fix(terraform-provider-jans): update terraform module

fix(terraform-provider-jans): update terraform module

CHANGELOG.md

@@ -1,5 +1,25 @@
 # Changelog
 
+## [0.8.0](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.7.3...v0.8.0) (2023-09-27)
+
+
+### Features
+
+* fixed app configuration, OIDC client, and attribute type to match latest API 
+
+
+### Bug Fixes
+
+* added new attributes to app config, client, custom scripts to match latest API version 
+
+## [0.7.4](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.7.4...v0.7.4) (2023-09-28)
+
+
+### Bug Fixes
+
+* fixed app configuration, OIDC client, and attribute type to match latest API 
+
+
 ## [0.7.3](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.7.2...v0.7.3) (2023-07-28)
 
 

docs/resources/app_configuration.md

@@ -39,6 +39,9 @@ resource "jans_app_configuration" "global" {
 - `authentication_filters` (Block List) List of authentication filters. (see [below for nested schema](#nestedblock--authentication_filters))
 - `authentication_filters_enabled` (Boolean) Boolean value specifying whether to enable user authentication filters.
 - `authentication_protection_configuration` (Block List, Max: 1) Authentication Brute Force Protection Configuration. (see [below for nested schema](#nestedblock--authentication_protection_configuration))
+- `authorization_challenge_default_acr` (String) Default ACR for authorization challenge.
+- `authorization_challenge_endpoint` (String) The authorization challenge endpoint URL.
+- `authorization_challenge_should_generate_session` (Boolean) Boolean value specifying whether to generate session for authorization challenge.
 - `authorization_code_lifetime` (Number) The lifetime of the Authorization Code.
 - `authorization_encryption_alg_values_supported` (List of String) A list of the authorization encryption algorithms supported.
 - `authorization_encryption_enc_values_supported` (List of String) A list of the authorization encryption algorithms supported.
@@ -84,8 +87,10 @@ resource "jans_app_configuration" "global" {
 - `css_location` (String) The location for CSS files.
 - `custom_headers_with_authorization_response` (Boolean) Boolean value specifying whether to enable Custom Response Header parameter to return custom headers with the Authorization Response.
 - `date_formatter_patterns` (Map of String) Data formatter patterns.
+- `dcr_attestation_evidence_required` (Boolean) Boolean value indicating if DCR attestation evidence is required.
 - `dcr_authorization_with_client_credentials` (Boolean) Boolean value indicating if DCR authorization to be performed using client credentials.
 - `dcr_authorization_with_mtls` (Boolean) Boolean value indicating if DCR authorization allowed with MTLS.
+- `dcr_forbid_expiration_time_in_request` (Boolean) Boolean value to specify if the expiration time should be forbidden in DCR request.
 - `dcr_signature_validation_enabled` (Boolean) Boolean value enables DCR signature validation. Default is false.
 - `dcr_signature_validation_jwks` (String) Specifies JWKS for all DCR's validations.
 - `dcr_signature_validation_jwks_uri` (String) Specifies JWKS URI for all DCR's validations.
@@ -208,6 +213,7 @@ resource "jans_app_configuration" "global" {
 - `logging_level` (String) Logging level for jans-auth logger.
 - `metric_reporter_interval` (Number) The interval for metric reporter in seconds.
 - `metric_reporter_keep_data_days` (Number) The days to keep metric reported data.
+- `mtls_authorization_challenge_endpoint` (String) URL for Mutual TLS Client Authentication and Certificate-Bound Access Tokens (MTLS) Challenge Endpoint.
 - `mtls_authorization_endpoint` (String) URL for Mutual TLS Client Authentication and Certificate-Bound Access Tokens (MTLS) Endpoint.
 							Example: 'https://server.example.com/jans-auth/restv1/mtls'
 - `mtls_check_session_iframe` (String) URL for MTLS IFrame that supports cross-origin communications for session state information with the RP 

docs/resources/oidc_client.md

@@ -140,6 +140,7 @@ Optional:
 - `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
 - `consent_gathering_scripts` (List of String) List of consent gathering scripts.
 - `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
+- `evidence` (String) Specifies the evidence that the client presents to the authorization server.
 - `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
 - `introspection_scripts` (List of String) List of introspection scripts.
 - `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.

