diff --git a/management/client.go b/management/client.go
index 5e1753c8..1390da12 100644
--- a/management/client.go
+++ b/management/client.go
@@ -142,6 +142,20 @@ type Client struct {
DefaultOrganization *ClientDefaultOrganization `json:"default_organization,omitempty"`
TokenExchange *ClientTokenExchange `json:"token_exchange,omitempty"`
+
+ // TokenQuota Token Quota configuration, to configure quotas for token issuance for clients.
+ //
+ // To unset values (set to null), use a PATCH request like this:
+ //
+ // PATCH /api/v2/clients/{id}
+ //
+ // {
+ // "token_quota": null
+ // }
+ //
+ // For more details on making custom requests, refer to the Auth0 Go SDK examples:
+ // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct
+ TokenQuota *TokenQuota `json:"token_quota,omitempty"`
}
// ClientTokenExchange allows configuration for token exchange.
diff --git a/management/management.gen.go b/management/management.gen.go
index d5b49fba..109799b5 100644
--- a/management/management.gen.go
+++ b/management/management.gen.go
@@ -1870,6 +1870,14 @@ func (c *Client) GetTokenExchange() *ClientTokenExchange {
return c.TokenExchange
}
+// GetTokenQuota returns the TokenQuota field.
+func (c *Client) GetTokenQuota() *TokenQuota {
+ if c == nil {
+ return nil
+ }
+ return c.TokenQuota
+}
+
// GetWebOrigins returns the WebOrigins field if it's non-nil, zero value otherwise.
func (c *Client) GetWebOrigins() []string {
if c == nil || c.WebOrigins == nil {
@@ -9242,6 +9250,14 @@ func (o *Organization) GetName() string {
return *o.Name
}
+// GetTokenQuota returns the TokenQuota field.
+func (o *Organization) GetTokenQuota() *TokenQuota {
+ if o == nil {
+ return nil
+ }
+ return o.TokenQuota
+}
+
// String returns a string representation of Organization.
func (o *Organization) String() string {
return Stringify(o)
@@ -11691,6 +11707,14 @@ func (t *Tenant) GetDefaultRedirectionURI() string {
return *t.DefaultRedirectionURI
}
+// GetDefaultTokenQuota returns the DefaultTokenQuota field.
+func (t *Tenant) GetDefaultTokenQuota() *TenantDefaultTokenQuota {
+ if t == nil {
+ return nil
+ }
+ return t.DefaultTokenQuota
+}
+
// GetDeviceFlow returns the DeviceFlow field.
func (t *Tenant) GetDeviceFlow() *TenantDeviceFlow {
if t == nil {
@@ -11869,6 +11893,27 @@ func (t *TenantChangePassword) String() string {
return Stringify(t)
}
+// GetClients returns the Clients field.
+func (t *TenantDefaultTokenQuota) GetClients() *TokenQuota {
+ if t == nil {
+ return nil
+ }
+ return t.Clients
+}
+
+// GetOrganizations returns the Organizations field.
+func (t *TenantDefaultTokenQuota) GetOrganizations() *TokenQuota {
+ if t == nil {
+ return nil
+ }
+ return t.Organizations
+}
+
+// String returns a string representation of TenantDefaultTokenQuota.
+func (t *TenantDefaultTokenQuota) String() string {
+ return Stringify(t)
+}
+
// GetCharset returns the Charset field if it's non-nil, zero value otherwise.
func (t *TenantDeviceFlow) GetCharset() string {
if t == nil || t.Charset == nil {
@@ -12427,6 +12472,48 @@ func (t *TokenExchangeProfileList) String() string {
return Stringify(t)
}
+// GetClientCredentials returns the ClientCredentials field.
+func (t *TokenQuota) GetClientCredentials() *TokenQuotaClientCredentials {
+ if t == nil {
+ return nil
+ }
+ return t.ClientCredentials
+}
+
+// String returns a string representation of TokenQuota.
+func (t *TokenQuota) String() string {
+ return Stringify(t)
+}
+
+// GetEnforce returns the Enforce field if it's non-nil, zero value otherwise.
+func (t *TokenQuotaClientCredentials) GetEnforce() bool {
+ if t == nil || t.Enforce == nil {
+ return false
+ }
+ return *t.Enforce
+}
+
+// GetPerDay returns the PerDay field if it's non-nil, zero value otherwise.
+func (t *TokenQuotaClientCredentials) GetPerDay() int {
+ if t == nil || t.PerDay == nil {
+ return 0
+ }
+ return *t.PerDay
+}
+
+// GetPerHour returns the PerHour field if it's non-nil, zero value otherwise.
