Skip to content

feat(config-api): feature wise admin scope for endpoints#11633 #12736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pujavs wants to merge 67 commits into
base: main
Choose a base branch
from
Open

feat(config-api): feature wise admin scope for endpoints#11633 #12736

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
e395466
feat(config-api): user mgt serach enhancehment
pujavs Oct 9, 2025
85e53bb
feat(config-api): user mgt search filter enhancement
pujavs Oct 13, 2025
f3b779f
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 13, 2025
ed8dade
feat(config-api: user mgt enhancement
pujavs Oct 13, 2025
3d18e38
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 14, 2025
8220001
feat(config-api): agma endpoint metadata changes
pujavs Oct 14, 2025
1d3de61
Merge branch 'main' into jans-config-fix
yuriyz Oct 14, 2025
e81a37b
feat(config-api): agama deployment metadata type fix for deployment #…
pujavs Oct 15, 2025
ac00d58
Merge branch 'jans-config-fix' of https://github.com/JanssenProject/j…
pujavs Oct 15, 2025
093c1ad
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 15, 2025
c974095
feat(config-api): agama deployment metadata type fix for deployment #…
pujavs Oct 15, 2025
435f3f7
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 17, 2025
d5c59c6
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 17, 2025
e74516a
docs(config-api): swagger spec update
pujavs Oct 20, 2025
e5646c0
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 20, 2025
3eeac46
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 21, 2025
338fc64
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 22, 2025
ab8c33e
feat(config-api): Super scope access to access endpoint#11633
pujavs Oct 22, 2025
89a0b52
feat(config-api): feature wise admin scope for endpoints#11633
pujavs Oct 23, 2025
efcbd50
feat(config-api): sync with main
pujavs Oct 24, 2025
4cec68a
feat(config-api): feature wise admin scope for endpoints#11633
pujavs Oct 24, 2025
04dc188
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 24, 2025
66c4c31
feat(config-api): feat(config-api): feature wise admin scope for endp…
pujavs Oct 24, 2025
5affabe
feat(config-api): feat(config-api): feature wise admin scope for endp…
pujavs Oct 24, 2025
18ddc12
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 27, 2025
826bb03
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 29, 2025
ae5bd05
feat(config-api): super admin scope for each functionality
pujavs Oct 30, 2025
46ea700
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Oct 30, 2025
19a62fb
feat(config-api): syn with main
pujavs Oct 31, 2025
d316731
feat(config-api): feature admin scope - wip
pujavs Oct 31, 2025
4672662
feat(config-api): sync with main
pujavs Nov 3, 2025
cfc358f
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 4, 2025
ebcf6f9
feat(config-api): admin scope wip
pujavs Nov 4, 2025
4681d1b
feat(config-api): admin scope wip
pujavs Nov 4, 2025
710a108
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 5, 2025
b06512a
feat(config-api): admin scopes for function - wip
pujavs Nov 5, 2025
cbce088
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 6, 2025
24f4e25
feat(config-api): super admin scope - wip
pujavs Nov 6, 2025
fa46ba4
feat(config-api) scope wip
pujavs Nov 6, 2025
d07cf6c
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 7, 2025
d927d61
feat(config-api): sync with main
pujavs Nov 10, 2025
286e58e
feat(config-api): super admin scope - wip
pujavs Nov 11, 2025
6e00136
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 12, 2025
d79bf45
feat(config-api): super admin wip
pujavs Nov 12, 2025
325d3df
feat(config-api): super admin scope - wip
pujavs Nov 13, 2025
b198cda
feat(config-api): user serach by mobile enhancement
pujavs Nov 13, 2025
82b8c8a
Merge branch 'main' into jans-config-fix
yuriyz Nov 14, 2025
122db23
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 19, 2025
922bd9a
feat(config-api): super admin scope
pujavs Nov 19, 2025
d2c97c8
Merge branch 'jans-config-fix' of https://github.com/JanssenProject/j…
pujavs Nov 19, 2025
aec2583
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 20, 2025
38319f3
feat(config-api): feature super admin wip
pujavs Nov 20, 2025
b7b1e98
feat(config-api): feature wise admin scope for endpoints#11633
pujavs Nov 21, 2025
5224efa
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 24, 2025
b203b30
feat(config-api): config-api admin scope
pujavs Nov 26, 2025
d947f9e
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 26, 2025
a4257d8
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 27, 2025
d4f4eb7
feta(config-api): super feature scope
pujavs Nov 28, 2025
366df95
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Nov 28, 2025
c23a27c
t status
pujavs Dec 1, 2025
f704eac
feat(config-api): admin scope changes as per coderrabit
pujavs Dec 1, 2025
950608e
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Dec 1, 2025
b4da651
feat(config-api): feature wise admin scope
pujavs Dec 2, 2025
c1b7599
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Dec 2, 2025
5534fcd
feat(config-api): feature admin scope
pujavs Dec 3, 2025
5c447c2
feat(config-api): feature admin scope
pujavs Dec 3, 2025
8411c17
feat(config-api): feature admin scope
pujavs Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 27 additions & 7 deletions jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,27 @@

