client library sync

Author: robotdan

src/main/java/io/fusionauth/client/FusionAuthClient.java

@@ -38,6 +38,8 @@
 import io.fusionauth.domain.OpenIdConfiguration;
 import io.fusionauth.domain.api.APIKeyRequest;
 import io.fusionauth.domain.api.APIKeyResponse;
+import io.fusionauth.domain.api.ApplicationOAuthScopeRequest;
+import io.fusionauth.domain.api.ApplicationOAuthScopeResponse;
 import io.fusionauth.domain.api.ApplicationRequest;
 import io.fusionauth.domain.api.ApplicationResponse;
 import io.fusionauth.domain.api.ApplicationSearchRequest;
@@ -904,6 +906,26 @@ public ClientResponse<MessengerResponse, Errors> createMessenger(UUID messengerI
         .go();
   }
 
+  /**
+   * Creates a new custom OAuth scope for an application. You must specify the Id of the application you are creating the scope for.
+   * You can optionally specify an Id for the OAuth scope on the URL, if not provided one will be generated.
+   *
+   * @param applicationId The Id of the application to create the OAuth scope on.
+   * @param scopeId (Optional) The Id of the OAuth scope. If not provided a secure random UUID will be generated.
+   * @param request The request object that contains all the information used to create the OAuth OAuth scope.
+   * @return The ClientResponse object.
+   */
+  public ClientResponse<ApplicationOAuthScopeResponse, Errors> createOAuthScope(UUID applicationId, UUID scopeId, ApplicationOAuthScopeRequest request) {
+    return start(ApplicationOAuthScopeResponse.class, Errors.class)
+        .uri("/api/application")
+        .urlSegment(applicationId)
+        .urlSegment("scope")
+        .urlSegment(scopeId)
+        .bodyHandler(new JSONBodyHandler(request, objectMapper()))
+        .post()
+        .go();
+  }
+
   /**
    * Creates a tenant. You can optionally specify an Id for the tenant, if not provided one will be generated.
    *
@@ -1156,7 +1178,7 @@ public ClientResponse<Void, Errors> deleteApplication(UUID applicationId) {
    * Hard deletes an application role. This is a dangerous operation and should not be used in most circumstances. This
    * permanently removes the given role from all users that had it.
    *
-   * @param applicationId The Id of the application to deactivate.
+   * @param applicationId The Id of the application that the role belongs to.
    * @param roleId The Id of the role to delete.
    * @return The ClientResponse object.
    */
@@ -1417,6 +1439,24 @@ public ClientResponse<Void, Errors> deleteMessenger(UUID messengerId) {
         .go();
   }
 
+  /**
+   * Hard deletes a custom OAuth scope.
+   * OAuth workflows that are still requesting the deleted OAuth scope may fail depending on the application's unknown scope policy.
+   *
+   * @param applicationId The Id of the application that the OAuth scope belongs to.
+   * @param scopeId The Id of the OAuth scope to delete.
+   * @return The ClientResponse object.
+   */
+  public ClientResponse<Void, Errors> deleteOAuthScope(UUID applicationId, UUID scopeId) {
+    return start(Void.TYPE, Errors.class)
+        .uri("/api/application")
+        .urlSegment(applicationId)
+        .urlSegment("scope")
+        .urlSegment(scopeId)
+        .delete()
+        .go();
+  }
+
   /**
    * Deletes the user registration for the given user and application.
    *
@@ -2431,6 +2471,25 @@ public ClientResponse<MessengerResponse, Errors> patchMessenger(UUID messengerId
         .go();
   }
 
+  /**
+   * Updates, via PATCH, the custom OAuth scope with the given Id for the application.
+   *
+   * @param applicationId The Id of the application that the OAuth scope belongs to.
+   * @param scopeId The Id of the OAuth scope to update.
+   * @param request The request that contains just the new OAuth scope information.
+   * @return The ClientResponse object.
+   */
+  public ClientResponse<ApplicationOAuthScopeResponse, Errors> patchOAuthScope(UUID applicationId, UUID scopeId, Map<String, Object> request) {
+    return start(ApplicationOAuthScopeResponse.class, Errors.class)
+        .uri("/api/application")
+        .urlSegment(applicationId)
+        .urlSegment("scope")
+        .urlSegment(scopeId)
+        .bodyHandler(new JSONBodyHandler(request, objectMapper()))
+        .patch()
+        .go();
+  }
+
   /**
    * Updates, via PATCH, the registration for the user with the given Id and the application defined in the request.
    *
@@ -3497,6 +3556,23 @@ public ClientResponse<MonthlyActiveUserReportResponse, Errors> retrieveMonthlyAc
         .go();
   }
 
