From a90a84f4cdb6e2827914cc73d8a9939cf61b858c Mon Sep 17 00:00:00 2001 From: Mark Wylde Date: Tue, 10 Mar 2026 21:29:16 +0000 Subject: [PATCH 1/3] fix(user-ui): remove legacy groups scope description --- packages/user-ui/src/pages/Authorize.tsx | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/user-ui/src/pages/Authorize.tsx b/packages/user-ui/src/pages/Authorize.tsx index 905b474..e4e98cf 100644 --- a/packages/user-ui/src/pages/Authorize.tsx +++ b/packages/user-ui/src/pages/Authorize.tsx @@ -166,8 +166,6 @@ function getScopeDescription(scope: string): string { return "Access your basic profile information"; case "email": return "Access your email address"; - case "groups": - return "Access your group memberships"; case "permissions": return "Access your permissions"; default: From 7bf1887fc0708b359191059393e4ffa3c57ae6a1 Mon Sep 17 00:00:00 2001 From: Mark Wylde Date: Tue, 10 Mar 2026 21:29:27 +0000 Subject: [PATCH 2/3] docs(brochureware): remove legacy group references --- packages/brochureware/src/pages/Features.tsx | 10 +++++----- packages/brochureware/src/pages/docs/api/Admin.tsx | 9 +++------ .../brochureware/src/pages/docs/api/ApiOverview.tsx | 2 +- .../src/pages/docs/developers/client-apis/UsersApi.tsx | 1 - .../brochureware/src/pages/docs/guides/OtpPolicy.tsx | 4 ++-- 5 files changed, 11 insertions(+), 15 deletions(-) diff --git a/packages/brochureware/src/pages/Features.tsx b/packages/brochureware/src/pages/Features.tsx index bce261e..098f203 100644 --- a/packages/brochureware/src/pages/Features.tsx +++ b/packages/brochureware/src/pages/Features.tsx @@ -37,7 +37,7 @@ const features: Feature[] = [ title: "TOTP MFA (Users & Admins)", bullets: [ "Setup and verify with backup codes", - "Per-group and cohort enforcement with rate limits", + "Per-organization enforcement with rate limits", "AMR includes otp; ACR indicates MFA", ], tags: ["OTP", "TOTP", "MFA"], @@ -84,7 +84,7 @@ const features: Feature[] = [ icon: Settings, title: "Admin: Clients, Settings, RBAC", bullets: [ - "Manage clients, settings, users, groups, permissions", + "Manage clients, settings, users, roles, permissions, and organizations", "JWKS list and rotate", "OpenAPI served for Admin APIs", ], @@ -119,10 +119,10 @@ const features: Feature[] = [ }, { icon: Hash, - title: "Claims: Permissions and Groups", + title: "Claims: Permissions", bullets: [ - "ID tokens can include permissions and groups", - "Computed from direct and group‑derived access", + "ID tokens can include permissions", + "Computed from direct and organization role-derived access", ], tags: ["Custom Claims"], }, diff --git a/packages/brochureware/src/pages/docs/api/Admin.tsx b/packages/brochureware/src/pages/docs/api/Admin.tsx index 6b749d9..027279f 100644 --- a/packages/brochureware/src/pages/docs/api/Admin.tsx +++ b/packages/brochureware/src/pages/docs/api/Admin.tsx @@ -13,7 +13,6 @@ POST /admin/users GET /admin/users/{sub} PATCH /admin/users/{sub} DELETE /admin/users/{sub} -PUT /admin/users/{sub}/groups GET /admin/users/{sub}/permissions`; const authzOps = `GET /admin/clients @@ -21,9 +20,7 @@ POST /admin/clients GET /admin/roles POST /admin/roles GET /admin/permissions -POST /admin/permissions -GET /admin/groups -POST /admin/groups`; +POST /admin/permissions`; const adminApiPage = () => { return ( @@ -67,7 +64,7 @@ const adminApiPage = () => { {userOps}

- Includes admin user CRUD and user-to-group/permission management. + Includes admin user CRUD and direct permission management.

