search

RIPAGlobal / scimitar

A SCIM v2 API endpoint implementation
MIT License
61 stars 43 forks source link

ResourceTypes endpoint returns incorrect response #146

Closed pbouda closed 3 weeks ago

pbouda commented 1 month ago

I was testing a Rails application that uses scimitar with the following test suite: https://github.com/yaal-coop/scim2-tester

The test suite complains about an incorrect response when I query the /ResourceTypes. The response with curl is:

{
  "resource_types": [
    {
      "meta": {
        "resourceType": "ResourceType",
        "location": "http://127.0.0.1:3000/scim_v2/ResourceTypes/User"
      },
      "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
      "endpoint": "/Users",
      "schema": "urn:ietf:params:scim:schemas:core:2.0:User",
      "id": "User",
      "name": "User"
    },
    {
      "meta": {
        "resourceType": "ResourceType",
        "location": "http://127.0.0.1:3000/scim_v2/ResourceTypes/Group"
      },
      "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
      "endpoint": "/Groups",
      "schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
      "id": "Group",
      "name": "Group"
    }
  ]
}

The test suite complains that it's missing the schemas (should be urn:ietf:params:scim:api:messages:2.0:ListResponse) and totalResults attributes, and it should be Resources instead of resource_types, as defined as required here: https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2

The same document provides and example response here on page 75: https://datatracker.ietf.org/doc/html/rfc7644#section-4

Let me know what you think, I could try to provide a PR for the changes if you think they should be done.

marcosnovaesq commented 4 weeks ago

same thing, discovered when testing through https://github.com/suvera/scim2-compliance-test-utility

did manual changes as i needed to overwrite this controller anyway

With me it complained it was not an object, and an array lack of totalResults, schemas, itemsPerPage and startIndex also but that last ones might be my utility tool specific, not sure

https://developer.4me.com/v1/scim/schemas/ checking against it as well

pbouda commented 3 weeks ago

With me it complained it was not an object, and an array lack of totalResults, schemas, itemsPerPage and startIndex also but that last ones might be my utility tool specific, not sure

If I read the RFC correctly then itemsPerPage and startIndex would not be required in this case, they say REQUIRED when partial results are returned due to pagination..

pbouda commented 3 weeks ago

The PR was merged (thanks!), so I will close this.