Lyle/eng 3375/introspect and libs

src/main/api/approveDeviceUsingRequest.json

@@ -0,0 +1,20 @@
+{
+  "uri": "/oauth2/device/approve",
+  "comments": [
+    "Approve a device grant."
+  ],
+  "method": "post",
+  "methodName": "approveDeviceWithRequest",
+  "successResponse": "DeviceApprovalResponse",
+  "errorResponse": "Errors",
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The request object containing the device approval information and optional tenantId."
+      ],
+      "type": "body",
+      "javaType": "DeviceApprovalRequest"
+    }
+  ]
+}

src/main/api/clientCredentialsGrantUsingRequest.json

@@ -0,0 +1,21 @@
+{
+  "uri": "/oauth2/token",
+  "comments": [
+    "Make a Client Credentials grant request to obtain an access token."
+  ],
+  "method": "post",
+  "methodName": "clientCredentialsGrantWithRequest",
+  "successResponse": "AccessToken",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The client credentials grant request containing client authentication, scope and optional tenantId."
+      ],
+      "type": "body",
+      "javaType": "ClientCredentialsGrantRequest"
+    }
+  ]
+}

src/main/api/deviceAuthorize.json

@@ -0,0 +1,37 @@
+{
+  "uri": "/oauth2/device_authorize",
+  "comments": [
+    "Start the Device Authorization flow using form-encoded parameters"
+  ],
+  "method": "post",
+  "methodName": "deviceAuthorize",
+  "successResponse": "DeviceResponse",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "client_id",
+      "comments": [
+        "The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate."
+      ],
+      "type": "form",
+      "javaType": "String"
+    },
+    {
+      "name": "client_secret",
+      "comments": [
+        "(Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header."
+      ],
+      "type": "form",
+      "javaType": "String"
+    },
+    {
+      "name": "scope",
+      "comments": [
+        "(Optional) A space-delimited string of the requested scopes. Defaults to all scopes configured in the Application's OAuth configuration."
+      ],
+      "type": "form",
+      "javaType": "String"
+    }
+  ]
+}

src/main/api/deviceAuthorizeUsingRequest.json

@@ -0,0 +1,21 @@
+{
+  "uri": "/oauth2/device_authorize",
+  "comments": [
+    "Start the Device Authorization flow using a request body"
+  ],
+  "method": "post",
+  "methodName": "deviceAuthorizeWithRequest",
+  "successResponse": "DeviceResponse",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The device authorization request containing client authentication, scope, and optional device metadata."
+      ],
+      "type": "body",
+      "javaType": "DeviceAuthorizationRequest"
+    }
+  ]
+}

src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCEUsingRequest.json

@@ -0,0 +1,22 @@
+{
+  "uri": "/oauth2/token",
+  "comments": [
+    "Exchanges an OAuth authorization code and code_verifier for an access token.",
+    "Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token."
+  ],
+  "method": "post",
+  "methodName": "exchangeOAuthCodeForAccessTokenUsingPKCEWithRequest",
+  "successResponse": "AccessToken",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The PKCE OAuth code access token exchange request."
+      ],
+      "type": "body",
+      "javaType": "OAuthCodePKCEAccessTokenRequest"
+    }
+  ]
+}

src/main/api/exchangeOAuthCodeForAccessTokenUsingRequest.json

@@ -0,0 +1,22 @@
+{
+  "uri": "/oauth2/token",
+  "comments": [
+    "Exchanges an OAuth authorization code for an access token.",
+    "Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token."
+  ],
+  "method": "post",
+  "methodName": "exchangeOAuthCodeForAccessTokenWithRequest",
+  "successResponse": "AccessToken",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The OAuth code access token exchange request."
+      ],
+      "type": "body",
+      "javaType": "OAuthCodeAccessTokenRequest"
+    }
+  ]
+}

src/main/api/exchangeRefreshTokenForAccessTokenUsingRequest.json

@@ -0,0 +1,22 @@
+{
+  "uri": "/oauth2/token",
+  "comments": [
+    "Exchange a Refresh Token for an Access Token.",
+    "If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token."
+  ],
+  "method": "post",
+  "methodName": "exchangeRefreshTokenForAccessTokenWithRequest",
+  "successResponse": "AccessToken",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The refresh token access token exchange request."
+      ],
+      "type": "body",
+      "javaType": "RefreshTokenAccessTokenRequest"
+    }
+  ]
+}

