Merge pull request #6070 from ShanChathusanda93/issuer-selection-doc-impr-branch

Add documentation for issuer selection capability for organization applications

Author: ShanChathusanda93

en/asgardeo/docs/assets/img/guides/applications/organization-applications/organization-application-create.png

@@ -1,3 +1,3 @@
 {% set root_org_url = "https://api.asgardeo.io/t/{root-organization-name}" %}
 
-{% include "../../../../includes/guides/organization-management/organization-applications.md" %}
+{% include "../../../../includes/guides/organization-management/organization-applications.md" %}

en/asgardeo/docs/assets/img/guides/organization/issuer-usage-scope/issuer-usage-scope-config-page.png

@@ -0,0 +1 @@
+{% include "../../../../includes/guides/organization-management/select-token-issuer-for-organization-apps.md" %}

en/asgardeo/docs/assets/img/guides/organization/issuer-usage-scope/issuer-usage-scope-config.png

@@ -528,7 +528,9 @@ nav:
             - Self-service approach: guides/organization-management/onboard-org-admins/self-service-approach.md
         - Configure organization applications:
           - Share applications: guides/organization-management/share-applications.md
-          - Create organization applications: guides/organization-management/organization-applications.md
+          - Organization applications:
+            - Create applications: guides/organization-management/organization-applications.md
+            - Select token issuer: guides/organization-management/select-token-issuer-for-organization-apps.md
           - Manage conflicts in organizations: guides/organization-management/manage-conflicts-in-organizations.md
         - Authorize API resources:
           - Overview: guides/organization-management/api-authorization-overview.md

en/asgardeo/docs/guides/organization-management/organization-applications.md

@@ -155,6 +155,10 @@ paths:
                       method: "A128CBC+HS256"
                   scopeValidators:
                     - "Role based scope validator"
+                  issuer:
+                    organizationId: "bdece142-646b-45c0-9385-a4159f1ea219"
+                    tenantDomain: "wso2-sub.com"
+                    value: "https://localhost:9443/t/carbon.super/o/bdece142-646b-45c0-9385-a4159f1ea219/oauth2/token"
         description: This represents the application to be created.
         required: true
       responses:
@@ -259,7 +263,12 @@ paths:
                 },
                 "scopeValidators": [
                   "Role based scope validator"
-                ]
+                ],
+                "issuer": {
+                  "organizationId": "bdece142-646b-45c0-9385-a4159f1ea219",
+                  "tenantDomain": "wso2-sub.com",
+                  "value": "https://localhost:9443/t/carbon.super/o/bdece142-646b-45c0-9385-a4159f1ea219/oauth2/token"
+                }
               }
             }
             }'
@@ -925,6 +934,10 @@ paths:
                   subjectType: "public"
                   sectorIdentifierUri: "https://app.example.com"
                 isFAPIApplication: false
+                issuer:
+                  organizationId: "bdece142-646b-45c0-9385-a4159f1ea219"
+                  tenantDomain: "wso2-sub.com"
+                  value: "https://localhost:9443/t/carbon.super/o/bdece142-646b-45c0-9385-a4159f1ea219/oauth2/token"
         '400':
           description: Bad Request
           content:
@@ -1063,7 +1076,12 @@ paths:
                 "subjectType": "public",
                 "sectorIdentifierUri": "https://app.example.com"
               },
-              "isFAPIApplication": false
+              "isFAPIApplication": false,
+              "issuer": {
+                "organizationId": "bdece142-646b-45c0-9385-a4159f1ea219",
+                "tenantDomain": "wso2-sub.com",
+                "value": "https://localhost:9443/t/carbon.super/o/bdece142-646b-45c0-9385-a4159f1ea219/oauth2/token"
+              }
             }'
       requestBody:
         content:
@@ -1111,6 +1129,10 @@ paths:
                 subjectType: "public"
                 sectorIdentifierUri: "https://app.example.com"
               isFAPIApplication: false
+              issuer:
+                organizationId: "bdece142-646b-45c0-9385-a4159f1ea219"
+                tenantDomain: "wso2-sub.com"
+                value: "https://localhost:9443/t/carbon.super/o/bdece142-646b-45c0-9385-a4159f1ea219/oauth2/token"
         description: >-
           This represents the OIDC authentication protocol parameters of an
           application.
@@ -2208,6 +2230,8 @@ components:
           default: false
           description: Enabling this option will make the application FAPI conformant.
           example: false
+        issuer:
+          $ref: '#/components/schemas/AllowedIssuer'
     OAuth2PKCEConfiguration:
       type: object
       properties:
@@ -2361,6 +2385,23 @@ components:
         sectorIdentifierUri:
           type: string
           example: 'https://app.example.com'
+    AllowedIssuer:
+      type: object
+      properties:
+        value:
+          type: string
+          readOnly: true
+          description: The issuer URL of the allowed issuer organization.
+          example: "https://localhost:9443/t/carbon.super/o/bdece142-646b-45c0-9385-a4159f1ea219/oauth2/token"
+        organizationId:
+          type: string
+          description: Organization ID of the allowed issuer.
+          example: "bdece142-646b-45c0-9385-a4159f1ea219"
+        tenantDomain:
+          type: string
+          readOnly: true
+          description: Tenant domain of the allowed issuer.
+          example: "wso2-sub.com"
     OIDCLogoutConfiguration:
       type: object
       properties: