mgyarmathy
diff --git a/‎docs/resource-specific-documentation.md‎
Lines changed: 79 additions & 0 deletions b/‎docs/resource-specific-documentation.md‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎examples/directory/clients/My App with Express Config.json‎
Lines changed: 13 additions & 0 deletions b/‎examples/directory/clients/My App with Express Config.json‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎examples/directory/connection-profiles/Basic Connection Profile.json‎
Lines changed: 10 additions & 0 deletions b/‎examples/directory/connection-profiles/Basic Connection Profile.json‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎examples/directory/connection-profiles/Enterprise SSO Profile.json‎
Lines changed: 27 additions & 0 deletions b/‎examples/directory/connection-profiles/Enterprise SSO Profile.json‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎examples/directory/user-attribute-profiles/My User Attribute Profile.json‎
Lines changed: 12 additions & 0 deletions b/‎examples/directory/user-attribute-profiles/My User Attribute Profile.json‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎examples/yaml/tenant.yaml‎
Lines changed: 47 additions & 0 deletions b/‎examples/yaml/tenant.yaml‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎package-lock.json‎
Lines changed: 7 additions & 7 deletions b/‎package-lock.json‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/context/directory/handlers/clients.ts‎
Lines changed: 35 additions & 0 deletions b/‎src/context/directory/handlers/clients.ts‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎src/context/directory/handlers/connectionProfiles.ts‎
Lines changed: 65 additions & 0 deletions b/‎src/context/directory/handlers/connectionProfiles.ts‎
Lines changed: 65 additions & 0 deletions
@@ -575,3 +575,82 @@ phoneProviders:
   }
 ]
 ```
+
+## Connection Profiles
+
+Application specific configuration for use with the OIN Express Configuration feature
+
+### YAML Example
+
+```yaml
+# Contents of ./tenant.yaml
+connectionProfiles:
+  - name: 'Enterprise SSO Profile'
+    organization:
+      show_as_button: 'required'
+      assign_membership_on_login: 'required'
+    connection_name_prefix_template: 'org-{organization_name}'
+    enabled_features:
+      - scim
+      - universal_logout
+    strategy_overrides:
+      samlp:
+        enabled_features:
+          - universal_logout
+      oidc:
+        enabled_features:
+          - scim
+          - universal_logout
+  - name: 'Basic Connection Profile'
+    organization:
+      show_as_button: 'optional'
+      assign_membership_on_login: 'optional'
+    enabled_features:
+      - scim
+```
+
+### Directory Example
+
+File: `./connection-profiles/Enterprise SSO Profile.json`
+
+```json
+{
+  "name": "Enterprise SSO Profile",
+  "organization": {
+    "show_as_button": "required",
+    "assign_membership_on_login": "required"
+  },
+  "connection_name_prefix_template": "org-{organization_name}",
+  "enabled_features": ["scim", "universal_logout"],
+  "strategy_overrides": {
+    "samlp": {
+      "enabled_features": ["universal_logout"]
+    },
+    "oidc": {
+      "enabled_features": ["scim", "universal_logout"]
+    }
+  }
+}
+```
+
+### Express Configuration on Clients
+
+Connection profiles are used in conjunction with the `express_configuration` property on client applications: (In order to use express_configuration app_type should not be 'express_configuration')
+
+```yaml
+clients:
+  - name: 'My Enterprise App'
+    app_type: 'regular_web'
+    express_configuration:
+      initiate_login_uri_template: 'https://myapp.com/sso/start?org={organization_name}&conn={connection_name}'
+      user_attribute_profile_id: 'My User Attribute Profile'
+      connection_profile_id: 'Enterprise SSO Profile' # Reference to connection profile
+      enable_client: true
+      enable_organization: true
+      okta_oin_client_id: 'My Okta OIN Client'
+      admin_login_domain: 'login.myapp.com'
+      linked_clients:
+        - client_id: 'client_id_of_mobile_app'
+```
+
+For more details, see the [Management API documentation](https://auth0.com/docs/api/management/v2).
@@ -0,0 +1,13 @@
+{
+  "name": "My App with Express Config",
+  "app_type": "regular_web",
+  "express_configuration": {
+    "initiate_login_uri_template": "https://myapp.com/sso/start?org={organization_name}&conn={connection_name}",
+    "user_attribute_profile_id": "My User Attribute Profile",
+    "connection_profile_id": "Enterprise SSO Profile",
+    "enable_client": true,
+    "enable_organization": true,
+    "okta_oin_client_id": "My Okta OIN Client",
+    "admin_login_domain": "login.myapp.com"
+  }
+}
@@ -0,0 +1,10 @@
+{
+  "name": "Basic Connection Profile",
+  "organization": {
+    "show_as_button": "optional",
+    "assign_membership_on_login": "optional"
+  },
+  "enabled_features": [
+    "scim"
+  ]
+}
@@ -0,0 +1,27 @@
+{
+  "name": "Enterprise SSO Profile",
+  "organization": {
+    "show_as_button": "required",
+    "assign_membership_on_login": "required"
+  },
+  "connection_name_prefix_template": "org-{org_name}",
+  "enabled_features": [
+    "scim",
+    "universal_logout"
+  ],
+  "strategy_overrides": {
+    "samlp": {
+      "enabled_features": [
+        "universal_logout"
+      ],
+      "connection_config": {}
+    },
+    "oidc": {
+      "enabled_features": [
+        "scim",
+        "universal_logout"
+      ],
+      "connection_config": {}
+    }
+  }
+}
@@ -0,0 +1,12 @@
+{
+  "name": "My User Attribute Profile",
+  "description": "My User Attribute Profile Description",
+  "user_attributes": [
+    {
+      "name": "email",
+      "description": "Email",
+      "type": "email",
+      "required": true
+    }
+  ]
+}
@@ -42,6 +42,20 @@ clients:
     name: "My Resource Server Client"
     app_type: "resource_server"
     resource_server_identifier: "https://##ENV##.myapp.com/api/v1"
+  -
+    name: "My Okta OIN Client"
+    app_type: "regular_web"
+  -
+    name: "My Express App"
+    app_type: "regular_web"
+    express_configuration:
+      initiate_login_uri_template: "https://myapp.com/sso/start?org={organization_name}&conn={connection_name}"
+      user_attribute_profile_id: "My User Attribute Profile"
+      connection_profile_id: "Enterprise SSO Profile"
+      enable_client: true
+      enable_organization: true
+      okta_oin_client_id: "My Okta OIN Client"
+      admin_login_domain: "login.myapp.com"
 
 databases:
   - name: "users"
@@ -372,3 +386,36 @@ attackProtection:
         max_attempts: 50
         rate: 1200
 
+connectionProfiles:
+  - name: "Enterprise SSO Profile"
+    organization:
+      show_as_button: "required"
+      assign_membership_on_login: "required"
+    connection_name_prefix_template: "org-{org_name}"
+    enabled_features:
+      - scim
+      - universal_logout
+    strategy_overrides:
+      samlp:
+        enabled_features:
+          - universal_logout
+      oidc:
+        enabled_features:
+          - scim
+          - universal_logout
+  - name: "Basic Connection Profile"
+    organization:
+      show_as_button: "optional"
+      assign_membership_on_login: "optional"
+    enabled_features:
+      - scim
+
+userAttributeProfiles:
+  - name: "My User Attribute Profile"
+    description: "My User Attribute Profile Description"
+    user_attributes:
+      - name: "email"
+        description: "Email"
+        type: "email"
+        required: true
+
@@ -33,7 +33,7 @@
   "homepage": "https://github.com/auth0/auth0-deploy-cli#readme",
   "dependencies": {
     "ajv": "^6.12.6",
-    "auth0": "^4.36.0",
+    "auth0": "^4.37.0",
     "dot-prop": "^5.3.0",
     "fs-extra": "^10.1.0",
     "js-yaml": "^4.1.1",
 
@@ -54,6 +54,7 @@ function parse(context: DirectoryContext): ParsedClients {
 
 async function dump(context: DirectoryContext): Promise<void> {
   const { clients } = context.assets;
+  const { userAttributeProfiles, connectionProfiles } = context.assets;
 
