wso2
diff --git a/‎en/identity-server/next/docs/apis/organization-apis/restapis/organization-user-share.yaml‎
Lines changed: 144 additions & 17 deletions b/‎en/identity-server/next/docs/apis/organization-apis/restapis/organization-user-share.yaml‎
Lines changed: 144 additions & 17 deletions
@@ -1,16 +1,13 @@
 openapi: 3.0.0
 info:
-  version: v1
+  version: "v1"
   title: 'User Sharing API Definition'
   description: |-
-    This API provides organization administrators with the ability to manage user access across child organizations. It supports operations to share users with specific or all child organizations, retrieve shared access details, and remove shared access as needed. The API also includes features for paginated retrieval of organizations and roles associated with shared users.
-  contact:
-    name: WSO2
-    url: 'http://wso2.com/products/identity-server/'
-    email: iam-dev@wso2.org
-  license:
-    name: Apache 2.0
-    url: 'http://www.apache.org/licenses/LICENSE-2.0.html'
+    This document specifies the **User Sharing RESTful API** for **WSO2 Identity Server**. This API enables organization administrators to share user access across child organizations, manage shared access, revoke access, and retrieve shared organizations and roles.
+
+security:
+  - OAuth2: []
+
 servers:
   - url: 'https://{server-url}/t/{tenant-domain}/api/server/v1'
     variables:
@@ -27,7 +24,7 @@ paths:
       description: |
         This API shares one or more users across specified organizations, assigning roles based on the provided policy. The policy defines the sharing scope for each organization, including whether access extends to child organizations.
         
-        <b>Scope(Permission) required:</b> `internal_user_share`
+        <b>Scope(Permission) required:</b> `internal_org_user_share`
       operationId: processUserSharing
       requestBody:
         content:
@@ -48,7 +45,7 @@ paths:
                         display: "My Org 1"
                         type: "organization"
                 - orgId: "a17b28ca-9f89-449c-ae27-fa955e66465f"
-                  policy: "SELECTED_ORG_ONLY"
+                  policy: "SELECTED_ORG_WITH_EXISTING_IMMEDIATE_AND_FUTURE_CHILDREN"
                   roles: []
         required: true
       responses:
@@ -70,6 +67,42 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
+      x-codeSamples:
+        - lang: Curl
+          source: |
+            curl --location 'https://localhost:9443/o/api/server/v1/users/share' \
+            -H 'Accept: application/json' \
+            -H 'Content-Type: application/json' \
+            -H 'Authorization: Bearer {bearer_token}' \
+            -d '{
+                "userCriteria": {
+                  "userIds": [
+                    "7a1b7d63-8cfc-4dc9-9332-3f84641b72d8",
+                    "5d2a1c84-9f7a-43cd-b12e-6e52d7f87e16"
+                  ]
+                },
+                "organizations": [
+                  {
+                    "orgId": "b028ca17-8f89-449c-ae27-fa955e66465d",
+                    "policy": "SELECTED_ORG_ONLY",
+                    "roles": [
+                      {
+                        "displayName": "role_2",
+                        "audience": {
+                          "display": "My Org 1",
+                          "type": "organization"
+                        }
+                      }
+                    ]
+                  },
+                  {
+                    "orgId": "a17b28ca-9f89-449c-ae27-fa955e66465f",
+                    "policy": "SELECTED_ORG_WITH_EXISTING_IMMEDIATE_AND_FUTURE_CHILDREN",
+                    "roles": []
+                  }
+                ]
+            }'
+      x-codegen-request-body-name: body
 
   /users/share-with-all:
     post:
@@ -79,7 +112,7 @@ paths:
       description: |
         This API shares users across all organizations, applying the provided roles to each organization. The policy determines the scope of sharing, including whether it applies to all current organizations or future organizations as well.
         
-        <b>Scope(Permission) required:</b> `internal_user_share`
+        <b>Scope(Permission) required:</b> `internal_org_user_share`
       operationId: processUserSharingAll
       requestBody:
         content:
@@ -121,6 +154,39 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
+      x-codeSamples:
+        - lang: Curl
+          source: |
+            curl --location 'https://localhost:9443/o/api/server/v1/users/share-all' \
+            -H 'Accept: application/json' \
+            -H 'Content-Type: application/json' \
+            -H 'Authorization: Bearer {bearer_token}' \
+            -d '{
+                "userCriteria": {
+                  "userIds": [
+                    "7a1b7d63-8cfc-4dc9-9332-3f84641b72d8",
+                    "5d2a1c84-9f7a-43cd-b12e-6e52d7f87e16"
+                  ]
+                },
+                "policy": "ALL_EXISTING_ORGS_ONLY",
+                "roles": [
+                  {
+                    "displayName": "role_1",
+                    "audience": {
+                      "display": "My Org 1",
+                      "type": "organization"
+                    }
+                  },
+                  {
+                    "displayName": "role_2",
+                    "audience": {
+                      "display": "My App 1",
+                      "type": "application"
+                    }
+                  }
+                ]
+            }'
+      x-codegen-request-body-name: body
 
   /users/unshare:
     post:
@@ -131,7 +197,7 @@ paths:
         This API removes shared access for one or more users from specified organizations.
         The payload includes the list of user IDs and the organizations from which the users should be unshared.
         
-        <b>Scope(Permission) required:</b> `internal_user_unshare`
+        <b>Scope(Permission) required:</b> `internal_org_user_unshare`
       operationId: processUserUnsharing
       requestBody:
         content:
@@ -166,6 +232,26 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
+      x-codeSamples:
+        - lang: Curl
+          source: |
+            curl --location 'https://localhost:9443/o/api/server/v1/users/unshare' \
+            -H 'Accept: application/json' \
+            -H 'Content-Type: application/json' \
+            -H 'Authorization: Bearer {bearer_token}' \
+            -d '{
+                "userCriteria": {
+                  "userIds": [
+                    "7a1b7d63-8cfc-4dc9-9332-3f84641b72d8",
+                    "5d2a1c84-9f7a-43cd-b12e-6e52d7f87e16"
+                  ]
+                },
+                "organizations": [
+                  "b028ca17-8f89-449c-ae27-fa955e66465d",
+                  "a17b28ca-9f89-449c-ae27-fa955e66465f"
+                ]
+            }'
+      x-codegen-request-body-name: body
 
   /users/unshare-with-all:
     post:
@@ -175,7 +261,7 @@ paths:
       description: |
         This API removes all shared access for one or more users, unsharing them from all organizations.
         
-        <b>Scope(Permission) required:</b> `internal_user_unshare`
+        <b>Scope(Permission) required:</b> `internal_org_user_unshare`
       operationId: removeUserSharing
       requestBody:
         content:
@@ -207,6 +293,22 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
+      x-codeSamples:
+        - lang: Curl
+          source: |
+            curl --location 'https://localhost:9443/o/api/server/v1/users/unshare-all' \
+            -H 'Accept: application/json' \
+            -H 'Content-Type: application/json' \
+            -H 'Authorization: Bearer {bearer_token}' \
+            -d '{
+                "userCriteria": {
+                  "userIds": [
+                    "7a1b7d63-8cfc-4dc9-9332-3f84641b72d8",
+                    "5d2a1c84-9f7a-43cd-b12e-6e52d7f87e16"
+                  ]
+                }
+            }'
+      x-codegen-request-body-name: body
 
   /users/{userId}/shared-organizations:
     get:
@@ -216,7 +318,7 @@ paths:
       description: |
         This API retrieves the list of organizations where the specified user has shared access, with support for pagination and filtering.
 
-        <b>Scope(Permission) required:</b> `internal_user_shared_access_view`
+        <b>Scope(Permission) required:</b> `internal_org_user_shared_access_view`
       parameters:
         - in: path
           name: userId
@@ -269,6 +371,12 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
+      x-codeSamples:
+        - lang: Curl
+          source: |
+            curl --location 'https://localhost:9443/o/api/server/v1/users/{userId}/shared-organizations' \
+            -H 'Accept: application/json' \
+            -H 'Authorization: Bearer {bearer_token}'
 
   /users/{userId}/shared-roles:
     get:
@@ -278,7 +386,7 @@ paths:
       description: |
         This API fetches the roles assigned to the specified user within a particular organization, with support for pagination, filtering, and recursion.
 
-        <b>Scope(Permission) required:</b> `internal_user_shared_access_view`
+        <b>Scope(Permission) required:</b> `internal_org_user_shared_access_view`
       parameters:
         - in: path
           name: userId
@@ -336,9 +444,28 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
-
+      x-codeSamples:
+        - lang: Curl
+          source: |
+            curl --location 'https://localhost:9443/o/api/server/v1/users/{userId}/shared-roles?orgId={orgId}' \
+            -H 'Accept: application/json' \
+            -H 'Authorization: Bearer {bearer_token}'
 
 components:
+
+  securitySchemes:
+
+    OAuth2:
+      type: oauth2
+      flows:
+        authorizationCode:
+          authorizationUrl: https://localhost:9443/oauth2/authorize
+          tokenUrl: https://localhost:9443/oauth2/token
+          scopes:
+            share: internal_org_user_share
+            unshare: internal_org_user_unshare
+            view: internal_org_user_shared_access_view
+
   schemas:
 
     UserShareRequestBody: