Automated commit by github action: 3566229104

2025-12-10 04:19:19 +00:00 · 2022-11-28 15:29:37 +00:00
parent 29dafc51f1
commit aba78508c8
16 changed files with 62 additions and 60 deletions
--- a/idn/beta/paths/oauth-client.yaml
+++ b/idn/beta/paths/oauth-client.yaml
@@ -10,7 +10,8 @@ get:
    Request will require the following security scope:
-    - 'idn:oathkeeper-client:read'
+    - sp:oauth-client:manage
    - sp:oauth-client:read
  parameters:
    - in: path
      name: id
@@ -50,8 +51,7 @@ delete:
    Request will require the following security scopes:
-    - 'idn:oathkeeper-client:delete'
+    - sp:oauth-client:manage
    - 'idn:oathkeeper-internal-client:delete'
  parameters:
    - in: path
      name: id
@@ -87,7 +87,7 @@ patch:
    Request will require a security scope of 
-    'idn:oathkeeper-client:update'
+    - sp:oauth-client:manage
  parameters:
    - in: path
      name: id
--- a/idn/beta/paths/oauth-clients.yaml
+++ b/idn/beta/paths/oauth-clients.yaml
@@ -10,7 +10,7 @@ get:
    Request will require the following security scope:
-    - 'idn:oathkeeper-client-list:read'
+    - sp:oauth-client:manage
  responses:
    '200':
      description: List of OAuth clients.
@@ -42,8 +42,7 @@ post:
    Request will require the following security scope:
-    - 'idn:oathkeeper-client:create'
+    - sp:oauth-client:manage
    - 'idn:oathkeeper-internal-client:create'
  requestBody:
    required: true
    content:
--- a/idn/beta/paths/personal-access-token.yaml
+++ b/idn/beta/paths/personal-access-token.yaml
@@ -6,11 +6,10 @@ delete:
  description: >-
    This deletes a personal access token 
-    Any of the following rights are required to access this resource:
+    Request will require one of the following security scopes:
-      - idn:my-personal-access-tokens:delete
+      - sp:my-personal-access-tokens:manage
-      - idn:all-personal-access-tokens:delete
+      - sp:all-personal-access-tokens:manage
      - idn:managed-personal-access-tokens:delete
  parameters:
    - in: path
--- a/idn/beta/paths/personal-access-tokens.yaml
+++ b/idn/beta/paths/personal-access-tokens.yaml
@@ -8,11 +8,12 @@ get:
    query parameter. If the `owner-id` query parameter is omitted, all personal access tokens 
    for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. 
-    Any of the following rights are required to access this resource:
+    Request will require one of the following security scopes:
-      - idn:my-personal-access-tokens:read
+      - sp:my-personal-access-tokens:read
-      - idn:all-personal-access-tokens:read
+      - sp:my-personal-access-tokens:manage
-      - idn:managed-personal-access-tokens:read
+      - sp:all-personal-access-tokens:read
      - sp:all-personal-access-tokens:manage
  parameters:
    - in: query
@@ -58,11 +59,10 @@ post:
  description: >-
    This creates a personal access token. 
-    Any of the following rights are required to access this resource:
+    Request will require one of the following security scopes:
-      - idn:my-personal-access-tokens:create
+      - sp:my-personal-access-tokens:manage
-      - idn:all-personal-access-tokens:create
+      - sp:all-personal-access-tokens:manage
      - idn:managed-personal-access-tokens:create
  requestBody:
    description: Name and scope of personal access token.
--- a/idn/beta/paths/sp-config-export-download.yaml
+++ b/idn/beta/paths/sp-config-export-download.yaml
@@ -8,9 +8,10 @@ get:
  description: >-
    This gets export file resulting from the export job with the requested id and downloads it to a file.
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
-    'sp:config:export'
+    - sp:config:read
    - sp:config:manage
  parameters:
    - in: path
      name: id
--- a/idn/beta/paths/sp-config-export-status.yaml
+++ b/idn/beta/paths/sp-config-export-status.yaml
@@ -8,9 +8,10 @@ get:
  description: >-
    This gets the status of the export job identified by the id parameter.
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
-    'sp:config:export'
+    - sp:config:read
    - sp:config:manage
  parameters:
    - in: path
      name: id
--- a/idn/beta/paths/sp-config-export.yaml
+++ b/idn/beta/paths/sp-config-export.yaml
@@ -8,9 +8,10 @@ post:
  description: >-
    This post will export objects from the tenant to a JSON configuration file.
