Adds support for HRI (#738)

src/Auth0.AuthenticationApi/AuthenticationApiClient.cs

@@ -482,6 +482,8 @@ public Task<PushedAuthorizationRequestResponse> PushedAuthorizationRequestAsync(
             body.AddIfNotEmpty("connection", request.Connection);
             body.AddIfNotEmpty("scope", request.Scope);
             body.AddIfNotEmpty("audience", request.Audience);
+            body.AddIfNotEmpty("request", request.Request);
+            body.AddIfNotEmpty("authorization_details", request.AuthorizationDetails);
 
             body.AddAll(request.AdditionalProperties);
 

src/Auth0.AuthenticationApi/Builders/AuthorizationUrlBuilder.cs

@@ -196,5 +196,15 @@ public AuthorizationUrlBuilder WithInvitation(string invitation)
         {
             return WithValue("invitation", invitation);
         }
+
+        /// <summary>
+        /// Adds the `request` query string parameter.
+        /// </summary>
+        /// <param name="request">Signed JWT request</param>
+        /// <returns>Current <see cref="AuthorizationUrlBuilder"/> to allow fluent configuration.</returns>
+        public AuthorizationUrlBuilder WithRequest(string request)
+        {
+            return WithValue("request", request);
+        }
     }
 }

src/Auth0.AuthenticationApi/Models/PushedAuthorizationRequest.cs

@@ -88,5 +88,17 @@ public class PushedAuthorizationRequest : IClientAuthentication
         /// Any additional properties to use.
         /// </summary>
         public IDictionary<string, string> AdditionalProperties { get; set; } = new Dictionary<string, string>();
+
+        /// <summary>
+        /// Allows JWT-Secured Authorization Request (JAR), when JAR & PAR request are used together.
+        /// </summary>
+        public string Request { get; set; }
+
+        /// <summary>
+        /// A JSON stringified array of objects.
+        /// It can carry fine-grained authorization data in OAuth messages as part of Rich Authorization Requests (RAR)
+        /// <see href="https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow/authorization-code-flow-with-rar">reference</see>
+        /// </summary>
+        public string AuthorizationDetails { get; set; }
     }
 }

src/Auth0.ManagementApi/Models/Client/Client.cs

@@ -40,39 +40,15 @@ public class Client : ClientBase
         public TokenEndpointAuthMethod TokenEndpointAuthMethod { get; set; }
 
         /// <summary>
-        /// The client's authentication methods
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.ClientAuthenticationMethods"/>
         /// </summary>
         [JsonProperty("client_authentication_methods")]
         public ClientAuthenticationMethods ClientAuthenticationMethods { get; set; }
-    }
-
-    /// <summary>
-    /// Structure for a client's authentication methods
-    /// </summary>
-    public class ClientAuthenticationMethods
-    {
-        [JsonProperty("private_key_jwt")]
-        public PrivateKeyJwt PrivateKeyJwt { get; set; }
-    }
-
-    /// <summary>
-    /// Structure for credentials using Private Key JWT
-    /// </summary>
-    public class PrivateKeyJwt
-    {
-        [JsonProperty("credentials")]
-        public IList<CredentialId> Credentials { get; set; }
-    }
-
-    /// <summary>
-    /// Structure for a client's credential.
-    /// </summary>
-    /// <remarks>
-    /// Only contains the credential's id.
-    /// </remarks>
-    public class CredentialId
-    {
-        [JsonProperty("id")]
-        public string Id { get; set; }
+
+        /// <summary>
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.SignedRequestObject"/>
+        /// </summary>
+        [JsonProperty("signed_request_object")]
+        public SignedRequestObject SignedRequestObject { get; set; }
     }
 }

