Introduction
Default models
The SCIM Core Schema defines three models that are included within the library: User, Group, and EnterpriseUser. The User and Group models are SCIM resources and are therefore derived from Resource. The Resource type is leveraged within the default validators and stores. EnterpriseUser is a resource extension and has no base type. Any custom resource extensions will not need to derive from any type specifically.
The SCIM Core Schema also defines attributes of the properties within the resource and resource extension type. Within the library, these have been converted to an attribute-based system.
Required Attribute
When used on a property within a model, the Required attribute indicates to the default validator when the property value must be included within a SCIM request. When using this attribute, you pass in an enum value to dictate under which conditions the property is required.
public enum Required
{
None = 0,
Create = 1, // A POST request
Update = 2, // A PUT request
}
Returned Attribute
When used on a property within a model, then Returned attribute will signal to the library when to return this property in the response JSON. When using the returned attribute, an enum is passed into the constructor to dictate under which conditions the property is returned. Within the current implementation, the only valid value is Never.
public enum Returned
{
Default = 0,
Never = 1,
Always = 2,
Request = 3
}
Mutability Attribute
When used on a property within a model, the Mutability attribute will signal to the default validator when a property value must be included within a SCIM request. When using this attribute, you pass in an enum value to dictate under which conditions the property can be updated.
public enum Mutability
{
ReadWrite = 0,
ReadOnly = 1,
Immutable = 2,
WriteOnly = 3,
}
Unique Attribute
When used on a property within a model, the Unique attribute will signal to the validator that the value provided must be unique across the whole set of models. An example of this is the UserName property in the User model. If a request were to be made to the SCIM Service Provider with a UserName that already exits for a User within the store, then an error will be returned from the Service Provider.
Default validation
The default validator will utilize the models and attributes described above to ensure that a request made to any registered endpoint will validate and return errors if the request body doesn't match the rules defined in the model.
Default stores
The library has two stores that are used: the in-memory store and the Entity Framework store. For information on the in-memory store, please go to the documentation page, for information on the Entity Framework store please go to the documentation page
Example Model
The model below requires the Username property to have a value for both Create (POST) and Update (PUT) requests. If a value is not present, the HTTP response will indicate failure. As well as this, the Password property will be allowed on the initial Create request but will not be expected to be provided in subsequent requests. If a value is provided in subsequent requests, an HTTP response will be returned that indicates a failure. Lastly, the Password property will never be returned in the HTTP response should a successful request be made.
public class ScimModel : Resource
{
public ScimModel() : base("ScimModel")
{
}
[Required(Required.Update, Required.Create)]
public string Username { get; set; }
[Returned(Returned.Never)]
[Mutability(Mutability.WriteOnly)]
public string Password { get; set; }
[Mutability(Mutability.Immutable)]
public string GovernmentId { get; set; }
}
For the following body for a Create request, the validator will catch that there is no Username present and return an HTTP response with a 400 Bad Request status code and detail about the error in the body.
{
"userName": "",
"password":"Longpassword123!",
"GovernmentId": "Gov_123"
...
}
{
"status": 400,
"detail": "UserName is required"
}
If the following body for an Update request were to be used, then the validator will catch that there is a GovernmentId present and return an HTTP response with a 400 Bad Request status code and detail about the error in the body.
{
"id":"ed53f9e8-8a60-447d-88f4-6518bbc300ed",
"userName": "[email protected]",
"password":"Longpassword123!",
"GovernmentId": "Gov_New_Id"
...
}
{
"status": 400,
"detail": "Property GovernmentId is immutable"
}