> You know, Apple Computers started in a garage, and we are starting in a condo. So we already have a leg up on Apple. - Pam Beesly


Today started as peaceful morning in Scraton Pennsylvania. There has been a long time vacated position ever since Ryan was fired as VP.
Everyone from the office just learnt that Charles Miner, previously worked at Saticoy Steel, is joining Dunder Mifflin as new VP.

Let's add Charles to Dunder Mifflin's scim group.


In [None]:
# First we need to import the scim client and configuration
from sync_app.client import ClientConfiguration, SCIMClient

# scim client configuration require server URL and access token.
# The server URL is the base URL of the SCIM server.
server_url = "https://api.scim.dev/scim/v2/"
# The access token is the token that is used to authenticate the client to the SCIM server.
# You can get the access token from the website
# Visit https://scim.dev/apikey/ to get your token
auth_token = "Your_access_token"


# Now we have everything we need to create a scim client configuration
scim_dev_client_config = ClientConfiguration(
    server_url=server_url, auth_token=auth_token
)

# Now we can create a scim client using the configuration
scim_dev_client = SCIMClient(scim_dev_client_config)

Enough of buzy work, now let's create a new user object!

Here is what User object required!

```
    def __init__(
        self,
        meta: ResourceMeta,
        user_id: UUID,
        displayName: Optional[str],
        active: bool,
        userName: str,
        name: Optional[Name],
        emails: Optional[Iterable[Email]],
        groups: Optional[Iterable[ResourceRef]] = None,
    ):
```

We can go over them one by one.


The first thing we need is some meta data!
ResourceMeta does provide create_meta function to create THE meta

```
def create_meta(resource_type: ResourceType, location: str) -> "ResourceMeta":
```

It requires the resource type and the resource URL
There are five different type resource that exist

- User
- Group
- ServiceProviderConfig
- ResourceType
- Schema

Looks like the one we need right now is `User` because duh, we are creating a user object.

But what the hack is location?
Resource Location is the endpoint where a resource could be re-fetched from the same service prodiver.
Since we (Duo) is storing the user, the location would be `https://duo.com/Users/<uuid>`


In [None]:
from sync_app.scim.resource import ResourceMeta

# We would also need some uuid
from uuid import uuid5, NAMESPACE_X500

# uuid5 is used to generate a unique identifier from a name and a namespace
# We would use the NAMESPACE_X500 as the namespace
# So we could use DN as the name to generate the uuid

uuid = uuid5(NAMESPACE_X500, "uid=Charles.Miner,DC=dundermifflin,DC=com")

meta = ResourceMeta.create_meta(
    "User",
    "https://duo.local/Users/{}".format(
        str(uuid),
    ),
)

Looking back on User Object

```
    def __init__(
        self,
        meta: ResourceMeta,
        user_id: UUID,
        displayName: Optional[str],
        active: bool,
        userName: str,
        name: Optional[Name],
        emails: Optional[Iterable[Email]],
        groups: Optional[Iterable[ResourceRef]] = None,
    ):
```

We actually killed two bird with one stone since meta require uuid.
`DisplayName` is The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known. So it should be like `Charles Miner`
`active` is A Boolean value indicating the User's administrative status. So `True` should be it.
`userName` is Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED. So `cminer` should be fine.

`Name` is a werid one, because it contain some sub attribute.
`Name` Object looks like this, it's all optional but we fill familyName and givenName easily.

```
@dataclass
class Name:
    formatted: Optional[str] = None
    familyName: Optional[str] = None
    givenName: Optional[str] = None
```

`emails` is also a object that contain subattribute.

```
@dataclass
class Email:
    value: Optional[str] = None
    type: Optional[str] = None
    primary: Optional[bool] = None
    display: Optional[str] = None
```

`value` is email address
`type` is for work/home/other/etc
`primary` is if the email is the preferred one.
`display` is the the thing make least sense, so we will skip that for now.