+  /**
+   * Retrieves a custom OAuth scope.
+   *
+   * @param applicationId The Id of the application that the OAuth scope belongs to.
+   * @param scopeId The Id of the OAuth scope to retrieve.
+   * @return The ClientResponse object.
+   */
+  public ClientResponse<ApplicationOAuthScopeResponse, Errors> retrieveOAuthScope(UUID applicationId, UUID scopeId) {
+    return start(ApplicationOAuthScopeResponse.class, Errors.class)
+        .uri("/api/application")
+        .urlSegment(applicationId)
+        .urlSegment("scope")
+        .urlSegment(scopeId)
+        .get()
+        .go();
+  }
+
   /**
    * Retrieves the Oauth2 configuration for the application for the given Application Id.
    *
@@ -5229,6 +5305,25 @@ public ClientResponse<MessengerResponse, Errors> updateMessenger(UUID messengerI
         .go();
   }
 
+  /**
+   * Updates the OAuth scope with the given Id for the application.
+   *
+   * @param applicationId The Id of the application that the OAuth scope belongs to.
+   * @param scopeId The Id of the OAuth scope to update.
+   * @param request The request that contains all the new OAuth scope information.
+   * @return The ClientResponse object.
+   */
+  public ClientResponse<ApplicationOAuthScopeResponse, Errors> updateOAuthScope(UUID applicationId, UUID scopeId, ApplicationOAuthScopeRequest request) {
+    return start(ApplicationOAuthScopeResponse.class, Errors.class)
+        .uri("/api/application")
+        .urlSegment(applicationId)
+        .urlSegment("scope")
+        .urlSegment(scopeId)
+        .bodyHandler(new JSONBodyHandler(request, objectMapper()))
+        .put()
+        .go();
+  }
+
   /**
    * Updates the registration for the user with the given Id and the application defined in the request.
    *

src/main/java/io/fusionauth/domain/Application.java

@@ -1,5 +1,17 @@
 /*
- * Copyright (c) 2019-2023, FusionAuth, All Rights Reserved
+ * Copyright (c) 2019-2024, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 package io.fusionauth.domain;
 
@@ -82,6 +94,10 @@ public class Application implements Buildable<Application>, Tenantable {
 
   public SAMLv2Configuration samlv2Configuration = new SAMLv2Configuration();
 
+  // Do not include the application Id for individual scopes when returning as part of the full application
+  @JsonIgnoreProperties("applicationId")
+  public List<ApplicationOAuthScope> scopes = new ArrayList<>();
+
   public ObjectState state;
 
   public UUID tenantId;
@@ -127,6 +143,7 @@ public Application(Application other) {
     this.registrationDeletePolicy = new ApplicationRegistrationDeletePolicy(other.registrationDeletePolicy);
     this.roles.addAll(other.roles.stream().map(ApplicationRole::new).collect(Collectors.toList()));
     this.samlv2Configuration = new SAMLv2Configuration(other.samlv2Configuration);
+    this.scopes.addAll(other.scopes.stream().map(ApplicationOAuthScope::new).collect(Collectors.toList()));
     this.state = other.state;
     this.tenantId = other.tenantId;
     this.themeId = other.themeId;
@@ -192,6 +209,7 @@ public boolean equals(Object o) {
            Objects.equals(registrationDeletePolicy, that.registrationDeletePolicy) &&
            Objects.equals(roles, that.roles) &&
            Objects.equals(samlv2Configuration, that.samlv2Configuration) &&
+           Objects.equals(scopes, that.scopes) &&
            state == that.state &&
            Objects.equals(tenantId, that.tenantId) &&
            Objects.equals(themeId, that.themeId) &&
@@ -210,6 +228,12 @@ public void setActive(boolean active) {
     state = active ? ObjectState.Active : ObjectState.Inactive;
   }
 
