Expand description
Server-side SCIM 2.0 provisioning for RustAuth.
§Provider connections
Each row in scim_providers is keyed by a globally unique provider_id
(Better Auth uses the same model). That id names one SCIM integration — for
example a single Okta enterprise app — not a tenant or organization by itself.
Optional organization_id on the row and in the bearer token limits which users
may be provisioned.
If you need two independent tokens for the same vendor, use two provider ids
(okta-workforce, okta-partners). Regenerating a token updates the existing
row via upsert instead of deleting it first.
§List filters
- Database pushdown:
userName eq "user@example.com"(filters::list_user_filter_uses_database_pushdown). - In-memory evaluation: any other expression accepted by
filters::parse_filter, including extension attributes stored in SCIM user profiles.
See the crate README for route coverage and parity notes versus Better Auth.
Modules§
- errors
- SCIM error responses.
- filters
- SCIM filter parsing.
- metadata
- SCIM metadata resources.
- resources
- SCIM resource mapping.
- validation
- SCIM request validation helpers.
Structs§
- After
Scim Token Generated Input - Payload for
after_token_generated. - Before
Scim Token Generated Input - Payload for
before_token_generated. - Default
Scim Provider - A statically configured SCIM provider.
- Provider
Ownership Options - Provider ownership configuration.
- Scim
Audit Event - Audit event emitted by the SCIM plugin.
- Scim
Audit Event Resolver - Async sink for SCIM audit events.
- Scim
Hook Error - Error returned by SCIM hooks to abort a management request.
- Scim
Options - SCIM plugin options.
- Scim
Organization Member - Organization member details passed to SCIM hooks.
Enums§
- Scim
Audit Event Kind - SCIM audit event kind.
- Scim
Audit Severity - Severity level for SCIM audit events.
- Scim
Bulk Mode - How
POST /scim/v2/Bulkapplies database changes. - Scim
Deprovision Mode - How
DELETE /scim/v2/Users/:id(and bulk user delete) deprovisions users. - Scim
Token Storage - Built-in SCIM token storage modes.
Constants§
- UPSTREAM_
PLUGIN_ ID - Better Auth upstream plugin identifier used for endpoint and schema parity.
- VERSION
- Current crate version.
Functions§
- scim
- Build the server-side SCIM plugin.
Type Aliases§
- After
Scim Token Generated Hook - Hook invoked after a SCIM token provider is persisted.
- Before
Scim Token Generated Hook - Hook invoked before a SCIM token provider is persisted.
- Scim
Hook Future - Boxed future returned by SCIM hooks.
- Scim
Token Storage Future - Boxed future returned by custom token storage callbacks.
- Scim
Token Transform - Custom token transformation callback.