Merge pull request #5801 from NipuniBhagya/master

[7.2.0] Introduce end-user credential management API documentation

Author: NipuniBhagya

en/identity-server/7.2.0/docs/apis/end-user-credential-management-rest-api.md

@@ -0,0 +1,5 @@
+---
+template: templates/redoc.html
+---
+
+<redoc spec-url="../../apis/restapis/end-user-credential-management.yaml" theme='{{redoc_theme}}'></redoc>

en/identity-server/7.2.0/docs/apis/organization-apis/end-user-credential-management-rest-api.md

@@ -0,0 +1,5 @@
+---
+template: templates/redoc.html
+---
+
+<redoc spec-url="../../../apis/organization-apis/restapis/end-user-credential-management.yaml" theme='{{redoc_theme}}'></redoc>

en/identity-server/7.2.0/docs/apis/organization-apis/restapis/end-user-credential-management.yaml

@@ -0,0 +1,200 @@
+openapi: 3.0.0
+info:
+  description: |
+    The Credential Management REST API provides a comprehensive interface to list and delete 
+    credentials enrolled by end-users within the WSO2 Identity Server. The administrators who are assigned with privileges to list and delete
+    users (with scopes internal_user_mgt_view and internal_user_mgt_delete) are able to perform these operations.
+    
+    <b>Note</b>: This API is available only in WSO2 Identity Server 7.2.0, beginning with update level 5 
+    (Updates 2.0 model). To update your server, see the instructions on 
+    <a hreaf="https://updates.docs.wso2.com/en/latest/updates/overview/" target="_blank">updating WSO2 products</a>
+
+  version: '1.0'
+  title: WSO2 Identity Server - User Credential Management Rest API
+
+security:
+  - OAuth2: []
+  - BasicAuth: []
+
+servers:
+  - url: https://{server-url}/t/{tenant-domain}/api/server/v1
+    variables:
+      tenant-domain:
+        default: carbon.super
+      server-url:
+        default: localhost:9443
+
+paths:
+  /users/{user-id}/credentials:
+    get:
+      summary: List end-user enrolled credentials
+      description: "Retrieves a list of all user-enrolled credentials. This API currently supports passkey and push 
+        authentication credentials. \n\n <b>Scope (Permission) required:</b> ``internal_user_mgt_view``\n\n"
+      operationId: getUserCredentialsById
+      tags:
+        - List User Credentials
+      parameters:
+        - name: user-id
+          in: path
+          description: The unique identifier of the user.
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Credential'
+              examples:
+                response:
+                  value:
+                    [
+                      {
+                        "credentialId": "TJwhlvGKrEk7xSSKLrhoCsaA",
+                        "displayName": "My Security Key",
+                        "type": "PASSKEY"
+                      },
+                      {
+                        "credentialId": "996a12a0-b9aab-48ab-8016-d0ffd99ebe1b",
+                        "displayName": "My phone",
+                        "type": "PUSH_AUTH"
+                      }
+                    ]
+        '400':
+          description: Bad Request.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '401':
+          description: Unauthorized.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '404':
+          description: User Not Found.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '500':
+          description: Internal Server Error.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+
+  /users/{user-id}/credentials/{type}/{credential-id}:
+    delete:
+      summary: Delete a user-enrolled credential.
+      description: Deletes a specific enrolled credential for a user. Requires administrative privileges with scope internal_user_mgt_delete.
+      operationId: deleteUserCredentialById
+      tags:
+        - Delete User Credential
+      parameters:
+        - name: user-id
+          in: path
+          description: The unique identifier of the user.
+          required: true
+          schema:
+            type: string
+        - name: type
+          in: path
+          description: The type of the credential.
+          required: true
+          schema:
+            type: string
+            enum: [passkey, push-auth]
+        - name: credential-id
+          in: path
+          description: The unique identifier of the device to be deleted.
+          required: true
+          schema:
+            type: string
+      responses:
+        '204':
+          description: User Credential Deleted.
+        '400':
+          description: Bad Request.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '401':
+          description: Unauthorized.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '500':
+          description: Internal Server Error.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+components:
+  securitySchemes:
+    BasicAuth:
+      type: http
+      scheme: basic
+    OAuth2:
+      type: oauth2
+      flows:
+        authorizationCode:
+          authorizationUrl: 'https://localhost:9443/oauth2/authorize'
+          tokenUrl: 'https://localhost:9443/oauth2/token'
+          scopes:
+            read: internal_user_mgt_view
+            delete: internal_user_mgt_delete
+  schemas:
+    Credential:
+      type: object
+      properties:
+        credentialId:
+          type: string
+          description: The unique identifier for the credential.
+          example: 'a5a81c76-27a3-42d4-82a8-55285d82a4a1'
+        displayName:
+          type: string
+          description: A user-friendly name for the credential.
+          example: "YubiKey 5C"
+        type:
+          type: string
+          description: The type of the credential.
+          enum: [passkey, push-auth]
+    Error:
+      type: object
+      properties:
+        code:
+          type: string
+          description: Some error description.
+          example: 'CM-00001'
+        message:
+          type: string
+          description: Some error message.
+          example: 'Some error message.'
+        description:
+          type: string
+          description: A more detailed explanation of the error.
+          example: 'Some error description.'
+        traceId:
+          type: string
+          description: The unique identifier for the request.
+          example: '8a5f5d4e-1d2c-4f3b-9c6e-7d8f9a0b1c2d'