diff --git a/CHANGELOG.md b/CHANGELOG.md index 09b4e402..f6c21aef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ * **Enhancement** Added default value to the `ResponseSigned` attributes on the `ApplicationSAML` model. [#247](https://github.com/patrickcping/pingone-go-sdk-v2/pull/247) * **Enhancement** Added support for the `AuthnRequestSigned` attribute on the `ApplicationSAMLAllOfSpVerification` model. [#247](https://github.com/patrickcping/pingone-go-sdk-v2/pull/247) * **Enhancement** Added support for the `Algorithm` attribute on the `IdentityProviderSAMLAllOfSpSigning` model. [#247](https://github.com/patrickcping/pingone-go-sdk-v2/pull/247) + * **Enhancement** Added support for new attributes `AdditionalRefreshTokenReplayProtectionEnabled`, `RequireSignedRequestObject`, `ParRequirement`, `ParTimeout` to the `ApplicationOIDC` and `ApplicationOIDCAllOf` data models. [#248](https://github.com/patrickcping/pingone-go-sdk-v2/pull/248) # Release (2023-09-05) diff --git a/management/.openapi-generator/FILES b/management/.openapi-generator/FILES index 4d7e28f3..b6f16685 100644 --- a/management/.openapi-generator/FILES +++ b/management/.openapi-generator/FILES @@ -189,6 +189,7 @@ docs/EnumAlertChannelType.md docs/EnumApplicationAccessControlType.md docs/EnumApplicationNativeGooglePlayVerificationType.md docs/EnumApplicationOIDCGrantType.md +docs/EnumApplicationOIDCPARRequirement.md docs/EnumApplicationOIDCPKCEOption.md docs/EnumApplicationOIDCResponseType.md docs/EnumApplicationOIDCTokenAuthMethod.md @@ -703,6 +704,7 @@ model_enum_application_native_google_play_verification_type.go model_enum_application_oidc_grant_type.go model_enum_application_oidc_response_type.go model_enum_application_oidc_token_auth_method.go +model_enum_application_oidcpar_requirement.go model_enum_application_oidcpkce_option.go model_enum_application_protocol.go model_enum_application_saml_slo_binding.go diff --git a/management/CHANGELOG.md b/management/CHANGELOG.md index 755b76f7..2eb00b22 100644 --- a/management/CHANGELOG.md +++ b/management/CHANGELOG.md @@ -11,6 +11,7 @@ * **Enhancement** Added default value to the `ResponseSigned` attributes on the `ApplicationSAML` model. [#247](https://github.com/patrickcping/pingone-go-sdk-v2/pull/247) * **Enhancement** Added support for the `AuthnRequestSigned` attribute on the `ApplicationSAMLAllOfSpVerification` model. [#247](https://github.com/patrickcping/pingone-go-sdk-v2/pull/247) * **Enhancement** Added support for the `Algorithm` attribute on the `IdentityProviderSAMLAllOfSpSigning` model. [#247](https://github.com/patrickcping/pingone-go-sdk-v2/pull/247) +* **Enhancement** Added support for new attributes `AdditionalRefreshTokenReplayProtectionEnabled`, `RequireSignedRequestObject`, `ParRequirement`, `ParTimeout` to the `ApplicationOIDC` and `ApplicationOIDCAllOf` data models. [#248](https://github.com/patrickcping/pingone-go-sdk-v2/pull/248) # v0.27.0 (2023-09-05) diff --git a/management/README.md b/management/README.md index f6b1bf88..a2e49062 100644 --- a/management/README.md +++ b/management/README.md @@ -511,6 +511,7 @@ Class | Method | HTTP request | Description - [EnumApplicationAccessControlType](docs/EnumApplicationAccessControlType.md) - [EnumApplicationNativeGooglePlayVerificationType](docs/EnumApplicationNativeGooglePlayVerificationType.md) - [EnumApplicationOIDCGrantType](docs/EnumApplicationOIDCGrantType.md) + - [EnumApplicationOIDCPARRequirement](docs/EnumApplicationOIDCPARRequirement.md) - [EnumApplicationOIDCPKCEOption](docs/EnumApplicationOIDCPKCEOption.md) - [EnumApplicationOIDCResponseType](docs/EnumApplicationOIDCResponseType.md) - [EnumApplicationOIDCTokenAuthMethod](docs/EnumApplicationOIDCTokenAuthMethod.md) diff --git a/management/api/openapi.yaml b/management/api/openapi.yaml index 62122130..a7a97847 100644 --- a/management/api/openapi.yaml +++ b/management/api/openapi.yaml @@ -23080,6 +23080,14 @@ components: - REFRESH_TOKEN - CLIENT_CREDENTIALS type: string + EnumApplicationOIDCPARRequirement: + default: OPTIONAL + description: Whether pushed authorization requests (PAR) are required. Options + are `REQUIRED` and `OPTIONAL`. The default value is `OPTIONAL`. + enum: + - REQUIRED + - OPTIONAL + type: string EnumApplicationOIDCPKCEOption: description: A string that specifies how PKCE request parameters are handled on the authorize request. Options are OPTIONAL PKCE code_challenge is optional @@ -30533,6 +30541,13 @@ components: example: null ApplicationOIDC_allOf: properties: + additionalRefreshTokenReplayProtectionEnabled: + default: true + description: "When set to `true` (the default), if you attempt to reuse\ + \ the refresh token, the authorization server immediately revokes the\ + \ reused refresh token, as well as all descendant tokens. Setting this\ + \ to null equates to a `false` setting." + type: boolean allowWildcardInRedirectUris: description: "A boolean to specify whether wildcards are allowed in redirect\ \ URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri)." @@ -30626,6 +30641,12 @@ components: items: $ref: '#/components/schemas/EnumApplicationOIDCResponseType' type: array + requireSignedRequestObject: + description: "Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject)\ + \ parameter is required to be signed. If `false` or null (default), a\ + \ signed request object is not required. Both `supportUnsignedRequestObject`\ + \ and this property cannot be set to `true`." + type: boolean supportUnsignedRequestObject: description: "A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject)\ \ parameter JWT is allowed to be unsigned. If false or null (default),\ @@ -30646,6 +30667,15 @@ components: type: string tokenEndpointAuthMethod: $ref: '#/components/schemas/EnumApplicationOIDCTokenAuthMethod' + parRequirement: + $ref: '#/components/schemas/EnumApplicationOIDCPARRequirement' + parTimeout: + default: 60 + description: PAR timeout in seconds. Must be between `1` and `600`. The + default value is `60`. + maximum: 600 + minimum: 1 + type: integer required: - grantTypes - tokenEndpointAuthMethod diff --git a/management/docs/ApplicationOIDC.md b/management/docs/ApplicationOIDC.md index 60849899..8897a4a0 100644 --- a/management/docs/ApplicationOIDC.md +++ b/management/docs/ApplicationOIDC.md @@ -18,6 +18,7 @@ Name | Type | Description | Notes **Protocol** | [**EnumApplicationProtocol**](EnumApplicationProtocol.md) | | **Type** | [**EnumApplicationType**](EnumApplicationType.md) | | **UpdatedAt** | Pointer to **time.Time** | The time the resource was last updated. | [optional] [readonly] +**AdditionalRefreshTokenReplayProtectionEnabled** | Pointer to **bool** | When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. | [optional] [default to true] **AllowWildcardInRedirectUris** | Pointer to **bool** | A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). | [optional] **AssignActorRoles** | Pointer to **bool** | A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. | [optional] **Mobile** | Pointer to [**ApplicationOIDCAllOfMobile**](ApplicationOIDCAllOfMobile.md) | | [optional] @@ -34,10 +35,13 @@ Name | Type | Description | Notes **RefreshTokenRollingDuration** | Pointer to **int32** | An integer that specifies the number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. Valid values are between 60 and 2147483647. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token. | [optional] **RefreshTokenRollingGracePeriodDuration** | Pointer to **int32** | The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens. This is useful in the case of network errors on the client. Valid values are between 0 and 86400 seconds. Null is treated the same as 0. | [optional] **ResponseTypes** | Pointer to [**[]EnumApplicationOIDCResponseType**](EnumApplicationOIDCResponseType.md) | A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. | [optional] +**RequireSignedRequestObject** | Pointer to **bool** | Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. | [optional] **SupportUnsignedRequestObject** | Pointer to **bool** | A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. | [optional] **Tags** | Pointer to [**[]EnumApplicationTags**](EnumApplicationTags.md) | An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. | [optional] **TargetLinkUri** | Pointer to **string** | The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. | [optional] **TokenEndpointAuthMethod** | [**EnumApplicationOIDCTokenAuthMethod**](EnumApplicationOIDCTokenAuthMethod.md) | | +**ParRequirement** | Pointer to [**EnumApplicationOIDCPARRequirement**](EnumApplicationOIDCPARRequirement.md) | | [optional] [default to ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL] +**ParTimeout** | Pointer to **int32** | PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. | [optional] [default to 60] ## Methods @@ -388,6 +392,31 @@ SetUpdatedAt sets UpdatedAt field to given value. HasUpdatedAt returns a boolean if a field has been set. +### GetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ApplicationOIDC) GetAdditionalRefreshTokenReplayProtectionEnabled() bool` + +GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field if non-nil, zero value otherwise. + +### GetAdditionalRefreshTokenReplayProtectionEnabledOk + +`func (o *ApplicationOIDC) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool)` + +GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ApplicationOIDC) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool)` + +SetAdditionalRefreshTokenReplayProtectionEnabled