Skip to content

Commit

Permalink
Merge pull request #4773 from wso2/revert-4682-revert-4660-secret-mgt…
Browse files Browse the repository at this point in the history 
…-doc

Revert "Revert "[Asgardeo] Update Documentation to Include Usage of Secrets in Conditional Authentication Scripts""
  • Loading branch information
@Sachin-Mamoru
Sachin-Mamoru authored Oct 2, 2024
2 parents 5674c50 + cc28685 commit fe71e72
Show file tree
Hide file tree
Showing 2 changed files with 110 additions and 101 deletions.
12 changes: 11 additions & 1 deletion en/includes/guides/authentication/conditional-auth/configure-conditional-auth.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ To add a new secret:
</tr>
<tr>
<td>Secret Name</td>
<td>A meaningful name for the secret. This name is not changeable.</td>
<td>A meaningful name for the secret. This name is not changeable and will be used in the script to reference the secret.</td>
</tr>
<tr>
<td>Secret Value</td>
Expand All @@ -83,6 +83,16 @@ To add a new secret:

6. Click **Finish** to complete the creation.

### Use secret in the script

You may refer to the previously added secrets in your conditional authentication scripts using the `secrets.{secret name}` syntax. For example, to retrieve a secret value, you may use:

```angular2html
var secretValue = secrets.secretName;
```

This allows you to securely access secret values within your authentication scripts, enhancing the security and flexibility of your authentication process.

### Delete an existing secret

To delete an existing secret:
Expand Down
199 changes: 99 additions & 100 deletions en/includes/references/conditional-auth/api-reference.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
- [`application`](#application)
- [`userAgent`](#user-agent)
- [`connectionMetadata`](#connectionmetadata)
- [`authConfig`](#authconfig)

