fix(terraform-provider-jans): update terraform module

fix(terraform-provider-jans): update terraform module

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [1.1.0](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.2...v1.1.0) (2024-03-12)
+
+
+### Features
+
+* add KC and sync with upstream APIs 
+
+
+### Bug Fixes
+
+* oidc backchannel_user_code_parameter schema type 
+* sync with upstream 
+* update readme 
+
 ## [0.8.2](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.1...v0.8.2) (2023-11-09)
 
 

README.md

@@ -42,4 +42,3 @@ If any of those 3 parameters is not provided, the provider will not be able to c
 Optionally, users can also set the following variables:
 
 * `insecure_client` - If set to `true`, the provider will not verify the TLS certificate of the Janssen server. This is useful for testing purposes and should not be used in production, unless absolutely unavoidable.
-

docs/data-sources/custom_script_types.md

@@ -10,7 +10,16 @@ description: |-
 
 Data source for retrieving supported custom script types.
 
+## Example Usage
 
+```terraform
+data "jans_custom_script_types" "script_types" {
+}
+
+output "script_type_client_registration_enabled" {
+  value = contains(data.jans_custom_script_types.script_types, "client_registration")
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
@@ -19,5 +28,3 @@ Data source for retrieving supported custom script types.
 
 - `id` (String) The ID of this resource.
 - `types` (List of String) A list of support custom script types.
-
-

docs/data-sources/fido2_configuration.md

@@ -22,5 +22,3 @@ Data source for retrieving the Fido2 configuration of the Janssen server
 - `id` (String) The ID of this resource.
 - `issuer` (String) A URI indicating the party operating the FIDO U2F server.
 - `version` (String) The version of the FIDO2 U2F core protocol to which this server conforms. The value MUST be the string 1.0.
-
-

docs/data-sources/persistence_config.md

@@ -28,5 +28,3 @@ output "persistence_config" {
 
 - `id` (String) The ID of this resource.
 - `persistence_type` (String)
-
-

docs/data-sources/plugins.md

@@ -28,5 +28,3 @@ Read-Only:
 - `class_name` (String)
 - `description` (String)
 - `name` (String)
-
-

docs/data-sources/schema.md

@@ -102,5 +102,3 @@ Read-Only:
 - `last_modified` (String)
 - `location` (String)
 - `resource_type` (String)
-
-

docs/data-sources/service_provider_config.md

@@ -112,5 +112,3 @@ Read-Only:
 Read-Only:
 