sets AdditionalRefreshTokenReplayProtectionEnabled field to given value. + +### HasAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ApplicationOIDC) HasAdditionalRefreshTokenReplayProtectionEnabled() bool` + +HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. + ### GetAllowWildcardInRedirectUris `func (o *ApplicationOIDC) GetAllowWildcardInRedirectUris() bool` @@ -783,6 +812,31 @@ SetResponseTypes sets ResponseTypes field to given value. HasResponseTypes returns a boolean if a field has been set. +### GetRequireSignedRequestObject + +`func (o *ApplicationOIDC) GetRequireSignedRequestObject() bool` + +GetRequireSignedRequestObject returns the RequireSignedRequestObject field if non-nil, zero value otherwise. + +### GetRequireSignedRequestObjectOk + +`func (o *ApplicationOIDC) GetRequireSignedRequestObjectOk() (*bool, bool)` + +GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetRequireSignedRequestObject + +`func (o *ApplicationOIDC) SetRequireSignedRequestObject(v bool)` + +SetRequireSignedRequestObject sets RequireSignedRequestObject field to given value. + +### HasRequireSignedRequestObject + +`func (o *ApplicationOIDC) HasRequireSignedRequestObject() bool` + +HasRequireSignedRequestObject returns a boolean if a field has been set. + ### GetSupportUnsignedRequestObject `func (o *ApplicationOIDC) GetSupportUnsignedRequestObject() bool` @@ -878,6 +932,56 @@ and a boolean to check if the value has been set. SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value. +### GetParRequirement + +`func (o *ApplicationOIDC) GetParRequirement() EnumApplicationOIDCPARRequirement` + +GetParRequirement returns the ParRequirement field if non-nil, zero value otherwise. + +### GetParRequirementOk + +`func (o *ApplicationOIDC) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool)` + +GetParRequirementOk returns a tuple with the ParRequirement field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParRequirement + +`func (o *ApplicationOIDC) SetParRequirement(v EnumApplicationOIDCPARRequirement)` + +SetParRequirement sets ParRequirement field to given value. + +### HasParRequirement + +`func (o *ApplicationOIDC) HasParRequirement() bool` + +HasParRequirement returns a boolean if a field has been set. + +### GetParTimeout + +`func (o *ApplicationOIDC) GetParTimeout() int32` + +GetParTimeout returns the ParTimeout field if non-nil, zero value otherwise. + +### GetParTimeoutOk + +`func (o *ApplicationOIDC) GetParTimeoutOk() (*int32, bool)` + +GetParTimeoutOk returns a tuple with the ParTimeout field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParTimeout + +`func (o *ApplicationOIDC) SetParTimeout(v int32)` + +SetParTimeout sets ParTimeout field to given value. + +### HasParTimeout + +`func (o *ApplicationOIDC) HasParTimeout() bool` + +HasParTimeout returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/management/docs/ApplicationOIDCAllOf.md b/management/docs/ApplicationOIDCAllOf.md index 710dce41..2d5e5c7d 100644 --- a/management/docs/ApplicationOIDCAllOf.md +++ b/management/docs/ApplicationOIDCAllOf.md @@ -4,6 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- +**AdditionalRefreshTokenReplayProtectionEnabled** | Pointer to **bool** | When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. | [optional] [default to true] **AllowWildcardInRedirectUris** | Pointer to **bool** | A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). | [optional] **AssignActorRoles** | Pointer to **bool** | A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. | [optional] **Mobile** | Pointer to [**ApplicationOIDCAllOfMobile**](ApplicationOIDCAllOfMobile.md) | | [optional] @@ -20,10 +21,13 @@ Name | Type | Description | Notes **RefreshTokenRollingDuration** | Pointer to **int32** | An integer that specifies the number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. Valid values are between 60 and 2147483647. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token. | [optional] **RefreshTokenRollingGracePeriodDuration** | Pointer to **int32** | The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens. This is useful in the case of network errors on the client. Valid values are between 0 and 86400 seconds. Null is treated the same as 0. | [optional] **ResponseTypes** | Pointer to [**[]EnumApplicationOIDCResponseType**](EnumApplicationOIDCResponseType.md) | A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. | [optional] +**RequireSignedRequestObject** | Pointer to **bool** | Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. | [optional] **SupportUnsignedRequestObject** | Pointer to **bool** | A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. | [optional] **Tags** | Pointer to [**[]EnumApplicationTags**](EnumApplicationTags.md) | An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. | [optional] **TargetLinkUri** | Pointer to **string** | The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. | [optional] **TokenEndpointAuthMethod** | [**EnumApplicationOIDCTokenAuthMethod**](EnumApplicationOIDCTokenAuthMethod.md) | | +**ParRequirement** | Pointer to [**EnumApplicationOIDCPARRequirement**](EnumApplicationOIDCPARRequirement.md) | | [optional] [default to ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL] +**ParTimeout** | Pointer to **int32** | PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. | [optional] [default to 60] ## Methods @@ -44,6 +48,31 @@ NewApplicationOIDCAllOfWithDefaults instantiates a new ApplicationOIDCAllOf obje This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set +### GetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ApplicationOIDCAllOf) GetAdditionalRefreshTokenReplayProtectionEnabled() bool` + +GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field if non-nil, zero value otherwise. + +### GetAdditionalRefreshTokenReplayProtectionEnabledOk + +`func (o *ApplicationOIDCAllOf) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool)` + +GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ApplicationOIDCAllOf) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool)` + +SetAdditionalRefreshTokenReplayProtectionEnabled sets AdditionalRefreshTokenReplayProtectionEnabled field to given value. + +### HasAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ApplicationOIDCAllOf) HasAdditionalRefreshTokenReplayProtectionEnabled() bool` + +HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. + ### GetAllowWildcardInRedirectUris `func (o *ApplicationOIDCAllOf) GetAllowWildcardInRedirectUris() bool` @@ -439,6 +468,31 @@ SetResponseTypes sets ResponseTypes field to given value. HasResponseTypes returns a boolean if a field has been set. +### GetRequireSignedRequestObject + +`func (o *ApplicationOIDCAllOf) GetRequireSignedRequestObject() bool` + +GetRequireSignedRequestObject returns the RequireSignedRequestObject field if non-nil, zero value otherwise. + +### GetRequireSignedRequestObjectOk + +`func (o *ApplicationOIDCAllOf) GetRequireSignedRequestObjectOk() (*bool, bool)` + +GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetRequireSignedRequestObject + +`func (o *ApplicationOIDCAllOf) SetRequireSignedRequestObject(v bool)` + +SetRequireSignedRequestObject sets RequireSignedRequestObject field to given value. + +### HasRequireSignedRequestObject + +`func (o *ApplicationOIDCAllOf) HasRequireSignedRequestObject() bool` + +HasRequireSignedRequestObject returns a boolean if a field has been set. + ### GetSupportUnsignedRequestObject `func (o *ApplicationOIDCAllOf) GetSupportUnsignedRequestObject() bool` @@ -534,6 +588,56 @@ and a boolean to check if the value has been set. SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value. +### GetParRequirement + +`func (o *ApplicationOIDCAllOf) GetParRequirement() EnumApplicationOIDCPARRequirement` + +GetParRequirement returns the ParRequirement field if non-nil, zero value otherwise. + +### GetParRequirementOk + +`func (o *ApplicationOIDCAllOf) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool)` + +GetParRequirementOk returns a tuple with the ParRequirement field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParRequirement + +`func (o *ApplicationOIDCAllOf) SetParRequirement(v EnumApplicationOIDCPARRequirement)` + +SetParRequirement sets ParRequirement field to given value. + +### HasParRequirement + +`func (o *ApplicationOIDCAllOf) HasParRequirement() bool` + +HasParRequirement returns a boolean if a field has been set. + +### GetParTimeout + +`func (o *ApplicationOIDCAllOf) GetParTimeout() int32` + +GetParTimeout returns the ParTimeout field if non-nil, zero value otherwise. + +### GetParTimeoutOk + +`func (o *ApplicationOIDCAllOf) GetParTimeoutOk() (*int32, bool)` + +GetParTimeoutOk returns a tuple with the ParTimeout field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParTimeout + +`func (o *ApplicationOIDCAllOf) SetParTimeout(v int32)` + +SetParTimeout sets ParTimeout field to given value. + +### HasParTimeout + +`func (o *ApplicationOIDCAllOf) HasParTimeout() bool` + +HasParTimeout returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/management/docs/CreateApplication201Response.md b/management/docs/CreateApplication201Response.md index dcc7659f..b82cb628 100644 --- a/management/docs/CreateApplication201Response.md +++ b/management/docs/CreateApplication201Response.md @@ -32,6 +32,7 @@ Name | Type | Description | Notes **SloWindow** | Pointer to **int32** | Defines how long PingOne can exchange logout messages with the application, specifically a `LogoutRequest` from the application, since the initial request. PingOne can also send a `LogoutRequest` to the application when a single logout is initiated by the user from other session participants, such as an application or identity provider. This setting is per application. The SLO logout is separate from the user session logout that revokes all tokens. | [optional] **SpEntityId** | **string** | A string that specifies the service provider entity ID used to lookup the application. This is a required property and is unique within the environment. | **SpVerification** | Pointer to [**ApplicationSAMLAllOfSpVerification**](ApplicationSAMLAllOfSpVerification.md) | | [optional] +**AdditionalRefreshTokenReplayProtectionEnabled** | Pointer to **bool** | When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. | [optional] [default to true] **AllowWildcardInRedirectUris** | Pointer to **bool** | A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). | [optional] **AssignActorRoles** | Pointer to **bool** | A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. | [optional] **Mobile** | Pointer to [**ApplicationOIDCAllOfMobile**](ApplicationOIDCAllOfMobile.md) | | [optional] @@ -47,10 +48,13 @@ Name | Type | Description | Notes **RefreshTokenRollingDuration** | Pointer to **int32** | An integer that specifies the number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. Valid values are between 60 and 2147483647. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token. | [optional] **RefreshTokenRollingGracePeriodDuration** | Pointer to **int32** | The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens. This is useful in the case of network errors on the client. Valid values are between 0 and 86400 seconds. Null is treated the same as 0. | [optional] **ResponseTypes** | Pointer to [**[]EnumApplicationOIDCResponseType**](EnumApplicationOIDCResponseType.md) | A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. | [optional] +**RequireSignedRequestObject** | Pointer to **bool** | Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. | [optional] **SupportUnsignedRequestObject** | Pointer to **bool** | A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. | [optional] **Tags** | Pointer to [**[]EnumApplicationTags**](EnumApplicationTags.md) | An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. | [optional] **TargetLinkUri** | Pointer to **string** | The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. | [optional] **TokenEndpointAuthMethod** | [**EnumApplicationOIDCTokenAuthMethod**](EnumApplicationOIDCTokenAuthMethod.md) | | +**ParRequirement** | Pointer to [**EnumApplicationOIDCPARRequirement**](EnumApplicationOIDCPARRequirement.md) | | [optional] [default to ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL] +**ParTimeout** | Pointer to **int32** | PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. | [optional] [default to 60] **AudienceRestriction** | Pointer to **string** | The service provider ID. Defaults to `urn:federation:MicrosoftOnline`. | [optional] [default to "urn:federation:MicrosoftOnline"] **DomainName** | **string** | The federated domain name (for example, the Azure custom domain). | **ReplyUrl** | **string** | The URL that the replying party (such as, Office365) uses to accept submissions of RequestSecurityTokenResponse messages that are a result of SSO requests. | @@ -729,6 +733,31 @@ SetSpVerification sets SpVerification field to given value. HasSpVerification returns a boolean if a field has been set. +### GetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *CreateApplication201Response) GetAdditionalRefreshTokenReplayProtectionEnabled() bool` + +GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field if non-nil, zero value otherwise. + +### GetAdditionalRefreshTokenReplayProtectionEnabledOk + +`func (o *CreateApplication201Response) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool)` + +GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *CreateApplication201Response) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool)` + +SetAdditionalRefreshTokenReplayProtectionEnabled sets AdditionalRefreshTokenReplayProtectionEnabled field to given value. + +### HasAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *CreateApplication201Response) HasAdditionalRefreshTokenReplayProtectionEnabled() bool` + +HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. + ### GetAllowWildcardInRedirectUris `func (o *CreateApplication201Response) GetAllowWildcardInRedirectUris() bool` @@ -1099,6 +1128,31 @@ SetResponseTypes sets ResponseTypes field to given value. HasResponseTypes returns a boolean if a field has been set. +### GetRequireSignedRequestObject + +`func (o *CreateApplication201Response) GetRequireSignedRequestObject() bool` + +GetRequireSignedRequestObject returns the RequireSignedRequestObject field if non-nil, zero value otherwise. + +### GetRequireSignedRequestObjectOk + +`func (o *CreateApplication201Response) GetRequireSignedRequestObjectOk() (*bool, bool)` + +GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetRequireSignedRequestObject + +`func (o *CreateApplication201Response) SetRequireSignedRequestObject(v bool)` + +SetRequireSignedRequestObject sets RequireSignedRequestObject field to given value. + +### HasRequireSignedRequestObject + +`func (o *CreateApplication201Response) HasRequireSignedRequestObject() bool` + +HasRequireSignedRequestObject returns a boolean if a field has been set. + ### GetSupportUnsignedRequestObject `func (o *CreateApplication201Response) GetSupportUnsignedRequestObject() bool` @@ -1194,6 +1248,56 @@ and a boolean to check if the value has been set. SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value. +### GetParRequirement + +`func (o *CreateApplication201Response) GetParRequirement() EnumApplicationOIDCPARRequirement` + +GetParRequirement returns the ParRequirement field if non-nil, zero value otherwise. + +### GetParRequirementOk + +`func (o *CreateApplication201Response) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool)` + +GetParRequirementOk returns a tuple with the ParRequirement field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParRequirement + +`func (o *CreateApplication201Response) SetParRequirement(v EnumApplicationOIDCPARRequirement)` + +SetParRequirement sets ParRequirement field to given value. + +### HasParRequirement + +`func (o *CreateApplication201Response) HasParRequirement() bool` + +HasParRequirement returns a boolean if a field has been set. + +### GetParTimeout + +`func (o *CreateApplication201Response) GetParTimeout() int32` + +GetParTimeout returns the ParTimeout field if non-nil, zero value otherwise. + +### GetParTimeoutOk + +`func (o *CreateApplication201Response) GetParTimeoutOk() (*int32, bool)` + +GetParTimeoutOk returns a tuple with the ParTimeout field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParTimeout + +`func (o *CreateApplication201Response) SetParTimeout(v int32)` + +SetParTimeout sets ParTimeout field to given value. + +### HasParTimeout + +`func (o *CreateApplication201Response) HasParTimeout() bool` + +HasParTimeout returns a boolean if a field has been set. + ### GetAudienceRestriction `func (o *CreateApplication201Response) GetAudienceRestriction() string` diff --git a/management/docs/CreateApplicationRequest.md b/management/docs/CreateApplicationRequest.md index 18c717db..1668dab8 100644 --- a/management/docs/CreateApplicationRequest.md +++ b/management/docs/CreateApplicationRequest.md @@ -32,6 +32,7 @@ Name | Type | Description | Notes **SloWindow** | Pointer to **int32** | Defines how long PingOne can exchange logout messages with the application, specifically a `LogoutRequest` from the application, since the initial request. PingOne can also send a `LogoutRequest` to the application when a single logout is initiated by the user from other session participants, such as an application or identity provider. This setting is per application. The SLO logout is separate from the user session logout that revokes all tokens. | [optional] **SpEntityId** | **string** | A string that specifies the service provider entity ID used to lookup the application. This is a required property and is unique within the environment. | **SpVerification** | Pointer to [**ApplicationSAMLAllOfSpVerification**](ApplicationSAMLAllOfSpVerification.md) | | [optional] +**AdditionalRefreshTokenReplayProtectionEnabled** | Pointer to **bool** | When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. | [optional] [default to true] **AllowWildcardInRedirectUris** | Pointer to **bool** | A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). | [optional] **AssignActorRoles** | Pointer to **bool** | A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. | [optional] **Mobile** | Pointer to [**ApplicationOIDCAllOfMobile**](ApplicationOIDCAllOfMobile.md) | | [optional] @@ -47,10 +48,13 @@ Name | Type | Description | Notes **RefreshTokenRollingDuration** | Pointer to **int32** | An integer that specifies the number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. Valid values are between 60 and 2147483647. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token. | [optional] **RefreshTokenRollingGracePeriodDuration** | Pointer to **int32** | The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens. This is useful in the case of network errors on the client. Valid values are between 0 and 86400 seconds. Null is treated the same as 0. | [optional] **ResponseTypes** | Pointer to [**[]EnumApplicationOIDCResponseType**](EnumApplicationOIDCResponseType.md) | A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. | [optional] +**RequireSignedRequestObject** | Pointer to **bool** | Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. | [optional] **SupportUnsignedRequestObject** | Pointer to **bool** | A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. | [optional] **Tags** | Pointer to [**[]EnumApplicationTags**](EnumApplicationTags.md) | An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. | [optional] **TargetLinkUri** | Pointer to **string** | The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. | [optional] **TokenEndpointAuthMethod** | [**EnumApplicationOIDCTokenAuthMethod**](EnumApplicationOIDCTokenAuthMethod.md) | | +**ParRequirement** | Pointer to [**EnumApplicationOIDCPARRequirement**](EnumApplicationOIDCPARRequirement.md) | | [optional] [default to ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL] +**ParTimeout** | Pointer to **int32** | PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. | [optional] [default to 60] **AudienceRestriction** | Pointer to **string** | The service provider ID. Defaults to `urn:federation:MicrosoftOnline`. | [optional] [default to "urn:federation:MicrosoftOnline"] **DomainName** | **string** | The federated domain name (for example, the Azure custom domain). | **ReplyUrl** | **string** | The URL that the replying party (such as, Office365) uses to accept submissions of RequestSecurityTokenResponse messages that are a result of SSO requests. | @@ -729,6 +733,31 @@ SetSpVerification sets SpVerification field to given value. HasSpVerification returns a boolean if a field has been set. +### GetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *CreateApplicationRequest) GetAdditionalRefreshTokenReplayProtectionEnabled() bool` + +GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field if non-nil, zero value otherwise. + +### GetAdditionalRefreshTokenReplayProtectionEnabledOk + +`func (o *CreateApplicationRequest) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool)` + +GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *CreateApplicationRequest) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool)` + +SetAdditionalRefreshTokenReplayProtectionEnabled sets AdditionalRefreshTokenReplayProtectionEnabled field to given value. + +### HasAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *CreateApplicationRequest) HasAdditionalRefreshTokenReplayProtectionEnabled() bool` + +HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. + ### GetAllowWildcardInRedirectUris `func (o *CreateApplicationRequest) GetAllowWildcardInRedirectUris() bool` @@ -1099,6 +1128,31 @@ SetResponseTypes sets ResponseTypes field to given value. HasResponseTypes returns a boolean if a field has been set. +### GetRequireSignedRequestObject + +`func (o *CreateApplicationRequest) GetRequireSignedRequestObject() bool` + +GetRequireSignedRequestObject returns the RequireSignedRequestObject field if non-nil, zero value otherwise. + +### GetRequireSignedRequestObjectOk + +`func (o *CreateApplicationRequest) GetRequireSignedRequestObjectOk() (*bool, bool)` + +GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetRequireSignedRequestObject + +`func (o *CreateApplicationRequest) SetRequireSignedRequestObject(v bool)` + +SetRequireSignedRequestObject sets RequireSignedRequestObject field to given value. + +### HasRequireSignedRequestObject + +`func (o *CreateApplicationRequest) HasRequireSignedRequestObject() bool` + +HasRequireSignedRequestObject returns a boolean if a field has been set. + ### GetSupportUnsignedRequestObject `func (o *CreateApplicationRequest) GetSupportUnsignedRequestObject() bool` @@ -1194,6 +1248,56 @@ and a boolean to check if the value has been set. SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value. +### GetParRequirement + +`func (o *CreateApplicationRequest) GetParRequirement() EnumApplicationOIDCPARRequirement` + +GetParRequirement returns the ParRequirement field if non-nil, zero value otherwise. + +### GetParRequirementOk + +`func (o *CreateApplicationRequest) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool)` + +GetParRequirementOk returns a tuple with the ParRequirement field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParRequirement + +`func (o *CreateApplicationRequest) SetParRequirement(v EnumApplicationOIDCPARRequirement)` + +SetParRequirement sets ParRequirement field to given value. + +### HasParRequirement + +`func (o *CreateApplicationRequest) HasParRequirement() bool` + +HasParRequirement returns a boolean if a field has been set. + +### GetParTimeout + +`func (o *CreateApplicationRequest) GetParTimeout() int32` + +GetParTimeout returns the ParTimeout field if non-nil, zero value otherwise. + +### GetParTimeoutOk + +`func (o *CreateApplicationRequest) GetParTimeoutOk() (*int32, bool)` + +GetParTimeoutOk returns a tuple with the ParTimeout field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParTimeout + +`func (o *CreateApplicationRequest) SetParTimeout(v int32)` + +SetParTimeout sets ParTimeout field to given value. + +### HasParTimeout + +`func (o *CreateApplicationRequest) HasParTimeout() bool` + +HasParTimeout returns a boolean if a field has been set. + ### GetAudienceRestriction `func (o *CreateApplicationRequest) GetAudienceRestriction() string` diff --git a/management/docs/EnumApplicationOIDCPARRequirement.md b/management/docs/EnumApplicationOIDCPARRequirement.md new file mode 100644 index 00000000..dcc7555f --- /dev/null +++ b/management/docs/EnumApplicationOIDCPARRequirement.md @@ -0,0 +1,13 @@ +# EnumApplicationOIDCPARRequirement + +## Enum + + +* `REQUIRED` (value: `"REQUIRED"`) + +* `OPTIONAL` (value: `"OPTIONAL"`) + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/management/docs/ReadOneApplication200Response.md b/management/docs/ReadOneApplication200Response.md index 963adac5..66be4773 100644 --- a/management/docs/ReadOneApplication200Response.md +++ b/management/docs/ReadOneApplication200Response.md @@ -32,6 +32,7 @@ Name | Type | Description | Notes **SloWindow** | Pointer to **int32** | Defines how long PingOne can exchange logout messages with the application, specifically a `LogoutRequest` from the application, since the initial request. PingOne can also send a `LogoutRequest` to the application when a single logout is initiated by the user from other session participants, such as an application or identity provider. This setting is per application. The SLO logout is separate from the user session logout that revokes all tokens. | [optional] **SpEntityId** | **string** | A string that specifies the service provider entity ID used to lookup the application. This is a required property and is unique within the environment. | **SpVerification** | Pointer to [**ApplicationSAMLAllOfSpVerification**](ApplicationSAMLAllOfSpVerification.md) | | [optional] +**AdditionalRefreshTokenReplayProtectionEnabled** | Pointer to **bool** | When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. | [optional] [default to true] **AllowWildcardInRedirectUris** | Pointer to **bool** | A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). | [optional] **AssignActorRoles** | Pointer to **bool** | A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. | [optional] **Mobile** | Pointer to [**ApplicationOIDCAllOfMobile**](ApplicationOIDCAllOfMobile.md) | | [optional] @@ -47,10 +48,13 @@ Name | Type | Description | Notes **RefreshTokenRollingDuration** | Pointer to **int32** | An integer that specifies the number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. Valid values are between 60 and 2147483647. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token. | [optional] **RefreshTokenRollingGracePeriodDuration** | Pointer to **int32** | The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens. This is useful in the case of network errors on the client. Valid values are between 0 and 86400 seconds. Null is treated the same as 0. | [optional] **ResponseTypes** | Pointer to [**[]EnumApplicationOIDCResponseType**](EnumApplicationOIDCResponseType.md) | A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. | [optional] +**RequireSignedRequestObject** | Pointer to **bool** | Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. | [optional] **SupportUnsignedRequestObject** | Pointer to **bool** | A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. | [optional] **Tags** | Pointer to [**[]EnumApplicationTags**](EnumApplicationTags.md) | An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. | [optional] **TargetLinkUri** | Pointer to **string** | The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. | [optional] **TokenEndpointAuthMethod** | [**EnumApplicationOIDCTokenAuthMethod**](EnumApplicationOIDCTokenAuthMethod.md) | | +**ParRequirement** | Pointer to [**EnumApplicationOIDCPARRequirement**](EnumApplicationOIDCPARRequirement.md) | | [optional] [default to ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL] +**ParTimeout** | Pointer to **int32** | PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. | [optional] [default to 60] **AudienceRestriction** | Pointer to **string** | The service provider ID. Defaults to `urn:federation:MicrosoftOnline`. | [optional] [default