arazzo: 1.0.1
info:
  title: Azure Web PubSub Grant Permission then Send to User
  summary: Grant a connection a group permission, then deliver a message to that user.
  description: >-
    An authorization-then-delivery pattern: an app server grants a connection the
    permission it needs (for example sendToGroup) against a target group, then
    sends a direct message to the user that owns the connection. Each step inlines
    its request — Authorization bearer header, required api-version query, the
    message body, and documented status codes — so the flow is self-describing.
  version: 1.0.0
sourceDescriptions:
- name: webPubSubApi
  url: ../openapi/microsoft-azure-web-pubsub-openapi.yml
  type: openapi
workflows:
- workflowId: grant-permission-send-to-user
  summary: Grant a sendToGroup or joinLeaveGroup permission to a connection, then send a message to the user.
  description: >-
    Grants a permission to a connection via grantPermission, then delivers a
    plain-text message to the user via sendToUser.
  inputs:
    type: object
    required:
    - accessToken
    - hub
    - permission
    - connectionId
    - userId
    - message
    properties:
      accessToken:
        type: string
        description: JWT bearer token for the Web PubSub data plane.
      apiVersion:
        type: string
        description: Data plane REST API version.
        default: "2024-01-01"
      hub:
        type: string
        description: Target hub name.
      permission:
        type: string
        description: Permission to grant.
        enum:
        - sendToGroup
        - joinLeaveGroup
      connectionId:
        type: string
        description: The connection id to grant the permission to.
      targetName:
        type: string
        description: Optional target group name the permission applies to.
      userId:
        type: string
        description: The user id to send the message to.
      message:
        type: string
        description: The plain-text message to deliver to the user.
  steps:
  - stepId: grantPermission
    description: >-
      Grant the connection the requested permission, optionally scoped to a
      target group name.
    operationId: webPubSub_grantPermission
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    - name: hub
      in: path
      value: $inputs.hub
    - name: permission
      in: path
      value: $inputs.permission
    - name: connectionId
      in: path
      value: $inputs.connectionId
    - name: api-version
      in: query
      value: $inputs.apiVersion
    - name: targetName
      in: query
      value: $inputs.targetName
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      grantStatus: $statusCode
  - stepId: sendToUser
    description: >-
      Deliver the supplied plain-text message to every connection owned by the
      user.
    operationId: webPubSub_sendToUser
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    - name: hub
      in: path
      value: $inputs.hub
    - name: userId
      in: path
      value: $inputs.userId
    - name: api-version
      in: query
      value: $inputs.apiVersion
    requestBody:
      contentType: text/plain
      payload: $inputs.message
    successCriteria:
    - condition: $statusCode == 202
    outputs:
      sendStatus: $statusCode
  outputs:
    grantStatus: $steps.grantPermission.outputs.grantStatus
    sendStatus: $steps.sendToUser.outputs.sendStatus