public class ApiAccessConstants {


private ApiAccessConstants() {
}

public static final String JANS_AUTH_CONFIG_READ_ACCESS = "https://jans.io/oauth/jans-auth-server/config/properties.readonly";
public static final String JANS_AUTH_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/jans-auth-server/config/properties.write";

public static final String JANS_AUTH_CONFIG_ADMIN_ACCESS = "https://jans.io/oauth/jans-auth-server/config/properties.admin";

public static final String ATTRIBUTES_READ_ACCESS = "https://jans.io/oauth/config/attributes.readonly";
public static final String ATTRIBUTES_WRITE_ACCESS = "https://jans.io/oauth/config/attributes.write";
public static final String ATTRIBUTES_DELETE_ACCESS = "https://jans.io/oauth/config/attributes.delete";
public static final String ATTRIBUTES_ADMIN_ACCESS = "https://jans.io/oauth/config/attributes.admin";

public static final String ACRS_READ_ACCESS = "https://jans.io/oauth/config/acrs.readonly";
public static final String ACRS_WRITE_ACCESS = "https://jans.io/oauth/config/acrs.write";
public static final String ACRS_ADMIN_ACCESS = "https://jans.io/oauth/config/acrs.admin";

public static final String DATABASE_READ_ACCESS = "https://jans.io/oauth/config/database.readonly";
public static final String DATABASE_WRITE_ACCESS = "https://jans.io/oauth/config/database.write";
public static final String DATABASE_DELETE_ACCESS = "https://jans.io/oauth/config/database.delete";
public static final String DATABASE_ADMIN_ACCESS = "https://jans.io/oauth/config/database.admin";

public static final String DATABASE_LDAP_READ_ACCESS = "https://jans.io/oauth/config/database/ldap.readonly";
public static final String DATABASE_LDAP_WRITE_ACCESS = "https://jans.io/oauth/config/database/ldap.write";
Expand All @@ -26,53 +31,62 @@ private ApiAccessConstants() {
public static final String SCRIPTS_READ_ACCESS = "https://jans.io/oauth/config/scripts.readonly";
public static final String SCRIPTS_WRITE_ACCESS = "https://jans.io/oauth/config/scripts.write";
public static final String SCRIPTS_DELETE_ACCESS = "https://jans.io/oauth/config/scripts.delete";
public static final String SCRIPTS_ADMIN_ACCESS = "https://jans.io/oauth/config/scripts.admin";

public static final String CACHE_READ_ACCESS = "https://jans.io/oauth/config/cache.readonly";
public static final String CACHE_WRITE_ACCESS = "https://jans.io/oauth/config/cache.write";
public static final String CACHE_ADMIN_ACCESS = "https://jans.io/oauth/config/cache.admin";

public static final String MESSAGE_READ_ACCESS = "https://jans.io/oauth/config/message.readonly";
public static final String MESSAGE_WRITE_ACCESS = "https://jans.io/oauth/config/message.write";
public static final String MESSAGE_ADMIN_ACCESS = "https://jans.io/oauth/config/message.admin";

public static final String SMTP_READ_ACCESS = "https://jans.io/oauth/config/smtp.readonly";
public static final String SMTP_WRITE_ACCESS = "https://jans.io/oauth/config/smtp.write";
public static final String SMTP_DELETE_ACCESS = "https://jans.io/oauth/config/smtp.delete";
public static final String SMTP_ADMIN_ACCESS = "https://jans.io/oauth/config/smtp.admin";

public static final String LOGGING_READ_ACCESS = "https://jans.io/oauth/config/logging.readonly";
public static final String LOGGING_WRITE_ACCESS = "https://jans.io/oauth/config/logging.write";
public static final String LOGGING_ADMIN_ACCESS = "https://jans.io/oauth/config/logging.admin";

public static final String JWKS_READ_ACCESS = "https://jans.io/oauth/config/jwks.readonly";
public static final String JWKS_WRITE_ACCESS = "https://jans.io/oauth/config/jwks.write";
public static final String JWKS_DELETE_ACCESS = "https://jans.io/oauth/config/jwks.delete";
public static final String JWKS_ADMIN_ACCESS = "https://jans.io/oauth/config/jwks.admin";

public static final String OPENID_CLIENTS_READ_ACCESS = "https://jans.io/oauth/config/openid/clients.readonly";
public static final String OPENID_CLIENTS_WRITE_ACCESS = "https://jans.io/oauth/config/openid/clients.write";
public static final String OPENID_CLIENTS_DELETE_ACCESS = "https://jans.io/oauth/config/openid/clients.delete";
public static final String OPENID_CLIENTS_ADMIN_ACCESS = "https://jans.io/oauth/config/openid/clients.admin";

public static final String TOKEN_READ_ACCESS = "https://jans.io/oauth/config/token.readonly";
public static final String TOKEN_WRITE_ACCESS = "https://jans.io/oauth/config/token.write";
public static final String TOKEN_DELETE_ACCESS = "https://jans.io/oauth/config/token.delete";
public static final String TOKEN_ADMIN_ACCESS = "https://jans.io/oauth/config/token.admin";

public static final String UMA_RESOURCES_READ_ACCESS = "https://jans.io/oauth/config/uma/resources.readonly";
public static final String UMA_RESOURCES_WRITE_ACCESS = "https://jans.io/oauth/config/uma/resources.write";
public static final String UMA_RESOURCES_DELETE_ACCESS = "https://jans.io/oauth/config/uma/resources.delete";

public static final String SCOPES_READ_ACCESS = "https://jans.io/oauth/config/scopes.readonly";
public static final String SCOPES_WRITE_ACCESS = "https://jans.io/oauth/config/scopes.write";
public static final String SCOPES_DELETE_ACCESS = "https://jans.io/oauth/config/scopes.delete";
public static final String SCOPES_ADMIN_ACCESS = "https://jans.io/oauth/config/scopes.admin";

public static final String STATS_USER_READ_ACCESS = "https://jans.io/oauth/config/stats.readonly";
public static final String STATS_USER_ADMIN_ACCESS = "https://jans.io/oauth/config/stats.admin";
public static final String JANS_STAT = "jans_stat";

public static final String ORG_CONFIG_READ_ACCESS = "https://jans.io/oauth/config/organization.readonly";
public static final String ORG_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/config/organization.write";
public static final String ORG_CONFIG_ADMIN_ACCESS = "https://jans.io/oauth/config/organization.admin";

public static final String USER_READ_ACCESS = "https://jans.io/oauth/config/user.readonly";
public static final String USER_WRITE_ACCESS = "https://jans.io/oauth/config/user.write";
public static final String USER_DELETE_ACCESS = "https://jans.io/oauth/config/user.delete";
public static final String USER_ADMIN_ACCESS = "https://jans.io/oauth/config/user.admin";

public static final String AGAMA_READ_ACCESS = "https://jans.io/oauth/config/agama.readonly";
public static final String AGAMA_WRITE_ACCESS = "https://jans.io/oauth/config/agama.write";
public static final String AGAMA_DELETE_ACCESS = "https://jans.io/oauth/config/agama.delete";
public static final String AGAMA_ADMIN_ACCESS = "https://jans.io/oauth/config/agama.admin";

public static final String AGAMA_REPO_READ_ACCESS = "https://jans.io/oauth/config/agama-repo.readonly";
public static final String AGAMA_REPO_WRITE_ACCESS = "https://jans.io/oauth/config/agama-repo.write";
Expand All @@ -81,35 +95,41 @@ private ApiAccessConstants() {
public static final String JANS_AUTH_SESSION_READ_ACCESS = "https://jans.io/oauth/jans-auth-server/session.readonly";
public static final String JANS_AUTH_SESSION_DELETE_ACCESS = "https://jans.io/oauth/jans-auth-server/session.delete";
public static final String JANS_AUTH_REVOKE_SESSION = "revoke_session";
public static final String JANS_AUTH_SESSION_ADMIN_ACCESS = "https://jans.io/oauth/jans-auth-server/session.admin";

// Super Scopes
public static final String SUPER_ADMIN_READ_ACCESS = "https://jans.io/oauth/config/read-all";
public static final String SUPER_ADMIN_WRITE_ACCESS = "https://jans.io/oauth/config/write-all";
public static final String SUPER_ADMIN_DELETE_ACCESS = "https://jans.io/oauth/config/delete-all";

// Feature Scope
public static final String OPENID_READ_ACCESS = "https://jans.io/oauth/config/openid-read";
public static final String OPENID_READ_ACCESS = "https://jans.io/oauth/config/openid/openid-read";
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Check usage of OPENID_READ_ACCESS across the codebase
rg -n --type java 'OPENID_READ_ACCESS' -C 2

Repository: JanssenProject/jans

Length of output: 3798

🏁 Script executed:

# Check the ApiAccessConstants file to see all OPENID_* constants and naming patterns
rg -n --type java 'public static final String OPENID' -A 0 -B 0

Repository: JanssenProject/jans

Length of output: 1845

🏁 Script executed:

# Check for other scope constants to understand naming conventions
rg -n --type java 'public static final String.*= "https' | head -30

Repository: JanssenProject/jans

Length of output: 6097

OPENID_READ_ACCESS uses inconsistent scope naming pattern within the same constants file.

The OPENID_READ_ACCESS constant (line 106) uses dash notation (openid-read), while resource-specific scopes in the same file like OPENID_CLIENTS_READ_ACCESS (line 58) use dot notation (clients.readonly). Although the comment "Feature Scope" suggests this distinction is intentional, the inconsistency within ApiAccessConstants.java is problematic. Either document this design decision clearly with inline comments explaining why feature-level scopes use dashes while resource scopes use dots, or standardize on a single naming convention across all OPENID scopes.

🤖 Prompt for AI Agents 
In
jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java
around line 106, the OPENID_READ_ACCESS value uses dash notation ("openid-read")
while other OPENID resource scopes use dot notation ("clients.readonly");
standardize this by changing the OPENID_READ_ACCESS scope string to use dot
notation (e.g., "openid.read" or follow the existing resource pattern), update
any code references/tests that rely on the old string, and ensure the file
contains a short inline comment asserting the chosen naming convention for all
OPENID scopes so future contributors understand the decision.

public static final String OPENID_WRITE_ACCESS = "https://jans.io/oauth/config/openid/openid-write";
public static final String OPENID_DELETE_ACCESS = "https://jans.io/oauth/config/openid/openid-delete";

public static final String UMA_READ_ACCESS = "https://jans.io/oauth/config/uma-read";
public static final String UMA_WRITE_ACCESS = "https://jans.io/oauth/config/uma-write";
public static final String UMA_DELETE_ACCESS = "https://jans.io/oauth/config/uma-delete";
public static final String UMA_ADMIN_ACCESS = "https://jans.io/oauth/config/uma-admin";

public static final String PLUGIN_READ_ACCESS = "https://jans.io/oauth/config/plugin.readonly";
public static final String PLUGIN_ADMIN_ACCESS = "https://jans.io/oauth/config/plugin.admin";

public static final String CONFIG_READ_ACCESS = "https://jans.io/oauth/config/properties.readonly";
public static final String CONFIG_WRITE_ACCESS = "https://jans.io/oauth/config/properties.write";
public static final String CONFIG_ADMIN_ACCESS = "https://jans.io/oauth/config/properties.admin";

public static final String CLIENT_AUTHORIZATIONS_READ_ACCESS = "https://jans.io/oauth/client/authorizations.readonly";
public static final String CLIENT_AUTHORIZATIONS_DELETE_ACCESS = "https://jans.io/oauth/client/authorizations.delete";
public static final String CLIENT_AUTHORIZATIONS_ADMIN_ACCESS = "https://jans.io/oauth/client/authorizations.admin";

public static final String APP_VERSION_READ_ACCESS = "https://jans.io/oauth/config/app-version.readonly";
public static final String APP_DATA_READ_ACCESS = "https://jans.io/oauth/config/data.readonly";

public static final String JANS_ASSET_READ_ACCESS = "https://jans.io/oauth/config/jans_asset-read";
public static final String JANS_ASSET_WRITE_ACCESS = "https://jans.io/oauth/config/jans_asset-write";
public static final String JANS_ASSET_DELETE_ACCESS = "https://jans.io/oauth/config/jans_asset-delete";
public static final String JANS_ASSET_ADMIN_ACCESS = "https://jans.io/oauth/config/jans_asset-admin";

public static final String JANS_AUDIT_READ_ACCESS = "https://jans.io/oauth/config/audit-read";

Expand All @@ -118,5 +138,5 @@ private ApiAccessConstants() {
public static final String SSA_DELETE_ACCESS = "https://jans.io/oauth/config/ssa.delete";

public static final String AUTH_SSA_ADMIN = "https://jans.io/auth/ssa.admin";

public static final String HEALTH_ADMIN = "https://jans.io/oauth/config/health.admin";
}
Loading