diff --git a/README.md b/README.md index 37cbf89d..6bc0514c 100644 --- a/README.md +++ b/README.md @@ -645,6 +645,23 @@ if err == nil { // Do something } } + +// Load tenant settings by a tenant id +settings, err := descopeClient.Management.Tenant().GetSettings(context.Background()) + +settingsRequest := &descope.TenantSettings{} +settingsRequest.SelfProvisioningDomains = []string{"domain.com", "company.com"} +settingsRequest.RefreshTokenExpiration = 30 +settingsRequest.RefreshTokenExpirationUnit = "days" +settingsRequest.SessionTokenExpiration = 30 +settingsRequest.SessionTokenExpirationUnit = "minutes" +settingsRequest.EnableInactivity = true +settingsRequest.InactivityTime = 2 +settingsRequest.InactivityTimeUnit = "days" + +// update the tenant settings +err := descopeClient.Management.Tenant().ConfigureSettings(context.Background(), "My Tenant", settingsRequest) + ``` ### Manage Users @@ -875,6 +892,33 @@ Certifcate contents // To delete SSO settings, call the following method err := descopeClient.Management.SSO().DeleteSettings(context.Background(), "tenant-id") +### Manage Password Setting + +You can manage password settings for tenants and projects. + +```go +// You can get password settings for a specific tenant ID. Tenant ID is required. +settings, err := descopeClient.Management.Password().GetSettings(context.Background(), "tenant-id") + +// You can configure password settings by setting the required fields directly and provide the tenant ID to update. +tenantID := "tenant-id" // Which tenant this configuration is for +settingsToUpdate := &descope.PasswordSettings{ + Enabled: true, + MinLength: 8, + Lowercase: true, + Uppercase: true, + Number: true, + NonAlphanumeric: true, + Expiration: true, + ExpirationWeeks: 3, + Reuse: true, + ReuseAmount: 3, + Lock: true, + LockAttempts: 5, +} +err := descopeClient.Management.Password().ConfigureSettings(context.Background(), tenantID, settingsToUpdate) +``` + ### Manage Permissions You can create, update, delete or load permissions: diff --git a/descope/api/client.go b/descope/api/client.go index 82aa6b92..036b6785 100644 --- a/descope/api/client.go +++ b/descope/api/client.go @@ -82,6 +82,7 @@ var ( tenantLoad: "mgmt/tenant", tenantLoadAll: "mgmt/tenant/all", tenantSearchAll: "mgmt/tenant/search", + tenantSettings: "mgmt/tenant/settings", userCreate: "mgmt/user/create", userCreateBatch: "mgmt/user/create/batch", userUpdate: "mgmt/user/update", @@ -125,6 +126,7 @@ var ( ssoOIDCSettings: "mgmt/sso/oidc", ssoMetadata: "mgmt/sso/metadata", ssoMapping: "mgmt/sso/mapping", + passwordSettings: "mgmt/password/settings", updateJWT: "mgmt/jwt/update", permissionCreate: "mgmt/permission/create", permissionUpdate: "mgmt/permission/update", @@ -237,6 +239,7 @@ type mgmtEndpoints struct { tenantLoad string tenantLoadAll string tenantSearchAll string + tenantSettings string userCreate string userCreateBatch string @@ -289,6 +292,8 @@ type mgmtEndpoints struct { ssoOIDCSettings string updateJWT string + passwordSettings string + permissionCreate string permissionUpdate string permissionDelete string @@ -511,6 +516,10 @@ func (e *endpoints) ManagementTenantSearchAll() string { return path.Join(e.version, e.mgmt.tenantSearchAll) } +func (e *endpoints) ManagementTenantSettings() string { + return path.Join(e.version, e.mgmt.tenantSettings) +} + func (e *endpoints) ManagementUserCreate() string { return path.Join(e.version, e.mgmt.userCreate) } @@ -678,6 +687,10 @@ func (e *endpoints) ManagementSSOMapping() string { return path.Join(e.version, e.mgmt.ssoMapping) } +func (e *endpoints) ManagementPasswordSettings() string { + return path.Join(e.version, e.mgmt.passwordSettings) +} + func (e *endpoints) ManagementUpdateJWT() string { return path.Join(e.version, e.mgmt.updateJWT) } diff --git a/descope/internal/mgmt/mgmt.go b/descope/internal/mgmt/mgmt.go index 2eeacc13..91337b47 100644 --- a/descope/internal/mgmt/mgmt.go +++ b/descope/internal/mgmt/mgmt.go @@ -24,6 +24,7 @@ type managementService struct { user sdk.User accessKey sdk.AccessKey sso sdk.SSO + password sdk.PasswordManagement jwt sdk.JWT permission sdk.Permission role sdk.Role @@ -49,6 +50,7 @@ func NewManagement(conf ManagementParams, c *api.Client) *managementService { service.project = &project{managementBase: base} service.audit = &audit{managementBase: base} service.authz = &authz{managementBase: base} + service.password = &password{managementBase: base} return service } @@ -72,6 +74,11 @@ func (mgmt *managementService) SSO() sdk.SSO { return mgmt.sso } +func (mgmt *managementService) Password() sdk.PasswordManagement { + mgmt.ensureManagementKey() + return mgmt.password +} + func (mgmt *managementService) JWT() sdk.JWT { mgmt.ensureManagementKey() return mgmt.jwt diff --git a/descope/internal/mgmt/password.go b/descope/internal/mgmt/password.go new file mode 100644 index 00000000..76a58c42 --- /dev/null +++ b/descope/internal/mgmt/password.go @@ -0,0 +1,61 @@ +package mgmt + +import ( + "context" + + "github.com/descope/go-sdk/descope" + "github.com/descope/go-sdk/descope/api" + "github.com/descope/go-sdk/descope/internal/utils" +) + +type password struct { + managementBase +} + +func (s *password) GetSettings(ctx context.Context, tenantID string) (*descope.PasswordSettings, error) { + if tenantID == "" { + return nil, utils.NewInvalidArgumentError("tenantID") + } + + req := &api.HTTPRequest{ + QueryParams: map[string]string{"tenantId": tenantID}, + } + res, err := s.client.DoGetRequest(ctx, api.Routes.ManagementPasswordSettings(), req, s.conf.ManagementKey) + if err != nil { + return nil, err + } + return unmarshalPasswordSettingsResponse(res) +} + +func (s *password) ConfigureSettings(ctx context.Context, tenantID string, passwordSettings *descope.PasswordSettings) error { + if tenantID == "" { + return utils.NewInvalidArgumentError("tenantID") + } + + req := map[string]any{ + "tenantId": tenantID, + "enabled": passwordSettings.Enabled, + "minLength": passwordSettings.MinLength, + "lowercase": passwordSettings.Lowercase, + "uppercase": passwordSettings.Uppercase, + "number": passwordSettings.Number, + "nonAlphanumeric": passwordSettings.NonAlphanumeric, + "expiration": passwordSettings.Expiration, + "expirationWeeks": passwordSettings.ExpirationWeeks, + "reuse": passwordSettings.Reuse, + "reuseAmount": passwordSettings.ReuseAmount, + "lock": passwordSettings.Lock, + "lockAttempts": passwordSettings.LockAttempts, + } + _, err := s.client.DoPostRequest(ctx, api.Routes.ManagementPasswordSettings(), req, nil, s.conf.ManagementKey) + return err +} + +func unmarshalPasswordSettingsResponse(res *api.HTTPResponse) (*descope.PasswordSettings, error) { + var passwordSettingsRes *descope.PasswordSettings + err := utils.Unmarshal([]byte(res.BodyStr), &passwordSettingsRes) + if err != nil { + return nil, err + } + return passwordSettingsRes, err +} diff --git a/descope/internal/mgmt/password_test.go b/descope/internal/mgmt/password_test.go new file mode 100644 index 00000000..fba946a0 --- /dev/null +++ b/descope/internal/mgmt/password_test.go @@ -0,0 +1,134 @@ +package mgmt + +import ( + "context" + "net/http" + "testing" + + "github.com/descope/go-sdk/descope" + "github.com/descope/go-sdk/descope/internal/utils" + "github.com/descope/go-sdk/descope/tests/helpers" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestGetPasswordSettingsSuccess(t *testing.T) { + tenantID := "abc" + response := map[string]any{ + "tenantID": tenantID, + "enabled": true, + "lock": true, + "uppercase": true, + "lowercase": true, + "minLength": 8, + "number": true, + } + mgmt := newTestMgmt(nil, helpers.DoOkWithBody(func(r *http.Request) { + require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key") + params := helpers.ReadParams(r) + require.Equal(t, tenantID, params["tenantId"]) + }, response)) + res, err := mgmt.Password().GetSettings(context.Background(), tenantID) + require.NoError(t, err) + assert.True(t, res.Lock) + assert.True(t, res.Enabled) + assert.True(t, res.Uppercase) + assert.True(t, res.Lowercase) + assert.True(t, res.Number) + assert.EqualValues(t, 8, res.MinLength) +} + +func TestGetPasswordSettingsError(t *testing.T) { + tenantID := "abc" + mgmt := newTestMgmt(nil, helpers.DoBadRequest(func(r *http.Request) { + require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key") + params := helpers.ReadParams(r) + require.Equal(t, tenantID, params["tenantId"]) + })) + res, err := mgmt.Password().GetSettings(context.Background(), tenantID) + require.Error(t, err) + assert.Nil(t, res) +} + +func TestGetPasswordSettingsErrorEmptyTenantID(t *testing.T) { + mgmt := newTestMgmt(nil, helpers.DoOk(func(r *http.Request) {})) + res, err := mgmt.Password().GetSettings(context.Background(), "") + require.Error(t, err) + assert.ErrorIs(t, err, utils.NewInvalidArgumentError("tenantID")) + assert.Nil(t, res) +} + +func TestPasswordConfigureSettingsSuccess(t *testing.T) { + mgmt := newTestMgmt(nil, helpers.DoOk(func(r *http.Request) { + require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key") + req := map[string]any{} + require.NoError(t, helpers.ReadBody(r, &req)) + require.Equal(t, "tenant", req["tenantId"]) + require.Equal(t, true, req["enabled"]) + require.Equal(t, float64(8), req["minLength"]) + require.Equal(t, true, req["uppercase"]) + require.Equal(t, true, req["lowercase"]) + require.Equal(t, true, req["number"]) + require.Equal(t, true, req["nonAlphanumeric"]) + require.Equal(t, true, req["expiration"]) + require.Equal(t, float64(3), req["expirationWeeks"]) + require.Equal(t, true, req["reuse"]) + require.Equal(t, float64(3), req["reuseAmount"]) + require.Equal(t, true, req["lock"]) + require.Equal(t, float64(4), req["lockAttempts"]) + })) + err := mgmt.Password().ConfigureSettings(context.Background(), "tenant", &descope.PasswordSettings{ + Enabled: true, + MinLength: 8, + Lowercase: true, + Uppercase: true, + Number: true, + NonAlphanumeric: true, + Expiration: true, + ExpirationWeeks: 3, + Reuse: true, + ReuseAmount: 3, + Lock: true, + LockAttempts: 4, + }) + require.NoError(t, err) +} + +func TestPasswordConfigureSettingsError(t *testing.T) { + mgmt := newTestMgmt(nil, helpers.DoBadRequest(nil)) + err := mgmt.Password().ConfigureSettings(context.Background(), "tenant", &descope.PasswordSettings{ + Enabled: true, + MinLength: 8, + Lowercase: true, + Uppercase: true, + Number: true, + NonAlphanumeric: true, + Expiration: true, + ExpirationWeeks: 3, + Reuse: true, + ReuseAmount: 3, + Lock: true, + LockAttempts: 4, + }) + require.Error(t, err) +} + +func TestPasswordConfigureSettingsErrorEmptyTenantID(t *testing.T) { + mgmt := newTestMgmt(nil, helpers.DoOk(func(r *http.Request) {})) + err := mgmt.Password().ConfigureSettings(context.Background(), "", &descope.PasswordSettings{ + Enabled: true, + MinLength: 8, + Lowercase: true, + Uppercase: true, + Number: true, + NonAlphanumeric: true, + Expiration: true, + ExpirationWeeks: 3, + Reuse: true, + ReuseAmount: 3, + Lock: true, + LockAttempts: 4, + }) + require.Error(t, err) + assert.ErrorIs(t, err, utils.NewInvalidArgumentError("tenantID")) +} diff --git a/descope/internal/mgmt/tenant.go b/descope/internal/mgmt/tenant.go index 78311bfb..46445d61 100644 --- a/descope/internal/mgmt/tenant.go +++ b/descope/internal/mgmt/tenant.go @@ -105,6 +105,41 @@ func (t *tenant) SearchAll(ctx context.Context, options *descope.TenantSearchOpt return unmarshalLoadAllTenantsResponse(res) } +func (t *tenant) GetSettings(ctx context.Context, tenantID string) (*descope.TenantSettings, error) { + if tenantID == "" { + return nil, utils.NewInvalidArgumentError("tenantID") + } + req := &api.HTTPRequest{ + QueryParams: map[string]string{"tenantId": tenantID}, + } + res, err := t.client.DoGetRequest(ctx, api.Routes.ManagementTenantSettings(), req, t.conf.ManagementKey) + if err != nil { + return nil, err + } + return unmarshalTenantSettingsResponse(res) +} + +func (t *tenant) ConfigureSettings(ctx context.Context, tenantID string, settings *descope.TenantSettings) error { + if tenantID == "" { + return utils.NewInvalidArgumentError("tenantID") + } + req := map[string]any{ + "tenantId": tenantID, + "selfProvisioningDomains": settings.SelfProvisioningDomains, + "enabled": settings.SessionSettingsEnabled, + "sessionTokenExpiration": settings.SessionTokenExpiration, + "refreshTokenExpiration": settings.RefreshTokenExpiration, + "sessionTokenExpirationUnit": settings.SessionTokenExpirationUnit, + "refreshTokenExpirationUnit": settings.RefreshTokenExpirationUnit, + "inactivityTime": settings.InactivityTime, + "inactivityTimeUnit": settings.InactivityTimeUnit, + "enableInactivity": settings.EnableInactivity, + "domains": settings.Domains, + } + _, err := t.client.DoPostRequest(ctx, api.Routes.ManagementTenantSettings(), req, nil, t.conf.ManagementKey) + return err +} + func makeCreateUpdateTenantRequest(id string, tenantRequest *descope.TenantRequest) map[string]any { return map[string]any{"id": id, "name": tenantRequest.Name, "selfProvisioningDomains": tenantRequest.SelfProvisioningDomains, "customAttributes": tenantRequest.CustomAttributes} } @@ -138,3 +173,16 @@ func makeSearchTenantRequest(options *descope.TenantSearchOptions) map[string]an "authType": options.AuthType, } } + +func unmarshalTenantSettingsResponse(res *api.HTTPResponse) (*descope.TenantSettings, error) { + var tres *struct { + *descope.TenantSettings + Enabled bool `json:"enabled"` + } + err := utils.Unmarshal([]byte(res.BodyStr), &tres) + if err != nil { + return nil, err + } + tres.TenantSettings.SessionSettingsEnabled = tres.Enabled + return tres.TenantSettings, nil +} diff --git a/descope/internal/mgmt/tenant_test.go b/descope/internal/mgmt/tenant_test.go index 45cad313..c1fb1f67 100644 --- a/descope/internal/mgmt/tenant_test.go +++ b/descope/internal/mgmt/tenant_test.go @@ -209,3 +209,71 @@ func TestTenantLoadNoIDError(t *testing.T) { require.Error(t, err) require.Nil(t, res) } + +func TestGetTenantSettingsSuccess(t *testing.T) { + tenantID := "abc" + response := map[string]any{ + "inactivityTime": 10, + "enableInactivity": true, + "inactivityTimeUnit": "minutes", + "enabled": true, + "refreshTokenExpiration": 10, + "refreshTokenExpirationUnit": "weeks", + "sessionTokenExpiration": 11, + "sessionTokenExpirationUnit": "minutes", + } + mgmt := newTestMgmt(nil, helpers.DoOkWithBody(func(r *http.Request) { + require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key") + params := helpers.ReadParams(r) + require.Equal(t, tenantID, params["tenantId"]) + }, response)) + res, err := mgmt.Tenant().GetSettings(context.Background(), tenantID) + require.NoError(t, err) + assert.True(t, res.EnableInactivity) + assert.True(t, res.SessionSettingsEnabled) + assert.EqualValues(t, 10, res.InactivityTime) + assert.EqualValues(t, "minutes", res.InactivityTimeUnit) + assert.EqualValues(t, 11, res.SessionTokenExpiration) + assert.EqualValues(t, "minutes", res.SessionTokenExpirationUnit) + assert.EqualValues(t, 10, res.RefreshTokenExpiration) + assert.EqualValues(t, "weeks", res.RefreshTokenExpirationUnit) +} + +func TestGetTenantSettingsError(t *testing.T) { + tenantID := "abc" + mgmt := newTestMgmt(nil, helpers.DoBadRequest(func(r *http.Request) { + require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key") + params := helpers.ReadParams(r) + require.Equal(t, tenantID, params["tenantId"]) + })) + res, err := mgmt.Tenant().GetSettings(context.Background(), tenantID) + require.Error(t, err) + assert.Nil(t, res) +} + +func TestTenantConfigureSettingsSuccess(t *testing.T) { + mgmt := newTestMgmt(nil, helpers.DoOk(func(r *http.Request) { + require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key") + req := map[string]any{} + require.NoError(t, helpers.ReadBody(r, &req)) + require.Equal(t, "tenant", req["tenantId"]) + require.Equal(t, true, req["enabled"]) + require.Equal(t, true, req["enableInactivity"]) + require.Equal(t, float64(19), req["sessionTokenExpiration"]) + require.EqualValues(t, []any{"test"}, req["selfProvisioningDomains"]) + })) + err := mgmt.Tenant().ConfigureSettings(context.Background(), "tenant", &descope.TenantSettings{EnableInactivity: true, SessionSettingsEnabled: true, SessionTokenExpiration: 19, SelfProvisioningDomains: []string{"test"}}) + require.NoError(t, err) +} + +func TestTenantConfigureSettingsEmptyError(t *testing.T) { + mgmt := newTestMgmt(nil, helpers.DoOk(nil)) + err := mgmt.Tenant().ConfigureSettings(context.Background(), "", &descope.TenantSettings{}) + require.Error(t, err) +} + +func TestTenantConfigureSettingsError(t *testing.T) { + mgmt := newTestMgmt(nil, helpers.DoBadRequest(nil)) + err := mgmt.Tenant().ConfigureSettings(context.Background(), "test", &descope.TenantSettings{}) + require.Error(t, err) +} diff --git a/descope/sdk/mgmt.go b/descope/sdk/mgmt.go index 476919e9..b770abcf 100644 --- a/descope/sdk/mgmt.go +++ b/descope/sdk/mgmt.go @@ -48,6 +48,13 @@ type Tenant interface { // and results. Using nil will result in a filter-less query with a set amount of // results. SearchAll(ctx context.Context, options *descope.TenantSearchOptions) ([]*descope.Tenant, error) + + // Get tenant settings for a tenant by id. Tenant ID is required. + GetSettings(ctx context.Context, tenantID string) (*descope.TenantSettings, error) + + // Configure tenant settings for a tenant. Tenant ID is required. + // All settings arguments are required and will override whatever is currently set even if left default. + ConfigureSettings(ctx context.Context, tenantID string, settings *descope.TenantSettings) error } // Provides functions for managing users in a project. @@ -408,6 +415,17 @@ type SSO interface { ConfigureMapping(ctx context.Context, tenantID string, roleMappings []*descope.RoleMapping, attributeMapping *descope.AttributeMapping) error } +// Provides functions for managing password policy for a project or a tenant. +type PasswordManagement interface { + // Get password settings for a project or tenant. + GetSettings(ctx context.Context, tenantID string) (*descope.PasswordSettings, error) + + // Configure Password settings for a project or a tenant manually. + // Tenant ID can be left empty to apply changes to project password policy. + // All other arguments are required and will override whatever is currently set even if left default. + ConfigureSettings(ctx context.Context, tenantID string, settings *descope.PasswordSettings) error +} + // Provide functions for manipulating valid JWT type JWT interface { // Update a valid JWT with the custom claims provided @@ -622,6 +640,9 @@ type Management interface { // Provides functions for configuring SSO for a project. SSO() SSO + // Provides functions for password settings for a project or tenant. + Password() PasswordManagement + // Provide functions for manipulating valid JWT JWT() JWT diff --git a/descope/tests/mocks/mgmt/managementmock.go b/descope/tests/mocks/mgmt/managementmock.go index e0a21ddb..b8f3a70c 100644 --- a/descope/tests/mocks/mgmt/managementmock.go +++ b/descope/tests/mocks/mgmt/managementmock.go @@ -10,6 +10,7 @@ import ( type MockManagement struct { *MockJWT *MockSSO + *MockPasswordManagement *MockUser *MockAccessKey *MockTenant @@ -70,6 +71,10 @@ func (m *MockManagement) Authz() sdk.Authz { return m.MockAuthz } +func (m *MockManagement) Password() sdk.PasswordManagement { + return m.MockPasswordManagement +} + // Mock JWT type MockJWT struct { @@ -181,6 +186,31 @@ func (m *MockSSO) ConfigureMapping(_ context.Context, tenantID