src/main/api/exchangeUserCredentialsForAccessTokenUsingRequest.json

@@ -0,0 +1,22 @@
+{
+  "uri": "/oauth2/token",
+  "comments": [
+    "Exchange User Credentials for a Token.",
+    "If you will be using the Resource Owner Password Credential Grant, you will make a request to the Token endpoint to exchange the user’s email and password for an access token."
+  ],
+  "method": "post",
+  "methodName": "exchangeUserCredentialsForAccessTokenWithRequest",
+  "successResponse": "AccessToken",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The user credentials access token exchange request."
+      ],
+      "type": "body",
+      "javaType": "UserCredentialsAccessTokenRequest"
+    }
+  ]
+}

src/main/api/introspectAccessTokenUsingRequest.json

@@ -0,0 +1,21 @@
+{
+  "uri": "/oauth2/introspect",
+  "comments": [
+    "Inspect an access token issued as the result of the User based grant such as the Authorization Code Grant, Implicit Grant, the User Credentials Grant or the Refresh Grant."
+  ],
+  "method": "post",
+  "methodName": "introspectAccessTokenWithRequest",
+  "successResponse": "IntrospectResponse",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The access token introspection request."
+      ],
+      "type": "body",
+      "javaType": "AccessTokenIntrospectRequest"
+    }
+  ]
+}

src/main/api/introspectClientCredentialsAccessTokenUsingRequest.json

@@ -0,0 +1,21 @@
+{
+  "uri": "/oauth2/introspect",
+  "comments": [
+    "Inspect an access token issued as the result of the Client Credentials Grant."
+  ],
+  "method": "post",
+  "methodName": "introspectClientCredentialsAccessTokenWithRequest",
+  "successResponse": "IntrospectResponse",
+  "errorResponse": "OAuthError",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The client credentials access token."
+      ],
+      "type": "body",
+      "javaType": "ClientCredentialsAccessTokenIntrospectRequest"
+    }
+  ]
+}

src/main/api/retrieveUserCodeUsingAPIKeyUsingRequest.json

@@ -0,0 +1,25 @@
+{
+  "uri": "/oauth2/device/user-code",
+  "comments": [
+    "Retrieve a user_code that is part of an in-progress Device Authorization Grant.",
+    "",
+    "This API is useful if you want to build your own login workflow to complete a device grant.",
+    "",
+    "This request will require an API key."
+  ],
+  "method": "post",
+  "methodName": "retrieveUserCodeUsingAPIKeyWithRequest",
+  "successResponse": "Void",
+  "errorResponse": "Void",
+  "anonymous": false,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The user code retrieval request including optional tenantId."
+      ],
+      "type": "body",
+      "javaType": "RetrieveUserCodeUsingAPIKeyRequest"
+    }
+  ]
+}

src/main/api/retrieveUserCodeUsingRequest.json

@@ -0,0 +1,23 @@
+{
+  "uri": "/oauth2/device/user-code",
+  "comments": [
+    "Retrieve a user_code that is part of an in-progress Device Authorization Grant.",
+    "",
+    "This API is useful if you want to build your own login workflow to complete a device grant."
+  ],
+  "method": "post",
+  "methodName": "retrieveUserCodeWithRequest",
+  "successResponse": "Void",
+  "errorResponse": "Void",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The user code retrieval request."
+      ],
+      "type": "body",
+      "javaType": "RetrieveUserCodeRequest"
+    }
+  ]
+}

src/main/api/validateDeviceUsingRequest.json

@@ -0,0 +1,22 @@
+{
+  "uri": "/oauth2/device/validate",
+  "comments": [
+    "Validates the end-user provided user_code from the user-interaction of the Device Authorization Grant.",
+    "If you build your own activation form you should validate the user provided code prior to beginning the Authorization grant."
+  ],
+  "method": "post",
+  "methodName": "validateDeviceWithRequest",
+  "successResponse": "Void",
+  "errorResponse": "Void",
+  "anonymous": true,
+  "params": [
+    {
+      "name": "request",
+      "comments": [
+        "The device validation request."
+      ],
+      "type": "body",
+      "javaType": "ValidateDeviceRequest"
+    }
+  ]
+}

src/main/client/go.client.ftl

@@ -184,7 +184,7 @@ func (rc *restClient) WithUriSegment(segment string) *restClient {
 
