From 98acf7f6ae3f2b9e3e0ed4beb0044117db87d3a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Thu, 29 Jan 2026 20:53:47 +0100 Subject: [PATCH 1/4] fix: errata 8471 - group membership ref type is only group --- doc/changelog.rst | 1 + samples/rfc7643-8.7.1-schema-user.json | 1 - scim2_models/resources/user.py | 5 ++--- tests/test_dynamic_resources.py | 4 +--- 4 files changed, 4 insertions(+), 7 deletions(-) diff --git a/doc/changelog.rst b/doc/changelog.rst index 8f35ac7..86c35a1 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -8,6 +8,7 @@ Fixed ^^^^^ - Fix ``model_json_schema()`` generation for models containing :class:`~scim2_models.Reference` or :class:`~scim2_models.Path` fields. :issue:`125` - Group ``displayName`` is required. :rfc:`7643` `erratum 5368 `_ :issue:`123` :pr:`128` +- :class:`~scim2_models.GroupMembership` ``$ref`` only references ``Group``. :rfc:`7643` `erratum 8471 `_ [0.6.2] - 2026-01-25 -------------------- diff --git a/samples/rfc7643-8.7.1-schema-user.json b/samples/rfc7643-8.7.1-schema-user.json index ad5806f..dadd068 100644 --- a/samples/rfc7643-8.7.1-schema-user.json +++ b/samples/rfc7643-8.7.1-schema-user.json @@ -572,7 +572,6 @@ "name": "$ref", "type": "reference", "referenceTypes": [ - "User", "Group" ], "multiValued": false, diff --git a/scim2_models/resources/user.py b/scim2_models/resources/user.py index 1228662..b57207c 100644 --- a/scim2_models/resources/user.py +++ b/scim2_models/resources/user.py @@ -2,7 +2,6 @@ from typing import TYPE_CHECKING from typing import Annotated from typing import ClassVar -from typing import Union from pydantic import Base64Bytes from pydantic import EmailStr @@ -202,8 +201,8 @@ class GroupMembership(ComplexAttribute): value: Annotated[str | None, Mutability.read_only] = None """The identifier of the User's group.""" - ref: Annotated[ # type: ignore[type-arg] - Reference[Union["User", "Group"]] | None, + ref: Annotated[ + Reference["Group"] | None, Mutability.read_only, ] = Field(None, serialization_alias="$ref") """The reference URI of a target resource, if the attribute is a diff --git a/tests/test_dynamic_resources.py b/tests/test_dynamic_resources.py index 4fb649d..a682051 100644 --- a/tests/test_dynamic_resources.py +++ b/tests/test_dynamic_resources.py @@ -857,9 +857,7 @@ def test_make_user_model_from_schema(load_sample): assert Groups.get_field_annotation("value", Uniqueness) == Uniqueness.none # group.ref - assert ( - Groups.get_field_root_type("ref") == Reference[Union["User", "Group"]] # noqa: F821 - ) + assert Groups.get_field_root_type("ref") == Reference["Group"] # noqa: F821 assert not Groups.get_field_multiplicity("ref") assert ( Groups.model_fields["ref"].description From 6eed3dae2eac0eab429f9ed3bce5cf0b6ab0c9c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Thu, 29 Jan 2026 21:06:52 +0100 Subject: [PATCH 2/4] fix: errata 8462 - Manager value is case exact --- doc/changelog.rst | 1 + samples/rfc7643-8.7.1-schema-enterprise_user.json | 2 +- scim2_models/resources/enterprise_user.py | 3 ++- tests/test_dynamic_resources.py | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/changelog.rst b/doc/changelog.rst index 86c35a1..616f372 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -9,6 +9,7 @@ Fixed - Fix ``model_json_schema()`` generation for models containing :class:`~scim2_models.Reference` or :class:`~scim2_models.Path` fields. :issue:`125` - Group ``displayName`` is required. :rfc:`7643` `erratum 5368 `_ :issue:`123` :pr:`128` - :class:`~scim2_models.GroupMembership` ``$ref`` only references ``Group``. :rfc:`7643` `erratum 8471 `_ +- :class:`~scim2_models.Manager` ``value`` is case-exact. :rfc:`7643` `erratum 8472 `_ [0.6.2] - 2026-01-25 -------------------- diff --git a/samples/rfc7643-8.7.1-schema-enterprise_user.json b/samples/rfc7643-8.7.1-schema-enterprise_user.json index df901b1..ad3d6f0 100644 --- a/samples/rfc7643-8.7.1-schema-enterprise_user.json +++ b/samples/rfc7643-8.7.1-schema-enterprise_user.json @@ -72,7 +72,7 @@ "multiValued": false, "description": "The id of the SCIM resource representing the User's manager. REQUIRED.", "required": true, - "caseExact": false, + "caseExact": true, "mutability": "readWrite", "returned": "default", "uniqueness": "none" diff --git a/scim2_models/resources/enterprise_user.py b/scim2_models/resources/enterprise_user.py index 59a95a8..9edfc6e 100644 --- a/scim2_models/resources/enterprise_user.py +++ b/scim2_models/resources/enterprise_user.py @@ -3,6 +3,7 @@ from pydantic import Field +from ..annotations import CaseExact from ..annotations import