Merge branch 'master' into issue-26702

.gitignore

@@ -27,3 +27,4 @@ en/asgardeo/site
 
 # Python virtula environment
 .venv
+en/asgardeo/__pycache__/

VERSION

@@ -1 +1 @@
-0.0.230
+0.0.267

en/asgardeo/docs/apis/restapis/actions.yaml

@@ -500,127 +500,6 @@ paths:
             curl --location --request POST 'https://api.asgardeo.io/t/{organization-name}/api/server/v1/actions/{actionType}/{actionId}/deactivate' \
             -H 'Authorization: Bearer {bearer_token}'
 
-  /actions/{actionType}/{actionId}/{authType}:
-    put:
-      tags:
-        - Actions Endpoint
-      summary: Update Action Authentication
-      description: "This API updates authentication mechanism for the endpoint configured for the action. \n\n
-        <b>Scope (Permission) required:</b> ``internal_action_mgt_update``\n\n"
-      operationId: updateActionEndpointAuthentication
-      parameters:
-        - name: actionType
-          in: path
-          description: Name of the Action Type.
-          required: true
-          schema:
-            enum:
-              - preIssueAccessToken
-        - name: actionId
-          in: path
-          description: Unique identifier of the action.
-          required: true
-          schema:
-            type: string
-        - name: authType
-          in: path
-          description: Authentication Type of the Action Endpoint.
-          required: true
-          schema:
-            enum:
-              - none
-              - basic
-              - apiKey
-              - bearer
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthTypeProperties'
-        description: This represents the updating authentication mechanism for the endpoint configured.
-        required: true
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ActionResponse'
-        '400':
-          description: Bad Request
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '401':
-          description: Unauthorized
-        '403':
-          description: Forbidden
-        '404':
-          description: Not Found
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '500':
-          description: Server Error
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-        '501':
-          description: Not Implemented
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
-      x-codeSamples:
-        - lang: Curl(Bearer)
-          source: |
-            curl --location --request PUT 'https://api.asgardeo.io/t/{organization-name}/api/server/v1/actions/{actionType}/{actionId}/bearer' \
-            -H 'Content-Type: application/json' \
-            -H 'Accept: application/json' \
-            -H 'Authorization: Bearer {bearer_token}' \
-            -d '{
-              "properties": {
-                "accessToken": "token"
-              }
-            }'
-        - lang: Curl(Basic)
-          source: |
-            curl --location --request PUT 'https://api.asgardeo.io/t/{organization-name}/api/server/v1/actions/{actionType}/{actionId}/basic' \
-            -H 'Content-Type: application/json' \
-            -H 'Accept: application/json' \
-            -H 'Authorization: Bearer {bearer_token}' \
-            -d '{
-              "properties": {
-                "username": "username",
-                "password": "password"
-              }
-            }'
-        - lang: Curl(API Key)
-          source: |
-            curl --location --request PUT 'https://api.asgardeo.io/t/{organization-name}/api/server/v1/actions/{actionType}/{actionId}/apiKey' \
-            -H 'Content-Type: application/json' \
-            -H 'Accept: application/json' \
-            -H 'Authorization: Bearer {bearer_token}' \
-            -d '{
-              "properties": {
-                "header": "header",
-                "value": "value"
-              }
-            }'
-        - lang: Curl(None)
-          source: |
-            curl --location --request PUT 'https://api.asgardeo.io/t/{organization-name}/api/server/v1/actions/{actionType}/{actionId}/none' \
-            -H 'Content-Type: application/json' \
-            -H 'Accept: application/json' \
-            -H 'Authorization: Bearer {bearer_token}' \
-            -d '{
-              "properties": {}
-            }'
-      x-codegen-request-body-name: body
-
 components:
   securitySchemes:
     OAuth2:
@@ -948,13 +827,6 @@ components:
         - $ref: '#/components/schemas/BearerAuthentication'
         - $ref: '#/components/schemas/NoAuthentication'
 