 [#-- @formatter:off --]
 [#-- Ignoring these few following APIs due to currently being unable to convert the json response into the actual IdentityProvider type. Need a conversion utility. --]
-[#assign ignoredAPIs = ["CreateIdentityProvider","IntrospectAccessToken","IntrospectClientCredentialsAccessToken","RetrieveIdentityProvider","RetrieveIdentityProviders","RetrieveUserInfoFromAccessToken","UpdateIdentityProvider"]/]
+[#assign ignoredAPIs = ["CreateIdentityProvider","IntrospectAccessToken","IntrospectAccessTokenWithRequest","IntrospectClientCredentialsAccessToken","IntrospectClientCredentialsAccessTokenWithRequest","RetrieveIdentityProvider","RetrieveIdentityProviders","RetrieveUserInfoFromAccessToken","UpdateIdentityProvider"]/]
 [#list apis as api]
   [#if !(ignoredAPIs?seq_contains(api.methodName?cap_first))]
 // ${api.methodName?cap_first}

src/main/client/java.client.ftl

@@ -238,11 +238,24 @@ import io.fusionauth.domain.api.user.VerifyEmailResponse;
 import io.fusionauth.domain.api.user.VerifyRegistrationRequest;
 import io.fusionauth.domain.api.user.VerifyRegistrationResponse;
 import io.fusionauth.domain.oauth2.AccessToken;
+import io.fusionauth.domain.oauth2.AccessTokenIntrospectRequest;
+import io.fusionauth.domain.oauth2.ClientCredentialsAccessTokenIntrospectRequest;
+import io.fusionauth.domain.oauth2.ClientCredentialsGrantRequest;
+import io.fusionauth.domain.oauth2.DeviceApprovalRequest;
 import io.fusionauth.domain.oauth2.DeviceApprovalResponse;
+import io.fusionauth.domain.oauth2.DeviceAuthorizationRequest;
+import io.fusionauth.domain.oauth2.DeviceResponse;
 import io.fusionauth.domain.oauth2.IntrospectResponse;
 import io.fusionauth.domain.oauth2.JWKSResponse;
+import io.fusionauth.domain.oauth2.OAuthCodeAccessTokenRequest;
+import io.fusionauth.domain.oauth2.OAuthCodePKCEAccessTokenRequest;
 import io.fusionauth.domain.oauth2.OAuthError;
+import io.fusionauth.domain.oauth2.RefreshTokenAccessTokenRequest;
+import io.fusionauth.domain.oauth2.RetrieveUserCodeRequest;
+import io.fusionauth.domain.oauth2.RetrieveUserCodeUsingAPIKeyRequest;
+import io.fusionauth.domain.oauth2.UserCredentialsAccessTokenRequest;
 import io.fusionauth.domain.oauth2.UserinfoResponse;
+import io.fusionauth.domain.oauth2.ValidateDeviceRequest;
 import io.fusionauth.domain.provider.IdentityProviderType;
 
 /**
@@ -363,8 +376,16 @@ public class FusionAuthClient {
   [#if formPost]
     Map<String, List<String>> parameters = new HashMap<>();
     [#list api.params![] as param]
+      [#assign pval = param.name /]
       [#if param.type == "form"]
-    parameters.put("${param.name}", Arrays.asList(${(param.constant?? && param.constant)?then("\""+param.value+"\"", param.name)}));
+      [#if param.constant?? && param.constant]
+        [#assign pval = "\""+param.value+"\"" /]
+      [#else]
+        [#if param.javaType != "String"]
+          [#assign pval = "\"\" + ${param.name}" /]
+        [/#if]
+      [/#if]
+    parameters.put("${param.name}", Arrays.asList(${pval}));
       [/#if]
     [/#list]
   [/#if]