Mutability from ..annotations import Required from ..attributes import ComplexAttribute @@ -15,7 +16,7 @@ class Manager(ComplexAttribute): - value: Annotated[str | None, Required.true] = None + value: Annotated[str | None, Required.true, CaseExact.true] = None """The id of the SCIM resource representing the User's manager.""" ref: Annotated[ # type: ignore[type-arg] diff --git a/tests/test_dynamic_resources.py b/tests/test_dynamic_resources.py index a682051..279fb45 100644 --- a/tests/test_dynamic_resources.py +++ b/tests/test_dynamic_resources.py @@ -1386,7 +1386,7 @@ def test_make_enterprise_user_model_from_schema(load_sample): == "The id of the SCIM resource representing the User's manager. REQUIRED." ) assert Manager.get_field_annotation("value", Required) == Required.true - assert Manager.get_field_annotation("value", CaseExact) == CaseExact.false + assert Manager.get_field_annotation("value", CaseExact) == CaseExact.true assert Manager.get_field_annotation("value", Mutability) == Mutability.read_write assert Manager.get_field_annotation("value", Returned) == Returned.default assert Manager.get_field_annotation("value", Uniqueness) == Uniqueness.none From f2c0d41a65c9baf30e6c588d64557e8bc82bed03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Thu, 29 Jan 2026 21:11:29 +0100 Subject: [PATCH 3/4] fix: errata 8475 - ResourceType name and endpoint have server uniqueness --- doc/changelog.rst | 1 + samples/rfc7643-8.7.2-schema-resource_type.json | 6 +++--- scim2_models/resources/resource_type.py | 15 +++++++++++---- tests/test_dynamic_resources.py | 8 +++++--- 4 files changed, 20 insertions(+), 10 deletions(-) diff --git a/doc/changelog.rst b/doc/changelog.rst index 616f372..ae50b70 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -10,6 +10,7 @@ Fixed - Group ``displayName`` is required. :rfc:`7643` `erratum 5368 `_ :issue:`123` :pr:`128` - :class:`~scim2_models.GroupMembership` ``$ref`` only references ``Group``. :rfc:`7643` `erratum 8471 `_ - :class:`~scim2_models.Manager` ``value`` is case-exact. :rfc:`7643` `erratum 8472 `_ +- :class:`~scim2_models.ResourceType` ``name`` and ``endpoint`` have server uniqueness. :rfc:`7643` `erratum 8475 `_ [0.6.2] - 2026-01-25 -------------------- diff --git a/samples/rfc7643-8.7.2-schema-resource_type.json b/samples/rfc7643-8.7.2-schema-resource_type.json index 6950ae8..de718bf 100644 --- a/samples/rfc7643-8.7.2-schema-resource_type.json +++ b/samples/rfc7643-8.7.2-schema-resource_type.json @@ -21,10 +21,10 @@ "multiValued": false, "description": "The resource type name. When applicable, service providers MUST specify the name, e.g., 'User'.", "required": true, - "caseExact": false, + "caseExact": true, "mutability": "readOnly", "returned": "default", - "uniqueness": "none" + "uniqueness": "server" }, { "name": "description", @@ -49,7 +49,7 @@ "caseExact": false, "mutability": "readOnly", "returned": "default", - "uniqueness": "none" + "uniqueness": "server" }, { "name": "schema", diff --git a/scim2_models/resources/resource_type.py b/scim2_models/resources/resource_type.py index f8848c4..31a7902 100644 --- a/scim2_models/resources/resource_type.py +++ b/scim2_models/resources/resource_type.py @@ -8,6 +8,7 @@ from ..annotations import Mutability from ..annotations import Required from ..annotations import Returned +from ..annotations import Uniqueness from ..attributes import ComplexAttribute from ..path import URN from ..reference import URI @@ -38,7 +39,13 @@ class SchemaExtension(ComplexAttribute): class ResourceType(Resource[Any]): __schema__ = URN("urn:ietf:params:scim:schemas:core:2.0:ResourceType") - name: Annotated[str | None, Mutability.read_only, Required.true] = None + name: Annotated[ + str | None, + Mutability.read_only, + Required.true, + CaseExact.true, + Uniqueness.server, + ] = None """The resource type name. When applicable, service providers MUST specify the name, e.g., @@ -57,9 +64,9 @@ class ResourceType(Resource[Any]): This is often the same value as the "name" attribute. """ - endpoint: Annotated[Reference[URI] | None, Mutability.read_only, Required.true] = ( - None - ) + endpoint: Annotated[ + Reference[URI] | None, Mutability.read_only, Required.true, Uniqueness.server + ] = None """The resource type's HTTP-addressable endpoint relative to the Base URL, e.g., '/Users'.""" diff --git a/tests/test_dynamic_resources.py b/tests/test_dynamic_resources.py index 279fb45..f9ddce8 100644 --- a/tests/test_dynamic_resources.py +++ b/tests/test_dynamic_resources.py @@ -1450,10 +1450,10 @@ def test_make_resource_type_model_from_schema(load_sample): == "The resource type name. When applicable, service providers MUST specify the name, e.g., 'User'." ) assert ResourceType.get_field_annotation("name", Required) == Required.true - assert ResourceType.get_field_annotation("name", CaseExact) == CaseExact.false + assert ResourceType.get_field_annotation("name", CaseExact) == CaseExact.true assert ResourceType.get_field_annotation("name", Mutability) == Mutability.read_only assert ResourceType.get_field_annotation("name", Returned) == Returned.default - assert ResourceType.get_field_annotation("name", Uniqueness) == Uniqueness.none + assert ResourceType.get_field_annotation("name", Uniqueness) == Uniqueness.server # description assert ResourceType.get_field_root_type("description") is str @@ -1491,7 +1491,9 @@ def test_make_resource_type_model_from_schema(load_sample): == Mutability.read_only ) assert ResourceType.get_field_annotation("endpoint", Returned) == Returned.default - assert ResourceType.get_field_annotation("endpoint", Uniqueness) == Uniqueness.none + assert ( + ResourceType.get_field_annotation("endpoint", Uniqueness) == Uniqueness.server + ) # schema assert ResourceType.get_field_root_type("schema_") == Reference[URI] From 45424d96a2e0ee84f4ce50428f3b2d727786eac0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Thu, 29 Jan 2026 22:06:42 +0100 Subject: [PATCH 4/4] fix: errata 6004 - complex attributes don't have uniqueness in schema representation --- doc/changelog.rst | 1 + samples/rfc7643-8.7.1-schema-user.json | 1551 ++++++++++++------------ scim2_models/resources/resource.py | 34 +- 3 files changed, 794 insertions(+), 792 deletions(-) diff --git a/doc/changelog.rst b/doc/changelog.rst index ae50b70..be56460 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -11,6 +11,7 @@ Fixed - :class:`~scim2_models.GroupMembership` ``$ref`` only references ``Group``. :rfc:`7643` `erratum 8471 `_ - :class:`~scim2_models.Manager` ``value`` is case-exact. :rfc:`7643` `erratum 8472 `_ - :class:`~scim2_models.ResourceType` ``name`` and ``endpoint`` have server uniqueness. :rfc:`7643` `erratum 8475 `_ +- Complex attributes don't have ``uniqueness`` in schema representation. :rfc:`7643` `erratum 6004 `_ [0.6.2] - 2026-01-25 -------------------- diff --git a/samples/rfc7643-8.7.1-schema-user.json b/samples/rfc7643-8.7.1-schema-user.json index dadd068..e8b759d 100644 --- a/samples/rfc7643-8.7.1-schema-user.json +++ b/samples/rfc7643-8.7.1-schema-user.json @@ -1,780 +1,779 @@ { - "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Schema"], - "id": "urn:ietf:params:scim:schemas:core:2.0:User", - "name": "User", - "description": "User Account", - "attributes": [ - { - "name": "userName", - "type": "string", - "multiValued": false, - "description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.", - "required": true, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "server" - }, - { - "name": "name", - "type": "complex", - "multiValued": false, - "description": "The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.", - "required": false, - "subAttributes": [ - { - "name": "formatted", - "type": "string", - "multiValued": false, - "description": "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., 'Ms. Barbara J Jensen, III').", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "familyName", - "type": "string", - "multiValued": false, - "description": "The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III').", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "givenName", - "type": "string", - "multiValued": false, - "description": "The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III').", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "middleName", - "type": "string", - "multiValued": false, - "description": "The middle name(s) of the User (e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "honorificPrefix", - "type": "string", - "multiValued": false, - "description": "The honorific prefix(es) of the User, or title in most Western languages (e.g., 'Ms.' given the full name 'Ms. Barbara J Jensen, III').", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "honorificSuffix", - "type": "string", - "multiValued": false, - "description": "The honorific suffix(es) of the User, or suffix in most Western languages (e.g., 'III' given the full name 'Ms. Barbara J Jensen, III').", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - } - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "displayName", - "type": "string", - "multiValued": false, - "description": "The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "nickName", - "type": "string", - "multiValued": false, - "description": "The casual way to address the user in real life, e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or 'mpepperidge').", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "profileUrl", - "type": "reference", - "referenceTypes": [ - "external" - ], - "multiValued": false, - "description": "A fully qualified URL pointing to a page representing the User's online profile.