+  public ApplicationOAuthScope getOAuthScope(String name) {
+    return scopes.stream()
+                 .filter(s -> s.name.equals(name))
+                 .findFirst().orElse(null);
+  }
+
   public ApplicationRole getRole(String name) {
     for (ApplicationRole role : roles) {
       if (role.name.equals(name)) {
@@ -232,7 +256,7 @@ public boolean hasDefaultRole() {
   @Override
   public int hashCode() {
     // active is omitted
-    return Objects.hash(accessControlConfiguration, authenticationTokenConfiguration, cleanSpeakConfiguration, data, emailConfiguration, externalIdentifierConfiguration, formConfiguration, id, insertInstant, jwtConfiguration, lambdaConfiguration, lastUpdateInstant, loginConfiguration, multiFactorConfiguration, name, oauthConfiguration, passwordlessConfiguration, registrationConfiguration, registrationDeletePolicy, roles, samlv2Configuration, state, tenantId, themeId, unverified, verificationEmailTemplateId, verificationStrategy, verifyRegistration, webAuthnConfiguration);
+    return Objects.hash(accessControlConfiguration, authenticationTokenConfiguration, cleanSpeakConfiguration, data, emailConfiguration, externalIdentifierConfiguration, formConfiguration, id, insertInstant, jwtConfiguration, lambdaConfiguration, lastUpdateInstant, loginConfiguration, multiFactorConfiguration, name, oauthConfiguration, passwordlessConfiguration, registrationConfiguration, registrationDeletePolicy, roles, samlv2Configuration, scopes, state, tenantId, themeId, unverified, verificationEmailTemplateId, verificationStrategy, verifyRegistration, webAuthnConfiguration);
   }
 
   public void normalize() {
@@ -251,6 +275,8 @@ public void normalize() {
 
     roles.forEach(ApplicationRole::normalize);
 
+    scopes.forEach(ApplicationOAuthScope::normalize);
+
     if (multiFactorConfiguration.loginPolicy == null) {
       multiFactorConfiguration.trustPolicy = null;
     }
@@ -264,6 +290,11 @@ public Application secure() {
     return this;
   }
 
+  public Application sortOAuthScopes() {
+    scopes.sort(ApplicationOAuthScope::compareTo);
+    return this;
+  }
+
   public Application sortRoles() {
     roles.sort(ApplicationRole::compareTo);
     return this;
@@ -419,6 +450,8 @@ public static class LambdaConfiguration {
 
     public UUID selfServiceRegistrationValidationId;
 
+    public UUID userinfoPopulateId;
+
     @JacksonConstructor
     public LambdaConfiguration() {
     }
@@ -428,6 +461,7 @@ public LambdaConfiguration(LambdaConfiguration other) {
       this.idTokenPopulateId = other.idTokenPopulateId;
       this.samlv2PopulateId = other.samlv2PopulateId;
       this.selfServiceRegistrationValidationId = other.selfServiceRegistrationValidationId;
+      this.userinfoPopulateId = other.userinfoPopulateId;
     }
 
     @Override
@@ -442,12 +476,13 @@ public boolean equals(Object o) {
       return Objects.equals(accessTokenPopulateId, that.accessTokenPopulateId) &&
              Objects.equals(idTokenPopulateId, that.idTokenPopulateId) &&
              Objects.equals(samlv2PopulateId, that.samlv2PopulateId) &&
-             Objects.equals(selfServiceRegistrationValidationId, that.selfServiceRegistrationValidationId);
+             Objects.equals(selfServiceRegistrationValidationId, that.selfServiceRegistrationValidationId) &&
+             Objects.equals(userinfoPopulateId, that.userinfoPopulateId);
     }
 
     @Override
     public int hashCode() {
-      return Objects.hash(accessTokenPopulateId, idTokenPopulateId, samlv2PopulateId, selfServiceRegistrationValidationId);
+      return Objects.hash(accessTokenPopulateId, idTokenPopulateId, samlv2PopulateId, selfServiceRegistrationValidationId, userinfoPopulateId);
     }
 
     @Override