Merge pull request #5008 from malithie/pre-password-update-action

Add docs for pre update password extension

Author: malithie

en/asgardeo/docs/guides/customize/actions/pre-update-password-action.md

@@ -0,0 +1 @@
+{% include "../../../../../includes/guides/customize/actions/pre-update-password-action.md" %}

en/asgardeo/docs/references/actions/pre-update-password-action/api-contract.md

@@ -0,0 +1,5 @@
+---
+template: templates/redoc.html
+---
+
+<redoc spec-url="{{base_path}}/references/actions/pre-update-password-action/api/pre_update_password_action-v1.yaml" theme='{{redoc_theme}}'></redoc>

en/asgardeo/docs/references/actions/pre-update-password-action/api/pre_update_password_action-v1.yaml

@@ -0,0 +1,267 @@
+openapi: 3.0.1
+info:
+  title: API contract for pre update password action
+  description: This API defines the REST API contract for a service that implements logic to extend password update flow of Asgardeo.
+  version: v1
+security:
+- BasicAuth: []
+- BearerAuth: []
+- ApiKeyAuth: []
+- OAuth2: []
+paths:
+  /:
+    post:
+      summary: handle pre-update password events
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RequestBody'
+        required: true
+      responses:
+        "200":
+          description: Ok
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - $ref: '#/components/schemas/SuccessResponse'
+                  - $ref: '#/components/schemas/FailedResponse'
+              examples:
+                successExample:
+                  summary: Success response
+                  value:
+                    actionStatus: SUCCESS
+                failedExample:
+                  summary: Failed response
+                  value:
+                    actionStatus: FAILED
+                    failureReason: password_compromised
+                    failureDescription: "The provided password is compromised."
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              example:
+                actionStatus: ERROR
+                error: invalid_credential
+                errorDescription: Expects the encrypted credential.
+        "500":
+          description: Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              example:
+                actionStatus: ERROR
+                error: server_error
+                errorDescription: Failed to process the response
+components:
+  schemas:
+    Event:
+      type: object
+      properties:
+        initiatorType:
+          type: string
+          example: USER
+          enum:
+          - USER
+          - ADMIN
+          - APPLICATION
+          description: This indicates whether the password update was initiated by an admin, a user, or an application.
+        action:
+          type: string
+          example: RESET
+          enum:
+          - RESET
+          - UPDATE
+          - INVITE
+          description: This indicates whether the password update was initiated over a password reset flow, update flow, or an invite flow.
+        tenant:
+          $ref: '#/components/schemas/Tenant'
+        user:
+          $ref: '#/components/schemas/User'
+        organization:
+          $ref: '#/components/schemas/Organization'
+        userStore:
+          $ref: '#/components/schemas/UserStore'
+      description: Defines the context data related to the pre issue access token event that needs to be shared with the custom service to process and execute.
+    Tenant:
+      type: object
+      properties:
+        id:
+          type: string
+          description: The unique numeric identifier of the tenant.
+          example: "2"
+        name:
+          type: string
+          description: The domain name of the tenant.
+          example: bar.com
+      description: This property represents the tenant under which the token request is being processed.
+    User:
+      type: object
+      properties:
+        id:
+          type: string
+          description: Defines the unique identifier of the user.
+          example: e204849c-4ec2-41f1-8ff7-ec1ebff02821
+        updatingCredential:
+          oneOf:
+            - $ref: '#/components/schemas/UnencryptedCredential'
+            - $ref: '#/components/schemas/EncryptedCredential'
+      description: Contains information about the user associated with the password update request.
+    UnencryptedCredential:
+      type: object
+      properties:
+        type:
+          type: string
+          enum:
+          - PASSWORD
+          description: Defines the credential type. 
+        format:
+          type: string
+          example: HASH
+          enum:
+          - PLAINTEXT
+          - HASH
+          description: Defines the format the credential is shared.
+        value:
+          type: string
+          example: cHRSHCjvmT
+          description: Defines the value.
+        additionalData:
+          $ref: '#/components/schemas/AdditionalData'
+    EncryptedCredential:
+      type: string
+      description: |
+        Represents an encrypted credential using JSON Web Encryption (JWE).
+        
+        When a public key is configured for the pre-password update action, 
+        the `updatingCredential` object is encrypted into a JWE string. 
+        The payload of this JWE follows the structure of the `UnencryptedCredential` object.
+    
+        Example JWE representation:
+        ```
+        eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFsQ.48V1_ALb6US04U3b.5eym8X3LNvUubV4Y0kH.XFBoMYUZodetZdvTiFvSkQ
+        ```
+    
+        Decrypted Payload Example (UnencryptedCredential structure):
+        ```
+        {
+          "type": "PASSWORD",
+          "format": "HASH",
+          "value": "cHRSHCjvmT",
+          "additionalData": {
+            "algorithm": "SHA256"
+          }
+        }
+        ```
+    
+        This ensures secure transmission of the credential while allowing validation upon decryption.
+      example: eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFsQ.48V1_ALb6US04U3b.5eym8X3LNvUubV4Y0kH.XFBoMYUZodetZdvTiFvSkQ
+    Organization:
+      type: object
+      properties:
+        id:
+          type: string
+          description: The unique identifier of the organization.
+          example: 5c7930f2-c97d-4b38-89a6-7be5fb138a35
+        name:
+          type: string
+          description: "Name of the organization used to identify the organization in configurations, user interfaces, etc."
+          example: foo.com
+      description: Refers to the organization to which the user belongs. Organizations represent partners/enterprise customers in Business-to-Business (B2B) use cases.
+    UserStore:
+      type: object
+      properties:
+        id:
+          type: string
+          description: The unique identifier for the user store.
+          example: UFJJTUFSWQ==
+        name:
+          type: string
+          description: "User store name used to identify the user store in configuration settings, user interfaces, and administrative tasks."
+          example: PRIMARY
+      description: Indicates the user store in which the user's data is being managed.
+    AdditionalData:
+      type: object
+      description: Defines the additional data related to the updating credential.
+      anyOf:
+      - $ref: '#/components/schemas/AdditionalDataForHashedPassword'
+    AdditionalDataForHashedPassword:
+      type: object
+      properties:
+        algorithm:
+          type: string
+          enum:
+          - SHA256
+      description: Defines additional data related to hashed passwords.
+    SuccessResponse:
+      type: object
+      properties:
+        actionStatus:
+          type: string
+          enum:
+          - SUCCESS
+      description: Defines the success response.
+    FailedResponse:
+      type: object
+      properties:
+        actionStatus:
+          type: string
+          enum:
+          - FAILED
+          description: Indicates the outcome of the request. For a failed operation, this should be set to FAILED.
+        failureReason:
+          type: string
+          description: Provides the reason for failing password update.
+        failureDescription:
+          type: string
+          description: Offers a detailed explanation of the failure
+    ErrorResponse:
+      type: object
+      properties:
+        actionStatus:
+          type: string
+          enum:
+          - ERROR
+          description: Indicates the outcome of the request. For an error operation, this should be set to ERROR.
+        errorMessage:
+          type: string
+          description: The cause of the error.
+        errorDescription:
+          type: string
+          description: A detailed description of the error.
+      description: |
+         When the external service responds with an ERROR state, it can return an HTTP status code of 400, 401, or 500, indicating either a validation failure or an issue processing the request. 
+    RequestBody:
+      type: object
+      properties:
+        actionType:
+          type: string
+          description: "Specifies the action being triggered, which in this case is PRE_UPDATE_PASSWORD."
+          enum:
+          - PRE_UPDATE_PASSWORD
+        event:
+          $ref: '#/components/schemas/Event'
+  securitySchemes:
+    BasicAuth:
+      type: http
+      scheme: basic
+    BearerAuth:
+      type: http
+      scheme: bearer
+    ApiKeyAuth:
+      type: apiKey
+      name: X-API-Key
+      in: header
+    OAuth2:
+      type: oauth2
+      flows:
+        clientCredentials:
+          tokenUrl: https://example.com/oauth/token
+          scopes:
+            process: process request generate response
+            

en/asgardeo/features.json

@@ -45,5 +45,13 @@
         "page": [
             "guides/users/attributes/configure-unique-attributes.md"
         ]
+    },
+
+    "pre-update-password-action": {
+        "enabled": false,
+        "page": [
+            "references/actions/pre-update-password-action/api-contract.md",
+            "guides/customize/actions/pre-update-password-action.md"
+        ]
     }
 }

en/asgardeo/mkdocs.yml

@@ -373,6 +373,7 @@ nav:
             - Setting up actions: guides/customize/actions/setting-up-actions.md
             - Action types: 
               - Pre issue access token action: guides/customize/actions/pre-issue-access-token-action.md
+              - Pre update password action: guides/customize/actions/pre-update-password-action.md
       - Your Asgardeo:
         - Your Asgardeo: guides/your-asgardeo/index.md
         - Manage root organizations: guides/your-asgardeo/manage-root-organizations.md
@@ -495,6 +496,8 @@ nav:
       - Pre issue access token action: 
         - API contract to implement: references/actions/pre-issue-access-token-action/api-contract.md
         - Sample success reponses: references/actions/pre-issue-access-token-action/sample-success-responses.md
+      - Pre update password action: 
+        - API contract to implement: references/actions/pre-update-password-action/api-contract.md
     - Accessibility compliance: references/accessibility.md
     - Data residency in Asgardeo: references/data-residency-in-asgardeo.md
     - Production checklist:

en/identity-server/next/docs/guides/customize/actions/pre-update-password-action.md

@@ -0,0 +1 @@
+{% include "../../../../../../includes/guides/customize/actions/pre-update-password-action.md" %}

en/identity-server/next/docs/references/actions/pre-update-password-action/api-contract.md

@@ -0,0 +1,5 @@
+---
+template: templates/redoc.html
+---
+
+<redoc spec-url="{{base_path}}/references/actions/pre-update-password-action/api/pre_update_password_action-v1.yaml" theme='{{redoc_theme}}'></redoc>