src/Auth0.ManagementApi/Models/Client/ClientAuthenticationMethods.cs

@@ -0,0 +1,71 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Structure for a client's authentication methods
+    /// </summary>
+    public class ClientAuthenticationMethods
+    {
+        /// <summary>
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.PrivateKeyJwt"/> 
+        /// </summary>
+        [JsonProperty("private_key_jwt")]
+        public PrivateKeyJwt PrivateKeyJwt { get; set; }
+
+        /// <summary>
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.TlsClientAuth"/> 
+        /// </summary>
+        [JsonProperty("tls_client_auth")]
+        public TlsClientAuth TlsClientAuth { get; set; }
+
+        /// <summary>
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.SelfSignedTlsClientAuth"/> 
+        /// </summary>
+        [JsonProperty("self_signed_tls_client_auth")]
+        public SelfSignedTlsClientAuth SelfSignedTlsClientAuth { get; set; }
+    }
+
+    /// <summary>
+    /// Defines private_key_jwt client authentication method. If this property is defined,
+    /// the client is enabled to use the Private Key JWT authentication method.
+    /// </summary>
+    public class PrivateKeyJwt
+    {
+        [JsonProperty("credentials")]
+        public IList<CredentialId> Credentials { get; set; }
+    }
+
+    /// <summary>
+    /// Defines tls_client_auth client authentication method. If the property is defined,
+    /// the client is configured to use CA-based mTLS authentication method.
+    /// </summary>
+    public class TlsClientAuth
+    {
+        [JsonProperty("credentials")]
+        public IList<CredentialId> Credentials { get; set; }
+    }
+
+    /// <summary>
+    /// Defines self_signed_tls_client_auth client authentication method. If the property is defined,
+    /// the client is configured to use mTLS authentication method utilizing self-signed certificate.
+    /// </summary>
+    public class SelfSignedTlsClientAuth
+    {
+        [JsonProperty("credentials")]
+        public IList<CredentialId> Credentials { get; set; }
+    }
+
+    /// <summary>
+    /// Structure for a client's credential.
+    /// </summary>
+    /// <remarks>
+    /// Only contains the credential's id.
+    /// </remarks>
+    public class CredentialId
+    {
+        [JsonProperty("id")]
+        public string Id { get; set; }
+    }
+}

src/Auth0.ManagementApi/Models/Client/ClientBase.cs

@@ -205,7 +205,17 @@ public abstract class ClientBase
         /// </summary>
         [JsonProperty("default_organization")]
         public DefaultOrganization DefaultOrganization { get; set; }
+
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.ComplianceLevel"/>
+        [JsonProperty("compliance_level")]
+        [JsonConverter(typeof(StringEnumConverter))]
+        public ComplianceLevel? ComplianceLevel { get; set; }
+
+        /// <summary>
+        /// Makes the use of Proof-of-Possession mandatory for this client
+        /// </summary>
+        [JsonProperty("require_proof_of_possession")]
+        public bool? RequireProofOfPossession { get; set; }
     }
-
 }
 

src/Auth0.ManagementApi/Models/Client/ClientCreateRequest.cs

@@ -36,23 +36,30 @@ public class ClientCreateRequest : ClientBase
         /// </summary>
         [JsonProperty("client_authentication_methods")]
         public CreateClientAuthenticationMethods ClientAuthenticationMethods { get; set; }
+
+        /// <summary>
+        /// JWT-secured Authorization Requests (JAR) settings.
+        /// </summary>
+        [JsonProperty("signed_request_object")]
+        public CreateSignedRequestObject SignedRequestObject { get; set; }
     }
-
-    /// <summary>
-    /// Structure for creating new client authentication methods
-    /// </summary>
-    public class CreateClientAuthenticationMethods
-    {
-        [JsonProperty("private_key_jwt")]
-        public CreatePrivateKeyJwt PrivateKeyJwt { get; set; }
-    }
-
+
     /// <summary>
-    /// Structure for creating a new client credential using Private Key JWT
+    /// Structure for creating a new SignedRequestObject
     /// </summary>
-    public class CreatePrivateKeyJwt
+    public class CreateSignedRequestObject
     {
+
+        /// <summary>
+        /// Indicates whether the JAR requests are mandatory
+        /// </summary>
+        [JsonProperty("required")]
+        public bool? Required { get; set; }
+
+        /// <summary>
+        /// List of <see cref="Credentials"/> for the JAR requests
+        /// </summary>
         [JsonProperty("credentials")]
-        public IList<ClientCredentialCreateRequest> Credentials { get; set; }
+        public IList<CredentialsCreateRequest> Credentials { get; set; }
     }
 }

src/Auth0.ManagementApi/Models/Client/ClientUpdateRequest.cs

@@ -27,5 +27,11 @@ public class ClientUpdateRequest : ClientBase
         /// </summary>
         [JsonProperty("client_authentication_methods")]
         public ClientAuthenticationMethods ClientAuthenticationMethods { get; set; }
+
+        /// <summary>
+        /// JWT-secured Authorization Requests (JAR) settings.
+        /// </summary>
+        [JsonProperty("signed_request_object")]
+        public SignedRequestObject SignedRequestObject { get; set; }
     }
 }

src/Auth0.ManagementApi/Models/Client/ComplianceLevel.cs

@@ -0,0 +1,28 @@
+using System.Runtime.Serialization;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Defines the compliance level for this client, which may restrict it's capabilities
+    /// </summary>
+    public enum ComplianceLevel
+    {
+        /// <summary>
+        /// Compliance Level 'none'
+        /// </summary>
+        [EnumMember(Value = "none")]
+        NONE,
+
+        /// <summary>
+        /// Compliance Level 'fapi1_adv_pkj_par'
+        /// </summary>
+        [EnumMember(Value = "fapi1_adv_pkj_par")]
+        FAPI1_ADV_PKJ_PAR,
+
+        /// <summary>
+        /// Compliance Level 'fapi1_adv_mtls_par'
+        /// </summary>
+        [EnumMember(Value = "fapi1_adv_mtls_par")]
+        FAPI1_ADV_MTLS_PAR
+    }
+}

src/Auth0.ManagementApi/Models/Client/CreateClientAuthenticationMethods.cs

@@ -0,0 +1,56 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Structure for creating new client authentication methods
+    /// </summary>
+    public class CreateClientAuthenticationMethods
+    {
+        [JsonProperty("private_key_jwt")]
+        public CreatePrivateKeyJwt PrivateKeyJwt { get; set; }
+
+        [JsonProperty("tls_client_auth")]
+        public CreateTlsClientAuth TlsClientAuthMethod { get; set; }
+
+        [JsonProperty("self_signed_tls_client_auth")]
+        public CreateSelfSignedTlsClientAuth SelfSignedTlsClientAuthMethod { get; set; }
+    }
+
+    /// <summary>
+    /// Structure for creating a new client credential using Private Key JWT
+    /// </summary>
+    public class CreatePrivateKeyJwt
+    {
+        /// <summary>
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.ClientCredentialCreateRequest"/>
+        /// </summary>
+        [JsonProperty("credentials")]
+        public IList<ClientCredentialCreateRequest> Credentials { get; set; }
+    }
+
+    /// <summary>
+    /// Structure for creating a new client credential using TLS Client Auth. 
+    /// </summary>
+    public class CreateTlsClientAuth
+    {
+        /// <summary>
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.CreateTlsClientAuthCredentials"/>
+        /// </summary>
+        [JsonProperty("credentials")]
+        public IList<CreateTlsClientAuthCredentials> Credentials { get; set; }
+    }
+
+    /// <summary>
+    /// Structure for creating a new client credential using Self Signed TLS Client Auth. 
+    /// </summary>
+    public class CreateSelfSignedTlsClientAuth
+    {
+        /// <summary>
+        /// <inheritdoc cref="Auth0.ManagementApi.Models.CreateSelfSignedTlsClientAuthCredentials"/>
+        /// </summary>
+        [JsonProperty("credentials")]
+        public IList<CreateSelfSignedTlsClientAuthCredentials> Credentials { get; set; }
+    }
+}

src/Auth0.ManagementApi/Models/Client/CreateSelfSignedTlsClientAuthCredentials.cs

@@ -0,0 +1,28 @@
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Structure for creating a new client credential using Self Signed TLS Client Auth. 
+    /// </summary>
+    public class CreateSelfSignedTlsClientAuthCredentials
+    {
+        /// <summary>
+        /// Possible values: [x509_cert]
+        /// </summary>
+        [JsonProperty("credential_type")]
+        public string CredentialType { get; set; }
+
+        /// <summary>
+        /// The name of the credential
+        /// </summary>
+        [JsonProperty("name")]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// PEM-formatted X509 certificate. Must be JSON escaped. Mutually exclusive with subject_dn property.
+        /// </summary>
+        [JsonProperty("pem")]
+        public string Pem { get; set; }
+    }
+}

src/Auth0.ManagementApi/Models/Client/CreateTlsClientAuthCredentials.cs

@@ -0,0 +1,34 @@
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Structure for creating a new client credential using TLS Client Auth. 
+    /// </summary>
+    public class CreateTlsClientAuthCredentials
+    {
+        /// <summary>
+        /// Possible values: [cert_subject_dn]
+        /// </summary>
+        [JsonProperty("credential_type")]
+        public string CredentialType { get; set; }
+
+        /// <summary>
+        /// The name of the credential
+        /// </summary>
+        [JsonProperty("name")]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// PEM-formatted X509 certificate. Must be JSON escaped. Mutually exclusive with subject_dn property.
+        /// </summary>
+        [JsonProperty("pem")]
+        public string Pem { get; set; }
+
+        /// <summary>
+        /// Subject Distinguished Name. Mutually exclusive with pem property.
+        /// </summary>
+        [JsonProperty("subject_dn")]
+        public string SubjectDistinguishedName { get; set; }
+    }
+}