to "urn:federation:MicrosoftOnline"] **DomainName** | **string** | The federated domain name (for example, the Azure custom domain). | **ReplyUrl** | **string** | The URL that the replying party (such as, Office365) uses to accept submissions of RequestSecurityTokenResponse messages that are a result of SSO requests. | @@ -731,6 +735,31 @@ SetSpVerification sets SpVerification field to given value. HasSpVerification returns a boolean if a field has been set. +### GetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ReadOneApplication200Response) GetAdditionalRefreshTokenReplayProtectionEnabled() bool` + +GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field if non-nil, zero value otherwise. + +### GetAdditionalRefreshTokenReplayProtectionEnabledOk + +`func (o *ReadOneApplication200Response) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool)` + +GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ReadOneApplication200Response) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool)` + +SetAdditionalRefreshTokenReplayProtectionEnabled sets AdditionalRefreshTokenReplayProtectionEnabled field to given value. + +### HasAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *ReadOneApplication200Response) HasAdditionalRefreshTokenReplayProtectionEnabled() bool` + +HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. + ### GetAllowWildcardInRedirectUris `func (o *ReadOneApplication200Response) GetAllowWildcardInRedirectUris() bool` @@ -1101,6 +1130,31 @@ SetResponseTypes sets ResponseTypes field to given value. HasResponseTypes returns a boolean if a field has been set. +### GetRequireSignedRequestObject + +`func (o *ReadOneApplication200Response) GetRequireSignedRequestObject() bool` + +GetRequireSignedRequestObject returns the RequireSignedRequestObject field if non-nil, zero value otherwise. + +### GetRequireSignedRequestObjectOk + +`func (o *ReadOneApplication200Response) GetRequireSignedRequestObjectOk() (*bool, bool)` + +GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetRequireSignedRequestObject + +`func (o *ReadOneApplication200Response) SetRequireSignedRequestObject(v bool)` + +SetRequireSignedRequestObject sets RequireSignedRequestObject field to given value. + +### HasRequireSignedRequestObject + +`func (o *ReadOneApplication200Response) HasRequireSignedRequestObject() bool` + +HasRequireSignedRequestObject returns a boolean if a field has been set. + ### GetSupportUnsignedRequestObject `func (o *ReadOneApplication200Response) GetSupportUnsignedRequestObject() bool` @@ -1196,6 +1250,56 @@ and a boolean to check if the value has been set. SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value. +### GetParRequirement + +`func (o *ReadOneApplication200Response) GetParRequirement() EnumApplicationOIDCPARRequirement` + +GetParRequirement returns the ParRequirement field if non-nil, zero value otherwise. + +### GetParRequirementOk + +`func (o *ReadOneApplication200Response) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool)` + +GetParRequirementOk returns a tuple with the ParRequirement field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParRequirement + +`func (o *ReadOneApplication200Response) SetParRequirement(v EnumApplicationOIDCPARRequirement)` + +SetParRequirement sets ParRequirement field to given value. + +### HasParRequirement + +`func (o *ReadOneApplication200Response) HasParRequirement() bool` + +HasParRequirement returns a boolean if a field has been set. + +### GetParTimeout + +`func (o *ReadOneApplication200Response) GetParTimeout() int32` + +GetParTimeout returns the ParTimeout field if non-nil, zero value otherwise. + +### GetParTimeoutOk + +`func (o *ReadOneApplication200Response) GetParTimeoutOk() (*int32, bool)` + +GetParTimeoutOk returns a tuple with the ParTimeout field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParTimeout + +`func (o *ReadOneApplication200Response) SetParTimeout(v int32)` + +SetParTimeout sets ParTimeout field to given value. + +### HasParTimeout + +`func (o *ReadOneApplication200Response) HasParTimeout() bool` + +HasParTimeout returns a boolean if a field has been set. + ### GetAudienceRestriction `func (o *ReadOneApplication200Response) GetAudienceRestriction() string` diff --git a/management/docs/UpdateApplicationRequest.md b/management/docs/UpdateApplicationRequest.md index cda2ca99..da7d4999 100644 --- a/management/docs/UpdateApplicationRequest.md +++ b/management/docs/UpdateApplicationRequest.md @@ -32,6 +32,7 @@ Name | Type | Description | Notes **SloWindow** | Pointer to **int32** | Defines how long PingOne can exchange logout messages with the application, specifically a `LogoutRequest` from the application, since the initial request. PingOne can also send a `LogoutRequest` to the application when a single logout is initiated by the user from other session participants, such as an application or identity provider. This setting is per application. The SLO logout is separate from the user session logout that revokes all tokens. | [optional] **SpEntityId** | **string** | A string that specifies the service provider entity ID used to lookup the application. This is a required property and is unique within the environment. | **SpVerification** | Pointer to [**ApplicationSAMLAllOfSpVerification**](ApplicationSAMLAllOfSpVerification.md) | | [optional] +**AdditionalRefreshTokenReplayProtectionEnabled** | Pointer to **bool** | When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. | [optional] [default to true] **AllowWildcardInRedirectUris** | Pointer to **bool** | A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). | [optional] **AssignActorRoles** | Pointer to **bool** | A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. | [optional] **Mobile** | Pointer to [**ApplicationOIDCAllOfMobile**](ApplicationOIDCAllOfMobile.md) | | [optional] @@ -47,10 +48,13 @@ Name | Type | Description | Notes **RefreshTokenRollingDuration** | Pointer to **int32** | An integer that specifies the number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. Valid values are between 60 and 2147483647. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token. | [optional] **RefreshTokenRollingGracePeriodDuration** | Pointer to **int32** | The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens. This is useful in the case of network errors on the client. Valid values are between 0 and 86400 seconds. Null is treated the same as 0. | [optional] **ResponseTypes** | Pointer to [**[]EnumApplicationOIDCResponseType**](EnumApplicationOIDCResponseType.md) | A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. | [optional] +**RequireSignedRequestObject** | Pointer to **bool** | Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. | [optional] **SupportUnsignedRequestObject** | Pointer to **bool** | A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. | [optional] **Tags** | Pointer to [**[]EnumApplicationTags**](EnumApplicationTags.md) | An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. | [optional] **TargetLinkUri** | Pointer to **string** | The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. | [optional] **TokenEndpointAuthMethod** | [**EnumApplicationOIDCTokenAuthMethod**](EnumApplicationOIDCTokenAuthMethod.md) | | +**ParRequirement** | Pointer to [**EnumApplicationOIDCPARRequirement**](EnumApplicationOIDCPARRequirement.md) | | [optional] [default to ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL] +**ParTimeout** | Pointer to **int32** | PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. | [optional] [default to 60] **AudienceRestriction** | Pointer to **string** | The service provider ID. Defaults to `urn:federation:MicrosoftOnline`. | [optional] [default to "urn:federation:MicrosoftOnline"] **DomainName** | **string** | The federated domain name (for example, the Azure custom domain). | **ReplyUrl** | **string** | The URL that the replying party (such as, Office365) uses to accept submissions of RequestSecurityTokenResponse messages that are a result of SSO requests. | @@ -731,6 +735,31 @@ SetSpVerification sets SpVerification field to given value. HasSpVerification returns a boolean if a field has been set. +### GetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *UpdateApplicationRequest) GetAdditionalRefreshTokenReplayProtectionEnabled() bool` + +GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field if non-nil, zero value otherwise. + +### GetAdditionalRefreshTokenReplayProtectionEnabledOk + +`func (o *UpdateApplicationRequest) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool)` + +GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *UpdateApplicationRequest) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool)` + +SetAdditionalRefreshTokenReplayProtectionEnabled sets AdditionalRefreshTokenReplayProtectionEnabled field to given value. + +### HasAdditionalRefreshTokenReplayProtectionEnabled + +`func (o *UpdateApplicationRequest) HasAdditionalRefreshTokenReplayProtectionEnabled() bool` + +HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. + ### GetAllowWildcardInRedirectUris `func (o *UpdateApplicationRequest) GetAllowWildcardInRedirectUris() bool` @@ -1101,6 +1130,31 @@ SetResponseTypes sets ResponseTypes field to given value. HasResponseTypes returns a boolean if a field has been set. +### GetRequireSignedRequestObject + +`func (o *UpdateApplicationRequest) GetRequireSignedRequestObject() bool` + +GetRequireSignedRequestObject