-    AuthTypeProperties:
-      oneOf:
-        - $ref: '#/components/schemas/Basic'
-        - $ref: '#/components/schemas/ApiKey'
-        - $ref: '#/components/schemas/Bearer'
-        - $ref: '#/components/schemas/None'
-
     Error:
       type: object
       properties:

en/asgardeo/docs/apis/restapis/scim2-users.yaml

@@ -676,16 +676,39 @@ components:
             $ref: '#/components/schemas/UserResponseObject'
     UserSearchRequestObject:
       type: object
-      example:
+      properties:
         schemas:
-        - urn:ietf:params:scim:api:messages:2.0:SearchRequest
+          type: object
+          items:
+            type: string
+            example:
+            - urn:ietf:params:scim:api:messages:2.0:SearchRequest
         attributes:
-        - name.familyName
-        - userName
-        filter: userName sw ki and name.familyName co err
-        domain: DEFAULT
-        startIndex: 1
-        count: 10
+          type: array
+          description: SCIM defined attributes parameter.
+          items:
+            type: string
+            example:
+              - name.familyName
+              - userName
+        filter:
+          type: string
+          description: The expression used for filtering. Supported filters are <code>ew</code>, <code>eq</code>, <code>co</code>, <code>sw</code>, and <code>and</code>.
+          example: userName sw ki and name.familyName co err
+        domain:
+          type: string
+          description: The name of the user store where filtering needs to be applied.
+          example: DEFAULT
+        startIndex:
+          type: integer
+          format: int32
+          description: The 1-based index of the first query result
+          example: 1
+        count:
+          type: integer
+          format: int32
+          description: Specifies the desired maximum number of query results per page. </br>(For organizations created on or after November 19, 2024, a threshold value of 100 will be applied to the count parameter. To fetch more users, use pagination.)
+          example: 10
     UserUpdateObject:
       type: object
       properties:
@@ -825,4 +848,4 @@ components:
         detail:
           type: string
           example: 'No user with the id : 008bba85-451d-414b-87de-c03b5a1f4217 in
-            the user store.'
+            the user store.'

en/asgardeo/docs/apis/restapis/user-store.yaml

@@ -351,7 +351,7 @@ paths:
             -d '[
             {
               "operation": "REPLACE",
-              "path": "/properties/disabled",
+              "path": "/properties/Disabled",
               "value": "true"
             }
             ]'            
@@ -871,7 +871,7 @@ components:
         path:
           type: string
           description: A JSON-Pointer
-          example: /properties/disabled
+          example: /properties/Disabled
         value:
           type: string
           description: The value to be used within the operations

