Add methods to manage enterprise connection

Author: LauraBeatris

packages/clerk-js/src/core/resources/User.ts

@@ -14,7 +14,9 @@ import type {
   EnterpriseConnectionResource,
   ExternalAccountJSON,
   ExternalAccountResource,
+  CreateMeEnterpriseConnectionParams,
   GetEnterpriseConnectionsParams,
+  UpdateMeEnterpriseConnectionParams,
   GetOrganizationMemberships,
   GetUserOrganizationInvitationsParams,
   GetUserOrganizationSuggestionsParams,
@@ -36,6 +38,10 @@ import type {
 } from '@clerk/shared/types';
 
 import { unixEpochToDate } from '../../utils/date';
+import {
+  buildCreateMeEnterpriseConnectionBody,
+  buildUpdateMeEnterpriseConnectionBody,
+} from '../../utils/meEnterpriseConnectionBody';
 import { normalizeUnsafeMetadata } from '../../utils/resourceParams';
 import { eventBus, events } from '../events';
 import { addPaymentMethod, getPaymentMethods, initializePaymentMethod } from '../modules/billing';
@@ -316,6 +322,46 @@ export class User extends BaseResource implements UserResource {
     return (json || []).map(connection => new EnterpriseConnection(connection));
   };
 
+  createEnterpriseConnection = async (
+    params: CreateMeEnterpriseConnectionParams,
+  ): Promise<EnterpriseConnectionResource> => {
+    const json = (
+      await BaseResource._fetch<EnterpriseConnectionJSON>({
+        path: `${this.path()}/enterprise_connections`,
+        method: 'POST',
+        body: buildCreateMeEnterpriseConnectionBody(params) as any,
+      })
+    )?.response as unknown as EnterpriseConnectionJSON;
+
+    return new EnterpriseConnection(json);
+  };
+
+  updateEnterpriseConnection = async (
+    enterpriseConnectionId: string,
+    params: UpdateMeEnterpriseConnectionParams,
+  ): Promise<EnterpriseConnectionResource> => {
+    const json = (
+      await BaseResource._fetch<EnterpriseConnectionJSON>({
+        path: `${this.path()}/enterprise_connections/${enterpriseConnectionId}`,
+        method: 'PATCH',
+        body: buildUpdateMeEnterpriseConnectionBody(params) as any,
+      })
+    )?.response as unknown as EnterpriseConnectionJSON;
+
+    return new EnterpriseConnection(json);
+  };
+
+  deleteEnterpriseConnection = async (enterpriseConnectionId: string): Promise<DeletedObjectResource> => {
+    const json = (
+      await BaseResource._fetch<DeletedObjectJSON>({
+        path: `${this.path()}/enterprise_connections/${enterpriseConnectionId}`,
+        method: 'DELETE',
+      })
+    )?.response as unknown as DeletedObjectJSON;
+
+    return new DeletedObject(json);
+  };
+
   initializePaymentMethod: typeof initializePaymentMethod = params => {
     return initializePaymentMethod(params);
   };

packages/clerk-js/src/core/resources/__tests__/User.test.ts

@@ -139,6 +139,136 @@ describe('User', () => {
     expect(connections[0].allowOrganizationAccountLinking).toBe(true);
   });
 
