new SSO logic and SSO apps (#98)

* new SSO logic and SSO apps

* fix typo

examples/management-cli/pom.xml

@@ -19,7 +19,7 @@
         <dependency>
             <groupId>com.descope</groupId>
             <artifactId>java-sdk</artifactId>
-            <version>1.0.13</version>
+            <version>1.0.14</version>
         </dependency>
         <dependency>
             <groupId>info.picocli</groupId>

pom.xml

@@ -4,7 +4,7 @@
     <groupId>com.descope</groupId>
     <artifactId>java-sdk</artifactId>
     <modelVersion>4.0.0</modelVersion>
-    <version>1.0.13</version>
+    <version>1.0.14</version>
     <name>${project.groupId}:${project.artifactId}</name>
     <description>Java library used to integrate with Descope.</description>
     <url>https://github.com/descope/descope-java</url>

src/main/java/com/descope/exception/ServerCommonException.java

@@ -19,6 +19,11 @@ protected ServerCommonException(String message, String code) {
     setCode(code);
   }
 
+  protected ServerCommonException(String message, String code, Throwable cause) {
+    super(message, cause);
+    setCode(code);
+  }
+
   public static ServerCommonException invalidArgument(String property) {
     String message = String.format("The %s argument is invalid", property);
     return new ServerCommonException(message, INVALID_ARGUMENT);
@@ -41,4 +46,10 @@ public static ServerCommonException genericServerError(String message, String co
     e.serverResponse = serverResponse;
     return e;
   }
+
+  public static ServerCommonException parseResponseError(String message, String serverResponse, Throwable cause) {
+    ServerCommonException e = new ServerCommonException(message, null, cause);
+    e.serverResponse = serverResponse;
+    return e;
+  }
 }

src/main/java/com/descope/literals/Routes.java

@@ -54,6 +54,10 @@ public static class AuthEndPoints {
     public static final String COMPOSE_SAML_START_LINK = "/v1/auth/saml/authorize";
     public static final String EXCHANGE_SAML_LINK = "/v1/auth/saml/exchange";
 
+    // SSO
+    public static final String COMPOSE_SSO_START_LINK = "/v1/auth/sso/authorize";
+    public static final String EXCHANGE_SSO_LINK = "/v1/auth/sso/exchange";
+
     // Password
     public static final String SIGN_UP_PASSWORD_LINK = "/v1/auth/password/signup";
     public static final String SIGN_IN_PASSWORD_LINK = "/v1/auth/password/signin";
@@ -97,6 +101,9 @@ public static class ManagementEndPoints {
     public static final String USER_SET_ROLES_LINK = "/v1/mgmt/user/update/role/set";
     public static final String USER_ADD_ROLES_LINK = "/v1/mgmt/user/update/role/add";
     public static final String USER_REMOVE_ROLES_LINK = "/v1/mgmt/user/update/role/remove";
+    public static final String USER_SET_SSO_APPS_LINK = "/v1/mgmt/user/update/ssoapp/set";
+    public static final String USER_ADD_SSO_APPS_LINK = "/v1/mgmt/user/update/ssoapp/add";
+    public static final String USER_REMOVE_SSO_APPS_LINK = "/v1/mgmt/user/update/ssoapp/remove";
     public static final String USER_ADD_TENANT_LINK = "/v1/mgmt/user/update/tenant/add";
     public static final String USER_REMOVE_TENANT_LINK = "/v1/mgmt/user/update/tenant/remove";
     public static final String GET_PROVIDER_TOKEN = "/v1/mgmt/user/provider/token";
@@ -118,11 +125,24 @@ public static class ManagementEndPoints {
     public static final String GET_TENANT_SETTINGS_LINK = "/v1/mgmt/tenant/settings";
 