+func (t *TokenQuotaClientCredentials) GetPerHour() int {
+ if t == nil || t.PerHour == nil {
+ return 0
+ }
+ return *t.PerHour
+}
+
+// String returns a string representation of TokenQuotaClientCredentials.
+func (t *TokenQuotaClientCredentials) String() string {
+ return Stringify(t)
+}
+
// GetAppMetadata returns the AppMetadata field if it's non-nil, zero value otherwise.
func (u *User) GetAppMetadata() map[string]interface{} {
if u == nil || u.AppMetadata == nil {
diff --git a/management/management.gen_test.go b/management/management.gen_test.go
index 00a4f0f4..8bf8a627 100644
--- a/management/management.gen_test.go
+++ b/management/management.gen_test.go
@@ -2346,6 +2346,13 @@ func TestClient_GetTokenExchange(tt *testing.T) {
c.GetTokenExchange()
}
+func TestClient_GetTokenQuota(tt *testing.T) {
+ c := &Client{}
+ c.GetTokenQuota()
+ c = nil
+ c.GetTokenQuota()
+}
+
func TestClient_GetWebOrigins(tt *testing.T) {
var zeroValue []string
c := &Client{WebOrigins: &zeroValue}
@@ -11560,6 +11567,13 @@ func TestOrganization_GetName(tt *testing.T) {
o.GetName()
}
+func TestOrganization_GetTokenQuota(tt *testing.T) {
+ o := &Organization{}
+ o.GetTokenQuota()
+ o = nil
+ o.GetTokenQuota()
+}
+
func TestOrganization_String(t *testing.T) {
var rawJSON json.RawMessage
v := &Organization{}
@@ -14690,6 +14704,13 @@ func TestTenant_GetDefaultRedirectionURI(tt *testing.T) {
t.GetDefaultRedirectionURI()
}
+func TestTenant_GetDefaultTokenQuota(tt *testing.T) {
+ t := &Tenant{}
+ t.GetDefaultTokenQuota()
+ t = nil
+ t.GetDefaultTokenQuota()
+}
+
func TestTenant_GetDeviceFlow(tt *testing.T) {
t := &Tenant{}
t.GetDeviceFlow()
@@ -14889,6 +14910,28 @@ func TestTenantChangePassword_String(t *testing.T) {
}
}
+func TestTenantDefaultTokenQuota_GetClients(tt *testing.T) {
+ t := &TenantDefaultTokenQuota{}
+ t.GetClients()
+ t = nil
+ t.GetClients()
+}
+
+func TestTenantDefaultTokenQuota_GetOrganizations(tt *testing.T) {
+ t := &TenantDefaultTokenQuota{}
+ t.GetOrganizations()
+ t = nil
+ t.GetOrganizations()
+}
+
+func TestTenantDefaultTokenQuota_String(t *testing.T) {
+ var rawJSON json.RawMessage
+ v := &TenantDefaultTokenQuota{}
+ if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil {
+ t.Errorf("failed to produce a valid json")
+ }
+}
+
func TestTenantDeviceFlow_GetCharset(tt *testing.T) {
var zeroValue string
t := &TenantDeviceFlow{Charset: &zeroValue}
@@ -15605,6 +15648,59 @@ func TestTokenExchangeProfileList_String(t *testing.T) {
}
}
+func TestTokenQuota_GetClientCredentials(tt *testing.T) {
+ t := &TokenQuota{}
+ t.GetClientCredentials()
+ t = nil
+ t.GetClientCredentials()
+}
+
+func TestTokenQuota_String(t *testing.T) {
+ var rawJSON json.RawMessage
+ v := &TokenQuota{}
+ if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil {
+ t.Errorf("failed to produce a valid json")
+ }
+}
+
+func TestTokenQuotaClientCredentials_GetEnforce(tt *testing.T) {
+ var zeroValue bool
+ t := &TokenQuotaClientCredentials{Enforce: &zeroValue}
+ t.GetEnforce()
+ t = &TokenQuotaClientCredentials{}
+ t.GetEnforce()
+ t = nil
+ t.GetEnforce()
+}
+
+func TestTokenQuotaClientCredentials_GetPerDay(tt *testing.T) {
+ var zeroValue int
+ t := &TokenQuotaClientCredentials{PerDay: &zeroValue}
+ t.GetPerDay()
+ t = &TokenQuotaClientCredentials{}
+ t.GetPerDay()
+ t = nil
+ t.GetPerDay()
+}
+
+func TestTokenQuotaClientCredentials_GetPerHour(tt *testing.T) {
+ var zeroValue int
+ t := &TokenQuotaClientCredentials{PerHour: &zeroValue}
+ t.GetPerHour()
+ t = &TokenQuotaClientCredentials{}
+ t.GetPerHour()
+ t = nil
+ t.GetPerHour()
+}
+
+func TestTokenQuotaClientCredentials_String(t *testing.T) {
+ var rawJSON json.RawMessage
+ v := &TokenQuotaClientCredentials{}
+ if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil {
+ t.Errorf("failed to produce a valid json")
+ }
+}
+
func TestUser_GetAppMetadata(tt *testing.T) {
var zeroValue map[string]interface{}
u := &User{AppMetadata: &zeroValue}
diff --git a/management/organization.go b/management/organization.go
index ea13baca..4a7cc120 100644
--- a/management/organization.go
+++ b/management/organization.go
@@ -28,6 +28,20 @@ type Organization struct {
// See POST enabled_connections endpoint for the object format.
