[SDK-4541] Add support for organizations in client credentials to management api

playground/handlers.ts

@@ -1,4 +1,5 @@
 import { program } from 'commander';
+import fetch from 'node-fetch';
 import {
   Connection,
   GetOrganizationMemberRoles200ResponseOneOfInner,
@@ -16,7 +17,10 @@ import fs from 'fs';
 import { fileURLToPath } from 'url';
 import nock from 'nock';
 
-process.env.RECORD && nock.recorder.rec({ output_objects: true });
+if (process.env.RECORD) {
+  (globalThis as any).fetch = fetch;
+  nock.recorder.rec({ output_objects: true });
+}
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -151,6 +155,7 @@ export async function attackProtection() {
     revertedSuspiciousIpThrottlingConfig.enabled
   );
 }
+
 export async function anomaly() {
   const mgmntClient = new ManagementClient(program.opts());
   try {
@@ -296,6 +301,7 @@ export async function clientGrants() {
   const { data: clientGrant } = await mgmntClient.clientGrants.create({
     client_id: program.opts().clientId,
     audience: api?.identifier as string,
+    organization_usage: 'allow',
     scope: ['openid'],
   });
   console.log(`Created client grant ${clientGrant.id}`);
@@ -310,11 +316,35 @@ export async function clientGrants() {
     { id: clientGrant.id as string },
     { scope: ['openid', 'profile'] }
   );
-
   console.log(`Updated client grant to use scopes '${updatedClientGrant.scope?.join(', ')}'`);
 
+  const { data: organization } = await mgmntClient.organizations.create({
+    name: 'test-org',
+  });
+
+  await mgmntClient.organizations.addClientGrant(
+    { id: organization.id },
+    { grant_id: clientGrant.id }
+  );
+
+  const { data: orgsByClientGrant } = await mgmntClient.clientGrants.getOrganizations({
+    id: clientGrant.id,
+  });
+  console.log(`got orgs by ${clientGrant.id} ${orgsByClientGrant.map((org) => org.name)}`);
+  const { data: clientGrantsByOrg } = await mgmntClient.organizations.getClientGrants({
+    id: organization.id,
+  });
+  console.log(`got client grants by ${organization.name} ${clientGrantsByOrg.map((cg) => cg.id)}`);
+
+  await mgmntClient.organizations.deleteClientGrant({
+    id: organization.id,
+    grant_id: clientGrant.id,
+  });
+  console.log(`Removed ${clientGrant.id} from ${organization.id}`);
+
   // Delete API for testing
   await mgmntClient.resourceServers.delete({ id: api?.id as string });
+  await mgmntClient.organizations.delete({ id: organization.id });
 
   await mgmntClient.clientGrants.delete({ id: clientGrant.id as string });
   console.log('Removed the client grant: ' + clientGrant.id);

src/auth/oauth.ts

@@ -89,6 +89,11 @@ export interface ClientCredentialsGrantRequest extends ClientCredentials {
    * The unique identifier of the target API you want to access.
    */
   audience: string;
+
+  /**
+   * An Organization Name or ID. When included, the access token returned will include the org_id and org_name claims
+   */
+  organization?: string;
 }
 
 export interface PasswordGrantRequest extends ClientCredentials {

src/management/__generated/managers/client-grants-manager.ts

@@ -4,10 +4,14 @@ import type {
   ClientGrant,
   ClientGrantCreate,
   GetClientGrants200Response,
+  GetClientGrantsOrganizations200Response,
   PatchClientGrantsByIdRequest,
   GetClientGrants200ResponseOneOf,
+  GetClientGrantsOrganizations200ResponseOneOf,
+  GetClientGrantsOrganizations200ResponseOneOfInner,
   DeleteClientGrantsByIdRequest,
   GetClientGrantsRequest,
+  GetClientGrantsOrganizationsRequest,
   PatchClientGrantsByIdOperationRequest,
 } from '../models/index.js';
 
@@ -83,6 +87,10 @@ export class ClientGrantsManager extends BaseAPI {
         key: 'client_id',
         config: {},
       },
+      {
+        key: 'allow_any_organization',
+        config: {},
+      },
     ]);
 
     const response = await this.request(
@@ -97,6 +105,63 @@ export class ClientGrantsManager extends BaseAPI {
     return runtime.JSONApiResponse.fromResponse(response);
   }
 
+  /**
+   * Get the organizations associated to a client grant
+   *
+   * @throws {RequiredError}
+   */
+  async getOrganizations(
+    requestParameters: GetClientGrantsOrganizationsRequest & { include_totals: true },
+    initOverrides?: InitOverride
+  ): Promise<ApiResponse<GetClientGrantsOrganizations200ResponseOneOf>>;
+  async getOrganizations(
+    requestParameters?: GetClientGrantsOrganizationsRequest,
+    initOverrides?: InitOverride
+  ): Promise<ApiResponse<Array<GetClientGrantsOrganizations200ResponseOneOfInner>>>;
+  async getOrganizations(
+    requestParameters: GetClientGrantsOrganizationsRequest,
+    initOverrides?: InitOverride
+  ): Promise<ApiResponse<GetClientGrantsOrganizations200Response>> {
+    runtime.validateRequiredRequestParams(requestParameters, ['id']);
+
+    const queryParameters = runtime.applyQueryParams(requestParameters, [
+      {
+        key: 'page',
+        config: {},
+      },
+      {
+        key: 'per_page',
+        config: {},
+      },
+      {
+        key: 'include_totals',
+        config: {},
+      },
+      {
+        key: 'from',
+        config: {},
+      },
+      {
+        key: 'take',
+        config: {},
+      },
+    ]);
+
+    const response = await this.request(
+      {
+        path: `/client-grants/{id}/organizations`.replace(
+          '{id}',
+          encodeURIComponent(String(requestParameters.id))
+        ),
+        method: 'GET',
+        query: queryParameters,
+      },
+      initOverrides
+    );
+
+    return runtime.JSONApiResponse.fromResponse(response);
+  }
+
   /**
    * Update a client grant.
    * Update client grant