 - `supported` (Boolean)
-
-

docs/index.md

@@ -15,6 +15,16 @@ To use the provider, you need to provide the URL of the Jansen instance, as
 well as valid credentials that have access to the Janssen instance.
 
 ```terraform
+terraform {
+  required_version = ">= 0.12.0"
+  required_providers {
+    janssen = {
+      source = "JanssenProject/jans"
+      version = "0.6.0"
+    }
+  }
+}
+
 provider "jans" {
   url           = "https://test-instnace.jans.io"
   client_id     = "1800.3d29d884-e56b-47ac-83ab-b37942b83a89"

docs/resources/agama_deployment.md

@@ -18,15 +18,18 @@ Resource for managing agama authentication flow deployments.
 ### Required
 
 - `deployment_file` (String) Path to the deployment file (in zip format)
-- `deployment_file_hash` (String) Hash of the deployment file, used to detect changes.
 - `name` (String) Agama project name
 
+### Optional
+
+- `autoconfigure` (Boolean) Passing 'true' will make this project be configured with the sample configurations
+				found in the provided binary archive. This param should rarely be passed: use only in controlled 
+				environments where the archive is not shared with third parties
+
 ### Read-Only
 
 - `base_dn` (String) Agama deployment base DN
 - `created_at` (String) Agama deployment creation time
 - `dn` (String) Agama deployment DN
 - `id` (String) Agama deployment ID
 - `task_active` (Boolean) Boolean value with default value false.
-
-

docs/resources/app_configuration.md

@@ -35,7 +35,10 @@ resource "jans_app_configuration" "global" {
 - `allow_end_session_with_unmatched_sid` (Boolean) Boolean value specifying whether to allow end session with unmatched SID.
 - `allow_id_token_without_implicit_grant_type` (Boolean) Specifies if a token without implicit grant types is allowed.
 - `allow_post_logout_redirect_without_validation` (Boolean) Allows post logout redirect without validation for End Session Endpoint.
+- `allow_revoke_for_other_clients` (Boolean) Boolean value ture allow revoke for other clients.
 - `allow_spontaneous_scopes` (Boolean) Specifies whether to allow spontaneous scopes.
+- `archived_jwk_lifetime_in_seconds` (Number) The archived jwk lifetime in seconds.
+- `archived_jwks_uri` (String) Archved URLs of the OP's JSON Web Key Set (JWK) document.
 - `authentication_filters` (Block List) List of authentication filters. (see [below for nested schema](#nestedblock--authentication_filters))
 - `authentication_filters_enabled` (Boolean) Boolean value specifying whether to enable user authentication filters.
 - `authentication_protection_configuration` (Block List, Max: 1) Authentication Brute Force Protection Configuration. (see [below for nested schema](#nestedblock--authentication_protection_configuration))
@@ -126,7 +129,7 @@ resource "jans_app_configuration" "global" {
 - `dpop_use_nonce` (Boolean) Demonstration of Proof-of-Possession (DPoP) nonce usage.
 - `dynamic_grant_type_default` (List of String) List of the OAuth 2.0 Grant Type values that it's possible to set via client 
 							registration API. One of 'none', 'authorization_code', 'implicit', 'password', 'client_credentials', 'refresh_token', 
-							'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code'.
+							'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code', 'tx_token'.
 - `dynamic_registration_allowed_password_grant_scopes` (List of String) List of grant scopes for dynamic registration.
 - `dynamic_registration_custom_attributes` (List of String) Custom attributes for the Dynamic registration. One of 'jansTrustedClnt'.
 - `dynamic_registration_custom_object_class` (String) LDAP custom object class for dynamic registration.
@@ -179,17 +182,16 @@ resource "jans_app_configuration" "global" {
 - `include_sid_in_response` (Boolean) Boolean value specifying whether to include sessionId in response.
 - `introspection_access_token_must_have_introspection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have introspection scope.
 - `introspection_access_token_must_have_uma_protection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have uma_protection scope.
+- `introspection_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint
+- `introspection_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint
 - `introspection_endpoint` (String) URL for the Introspection Endpoint. Example: https://server.example.com/restv1/introspection
 - `introspection_response_scopes_backward_compatibility` (Boolean)
+- `introspection_restrict_basic_authn_to_own_tokens` (Boolean) Specifies if basic authentication to be restricted to own tokens.
 - `introspection_script_backward_compatibility` (Boolean) Boolean value specifying whether switch off client's introspection scripts (true value) and run all scripts that exists on server.
+- `introspection_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) JWA supported by the introspection endpoint
 - `introspection_skip_authorization` (Boolean) Specifies if authorization to be skipped for introspection.
 - `invalidate_session_cookies_after_authorization_flow` (Boolean) Boolean value to specify whether to invalidate 'session_id' and 'consent_session_id' cookies right after successful or unsuccessful authorization.
 - `issuer` (String) URL using the https scheme that OP asserts as Issuer identifier. Example: https://server.example.com/
-- `jans_eleven_delete_key_endpoint` (String) URL for the jansEleven Delete Key Endpoint. Example: https://server.example.com/janseleven/rest/oxeleven/deleteKey
-- `jans_eleven_generate_key_endpoint` (String) URL for the jansEleven Generate Key Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/generateKey
-- `jans_eleven_sign_endpoint` (String) URL for the jansEleven Sign Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/sign
-- `jans_eleven_test_mode_token` (String) jansEleven Test Mode Token.
-- `jans_eleven_verify_signature_endpoint` (String) URL for the jansEleven Verify Signature Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/verifySignature
 - `jans_id` (String) URL for the Inum generator Service. Example: https://server.example.com/oxid/service/jans/inum
 - `jans_open_id_connect_version` (String) OpenID Connect Version. Example: openidconnect-1.0
 - `jms_broker_uri_set` (List of String) JMS Broker URI Set.
@@ -208,6 +210,7 @@ resource "jans_app_configuration" "global" {
 - `key_store_file` (String) The Key Store File (JKS). Example: /etc/certs/jans-auth-keys.jks
 - `key_store_secret` (String) The password of the Key Store.
 - `legacy_id_token_claims` (Boolean) Include Claims in ID Token.
+- `lock_message_config` (Block List, Max: 1) Lock message configuration. (see [below for nested schema](#nestedblock--lock_message_config))
 - `log_client_id_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client ID on client authentication.
 - `log_client_name_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client Name on client authentication.
 - `log_not_found_entity_as_error` (Boolean) Boolean value specifying whether to log not found entity as error.
@@ -277,10 +280,13 @@ resource "jans_app_configuration" "global" {
 - `return_device_secret_from_authz_endpoint` (Boolean) Boolean value to specify if the device secret should be returned by the authz endpoint.
 - `rotate_client_registration_access_token_on_usage` (Boolean) Boolean value specifying whether to rotate client registration access token on usage.
 - `rotate_device_secret` (Boolean) Enable/Disable device secret rotation.
+- `save_tokens_in_cache` (Boolean) Boolean value specifying whether to save token in cache.
+- `save_tokens_in_cache_and_dont_save_in_persistence` (Boolean) Boolean value specifying whether to save token in cache and don't save in persistence.
 - `sector_identifier_cache_lifetime_in_minutes` (Number) The cache lifetime in minutes of the sector identifier.
 - `server_session_id_lifetime` (Number) The sessionId lifetime in seconds for sessionId. By default same as sessionIdLifetime.
 - `service_documentation` (String) URL of a page containing human-readable information that developers might want or need to know 
 							when using the OpenID Provider. Example: http://gluu.org/docs
+- `session_id_cookie_lifetime` (Number) The lifetime of session id cookie in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.
 - `session_id_lifetime` (Number) The lifetime of session id in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.
 - `session_id_persist_in_cache` (Boolean) Boolean value specifying whether to persist session_id in cache.
 - `session_id_persist_on_prompt_none` (Boolean) Boolean value specifying whether to persist session ID on prompt none.
@@ -309,6 +315,10 @@ resource "jans_app_configuration" "global" {
 - `token_revocation_endpoint` (String) The URL for the access_token or refresh_token revocation endpoint. Example: https://server.example.com/restv1/revoke
 - `trusted_client_enabled` (Boolean) Boolean value specifying whether a client is trusted and no authorization is required.
 - `trusted_ssa_issuers` (Block List) List of trusted SSA issuers. (see [below for nested schema](#nestedblock--trusted_ssa_issuers))
+- `tx_token_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) supported by the Token Exchange endpoint.
+- `tx_token_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (enc values) supported by the Token Exchange endpoint.
+- `tx_token_lifetime` (Number) The lifetime of the Token Exchange Token.
+- `tx_token_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) supported by the Token Exchange endpoint.
 - `ui_locales_supported` (List of String) Languages and scripts supported for the user interface. One of "en", "bg", "de", "es", "fr", "it", "ru", "tr".
 - `uma_add_scopes_automatically` (Boolean) Add scopes automatically.
 - `uma_configuration_endpoint` (String) URL for the UMA Configuration Endpoint. Example: https://server.example.com/restv1/uma2-configuration
@@ -354,7 +364,7 @@ Optional:
 - `page_mismatch_error_page` (String)
 - `root_dir` (String)
 - `scripts_path` (String)
-- `serializer_type` (String)
+- `serialize_rules` (Map of List of String)
 - `templates_path` (String)
 
 
@@ -464,6 +474,15 @@ Read-Only:
 - `id` (String) The ID of this resource.
 
 
+<a id="nestedblock--lock_message_config"></a>
+### Nested Schema for `lock_message_config`
+
+Optional:
+
+- `enable_id_token_messages` (Boolean) Boolean value specifying whether to enable ID Token messages.