In [1]:
# import required "libraries"
from sync_app.client import ClientConfiguration, SCIMClient
from sync_app.scim.patchop import PatchOp, Operation
from sync_app.scim.user import User, Name, Email
from sync_app.scim.group import Group
from sync_app.scim.resource import ResourceMeta
from uuid import uuid5, NAMESPACE_X500

First thing we want to do is to create a SCIM client.


In [2]:
# The server URL for scim.dev
server_url = "https://api.scim.dev/scim/v2/"
# Get your auth token from https://scim.dev/apikey/
auth_token = "B1H3dQcwtO0vZ2AdJ1wVo80uV7S7N6eFWZWQuEOIrhSMxD5L9911sd77fPks"

scim_dev_client_config = ClientConfiguration(
    server_url=server_url, auth_token=auth_token
)

scim_dev_client = SCIMClient(scim_dev_client_config)

There are a lot thing you can do once you have set up the client. We will exercise with a lot user and group operations
Here is a top level brakedown on what this guide will help you learn!

- Get user and modifity some value
- Get user with extra attribute
- Create new user
- Get users with filter
- Replace a user
- Create a group
- Assign user to group
- Remove user from group


Let's get some users first!
Get users might be the easiest and the most basic scim request you can make!


In [3]:
# For this client, get_users() returns `ListResponse` object which contain the full scim response information.
# You can use `to_dict()` method to convert it to a dictionary.
all_users = scim_dev_client.get_users()
all_users.to_dict()

{'schemas': ['urn:ietf:params:scim:api:messages:2.0:ListResponse'],
 'totalResults': 50,
 'Resources': [{'schemas': ['urn:ietf:params:scim:schemas:core:2.0:User'],
   'meta': {'resourceType': 'User',
    'create': '2024-02-22T15:30:13+00:00',
    'lastModified': '2024-02-22T15:30:13+00:00',
    'location': 'https://api.scim.dev/scim/v2/Users/9b65cfdc-c5af-4591-b230-379d49fcc15a'},
   'id': '9b65cfdc-c5af-4591-b230-379d49fcc15a',
   'active': False,
   'userName': 'jessicajones',
   'emails': [{'value': 'jessica.jones@example.com',
     'type': 'other',
     'primary': True,
     'display': None},
    {'value': 'jessica.jones@example.com',
     'type': 'work',
     'primary': True,
     'display': None}],
   'name': {'formatted': 'Jessica Jones',
    'familyName': 'Jones',
    'givenName': 'Jessica'}},
  {'schemas': ['urn:ietf:params:scim:schemas:core:2.0:User'],
   'meta': {'resourceType': 'User',
    'create': '2024-02-22T15:30:13+00:00',
    'lastModified': '2024-02-22T15:30:13+00:00

In [4]:
uuid5(NAMESPACE_X500, "uid=Michael.Scott,DC=dundermifflin,DC=com")

UUID('3200e9f1-ed88-5df4-8437-71c2bf01cd0c')

Let's add some new users to the scim.dev server!


In [5]:
def create_user(first_name, last_name):
    first_name = first_name.capitalize()
    last_name = last_name.capitalize()
    uuid = uuid5(
        NAMESPACE_X500,
        "uid={}.{},DC=dundermifflin,DC=com".format(first_name, last_name),
    )
    return User(
        meta=ResourceMeta.create_meta(
            "User",
            "https://duo.local/Users/{}".format(
                str(uuid),
            ),
        ),
        user_id=uuid,
        displayName="{} {}".format(first_name, last_name),
        active=True,
        userName="{}{}".format(first_name[0].lower(), last_name.lower()),
        name=Name(givenName=first_name, familyName=last_name),
        emails=[
            Email(
                value="{}.{}@dundermifflin.com".format(
                    first_name.lower(), last_name.lower()
                ),
                type="work",
                primary=True,
            )
        ],
    )