en/asgardeo/docs/complete-guides/nodejs/accessing-protected-api.md

@@ -0,0 +1,138 @@
+---
+template: templates/complete-guide.html
+heading: Accessing protected API from your Node.js app
+read_time: 2 min
+---
+
+In this section, we will focus on how to call a secure API from your Node.js app using the other token—the access token.
+
+For simplicity, let's assume that the APIs we’re calling are secured by the same Identity Provider (IdP) and use the same issuer— in this case, the same {{product_name}} organization. This is typical when Node.js apps are interacting with internal APIs within the same organization.
+
+!!! tip "Tip"
+
+    If your app needs to call APIs secured by a different IdP, you’ll need to exchange your current access token for a new one issued by the IdP securing those APIs. This can be done using the OAuth2 token exchange grant type or other supported grant types. We will cover these scenarios in a separate guide.
+
+In the following example we'll see how to call a protected API endpoint, such as [scim2/Me](https://wso2.com/asgardeo/docs/apis/scim2-me/) (to get the user profile details after signing in). In this case, the SCIM 2 endpoint is secured by the same {{product_name}} organization. {{product_name}} provides a SCIM 2 API for managing users within your organization. While user management with SCIM 2 is a topic for a different guide, we will use the API as part of our current guide.
+
+If you observe the `routes/auth.js` file, you can see that the {{product_name}} strategy loads the access token in the `accessToken` parameter of the `verify` callback. This access token can be used to call the protected API.
+
+Let's return the access token from the callback and serialize it to the session. 
+
+You will notice that the {{product_name}} documentation lists the scopes required to access the SCIM 2 API. In this case, the `internal_login` scope is required to access the `/scim2/Me` endpoint.
+
+We will add the `internal_login` scope as well to the `scope` parameter in the {{product_name}} strategy configuration.
+
+```javascript hl_lines="23 38 51"
+var passport = require("passport");
+var AsgardeoStrategy = require("passport-asgardeo");
+const ASGARDEO_BASE_URL = "https://api.asgardeo.io/t/";
+
+passport.use(
+  new AsgardeoStrategy(
+    {
+      issuer:
+        ASGARDEO_BASE_URL + process.env.ASGARDEO_ORGANISATION + "/oauth2/token",
+      authorizationURL:
+        ASGARDEO_BASE_URL +
+        process.env.ASGARDEO_ORGANISATION +
+        "/oauth2/authorize",
+      tokenURL:
+        ASGARDEO_BASE_URL + process.env.ASGARDEO_ORGANISATION + "/oauth2/token",
+      userInfoURL:
+        ASGARDEO_BASE_URL +
+        process.env.ASGARDEO_ORGANISATION +
+        "/oauth2/userinfo",
+      clientID: process.env.ASGARDEO_CLIENT_ID,
+      clientSecret: process.env.ASGARDEO_CLIENT_SECRET,
+      callbackURL: "/oauth2/redirect",
+      scope: ["profile internal_login"],
+    },
+    function verify(
+      issuer,
+      uiProfile,
+      idProfile,
+      context,
+      idToken,
+      accessToken,
+      refreshToken,
+      params,
+      verified
+    ) {
+      return verified(null, {
+        uiProfile: uiProfile,
+        accessToken: accessToken,
+      });
+    }
+  )
+);
+
+passport.serializeUser(function (user, cb) {
+  process.nextTick(function () {
+    cb(null, {
+      id: user?.uiProfile?.id,
+      username: user?.uiProfile?._json?.username,
+      givenName: user?.uiProfile?.name?.givenName,
+      familyName: user?.uiProfile?.name?.familyName,
+      accessToken: user?.accessToken,
+    });
+  });
+});
+
+passport.deserializeUser(function (user, cb) {
+  process.nextTick(function () {
+    return cb(null, user);
+  });
+});
+...
+```
+
+Now we can use the access token to call the protected API. Let's modify the `routes/users.js` to try out the SCIM 2 API call.
+
+```javascript hl_lines="4 8-35"
+var express = require("express");
+var ensureLogIn = require("connect-ensure-login").ensureLoggedIn;
+var router = express.Router();
+const ASGARDEO_BASE_URL = "https://api.asgardeo.io/t/";
+
+var ensureLoggedIn = ensureLogIn();
+/* GET users listing. */
+router.get("/", ensureLoggedIn, async function (req, res, next) {
+  try {
+    console.log("Calling scim2/Me endpoint");
+    const response = await fetch(
+      ASGARDEO_BASE_URL + process.env.ASGARDEO_ORGANISATION + "/scim2/Me",
+      {
+        method: "GET",
+        headers: {
+          Accept: "application/scim+json",
+          "Content-Type": "application/scim+json",
+          Authorization: `Bearer ${req?.user?.accessToken}`,
+        },
+      }
+    );
+
+    if (!response.ok) {
+      throw new Error(
+        "Response: " + JSON.stringify(await response.json(), null, 2)
+      );
+    }
+
+    console.log(
+      "Protected data fetched. Response: " +
+        JSON.stringify(await response.json(), null, 2)
+    );
+  } catch (error) {
+    console.error("Failed to fetch protected data: ", error);
+  }
+
+  res.send("This is a protected resource");
+});
+
+module.exports = router;
+```
+
+When you login to the application and navigate to the `/users` route, you will see that the SCIM 2 API is called and the protected data is fetched successfully. The response will be logged in the terminal.
+
+![Accessing protected API]({{base_path}}/complete-guides/nodejs/assets/img/image16.png){: width="800" style="display: block; margin: 0;"}
+
+In this step, we have successfully called a protected API from our Node.js app using the access token. This is a common requirement in many applications. Next you can look into additional features that {{product_name}} offers to make the authentication flow more diverse and secure.