From 97332c50c4d454a344827537a9efe41e38c4b3c0 Mon Sep 17 00:00:00 2001 From: Tyler Mairose Date: Thu, 25 Jun 2026 13:27:02 -0400 Subject: [PATCH] Fix authorization issues on the site, missing token and missing auth section --- idn/sailpoint-api.root.yaml | 38 ++++++++++++++++++++++++++++ idn/sailpoint-api.yaml | 37 ++++++++++++++++++++++++++++ scripts/build-idn-root-spec.js | 45 ++++++++++++++++++++++++++++++++++ 3 files changed, 120 insertions(+) diff --git a/idn/sailpoint-api.root.yaml b/idn/sailpoint-api.root.yaml index b2668923..4bc9210a 100644 --- a/idn/sailpoint-api.root.yaml +++ b/idn/sailpoint-api.root.yaml @@ -2470,3 +2470,41 @@ paths: $ref: ./apis/workflows/paths/workflows-v1-execute-external-by-id.yaml /workflows/v1/execute/external/{id}/test: $ref: ./apis/workflows/paths/workflows-v1-execute-external-by-id-test.yaml +components: + securitySchemes: + userAuth: + type: oauth2 + x-displayName: Personal Access Token + description: | + OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow). + + Personal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access. + + See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. + flows: + clientCredentials: + tokenUrl: https://example-tenant.api.identitynow.com/oauth/token + scopes: + sp:scopes:default: default scope + sp:scopes:all: access to all scopes + authorizationCode: + authorizationUrl: https://example-tenant.login.sailpoint.com/oauth/authorize + tokenUrl: https://example-tenant.api.identitynow.com/oauth/token + scopes: + sp:scopes:default: default scope + sp:scopes:all: access to all scopes + applicationAuth: + type: oauth2 + x-displayName: Client Credentials + description: | + OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow). + + Client credentials refers to tokens that are not associated with a user in Identity Security Cloud. + + See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. + flows: + clientCredentials: + tokenUrl: https://example-tenant.api.identitynow.com/oauth/token + scopes: + sp:scopes:default: default scope + sp:scopes:all: access to all scopes diff --git a/idn/sailpoint-api.yaml b/idn/sailpoint-api.yaml index d597572d..eb9473e8 100644 --- a/idn/sailpoint-api.yaml +++ b/idn/sailpoint-api.yaml @@ -52965,6 +52965,43 @@ paths: '500': $ref: '#/components/responses/500' components: + securitySchemes: + userAuth: + type: oauth2 + x-displayName: Personal Access Token + description: | + OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow). + + Personal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access. + + See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. + flows: + clientCredentials: + tokenUrl: https://example-tenant.api.identitynow.com/oauth/token + scopes: + sp:scopes:default: default scope + sp:scopes:all: access to all scopes + authorizationCode: + authorizationUrl: https://example-tenant.login.sailpoint.com/oauth/authorize + tokenUrl: https://example-tenant.api.identitynow.com/oauth/token + scopes: + sp:scopes:default: default scope + sp:scopes:all: access to all scopes + applicationAuth: + type: oauth2 + x-displayName: Client Credentials + description: | + OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow). + + Client credentials refers to tokens that are not associated with a user in Identity Security Cloud. + + See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. + flows: + clientCredentials: + tokenUrl: https://example-tenant.api.identitynow.com/oauth/token + scopes: + sp:scopes:default: default scope + sp:scopes:all: access to all scopes parameters: limit: in: query diff --git a/scripts/build-idn-root-spec.js b/scripts/build-idn-root-spec.js index c9d9f7ab..a0014f9b 100644 --- a/scripts/build-idn-root-spec.js +++ b/scripts/build-idn-root-spec.js @@ -22,6 +22,47 @@ const APIS_DIR = path.join(IDN_DIR, "apis"); const ROOT_SPEC = path.join(IDN_DIR, "sailpoint-api.root.yaml"); const TARGET_SPEC = path.join(IDN_DIR, "sailpoint-api.yaml"); +const SECURITY_SCHEMES = { + userAuth: { + type: "oauth2", + "x-displayName": "Personal Access Token", + description: + "OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow).\n\nPersonal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access.\n\nSee [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.\n", + flows: { + clientCredentials: { + tokenUrl: "https://example-tenant.api.identitynow.com/oauth/token", + scopes: { + "sp:scopes:default": "default scope", + "sp:scopes:all": "access to all scopes", + }, + }, + authorizationCode: { + authorizationUrl: "https://example-tenant.login.sailpoint.com/oauth/authorize", + tokenUrl: "https://example-tenant.api.identitynow.com/oauth/token", + scopes: { + "sp:scopes:default": "default scope", + "sp:scopes:all": "access to all scopes", + }, + }, + }, + }, + applicationAuth: { + type: "oauth2", + "x-displayName": "Client Credentials", + description: + "OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow).\n\nClient credentials refers to tokens that are not associated with a user in Identity Security Cloud.\n\nSee [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.\n", + flows: { + clientCredentials: { + tokenUrl: "https://example-tenant.api.identitynow.com/oauth/token", + scopes: { + "sp:scopes:default": "default scope", + "sp:scopes:all": "access to all scopes", + }, + }, + }, + }, +}; + function buildRootSpec() { const existing = yaml.load(fs.readFileSync(ROOT_SPEC, "utf8")); @@ -66,6 +107,10 @@ function buildRootSpec() { root.tags = allTags; root.paths = allPaths; + root.components = { + ...(existing.components || {}), + securitySchemes: SECURITY_SCHEMES, + }; fs.writeFileSync(ROOT_SPEC, yaml.dump(root, { lineWidth: -1, noRefs: true }), "utf8"); console.log(`Written idn/sailpoint-api.root.yaml (${Object.keys(allPaths).length} paths, ${allTags.length} tags)`);