+- `id_token_messages_channel` (String) ID Token messages channel.
+
+
 <a id="nestedblock--ssa_configuration"></a>
 ### Nested Schema for `ssa_configuration`
 

docs/resources/custom_user.md

@@ -78,5 +78,3 @@ Optional:
 
 - `display_value` (String) Display value for the attribute.
 - `value` (String) Value for the attribute.
-
-

docs/resources/default_authentication_method.md

@@ -28,5 +28,3 @@ resource "jans_default_authentication_method" "global" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/fido2_configuration.md

@@ -103,5 +103,3 @@ Optional:
 
 - `domains` (List of String) Requested Party domains.
 - `name` (String) Name of the requested party.
-
-

docs/resources/fido2_device.md

@@ -41,5 +41,3 @@ Read-Only:
 - `last_modified` (String)
 - `location` (String)
 - `resource_type` (String)
-
-

docs/resources/fido_device.md

@@ -48,5 +48,3 @@ Read-Only:
 - `last_modified` (String)
 - `location` (String)
 - `resource_type` (String)
-
-

docs/resources/group.md

@@ -79,5 +79,3 @@ Read-Only:
 - `last_modified` (String)
 - `location` (String)
 - `resource_type` (String)
-
-

docs/resources/json_web_key.md

@@ -60,5 +60,3 @@ resource "jans_json_web_key" "test" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/ldap_database_configuration.md

@@ -57,5 +57,3 @@ resource "jans_ldap_database_configuration" "test" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/logging_configuration.md

@@ -39,5 +39,3 @@ resource "jans_logging_configuration" "global" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/oidc_client.md

@@ -31,7 +31,6 @@ description: |-
 						localhost as the hostname. Native Clients must only register redirect_uris using custom URI schemes or URLs using the
 						http scheme with localhost as the hostname.
 - `attributes` (Block List, Max: 1) (see [below for nested schema](#nestedblock--attributes))
-- `authentication_method` (String)
 - `authorized_origins` (List of String) Specifies authorized JavaScript origins.
 - `backchannel_authentication_request_signing_alg` (String) The JWS algorithm alg value that the Client will use for signing authentication request, as described 
 							in Section 7.1.1. of OAuth 2.0 [RFC6749]. When omitted, the Client will not send signed authentication requests.
@@ -135,14 +134,18 @@ Optional:
 - `additional_token_endpoint_auth_methods` (List of String) List of additional token endpoint authentication methods.
 - `allow_offline_access_without_consent` (Boolean) Specifies whether to allow offline access without consent.
 - `allow_spontaneous_scopes` (Boolean) boolean, whether to allow spontaneous scopes for client.
+- `authorization_details_types` (List of String) List of authorization details types.
 - `backchannel_logout_session_required` (Boolean) Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in 
 									the Logout Token to identify the RP session with the OP when true. Default value is false.
 - `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
 - `consent_gathering_scripts` (List of String) List of consent gathering scripts.
 - `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
 - `evidence` (String) Specifies the evidence that the client presents to the authorization server.
 - `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
+- `introspection_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the introspection response.
+- `introspection_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the introspection response.
 - `introspection_scripts` (List of String) List of introspection scripts.
+- `introspection_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the introspection response.
 - `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.
 - `jans_auth_enc_resp_enc` (String) JWE enc algorithm JWA required for encrypting auhtorization responses.
 - `jans_auth_signed_resp_alg` (String) JWS alg algorithm JWA required for signing authorization responses.
@@ -167,6 +170,10 @@ Optional:
 - `spontaneous_scopes` (List of String) List of spontaneous scope regular expression.
 - `tls_client_auth_subject_dn` (String) String representation of the expected subject distinguished name of the certificate, which 
 									the OAuth client will use in mutual TLS authentication.
+- `tx_token_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the TX Token response.
+- `tx_token_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the TX Token response.
+- `tx_token_lifetime` (Number) Specifies the Client-specific TX Token expiration.
+- `tx_token_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the TX Token response.
 - `update_token_script_dns` (List of String) List of update token scripts.
 
 
@@ -183,5 +190,3 @@ Optional:
 
 - `display_value` (String) Display value for the attribute.
 - `value` (String) Value for the attribute.
-
-

docs/resources/organization.md

@@ -50,5 +50,3 @@ resource "jans_organization" "global" {
 - `base_dn` (String)
 - `dn` (String)
 - `id` (String) The ID of this resource.
-
-

docs/resources/scim_app_configuration.md

@@ -60,5 +60,3 @@ resource "jans_scim_app_configuration" "global" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-