search

simpleidserver / SimpleIdServer

OpenID, OAuth 2.0, SCIM2.0, UMA2.0, FAPI, CIBA & OPENBANKING Framework for ASP.NET Core
https://simpleidserver.com/
Apache License 2.0
683 stars 90 forks source link

[SCIM] PATCH User name issue #690

Closed polybogdan closed 4 weeks ago

polybogdan commented 5 months ago

Hello,

Am am experiencing an issue while patching a user with name details:

{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "replace", "value": { "name": { "givenName": "Given Updated" } } } ] }

image

Same if both properties of the name "familyName" , "givenName" are passed in 2 different operations image

simpleidserver commented 5 months ago

It is normal for this issue to occur. You are attempting to replace the 'name' attribute, but the required attributes specified in the HTTP request are not being passed. The required attributes are defined in UserSchema :)

polybogdan commented 5 months ago

so your advice is to just change the required type of the attributes ?

doing so i lose the value of the property that was not replaced

image

simpleidserver commented 5 months ago

There are two methods to update the name property.

Update the entire name property and pass the required parameters. If the sub-properties are not present, they will be removed.

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "replace",
      "value": {
        "name": {
          "formatted": "formatted",
          "middleName": "middleName",
          "familyName": "familyName",
          "givenName": "Given Updated"
        }
      }
    }
  ]
}

Use the path parameter to update a specific property:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "replace",
      "path": "name.givenName",
      "value": "Given Updated"
    }
  ]
}
vincentmauduit commented 1 month ago

Hello,

@simpleidserver the RFC says: image

So, if I send this payload: { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "replace", "value": { "name": { "familyName": "XXXX" } } } ] }

Then it should not override the givenName value as it says in the RFC

Sub-attributes that are not specified in the "value" parameter are left unchanged

No ?

simpleidserver commented 1 month ago

Hello,

Indeed, there is an issue in the current implementation. This issue will be fixed as soon as possible.

Best regards,

SID

simpleidserver commented 1 month ago

After verification, the current implementation appears to be correct.

First scenario

When the target location (path attribute) is specified and specifies a complex attribute, sub-attributes that are not specified in the value parameter are left unchanged.

Request :

HTTP PATH : http://localhost/Users/$id$
{
    "Operations": [ { "op": "replace", "path": "name", "value" : { "formatted" : "newformatted", "familyName": "newfamilyName" } } ]
}

Result

As you can see below, the givenName is not overridden.

HTTP GET : http://localhost/Users/$id$

{
    { "name" : { "formatted": "newFormatted", "familyName": "newfamilyName", "givenName": "givenName" } }
}

Second scenario

the path parameter is not specified, the value contains a list of one or more attributes that are to be replaced.

Request :

HTTP PATH : http://localhost/Users/$id$

{
    "Operations": [ { "op": "replace", "value" : { "name": { "formatted" : "newformatted", "familyName": "newfamilyName" } } } ]
}

Result

HTTP GET : http://localhost/Users/$id$

{
    { "name" : { "formatted": "newFormatted", "familyName": "newfamilyName" } }
}
vincentmauduit commented 4 weeks ago

Hello,

Great, understood. I didn't pay attention to this part of the RFC: image

Thanks