateId, Integer tokenLifetimeSeconds, Boolean activate, Factor body) {
- return addFactor(body, updatePhone, templateId, tokenLifetimeSeconds, activate);
- }
-
- @Override
- public Factor addFactor(Boolean updatePhone, String templateId, Factor body) {
- return addFactor(body, updatePhone, templateId);
- }
-
- @Override
- public ForgotPasswordResponse forgotPassword(Boolean sendEmail, UserCredentials userCredentials) {
- return forgotPassword(userCredentials, sendEmail);
- }
\ No newline at end of file
diff --git a/swagger-templates/src/main/resources/OktaJavaImpl/licenseInfo.mustache b/swagger-templates/src/main/resources/OktaJavaImpl/licenseInfo.mustache
index 2a94c35ce12..ff43812357d 100644
--- a/swagger-templates/src/main/resources/OktaJavaImpl/licenseInfo.mustache
+++ b/swagger-templates/src/main/resources/OktaJavaImpl/licenseInfo.mustache
@@ -1,5 +1,5 @@
{{!
- Copyright 2017 Okta
+ Copyright 2017-Present Okta, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.