string, roleMappi return m.ConfigureMappingError } +// Mock Password + +type MockPasswordManagement struct { + GetSettingsAssert func(tenantID string) + GetSettingsResponse *descope.PasswordSettings + GetSettingsError error + + ConfigureSettingsAssert func(tenantID string, settings *descope.PasswordSettings) + ConfigureSettingsError error +} + +func (m *MockPasswordManagement) GetSettings(_ context.Context, tenantID string) (*descope.PasswordSettings, error) { + if m.GetSettingsAssert != nil { + m.GetSettingsAssert(tenantID) + } + return m.GetSettingsResponse, m.GetSettingsError +} + +func (m *MockPasswordManagement) ConfigureSettings(_ context.Context, tenantID string, settings *descope.PasswordSettings) error { + if m.ConfigureSettingsAssert != nil { + m.ConfigureSettingsAssert(tenantID, settings) + } + return m.ConfigureSettingsError +} + // Mock User type MockUser struct { @@ -716,6 +746,14 @@ type MockTenant struct { SearchAllResponse []*descope.Tenant SearchAllError error + + GetSettingsAssert func(id string) + GetSettingsResponse *descope.TenantSettings + GetSettingsError error + + ConfigureSettingsAssert func(string, *descope.TenantSettings) + ConfigureSettingsResponse *descope.TenantSettings + ConfigureSettingsError error } func (m *MockTenant) Create(_ context.Context, tenantRequest *descope.TenantRequest) (id string, err error) { @@ -761,6 +799,20 @@ func (m *MockTenant) SearchAll(_ context.Context, _ *descope.TenantSearchOptions return m.SearchAllResponse, m.SearchAllError } +func (m *MockTenant) GetSettings(_ context.Context, tenantID string) (*descope.TenantSettings, error) { + if m.GetSettingsAssert != nil { + m.GetSettingsAssert(tenantID) + } + return m.GetSettingsResponse, m.GetSettingsError +} + +func (m *MockTenant) ConfigureSettings(_ context.Context, tenantID string, settings *descope.TenantSettings) error { + if m.ConfigureSettingsAssert != nil { + m.ConfigureSettingsAssert(tenantID, settings) + } + return m.ConfigureSettingsError +} + // Mock Permission type MockPermission struct { diff --git a/descope/types.go b/descope/types.go index b19cc5d8..e6ad5518 100644 --- a/descope/types.go +++ b/descope/types.go @@ -70,6 +70,21 @@ type SSOSettingsResponse struct { Domain string `json:"domain,omitempty"` } +type PasswordSettings struct { + Enabled bool `json:"enabled,omitempty"` + MinLength int32 `json:"minLength,omitempty"` + Lowercase bool `json:"lowercase,omitempty"` + Uppercase bool `json:"uppercase,omitempty"` + Number bool `json:"number,omitempty"` + NonAlphanumeric bool `json:"nonAlphanumeric,omitempty"` + Expiration bool `json:"expiration,omitempty"` + ExpirationWeeks int32 `json:"expirationWeeks,omitempty"` + Reuse bool `json:"reuse,omitempty"` + ReuseAmount int32 `json:"reuseAmount,omitempty"` + Lock bool `json:"lock,omitempty"` + LockAttempts int32 `json:"lockAttempts,omitempty"` +} + type SSOSAMLSettingsResponse struct { IdpEntityID string `json:"idpEntityId,omitempty"` IdpSSOURL string `json:"idpSSOUrl,omitempty"` @@ -490,6 +505,19 @@ type TenantSearchOptions struct { AuthType string } +type TenantSettings struct { + Domains []string `json:"domains,omitempty"` + SelfProvisioningDomains []string `json:"selfProvisioningDomains,omitempty"` + SessionSettingsEnabled bool `json:"sessionSettingsEnabled,omitempty"` + RefreshTokenExpiration int32 `json:"refreshTokenExpiration,omitempty"` + RefreshTokenExpirationUnit string `json:"refreshTokenExpirationUnit,omitempty"` + SessionTokenExpiration int32 `json:"sessionTokenExpiration,omitempty"` + SessionTokenExpirationUnit string `json:"sessionTokenExpirationUnit,omitempty"` + EnableInactivity bool `json:"enableInactivity,omitempty"` + InactivityTime int32 `json:"inactivityTime,omitempty"` + InactivityTimeUnit string `json:"inactivityTimeUnit,omitempty"` +} + type Permission struct { Name string `json:"name"` Description string `json:"description,omitempty"`