@@ -81,7 +78,7 @@ const adminApiPage = () => { {authzOps}

- Manage clients, roles, permissions, groups, and org structures. + Manage clients, roles, permissions, and org structures.

diff --git a/packages/brochureware/src/pages/docs/api/ApiOverview.tsx b/packages/brochureware/src/pages/docs/api/ApiOverview.tsx index c1fde5e..70c5f42 100644 --- a/packages/brochureware/src/pages/docs/api/ApiOverview.tsx +++ b/packages/brochureware/src/pages/docs/api/ApiOverview.tsx @@ -47,7 +47,7 @@ const ApiOverviewPage = () => { diff --git a/packages/brochureware/src/pages/docs/developers/client-apis/UsersApi.tsx b/packages/brochureware/src/pages/docs/developers/client-apis/UsersApi.tsx index 297c64a..ae88418 100644 --- a/packages/brochureware/src/pages/docs/developers/client-apis/UsersApi.tsx +++ b/packages/brochureware/src/pages/docs/developers/client-apis/UsersApi.tsx @@ -69,7 +69,6 @@ const managementResponseExample = `{ "email": "target@example.com", "name": "Directory Target", "createdAt": "2026-01-24T19:17:27.000Z", - "groups": ["support", "ops"], "permissions": ["darkauth.users:read"] } ] diff --git a/packages/brochureware/src/pages/docs/guides/OtpPolicy.tsx b/packages/brochureware/src/pages/docs/guides/OtpPolicy.tsx index 25c24ac..d6581ef 100644 --- a/packages/brochureware/src/pages/docs/guides/OtpPolicy.tsx +++ b/packages/brochureware/src/pages/docs/guides/OtpPolicy.tsx @@ -23,8 +23,8 @@ const OtpPolicyPage = () => {

- OTP in DarkAuth is implemented as an explicit policy layer. It can be enabled for users, users - in groups, or role-based scenarios where step-up authentication is required. + OTP in DarkAuth is implemented as an explicit policy layer. It can be enabled for users, + organizations, or role-based scenarios where step-up authentication is required.

From 41479eae2d11143d8adba64b8a840ab2367a4cd4 Mon Sep 17 00:00:00 2001 From: Mark Wylde Date: Tue, 10 Mar 2026 21:29:30 +0000 Subject: [PATCH 3/3] test(test-suite): rename default organization specs --- .../default-organization.spec.ts} | 2 +- ...signment.spec.ts => default-organization-membership.spec.ts} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename packages/test-suite/tests/admin/{groups/groups-default.spec.ts => organizations/default-organization.spec.ts} (96%) rename packages/test-suite/tests/admin/users/{default-group-assignment.spec.ts => default-organization-membership.spec.ts} (98%) diff --git a/packages/test-suite/tests/admin/groups/groups-default.spec.ts b/packages/test-suite/tests/admin/organizations/default-organization.spec.ts similarity index 96% rename from packages/test-suite/tests/admin/groups/groups-default.spec.ts rename to packages/test-suite/tests/admin/organizations/default-organization.spec.ts index 6c20ea4..475f0f1 100644 --- a/packages/test-suite/tests/admin/groups/groups-default.spec.ts +++ b/packages/test-suite/tests/admin/organizations/default-organization.spec.ts @@ -11,7 +11,7 @@ test.describe('Admin - Organizations Default', () => { let adminCred = { email: FIXED_TEST_ADMIN.email, password: FIXED_TEST_ADMIN.password }; test.beforeAll(async () => { - servers = await createTestServers({ testName: 'admin-groups-default' }); + servers = await createTestServers({ testName: 'admin-organizations-default' }); await installDarkAuth({ adminUrl: servers.adminUrl, adminEmail: FIXED_TEST_ADMIN.email, diff --git a/packages/test-suite/tests/admin/users/default-group-assignment.spec.ts b/packages/test-suite/tests/admin/users/default-organization-membership.spec.ts similarity index 98% rename from packages/test-suite/tests/admin/users/default-group-assignment.spec.ts rename to packages/test-suite/tests/admin/users/default-organization-membership.spec.ts index 48cbd8d..da15455 100644 --- a/packages/test-suite/tests/admin/users/default-group-assignment.spec.ts +++ b/packages/test-suite/tests/admin/users/default-organization-membership.spec.ts @@ -9,7 +9,7 @@ test.describe('Admin - Default organization membership', () => { let servers: TestServers; test.beforeAll(async () => { - servers = await createTestServers({ testName: 'admin-default-group-assignment' }); + servers = await createTestServers({ testName: 'admin-default-organization-membership' }); await installDarkAuth({ adminUrl: servers.adminUrl, adminEmail: FIXED_TEST_ADMIN.email,