// (Max of 10 connections allowed)
EnabledConnections []*OrganizationConnection `json:"enabled_connections,omitempty"`
+
+ // TokenQuota configuration, to configure quotas for token issuance for organizations.
+ // To unset values (set to null), use a PATCH request like this:
+ //
+ //
+ // PATCH /api/v2/organizations/{id}
+ //
+ // {
+ // "token_quota": null
+ // }
+ //
+ // For more details on making custom requests, refer to the Auth0 Go SDK examples:
+ // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct
+ TokenQuota *TokenQuota `json:"token_quota,omitempty"`
}
// OrganizationBranding holds branding information for an Organization.
diff --git a/management/tenant.go b/management/tenant.go
index 5d55eb81..72d55c92 100644
--- a/management/tenant.go
+++ b/management/tenant.go
@@ -119,6 +119,46 @@ type Tenant struct {
// Enables the use of Pushed Authorization Requests
PushedAuthorizationRequestsSupported *bool `json:"pushed_authorization_requests_supported,omitempty"`
+
+ // Token Quota configuration, to configure quotas for token issuance for clients and organizations.
+ // Applied to all clients and organizations unless overridden in individual client or organization settings.
+ //
+ // To unset values (set to null), use a PATCH request like this:
+ //
+ // PATCH /api/v2/tenants/settings
+ // {
+ // "default_token_quota": null
+ // }
+ //
+ // For more details on making custom requests, refer to the Auth0 Go SDK examples:
+ // https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct
+ DefaultTokenQuota *TenantDefaultTokenQuota `json:"default_token_quota,omitempty"`
+}
+
+// TenantDefaultTokenQuota holds settings for the default token quota.
+type TenantDefaultTokenQuota struct {
+ // Token quota configuration for clients.
+ Clients *TokenQuota `json:"clients,omitempty"`
+ // Token quota configuration for organizations.
+ Organizations *TokenQuota `json:"organizations,omitempty"`
+}
+
+// TokenQuota holds settings for the token quota configuration.
+type TokenQuota struct {
+ ClientCredentials *TokenQuotaClientCredentials `json:"client_credentials,omitempty"`
+}
+
+// TokenQuotaClientCredentials holds settings for the token quota configuration client credentials.
+type TokenQuotaClientCredentials struct {
+ // If enabled, the quota will be enforced and requests in excess of the quota will fail.
+ // If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs.
+ Enforce *bool `json:"enforce,omitempty"`
+
+ // Maximum number of issued tokens per day
+ PerDay *int `json:"per_day,omitempty"`
+
+ // Maximum number of issued tokens per hour
+ PerHour *int `json:"per_hour,omitempty"`
}
// TenantMTLSConfiguration hold settings for mTLS. If true, enables mTLS endpoint aliases.
diff --git a/management/tenant_test.go b/management/tenant_test.go
index 32e3cd96..43fce62f 100644
--- a/management/tenant_test.go
+++ b/management/tenant_test.go
@@ -50,6 +50,22 @@ func TestTenantManager(t *testing.T) {
MTLS: &TenantMTLSConfiguration{
EnableEndpointAliases: auth0.Bool(true),
},
+ DefaultTokenQuota: &TenantDefaultTokenQuota{
+ Clients: &TokenQuota{
+ &TokenQuotaClientCredentials{
+ Enforce: auth0.Bool(true),
+ PerDay: auth0.Int(100),
+ PerHour: auth0.Int(10),
+ },
+ },
+ Organizations: &TokenQuota{
+ &TokenQuotaClientCredentials{
+ Enforce: auth0.Bool(true),
+ PerDay: auth0.Int(100),
+ PerHour: auth0.Int(10),
+ },
+ },
+ },
}
err = api.Tenant.Update(context.Background(), newTenantSettings)
assert.NoError(t, err)
@@ -70,6 +86,9 @@ func TestTenantManager(t *testing.T) {
assert.Equal(t, newTenantSettings.GetACRValuesSupported(), actualTenantSettings.GetACRValuesSupported())
assert.Equal(t, newTenantSettings.GetPushedAuthorizationRequestsSupported(), actualTenantSettings.GetPushedAuthorizationRequestsSupported())
assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases())
+ assert.Equal(t, newTenantSettings.GetOIDCLogout().GetOIDCResourceProviderLogoutEndSessionEndpointDiscovery(), actualTenantSettings.GetOIDCLogout().GetOIDCResourceProviderLogoutEndSessionEndpointDiscovery())
+ assert.Equal(t, newTenantSettings.GetDefaultTokenQuota().GetClients().GetClientCredentials(), actualTenantSettings.GetDefaultTokenQuota().GetClients().GetClientCredentials())
+ assert.Equal(t, newTenantSettings.GetDefaultTokenQuota().GetOrganizations().GetClientCredentials(), actualTenantSettings.GetDefaultTokenQuota().GetOrganizations().GetClientCredentials())
// If ACRValuesSupported and MTLS is not Passed Should not change the values.
updatedNewTenant := &Tenant{
@@ -116,6 +135,22 @@ func TestTenantManager_NullableFields(t *testing.T) {
MTLS: &TenantMTLSConfiguration{
EnableEndpointAliases: auth0.Bool(true),
},
+ DefaultTokenQuota: &TenantDefaultTokenQuota{
+ Clients: &TokenQuota{
+ &TokenQuotaClientCredentials{
+ Enforce: auth0.Bool(true),
+ PerDay: auth0.Int(100),
+ PerHour: auth0.Int(10),
+ },
+ },
+ Organizations: &TokenQuota{
+ &TokenQuotaClientCredentials{
+ Enforce: auth0.Bool(true),
+ PerDay: auth0.Int(100),
+ PerHour: auth0.Int(10),
+ },
+ },
+ },
}
err = api.Tenant.Update(context.Background(), newTenantSettings)
assert.NoError(t, err)
@@ -123,6 +158,8 @@ func TestTenantManager_NullableFields(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, newTenantSettings.GetACRValuesSupported(), actualTenantSettings.GetACRValuesSupported())
assert.Equal(t, newTenantSettings.GetMTLS().GetEnableEndpointAliases(), actualTenantSettings.GetMTLS().GetEnableEndpointAliases())
+ assert.Equal(t, newTenantSettings.GetDefaultTokenQuota().GetClients().GetClientCredentials(), actualTenantSettings.GetDefaultTokenQuota().GetClients().GetClientCredentials())
+ assert.Equal(t, newTenantSettings.GetDefaultTokenQuota().GetOrganizations().GetClientCredentials(), actualTenantSettings.GetDefaultTokenQuota().GetOrganizations().GetClientCredentials())
// Set empty array values for ACRValuesSupported
emptyACRValuesSupported := &Tenant{
@@ -138,10 +175,12 @@ func TestTenantManager_NullableFields(t *testing.T) {
type CustomTenant struct {
ACRValuesSupported *[]string `json:"acr_values_supported"`
MTLS *TenantMTLSConfiguration `json:"mtls"`
+ DefaultTokenQuota *TenantDefaultTokenQuota `json:"default_token_quota"`
}
nullableTenantSettings := &CustomTenant{
ACRValuesSupported: nil,
MTLS: nil,
+ DefaultTokenQuota: nil,
}
err = api.Request(context.Background(), http.MethodPatch, api.URI("tenants", "settings"), nullableTenantSettings)
assert.NoError(t, err)
@@ -149,6 +188,7 @@ func TestTenantManager_NullableFields(t *testing.T) {
assert.NoError(t, err)
assert.Nil(t, actualTenantSettings.GetACRValuesSupported())
assert.Nil(t, actualTenantSettings.GetMTLS())
+ assert.Nil(t, actualTenantSettings.GetDefaultTokenQuota())
}
func TestTenant_MarshalJSON(t *testing.T) {
diff --git a/test/data/recordings/TestTenantManager.yaml b/test/data/recordings/TestTenantManager.yaml
index 8c51ba0e..77a6fa19 100644
--- a/test/data/recordings/TestTenantManager.yaml
+++ b/test/data/recordings/TestTenantManager.yaml
@@ -48,7 +48,7 @@ interactions:
remote_addr: ""
request_uri: ""
body: |
- {"friendly_name":"My Example Tenant","support_email":"support@example.com","support_url":"https://support.example.com","allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"session_lifetime":1080,"idle_session_lifetime":720,"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"session_cookie":{"mode":"non-persistent"},"sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"acr_values_supported":["foo","bar"],"mtls":{"enable_endpoint_aliases":true},"pushed_authorization_requests_supported":true}
