arazzo: 1.0.1
info:
  title: Auth0 Create Client and Grant Access to an Existing API
  summary: Create a client application, grant it access to an existing API audience, then read the grant back.
  description: >-
    Authorizes a new application against an API that already exists. The
    workflow creates a client application, creates a client grant binding it to
    the supplied existing API audience with the requested scopes, and reads the
    grant back to confirm. Each step spells out its request inline so the flow
    can be read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: auth0ManagementApi
  url: ../openapi/auth0-management-api-openapi.yml
  type: openapi
workflows:
- workflowId: create-client-grant-to-api
  summary: Create a client and authorize it for an existing API audience.
  description: >-
    Creates a client, creates a client grant for the supplied audience with the
    requested scopes, and reads the grant back to verify.
  inputs:
    type: object
    required:
    - clientName
    - audience
    properties:
      clientName:
        type: string
        description: Name for the client application.
      audience:
        type: string
        description: The existing API identifier (audience) to grant access to.
      scope:
        type: array
        description: Scopes the client grant should allow for this audience.
        items:
          type: string
  steps:
  - stepId: createClient
    description: >-
      Create a new client application.
    operationId: post_clients
    requestBody:
      contentType: application/json
      payload:
        name: $inputs.clientName
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      clientId: $response.body#/client_id
  - stepId: createGrant
    description: >-
      Authorize the client for the supplied API audience with the requested
      scopes.
    operationId: post_client-grants
    requestBody:
      contentType: application/json
      payload:
        client_id: $steps.createClient.outputs.clientId
        audience: $inputs.audience
        scope: $inputs.scope
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      grantId: $response.body#/id
  - stepId: getGrant
    description: >-
      Read the client grant back to confirm it was created.
    operationId: get_client-grant
    parameters:
    - name: id
      in: path
      value: $steps.createGrant.outputs.grantId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      grant: $response.body
  outputs:
    clientId: $steps.createClient.outputs.clientId
    grantId: $steps.createGrant.outputs.grantId
    grant: $steps.getGrant.outputs.grant