Add Support for HRI Features

[developerkunal]

🔧 Changes

• Support for HRI Features Added:
  • Client Struct Enhancements:
    • SignedRequestObject:
      • Required: Indicates if JWT-secured Authorization Requests (JAR) are mandatory.
      • Credentials: Specifies credentials for signing JAR requests.
    • ComplianceLevel: Sets the compliance level for the client, affecting its capabilities. To remove, use a PATCH request.
    • RequireProofOfPossession: Makes Proof-of-Possession mandatory (default: false).
  • Credential Struct Additions:
    • SubjectDN: Subject Distinguished Name, mutually exclusive with pem property.
    • ThumbprintSHA256: SHA256 thumbprint of the x509_cert certificate.
  • ClientAuthenticationMethods Struct:
    • TLSClientAuth:
      • Credentials: List of unique credential IDs for CA-based mTLS.
    • SelfSignedTLSClientAuth:
      • Credentials: List of unique credential IDs for self-signed mTLS.
  • Resource Struct Enhancements:
    • ConsentPolicy: Specifies the consent policy for the resource server. Options include:
      • "transactional-authorization-with-mfa"
      • null (to unset)
    • AuthorizationDetails:
      • Type: Identifier for the authorization detail type.
    • TokenEncryption: Specifies token encryption settings. Options include:
      • "compact-nested-jwe"
      • null (to unset)
      • EncryptionKey:
        • Name: Name of the encryption key.
        • Alg: Encryption algorithm.
        • Kid: Key ID.
        • Pem: PEM-formatted public key (JSON escaped).
    • ProofOfPossession:
      • Mechanism: Intended Proof-of-Possession mechanism, such as "mtls".
      • Required: Whether Proof-of-Possession is mandatory.
  • Tenant Struct Enhancements:
    • AcrValuesSupported: List of supported ACR values.
    • MTLS:
      • EnableEndpointAliases: If true, enables mTLS endpoint aliases.
    • PushedAuthorizationRequestsSupported: Enables Pushed Authorization Requests.
  • TenantFlags Enhancements:
    • RemoveAlgFromJWKS: Removes the alg property from the JWKS .well-known endpoint.

📚 References

• Auth0 Docs:
  • Client Settings API
  • Tenant Settings API
  • Resource Server Settings API

🔬 Testing

• Client Settings: Verified HRI features are applied and functional in client settings.
• Tenant Settings: Confirmed HRI settings are properly configured and operational in tenant settings.
• Resource Servers: Ensured HRI features are integrated and functioning with resource server settings.

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• Documentation for all new/changed functionality is included (or N/A)

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.60%. Comparing base (a1a9f65) to head (a284bd8).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #429      +/-   ##
==========================================
+ Coverage   95.51%   95.60%   +0.08%     
==========================================
  Files          47       47              
  Lines        7848     8006     +158     
==========================================
+ Hits         7496     7654     +158     
  Misses        235      235              
  Partials      117      117              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[gyaneshgouraw-okta]

Lets add a bit more detail to PR description. We should add

• Add detail/link which has some description about HRI
• We can document management api corresponding docs link
• Any other relevant doc which can assist users

[acwest]

more testing of new values, particularly AcrValuesSupported