   if (!clients) return; // Skip, nothing to dump
 
@@ -73,6 +74,40 @@ async function dump(context: DirectoryContext): Promise<void> {
 
       client.custom_login_page = `./${clientName}_custom_login_page.html`;
     }
+
+    if (client.express_configuration) {
+      // map ids to names for user attribute profiles
+      const userAttributeProfileId = client?.express_configuration?.user_attribute_profile_id;
+      if (client.express_configuration && userAttributeProfileId) {
+        const p = userAttributeProfiles?.find((uap) => uap.id === userAttributeProfileId);
+        client.express_configuration.user_attribute_profile_id = p?.name || userAttributeProfileId;
+      }
+
+      // map ids to names for connection profiles
+      const connectionProfilesProfileId = client?.express_configuration?.connection_profile_id;
+      if (client.express_configuration && connectionProfilesProfileId) {
+        const c = connectionProfiles?.find((uap) => uap.id === connectionProfilesProfileId);
+        client.express_configuration.connection_profile_id = c?.name || connectionProfilesProfileId;
+      }
+
+      // map ids to names for okta oin clients
+      const oktaOinClientId = client?.express_configuration?.okta_oin_client_id;
+      if (client.express_configuration && oktaOinClientId) {
+        const o = clients?.find((uap) => uap.client_id === oktaOinClientId);
+        client.express_configuration.okta_oin_client_id = o?.name || oktaOinClientId;
+      }
+    }
+
+    if (client.app_type === 'express_configuration') {
+      // only keep relevant fields for express configuration
+      client = {
+        name: client.name,
+        app_type: client.app_type,
+        client_authentication_methods: client.client_authentication_methods,
+        organization_require_behavior: client.organization_require_behavior,
+      } as Client;
+    }
+
     dumpJSON(clientFile, clearClientArrays(client));
   });
 }
 
@@ -0,0 +1,65 @@
+import path from 'path';
+import fs from 'fs-extra';
+import { ConnectionProfile } from 'auth0';
+import { constants } from '../../../tools';
+import log from '../../../logger';
+
+import { dumpJSON, existsMustBeDir, getFiles, loadJSON, sanitize } from '../../../utils';
+import DirectoryContext from '..';
+import { ParsedAsset } from '../../../types';
+
+type ParsedConnectionProfiles = ParsedAsset<'connectionProfiles', Partial<ConnectionProfile>[]>;
+
+function parse(context: DirectoryContext): ParsedConnectionProfiles {
+  const connectionProfilesFolder = path.join(
+    context.filePath,
+    constants.CONNECTION_PROFILES_DIRECTORY
+  );
+  if (!existsMustBeDir(connectionProfilesFolder)) return { connectionProfiles: null }; // Skip
+
+  const files = getFiles(connectionProfilesFolder, ['.json']);
+
+  const connectionProfiles = files.map((f) => {
+    const profile = {
+      ...loadJSON(f, {
+        mappings: context.mappings,
+        disableKeywordReplacement: context.disableKeywordReplacement,
+      }),
+    };
+    return profile;
+  });
+
+  return {
+    connectionProfiles,
+  };
+}
+
+async function dump(context: DirectoryContext): Promise<void> {
+  const { connectionProfiles } = context.assets;
+  if (!connectionProfiles) return;
+
+  const connectionProfilesFolder = path.join(
+    context.filePath,
+    constants.CONNECTION_PROFILES_DIRECTORY
+  );
+  fs.ensureDirSync(connectionProfilesFolder);
+
+  connectionProfiles.forEach((profile) => {
+    const profileFile = path.join(connectionProfilesFolder, sanitize(`${profile.name}.json`));
+    log.info(`Writing ${profileFile}`);
+
+    // Remove read-only fields
+    if ('id' in profile) {
+      delete profile.id;
+    }
+
+    dumpJSON(profileFile, profile);
+  });
+}
+
+const connectionProfilesHandler = {
+  parse,
+  dump,
+};
+
+export default connectionProfilesHandler;