Add Inbound apps (#424)

* add third party app + consents api

* add readme

* add third party app patch
add third party app get secret
add third party app rotate secret

* Rename to Inbound Applications, add new params, add managementCli

* with new files

* PR fixes

* remove consts

* update cr cmments

* typo fix

* Revert "typo fix"

This reverts commit d233e21.

* typo fix

---------

Co-authored-by: talaharoni <tal@descope.com>

Author: Bars92

README.md

@@ -634,29 +634,29 @@ await descopeClient.management.password.configureSettings('my-tenant-id', {
 You can create, update, delete or load SSO applications:
 
 ```typescript
-// Create OIDC sso application
+// Create OIDC SSO application
 await descopeClient.management.ssoApplication.createOidcApplication({
   name: 'My OIDC app name',
   loginPageUrl: 'http://dummy.com/login',
 });
 
-// Create SAML sso application
+// Create SAML SSO application
 await descopeClient.management.ssoApplication.createSamlApplication({
   name: 'My SAML app name',
   loginPageUrl: 'http://dummy.com/login',
   useMetadataInfo: true,
   metadataUrl: 'http://dummy.com/metadata',
 });
 
-// Update OIDC sso application.
+// Update OIDC SSO application.
 // Update will override all fields as is. Use carefully.
 await descopeClient.management.ssoApplication.updateOidcApplication({
   id: 'my-app-id',
   name: 'My OIDC app name',
   loginPageUrl: 'http://dummy.com/login',
 });
 
-// Update SAML sso application.
+// Update SAML SSO application.
 // Update will override all fields as is. Use carefully.
 await descopeClient.management.ssoApplication.updateSamlApplication({
   id: 'my-app-id',
@@ -669,13 +669,13 @@ await descopeClient.management.ssoApplication.updateSamlApplication({
   certificate: 'certificate',
 });
 
-// Tenant deletion cannot be undone. Use carefully.
+// SSO application deletion cannot be undone. Use carefully.
 await descopeClient.management.ssoApplication.delete('my-app-id');
 
-// Load sso application by id
+// Load SSO application by id
 const app = await descopeClient.management.ssoApplication.load('my-app-id');
 
-// Load all sso applications
+// Load all SSO applications
 const appsRes = await descopeClient.management.ssoApplication.loadAll();
 appsRes.data.forEach((app) => {
   // do something
@@ -1259,6 +1259,88 @@ const relations = await descopeClient.management.fga.check([
 ]);
 ```
 
+### Manage Inbound Applications
+
+You can create, update, delete or load inbound applications:
+
+```typescript
+// Create an inbound application.
+const { id, cleartext: secret } =
+  await descopeClient.management.inboundApplication.createApplication({
+    name: 'my new app',
+    description: 'my desc',
+    logo: 'data:image/png;..',
+    approvedCallbackUrls: ['dummy.com'],
+    permissionsScopes: [
+      {
+        name: 'read_support',
+        description: 'read for support',
+        values: ['Support'],
+      },
+    ],
+    attributesScopes: [
+      {
+        name: 'read_email',
+        description: 'read user email',
+        values: ['email'],
+      },
+    ],
+    loginPageUrl: 'http://dummy.com/login',
+  });
+
+// Update an inbound application.
+// Update will override all fields as is. Use carefully.
+await descopeClient.management.inboundApplication.updateApplication({
+  id: 'my-app-id',
+  name: 'my updated app',
+  loginPageUrl: 'http://dummy.com/login',
+  approvedCallbackUrls: ['dummy.com', 'myawesomedomain.com'],
+});
+
+// Patch an inbound application.
+// patch will not override all fields, but update only what given.
+await descopeClient.management.inboundApplication.patchApplication({
+  id: 'my-app-id',
+  name: 'my updated app name',
+  description: 'my new description',
+});
+
+// delete an inbound application by id.
+// inbound application deletion cannot be undone. Use carefully.
+await descopeClient.management.inboundApplication.deleteApplication('my-app-id');
+
+// Load an inbound application by id
+const app = await descopeClient.management.inboundApplication.loadApplication('my-app-id');
+
+// Load all inbound applications
+const appsRes = await descopeClient.management.inboundApplication.loadAllApplications();
+appsRes.data.forEach((app) => {
+  // do something
+});
+
+// Get an inbound application secret by application id.
+const { cleartext } = await descopeClient.management.inboundApplication.getApplicationSecret(
+  'my-app-id',
+);
+
+// Rotate an inbound application secret by application id.
+const { cleartext } = await descopeClient.management.inboundApplication.rotateApplicationSecret(
+  'my-app-id',
+);
+
+// Search in all consents. search consents by the given app id and offset to the third page.
+const consentsRes = await descopeClient.management.inboundApplication.searchConsents({
+  appId: 'my-app',
+  page: 2,
+});
+
+// Delete consents. delete all user consents, application consents or specific consents by id.
+// inbound application consents deletion cannot be undone. Use carefully.
+await descopeClient.management.inboundApplication.deleteConsents({
+  userIds: ['user'],
+});
+```
+
 ### Utils for your end to end (e2e) tests and integration tests
 
 To ease your e2e tests, we exposed dedicated management methods,

examples/managementCli/src/index.ts

@@ -448,6 +448,135 @@ program
     handleSdkRes(await sdk.management.password.getSettings(tenantId));
   });
 
+// *** Inbound application commands ***
+
+// inbound-application-create
+program
+  .command('inbound-application-create')
+  .description('Create a new inbound application')
+  .argument('<name>', 'Inbound application name')
+  .argument('<permission-scope-items>', 'Inbound application permission scopes', (val) =>
+    val?.split(','),
+  )
+  .action(async (name, permissionsScopes) => {
+    handleSdkRes(
+      await sdk.management.inboundApplication.createApplication({
+        name,
+        permissionsScopes: JSON.parse(permissionsScopes)?.map((permissionsScope: any) => {
+          return {
+            name: permissionsScope.name,
+            description: permissionsScope.description,
+            values: permissionsScope.values,
+            optional: permissionsScope.optional,
+          };
+        }),
+      }),
+    );
+  });
+
+// inbound-application-update
+program
+  .command('inbound-application-update')
+  .description('Update an inbound application')
+  .argument('<id>', 'Inbound application ID')
+  .argument('<name>', 'Inbound application name')
+  .argument('<permission-scope-items>', 'Inbound application permission scopes', (val) =>
+    val?.split(','),
+  )
+  .action(async (id, name, permissionsScopes) => {
+    handleSdkRes(
+      await sdk.management.inboundApplication.updateApplication({
+        id,
+        name,
+        permissionsScopes: JSON.parse(permissionsScopes)?.map((permissionsScope: any) => {
+          return {
+            name: permissionsScope.name,
+            description: permissionsScope.description,
+            values: permissionsScope.values,
+            optional: permissionsScope.optional,
+          };
+        }),
+      }),
+    );
+  });
+
+// inbound-application-patch
+program
+  .command('inbound-application-patch')
+  .description('Patch an inbound application')
+  .argument('<id>', 'Inbound application ID')
+  .argument('<name>', 'Inbound application name')
+  .action(async (id, name) => {
+    handleSdkRes(
+      await sdk.management.inboundApplication.patchApplication({
+        id,
+        name,
+      }),
+    );
+  });
+
+// inbound-application-delete
+program
+  .command('inbound-application-delete')
+  .description('Delete an inbound application')
+  .argument('<id>', 'Inbound application ID')
+  .action(async (id) => {
+    handleSdkRes(await sdk.management.inboundApplication.deleteApplication(id));
+  });
+
+// inbound-application-load
+program
+  .command('inbound-application-load')
+  .description('Load inbound application by id')
+  .argument('<id>', 'Inbound application ID')
+  .action(async (id) => {
+    handleSdkRes(await sdk.management.inboundApplication.loadApplication(id));
+  });
+
+// inbound-application-load-all
+program
+  .command('inbound-application-load-all')
+  .description('Load all inbound applications')
+  .action(async () => {
+    handleSdkRes(await sdk.management.inboundApplication.loadAllApplications());
+  });
+
+// inbound-application-secret
+program
+  .command('inbound-application-secret')
+  .description('Get inbound application secret by id')
+  .argument('<id>', 'Inbound application ID')
+  .action(async (id) => {
+    handleSdkRes(await sdk.management.inboundApplication.getApplicationSecret(id));
+  });
+
+// inbound-application-rotate-secret
+program
+  .command('inbound-application-rotate-secret')
+  .description('Rotate inbound application secret by id')
+  .argument('<id>', 'Inbound application ID')
+  .action(async (id) => {
+    handleSdkRes(await sdk.management.inboundApplication.rotateApplicationSecret(id));
+  });
+
+// inbound-application-consent-search
+program
+  .command('inbound-application-consent-search')
+  .description('Search inbound application consents')
+  .argument('<appId>', 'Inbound application ID')
+  .action(async (appId) => {
+    handleSdkRes(await sdk.management.inboundApplication.searchConsents({ appId }));
+  });
+
+// inbound-application-consent-delete
+program
+  .command('inbound-application-consent-delete')
+  .description('Delete inbound application consents')
+  .argument('<appId>', 'Inbound application ID')
+  .action(async (appId) => {
+    handleSdkRes(await sdk.management.inboundApplication.deleteConsents({ appId }));
+  });
+
 // *** SSO application commands ***
 
 // sso-application-create-oidc