# # Copyright (C) 2015 The Gravitee team (http://gravitee.io) # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # openapi: 3.0.1 info: title: Gravitee.io - Access Management - SCIM 2.0 API description: Gravitee.io - Access Management - SCIM 2.0 API. Defines The SCIM 2.0 Endpoints exposed by AM server. contact: email: contact@graviteesource.com license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html version: 4.6.x servers: - url: "https://auth.gravitee.io/{domain}/scim" paths: /ServiceProviderConfig: get: tags: - SCIM 2.0 summary: Get SCIM 2.0 Provider configuration information description: Endpoint to facilitate discovery of SCIM service provider feature. responses: "200": description: The SCIM specification features content: application/json: schema: $ref: '#/components/schemas/SCIMProviderMetadataResponse' /Bulk: post: tags: - SCIM 2.0 summary: Bulk operation (Users) description: | The SCIM bulk operation is an optional server feature that enables clients to send a potentially large collection of resource operations in a single request. (AM only support bulk operation on Users.) requestBody: description: ssss content: 'application/json': schema: $ref: '#/components/schemas/BulkRequest' required: false responses: "200": description: The SCIM Bulk operation result. content: application/json: schema: $ref: '#/components/schemas/BulkResponse' "401": description: Invalid Token content: {} "400": description: Bad request content: {} x-codegen-request-body-name: op /Users: get: tags: - SCIM 2.0 summary: List User resources description: SCIM 2.0 endpoint to retrieve User resources. parameters: - name: filter in: query description: Filter expression used to restrict results to one or more specific resource types (userName eq "john"). schema: type: string - name: startIndex in: query description: The 1-based index of the first query result. schema: type: integer default: 1 - name: count in: query description: "Non-negative integer. Specifies the desired results per page,\ \ e.g., 10." schema: type: integer responses: "200": description: A JSON object that represents a set of User resources content: application/json: schema: $ref: '#/components/schemas/Users' "401": description: Invalid Token content: {} post: tags: - SCIM 2.0 summary: Create User resource description: SCIM 2.0 endpoint to create User resource. requestBody: description: The user to create. content: application/json: schema: $ref: '#/components/schemas/User' required: false responses: "201": description: A JSON object that represents the user created content: application/json: schema: $ref: '#/components/schemas/User' "401": description: Invalid Token content: {} "400": description: Bad request content: {} x-codegen-request-body-name: user /Users/{userId}: get: tags: - SCIM 2.0 summary: Get User resource description: SCIM 2.0 endpoint to get User parameters: - name: userId in: path description: Unique identifier for the User required: true schema: type: string responses: "200": description: A JSON object that represents the user updated content: application/json: schema: $ref: '#/components/schemas/User' "401": description: Invalid Token content: {} "404": description: User not found content: {} put: tags: - SCIM 2.0 summary: Replace User resource description: SCIM 2.0 endpoint to replace User's attributes parameters: - name: userId in: path description: Unique identifier for the User required: true schema: type: string requestBody: description: The user's attributes to update. content: application/json: schema: $ref: '#/components/schemas/User' required: false responses: "200": description: A JSON object that represents the user updated content: application/json: schema: $ref: '#/components/schemas/User' "401": description: Invalid Token content: {} "400": description: Bad request content: {} "404": description: User not found content: {} x-codegen-request-body-name: user delete: tags: - SCIM 2.0 summary: Delete User resource description: SCIM 2.0 endpoint to delete User parameters: - name: userId in: path description: Unique identifier for the User required: true schema: type: string responses: "204": description: User is deleted content: {} "401": description: Invalid Token content: {} "404": description: User not found content: {} patch: tags: - SCIM 2.0 summary: Modify User resource description: SCIM 2.0 endpoint to modify User's attributes parameters: - name: userId in: path description: Unique identifier for the User required: true schema: type: string requestBody: description: The patch operations to apply. content: application/json: schema: $ref: '#/components/schemas/PatchOp' required: false responses: "200": description: A JSON object that represents the user updated content: application/json: schema: $ref: '#/components/schemas/User' "401": description: Invalid Token content: {} "400": description: Bad request content: {} "404": description: User not found content: {} x-codegen-request-body-name: patchOp /Groups: get: tags: - SCIM 2.0 summary: List Group resources description: SCIM 2.0 endpoint to retrieve Group resources. parameters: - name: startIndex in: query description: The 1-based index of the first query result. schema: type: integer default: 1 - name: count in: query description: "Non-negative integer. Specifies the desired results per page,\ \ e.g., 10." schema: type: integer responses: "200": description: A JSON object that represents a set of Group resources content: application/json: schema: $ref: '#/components/schemas/Groups' "401": description: Invalid Token content: {} post: tags: - SCIM 2.0 summary: Create Group resource description: SCIM 2.0 endpoint to create Group resource. requestBody: description: The group to create. content: application/json: schema: $ref: '#/components/schemas/Group' required: false responses: "201": description: A JSON object that represents the group created content: application/json: schema: $ref: '#/components/schemas/Group' "401": description: Invalid Token content: {} "400": description: Bad request content: {} x-codegen-request-body-name: group /Groups/{groupId}: get: tags: - SCIM 2.0 summary: Get Group resource description: SCIM 2.0 endpoint to get a Group parameters: - name: groupId in: path description: Unique identifier for the Group required: true schema: type: string responses: "200": description: A JSON object that represents the group updated content: application/json: schema: $ref: '#/components/schemas/Group' "401": description: Invalid Token content: {} "404": description: Group not found content: {} put: tags: - SCIM 2.0 summary: Replace Group resource description: SCIM 2.0 endpoint to replace Group's attributes parameters: - name: groupId in: path description: Unique identifier for the Group required: true schema: type: string requestBody: description: The group's attributes to update. content: application/json: schema: $ref: '#/components/schemas/Group' required: false responses: "200": description: A JSON object that represents the group updated content: application/json: schema: $ref: '#/components/schemas/Group' "401": description: Invalid Token content: {} "400": description: Bad request content: {} "404": description: Group not found content: {} x-codegen-request-body-name: group delete: tags: - SCIM 2.0 summary: Delete Group resource description: SCIM 2.0 endpoint to delete Group parameters: - name: groupId in: path description: Unique identifier for the Group required: true schema: type: string responses: "204": description: Group is deleted content: {} "401": description: Invalid Token content: {} "404": description: Group not found content: {} patch: tags: - SCIM 2.0 summary: Modify Group resource description: SCIM 2.0 endpoint to modify Group's attributes parameters: - name: groupId in: path description: Unique identifier for the Group required: true schema: type: string requestBody: description: The patch operations to apply. content: application/json: schema: $ref: '#/components/schemas/PatchOp' required: false responses: "200": description: A JSON object that represents the group updated content: application/json: schema: $ref: '#/components/schemas/Group' "401": description: Invalid Token content: {} "400": description: Bad request content: {} "404": description: User not found content: {} x-codegen-request-body-name: patchOp components: schemas: SCIMProviderMetadataResponse: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string documentationUri: type: string description: OPTIONAL. An HTTP-addressable URL pointing to the service provider's human-consumable help documentation. patch: $ref: '#/components/schemas/ComplexType' bulk: $ref: '#/components/schemas/ComplexType' filter: $ref: '#/components/schemas/ComplexType' changePassword: $ref: '#/components/schemas/ComplexType' sort: $ref: '#/components/schemas/ComplexType' etag: $ref: '#/components/schemas/ComplexType' authenticationSchemes: type: array description: REQUIRED. A multi-valued complex type that specifies supported authentication scheme properties. items: $ref: '#/components/schemas/AuthenticationScheme' ComplexType: type: object properties: supported: type: boolean description: REQUIRED. A Boolean value specifying whether or not the operation is supported maxOperations: type: integer description: REQUIRED. An integer value specifying the maximum number of operations. maxPayloadSize: type: integer description: REQUIRED. An integer value specifying the maximum number of resources returned in a response. AuthenticationScheme: type: object properties: type: type: string description: REQUIRED. The authentication scheme. enum: - oauth - oauth2 - oauthbearertoken - httpbasic - httpdigest name: type: string description: "REQUIRED. The common authentication scheme name, e.g., HTTP\ \ Basic." description: type: string description: REQUIRED. A description of the authentication scheme. specUri: type: string description: OPTIONAL. An HTTP-addressable URL pointing to the authentication scheme's specification. documentationUri: type: string description: OPTIONAL. An HTTP-addressable URL pointing to the authentication scheme's usage documentation. BulkRequest: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string failOnErrors: type: integer description: | An integer specifying the number of errors that the service provider will accept before the operation is terminated and an error response is returned. OPTIONAL in a request. Not valid in a response Operations: type: array description: REQUIRED. Defines operations within a bulk job. Each operation corresponds to a single HTTP request against a resource endpoint. items: $ref: '#/components/schemas/BulkOperation' BulkResponse: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string Operations: type: array description: REQUIRED. Defines operations within a bulk job. Each operation corresponds to a single HTTP request against a resource endpoint. items: $ref: '#/components/schemas/BulkOperation' Users: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string totalResults: type: integer description: REQUIRED. The total number of results returned by the list or query operation. Resources: type: array description: REQUIRED. A multi-valued list of complex objects containing the requested resources. items: $ref: '#/components/schemas/User' User: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string id: type: string description: REQUIRED. A unique identifier for a SCIM resource as defined by the service provider. externalId: type: string description: OPTIONAL. A String that is an identifier for the resource as defined by the provisioning client. meta: $ref: '#/components/schemas/Meta' userName: type: string description: "REQUIRED. A service provider's unique identifier for the user,\ \ typically used by the user to directly authenticate to the service provider." name: $ref: '#/components/schemas/Name' displayName: type: string description: "The name of the user, suitable for display to end-users." nickName: type: string description: "The casual way to address the user in real life, e.g., \"\ Bob\" or \"Bobby\" instead of \"Robert\"." profileUrl: type: string description: "A URI that is a uniform resource locator and that points to\ \ a location representing the user's online profile (e.g., a web page)." title: type: string description: "The user's title, such as \"Vice President\"." userType: type: string description: Used to identify the relationship between the organization and the user. preferredLanguage: type: string description: Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. locale: type: string description: "Used to indicate the User's default location for purposes\ \ of localizing such items as currency, date time format, or numerical\ \ representations." timezone: type: string description: "The User's time zone, in IANA Time Zone database format [RFC6557],\ \ also known as the \"Olson\" time zone database format [Olson-TZ] (e.g.,\ \ \"America/Los_Angeles\")." active: type: boolean description: A Boolean value indicating the user's administrative status. password: type: string description: "This attribute is intended to be used as a means to set, replace\ \ or compare (i.e., filter for equality) a password." emails: type: array description: Email addresses for the User. items: $ref: '#/components/schemas/Attribute' phoneNumbers: type: array description: Phone numbers for the user. items: $ref: '#/components/schemas/Attribute' ims: type: array description: Instant messaging address for the user. items: $ref: '#/components/schemas/Attribute' photos: type: array description: "A URI that is a uniform resource locator (as defined in Section\ \ 1.1.3 of [RFC3986]) that points to a resource location representing\ \ the user's image." items: $ref: '#/components/schemas/Attribute' addresses: type: array description: A physical mailing address for this user. items: $ref: '#/components/schemas/Address' groups: type: array description: "A list of groups to which the user belongs, either through\ \ direct membership, through nested groups, or dynamically calculated." items: $ref: '#/components/schemas/Member' entitlements: type: array description: A list of entitlements for the user that represent a thing the user has. items: type: string roles: type: array description: "A list of roles for the user that collectively represent who\ \ the user is, e.g., \"Student\", \"Faculty\"." items: type: string x509Certificates: type: array description: A list of certificates associated with the resource. items: $ref: '#/components/schemas/Certificate' Groups: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string totalResults: type: integer description: REQUIRED. The total number of results returned by the list or query operation. Resources: type: array description: REQUIRED. A multi-valued list of complex objects containing the requested resources. items: $ref: '#/components/schemas/Group' Group: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string id: type: string description: REQUIRED. A unique identifier for a SCIM resource as defined by the service provider. externalId: type: string description: OPTIONAL. A String that is an identifier for the resource as defined by the provisioning client. meta: $ref: '#/components/schemas/Meta' displayName: type: string description: REQUIRED. A human-readable name for the Group. members: type: array description: A list of members of the Group. items: $ref: '#/components/schemas/Member' Meta: type: object properties: resourceType: type: string description: The name of the resource type of the resource. created: type: string description: The "DateTime" that the resource was added to the service provider. lastModified: type: string description: The most recent DateTime that the details of this resource were updated at the service provider. location: type: string description: The URI of the resource being returned. version: type: string description: The version of the resource being returned. Name: type: object properties: formatted: type: string description: "The full name, including all middle names, titles, and suffixes\ \ as appropriate, formatted for display (e.g., \"Ms. Barbara Jane Jensen,\ \ III\")." familyName: type: string description: "The family name of the User, or last name in most Western\ \ languages (e.g., \"Jensen\" given the full name \"Ms. Barbara Jane Jensen,\ \ III\")." givenName: type: string description: "The given name of the User, or first name in most Western\ \ languages (e.g., \"Barbara\" given the full name\" Ms. Barbara Jane\ \ Jensen, III\")." middleName: type: string description: "The middle name(s) of the User (e.g., \"Jane\" given the full\ \ name \"Ms. Barbara Jane Jensen, III\")." honorificPrefix: type: string description: "The honorific prefix(es) of the User, or title in most Western\ \ languages (e.g., \"Ms.