     // SSO
-    public static final String SSO_GET_SETTINGS_LINK = "/v2/mgmt/sso/settings";
+    public static final String SSO_GET_SETTINGS_LINK = "/v1/mgmt/sso/settings";
     public static final String SSO_DELETE_SETTINGS_LINK = "/v1/mgmt/sso/settings";
     public static final String SSO_CONFIGURE_SETTINGS_LINK = "/v1/mgmt/sso/settings";
     public static final String SSO_CONFIGURE_METADATA_LINK = "/v1/mgmt/sso/metadata";
     public static final String SSO_CONFIGURE_MAPPING_LINK = "/v1/mgmt/sso/mapping";
+    public static final String SSO_GET_SETTINGS_V2_LINK = "/v2/mgmt/sso/settings";
+    public static final String SSO_CONFIGURE_SAML_SETTINGS_LINK = "/v1/mgmt/sso/saml";
+    public static final String SSO_CONFIGURE_SAML_SETTINGS_BY_MD_LINK = "/v1/mgmt/sso/saml/metadata";
+    public static final String SSO_CONFIGURE_OIDC_SETTINGS_LINK = "/v1/mgmt/sso/oidc";
+
+    // SSO Application
+    public static final String SSO_APPLICATION_OIDC_CREATE_LINK = "/v1/mgmt/sso/idp/app/oidc/create";
+    public static final String SSO_APPLICATION_SAML_CREATE_LINK = "/v1/mgmt/sso/idp/app/saml/create";
+    public static final String SSO_APPLICATION_OIDC_UPDATE_LINK = "/v1/mgmt/sso/idp/app/oidc/update";
+    public static final String SSO_APPLICATION_SAML_UPDATE_LINK = "/v1/mgmt/sso/idp/app/saml/update";
+    public static final String SSO_APPLICATION_DELETE_LINK = "/v1/mgmt/sso/idp/app/delete";
+    public static final String SSO_APPLICATION_LOAD_LINK = "/v1/mgmt/sso/idp/app/load";
+    public static final String SSO_APPLICATION_LOAD_ALL_LINK = "/v1/mgmt/sso/idp/apps/load";
 
     // Group
     public static final String GROUP_LOAD_ALL_LINK = "/v1/mgmt/group/all";

src/main/java/com/descope/model/auth/AuthenticationServices.java

@@ -7,6 +7,7 @@
 import com.descope.sdk.auth.OTPService;
 import com.descope.sdk.auth.PasswordService;
 import com.descope.sdk.auth.SAMLService;
+import com.descope.sdk.auth.SSOServiceProvider;
 import com.descope.sdk.auth.TOTPService;
 import com.descope.sdk.auth.WebAuthnService;
 import lombok.Builder;
@@ -18,6 +19,7 @@ public class AuthenticationServices {
   AuthenticationService authService;
   OTPService otpService;
   SAMLService samlService;
+  SSOServiceProvider ssoServiceProvider;
   TOTPService totpService;
   OAuthService oauthService;
   PasswordService passwordService;

src/main/java/com/descope/model/magiclink/LoginOptions.java

@@ -14,4 +14,5 @@ public class LoginOptions {
   private boolean stepup;
   private boolean mfa;
   private Map<String, Object> customClaims;
+  private Map<String, String> templateOptions;
 }

src/main/java/com/descope/model/magiclink/SignUpOptions.java

@@ -0,0 +1,16 @@
+package com.descope.model.magiclink;
+
+import java.util.Map;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class SignUpOptions {
+  private Map<String, Object> customClaims;
+  private Map<String, String> templateOptions;
+}

src/main/java/com/descope/model/magiclink/request/SignUpRequest.java

@@ -1,5 +1,6 @@
 package com.descope.model.magiclink.request;
 
+import com.descope.model.magiclink.SignUpOptions;
 import com.descope.model.user.User;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.AllArgsConstructor;
@@ -18,4 +19,5 @@ public class SignUpRequest {
 
   @JsonProperty("URI")
   private String uri;
+  private SignUpOptions loginOptions;
 }

src/main/java/com/descope/model/mgmt/IDResponse.java

@@ -0,0 +1,14 @@
+package com.descope.model.mgmt;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class IDResponse {
+  private String id;  
+}

src/main/java/com/descope/model/mgmt/ManagementServices.java

@@ -10,6 +10,7 @@
 import com.descope.sdk.mgmt.PermissionService;
 import com.descope.sdk.mgmt.ProjectService;
 import com.descope.sdk.mgmt.RolesService;
+import com.descope.sdk.mgmt.SsoApplicationService;
 import com.descope.sdk.mgmt.SsoService;
 import com.descope.sdk.mgmt.TenantService;
 import com.descope.sdk.mgmt.UserService;
@@ -26,6 +27,7 @@ public class ManagementServices {
   PermissionService permissionService;
   RolesService rolesService;
   SsoService ssoService;
+  SsoApplicationService ssoApplicationService;
   FlowService flowService;
   GroupService groupService;
   AuditService auditService;

src/main/java/com/descope/model/otp/SignUpRequest.java

@@ -1,5 +1,6 @@
 package com.descope.model.otp;
 
