Fix authorization issues on the site, missing token and missing auth …

idn/sailpoint-api.root.yaml

@@ -2470,3 +2470,41 @@ paths:
     $ref: ./apis/workflows/paths/workflows-v1-execute-external-by-id.yaml
   /workflows/v1/execute/external/{id}/test:
     $ref: ./apis/workflows/paths/workflows-v1-execute-external-by-id-test.yaml
+components:
+  securitySchemes:
+    userAuth:
+      type: oauth2
+      x-displayName: Personal Access Token
+      description: |
+        OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow).
+
+        Personal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access.
+
+        See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
+      flows:
+        clientCredentials:
+          tokenUrl: https://example-tenant.api.identitynow.com/oauth/token
+          scopes:
+            sp:scopes:default: default scope
+            sp:scopes:all: access to all scopes
+        authorizationCode:
+          authorizationUrl: https://example-tenant.login.sailpoint.com/oauth/authorize
+          tokenUrl: https://example-tenant.api.identitynow.com/oauth/token
+          scopes:
+            sp:scopes:default: default scope
+            sp:scopes:all: access to all scopes
+    applicationAuth:
+      type: oauth2
+      x-displayName: Client Credentials
+      description: |
+        OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow).
+
+        Client credentials refers to tokens that are not associated with a user in Identity Security Cloud.
+
+        See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
+      flows:
+        clientCredentials:
+          tokenUrl: https://example-tenant.api.identitynow.com/oauth/token
+          scopes:
+            sp:scopes:default: default scope
+            sp:scopes:all: access to all scopes

idn/sailpoint-api.yaml

@@ -52965,6 +52965,43 @@ paths:
         '500':
           $ref: '#/components/responses/500'
 components:
+  securitySchemes:
+    userAuth:
+      type: oauth2
+      x-displayName: Personal Access Token
+      description: |
+        OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow).
+
+        Personal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access.
+
+        See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
+      flows:
+        clientCredentials:
+          tokenUrl: https://example-tenant.api.identitynow.com/oauth/token
+          scopes:
+            sp:scopes:default: default scope
+            sp:scopes:all: access to all scopes
+        authorizationCode:
+          authorizationUrl: https://example-tenant.login.sailpoint.com/oauth/authorize
+          tokenUrl: https://example-tenant.api.identitynow.com/oauth/token
+          scopes:
+            sp:scopes:default: default scope
+            sp:scopes:all: access to all scopes
+    applicationAuth:
+      type: oauth2
+      x-displayName: Client Credentials
+      description: |
+        OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow).
+
+        Client credentials refers to tokens that are not associated with a user in Identity Security Cloud.
+
+        See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
+      flows:
+        clientCredentials:
+          tokenUrl: https://example-tenant.api.identitynow.com/oauth/token
+          scopes:
+            sp:scopes:default: default scope
+            sp:scopes:all: access to all scopes
   parameters:
     limit:
       in: query

scripts/build-idn-root-spec.js

@@ -22,6 +22,47 @@ const APIS_DIR    = path.join(IDN_DIR, "apis");
 const ROOT_SPEC   = path.join(IDN_DIR, "sailpoint-api.root.yaml");
 const TARGET_SPEC = path.join(IDN_DIR, "sailpoint-api.yaml");
 
+const SECURITY_SCHEMES = {
+  userAuth: {
+    type: "oauth2",
+    "x-displayName": "Personal Access Token",
+    description:
+      "OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow).\n\nPersonal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access.\n\nSee [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.\n",
+    flows: {
+      clientCredentials: {
+        tokenUrl: "https://example-tenant.api.identitynow.com/oauth/token",
+        scopes: {
+          "sp:scopes:default": "default scope",
+          "sp:scopes:all": "access to all scopes",
+        },
+      },
+      authorizationCode: {
+        authorizationUrl: "https://example-tenant.login.sailpoint.com/oauth/authorize",
+        tokenUrl: "https://example-tenant.api.identitynow.com/oauth/token",
+        scopes: {
+          "sp:scopes:default": "default scope",
+          "sp:scopes:all": "access to all scopes",
+        },
+      },
+    },
+  },
+  applicationAuth: {
+    type: "oauth2",
+    "x-displayName": "Client Credentials",
+    description:
+      "OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow).\n\nClient credentials refers to tokens that are not associated with a user in Identity Security Cloud.\n\nSee [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.\n",
+    flows: {
+      clientCredentials: {
+        tokenUrl: "https://example-tenant.api.identitynow.com/oauth/token",
+        scopes: {
+          "sp:scopes:default": "default scope",
+          "sp:scopes:all": "access to all scopes",
+        },
+      },
+    },
+  },
+};
+
 function buildRootSpec() {
   const existing = yaml.load(fs.readFileSync(ROOT_SPEC, "utf8"));
 
@@ -66,6 +107,10 @@ function buildRootSpec() {
 
   root.tags  = allTags;
   root.paths = allPaths;
+  root.components = {
+    ...(existing.components || {}),
+    securitySchemes: SECURITY_SCHEMES,
+  };
 
   fs.writeFileSync(ROOT_SPEC, yaml.dump(root, { lineWidth: -1, noRefs: true }), "utf8");
   console.log(`Written idn/sailpoint-api.root.yaml (${Object.keys(allPaths).length} paths, ${allTags.length} tags)`);