rustauth-scim 0.3.0

SCIM support for RustAuth.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

//! Server-side SCIM 2.0 provisioning for RustAuth.
//!
//! # Provider connections
//!
//! Each row in `scim_providers` is keyed by a globally unique `provider_id`
//! (Better Auth uses the same model). That id names one SCIM integration — for
//! example a single Okta enterprise app — not a tenant or organization by itself.
//! Optional `organization_id` on the row and in the bearer token limits which users
//! may be provisioned.
//!
//! If you need two independent tokens for the same vendor, use two provider ids
//! (`okta-workforce`, `okta-partners`). Regenerating a token updates the existing
//! row via upsert instead of deleting it first.
//!
//! # List filters
//!
//! - Database pushdown: `userName eq "user@example.com"` ([`filters::list_user_filter_uses_database_pushdown`]).
//! - In-memory evaluation: any other expression accepted by [`filters::parse_filter`],
//!   including extension attributes stored in SCIM user profiles.
//!
//! See the crate README for route coverage and parity notes versus Better Auth.

mod audit;
mod options;
mod routes;
mod schema;

pub mod errors;
pub mod filters;
pub mod metadata;
pub mod resources;
pub mod validation;

#[cfg(not(feature = "test-util"))]
pub(crate) mod mappings;
#[cfg(feature = "test-util")]
pub mod mappings;

#[cfg(not(feature = "test-util"))]
pub(crate) mod patch;
#[cfg(feature = "test-util")]
pub mod patch;

#[cfg(not(feature = "test-util"))]
pub(crate) mod store;
#[cfg(feature = "test-util")]
pub mod store;

#[cfg(not(feature = "test-util"))]
pub(crate) mod token;
#[cfg(feature = "test-util")]
pub mod token;

pub use audit::ScimAuditEventResolver;
pub use options::{
    AfterScimTokenGeneratedHook, AfterScimTokenGeneratedInput, BeforeScimTokenGeneratedHook,
    BeforeScimTokenGeneratedInput, DefaultScimProvider, ProviderOwnershipOptions, ScimAuditEvent,
    ScimAuditEventKind, ScimAuditSeverity, ScimBulkMode, ScimDeprovisionMode, ScimHookError,
    ScimHookFuture, ScimOptions, ScimOrganizationMember, ScimTokenStorage, ScimTokenStorageFuture,
    ScimTokenTransform,
};

use rustauth_core::plugin::AuthPlugin;

/// Better Auth upstream plugin identifier used for endpoint and schema parity.
pub const UPSTREAM_PLUGIN_ID: &str = "scim";

/// Current crate version.
pub const VERSION: &str = env!("CARGO_PKG_VERSION");

/// Build the server-side SCIM plugin.
#[must_use]
pub fn scim(options: ScimOptions) -> AuthPlugin {
    let mut plugin = AuthPlugin::new(UPSTREAM_PLUGIN_ID).with_version(VERSION);

    for contribution in schema::contributions() {
        plugin = plugin.with_schema(contribution);
    }
    for endpoint in routes::endpoints(options) {
        plugin = plugin.with_endpoint(endpoint);
    }

    plugin
}