+ {"friendly_name":"My Example Tenant","support_email":"support@example.com","support_url":"https://support.example.com","allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"session_lifetime":1080,"idle_session_lifetime":720,"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["fr","en","es"],"session_cookie":{"mode":"non-persistent"},"sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"acr_values_supported":["foo","bar"],"mtls":{"enable_endpoint_aliases":true},"pushed_authorization_requests_supported":true}
form: {}
headers:
Content-Type:
@@ -65,7 +65,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
+ body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -100,7 +100,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
+ body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -136,7 +136,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
+ body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -171,7 +171,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
+ body: '{"allowed_logout_urls":["https://app.com/logout","http://localhost/logout"],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["fr","en","es"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":true},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -207,7 +207,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
+ body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"oidc_logout":{"rp_logout_end_session_endpoint_discovery":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
headers:
Content-Type:
- application/json; charset=utf-8
diff --git a/test/data/recordings/TestTenantManager_NullableFields.yaml b/test/data/recordings/TestTenantManager_NullableFields.yaml
index b84e0514..6a0f1411 100644
--- a/test/data/recordings/TestTenantManager_NullableFields.yaml
+++ b/test/data/recordings/TestTenantManager_NullableFields.yaml
@@ -48,7 +48,7 @@ interactions:
remote_addr: ""
request_uri: ""
body: |
- {"acr_values_supported":["foo","bar"],"mtls":{"enable_endpoint_aliases":true}}
+ {"acr_values_supported":["foo","bar"],"mtls":{"enable_endpoint_aliases":true},"default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}}}
form: {}
headers:
Content-Type:
@@ -65,7 +65,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":[],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
+ body: '{"allowed_logout_urls":[],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -100,7 +100,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":[],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
+ body: '{"allowed_logout_urls":[],"acr_values_supported":["foo","bar"],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -136,7 +136,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
+ body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"cannot_change_enforce_client_authentication_on_passwordless_start":true,"disable_impersonation":true,"enable_sso":true,"enforce_client_authentication_on_passwordless_start":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true},"is_custom_template_set":true,"identifier_first":false,"webauthn_platform_first_factor":false},"session_cookie":{"mode":"non-persistent"}}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -171,7 +171,7 @@ interactions:
trailer: {}
content_length: -1
uncompressed: true
- body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
+ body: '{"allowed_logout_urls":[],"acr_values_supported":[],"default_redirection_uri":"https://example.com/login","default_token_quota":{"clients":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}},"organizations":{"client_credentials":{"enforce":true,"per_day":100,"per_hour":10}}},"enabled_locales":["en"],"flags":{"allow_changing_enable_sso":false,"disable_impersonation":true,"enable_sso":true,"new_universal_login_experience_enabled":true,"universal_login":true,"revoke_refresh_token_grant":false,"mfa_show_factor_list_on_enrollment":false,"remove_alg_from_jwks":true,"disable_clickjack_protection_headers":false},"friendly_name":"My Example Tenant","guardian_mfa_page":{"enabled":true,"html":"\n\n\n 2nd Factor Authentication\n \n \n \n\n\n\n\n \n\n \n\n \n\n\n"},"idle_session_lifetime":720,"sandbox_version":"12","session_lifetime":1080,"support_email":"support@example.com","support_url":"https://support.example.com","sessions":{"oidc_logout_prompt_enabled":false},"customize_mfa_in_postlogin_action":true,"pushed_authorization_requests_supported":true,"mtls":{"enable_endpoint_aliases":true},"universal_login":{"passwordless":{"allow_magiclink_verify_without_session":true}},"session_cookie":{"mode":"non-persistent"},"sandbox_versions_available":["18","16","12"]}'
headers:
Content-Type:
- application/json; charset=utf-8
@@ -190,7 +190,7 @@ interactions:
remote_addr: ""
request_uri: ""
body: |
- {"acr_values_supported":null,"mtls":null}
+ {"acr_values_supported":null,"mtls":null,"default_token_quota":null}
form: {}
headers:
Content-Type: