From 2e7ada1ab4c679149cb70aec31cccc216295799b Mon Sep 17 00:00:00 2001 From: clement Date: Tue, 19 Nov 2024 18:22:26 +0100 Subject: [PATCH 01/13] OpenAPI: since/until params in /api/v1/logs should have date-time format --- src/swagger/api.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index ab06c8ecb65..e5a1710e012 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -14186,15 +14186,13 @@ paths: in: query schema: type: string - format: ISO 8601 compliant timestamp - default: 7 days prior to until + format: date-time - name: until description: Filters the upper time bound of the log events `published` property for bounded queries or persistence time for polling queries. in: query schema: type: string - format: ISO 8601 compliant timestamp - default: current time + format: date-time - name: after description: Retrieves the next page of results. Okta returns a link in the HTTP Header (`rel=next`) that includes the after query parameter in: query From 628d5b187df5d19185fe6f205b430da00b5399e4 Mon Sep 17 00:00:00 2001 From: clement Date: Tue, 19 Nov 2024 18:23:33 +0100 Subject: [PATCH 02/13] OpenAPI: add missing variant of AppUserUpdateRequest to update app user scope --- src/swagger/api.yaml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index e5a1710e012..3e7a1f5d1e4 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -46662,12 +46662,7 @@ components: profile: $ref: '#/components/schemas/AppUserProfile' scope: - type: string - description: Indicates if the assignment is direct (`USER`) or by group membership (`GROUP`). - enum: - - USER - - GROUP - example: USER + $ref: '#/components/schemas/AppUserAssignmentType' status: $ref: '#/components/schemas/AppUserStatus' statusChanged: @@ -46692,6 +46687,13 @@ components: - $ref: '#/components/schemas/AppUser' - required: - id + AppUserAssignmentType: + type: string + description: Indicates if the assignment is direct (`USER`) or by group membership (`GROUP`). + enum: + - USER + - GROUP + example: USER AppUserCredentials: description: | Specifies a user's credentials for the app. @@ -46744,6 +46746,13 @@ components: properties: profile: $ref: '#/components/schemas/AppUserProfile' + AppUserScopeRequestPayload: + title: Scope + description: Updates the assigned user scope + type: object + properties: + scope: + $ref: '#/components/schemas/AppUserAssignmentType' AppUserStatus: description: Status of an Application User example: ACTIVE @@ -46802,6 +46811,7 @@ components: oneOf: - $ref: '#/components/schemas/AppUserCredentialsRequestPayload' - $ref: '#/components/schemas/AppUserProfileRequestPayload' + - $ref: '#/components/schemas/AppUserScopeRequestPayload' AppleClientSigning: description: |- Information used to generate the secret JSON Web Token for the token requests to Apple IdP From 316ebc9d1f656e433960e08e494a47b0cb3a3b63 Mon Sep 17 00:00:00 2001 From: Antoine Piron Date: Tue, 19 Nov 2024 17:43:06 +0100 Subject: [PATCH 03/13] OpenAPI: UiSchemaObject#elements should be an array --- src/swagger/api.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index 3e7a1f5d1e4..cac4f35e948 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -64083,7 +64083,9 @@ components: description: Specifies the button label for the `Submit` button at the bottom of the enrollment form default: Submit elements: - $ref: '#/components/schemas/UIElement' + type: array + items: + $ref: '#/components/schemas/UIElement' label: type: string description: Specifies the label at the top of the enrollment form under the logo From bfa4fcdb4f9334e6b93865536a251d75ca86a676 Mon Sep 17 00:00:00 2001 From: clement Date: Tue, 26 Nov 2024 18:53:10 +0100 Subject: [PATCH 04/13] OpenAPI: Fix allOf used with a single $ref pointing to an array type - This generates an empty schema in the Java models --- src/swagger/api.yaml | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index cac4f35e948..a1afbaf1c39 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -50954,9 +50954,7 @@ components: - type: object properties: asns: - allOf: - - $ref: '#/components/schemas/NetworkZoneAsns' - - description: An array of ASNs for a Network Zone + $ref: '#/components/schemas/NetworkZoneAsns' proxyType: type: string description: The proxy type used for a Dynamic Network Zone @@ -50971,9 +50969,7 @@ components: Tor: Use Tor Anonymizer proxy for the Dynamic Zone. NotTorAnonymizer: Use a non Tor Anonymizer proxy for the Dynamic Zone. locations: - allOf: - - $ref: '#/components/schemas/NetworkZoneLocationArray' - - description: An array of geolocations for a Dynamic Network Zone + $ref: '#/components/schemas/NetworkZoneLocationArray' ECKeyJWK: description: Elliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or during activation to verify Yubico's JWS objects in fulfillment responses. The currently agreed protocol uses P-384. type: object @@ -51342,9 +51338,7 @@ components: description:
The list of ASNs associated with an Enhanced Dynamic Network Zone properties: include: - allOf: - - $ref: '#/components/schemas/NetworkZoneAsns' - - description: An array of ASNs to include for an Enhanced Dynamic Network Zone + $ref: '#/components/schemas/NetworkZoneAsns' locations: x-okta-lifecycle: lifecycle: EA @@ -51354,13 +51348,9 @@ components: description:
The list of geolocations to include or exclude for an Enhanced Dynamic Network Zone properties: include: - allOf: - - $ref: '#/components/schemas/NetworkZoneLocationArray' - - description: An array of geolocations to include for an Enhanced Dynamic Network Zone + $ref: '#/components/schemas/NetworkZoneLocationArray' exclude: - allOf: - - $ref: '#/components/schemas/NetworkZoneLocationArray' - - description: An array of geolocations to exclude for an Enhanced Dynamic Network Zone + $ref: '#/components/schemas/NetworkZoneLocationArray' ipServiceCategories: x-okta-lifecycle: lifecycle: EA From 040460549c8cadf52464a99ff5891d64da4075b2 Mon Sep 17 00:00:00 2001 From: clement Date: Wed, 27 Nov 2024 16:59:49 +0100 Subject: [PATCH 05/13] OpenAPI: Incorrect indent in UserSchemaAttribute.enum --- src/swagger/api.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index a1afbaf1c39..5b7b3173fd2 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -65674,8 +65674,8 @@ components: Enumerated value of the property. The value of the property is limited to one of the values specified in the enum definition. The list of values for the enum must consist of unique elements. - items: - $ref: '#/components/schemas/UserSchemaAttributeItems' + items: + $ref: '#/components/schemas/UserSchemaAttributeItems' externalName: type: string description: |- From 66c83663c2e7193c9dde0597e66659e05057d5ae Mon Sep 17 00:00:00 2001 From: clement Date: Wed, 27 Nov 2024 16:56:08 +0100 Subject: [PATCH 06/13] OpenAPI: Fix type used with $ref --- src/swagger/api.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index 5b7b3173fd2..f8583d39eeb 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -2317,7 +2317,6 @@ paths: content: application/json: schema: - type: object $ref: '#/components/schemas/OAuth2ClientJsonWebKey' examples: OAuthClientJsonWebKeyResponseExample: @@ -2735,7 +2734,6 @@ paths: content: application/json: schema: - type: object $ref: '#/components/schemas/OAuth2ClientSecret' examples: OAuthClientSecretResponseExample: From 32b5d76e2e9cdea739f47236f8289eace5031bd8 Mon Sep 17 00:00:00 2001 From: clement Date: Wed, 27 Nov 2024 16:57:49 +0100 Subject: [PATCH 07/13] OpenAPI: Remove invalid default value for date-time field --- src/swagger/api.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index f8583d39eeb..4201b385a9d 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -58188,7 +58188,6 @@ components: type: string format: date-time readOnly: true - default: Assigned description: description: Description of the Policy type: string @@ -58203,7 +58202,6 @@ components: type: string format: date-time readOnly: true - default: Assigned name: description: Name of the Policy type: string From 3deafb7bc35f7f1029ee49b9ada75434be3861ac Mon Sep 17 00:00:00 2001 From: clement Date: Wed, 27 Nov 2024 16:57:15 +0100 Subject: [PATCH 08/13] OpenAPI: Remove unused models with invalid array definitions - PersonalAppsBlockList - RegistrationInlineHookResponse --- src/swagger/api.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index 4201b385a9d..bc04139baaa 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -58102,13 +58102,6 @@ components: type: array items: $ref: '#/components/schemas/Permission' - PersonalAppsBlockList: - description: Defines a list of email domains with a subset of the properties for each domain - type: object - properties: - domains: - type: array - description: List of blocked email domains PinRequest: description: Pin Request type: object @@ -60055,11 +60048,6 @@ components: enum: - progressive.profile - self.service.registration - RegistrationInlineHookResponse: - type: object - properties: - commands: - type: array RegistrationInlineHookSSRData: allOf: - $ref: '#/components/schemas/InlineHookBasePayload' From d11589b0bff7e984afe1f5f7cf77aa456b2a3ba2 Mon Sep 17 00:00:00 2001 From: clement Date: Wed, 27 Nov 2024 16:59:01 +0100 Subject: [PATCH 09/13] OpenAPI: Minor validation issues - path parameters must be required - example should match pattern --- src/swagger/api.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index bc04139baaa..e445aa98622 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -11287,6 +11287,7 @@ paths: operationId: getHookKey parameters: - name: id + required: true description: A valid key ID in: path schema: @@ -62475,7 +62476,7 @@ components: type: string SplunkToken: description: The HEC token for your Splunk Cloud HTTP Event Collector. The token value is set at object creation, but isn't returned. - example: 11111111-1111-2222-2222-222222222222 + example: a747a818-a4c4-4446-8a87-704216495a08 writeOnly: true type: string pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$ From 0f82ad6501981a3710eee3089c45ec4503fd7c1b Mon Sep 17 00:00:00 2001 From: Antoine Piron Date: Fri, 6 Dec 2024 10:07:35 +0100 Subject: [PATCH 10/13] OpenAPI: Enable case insensitive deserialization for enums --- api/pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/api/pom.xml b/api/pom.xml index bfc0d0b7eeb..9f56ca5321e 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -193,6 +193,7 @@ src/gen/java/main true true + true serializableModel=true true From fb35f5b7f158cf91daed8943bee8955604c0c29b Mon Sep 17 00:00:00 2001 From: Antoine Piron Date: Wed, 11 Dec 2024 12:02:22 +0100 Subject: [PATCH 11/13] OpenApi: Fix DynamicNetworkZone TypeEnum --- src/swagger/api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index e445aa98622..5fe5a9bb344 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -50960,7 +50960,7 @@ components: enum: - 'null' - Any - - Tor + - TorAnonymizer - NotTorAnonymizer x-enumDescriptions: 'null': (Or `""`) No proxy used From 20dcb8cd8c89ec9cd43b9e7fea6a83be34a4a5f7 Mon Sep 17 00:00:00 2001 From: Antoine Piron Date: Wed, 11 Dec 2024 17:05:10 +0100 Subject: [PATCH 12/13] OpenApi: Fix IdentityProvider Protocol types --- src/swagger/api.yaml | 148 +++++++++++++++++++------------------------ 1 file changed, 64 insertions(+), 84 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index 5fe5a9bb344..ceecfa2cdf8 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -59375,26 +59375,18 @@ components: - example: DISABLED - default: DISABLED Protocol: + description: IdP-specific protocol settings for endpoints, bindings, and algorithms used to connect with the IdP and validate messages type: object properties: - algorithms: - $ref: '#/components/schemas/ProtocolAlgorithms' - credentials: - $ref: '#/components/schemas/IdentityProviderCredentials' - endpoints: - $ref: '#/components/schemas/ProtocolEndpoints' - issuer: - $ref: '#/components/schemas/ProtocolEndpoint' - relayState: - $ref: '#/components/schemas/ProtocolRelayState' - scopes: - type: array - items: - type: string - settings: - $ref: '#/components/schemas/ProtocolSettings' type: $ref: '#/components/schemas/ProtocolType' + discriminator: + propertyName: type + mapping: + SAML2: '#/components/schemas/ProtocolSaml' + OAUTH2: '#/components/schemas/ProtocolOAuth' + OIDC: '#/components/schemas/ProtocolOidc' + MTLS: '#/components/schemas/ProtocolMtls' ProtocolAlgorithmRequestScope: description: Specifies whether to digitally sign authorization requests to the IdP example: REQUEST @@ -59422,83 +59414,71 @@ components: ProtocolMtls: title: Mutual TLS Protocol description: Protocol settings for the [MTLS Protocol](https://tools.ietf.org/html/rfc5246#section-7.4.4) - type: object - properties: - credentials: - $ref: '#/components/schemas/MtlsCredentials' - endpoints: - $ref: '#/components/schemas/MtlsEndpoints' - type: - type: string - description: Mutual TLS - enum: - - MTLS + allOf: + - $ref: '#/components/schemas/Protocol' + - type: object + properties: + credentials: + $ref: '#/components/schemas/MtlsCredentials' + endpoints: + $ref: '#/components/schemas/MtlsEndpoints' ProtocolOAuth: title: OAuth 2.0 Protocol description: Protocol settings for authentication using the [OAuth 2.0 Authorization Code flow](https://tools.ietf.org/html/rfc6749#section-4.1) - type: object - properties: - credentials: - $ref: '#/components/schemas/OAuthCredentials' - endpoints: - $ref: '#/components/schemas/OAuthEndpoints' - scopes: - type: array - description: |- - IdP-defined permission bundles to request delegated access from the User - > **Note:** The [Identity Provider type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider!path=type&t=request) table lists the scopes that are supported for each Identity Provider. - items: - type: string - example: public_profile - type: - type: string - description: OAuth 2.0 Authorization Code flow - enum: - - OAUTH2 + allOf: + - $ref: '#/components/schemas/Protocol' + - type: object + properties: + credentials: + $ref: '#/components/schemas/OAuthCredentials' + endpoints: + $ref: '#/components/schemas/OAuthEndpoints' + scopes: + type: array + description: |- + IdP-defined permission bundles to request delegated access from the User + > **Note:** The [Identity Provider type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider!path=type&t=request) table lists the scopes that are supported for each Identity Provider. + items: + type: string + example: public_profile ProtocolOidc: title: OpenID Connect Protocol description: Protocol settings for authentication using the [OpenID Connect Protocol](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) - type: object - properties: - algorithms: - $ref: '#/components/schemas/OidcAlgorithms' - credentials: - $ref: '#/components/schemas/OAuthCredentials' - endpoints: - $ref: '#/components/schemas/OAuthEndpoints' - scopes: - type: array - description: |- - OpenID Connect and IdP-defined permission bundles to request delegated access from the User - > **Note:** The [Identity Provider type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider!path=type&t=request) table lists the scopes that are supported for each Identity Provider. - items: - type: string - example: openid - type: - type: string - description: OpenID Connect Authorization Code flow - enum: - - OIDC + allOf: + - $ref: '#/components/schemas/Protocol' + - type: object + properties: + algorithms: + $ref: '#/components/schemas/OidcAlgorithms' + credentials: + $ref: '#/components/schemas/OAuthCredentials' + endpoints: + $ref: '#/components/schemas/OAuthEndpoints' + scopes: + type: array + description: |- + OpenID Connect and IdP-defined permission bundles to request delegated access from the User + > **Note:** The [Identity Provider type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider!path=type&t=request) table lists the scopes that are supported for each Identity Provider. + items: + type: string + example: openid ProtocolSaml: title: SAML 2.0 Protocol description: Protocol settings for the [SAML 2.0 Authentication Request Protocol](http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf) - type: object - properties: - algorithms: - $ref: '#/components/schemas/SamlAlgorithms' - credentials: - $ref: '#/components/schemas/SamlCredentials' - endpoints: - $ref: '#/components/schemas/SamlEndpoints' - relayState: - $ref: '#/components/schemas/SamlRelayState' - settings: - $ref: '#/components/schemas/SamlSettings' - type: - type: string - description: SAML 2.0 protocol - enum: - - SAML2 + allOf: + - $ref: '#/components/schemas/Protocol' + - type: object + properties: + algorithms: + $ref: '#/components/schemas/SamlAlgorithms' + credentials: + $ref: '#/components/schemas/SamlCredentials' + endpoints: + $ref: '#/components/schemas/SamlEndpoints' + relayState: + $ref: '#/components/schemas/SamlRelayState' + settings: + $ref: '#/components/schemas/SamlSettings' ProtocolAlgorithmType: type: object properties: From edd3b32ba3444a21dcfad9d67f356bb3389fe4f5 Mon Sep 17 00:00:00 2001 From: Antoine Piron Date: Mon, 6 Jan 2025 16:04:54 +0100 Subject: [PATCH 13/13] OpenApi: Update InlineHooks to match the latest spec OpenApi: Update InlineHooks to match the latest spec --- src/swagger/api.yaml | 584 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 480 insertions(+), 104 deletions(-) diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml index ceecfa2cdf8..32f063bc20d 100644 --- a/src/swagger/api.yaml +++ b/src/swagger/api.yaml @@ -13619,14 +13619,22 @@ paths: isGenerallyAvailable: true /api/v1/inlineHooks: get: - summary: List all Inline Hooks - description: Lists all inline hooks + summary: List all inline hooks + description: |- + Lists all inline hooks or all inline hooks of a specific type. + + When listing a specific inline hook, you need to specify its type. The following types are currently supported: + | Type Value | Name | + |------------------------------------|----------------------------------------------------------------| + | `com.okta.import.transform` | [User import inline hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createUserImportInlineHook) | + | `com.okta.oauth2.tokens.transform` | [Token inline hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createTokenInlineHook) | + | `com.okta.saml.tokens.transform` | [SAML assertion inline hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createSAMLAssertionInlineHook) | + | `com.okta.telephony.provider` | [Telephony inline hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createTelephonyInlineHook) | + | `com.okta.user.credential.password.import` | [Password import inline hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createPasswordImportInlineHook)| + | `com.okta.user.pre-registration` | [Registration inline hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/create-registration-hook) | operationId: listInlineHooks parameters: - - name: type - in: query - schema: - type: string + - $ref: '#/components/parameters/inlineHookType' responses: '200': description: Success @@ -13637,31 +13645,58 @@ paths: items: $ref: '#/components/schemas/InlineHook' examples: - AuthenticatorConfiguration: - $ref: '#/components/examples/InlineHookTelephony' + InlineHooktMgmtListAllexample: + $ref: '#/components/examples/InlineHooktMgmtListAllexample' '403': $ref: '#/components/responses/ErrorAccessDenied403' '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.read + - apiToken: [] + - oauth2: + - okta.inlineHooks.read tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true post: - summary: Create an Inline Hook - description: Creates an inline hook + summary: Create an inline hook + description: "Creates an inline hook\n\nThis endpoint creates an inline hook\ + \ for your org in an `ACTIVE` status. You need to pass an inline hooks object\ + \ in the JSON payload of your request. \nThat object represents the set of\ + \ required information about the inline hook that you're registering, including:\n\ + \n* The URI of your external service endpoint\n* The type of inline hook you're\ + \ registering\n* The type of authentication you're registering\n\nThere are\ + \ two authentication options that you can configure for your inline hook:\ + \ HTTP headers and OAuth 2.0 tokens.\n\nHTTP headers let you specify a secret\ + \ API key that you want Okta to pass to your external service endpoint (so\ + \ that your external service can check for its presence as a security measure).\n\ + \n>**Note:** The API key that you set here is unrelated to the Okta API token\ + \ you must supply when making calls to Okta APIs.\n\nYou can also optionally\ + \ specify extra headers that you want Okta to pass to your external service\ + \ with each call.\n\nTo configure HTTP header authentication, see parameters\ + \ for the `config` object.\n\nOAuth 2.0 tokens provide enhanced security between\ + \ Okta and your external service. You can configure these tokens for the following\ + \ types—client secret and private key.\n\n>**Note:** Your external service's\ + \ endpoint needs to be a valid HTTPS endpoint. The URI you specify should\ + \ always begin with `https://`.\n\nThe total number of inline hooks that you\ + \ can create in an Okta org is limited to 50, which is a combined total for\ + \ any combination of inline hook types." operationId: createInlineHook - x-codegen-request-body-name: inlineHook + x-codegen-request-body-name: inlineHookCreate requestBody: content: application/json: schema: - $ref: '#/components/schemas/InlineHook' + $ref: '#/components/schemas/InlineHookCreate' + examples: + CreateInlineHookHTTP: + $ref: '#/components/examples/InlineHookMgmtCreateHTTPRequest' + CreateInlineHookOAuthClientSecret: + $ref: '#/components/examples/InlineHookMgmtCreateOAuthClientSecretRequest' + CreateInlineHookOAuthPrivateKey: + $ref: '#/components/examples/InlineHookMgmtCreateOAuthPrivateKeyRequest' required: true responses: '200': @@ -13669,7 +13704,14 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/InlineHook' + $ref: '#/components/schemas/InlineHookCreateResponse' + examples: + CreateInlineHookHTTP: + $ref: '#/components/examples/InlineHookMgmtCreateHTTPResponse' + CreateInlineHookOAuthClientSecret: + $ref: '#/components/examples/InlineHookMgmtCreateOAuthClientSecretResponse' + CreateInlineHookOAuthPrivateKey: + $ref: '#/components/examples/InlineHookMgmtCreateOAuthPrivateKeyResponse' '400': $ref: '#/components/responses/ErrorApiValidationFailed400' '403': @@ -13677,19 +13719,19 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.manage + - apiToken: [] + - oauth2: + - okta.inlineHooks.manage tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true /api/v1/inlineHooks/{inlineHookId}: parameters: - - $ref: '#/components/parameters/pathInlineHookId' + - $ref: '#/components/parameters/pathInlineHookId' get: - summary: Retrieve an Inline Hook + summary: Retrieve an inline hook description: Retrieves an inline hook by `inlineHookId` operationId: getInlineHook responses: @@ -13700,8 +13742,12 @@ paths: schema: $ref: '#/components/schemas/InlineHook' examples: - AuthenticatorConfiguration: - $ref: '#/components/examples/InlineHookTelephony' + InlineHookHTTP: + $ref: '#/components/examples/InlineHookMgmtHTTPexample' + InlineHookOAuthClientSecret: + $ref: '#/components/examples/InlineHookMgmtOAuthCSPexample' + InlineHookOAuthPrivateKey: + $ref: '#/components/examples/InlineHookMgmtOauthPKJexample' '403': $ref: '#/components/responses/ErrorAccessDenied403' '404': @@ -13709,16 +13755,16 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.read + - apiToken: [] + - oauth2: + - okta.inlineHooks.read tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true post: - summary: Update an Inline Hook + summary: Update an inline hook description: Updates an inline hook by `inlineHookId` operationId: updateInlineHook x-codegen-request-body-name: inlineHook @@ -13726,7 +13772,10 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/InlineHook' + $ref: '#/components/schemas/InlineHookReplace' + examples: + UpdateInlineHookHTTP: + $ref: '#/components/examples/InlineHookMgmtPutHTTPRequest' required: true responses: '200': @@ -13735,6 +13784,9 @@ paths: application/json: schema: $ref: '#/components/schemas/InlineHook' + examples: + UpdateInlineHookHTTP: + $ref: '#/components/examples/InlineHookMgmtPutResponse' '400': $ref: '#/components/responses/ErrorApiValidationFailed400' '403': @@ -13744,24 +13796,30 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.manage + - apiToken: [] + - oauth2: + - okta.inlineHooks.manage tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true put: - summary: Replace an Inline Hook - description: Replaces an inline hook by `inlineHookId` + summary: Replace an inline hook + description: |- + Replaces an inline hook by `inlineHookId`. The submitted inline hook properties replace the existing properties after passing validation. + + >**Note:** Some properties are immutable and can't be updated. operationId: replaceInlineHook x-codegen-request-body-name: inlineHook requestBody: content: application/json: schema: - $ref: '#/components/schemas/InlineHook' + $ref: '#/components/schemas/InlineHookReplace' + examples: + UpdateInlineHookHTTP: + $ref: '#/components/examples/InlineHookMgmtPutHTTPRequest' required: true responses: '200': @@ -13770,6 +13828,9 @@ paths: application/json: schema: $ref: '#/components/schemas/InlineHook' + examples: + UpdateInlineHookHTTP: + $ref: '#/components/examples/InlineHookMgmtPutResponse' '400': $ref: '#/components/responses/ErrorApiValidationFailed400' '403': @@ -13779,17 +13840,19 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.manage + - apiToken: [] + - oauth2: + - okta.inlineHooks.manage tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true delete: - summary: Delete an Inline Hook - description: Deletes an inline hook by `inlineHookId`. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion. + summary: Delete an inline hook + description: Deletes an inline hook by `inlineHookId`. After it's deleted, the + inline hook is unrecoverable. As a safety precaution, only inline hooks with + a status of `INACTIVE` are eligible for deletion. operationId: deleteInlineHook responses: '204': @@ -13802,27 +13865,56 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.manage + - apiToken: [] + - oauth2: + - okta.inlineHooks.manage tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true /api/v1/inlineHooks/{inlineHookId}/execute: parameters: - - $ref: '#/components/parameters/pathInlineHookId' + - $ref: '#/components/parameters/pathInlineHookId' post: summary: Execute an Inline Hook - description: Executes the inline hook by `inlineHookId` using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes. + description: "Executes the inline hook that matches the provided `inlineHookId`\ + \ by using the request body as the input. This inline hook sends the provided\ + \ \ndata through the `channel` object and returns a response if it matches\ + \ the correct data contract. Otherwise it returns an error. You need to \n\ + construct a JSON payload that matches the payloads that Okta would send to\ + \ your external service for this inline hook type.\n\nA timeout of three seconds\ + \ is enforced on all outbound requests, with one retry in the event of a timeout\ + \ or an error response from the remote system. \nIf a successful response\ + \ isn't received after the request, a 400 error is returned with more information\ + \ about what failed.\n\n>**Note:** This execution endpoint isn't tied to any\ + \ other functionality in Okta, and you should only use it for testing purposes." operationId: executeInlineHook x-codegen-request-body-name: payloadData requestBody: content: application/json: schema: - $ref: '#/components/schemas/InlineHookPayload' + oneOf: + - $ref: '#/components/schemas/PasswordImportRequestExecute' + - $ref: '#/components/schemas/TelephonyRequestExecute' + - $ref: '#/components/schemas/RegistrationInlineHookRequest' + - $ref: '#/components/schemas/TokenRequest' + - $ref: '#/components/schemas/SAMLPayloadExecute' + - $ref: '#/components/schemas/UserImportRequestExecute' + examples: + PasswordImportPayloadExample: + $ref: '#/components/examples/PasswordImportPayloadExample' + TelephonyPayloadExample: + $ref: '#/components/examples/TelephonyPayloadExample' + ProfileEnrollmentRequest: + $ref: '#/components/examples/ProfileEnrollmentRequest' + TokenPayLoadExample: + $ref: '#/components/examples/TokenPayLoadExample' + SAMLPayloadExample: + $ref: '#/components/examples/SAMLPayLoadExample' + UserImportPayloadExample: + $ref: '#/components/examples/UserImportPayloadExample' required: true responses: '200': @@ -13830,7 +13922,26 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/InlineHookResponse' + oneOf: + - $ref: '#/components/schemas/PasswordImportResponse' + - $ref: '#/components/schemas/TelephonyResponse' + - $ref: '#/components/schemas/RegistrationInlineHookResponse' + - $ref: '#/components/schemas/TokenHookResponse' + - $ref: '#/components/schemas/SAMLHookResponse' + - $ref: '#/components/schemas/UserImportResponse' + examples: + PasswordImportPayloadExample: + $ref: '#/components/examples/PasswordImportVerifiedResponse' + TelephonyPayloadExample: + $ref: '#/components/examples/TelephonySuccessResponse' + ProfileEnrollmentRequest: + $ref: '#/components/examples/ProfileEnrollmentResponse' + TokenPayLoadExample: + $ref: '#/components/examples/TokenHookResponse' + SAMLPayloadExample: + $ref: '#/components/examples/SAMLHookResponseExample' + UserImportPayloadExample: + $ref: '#/components/examples/UserImportChangeAppUserProfileExample' '400': $ref: '#/components/responses/ErrorApiValidationFailed400' '403': @@ -13840,19 +13951,19 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.manage + - apiToken: [] + - oauth2: + - okta.inlineHooks.manage tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate: parameters: - - $ref: '#/components/parameters/pathInlineHookId' + - $ref: '#/components/parameters/pathInlineHookId' post: - summary: Activate an Inline Hook + summary: Activate an inline hook description: Activates the inline hook by `inlineHookId` operationId: activateInlineHook responses: @@ -13862,6 +13973,9 @@ paths: application/json: schema: $ref: '#/components/schemas/InlineHook' + examples: + ActivateAnInlineHook: + $ref: '#/components/examples/InlineHookMgmtOAuthCSPexample' '403': $ref: '#/components/responses/ErrorAccessDenied403' '404': @@ -13869,19 +13983,19 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.manage + - apiToken: [] + - oauth2: + - okta.inlineHooks.manage tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate: parameters: - - $ref: '#/components/parameters/pathInlineHookId' + - $ref: '#/components/parameters/pathInlineHookId' post: - summary: Deactivate an Inline Hook + summary: Deactivate an inline hook description: Deactivates the inline hook by `inlineHookId` operationId: deactivateInlineHook responses: @@ -13891,6 +14005,9 @@ paths: application/json: schema: $ref: '#/components/schemas/InlineHook' + examples: + DeactivateAnInlineHook: + $ref: '#/components/examples/InlineHookMgmtHTTPexampleDeactivate' '403': $ref: '#/components/responses/ErrorAccessDenied403' '404': @@ -13898,11 +14015,11 @@ paths: '429': $ref: '#/components/responses/ErrorTooManyRequests429' security: - - apiToken: [] - - oauth2: - - okta.inlineHooks.manage + - apiToken: [] + - oauth2: + - okta.inlineHooks.manage tags: - - InlineHook + - InlineHook x-okta-lifecycle: lifecycle: GA isGenerallyAvailable: true @@ -44674,6 +44791,19 @@ components: required: true schema: type: string + inlineHookType: + name: type + description: One of the supported inline hook types + in: query + schema: + type: string + enum: + - com.okta.import.transform + - com.okta.oauth2.tokens.transform + - com.okta.saml.tokens.transform + - com.okta.user.credential.password.import + - com.okta.user.pre-registration + - com.okta.telephony.provider limitParameter: name: limit in: query @@ -53604,6 +53734,8 @@ components: capabilities: $ref: '#/components/schemas/CapabilitiesInboundProvisioningObject' InlineHook: + description: An inline hook object that specifies the details of the inline + hook type: object properties: channel: @@ -53612,28 +53744,32 @@ components: type: string format: date-time readOnly: true + description: Date of the inline hook creation id: type: string readOnly: true + description: The unique identifier for the inline hook lastUpdated: type: string format: date-time readOnly: true - metadata: - type: object - description: Specific properties for the inline hook configuration, for example, `optOutServiceProtectionRateLimit` to opt-out of Telephony Service Protection Rate Limits when using the Telephony inline hook. - additionalProperties: - type: string + description: Date of the last inline hook update name: type: string + description: The display name of the inline hook + maximum: 255 + minimum: 1 status: $ref: '#/components/schemas/InlineHookStatus' type: $ref: '#/components/schemas/InlineHookType' version: type: string + description: Version of the inline hook type. The currently supported version + is `1.0.0`. + readOnly: true _links: - $ref: '#/components/schemas/LinksSelf' + $ref: '#/components/schemas/InlineHookLinks' InlineHookBasePayload: type: object properties: @@ -53652,7 +53788,7 @@ components: eventTime: type: string description: The time the inline hook request was sent - example: '2020-01-17T21:23:56.000Z' + example: 2020-01-17T21:23:56.000Z eventTypeVersion: description: The inline hook version example: 1 @@ -53664,47 +53800,116 @@ components: $ref: '#/components/schemas/InlineHookChannelType' version: type: string + description: Version of the inline hook type. The currently supported version + is `1.0.0`. discriminator: propertyName: type mapping: HTTP: '#/components/schemas/InlineHookChannelHttp' OAUTH: '#/components/schemas/InlineHookChannelOAuth' InlineHookChannelConfig: + description: Properties of the communications channel that are used to contact + your external service type: object properties: - authScheme: - $ref: '#/components/schemas/InlineHookChannelConfigAuthScheme' headers: type: array + description: An optional list of key/value pairs for headers that you can + send with the request to the external service items: $ref: '#/components/schemas/InlineHookChannelConfigHeaders' method: type: string + description: The method of the Okta inline hook request uri: type: string - InlineHookChannelConfigAuthScheme: + description: The external service endpoint that executes the inline hook + handler. It must begin with `https://` and be reachable by Okta. No white + space is allowed in the URI. + maximum: 1024 + InlineHookChannelConfigAuthSchemeBody: + description: The authentication scheme to use for this request + nullable: true type: object properties: key: type: string + description: The header name for the authorization server type: type: string + description: The authentication scheme type. Supported type—`HEADER`. value: type: string + description: The header value. This secret value is passed to your external + service endpoint. Your external service can check it as a security measure. + InlineHookChannelConfigAuthSchemeResponse: + description: The authentication scheme to use for this request + nullable: true + type: object + properties: + key: + type: string + description: The header name for the authorization server + type: + type: string + description: The authentication scheme type. Supported type—`HEADER` + InlineHookChannelConfigCreate: + description: Properties of the communications channel that are used to contact + your external service + type: object + properties: + headers: + type: array + description: An optional list of key/value pairs for headers that you can + send with the request to the external service. + items: + $ref: '#/components/schemas/InlineHookChannelConfigHeaders' + method: + type: string + description: The method of the Okta inline hook request + uri: + type: string + description: The external service endpoint that executes the inline hook + handler. It must begin with `https://` and be reachable by Okta. No white + space is allowed in the URI. + maximum: 1024 InlineHookChannelConfigHeaders: type: object properties: key: type: string + description: The optional field or header name value: type: string + description: The value for the key + InlineHookChannelCreate: + type: object + properties: + type: + $ref: '#/components/schemas/InlineHookChannelType' + version: + type: string + description: Version of the inline hook type. The currently supported version + is `1.0.0`. + discriminator: + propertyName: type + mapping: + HTTP: '#/components/schemas/InlineHookChannelHttpCreate' + OAUTH: '#/components/schemas/InlineHookChannelOAuthCreate' InlineHookChannelHttp: allOf: - $ref: '#/components/schemas/InlineHookChannel' - type: object properties: config: - $ref: '#/components/schemas/InlineHookChannelConfig' + $ref: '#/components/schemas/InlineHookHttpConfig' + InlineHookChannelHttpCreate: + allOf: + - $ref: '#/components/schemas/InlineHookChannelCreate' + - type: object + properties: + config: + $ref: '#/components/schemas/InlineHookHttpConfigCreate' InlineHookChannelOAuth: allOf: - $ref: '#/components/schemas/InlineHookChannel' @@ -53712,51 +53917,221 @@ components: properties: config: $ref: '#/components/schemas/InlineHookOAuthChannelConfig' + InlineHookChannelOAuthCreate: + allOf: + - $ref: '#/components/schemas/InlineHookChannelCreate' + - type: object + properties: + config: + $ref: '#/components/schemas/InlineHookOAuthChannelConfigCreate' InlineHookChannelType: type: string enum: - - HTTP - - OAUTH - InlineHookOAuthBasicConfig: - allOf: - - $ref: '#/components/schemas/InlineHookChannelConfig' + - HTTP + - OAUTH + InlineHookCreate: + description: An inline hook object that specifies the details of the inline + hook type: object properties: - authType: + channel: + $ref: '#/components/schemas/InlineHookChannelCreate' + name: type: string - clientId: + description: The display name of the inline hook + maximum: 255 + minimum: 1 + type: + $ref: '#/components/schemas/InlineHookType' + version: type: string - scope: + description: Version of the inline hook type. The currently supported version + is `1.0.0`. + InlineHookCreateResponse: + description: An inline hook object that specifies the details of the inline + hook + type: object + properties: + channel: + $ref: '#/components/schemas/InlineHookChannel' + created: + type: string + format: date-time + readOnly: true + description: Date of the inline hook creation + id: + type: string + readOnly: true + description: The unique identifier for the inline hook + lastUpdated: + type: string + format: date-time + readOnly: true + description: Date of the last inline hook update + name: type: string - tokenUrl: + description: The display name of the inline hook + maximum: 255 + minimum: 1 + status: + $ref: '#/components/schemas/InlineHookStatus' + type: + $ref: '#/components/schemas/InlineHookType' + version: type: string + description: Version of the inline hook type. The currently supported version + is `1.0.0`. + readOnly: true + _links: + $ref: '#/components/schemas/InlineHookLinksCreate' + InlineHookHttpConfig: + allOf: + - $ref: '#/components/schemas/InlineHookChannelConfig' + - type: object + properties: + authScheme: + $ref: '#/components/schemas/InlineHookChannelConfigAuthSchemeResponse' + InlineHookHttpConfigCreate: + allOf: + - $ref: '#/components/schemas/InlineHookChannelConfigCreate' + - type: object + properties: + authScheme: + $ref: '#/components/schemas/InlineHookChannelConfigAuthSchemeBody' + InlineHookLinks: + allOf: + - $ref: '#/components/schemas/LinksSelf' + - type: object + properties: + activate: + description: URL to activate the inline hook + allOf: + - $ref: '#/components/schemas/HrefObject' + deactivate: + description: URL to deactivate the inline hook + allOf: + - $ref: '#/components/schemas/HrefObject' + delete: + description: URL to delete the inline hook + allOf: + - $ref: '#/components/schemas/HrefObject' + execute: + description: URL to test the inline hook + allOf: + - $ref: '#/components/schemas/HrefObject' + InlineHookLinksCreate: + allOf: + - $ref: '#/components/schemas/LinksSelf' + - type: object + properties: + deactivate: + description: URL to deactivate the inline hook + allOf: + - $ref: '#/components/schemas/HrefObject' + execute: + description: URL to test the inline hook + allOf: + - $ref: '#/components/schemas/HrefObject' + InlineHookOAuthBasicConfig: + allOf: + - $ref: '#/components/schemas/InlineHookChannelConfig' + - type: object + properties: + clientId: + type: string + description: A publicly exposed string provided by the service that's used + to identify the OAuth app and build authorization URLs + scope: + type: string + description: Include the scopes that allow you to perform the actions on + the hook endpoint that you want to access + tokenUrl: + type: string + description: The URI where inline hooks can exchange an authorization code + for access and refresh tokens InlineHookOAuthChannelConfig: type: object properties: authType: type: string + description: The authentication method for the token endpoint discriminator: propertyName: authType mapping: client_secret_post: '#/components/schemas/InlineHookOAuthClientSecretConfig' private_key_jwt: '#/components/schemas/InlineHookOAuthPrivateKeyJwtConfig' - InlineHookOAuthClientSecretConfig: - allOf: - - $ref: '#/components/schemas/InlineHookOAuthBasicConfig' + InlineHookOAuthChannelConfigCreate: type: object properties: - clientSecret: + authType: type: string + description: The authentication method for the token endpoint + discriminator: + propertyName: authType + mapping: + client_secret_post: '#/components/schemas/InlineHookOAuthClientSecretConfigCreate' + private_key_jwt: '#/components/schemas/InlineHookOAuthPrivateKeyJwtConfig' + InlineHookOAuthClientSecretConfig: + allOf: + - $ref: '#/components/schemas/InlineHookOAuthBasicConfig' + - $ref: '#/components/schemas/InlineHookOAuthChannelConfig' + - type: object + properties: + authScheme: + type: string + description: Not applicable. Must be `null`. + nullable: true + InlineHookOAuthClientSecretConfigCreate: + allOf: + - $ref: '#/components/schemas/InlineHookOAuthBasicConfig' + - $ref: '#/components/schemas/InlineHookOAuthChannelConfigCreate' + - type: object + properties: + clientSecret: + type: string + description: A private value provided by the service used to authenticate + the identity of the app to the service + method: + type: string + description: The method of the Okta inline hook request. Only accepts `POST`. InlineHookOAuthPrivateKeyJwtConfig: allOf: - $ref: '#/components/schemas/InlineHookOAuthBasicConfig' - type: object - properties: - hookKeyId: - type: string + - $ref: '#/components/schemas/InlineHookOAuthChannelConfig' + - type: object + properties: + authType: + type: string + authScheme: + type: string + description: Not applicable. Must be `null`. + nullable: true + hookKeyId: + type: string + description: An ID value of the hook key pair generated from the [Hook Keys + API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/HookKey/#tag/HookKey) + method: + type: string + description: The method of the Okta inline hook request. Only accepts `POST`. InlineHookPayload: type: object x-okta-extensible: true + InlineHookReplace: + description: An inline hook object that specifies the details of the inline + hook + type: object + properties: + channel: + $ref: '#/components/schemas/InlineHookChannelCreate' + name: + type: string + description: The display name of the inline hook + maximum: 255 + minimum: 1 + version: + type: string + description: Version of the inline hook type. The currently supported version + is `1.0.0`. InlineHookRequestObject: description: The API request that triggered the inline hook type: object @@ -53805,17 +54180,18 @@ components: InlineHookStatus: type: string enum: - - ACTIVE - - INACTIVE + - ACTIVE + - INACTIVE InlineHookType: + description: One of the inline hook types type: string enum: - - com.okta.import.transform - - com.okta.oauth2.tokens.transform - - com.okta.saml.tokens.transform - - com.okta.telephony.provider - - com.okta.user.credential.password.import - - com.okta.user.pre-registration + - com.okta.import.transform + - com.okta.oauth2.tokens.transform + - com.okta.saml.tokens.transform + - com.okta.telephony.provider + - com.okta.user.credential.password.import + - com.okta.user.pre-registration IssuerMode: type: string enum: