Automated commit by github action: 3566229104

idn/beta/paths/oauth-client.yaml

@@ -10,7 +10,8 @@ get:
 
     Request will require the following security scope:
 
-    - 'idn:oathkeeper-client:read'
+    - sp:oauth-client:manage
+    - sp:oauth-client:read
   parameters:
     - in: path
       name: id
@@ -50,8 +51,7 @@ delete:
 
     Request will require the following security scopes:
 
-    - 'idn:oathkeeper-client:delete'
-    - 'idn:oathkeeper-internal-client:delete'
+    - sp:oauth-client:manage
   parameters:
     - in: path
       name: id
@@ -87,7 +87,7 @@ patch:
 
     Request will require a security scope of 
 
-    'idn:oathkeeper-client:update'
+    - sp:oauth-client:manage
   parameters:
     - in: path
       name: id

idn/beta/paths/oauth-clients.yaml

@@ -10,7 +10,7 @@ get:
 
     Request will require the following security scope:
 
-    - 'idn:oathkeeper-client-list:read'
+    - sp:oauth-client:manage
   responses:
     '200':
       description: List of OAuth clients.
@@ -42,8 +42,7 @@ post:
 
     Request will require the following security scope:
 
-    - 'idn:oathkeeper-client:create'
-    - 'idn:oathkeeper-internal-client:create'
+    - sp:oauth-client:manage
   requestBody:
     required: true
     content:

idn/beta/paths/personal-access-token.yaml

@@ -5,12 +5,11 @@ delete:
   summary: Delete Personal Access Token
   description: >-
     This deletes a personal access token 
-    
-    Any of the following rights are required to access this resource:
-    
-      - idn:my-personal-access-tokens:delete
-      - idn:all-personal-access-tokens:delete
-      - idn:managed-personal-access-tokens:delete
+
+    Request will require one of the following security scopes:
+
+      - sp:my-personal-access-tokens:manage
+      - sp:all-personal-access-tokens:manage
     
   parameters:
     - in: path

idn/beta/paths/personal-access-tokens.yaml

@@ -7,12 +7,13 @@ get:
     This gets a collection of personal access tokens associated with the optional `owner-id`. 
     query parameter. If the `owner-id` query parameter is omitted, all personal access tokens 
     for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. 
-    
-    Any of the following rights are required to access this resource:
-    
-      - idn:my-personal-access-tokens:read
-      - idn:all-personal-access-tokens:read
-      - idn:managed-personal-access-tokens:read
+
+    Request will require one of the following security scopes:
+
+      - sp:my-personal-access-tokens:read
+      - sp:my-personal-access-tokens:manage
+      - sp:all-personal-access-tokens:read
+      - sp:all-personal-access-tokens:manage
     
   parameters:
     - in: query
@@ -57,12 +58,11 @@ post:
   summary: Create Personal Access Token
   description: >-
     This creates a personal access token. 
-    
-    Any of the following rights are required to access this resource:
-    
-      - idn:my-personal-access-tokens:create
-      - idn:all-personal-access-tokens:create
-      - idn:managed-personal-access-tokens:create
+
+    Request will require one of the following security scopes:
+
+      - sp:my-personal-access-tokens:manage
+      - sp:all-personal-access-tokens:manage
     
   requestBody:
     description: Name and scope of personal access token.

idn/beta/paths/sp-config-export-download.yaml

@@ -8,9 +8,10 @@ get:
   description: >-
     This gets export file resulting from the export job with the requested id and downloads it to a file.
 
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
 
-    'sp:config:export'
+    - sp:config:read
+    - sp:config:manage
   parameters:
     - in: path
       name: id

idn/beta/paths/sp-config-export-status.yaml

@@ -8,9 +8,10 @@ get:
   description: >-
     This gets the status of the export job identified by the id parameter.
 
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
 
-    'sp:config:export'
+    - sp:config:read
+    - sp:config:manage
   parameters:
     - in: path
       name: id

idn/beta/paths/sp-config-export.yaml

@@ -8,9 +8,10 @@ post:
   description: >-
     This post will export objects from the tenant to a JSON configuration file.
 
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
 
-    'sp:config:export'
+    - sp:config:read
+    - sp:config:manage
   requestBody:
     description: Export options control what will be included in the export.
     required: true

idn/beta/paths/sp-config-import-download.yaml

@@ -12,7 +12,7 @@ get:
 
     Request will need the following security scope:
 
-    'sp:config:import'
+    - sp:config:manage
   parameters:
     - in: path
       name: id

idn/beta/paths/sp-config-import-status.yaml

@@ -10,7 +10,7 @@ get:
 
     Request will need the following security scope:
 
-    'sp:config:import'
+    - sp:config:manage
   parameters:
     - in: path
       name: id

idn/beta/paths/sp-config-import.yaml

@@ -10,7 +10,7 @@ post:
 
     Request will need the following security scope:
 
-    'sp:config:import'
+    - sp:config:manage
   parameters:
     - in: query
       name: preview

idn/beta/paths/sp-config-objects.yaml

@@ -9,9 +9,10 @@ get:
     This gets the list of object configurations which are known to the tenant export/import service.
     Object configurations that contain "importUrl" and "exportUrl" are available for export/import.
 
-    Request will need the following security scope:
+    Request will need one of the following security scopes:
 
-    'sp:config:export'
+    - sp:config:read
+    - sp:config:manage
   responses:
     '200':
       description: >-

idn/beta/schemas/SpConfigObject.yaml

@@ -49,6 +49,7 @@ properties:
     example: 10
   referenceExtractors:
     type: array
+    nullable: true
     description: >-
       List of json paths within an exported object of this type that represent references that need to be resolved.
     items:

idn/v3/paths/oauth-client.yaml

@@ -10,7 +10,8 @@ get:
 
     Request will require the following security scope:
 
-    - 'idn:oathkeeper-client:read'
+    - sp:oauth-client:manage
+    - sp:oauth-client:read
   parameters:
     - in: path
       name: id
@@ -50,8 +51,7 @@ delete:
 
     Request will require the following security scopes:
 
-    - 'idn:oathkeeper-client:delete'
-    - 'idn:oathkeeper-internal-client:delete'
+    - sp:oauth-client:manage
   parameters:
     - in: path
       name: id
@@ -87,7 +87,7 @@ patch:
 
     Request will require a security scope of
 
-    'idn:oathkeeper-client:update'
+    - sp:oauth-client:manage
   parameters:
     - in: path
       name: id

idn/v3/paths/oauth-clients.yaml

@@ -10,7 +10,7 @@ get:
 
     Request will require the following security scope:
 
-    - 'idn:oathkeeper-client-list:read'
+    - sp:oauth-client:manage
   responses:
     '200':
       description: List of OAuth clients.
@@ -42,8 +42,8 @@ post:
 
     Request will require the following security scope:
 
-    - 'idn:oathkeeper-client:create'
-    - 'idn:oathkeeper-internal-client:create'
+    - sp:oauth-client:manage
+
   requestBody:
     required: true
     content:

idn/v3/paths/personal-access-token.yaml

@@ -5,12 +5,11 @@ delete:
   summary: Delete Personal Access Token
   description: >-
     This deletes a personal access token 
-    
-    Any of the following rights are required to access this resource:
-    
-      - idn:my-personal-access-tokens:delete
-      - idn:all-personal-access-tokens:delete
-      - idn:managed-personal-access-tokens:delete
+
+    Request will require one of the following security scopes:
+
+      - sp:my-personal-access-tokens:manage
+      - sp:all-personal-access-tokens:manage
     
   parameters:
     - in: path

idn/v3/paths/personal-access-tokens.yaml

@@ -7,12 +7,13 @@ get:
     This gets a collection of personal access tokens associated with the optional `owner-id`. 
     query parameter. If the `owner-id` query parameter is omitted, all personal access tokens 
     for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. 
+
+    Request will require one of the following security scopes:
     
-    Any of the following rights are required to access this resource:
-    
-      - idn:my-personal-access-tokens:read
-      - idn:all-personal-access-tokens:read
-      - idn:managed-personal-access-tokens:read
+      - sp:my-personal-access-tokens:read
+      - sp:my-personal-access-tokens:manage
+      - sp:all-personal-access-tokens:read
+      - sp:all-personal-access-tokens:manage
     
   parameters:
     - in: query
@@ -57,12 +58,11 @@ post:
   summary: Create Personal Access Token
   description: >-
     This creates a personal access token. 
-    
-    Any of the following rights are required to access this resource:
-    
-      - idn:my-personal-access-tokens:create
-      - idn:all-personal-access-tokens:create
-      - idn:managed-personal-access-tokens:create
+
+    Request will require one of the following security scopes:
+
+      - sp:my-personal-access-tokens:manage
+      - sp:all-personal-access-tokens:manage
     
   requestBody:
     description: Name and scope of personal access token.