---

Expand Down Expand Up @@ -88,7 +89,9 @@ This method accepts an object as a parameter and should include the details list
<tr>
<td><code>&lteventCallbacks&gt</code></td>
<td>(optional) The object that contains the callback functions, which are to be called based on the result of the step execution.<br />
Supported results are <code>onSuccess</code> and <code>onFail</code>, which can have their own optional callbacks as anonymous functions.</td>
Supported results are <code>onSuccess</code> and <code>onFail</code> which can
have their own optional callbacks as anonymous functions. For these callbacks, the [context](#context) and [data](#data) parameters are passed.
</td>
</tr>
</table>
Expand Down Expand Up @@ -868,19 +871,19 @@ The HTTP GET function enables sending HTTP GET requests to specified endpoints a
<table>
<tbody>
<tr>
<td><code>url</code></td>
<td style="white-space: nowrap;"><code>url</code></td>
<td>The URL of the endpoint to which the HTTP GET request should be sent.</td>
</tr>
<tr>
<td><code>headers</code></td>
<td style="white-space: nowrap;"><code>headers</code></td>
<td>HTTP request headers to be included in the GET request (optional).</td>
</tr>
<tr>
<td><code>authConfig</code></td>
<td>Authentication configuration to be included in the GET request (optional).</td>
<td style="white-space: nowrap;"><code>authConfig</code></td>
<td>An object containing the necessary authentication metadata to invoke the API. See [AuthConfig](#authconfig) for information.</td>
</tr>
<tr>
<td><code>eventHandlers</code></td>
<td style="white-space: nowrap;"><code>eventHandlers</code></td>
<td>The object that contains the callback functions, which are to be called based on the result of the GET request.<br />
Supported results are <code>onSuccess</code> and <code>onFail</code>, which can have their own optional callbacks as anonymous functions.
</td>
Expand All @@ -892,7 +895,7 @@ The HTTP GET function enables sending HTTP GET requests to specified endpoints a
```
var authConfig = {
type: "basicauth",
type: "basic",
properties: {
username: "admin",
password: "adminPassword"
Expand All @@ -904,56 +907,23 @@ The HTTP GET function enables sending HTTP GET requests to specified endpoints a
"Accept": "application/json"
}, authConfig, {
onSuccess: function(context, data) {
Log.info('httpGet call succeeded');
Log.info("Successfully invoked the external API.");
context.selectedAcr = data.status;
executeStep(1);
},
onFail: function(context, data) {
Log.info('httpGet call failed');
Log.info("Error occurred while invoking the external API.");
context.selectedAcr = 'FAILED';
executeStep(2);
},
onTimeout: function(context, data) {
Log.info("Invoking external API timed out.");
executeStep(2);
}
});
}
```
!!! note "Authentication Types and Properties"
When using httpGet functions in Asgardeo adaptive authentication scripts, the table summarizes each authentication type and its required properties:
`Enhanced secret management features are currently under development and will be available soon.`
<table>
<thead>
<tr>
<th>Authentication Type</th>
<th>Properties</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>basicauth</td>
<td>username, password</td>
<td>Uses user credentials.</td>
</tr>
<tr>
<td>apikey</td>
<td>apiKey, headerName</td>
<td>Uses an API key sent as a header.</td>
</tr>
<tr>
<td>clientcredential</td>
<td>consumerKey, consumerSecret, tokenEndpoint, scope (optional)</td>
<td>Uses client credentials to obtain an access token.</td>
</tr>
<tr>
<td>bearertoken</td>
<td>token</td>
<td>Uses a bearer token for authentication.</td>
</tr>
</tbody>
</table>
### HTTP POST
`httpPost(url, body, headers, authConfig, eventHandlers)`
Expand All @@ -965,25 +935,26 @@ The HTTP POST function enables sending HTTP POST requests to specified endpoints
<table>
<tbody>
<tr>
<td><code>url</code></td>
<td style="white-space: nowrap;"><code>url</code></td>
<td>The URL of the endpoint to which the HTTP POST request should be sent.</td>
</tr>
<tr>
<td><code>body</code></td>
<td style="white-space: nowrap;"><code>body</code></td>
<td>HTTP request body to be included in the POST request.</td>
</tr>
<tr>
<td><code>headers</code></td>
<td style="white-space: nowrap;"><code>headers</code></td>
<td>HTTP request headers to be included in the POST request (optional).</td>
</tr>
<tr>
<td><code>authConfig</code></td>
<td>Authentication configuration to be included in the GET request (optional).</td>
<td style="white-space: nowrap;"><code>authConfig</code></td>
<td>An object containing the necessary authentication metadata to invoke the API. See [AuthConfig](#authconfig) for more information.</td>
</tr>
<tr>
<td><code>eventHandlers</code></td>
<td style="white-space: nowrap;"><code>eventHandlers</code></td>
<td>The object that contains the callback functions, which are to be called based on the result of the GET request.<br />
Supported results are <code>onSuccess</code> and <code>onFail</code>, which can have their own optional callbacks as anonymous functions.
Supported results are <code>onSuccess</code>, <code>onFail</code> and <code>onTimeout</code> which can
have their own optional callbacks as anonymous functions. For these callbacks, the [context](#context) and [data](#data) parameters are passed.
</td>
</tr>
</tbody>
Expand All @@ -1009,57 +980,23 @@ The HTTP POST function enables sending HTTP POST requests to specified endpoints
"Accept": "application/json"
}, authConfig, {
onSuccess: function(context, data) {
Log.info('httpPost call succeeded');
Log.info("Successfully invoked the external API.");
context.selectedAcr = data.status;
executeStep(1);
},
onFail: function(context, data) {
Log.info('httpPost call failed');
Log.info("Error occurred while invoking the external API.");
context.selectedAcr = 'FAILED';
executeStep(2);
},
onTimeout: function(context, data) {
Log.info("Invoking external API timed out.");
executeStep(2);
}
});
}
```
!!! note "Authentication Types and Properties"
When using httpPost functions in Asgardeo adaptive authentication scripts, the table summarizes each authentication type and its required properties:
`Enhanced secret management features are currently under development and will be available soon.`
<table>
<thead>
<tr>
<th>Authentication Type</th>
<th>Properties</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>basicauth</td>
<td>username, password</td>
<td>Uses user credentials.</td>
</tr>
<tr>
<td>apikey</td>
<td>apiKey, headerName</td>
<td>Uses an API key sent as a header.</td>
</tr>
<tr>
<td>clientcredential</td>
<td>consumerKey, consumerSecret, tokenEndpoint, scope (optional)</td>
<td>Uses client credentials to obtain an access token.</td>
</tr>
<tr>
<td>bearertoken</td>
<td>token</td>
<td>Uses a bearer token for authentication.</td>
</tr>
</tbody>
</table>
### Resolve multi attribute login identifier
`resolveMultiAttributeLoginIdentifier(loginIdentifier, tenantDomain)`
Expand Down Expand Up @@ -1332,15 +1269,77 @@ It contains the necessary metadata for invoking the API when calling the callCho
</tr>
</table>
If the consumer key and the consumer secret are added as secrets, they should be included in the ConnectionMetadata as aliases, as shown below.
You can securely store consumer keys and secrets as **secrets** in conditional authentication scripts and refer to
them in your conditional authentication scripts using the `secrets.{secret name}` syntax. For example, to retrieve a secret value, you may use:
```angular2html
var consumerSecret = secrets.clientSecret;
```
For more information on adding secrets, refer to the [Add a secret to the script]({{base_path}}/guides/authentication/conditional-auth/configure-conditional-auth/#add-a-secret-to-the-script) section in the
documentation.
??? note "Change in behavior from 30th September 2024"
Starting from 30th September 2024, you are no longer required to set the aliases for consumer keys and consumer secrets when calling the callChoreo command. Instead, you may directly reference them using the `secrets.secretName` notation.
However, if you prefer, you may continue using the previous method as follows.
<table>
<tr>
<td><code>connectionMetadata.consumerKeyAlias</code></td>
<td>The name of the secret that stores the consumer key.</td>
</tr>
<tr>
<td><code>connectionMetadata.consumerSecretAlias</code></td>
<td>The name of the secret that stores the consumer secret.</td>
</tr>
</table>
### AuthConfig
When using httpGet or httpPost functions in Asgardeo adaptive authentication scripts, the table summarizes each
authentication type and its required properties:
<table>
<thead>
<tr>
<th>Authentication Type</th>
<th>Properties</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>basic</td>
<td>username, password</td>
<td>Uses user credentials.</td>
</tr>
<tr>
<td>apikey</td>
<td>apiKey, headerName</td>
<td>Uses an API key sent as a header.</td>
</tr>
<tr>
<td>clientcredential</td>
<td>consumerKey, consumerSecret, tokenEndpoint, scope (optional, a space separated list of scopes)</td>
<td>Uses client credentials to obtain an access token.</td>
</tr>
<tr>
<td>bearer</td>
<td>token</td>
<td>Uses a bearer token for authentication.</td>
</tr>
</tbody>
</table>
You can securely store sensitive values of properties like username, password, consumerKey, consumerSecret as secrets in conditional authentication scripts and refer to them in your conditional authentication scripts using the `secrets.{secret name}` syntax. For example, to retrieve a secret value, you can use:
```angular2html
var consumerSecret = secrets.clientSecret;
```
For more information on adding secrets, refer to the [Add a secret to the script]({{base_path}}/guides/authentication/conditional-auth/configure-conditional-auth/#add-a-secret-to-the-script) section in the documentation.
### Data
<table>
<tr>
<td><code>connectionMetadata.consumerKeyAlias</code></td>
<td>The name of the secret that stores the consumer key.</td>
</tr>
<tr>
<td><code>connectionMetadata.consumerSecretAlias</code></td>
<td>The name of the secret that stores the consumer secret.</td>
<td><code>data</code></td>
<td>The response data is a JSON object that contains the response data from the API call.</td>
</tr>
</table>

0 comments on commit fe71e72

Please sign in to comment.