docs/resources/scope.md

@@ -199,6 +199,7 @@ Optional:
 - `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
 - `consent_gathering_scripts` (List of String) List of consent gathering scripts.
 - `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
+- `evidence` (String) Specifies the evidence that the client presents to the authorization server.
 - `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
 - `introspection_scripts` (List of String) List of introspection scripts.
 - `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.

jans/app_configuration.go

@@ -106,6 +106,7 @@ type AppConfiguration struct {
 	Issuer                                                    string                                `schema:"issuer" json:"issuer"`
 	BaseEndpoint                                              string                                `schema:"base_endpoint" json:"baseEndpoint"`
 	AuthorizationEndpoint                                     string                                `schema:"authorization_endpoint" json:"authorizationEndpoint"`
+	AuthorizationChallengeEndpoint                            string                                `schema:"authorization_challenge_endpoint" json:"authorizationChallengeEndpoint"`
 	TokenEndpoint                                             string                                `schema:"token_endpoint" json:"tokenEndpoint"`
 	TokenRevocationEndpoint                                   string                                `schema:"token_revocation_endpoint" json:"tokenRevocationEndpoint"`
 	UserInfoEndpoint                                          string                                `schema:"userinfo_endpoint" json:"userInfoEndpoint"`
@@ -122,6 +123,7 @@ type AppConfiguration struct {
 	RequirePar                                                bool                                  `schema:"require_par" json:"requirePar"`
 	DeviceAuthzEndpoint                                       string                                `schema:"device_authz_endpoint" json:"deviceAuthzEndpoint"`
 	MtlsAuthorizationEndpoint                                 string                                `schema:"mtls_authorization_endpoint" json:"mtlsAuthorizationEndpoint"`
+	MtlsAuthorizationChallengeEndpoint                        string                                `schema:"mtls_authorization_challenge_endpoint" json:"mtlsAuthorizationChallengeEndpoint"`
 	MtlsTokenEndpoint                                         string                                `schema:"mtls_token_endpoint" json:"mtlsTokenEndpoint"`
 	MtlsTokenRevocationEndpoint                               string                                `schema:"mtls_token_revocation_endpoint" json:"mtlsTokenRevocationEndpoint"`
 	MtlsUserInfoEndpoint                                      string                                `schema:"mtls_user_info_endpoint" json:"mtlsUserInfoEndpoint"`
@@ -309,6 +311,7 @@ type AppConfiguration struct {
 	DcrSignatureValidationJwksUri                             string                                `schema:"dcr_signature_validation_jwks_uri" json:"dcrSignatureValidationJwksUri"`
 	DcrAuthorizationWithClientCredentials                     bool                                  `schema:"dcr_authorization_with_client_credentials" json:"dcrAuthorizationWithClientCredentials"`
 	DcrAuthorizationWithMTLS                                  bool                                  `schema:"dcr_authorization_with_mtls" json:"dcrAuthorizationWithMTLS"`
+	DcrAttestationEvidenceRequired                            bool                                  `schema:"dcr_attestation_evidence_required" json:"dcrAttestationEvidenceRequired"`
 	TrustedSSAIssuers                                         []TrustedIssuerConfig                 `schema:"trusted_ssa_issuers" json:"trustedSsaIssuers"`
 	UseLocalCache                                             bool                                  `schema:"use_local_cache" json:"useLocalCache"`
 	FapiCompatibility                                         bool                                  `schema:"fapi_compatibility" json:"fapiCompatibility"`
@@ -368,11 +371,13 @@ type AppConfiguration struct {
 	DcrSsaValidationConfigs                                   []SsaValidationConfig                 `schema:"dcr_ssa_validation_configs" json:"dcrSsaValidationConfigs"`
 	SsaConfiguration                                          SsaConfiguration                      `schema:"ssa_configuration" json:"ssaConfiguration"`
 	BlockWebviewAuthorizationEnabled                          bool                                  `schema:"block_webview_authorization_enabled" json:"blockWebviewAuthorizationEnabled"`
+	AuthorizationChallengeDefaultAcr                          string                                `schema:"authorization_challenge_default_acr" json:"authorizationChallengeDefaultAcr"`
+	AuthorizationChallengeShouldGenerateSession               bool                                  `schema:"authorization_challenge_should_generate_session" json:"authorizationChallengeShouldGenerateSession"`
 	DateFormatterPatterns                                     map[string]string                     `schema:"date_formatter_patterns" json:"dateFormatterPatterns"`
 	AllResponseTypesSupported                                 []string                              `schema:"all_response_types_supported" json:"allResponseTypesSupported"`
 	HttpLoggingResponseBodyContent                            bool                                  `schema:"http_logging_response_body_content" json:"httpLoggingResponseBodyContent"`
-	SkipAuthenticationFilterOptionsMethod                     bool                                  `schema:"skip_authentication_filter_options_method" json:"skipAuthenticationFilterOptionsMethod"`
 	Fapi                                                      bool                                  `schema:"fapi" json:"fapi"`
+	SkipAuthenticationFilterOptionsMethod                     bool                                  `schema:"skip_authentication_filter_options_method" json:"skipAuthenticationFilterOptionsMethod"`
 }
 