+import com.descope.model.magiclink.SignUpOptions;
 import com.descope.model.user.User;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
@@ -16,4 +17,5 @@ public class SignUpRequest {
   private String email;
   private String loginId;
   private User user;
+  private SignUpOptions loginOptions;
 }

src/main/java/com/descope/model/sso/AttributeMapping.java

@@ -1,17 +1,26 @@
 package com.descope.model.sso;
 
+import java.util.Map;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+/**
+ * Represents a SAML mapping between Descope and IDP user attributes.
+ */
 @Data
 @Builder
 @NoArgsConstructor
 @AllArgsConstructor
 public class AttributeMapping {
   private String name;
+  private String givenName;
+  private String middleName;
+  private String familyName;
+  private String picture;
   private String email;
   private String phoneNumber;
   private String group;
+  private Map<String, String> customAttributes;
 }

src/main/java/com/descope/model/sso/OIDCAttributeMapping.java

@@ -0,0 +1,27 @@
+package com.descope.model.sso;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * Represents a OIDC mapping between Descope and IDP user attributes.
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class OIDCAttributeMapping {
+  private String loginId;
+  private String name;
+  private String givenName;
+  private String middleName;
+  private String familyName;
+  private String email;
+  private String verifiedEmail;
+  private String username;
+  private String phoneNumber;
+  private String verifiedPhone;
+  private String picture;
+}

src/main/java/com/descope/model/sso/RoleMapping.java

@@ -11,7 +11,6 @@
 @NoArgsConstructor
 @AllArgsConstructor
 public class RoleMapping {
-
   private List<String> groups;
-  private String role;
+  private String roleName;
 }

src/main/java/com/descope/model/sso/SSOOIDCSettings.java

@@ -0,0 +1,31 @@
+package com.descope.model.sso;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class SSOOIDCSettings {
+  private String name;
+  private String clientId;
+  private String clientSecret;
+  private String redirectUrl;
+  private String authUrl;
+  private String tokenUrl;
+  private String userDataUrl;
+  private List<String> scope;
+  @JsonProperty("JWKsUrl")
+  private String jwksUrl;
+  private OIDCAttributeMapping userAttrMapping;
+  private Boolean manageProviderTokens;
+  private String callbackDomain;
+  private List<String> prompt;
+  private String grantType;
+  private String issuer;
+}

src/main/java/com/descope/model/sso/SSOSAMLSettings.java

@@ -0,0 +1,19 @@
+package com.descope.model.sso;
+
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class SSOSAMLSettings {
+  private String idpUrl;
+  private String entityId;
+  private String idpCert;
+  private AttributeMapping attributeMapping;
+  private List<RoleMapping> roleMappings;
+}

src/main/java/com/descope/model/sso/SSOSAMLSettingsByMetadata.java

@@ -0,0 +1,17 @@
+package com.descope.model.sso;
+
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class SSOSAMLSettingsByMetadata {
+  private String idpMetadataUrl;
+  private AttributeMapping attributeMapping;
+  private List<RoleMapping> roleMappings;
+}

src/main/java/com/descope/model/sso/SSOSAMLSettingsResponse.java

@@ -0,0 +1,24 @@
+package com.descope.model.sso;
+
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class SSOSAMLSettingsResponse {
+  private String idpEntityId;
+  private String idpSSOUrl;
+  private String idpCertificate;
+  private String idpMetadataUrl;
+  private String spEntityId;
+  private String spACSUrl;
+  private String spCertificate;
+  private AttributeMapping attributeMapping;
+  private List<GroupsMapping> groupsMapping;
+  private String redirectUrl;
+}

src/main/java/com/descope/model/sso/SSOTenantSettingsResponse.java

@@ -0,0 +1,17 @@
+package com.descope.model.sso;
+
+import com.descope.model.tenant.Tenant;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class SSOTenantSettingsResponse {
+  private Tenant tenant;
+  private SSOSAMLSettingsResponse saml;
+  private SSOOIDCSettings oidc;
+}

src/main/java/com/descope/model/ssoapp/OIDCApplicationRequest.java

@@ -0,0 +1,37 @@
+package com.descope.model.ssoapp;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class OIDCApplicationRequest {
+  /**
+   * Optional ID that if given must be unique per project. Will be generated if not given.
+   */
+  private String id;
+  /**
+   * The sso application's name. Must be unique per project.
+   */
+  private String name;
+  /**
+   * Optional sso application description.
+   */
+  private String description;
+  /**
+   * Optional set the sso application as enabled or disabled.
+   */
+  private Boolean enabled;
+  /**
+   * Optional sso application logo.
+   */
+  private String logo;
+  /**
+   * The URL where login page is hosted.
+   */
+  private String loginPageUrl;
+}