\" given the full name \"Ms. Barbara Jane Jensen,\ \ III\")." honorificSuffix: type: string description: "The honorific suffix(es) of the User, or suffix in most Western\ \ languages (e.g., \"III\" given the full name \"Ms. Barbara Jane Jensen,\ \ III\")." Attribute: type: object properties: value: type: string description: "The attribute's significant value, e.g., email address, phone\ \ number." type: type: string description: "A label indicating the attribute's function, e.g., \"work\"\ \ or \"home\"." primary: type: boolean description: "A Boolean value indicating the 'primary' or preferred attribute\ \ value for this attribute, e.g., the preferred mailing address or the\ \ primary email address." Address: type: object properties: formatted: type: string description: "The full mailing address, formatted for display or use with\ \ a mailing label." streetAddress: type: string description: "The full street address component, which may include house\ \ number, street name, P.O. box, and multi-line extended street address\ \ information." locality: type: string description: The city or locality component. region: type: string description: The state or region component. postalCode: type: string description: The zip code or postal code component. country: type: string description: The country name component. Member: type: object properties: value: type: string description: id attribute of a SCIM resource $ref: type: string description: The URI of a SCIM resource. display: type: string description: A human-readable name for the member Certificate: type: object properties: value: type: string description: DER-encoded X.509 certificate PatchOp: type: object properties: schemas: type: array description: REQUIRED. Array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas. items: type: string enum: - urn:ietf:params:scim:api:messages:2.0:PatchOp Operations: type: array description: REQUIRED. An array of one or more PATCH operations. items: $ref: '#/components/schemas/Operation' Operation: type: object properties: op: type: string description: Value indicates the operation to perform. enum: - add - replace - remove path: type: string description: String containing an attribute path describing the target of the operation. The "path" attribute is OPTIONAL for "add" and "replace" and is REQUIRED for "remove" operations. example: "addresses[type eq \"work\"]" value: type: object properties: {} description: Member whose content specifies the value to be added or replaced. Error: type: object properties: status: type: string description: The HTTP status code expressed as a JSON string. REQUIRED. scimType: type: string description: A SCIM detail error keyword. OPTIONAL detail: type: string description: A detailed human-readable message. OPTIONAL. BulkOperation: type: object properties: method: type: string description: "REQUIRED. The HTTP method of the current operation. Possible\ \ values are \"POST\", \"PUT\", \"PATCH\", or \"DELETE\"." enum: - POST - PUT - PATCH - DELETE bulkId: type: string description: | The transient identifier of a newly created resource, unique within a bulk request and created by the client. The bulkId serves as a surrogate resource id enabling clients to uniquely identify newly created resources in the response and cross-reference new resources in and across operations within a bulk request. REQUIRED when "method" is "POST" version: type: string description: The current resource version. (Not supported by AM) path: type: string description: | The resource's relative path to the SCIM service provider's root. If "method" is "POST", the value must specify a resource type endpoint, e.g., /Users or /Groups, whereas all other "method" values must specify the path to a specific resource, e.g., /Users/2819c223-7f76-453a-919d-413861904646. REQUIRED in a request. data: type: object description: | The resource data as it would appear for a single SCIM POST, PUT, or PATCH operation. REQUIRED in a request when "method" is "POST", "PUT", or "PATCH". allOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/PatchOp' location: type: string description: "The resource endpoint URL. REQUIRED in a response, except\ \ in the event of a POST failure." response: type: object description: | The HTTP response body for the specified request operation. When indicating a response with an HTTP status other than a 200-series response, the response body MUST be included allOf: - $ref: '#/components/schemas/Error' status: type: string description: | The HTTP response status code for the requested operation. When indicating an error, the "response" attribute MUST contain the detail error response securitySchemes: bearerAuth: type: oauth2 flows: clientCredentials: tokenUrl: "https://auth.gravitee.io/{domain}/oauth/token" scopes: scim: Grants SCIM access