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "title", - "type": "string", - "multiValued": false, - "description": "The user's title, such as \"Vice President.\"", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "userType", - "type": "string", - "multiValued": false, - "description": "Used to identify the relationship between the organization and the user. Typical values used might be 'Contractor', 'Employee', 'Intern', 'Temp', 'External', and 'Unknown', but any value may be used.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "preferredLanguage", - "type": "string", - "multiValued": false, - "description": "Indicates the User's preferred written or spoken language. Generally used for selecting a localized user interface; e.g., 'en_US' specifies the language English and country US.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "locale", - "type": "string", - "multiValued": false, - "description": "Used to indicate the User's default location for purposes of localizing items such as currency, date time format, or numerical representations.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "timezone", - "type": "string", - "multiValued": false, - "description": "The User's time zone in the 'Olson' time zone database format, e.g., 'America/Los_Angeles'.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "active", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the User's administrative status.", - "required": false, - "mutability": "readWrite", - "returned": "default" - }, - { - "name": "password", - "type": "string", - "multiValued": false, - "description": "The User's cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User'spassword.", - "required": false, - "caseExact": false, - "mutability": "writeOnly", - "returned": "never", - "uniqueness": "none" - }, - { - "name": "emails", - "type": "complex", - "multiValued": true, - "description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.", - "required": false, - "subAttributes": [ - { - "name": "value", - "type": "string", - "multiValued": false, - "description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function, e.g., 'work' or 'home'.", - "required": false, - "caseExact": false, - "canonicalValues": [ - "work", - "home", - "other" - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "phoneNumbers", - "type": "complex", - "multiValued": true, - "description": "Phone numbers for the User. The value SHOULD be canonicalized by the service provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.", - "required": false, - "subAttributes": [ - { - "name": "value", - "type": "string", - "multiValued": false, - "description": "Phone number of the User.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.", - "required": false, - "caseExact": false, - "canonicalValues": [ - "work", - "home", - "mobile", - "fax", - "pager", - "other" - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred phone number or primary phone number. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default" - }, - { - "name": "ims", - "type": "complex", - "multiValued": true, - "description": "Instant messaging addresses for the User.", - "required": false, - "subAttributes": [ - { - "name": "value", - "type": "string", - "multiValued": false, - "description": "Instant messaging address for the User.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function, e.g., 'aim', 'gtalk', 'xmpp'.", - "required": false, - "caseExact": false, - "canonicalValues": [ - "aim", - "gtalk", - "icq", - "xmpp", - "msn", - "skype", - "qq", - "yahoo" - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred messenger or primary messenger. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default" - }, - { - "name": "photos", - "type": "complex", - "multiValued": true, - "description": "URLs of photos of the User.", - "required": false, - "subAttributes": [ - { - "name": "value", - "type": "reference", - "referenceTypes": [ - "external" - ], - "multiValued": false, - "description": "URL of a photo of the User.", - "required": false, - "caseExact": true, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function, i.e., 'photo' or 'thumbnail'.", - "required": false, - "caseExact": false, - "canonicalValues": [ - "photo", - "thumbnail" - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred photo or thumbnail. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default" - }, - { - "name": "addresses", - "type": "complex", - "multiValued": true, - "description": "A physical mailing address for this User. Canonical type values of 'work', 'home', and 'other'. This attribute is a complex type with the following sub-attributes.", - "required": false, - "subAttributes": [ - { - "name": "formatted", - "type": "string", - "multiValued": false, - "description": "The full mailing address, formatted for display or use with a mailing label. This attribute MAY contain newlines.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "streetAddress", - "type": "string", - "multiValued": false, - "description": "The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute MAY contain newlines.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "locality", - "type": "string", - "multiValued": false, - "description": "The city or locality component.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "region", - "type": "string", - "multiValued": false, - "description": "The state or region component.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "postalCode", - "type": "string", - "multiValued": false, - "description": "The zip code or postal code component.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "country", - "type": "string", - "multiValued": false, - "description": "The country name component.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function, e.g., 'work' or 'home'.", - "required": false, - "caseExact": false, - "canonicalValues": [ - "work", - "home", - "other" - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "groups", - "type": "complex", - "multiValued": true, - "description": "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.", - "required": false, - "subAttributes": [ - { - "name": "value", - "type": "string", - "multiValued": false, - "description": "The identifier of the User's group.", - "required": false, - "caseExact": false, - "mutability": "readOnly", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "$ref", - "type": "reference", - "referenceTypes": [ - "Group" - ], - "multiValued": false, - "description": "The URI of the corresponding 'Group' resource to which the user belongs.", - "required": false, - "caseExact": false, - "mutability": "readOnly", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readOnly", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function, e.g., 'direct' or 'indirect'.", - "required": false, - "caseExact": false, - "canonicalValues": [ - "direct", - "indirect" - ], - "mutability": "readOnly", - "returned": "default", - "uniqueness": "none" - } - ], - "mutability": "readOnly", - "returned": "default" - }, - { - "name": "entitlements", - "type": "complex", - "multiValued": true, - "description": "A list of entitlements for the User that represent a thing the User has.", - "required": false, - "subAttributes": [ - { - "name": "value", - "type": "string", - "multiValued": false, - "description": "The value of an entitlement.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default" - }, - { - "name": "roles", - "type": "complex", - "multiValued": true, - "description": "A list of roles for the User that collectively represent who the User is, e.g., 'Student', 'Faculty'.", - "required": false, - "subAttributes": [ - { - "name": "value", - "type": "string", - "multiValued": false, - "description": "The value of a role.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default" - }, - { - "name": "x509Certificates", - "type": "complex", - "multiValued": true, - "description": "A list of certificates issued to the User.", - "required": false, - "caseExact": false, - "subAttributes": [ - { - "name": "value", - "type": "binary", - "multiValued": false, - "description": "The value of an X.509 certificate.", - "required": false, - "caseExact": true, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "display", - "type": "string", - "multiValued": false, - "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "type", - "type": "string", - "multiValued": false, - "description": "A label indicating the attribute's function.", - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - }, - { - "name": "primary", - "type": "boolean", - "multiValued": false, - "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'True' MUST appear no more than once.", - "required": false, - "mutability": "readWrite", - "returned": "default" - } - ], - "mutability": "readWrite", - "returned": "default" + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:Schema" + ], + "id": "urn:ietf:params:scim:schemas:core:2.0:User", + "name": "User", + "description": "User Account", + "attributes": [ + { + "name": "userName", + "type": "string", + "multiValued": false, + "description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.", + "required": true, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "server" + }, + { + "name": "name", + "type": "complex", + "multiValued": false, + "description": "The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.", + "required": false, + "subAttributes": [ + { + "name": "formatted", + "type": "string", + "multiValued": false, + "description": "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., 'Ms. Barbara J Jensen, III').", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "familyName", + "type": "string", + "multiValued": false, + "description": "The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III').", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "givenName", + "type": "string", + "multiValued": false, + "description": "The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III').", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "middleName", + "type": "string", + "multiValued": false, + "description": "The middle name(s) of the User (e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "honorificPrefix", + "type": "string", + "multiValued": false, + "description": "The honorific prefix(es) of the User, or title in most Western languages (e.g., 'Ms.' given the full name 'Ms. Barbara J Jensen, III').", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "honorificSuffix", + "type": "string", + "multiValued": false, + "description": "The honorific suffix(es) of the User, or suffix in most Western languages (e.g., 'III' given the full name 'Ms. Barbara J Jensen, III').", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "displayName", + "type": "string", + "multiValued": false, + "description": "The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "nickName", + "type": "string", + "multiValued": false, + "description": "The casual way to address the user in real life, e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or 'mpepperidge').", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "profileUrl", + "type": "reference", + "referenceTypes": [ + "external" + ], + "multiValued": false, + "description": "A fully qualified URL pointing to a page representing the User's online profile.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "title", + "type": "string", + "multiValued": false, + "description": "The user's title, such as \"Vice President.\"", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "userType", + "type": "string", + "multiValued": false, + "description": "Used to identify the relationship between the organization and the user. Typical values used might be 'Contractor', 'Employee', 'Intern', 'Temp', 'External', and 'Unknown', but any value may be used.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "preferredLanguage", + "type": "string", + "multiValued": false, + "description": "Indicates the User's preferred written or spoken language. Generally used for selecting a localized user interface; e.g., 'en_US' specifies the language English and country US.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "locale", + "type": "string", + "multiValued": false, + "description": "Used to indicate the User's default location for purposes of localizing items such as currency, date time format, or numerical representations.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "timezone", + "type": "string", + "multiValued": false, + "description": "The User's time zone in the 'Olson' time zone database format, e.g., 'America/Los_Angeles'.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "active", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the User's administrative status.", + "required": false, + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "password", + "type": "string", + "multiValued": false, + "description": "The User's cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User'spassword.", + "required": false, + "caseExact": false, + "mutability": "writeOnly", + "returned": "never", + "uniqueness": "none" + }, + { + "name": "emails", + "type": "complex", + "multiValued": true, + "description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.", + "required": false, + "subAttributes": [ + { + "name": "value", + "type": "string", + "multiValued": false, + "description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function, e.g., 'work' or 'home'.", + "required": false, + "caseExact": false, + "canonicalValues": [ + "work", + "home", + "other" + ], + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "phoneNumbers", + "type": "complex", + "multiValued": true, + "description": "Phone numbers for the User. The value SHOULD be canonicalized by the service provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.", + "required": false, + "subAttributes": [ + { + "name": "value", + "type": "string", + "multiValued": false, + "description": "Phone number of the User.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.", + "required": false, + "caseExact": false, + "canonicalValues": [ + "work", + "home", + "mobile", + "fax", + "pager", + "other" + ], + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred phone number or primary phone number. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "ims", + "type": "complex", + "multiValued": true, + "description": "Instant messaging addresses for the User.", + "required": false, + "subAttributes": [ + { + "name": "value", + "type": "string", + "multiValued": false, + "description": "Instant messaging address for the User.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function, e.g., 'aim', 'gtalk', 'xmpp'.", + "required": false, + "caseExact": false, + "canonicalValues": [ + "aim", + "gtalk", + "icq", + "xmpp", + "msn", + "skype", + "qq", + "yahoo" + ], + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred messenger or primary messenger. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "photos", + "type": "complex", + "multiValued": true, + "description": "URLs of photos of the User.", + "required": false, + "subAttributes": [ + { + "name": "value", + "type": "reference", + "referenceTypes": [ + "external" + ], + "multiValued": false, + "description": "URL of a photo of the User.", + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function, i.e., 'photo' or 'thumbnail'.", + "required": false, + "caseExact": false, + "canonicalValues": [ + "photo", + "thumbnail" + ], + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred photo or thumbnail. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "addresses", + "type": "complex", + "multiValued": true, + "description": "A physical mailing address for this User. Canonical type values of 'work', 'home', and 'other'. This attribute is a complex type with the following sub-attributes.", + "required": false, + "subAttributes": [ + { + "name": "formatted", + "type": "string", + "multiValued": false, + "description": "The full mailing address, formatted for display or use with a mailing label. This attribute MAY contain newlines.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "streetAddress", + "type": "string", + "multiValued": false, + "description": "The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute MAY contain newlines.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "locality", + "type": "string", + "multiValued": false, + "description": "The city or locality component.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "region", + "type": "string", + "multiValued": false, + "description": "The state or region component.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "postalCode", + "type": "string", + "multiValued": false, + "description": "The zip code or postal code component.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "country", + "type": "string", + "multiValued": false, + "description": "The country name component.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function, e.g., 'work' or 'home'.", + "required": false, + "caseExact": false, + "canonicalValues": [ + "work", + "home", + "other" + ], + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "groups", + "type": "complex", + "multiValued": true, + "description": "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.", + "required": false, + "subAttributes": [ + { + "name": "value", + "type": "string", + "multiValued": false, + "description": "The identifier of the User's group.", + "required": false, + "caseExact": false, + "mutability": "readOnly", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "$ref", + "type": "reference", + "referenceTypes": [ + "Group" + ], + "multiValued": false, + "description": "The URI of the corresponding 'Group' resource to which the user belongs.", + "required": false, + "caseExact": false, + "mutability": "readOnly", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readOnly", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function, e.g., 'direct' or 'indirect'.", + "required": false, + "caseExact": false, + "canonicalValues": [ + "direct", + "indirect" + ], + "mutability": "readOnly", + "returned": "default", + "uniqueness": "none" + } + ], + "mutability": "readOnly", + "returned": "default" + }, + { + "name": "entitlements", + "type": "complex", + "multiValued": true, + "description": "A list of entitlements for the User that represent a thing the User has.", + "required": false, + "subAttributes": [ + { + "name": "value", + "type": "string", + "multiValued": false, + "description": "The value of an entitlement.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "roles", + "type": "complex", + "multiValued": true, + "description": "A list of roles for the User that collectively represent who the User is, e.g., 'Student', 'Faculty'.", + "required": false, + "subAttributes": [ + { + "name": "value", + "type": "string", + "multiValued": false, + "description": "The value of a role.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" + } + ], + "mutability": "readWrite", + "returned": "default" + }, + { + "name": "x509Certificates", + "type": "complex", + "multiValued": true, + "description": "A list of certificates issued to the User.", + "required": false, + "caseExact": false, + "subAttributes": [ + { + "name": "value", + "type": "binary", + "multiValued": false, + "description": "The value of an X.509 certificate.", + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "display", + "type": "string", + "multiValued": false, + "description": "A human-readable name, primarily used for display purposes. READ-ONLY.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "type", + "type": "string", + "multiValued": false, + "description": "A label indicating the attribute's function.", + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + }, + { + "name": "primary", + "type": "boolean", + "multiValued": false, + "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'True' MUST appear no more than once.", + "required": false, + "mutability": "readWrite", + "returned": "default" } - ], - "meta": { - "resourceType": "Schema", - "location": "/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User" + ], + "mutability": "readWrite", + "returned": "default" } + ], + "meta": { + "resourceType": "Schema", + "location": "/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User" + } } diff --git a/scim2_models/resources/resource.py b/scim2_models/resources/resource.py index f32fe00..254f314 100644 --- a/scim2_models/resources/resource.py +++ b/scim2_models/resources/resource.py @@ -532,19 +532,21 @@ def _model_attribute_to_scim_attribute( else None ) - return Attribute( - name=field_info.serialization_alias or attribute_name, - type=Attribute.Type(attribute_type), - multi_valued=model.get_field_multiplicity(attribute_name), - description=field_info.description, - canonical_values=field_info.examples, - required=model.get_field_annotation(attribute_name, Required), - case_exact=model.get_field_annotation(attribute_name, CaseExact), - mutability=model.get_field_annotation(attribute_name, Mutability), - returned=model.get_field_annotation(attribute_name, Returned), - uniqueness=model.get_field_annotation(attribute_name, Uniqueness), - sub_attributes=sub_attributes, - reference_types=root_type.get_scim_reference_types() # type: ignore[attr-defined] - if attribute_type == Attribute.Type.reference - else None, - ) + kwargs: dict[str, Any] = { + "name": field_info.serialization_alias or attribute_name, + "type": Attribute.Type(attribute_type), + "multi_valued": model.get_field_multiplicity(attribute_name), + "description": field_info.description, + "canonical_values": field_info.examples, + "required": model.get_field_annotation(attribute_name, Required), + "case_exact": model.get_field_annotation(attribute_name, CaseExact), + "mutability": model.get_field_annotation(attribute_name, Mutability), + "returned": model.get_field_annotation(attribute_name, Returned), + "sub_attributes": sub_attributes, + } + if attribute_type != Attribute.Type.complex: + kwargs["uniqueness"] = model.get_field_annotation(attribute_name, Uniqueness) + if attribute_type == Attribute.Type.reference: + kwargs["reference_types"] = root_type.get_scim_reference_types() # type: ignore[attr-defined] + + return Attribute(**kwargs)