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
-    'sp:config:export'
+    - sp:config:read
    - sp:config:manage
  requestBody:
    description: Export options control what will be included in the export.
    required: true
--- a/idn/beta/paths/sp-config-import-download.yaml
+++ b/idn/beta/paths/sp-config-import-download.yaml
@@ -12,7 +12,7 @@ get:
    Request will need the following security scope:
-    'sp:config:import'
+    - sp:config:manage
  parameters:
    - in: path
      name: id
--- a/idn/beta/paths/sp-config-import-status.yaml
+++ b/idn/beta/paths/sp-config-import-status.yaml
@@ -10,7 +10,7 @@ get:
    Request will need the following security scope:
-    'sp:config:import'
+    - sp:config:manage
  parameters:
    - in: path
      name: id
--- a/idn/beta/paths/sp-config-import.yaml
+++ b/idn/beta/paths/sp-config-import.yaml
@@ -10,7 +10,7 @@ post:
    Request will need the following security scope:
-    'sp:config:import'
+    - sp:config:manage
  parameters:
    - in: query
      name: preview
--- a/idn/beta/paths/sp-config-objects.yaml
+++ b/idn/beta/paths/sp-config-objects.yaml
@@ -9,9 +9,10 @@ get:
    This gets the list of object configurations which are known to the tenant export/import service.
    Object configurations that contain "importUrl" and "exportUrl" are available for export/import.
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
-    'sp:config:export'
+    - sp:config:read
    - sp:config:manage
  responses:
    '200':
      description: >-
--- a/idn/beta/schemas/SpConfigObject.yaml
+++ b/idn/beta/schemas/SpConfigObject.yaml
@@ -49,6 +49,7 @@ properties:
    example: 10
  referenceExtractors:
    type: array
    nullable: true
    description: >-
      List of json paths within an exported object of this type that represent references that need to be resolved.
    items:
--- a/idn/v3/paths/oauth-client.yaml
+++ b/idn/v3/paths/oauth-client.yaml
@@ -10,7 +10,8 @@ get:
    Request will require the following security scope:
-    - 'idn:oathkeeper-client:read'
+    - sp:oauth-client:manage
    - sp:oauth-client:read
  parameters:
    - in: path
      name: id
@@ -50,8 +51,7 @@ delete:
    Request will require the following security scopes:
-    - 'idn:oathkeeper-client:delete'
+    - sp:oauth-client:manage
    - 'idn:oathkeeper-internal-client:delete'
  parameters:
    - in: path
      name: id
@@ -87,7 +87,7 @@ patch:
    Request will require a security scope of
-    'idn:oathkeeper-client:update'
+    - sp:oauth-client:manage
  parameters:
    - in: path
      name: id
--- a/idn/v3/paths/oauth-clients.yaml
+++ b/idn/v3/paths/oauth-clients.yaml
@@ -10,7 +10,7 @@ get:
    Request will require the following security scope:
-    - 'idn:oathkeeper-client-list:read'
+    - sp:oauth-client:manage
  responses:
    '200':
      description: List of OAuth clients.
@@ -42,8 +42,8 @@ post:
    Request will require the following security scope:
-    - 'idn:oathkeeper-client:create'
+    - sp:oauth-client:manage
-    - 'idn:oathkeeper-internal-client:create'
+
  requestBody:
    required: true
    content:
--- a/idn/v3/paths/personal-access-token.yaml
+++ b/idn/v3/paths/personal-access-token.yaml
@@ -6,11 +6,10 @@ delete:
  description: >-
    This deletes a personal access token 
-    Any of the following rights are required to access this resource:
+    Request will require one of the following security scopes:
-      - idn:my-personal-access-tokens:delete
+      - sp:my-personal-access-tokens:manage
-      - idn:all-personal-access-tokens:delete
+      - sp:all-personal-access-tokens:manage
      - idn:managed-personal-access-tokens:delete
  parameters:
    - in: path
--- a/idn/v3/paths/personal-access-tokens.yaml
+++ b/idn/v3/paths/personal-access-tokens.yaml
@@ -8,11 +8,12 @@ get:
    query parameter. If the `owner-id` query parameter is omitted, all personal access tokens 
    for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. 
-    Any of the following rights are required to access this resource:
+    Request will require one of the following security scopes:
-      - idn:my-personal-access-tokens:read
+      - sp:my-personal-access-tokens:read
-      - idn:all-personal-access-tokens:read
+      - sp:my-personal-access-tokens:manage
-      - idn:managed-personal-access-tokens:read
+      - sp:all-personal-access-tokens:read
      - sp:all-personal-access-tokens:manage
  parameters:
    - in: query
@@ -58,11 +59,10 @@ post:
  description: >-
    This creates a personal access token. 
-    Any of the following rights are required to access this resource:
+    Request will require one of the following security scopes:
-      - idn:my-personal-access-tokens:create
+      - sp:my-personal-access-tokens:manage
-      - idn:all-personal-access-tokens:create
+      - sp:all-personal-access-tokens:manage
      - idn:managed-personal-access-tokens:create
  requestBody:
    description: Name and scope of personal access token.