returns the RequireSignedRequestObject field if non-nil, zero value otherwise. + +### GetRequireSignedRequestObjectOk + +`func (o *UpdateApplicationRequest) GetRequireSignedRequestObjectOk() (*bool, bool)` + +GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetRequireSignedRequestObject + +`func (o *UpdateApplicationRequest) SetRequireSignedRequestObject(v bool)` + +SetRequireSignedRequestObject sets RequireSignedRequestObject field to given value. + +### HasRequireSignedRequestObject + +`func (o *UpdateApplicationRequest) HasRequireSignedRequestObject() bool` + +HasRequireSignedRequestObject returns a boolean if a field has been set. + ### GetSupportUnsignedRequestObject `func (o *UpdateApplicationRequest) GetSupportUnsignedRequestObject() bool` @@ -1196,6 +1250,56 @@ and a boolean to check if the value has been set. SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value. +### GetParRequirement + +`func (o *UpdateApplicationRequest) GetParRequirement() EnumApplicationOIDCPARRequirement` + +GetParRequirement returns the ParRequirement field if non-nil, zero value otherwise. + +### GetParRequirementOk + +`func (o *UpdateApplicationRequest) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool)` + +GetParRequirementOk returns a tuple with the ParRequirement field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParRequirement + +`func (o *UpdateApplicationRequest) SetParRequirement(v EnumApplicationOIDCPARRequirement)` + +SetParRequirement sets ParRequirement field to given value. + +### HasParRequirement + +`func (o *UpdateApplicationRequest) HasParRequirement() bool` + +HasParRequirement returns a boolean if a field has been set. + +### GetParTimeout + +`func (o *UpdateApplicationRequest) GetParTimeout() int32` + +GetParTimeout returns the ParTimeout field if non-nil, zero value otherwise. + +### GetParTimeoutOk + +`func (o *UpdateApplicationRequest) GetParTimeoutOk() (*int32, bool)` + +GetParTimeoutOk returns a tuple with the ParTimeout field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetParTimeout + +`func (o *UpdateApplicationRequest) SetParTimeout(v int32)` + +SetParTimeout sets ParTimeout field to given value. + +### HasParTimeout + +`func (o *UpdateApplicationRequest) HasParTimeout() bool` + +HasParTimeout returns a boolean if a field has been set. + ### GetAudienceRestriction `func (o *UpdateApplicationRequest) GetAudienceRestriction() string` diff --git a/management/generate/pingone-management.yml b/management/generate/pingone-management.yml index 8d436fb1..125fc14e 100644 --- a/management/generate/pingone-management.yml +++ b/management/generate/pingone-management.yml @@ -84,6 +84,11 @@ components: EnumApplicationOIDCGrantType: type: string enum: [AUTHORIZATION_CODE, IMPLICIT, REFRESH_TOKEN, CLIENT_CREDENTIALS] + EnumApplicationOIDCPARRequirement: + type: string + description: Whether pushed authorization requests (PAR) are required. Options are `REQUIRED` and `OPTIONAL`. The default value is `OPTIONAL`. + default: OPTIONAL + enum: [REQUIRED, OPTIONAL] EnumApplicationOIDCPKCEOption: type: string enum: [OPTIONAL, REQUIRED, S256_REQUIRED] @@ -890,6 +895,10 @@ components: - $ref: '#/components/schemas/Application' - type: object properties: + additionalRefreshTokenReplayProtectionEnabled: + type: boolean + description: When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. + default: true allowWildcardInRedirectUris: type: boolean description: A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). @@ -1031,6 +1040,9 @@ components: description: A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. items: $ref: '#/components/schemas/EnumApplicationOIDCResponseType' + requireSignedRequestObject: + type: boolean + description: Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. supportUnsignedRequestObject: type: boolean description: A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. @@ -1044,6 +1056,14 @@ components: description: The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. tokenEndpointAuthMethod: $ref: '#/components/schemas/EnumApplicationOIDCTokenAuthMethod' + parRequirement: + $ref: '#/components/schemas/EnumApplicationOIDCPARRequirement' + parTimeout: + type: integer + description: PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. + minimum: 1 + maximum: 600 + default: 60 required: - grantTypes - tokenEndpointAuthMethod diff --git a/management/model_application_oidc.go b/management/model_application_oidc.go index 5617054b..fe2b4086 100644 --- a/management/model_application_oidc.go +++ b/management/model_application_oidc.go @@ -42,6 +42,8 @@ type ApplicationOIDC struct { Type EnumApplicationType `json:"type"` // The time the resource was last updated. UpdatedAt *time.Time `json:"updatedAt,omitempty"` + // When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. + AdditionalRefreshTokenReplayProtectionEnabled *bool `json:"additionalRefreshTokenReplayProtectionEnabled,omitempty"` // A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). AllowWildcardInRedirectUris *bool `json:"allowWildcardInRedirectUris,omitempty"` // A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. @@ -73,6 +75,8 @@ type ApplicationOIDC struct { RefreshTokenRollingGracePeriodDuration *int32 `json:"refreshTokenRollingGracePeriodDuration,omitempty"` // A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. ResponseTypes []EnumApplicationOIDCResponseType `json:"responseTypes,omitempty"` + // Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. + RequireSignedRequestObject *bool `json:"requireSignedRequestObject,omitempty"` // A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. SupportUnsignedRequestObject *bool `json:"supportUnsignedRequestObject,omitempty"` // An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. @@ -80,6 +84,9 @@ type ApplicationOIDC struct { // The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. TargetLinkUri *string `json:"targetLinkUri,omitempty"` TokenEndpointAuthMethod EnumApplicationOIDCTokenAuthMethod `json:"tokenEndpointAuthMethod"` + ParRequirement *EnumApplicationOIDCPARRequirement `json:"parRequirement,omitempty"` + // PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. + ParTimeout *int32 `json:"parTimeout,omitempty"` } // NewApplicationOIDC instantiates a new ApplicationOIDC object @@ -92,10 +99,16 @@ func NewApplicationOIDC(enabled bool, name string, protocol EnumApplicationProto this.Name = name this.Protocol = protocol this.Type = type_ + var additionalRefreshTokenReplayProtectionEnabled bool = true + this.AdditionalRefreshTokenReplayProtectionEnabled = &additionalRefreshTokenReplayProtectionEnabled this.GrantTypes = grantTypes var refreshTokenDuration int32 = 2592000 this.RefreshTokenDuration = &refreshTokenDuration this.TokenEndpointAuthMethod = tokenEndpointAuthMethod + var parRequirement EnumApplicationOIDCPARRequirement = ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL + this.ParRequirement = &parRequirement + var parTimeout int32 = 60 + this.ParTimeout = &parTimeout return &this } @@ -104,8 +117,14 @@ func NewApplicationOIDC(enabled bool, name string, protocol EnumApplicationProto // but it doesn't guarantee that properties required by API are set func NewApplicationOIDCWithDefaults() *ApplicationOIDC { this := ApplicationOIDC{} + var additionalRefreshTokenReplayProtectionEnabled bool = true + this.AdditionalRefreshTokenReplayProtectionEnabled = &additionalRefreshTokenReplayProtectionEnabled var refreshTokenDuration int32 = 2592000 this.RefreshTokenDuration = &refreshTokenDuration + var parRequirement EnumApplicationOIDCPARRequirement = ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL + this.ParRequirement = &parRequirement + var parTimeout int32 = 60 + this.ParTimeout = &parTimeout return &this } @@ -525,6 +544,38 @@ func (o *ApplicationOIDC) SetUpdatedAt(v time.Time) { o.UpdatedAt = &v } +// GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field value if set, zero value otherwise. +func (o *ApplicationOIDC) GetAdditionalRefreshTokenReplayProtectionEnabled() bool { + if o == nil || IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + var ret bool + return ret + } + return *o.AdditionalRefreshTokenReplayProtectionEnabled +} + +// GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDC) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool) { + if o == nil || IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + return nil, false + } + return o.AdditionalRefreshTokenReplayProtectionEnabled, true +} + +// HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. +func (o *ApplicationOIDC) HasAdditionalRefreshTokenReplayProtectionEnabled() bool { + if o != nil && !IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + return true + } + + return false +} + +// SetAdditionalRefreshTokenReplayProtectionEnabled gets a reference to the given bool and assigns it to the AdditionalRefreshTokenReplayProtectionEnabled field. +func (o *ApplicationOIDC) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool) { + o.AdditionalRefreshTokenReplayProtectionEnabled = &v +} + // GetAllowWildcardInRedirectUris returns the AllowWildcardInRedirectUris field value if set, zero value otherwise. func (o *ApplicationOIDC) GetAllowWildcardInRedirectUris() bool { if o == nil || IsNil(o.AllowWildcardInRedirectUris) { @@ -1035,6 +1086,38 @@ func (o *ApplicationOIDC) SetResponseTypes(v []EnumApplicationOIDCResponseType) o.ResponseTypes = v } +// GetRequireSignedRequestObject returns the RequireSignedRequestObject field value if set, zero value otherwise. +func (o *ApplicationOIDC) GetRequireSignedRequestObject() bool { + if o == nil || IsNil(o.RequireSignedRequestObject) { + var ret bool + return ret + } + return *o.RequireSignedRequestObject +} + +// GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDC) GetRequireSignedRequestObjectOk() (*bool, bool) { + if o == nil || IsNil(o.RequireSignedRequestObject) { + return nil, false + } + return o.RequireSignedRequestObject, true +} + +// HasRequireSignedRequestObject returns a boolean if a field has been set. +func (o *ApplicationOIDC) HasRequireSignedRequestObject() bool { + if o != nil && !IsNil(o.RequireSignedRequestObject) { + return true + } + + return false +} + +// SetRequireSignedRequestObject gets a reference to the given bool and assigns it to the RequireSignedRequestObject field. +func (o *ApplicationOIDC) SetRequireSignedRequestObject(v bool) { + o.RequireSignedRequestObject = &v +} + // GetSupportUnsignedRequestObject returns the SupportUnsignedRequestObject field value if set, zero value otherwise. func (o *ApplicationOIDC) GetSupportUnsignedRequestObject() bool { if o == nil || IsNil(o.SupportUnsignedRequestObject) { @@ -1155,6 +1238,70 @@ func (o *ApplicationOIDC) SetTokenEndpointAuthMethod(v EnumApplicationOIDCTokenA o.TokenEndpointAuthMethod = v } +// GetParRequirement returns the ParRequirement field value if set, zero value otherwise. +func (o *ApplicationOIDC) GetParRequirement() EnumApplicationOIDCPARRequirement { + if o == nil || IsNil(o.ParRequirement) { + var ret EnumApplicationOIDCPARRequirement + return ret + } + return *o.ParRequirement +} + +// GetParRequirementOk returns a tuple with the ParRequirement field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDC) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool) { + if o == nil || IsNil(o.ParRequirement) { + return nil, false + } + return o.ParRequirement, true +} + +// HasParRequirement returns a boolean if a field has been set. +func (o *ApplicationOIDC) HasParRequirement() bool { + if o != nil && !IsNil(o.ParRequirement) { + return true + } + + return false +} + +// SetParRequirement gets a reference to the given EnumApplicationOIDCPARRequirement and assigns it to the ParRequirement field. +func (o *ApplicationOIDC) SetParRequirement(v EnumApplicationOIDCPARRequirement) { + o.ParRequirement = &v +} + +// GetParTimeout returns the ParTimeout field value if set, zero value otherwise. +func (o *ApplicationOIDC) GetParTimeout() int32 { + if o == nil || IsNil(o.ParTimeout) { + var ret int32 + return ret + } + return *o.ParTimeout +} + +// GetParTimeoutOk returns a tuple with the ParTimeout field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDC) GetParTimeoutOk() (*int32, bool) { + if o == nil || IsNil(o.ParTimeout) { + return nil, false + } + return o.ParTimeout, true +} + +// HasParTimeout returns a boolean if a field has been set. +func (o *ApplicationOIDC) HasParTimeout() bool { + if o != nil && !IsNil(o.ParTimeout) { + return true + } + + return false +} + +// SetParTimeout gets a reference to the given int32 and assigns it to the ParTimeout field. +func (o *ApplicationOIDC) SetParTimeout(v int32) { + o.ParTimeout = &v +} + func (o ApplicationOIDC) MarshalJSON() ([]byte, error) { toSerialize,err := o.ToMap() if err != nil { @@ -1193,6 +1340,9 @@ func (o ApplicationOIDC) ToMap() (map[string]interface{}, error) { toSerialize["protocol"] = o.Protocol toSerialize["type"] = o.Type // skip: updatedAt is readOnly + if !IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + toSerialize["additionalRefreshTokenReplayProtectionEnabled"] = o.AdditionalRefreshTokenReplayProtectionEnabled + } if !IsNil(o.AllowWildcardInRedirectUris) { toSerialize["allowWildcardInRedirectUris"] = o.AllowWildcardInRedirectUris } @@ -1239,6 +1389,9 @@ func (o ApplicationOIDC) ToMap() (map[string]interface{}, error) { if !IsNil(o.ResponseTypes) { toSerialize["responseTypes"] = o.ResponseTypes } + if !IsNil(o.RequireSignedRequestObject) { + toSerialize["requireSignedRequestObject"] = o.RequireSignedRequestObject + } if !IsNil(o.SupportUnsignedRequestObject) { toSerialize["supportUnsignedRequestObject"] = o.SupportUnsignedRequestObject } @@ -1249,6 +1402,12 @@ func (o ApplicationOIDC) ToMap() (map[string]interface{}, error) { toSerialize["targetLinkUri"] = o.TargetLinkUri } toSerialize["tokenEndpointAuthMethod"] = o.TokenEndpointAuthMethod + if !IsNil(o.ParRequirement) { + toSerialize["parRequirement"] = o.ParRequirement + } + if !IsNil(o.ParTimeout) { + toSerialize["parTimeout"] = o.ParTimeout + } return toSerialize, nil } diff --git a/management/model_application_oidc_all_of.go b/management/model_application_oidc_all_of.go index 8e728d67..efae50ab 100644 --- a/management/model_application_oidc_all_of.go +++ b/management/model_application_oidc_all_of.go @@ -19,6 +19,8 @@ var _ MappedNullable = &ApplicationOIDCAllOf{} // ApplicationOIDCAllOf struct for ApplicationOIDCAllOf type ApplicationOIDCAllOf struct { + // When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting. + AdditionalRefreshTokenReplayProtectionEnabled *bool `json:"additionalRefreshTokenReplayProtectionEnabled,omitempty"` // A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri). AllowWildcardInRedirectUris *bool `json:"allowWildcardInRedirectUris,omitempty"` // A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request. @@ -50,6 +52,8 @@ type ApplicationOIDCAllOf struct { RefreshTokenRollingGracePeriodDuration *int32 `json:"refreshTokenRollingGracePeriodDuration,omitempty"` // A string that specifies the code or token type returned by an authorization request. Options are TOKEN, ID_TOKEN, and CODE. Note that CODE cannot be used in an authorization request with TOKEN or ID_TOKEN because PingOne does not currently support OIDC hybrid flows. ResponseTypes []EnumApplicationOIDCResponseType `json:"responseTypes,omitempty"` + // Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`. + RequireSignedRequestObject *bool `json:"requireSignedRequestObject,omitempty"` // A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed. SupportUnsignedRequestObject *bool `json:"supportUnsignedRequestObject,omitempty"` // An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`. Only applicable for creating worker applications. @@ -57,6 +61,9 @@ type ApplicationOIDCAllOf struct { // The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field. TargetLinkUri *string `json:"targetLinkUri,omitempty"` TokenEndpointAuthMethod EnumApplicationOIDCTokenAuthMethod `json:"tokenEndpointAuthMethod"` + ParRequirement *EnumApplicationOIDCPARRequirement `json:"parRequirement,omitempty"` + // PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`. + ParTimeout *int32 `json:"parTimeout,omitempty"` } // NewApplicationOIDCAllOf instantiates a new ApplicationOIDCAllOf object @@ -65,10 +72,16 @@ type ApplicationOIDCAllOf struct { // will change when the set of required properties is changed func NewApplicationOIDCAllOf(grantTypes []EnumApplicationOIDCGrantType, tokenEndpointAuthMethod EnumApplicationOIDCTokenAuthMethod) *ApplicationOIDCAllOf { this := ApplicationOIDCAllOf{} + var additionalRefreshTokenReplayProtectionEnabled bool = true + this.AdditionalRefreshTokenReplayProtectionEnabled = &additionalRefreshTokenReplayProtectionEnabled this.GrantTypes = grantTypes var refreshTokenDuration int32 = 2592000 this.RefreshTokenDuration = &refreshTokenDuration this.TokenEndpointAuthMethod = tokenEndpointAuthMethod + var parRequirement EnumApplicationOIDCPARRequirement = ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL + this.ParRequirement = &parRequirement + var parTimeout int32 = 60 + this.ParTimeout = &parTimeout return &this } @@ -77,11 +90,49 @@ func NewApplicationOIDCAllOf(grantTypes []EnumApplicationOIDCGrantType, tokenEnd // but it doesn't guarantee that properties required by API are set func NewApplicationOIDCAllOfWithDefaults() *ApplicationOIDCAllOf { this := ApplicationOIDCAllOf{} + var additionalRefreshTokenReplayProtectionEnabled bool = true + this.AdditionalRefreshTokenReplayProtectionEnabled = &additionalRefreshTokenReplayProtectionEnabled var refreshTokenDuration int32 = 2592000 this.RefreshTokenDuration = &refreshTokenDuration + var parRequirement EnumApplicationOIDCPARRequirement = ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL + this.ParRequirement = &parRequirement + var parTimeout int32 = 60 + this.ParTimeout = &parTimeout return &this } +// GetAdditionalRefreshTokenReplayProtectionEnabled returns the AdditionalRefreshTokenReplayProtectionEnabled field value if set, zero value otherwise. +func (o *ApplicationOIDCAllOf) GetAdditionalRefreshTokenReplayProtectionEnabled() bool { + if o == nil || IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + var ret bool + return ret + } + return *o.AdditionalRefreshTokenReplayProtectionEnabled +} + +// GetAdditionalRefreshTokenReplayProtectionEnabledOk returns a tuple with the AdditionalRefreshTokenReplayProtectionEnabled field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDCAllOf) GetAdditionalRefreshTokenReplayProtectionEnabledOk() (*bool, bool) { + if o == nil || IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + return nil, false + } + return o.AdditionalRefreshTokenReplayProtectionEnabled, true +} + +// HasAdditionalRefreshTokenReplayProtectionEnabled returns a boolean if a field has been set. +func (o *ApplicationOIDCAllOf) HasAdditionalRefreshTokenReplayProtectionEnabled() bool { + if o != nil && !IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + return true + } + + return false +} + +// SetAdditionalRefreshTokenReplayProtectionEnabled gets a reference to the given bool and assigns it to the AdditionalRefreshTokenReplayProtectionEnabled field. +func (o *ApplicationOIDCAllOf) SetAdditionalRefreshTokenReplayProtectionEnabled(v bool) { + o.AdditionalRefreshTokenReplayProtectionEnabled = &v +} + // GetAllowWildcardInRedirectUris returns the AllowWildcardInRedirectUris field value if set, zero value otherwise. func (o *ApplicationOIDCAllOf) GetAllowWildcardInRedirectUris() bool { if o == nil || IsNil(o.AllowWildcardInRedirectUris) { @@ -592,6 +643,38 @@ func (o *ApplicationOIDCAllOf) SetResponseTypes(v []EnumApplicationOIDCResponseT o.ResponseTypes = v } +// GetRequireSignedRequestObject returns the RequireSignedRequestObject field value if set, zero value otherwise. +func (o *ApplicationOIDCAllOf) GetRequireSignedRequestObject() bool { + if o == nil || IsNil(o.RequireSignedRequestObject) { + var ret bool + return ret + } + return *o.RequireSignedRequestObject +} + +// GetRequireSignedRequestObjectOk returns a tuple with the RequireSignedRequestObject field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDCAllOf) GetRequireSignedRequestObjectOk() (*bool, bool) { + if o == nil || IsNil(o.RequireSignedRequestObject) { + return nil, false + } + return o.RequireSignedRequestObject, true +} + +// HasRequireSignedRequestObject returns a boolean if a field has been set. +func (o *ApplicationOIDCAllOf) HasRequireSignedRequestObject() bool { + if o != nil && !IsNil(o.RequireSignedRequestObject) { + return true + } + + return false +} + +// SetRequireSignedRequestObject gets a reference to the given bool and assigns it to the RequireSignedRequestObject field. +func (o *ApplicationOIDCAllOf) SetRequireSignedRequestObject(v bool) { + o.RequireSignedRequestObject = &v +} + // GetSupportUnsignedRequestObject returns the SupportUnsignedRequestObject field value if set, zero value otherwise. func (o *ApplicationOIDCAllOf) GetSupportUnsignedRequestObject() bool { if o == nil || IsNil(o.SupportUnsignedRequestObject) { @@ -712,6 +795,70 @@ func (o *ApplicationOIDCAllOf) SetTokenEndpointAuthMethod(v EnumApplicationOIDCT o.TokenEndpointAuthMethod = v } +// GetParRequirement returns the ParRequirement field value if set, zero value otherwise. +func (o *ApplicationOIDCAllOf) GetParRequirement() EnumApplicationOIDCPARRequirement { + if o == nil || IsNil(o.ParRequirement) { + var ret EnumApplicationOIDCPARRequirement + return ret + } + return *o.ParRequirement +} + +// GetParRequirementOk returns a tuple with the ParRequirement field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDCAllOf) GetParRequirementOk() (*EnumApplicationOIDCPARRequirement, bool) { + if o == nil || IsNil(o.ParRequirement) { + return nil, false + } + return o.ParRequirement, true +} + +// HasParRequirement returns a boolean if a field has been set. +func (o *ApplicationOIDCAllOf) HasParRequirement() bool { + if o != nil && !IsNil(o.ParRequirement) { + return true + } + + return false +} + +// SetParRequirement gets a reference to the given EnumApplicationOIDCPARRequirement and assigns it to the ParRequirement field. +func (o *ApplicationOIDCAllOf) SetParRequirement(v EnumApplicationOIDCPARRequirement) { + o.ParRequirement = &v +} + +// GetParTimeout returns the ParTimeout field value if set, zero value otherwise. +func (o *ApplicationOIDCAllOf) GetParTimeout() int32 { + if o == nil || IsNil(o.ParTimeout) { + var ret int32 + return ret + } + return *o.ParTimeout +} + +// GetParTimeoutOk returns a tuple with the ParTimeout field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ApplicationOIDCAllOf) GetParTimeoutOk() (*int32, bool) { + if o == nil || IsNil(o.ParTimeout) { + return nil, false + } + return o.ParTimeout, true +} + +// HasParTimeout returns a boolean if a field has been set. +func (o *ApplicationOIDCAllOf) HasParTimeout() bool { + if o != nil && !IsNil(o.ParTimeout) { + return true + } + + return false +} + +// SetParTimeout gets a reference to the given int32 and assigns it to the ParTimeout field. +func (o *ApplicationOIDCAllOf) SetParTimeout(v int32) { + o.ParTimeout = &v +} + func (o ApplicationOIDCAllOf) MarshalJSON() ([]byte, error) { toSerialize,err := o.ToMap() if err != nil { @@ -722,6 +869,9 @@ func (o ApplicationOIDCAllOf) MarshalJSON() ([]byte, error) { func (o ApplicationOIDCAllOf) ToMap() (map[string]interface{}, error) { toSerialize := map[string]interface{}{} + if !IsNil(o.AdditionalRefreshTokenReplayProtectionEnabled) { + toSerialize["additionalRefreshTokenReplayProtectionEnabled"] = o.AdditionalRefreshTokenReplayProtectionEnabled + } if !IsNil(o.AllowWildcardInRedirectUris) { toSerialize["allowWildcardInRedirectUris"] = o.AllowWildcardInRedirectUris } @@ -768,6 +918,9 @@ func (o ApplicationOIDCAllOf) ToMap() (map[string]interface{}, error) { if !IsNil(o.ResponseTypes) { toSerialize["responseTypes"] = o.ResponseTypes } + if !IsNil(o.RequireSignedRequestObject) { + toSerialize["requireSignedRequestObject"] = o.RequireSignedRequestObject + } if !IsNil(o.SupportUnsignedRequestObject) { toSerialize["supportUnsignedRequestObject"] = o.SupportUnsignedRequestObject } @@ -778,6 +931,12 @@ func (o ApplicationOIDCAllOf) ToMap() (map[string]interface{}, error) { toSerialize["targetLinkUri"] = o.TargetLinkUri } toSerialize["tokenEndpointAuthMethod"] = o.TokenEndpointAuthMethod + if !IsNil(o.ParRequirement) { + toSerialize["parRequirement"] = o.ParRequirement + } + if !IsNil(o.ParTimeout) { + toSerialize["parTimeout"] = o.ParTimeout + } return toSerialize, nil } diff --git a/management/model_enum_application_oidcpar_requirement.go b/management/model_enum_application_oidcpar_requirement.go new file mode 100644 index 00000000..5ba94c4b --- /dev/null +++ b/management/model_enum_application_oidcpar_requirement.go @@ -0,0 +1,112 @@ +/* +PingOne Platform API - SSO and Base + +The PingOne Platform API covering the base and SSO services (otherwise known as the Management APIs) + +API version: 2023-06-29 +*/ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package management + +import ( + "encoding/json" + "fmt" +) + +// EnumApplicationOIDCPARRequirement Whether pushed authorization requests (PAR) are required. Options are `REQUIRED` and `OPTIONAL`. The default value is `OPTIONAL`. +type EnumApplicationOIDCPARRequirement string + +// List of EnumApplicationOIDCPARRequirement +const ( + ENUMAPPLICATIONOIDCPARREQUIREMENT_REQUIRED EnumApplicationOIDCPARRequirement = "REQUIRED" + ENUMAPPLICATIONOIDCPARREQUIREMENT_OPTIONAL EnumApplicationOIDCPARRequirement = "OPTIONAL" +) + +// All allowed values of EnumApplicationOIDCPARRequirement enum +var AllowedEnumApplicationOIDCPARRequirementEnumValues = []EnumApplicationOIDCPARRequirement{ + "REQUIRED", + "OPTIONAL", +} + +func (v *EnumApplicationOIDCPARRequirement) UnmarshalJSON(src []byte) error { + var value string + err := json.Unmarshal(src, &value) + if err != nil { + return err + } + enumTypeValue := EnumApplicationOIDCPARRequirement(value) + for _, existing := range AllowedEnumApplicationOIDCPARRequirementEnumValues { + if existing == enumTypeValue { + *v = enumTypeValue + return nil + } + } + + *v = EnumApplicationOIDCPARRequirement(fmt.Sprintf("%s", "UNKNOWN")) + return nil +} + +// NewEnumApplicationOIDCPARRequirementFromValue returns a pointer to a valid EnumApplicationOIDCPARRequirement +// for the value passed as argument, or an error if the value passed is not allowed by the enum +func NewEnumApplicationOIDCPARRequirementFromValue(v string) (*EnumApplicationOIDCPARRequirement, error) { + ev := EnumApplicationOIDCPARRequirement(v) + if ev.IsValid() { + return &ev, nil + } else { + return nil, fmt.Errorf("invalid value '%v' for EnumApplicationOIDCPARRequirement: valid values are %v", v, AllowedEnumApplicationOIDCPARRequirementEnumValues) + } +} + +// IsValid return true if the value is valid for the enum, false otherwise +func (v EnumApplicationOIDCPARRequirement) IsValid() bool { + for _, existing := range AllowedEnumApplicationOIDCPARRequirementEnumValues { + if existing == v { + return true + } + } + return false +} + +// Ptr returns reference to EnumApplicationOIDCPARRequirement value +func (v EnumApplicationOIDCPARRequirement) Ptr() *EnumApplicationOIDCPARRequirement { + return &v +} + +type NullableEnumApplicationOIDCPARRequirement struct { + value *EnumApplicationOIDCPARRequirement + isSet bool +} + +func (v NullableEnumApplicationOIDCPARRequirement) Get() *EnumApplicationOIDCPARRequirement { + return v.value +} + +func (v *NullableEnumApplicationOIDCPARRequirement) Set(val *EnumApplicationOIDCPARRequirement) { + v.value = val + v.isSet = true +} + +func (v NullableEnumApplicationOIDCPARRequirement) IsSet() bool { + return v.isSet +} + +func (v *NullableEnumApplicationOIDCPARRequirement) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableEnumApplicationOIDCPARRequirement(val *EnumApplicationOIDCPARRequirement) *NullableEnumApplicationOIDCPARRequirement { + return &NullableEnumApplicationOIDCPARRequirement{value: val, isSet: true} +} + +func (v NullableEnumApplicationOIDCPARRequirement) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableEnumApplicationOIDCPARRequirement) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} +