arazzo: 1.0.1
info:
  title: Okta Find User and Assign Application
  summary: Look up a user by login and assign them to an application if found.
  description: >-
    A find-then-act access-grant flow. The workflow searches for a user by their
    login or email, branches on whether a match was found, and when found
    assigns that user to a target application for SSO and provisioning. The
    resolved user id is chained from the search into the assignment call. Every
    step spells out its request inline, including the SSWS API token header, so
    the flow can be read and executed without opening the underlying OpenAPI
    description.
  version: 1.0.0
sourceDescriptions:
- name: oktaApi
  url: ../openapi/okta-openapi-original.yml
  type: openapi
workflows:
- workflowId: find-user-and-assign-app
  summary: Resolve a user by login and assign them to an application.
  description: >-
    Searches for a user and, when found, assigns the matched user to an
    application instance.
  inputs:
    type: object
    required:
    - oktaApiToken
    - query
    - appId
    properties:
      oktaApiToken:
        type: string
        description: Okta API token used for the SSWS Authorization header.
      query:
        type: string
        description: Search term matching the user's firstName, lastName, or email.
      appId:
        type: string
        description: The id of the application to assign the matched user to.
  steps:
  - stepId: findUser
    description: >-
      Search for a user matching the supplied query, returning at most one
      result.
    operationId: listUsers
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: q
      in: query
      value: $inputs.query
    - name: limit
      in: query
      value: 1
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/0/id
    onSuccess:
    - name: userFound
      type: goto
      stepId: assignApp
      criteria:
      - context: $response.body
        condition: $.length > 0
        type: jsonpath
    - name: userMissing
      type: end
      criteria:
      - context: $response.body
        condition: $.length == 0
        type: jsonpath
  - stepId: assignApp
    description: >-
      Assign the matched user to the target application for SSO and
      provisioning.
    operationId: assignUserToApplication
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: appId
      in: path
      value: $inputs.appId
    requestBody:
      contentType: application/json
      payload:
        id: $steps.findUser.outputs.userId
        scope: USER
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      appUserId: $response.body#/id
  outputs:
    userId: $steps.findUser.outputs.userId
    appUserId: $steps.assignApp.outputs.appUserId