 // GetAppConfiguration returns all Janssen authorization server configuration

jans/attributes.go

@@ -14,7 +14,7 @@ type AttributeValidation struct {
 	MaxLength int    `schema:"max_length" json:"maxLength,omitempty"`
 }
 
-// Attribute represents a single Gluu attribute.
+// Attribute represents a single Jans attribute.
 type Attribute struct {
 	Dn                     string               `schema:"dn" json:"dn,omitempty"`
 	Selected               bool                 `schema:"selected" json:"selected,omitempty"`
@@ -52,7 +52,7 @@ type Attribute struct {
 	BaseDn                 string               `schema:"base_dn" json:"baseDn,omitempty"`
 }
 
-// GetAttributes returns a list of all Gluu attributes currently configured
+// GetAttributes returns a list of all Jans attributes currently configured
 // in the server.
 func (c *Client) GetAttributes(ctx context.Context) ([]Attribute, error) {
 
@@ -76,7 +76,7 @@ func (c *Client) GetAttributes(ctx context.Context) ([]Attribute, error) {
 	return resp.Data, nil
 }
 
-// GetAttribute returns a single attribute, identified by its inum.
+// GetAttribute returns a single Jans attribute, identified by its inum.
 func (c *Client) GetAttribute(ctx context.Context, inum string) (*Attribute, error) {
 
 	if inum == "" {
@@ -98,7 +98,7 @@ func (c *Client) GetAttribute(ctx context.Context, inum string) (*Attribute, err
 	return ret, nil
 }
 
-// CreateAttribute creates a new attribute.
+// CreateAttribute creates a new Jans attribute.
 func (c *Client) CreateAttribute(ctx context.Context, attr *Attribute) (*Attribute, error) {
 
 	if attr == nil {
@@ -119,7 +119,7 @@ func (c *Client) CreateAttribute(ctx context.Context, attr *Attribute) (*Attribu
 	return ret, nil
 }
 
-// UpdateAttribute updates an existing attribute.
+// UpdateAttribute updates an existing Jans attribute.
 func (c *Client) UpdateAttribute(ctx context.Context, attr *Attribute) (*Attribute, error) {
 
 	if attr == nil {
@@ -142,7 +142,7 @@ func (c *Client) UpdateAttribute(ctx context.Context, attr *Attribute) (*Attribu
 	return ret, nil
 }
 
-// DeleteAttribute deletes the attribute with the given inum.
+// DeleteAttribute deletes the Jans attribute with the given inum.
 func (c *Client) DeleteAttribute(ctx context.Context, inum string) error {
 
 	if inum == "" {

jans/oidc_client.go

@@ -39,6 +39,7 @@ type OidcClientAttribute struct {
 	AdditionalTokenEndpointAuthMethods      []string `schema:"additional_token_endpoint_auth_methods" json:"additionalTokenEndpointAuthMethods,omitempty"`
 	MinimumAcrPriorityList                  []string `schema:"minimum_acr_priority_list" json:"minimumAcrPriorityList,omitempty"`
 	RequestedLifetime                       int      `schema:"requested_lifetime" json:"requestedLifetime,omitempty"`
+	Evidence                                string   `schema:"evidence" json:"evidence,omitempty"`
 }
 
 // OidcClient is the definition of an OpenId Connect Client.

provider/resource_app_configuration.go

@@ -171,6 +171,12 @@ func resourceAppConfiguration() *schema.Resource {
 				Description:      "The authorization endpoint URL. Example: https://server.example.com/restv1/authorize",
 				ValidateDiagFunc: validateURL,
 			},
+			"authorization_challenge_endpoint": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				Description:      "The authorization challenge endpoint URL.",
+				ValidateDiagFunc: validateURL,
+			},
 			"token_endpoint": {
 				Type:             schema.TypeString,
 				Optional:         true,
@@ -267,6 +273,12 @@ func resourceAppConfiguration() *schema.Resource {
 							Example: 'https://server.example.com/jans-auth/restv1/mtls'`,
 				ValidateDiagFunc: validateURL,
 			},
+			"mtls_authorization_challenge_endpoint": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				Description:      `URL for Mutual TLS Client Authentication and Certificate-Bound Access Tokens (MTLS) Challenge Endpoint.`,
+				ValidateDiagFunc: validateURL,
+			},
 			"mtls_token_endpoint": {
 				Type:             schema.TypeString,
 				Optional:         true,
@@ -1587,6 +1599,11 @@ func resourceAppConfiguration() *schema.Resource {
 				Optional:    true,
 				Description: "Boolean value indicating if DCR authorization allowed with MTLS.",
 			},
+			"dcr_attestation_evidence_required": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Boolean value indicating if DCR attestation evidence is required.",
+			},
 			"trusted_ssa_issuers": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -2052,6 +2069,16 @@ func resourceAppConfiguration() *schema.Resource {
 				Optional:    true,
 				Description: "Boolean value specifying whether to block webview authorization.",
 			},
+			"authorization_challenge_default_acr": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Default ACR for authorization challenge.",
+			},
+			"authorization_challenge_should_generate_session": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Boolean value specifying whether to generate session for authorization challenge.",
+			},
 			"date_formatter_patterns": {
 				Type:        schema.TypeMap,
 				Optional:    true,
@@ -2070,6 +2097,11 @@ func resourceAppConfiguration() *schema.Resource {
 				Optional:    true,
 				Description: "Boolean value specifying whether to skip authentication filter for options method calls.",
 			},
+			"fapi": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Boolean value specifying whether to enable FAPI.",
+			},
 			"all_response_types_supported": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -2084,11 +2116,6 @@ func resourceAppConfiguration() *schema.Resource {
 					},
 				},
 			},
-			"fapi": {
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Description: "Boolean value specifying whether to enable FAPI.",
-			},
 		},
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,

provider/resource_oidc_client.go

@@ -692,6 +692,11 @@ func resourceOidcClient() *schema.Resource {
 							Optional:    true,
 							Description: "List of requested lifetime.",
 						},
+						"evidence": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: "Specifies the evidence that the client presents to the authorization server.",
+						},
 					},
 				},
 			},

provider/resource_script.go

@@ -65,12 +65,33 @@ func resourceScript() *schema.Resource {
 				ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
 
 					enums := []string{
-						"person_authentication", "introspection", "resource_owner_password_credentials",
-						"application_session", "cache_refresh", "client_registration", "id_generator",
-						"uma_rpt_policy", "uma_rpt_claims", "uma_claims_gathering", "consent_gathering",
-						"dynamic_scope", "spontaneous_scope", "end_session", "post_authn", "select_account",
-						"scim", "ciba_end_user_notification", "revoke_token", "persistence_extension",
-						"idp", "discovery", "update_token", "config_api",
+						"person_authentication",
+						"authorization_challenge",
+						"introspection",
+						"resource_owner_password_credentials",
+						"application_session",
+						"cache_refresh",
+						"client_registration",
+						"id_generator",
+						"uma_rpt_policy",
+						"uma_rpt_claims",
+						"uma_claims_gathering",
+						"consent_gathering",
+						"dynamic_scope",
+						"spontaneous_scope",
+						"end_session",
+						"post_authn",
+						"select_account",
+						"scim",
+						"ciba_end_user_notification",
+						"revoke_token",
+						"persistence_extension",
+						"idp",
+						"discovery",
+						"update_token",
+						"config_api_auth",
+						"modify_ssa_response",
+						"fido2_extension",
 					}
 					return validateEnum(v, enums)
 				},