rustauth_scim/
lib.rs

1//! Server-side SCIM 2.0 provisioning for RustAuth.
2//!
3//! # Provider connections
4//!
5//! Each row in `scim_providers` is keyed by a globally unique `provider_id`
6//! (Better Auth uses the same model). That id names one SCIM integration — for
7//! example a single Okta enterprise app — not a tenant or organization by itself.
8//! Optional `organization_id` on the row and in the bearer token limits which users
9//! may be provisioned.
10//!
11//! If you need two independent tokens for the same vendor, use two provider ids
12//! (`okta-workforce`, `okta-partners`). Regenerating a token updates the existing
13//! row via upsert instead of deleting it first.
14//!
15//! # List filters
16//!
17//! - Database pushdown: `userName eq "user@example.com"` ([`filters::list_user_filter_uses_database_pushdown`]).
18//! - In-memory evaluation: any other expression accepted by [`filters::parse_filter`],
19//!   including extension attributes stored in SCIM user profiles.
20//!
21//! See the crate README for route coverage and parity notes versus Better Auth.
22
23mod audit;
24mod options;
25mod routes;
26mod schema;
27
28pub mod errors;
29pub mod filters;
30pub mod metadata;
31pub mod resources;
32pub mod validation;
33
34#[cfg(not(feature = "test-util"))]
35pub(crate) mod mappings;
36#[cfg(feature = "test-util")]
37pub mod mappings;
38
39#[cfg(not(feature = "test-util"))]
40pub(crate) mod patch;
41#[cfg(feature = "test-util")]
42pub mod patch;
43
44#[cfg(not(feature = "test-util"))]
45pub(crate) mod store;
46#[cfg(feature = "test-util")]
47pub mod store;
48
49#[cfg(not(feature = "test-util"))]
50pub(crate) mod token;
51#[cfg(feature = "test-util")]
52pub mod token;
53
54pub use audit::ScimAuditEventResolver;
55pub use options::{
56    AfterScimTokenGeneratedHook, AfterScimTokenGeneratedInput, BeforeScimTokenGeneratedHook,
57    BeforeScimTokenGeneratedInput, DefaultScimProvider, ProviderOwnershipOptions, ScimAuditEvent,
58    ScimAuditEventKind, ScimAuditSeverity, ScimBulkMode, ScimDeprovisionMode, ScimHookError,
59    ScimHookFuture, ScimOptions, ScimOrganizationMember, ScimTokenStorage, ScimTokenStorageFuture,
60    ScimTokenTransform,
61};
62
63use rustauth_core::plugin::AuthPlugin;
64
65/// Better Auth upstream plugin identifier used for endpoint and schema parity.
66pub const UPSTREAM_PLUGIN_ID: &str = "scim";
67
68/// Current crate version.
69pub const VERSION: &str = env!("CARGO_PKG_VERSION");
70
71/// Build the server-side SCIM plugin.
72#[must_use]
73pub fn scim(options: ScimOptions) -> AuthPlugin {
74    let mut plugin = AuthPlugin::new(UPSTREAM_PLUGIN_ID).with_version(VERSION);
75
76    for contribution in schema::contributions() {
77        plugin = plugin.with_schema(contribution);
78    }
79    for endpoint in routes::endpoints(options) {
80        plugin = plugin.with_endpoint(endpoint);
81    }
82
83    plugin
84}
rustauth_scim/lib.rs

rustauth_scim/
lib.rs
