google · gmlewis · Jul 24, 2023 · Jul 20, 2023 · Jul 21, 2023 · Jul 21, 2023
diff --git a/github/github-accessors.go b/github/github-accessors.go
diff --git a/github/github-accessors_test.go b/github/github-accessors_test.go
diff --git a/github/orgs_credential_authorizations.go b/github/orgs_credential_authorizations.go
@@ -0,0 +1,90 @@
+package github
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+// CredentialAuthorization represents a credential authorized through SAML SSO
+type CredentialAuthorization struct {
+	// User login that owns the underlying credential.
+	Login *string `json:"login"`
+
+	// Unique identifier for the credential.
+	CredentialID *int64 `json:"credential_id"`
+
+	// Human-readable description of the credential type.
+	CredentialType *string `json:"credential_type"`
+
+	// Last eight characters of the credential.
+	// Only included in responses with credential_type of personal access token.
+	TokenLastEight *string `json:"token_last_eight"`
+
+	// Date when the credential was authorized for use.
+	CredentialAuthorizedAt *Timestamp `json:"credential_authorized_at"`
+
+	// Date when the credential was last accessed.
+	// May be null if it was never accessed.
+	CredentialAccessedAt *Timestamp `json:"credential_accessed_at"`
+
+	// List of oauth scopes the token has been granted.
+	Scopes []string `json:"scopes"`
+
+	// Unique string to distinguish the credential.
+	// Only included in responses with credential_type of SSH Key.
+	Fingerprint *string `json:"fingerprint"`
+
+	AuthorizedCredentialID *int64 `json:"authorized_credential_id"`
+
+	// The title given to the ssh key.
+	// This will only be present when the credential is an ssh key.
+	AuthorizedCredentialTitle *string `json:"authorized_credential_title"`
+
+	// The note given to the token.
+	// This will only be present when the credential is a token.
+	AuthorizedCredentialNote *string `json:"authorized_credential_note"`
+
+	// The expiry for the token.
+	// This will only be present when the credential is a token.
+	AuthorizedCredentialExpiresAt *Timestamp `json:"authorized_credential_expires_at"`
+}
+
+// ListCredentialAuthorizations lists credentials authorized through SAML SSO
+// for a given organization. Only available with GitHub Enterprise Cloud.
+//
+// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#list-saml-sso-authorizations-for-an-organization
+func (s *OrganizationsService) ListCredentialAuthorizations(ctx context.Context, org string, opts *ListOptions) ([]*CredentialAuthorization, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/credential-authorizations", org)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var creds []*CredentialAuthorization
+	resp, err := s.client.Do(ctx, req, &creds)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return creds, resp, nil
+}
+
+// RemoveCredentialAuthorization revokes the SAML SSO authorization for a given
+// credential within an organization. Only available with GitHub Enterprise Cloud.
+//
+// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#remove-a-saml-sso-authorization-for-an-organization
+func (s *OrganizationsService) RemoveCredentialAuthorization(ctx context.Context, org string, credentialID int64) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/credential-authorizations/%v", org, credentialID)
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/github/orgs_credential_authorizations_test.go b/github/orgs_credential_authorizations_test.go
@@ -0,0 +1,92 @@
+package github
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/google/go-cmp/cmp"
+)
+
+func TestOrganizationsService_ListCredentialAuthorizations(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/orgs/o/credential-authorizations", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodGet)
+		fmt.Fprint(w, `[
+			{
+				"login": "l",
+				"credential_id": 1,
+				"credential_type": "t",
+				"credential_authorized_at": "2017-01-21T00:00:00Z",
+				"credential_accessed_at": "2017-01-21T00:00:00Z",
+				"authorized_credential_id": 1
+			}
+		]`)
+	})
+
+	ctx := context.Background()
+	creds, _, err := client.Organizations.ListCredentialAuthorizations(ctx, "o", nil)
+	if err != nil {
+		t.Errorf("Organizations.ListCredentialAuthorizations returned error: %v", err)
+	}
+
+	ts := time.Date(2017, time.January, 21, 0, 0, 0, 0, time.UTC)
+	want := []*CredentialAuthorization{
+		{
+			Login:                  String("l"),
+			CredentialID:           Int64(1),
+			CredentialType:         String("t"),
+			CredentialAuthorizedAt: &Timestamp{ts},
+			CredentialAccessedAt:   &Timestamp{ts},
+			AuthorizedCredentialID: Int64(1),
+		},
+	}
+	if !cmp.Equal(creds, want) {
+		t.Errorf("Organizations.ListCredentialAuthorizations returned %+v, want %+v", creds, want)
+	}
+
+	const methodName = "ListCredentialAuthorizations"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Organizations.ListCredentialAuthorizations(ctx, "\n", nil)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		_, resp, err := client.Organizations.ListCredentialAuthorizations(ctx, "o", nil)
+		return resp, err
+	})
+}
+
+func TestOrganizationsService_RemoveCredentialAuthorization(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/orgs/o/credential-authorizations/1", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodDelete)
+		w.WriteHeader(http.StatusNoContent)
+	})
+
+	ctx := context.Background()
+	resp, err := client.Organizations.RemoveCredentialAuthorization(ctx, "o", 1)
+	if err != nil {
+		t.Errorf("Organizations.RemoveCredentialAuthorization returned error: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusNoContent {
+		t.Errorf("Organizations.RemoveCredentialAuthorization returned %v, want %v", resp.StatusCode, http.StatusNoContent)
+	}
+
+	const methodName = "RemoveCredentialAuthorization"
+	testBadOptions(t, methodName, func() (err error) {
+		_, err = client.Organizations.RemoveCredentialAuthorization(ctx, "\n", 0)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		return client.Organizations.RemoveCredentialAuthorization(ctx, "o", 1)
+	})
+}