+  it('creates an enterprise connection', async () => {
+    const enterpriseConnectionJSON = {
+      id: 'ec_new',
+      object: 'enterprise_connection' as const,
+      name: 'New SSO',
+      active: true,
+      provider: 'saml_okta',
+      logo_public_url: null,
+      domains: ['acme.com'],
+      organization_id: null,
+      sync_user_attributes: true,
+      disable_additional_identifications: false,
+      allow_organization_account_linking: false,
+      custom_attributes: [],
+      oauth_config: null,
+      saml_connection: null,
+      created_at: 1234567890,
+      updated_at: 1234567890,
+    };
+
+    // @ts-ignore
+    BaseResource._fetch = vi.fn().mockReturnValue(Promise.resolve({ response: enterpriseConnectionJSON }));
+
+    const user = new User({
+      email_addresses: [],
+      phone_numbers: [],
+      web3_wallets: [],
+      external_accounts: [],
+    } as unknown as UserJSON);
+
+    const conn = await user.createEnterpriseConnection({
+      provider: 'saml_okta',
+      name: 'New SSO',
+      organizationId: 'org_1',
+      saml: { idpEntityId: 'https://idp.example.com' },
+    });
+
+    // @ts-ignore
+    expect(BaseResource._fetch).toHaveBeenCalledWith({
+      method: 'POST',
+      path: '/me/enterprise_connections',
+      body: {
+        provider: 'saml_okta',
+        name: 'New SSO',
+        organization_id: 'org_1',
+        saml: { idp_entity_id: 'https://idp.example.com' },
+      },
+    });
+
+    expect(conn.id).toBe('ec_new');
+    expect(conn.name).toBe('New SSO');
+  });
+
+  it('updates an enterprise connection', async () => {
+    const enterpriseConnectionJSON = {
+      id: 'ec_123',
+      object: 'enterprise_connection' as const,
+      name: 'Updated',
+      active: false,
+      provider: 'saml_okta',
+      logo_public_url: null,
+      domains: ['acme.com'],
+      organization_id: null,
+      sync_user_attributes: true,
+      disable_additional_identifications: false,
+      allow_organization_account_linking: false,
+      custom_attributes: [],
+      oauth_config: null,
+      saml_connection: null,
+      created_at: 1234567890,
+      updated_at: 1234567900,
+    };
+
+    // @ts-ignore
+    BaseResource._fetch = vi.fn().mockReturnValue(Promise.resolve({ response: enterpriseConnectionJSON }));
+
+    const user = new User({
+      email_addresses: [],
+      phone_numbers: [],
+      web3_wallets: [],
+      external_accounts: [],
+    } as unknown as UserJSON);
+
+    await user.updateEnterpriseConnection('ec_123', {
+      name: 'Updated',
+      active: false,
+      syncUserAttributes: true,
+    });
+
+    // @ts-ignore
+    expect(BaseResource._fetch).toHaveBeenCalledWith({
+      method: 'PATCH',
+      path: '/me/enterprise_connections/ec_123',
+      body: {
+        name: 'Updated',
+        active: false,
+        sync_user_attributes: true,
+      },
+    });
+  });
+
+  it('deletes an enterprise connection', async () => {
+    const deletedJSON = {
+      object: 'enterprise_connection',
+      id: 'ec_123',
+      deleted: true,
+    };
+
+    // @ts-ignore
+    BaseResource._fetch = vi.fn().mockReturnValue(Promise.resolve({ response: deletedJSON }));
+
+    const user = new User({
+      email_addresses: [],
+      phone_numbers: [],
+      web3_wallets: [],
+      external_accounts: [],
+    } as unknown as UserJSON);
+
+    const result = await user.deleteEnterpriseConnection('ec_123');
+
+    // @ts-ignore
+    expect(BaseResource._fetch).toHaveBeenCalledWith({
+      method: 'DELETE',
+      path: '/me/enterprise_connections/ec_123',
+    });
+
+    expect(result.id).toBe('ec_123');
+    expect(result.deleted).toBe(true);
+  });
+
   it('creates a web3 wallet', async () => {
     const targetWeb3Wallet = '0x0000000000000000000000000000000000000000';
     const web3WalletJSON = {

packages/clerk-js/src/utils/meEnterpriseConnectionBody.ts

@@ -0,0 +1,72 @@
+import type {
+  CreateMeEnterpriseConnectionParams,
+  MeEnterpriseConnectionOidcInput,
+  MeEnterpriseConnectionSamlInput,
+  UpdateMeEnterpriseConnectionParams,
+} from '@clerk/shared/types';
+
+function samlToJson(saml: MeEnterpriseConnectionSamlInput): Record<string, unknown> {
+  const body: Record<string, unknown> = {};
+  if (saml.idpEntityId !== undefined) body.idp_entity_id = saml.idpEntityId;
+  if (saml.idpSsoUrl !== undefined) body.idp_sso_url = saml.idpSsoUrl;
+  if (saml.idpCertificate !== undefined) body.idp_certificate = saml.idpCertificate;
+  if (saml.idpMetadataUrl !== undefined) body.idp_metadata_url = saml.idpMetadataUrl;
+  if (saml.idpMetadata !== undefined) body.idp_metadata = saml.idpMetadata;
+  if (saml.attributeMapping !== undefined) body.attribute_mapping = saml.attributeMapping;
+  if (saml.allowSubdomains !== undefined) body.allow_subdomains = saml.allowSubdomains;
+  if (saml.allowIdpInitiated !== undefined) body.allow_idp_initiated = saml.allowIdpInitiated;
+  if (saml.forceAuthn !== undefined) body.force_authn = saml.forceAuthn;
+  return body;
+}
+
+function oidcToJson(oidc: MeEnterpriseConnectionOidcInput): Record<string, unknown> {
+  const body: Record<string, unknown> = {};
+  if (oidc.clientId !== undefined) body.client_id = oidc.clientId;
+  if (oidc.clientSecret !== undefined) body.client_secret = oidc.clientSecret;
+  if (oidc.discoveryUrl !== undefined) body.discovery_url = oidc.discoveryUrl;
+  if (oidc.authUrl !== undefined) body.auth_url = oidc.authUrl;
+  if (oidc.tokenUrl !== undefined) body.token_url = oidc.tokenUrl;
+  if (oidc.userInfoUrl !== undefined) body.user_info_url = oidc.userInfoUrl;
+  if (oidc.requiresPkce !== undefined) body.requires_pkce = oidc.requiresPkce;
+  return body;
+}
+
+export function buildCreateMeEnterpriseConnectionBody(
+  params: CreateMeEnterpriseConnectionParams,
+): Record<string, unknown> {
+  const body: Record<string, unknown> = {
+    provider: params.provider,
+    name: params.name,
+  };
+  if (params.organizationId !== undefined) {
+    body.organization_id = params.organizationId;
+  }
+  if (params.saml !== undefined) {
+    body.saml = params.saml === null ? null : samlToJson(params.saml);
+  }
+  if (params.oidc !== undefined) {
+    body.oidc = params.oidc === null ? null : oidcToJson(params.oidc);
+  }
+  return body;
+}
+
+export function buildUpdateMeEnterpriseConnectionBody(
+  params: UpdateMeEnterpriseConnectionParams,
+): Record<string, unknown> {
+  const body: Record<string, unknown> = {};
+  if (params.name !== undefined) body.name = params.name;
+  if (params.active !== undefined) body.active = params.active;
+  if (params.syncUserAttributes !== undefined) body.sync_user_attributes = params.syncUserAttributes;
+  if (params.disableAdditionalIdentifications !== undefined) {
+    body.disable_additional_identifications = params.disableAdditionalIdentifications;
+  }
+  if (params.organizationId !== undefined) body.organization_id = params.organizationId;
+  if (params.customAttributes !== undefined) body.custom_attributes = params.customAttributes;
+  if (params.saml !== undefined) {
+    body.saml = params.saml === null ? null : samlToJson(params.saml);
+  }
+  if (params.oidc !== undefined) {
+    body.oidc = params.oidc === null ? null : oidcToJson(params.oidc);
+  }
+  return body;
+}