In [6]:
mscott = create_user("Michael", "Scott")
# mscott = User(
#     meta=ResourceMeta.create_meta(
#         "User",
#         "https://duo.local/Users/{}".format(
#             str(uuid5(NAMESPACE_X500, "uid=Michael.Scott,DC=dundermifflin,DC=com"))
#         ),
#     ),
#     user_id=uuid5(NAMESPACE_X500, "uid=Michael.Scott,DC=dundermifflin,DC=com"),
#     displayName="Michael Scott",
#     active=True,
#     userName="mscott",
#     name=Name(givenName="Michael", familyName="Scott", formatted="Mr. Michael Scott"),
#     emails=[Email(value="michael.scott@dundermifflin.com", type="work", primary=True)],
# )
# dschrute = User(
#     meta=ResourceMeta.create_meta(
#         "User",
#         "https://duo.local/Users/{}".format(
#             str(uuid5(NAMESPACE_X500, "uid=Dwight.Schrute,DC=dundermifflin,DC=com"))
#         ),
#     ),
#     user_id=uuid5(NAMESPACE_X500, "uid=Dwight.Schrute,DC=dundermifflin,DC=com"),
#     displayName="Dwight Schrute",
#     active=True,
#     userName="dschrute",
#     name=Name(givenName="Dwight", familyName="Schrute"),
#     emails=[Email(value="dwight.schrute@dundermifflin.com", type="work", primary=True)],
# )
# jhalpert = User(
#     active=True,
#     name=Name(givenName="Jim", familyName="Halpert"),
#     emails=[Email(value="jim.halpert@dundermifflin.com", type="work", primary=True)],
#     userName="jhalpert",
# )
# pbeesly = User(
#     active=True,
#     name=Name(givenName="Pam", familyName="Beesly"),
#     emails=[Email(value="pam.beesly@dundermifflin.com", type="work", primary=True)],
#     userName="pbeesly",
# )
# pbeesly = User(
#     active=True,
#     name=Name(givenName="Pam", familyName="Beesly"),
#     emails=[Email(value="pam.beesly@dundermifflin.com", type="work", primary=True)],
#     userName="pbeesly",
# )
# rhoward = User(
#     active=True,
#     name=Name(givenName="Ryan", familyName="Howard"),
#     emails=[Email(value="ryan.howard@dundermifflin.com", type="work", primary=True)],
#     userName="rhoward",
# )
# kmalone = User(
#     active=True,
#     name=Name(givenName="Kevin", familyName="Malone"),
#     emails=[Email(value="kevin.malone@dundermifflin.com", type="work", primary=True)],
#     userName="kmalone",
# )

scim_dev_client.create_user(mscott)
# scim_dev_client.create_user(dschrute)
# scim_dev_client.create_user(jhalpert)
# scim_dev_client.create_user(pbeesly)
# scim_dev_client.create_user(rhoward)
# scim_dev_client.create_user(kmalone)

<sync_app.scim.user.User at 0x10ef8edd0>

Now let's make a group


In [7]:
# dundermifflin_group = Group(
#     displayName="Dunder Mifflin",
#     group_id=uuid5(NAMESPACE_X500, "cn=Dunder Mifflin,DC=dundermifflin,DC=com"),
#     meta=ResourceMeta.create_meta(
#         "Group",
#         "https://duo.local/Groups/{}".format(
#             str(uuid5(NAMESPACE_X500, "cn=Dunder Mifflin,DC=dundermifflin,DC=com"))
#         ),
#     ),
# )
# scim_dev_client.create_group(dundermifflin_group)

Let's add users to the group


Oh no, Micheal Scott Paper Company just started. We need to move some people around!


First let's deactive Micheal, Pam and Ryan


Let's remove Micheal, Pam and Ryan from Dunder Mifflin before they could steal useful lead!


Let's create a new group and add Micheal, Pam and Ryan in it.
