doc: various improvements

Author: azmeuk

doc/client-applications.rst

@@ -66,7 +66,7 @@ OIDC Client registration
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
 Before your application can authenticate against the IAM server, it must register and give provide details
-such as the allowed redirection URIs. To achieve this you can use the :class:`~canaille.oidc.models.Client`
+such as the allowed redirection URIs. To achieve this you can use the :class:`~canaille.oidc.basemodels.Client`
 model. Let us suppose your application have a ``/authorize`` endpoint for the authorization code - token exchange:
 
 .. code:: python
@@ -109,6 +109,12 @@ client registration. Here is an example of dynamic registration you can implemen
     client_id = response.json["client_id"]
     client_secret = response.json["client_secret"]
 
+.. note::
+
+   Canaille has a :attr:`~canaille.oidc.basemodels.Client.trusted` parameter.
+   When it is :data:`True` for a client, end-users won't be showed a consent page
+   when the client redirect them to the IAM authorization page.
+
 Nominal authentication workflow
 -------------------------------
 
@@ -255,3 +261,12 @@ to the IAM authorization endpoint with the ``prompt=create`` parameters.
         assert "User account successfully created" in res.text
 
 Unfortunately there is no helpers for account creation in the fashion of :meth:`~pytest_iam.Server.login`.
+
+Provisioning
+------------
+
+The ``iam_server`` instance provides a `SCIM2 provisioning API <https://scim.libre.sh>`_ at the address ``/scim/v2``.
+You can use it to update your user profiles directly at the IAM.
+You can have a look to the :doc:`Canaille documentation <canaille:tutorial/provisioning>` to see implementation details.
+
+To perform SCIM requests you might be interested in tools such as `scim2-client <https://scim2-cli.readthedocs.io>`_.

pytest_iam/__init__.py

@@ -51,7 +51,7 @@ def __init__(self, app: Flask, port: int, backend: Backend, logging: bool = Fals
         self.port = port
         self.logging = logging
         self.httpd = wsgiref.simple_server.make_server(
-            "localhost", port, app, handler_class=self.make_request_handler()
+            "localhost", port, app, handler_class=self._make_request_handler()
         )
         self.models = models
         self.logged_user = None
@@ -75,7 +75,7 @@ def logged_user():
                 except AttributeError:
                     pass
 
-    def make_request_handler(self):
+    def _make_request_handler(self):
         server = self
 
         class RequestHandler(WSGIRequestHandler):
@@ -114,7 +114,7 @@ def random_group(self, **kwargs) -> Group:
 
         return group
 
-    def random_token(self, subject, client, **kwargs) -> Token:
+    def random_token(self, subject: User, client: Client, **kwargs) -> Token:
         """Generate a test :class:`~canaille.oidc.basemodels.Token` with random values.
 
         Any parameter will be used instead of a random value.
@@ -138,7 +138,7 @@ def random_token(self, subject, client, **kwargs) -> Token:
 
         return token
 
-    def login(self, user):
+    def login(self, user: User):
         """Open a session for the user in the IAM session.
 
         This allows to skip the connection screen.
@@ -151,7 +151,7 @@ def logout(self):
         self.logged_user = None
         self.login_datetime = None
 
-    def consent(self, user, client=None):
+    def consent(self, user: User, client: Client | None = None):
         """Make a user consent to share data with OIDC clients.
 
         :param client: If :const:`None`, all existing clients are consented.