packages/shared/src/types/enterpriseConnection.ts

@@ -97,3 +97,53 @@ export interface EnterpriseOAuthConfigResource {
   createdAt: Date | null;
   updatedAt: Date | null;
 }
+
+export type MeEnterpriseConnectionProvider =
+  | 'saml_custom'
+  | 'saml_okta'
+  | 'saml_google'
+  | 'saml_microsoft'
+  | 'oidc_custom'
+  | 'oidc_github_enterprise'
+  | 'oidc_gitlab';
+
+export type MeEnterpriseConnectionSamlInput = {
+  idpEntityId?: string | null;
+  idpSsoUrl?: string | null;
+  idpCertificate?: string | null;
+  idpMetadataUrl?: string | null;
+  idpMetadata?: string | null;
+  attributeMapping?: Record<string, unknown> | null;
+  allowSubdomains?: boolean | null;
+  allowIdpInitiated?: boolean | null;
+  forceAuthn?: boolean | null;
+};
+
+export type MeEnterpriseConnectionOidcInput = {
+  clientId?: string | null;
+  clientSecret?: string | null;
+  discoveryUrl?: string | null;
+  authUrl?: string | null;
+  tokenUrl?: string | null;
+  userInfoUrl?: string | null;
+  requiresPkce?: boolean | null;
+};
+
+export type CreateMeEnterpriseConnectionParams = {
+  provider: MeEnterpriseConnectionProvider;
+  name: string;
+  organizationId?: string | null;
+  saml?: MeEnterpriseConnectionSamlInput | null;
+  oidc?: MeEnterpriseConnectionOidcInput | null;
+};
+
+export type UpdateMeEnterpriseConnectionParams = {
+  name?: string | null;
+  active?: boolean | null;
+  syncUserAttributes?: boolean | null;
+  disableAdditionalIdentifications?: boolean | null;
+  organizationId?: string | null;
+  customAttributes?: Record<string, unknown> | null;
+  saml?: MeEnterpriseConnectionSamlInput | null;
+  oidc?: MeEnterpriseConnectionOidcInput | null;
+};

packages/shared/src/types/user.ts

@@ -3,7 +3,11 @@ import type { BillingPayerMethods } from './billing';
 import type { DeletedObjectResource } from './deletedObject';
 import type { EmailAddressResource } from './emailAddress';
 import type { EnterpriseAccountResource } from './enterpriseAccount';
-import type { EnterpriseConnectionResource } from './enterpriseConnection';
+import type {
+  CreateMeEnterpriseConnectionParams,
+  EnterpriseConnectionResource,
+  UpdateMeEnterpriseConnectionParams,
+} from './enterpriseConnection';
 import type { ExternalAccountResource } from './externalAccount';
 import type { ImageResource } from './image';
 import type { UserJSON } from './json';
@@ -120,6 +124,14 @@ export interface UserResource extends ClerkResource, BillingPayerMethods {
   getOrganizationCreationDefaults: () => Promise<OrganizationCreationDefaultsResource>;
   leaveOrganization: (organizationId: string) => Promise<DeletedObjectResource>;
   getEnterpriseConnections: (params?: GetEnterpriseConnectionsParams) => Promise<EnterpriseConnectionResource[]>;
+  createEnterpriseConnection: (
+    params: CreateMeEnterpriseConnectionParams,
+  ) => Promise<EnterpriseConnectionResource>;
+  updateEnterpriseConnection: (
+    enterpriseConnectionId: string,
+    params: UpdateMeEnterpriseConnectionParams,
+  ) => Promise<EnterpriseConnectionResource>;
+  deleteEnterpriseConnection: (enterpriseConnectionId: string) => Promise<DeletedObjectResource>;
   createTOTP: () => Promise<TOTPResource>;
   verifyTOTP: (params: VerifyTOTPParams) => Promise<TOTPResource>;
   disableTOTP: () => Promise<DeletedObjectResource>;