arazzo: 1.0.1
info:
  title: Auth0 Create User and Assign Roles
  summary: Create a database user, assign one or more tenant roles, then read the enriched profile back.
  description: >-
    A core Auth0 identity onboarding flow. The workflow creates a new user in a
    database connection, assigns the supplied set of existing tenant roles to
    that user for Role-Based Access Control, and finally retrieves the user
    record so the caller has the freshly provisioned identity. Each step spells
    out its request inline so the flow can be read and executed without opening
    the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: auth0ManagementApi
  url: ../openapi/auth0-management-api-openapi.yml
  type: openapi
workflows:
- workflowId: create-user-assign-roles
  summary: Create a user and grant tenant roles in one pass.
  description: >-
    Creates a user in a given database connection, assigns the provided role
    ids to the new user, and reads the user back to confirm provisioning.
  inputs:
    type: object
    required:
    - connection
    - email
    - password
    - roles
    properties:
      connection:
        type: string
        description: Name of the database connection the user should be created in.
      email:
        type: string
        description: Email address for the new user.
      password:
        type: string
        description: Initial password for the new user.
      roles:
        type: array
        description: List of existing role ids to assign to the new user.
        items:
          type: string
  steps:
  - stepId: createUser
    description: >-
      Create a new user in the supplied database connection with the given
      email and password.
    operationId: post_users
    requestBody:
      contentType: application/json
      payload:
        connection: $inputs.connection
        email: $inputs.email
        password: $inputs.password
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      userId: $response.body#/user_id
  - stepId: assignRoles
    description: >-
      Assign the supplied tenant role ids to the newly created user.
    operationId: post_user_roles
    parameters:
    - name: id
      in: path
      value: $steps.createUser.outputs.userId
    requestBody:
      contentType: application/json
      payload:
        roles: $inputs.roles
    successCriteria:
    - condition: $statusCode == 204
  - stepId: getUser
    description: >-
      Retrieve the user record to confirm the roles were applied and return the
      final identity.
    operationId: get_users_by_id
    parameters:
    - name: id
      in: path
      value: $steps.createUser.outputs.userId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/user_id
      email: $response.body#/email
  outputs:
    userId: $steps.getUser.outputs.userId
    email: $steps.getUser.outputs.email