feat: [SCIM] Configurable token expiration duration

Author: stainless-app[bot]

src/gitpod/resources/organizations/scim_configurations.py

@@ -61,6 +61,7 @@ def create(
         organization_id: str,
         sso_configuration_id: str,
         name: Optional[str] | Omit = omit,
+        token_expires_in: Optional[str] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -81,13 +82,24 @@ def create(
 
         - Create basic SCIM configuration:
 
-          Creates a SCIM configuration linked to an SSO provider.
+          Creates a SCIM configuration linked to an SSO provider with default 1 year
+          token expiration.
 
           ```yaml
           organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
           ssoConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
           ```
 
+        - Create SCIM configuration with custom token expiration:
+
+          Creates a SCIM configuration with a 90-day token expiration.
+
+          ```yaml
+          organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
+          ssoConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
+          tokenExpiresIn: "7776000s"
+          ```
+
         Args:
           organization_id: organization_id is the ID of the organization to create the SCIM configuration
               for
@@ -97,6 +109,9 @@ def create(
 
           name: name is a human-readable name for the SCIM configuration
 
+          token_expires_in: token_expires_in is the duration until the token expires. Defaults to 1 year.
+              Minimum 1 day, maximum 2 years.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -112,6 +127,7 @@ def create(
                     "organization_id": organization_id,
                     "sso_configuration_id": sso_configuration_id,
                     "name": name,
+                    "token_expires_in": token_expires_in,
                 },
                 scim_configuration_create_params.ScimConfigurationCreateParams,
             ),
@@ -373,6 +389,7 @@ def regenerate_token(
         self,
         *,
         scim_configuration_id: str,
+        token_expires_in: Optional[str] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -393,16 +410,29 @@ def regenerate_token(
 
         - Regenerate token:
 
-          Creates a new bearer token, invalidating the old one.
+          Creates a new bearer token with the same expiration duration as the previous
+          token.
 
           ```yaml
           scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
           ```
 
+        - Regenerate token with new expiration:
+
+          Creates a new bearer token with a custom 180-day expiration.
+
+          ```yaml
+          scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
+          tokenExpiresIn: "15552000s"
+          ```
+
         Args:
           scim_configuration_id: scim_configuration_id is the ID of the SCIM configuration to regenerate token
               for
 
+          token_expires_in: token_expires_in is the duration until the new token expires. If not specified,
+              uses the same duration as the previous token.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -414,7 +444,10 @@ def regenerate_token(
         return self._post(
             "/gitpod.v1.OrganizationService/RegenerateSCIMToken",
             body=maybe_transform(
-                {"scim_configuration_id": scim_configuration_id},
+                {
+                    "scim_configuration_id": scim_configuration_id,
+                    "token_expires_in": token_expires_in,
+                },
                 scim_configuration_regenerate_token_params.ScimConfigurationRegenerateTokenParams,
             ),
             options=make_request_options(
@@ -450,6 +483,7 @@ async def create(
         organization_id: str,
         sso_configuration_id: str,
         name: Optional[str] | Omit = omit,
+        token_expires_in: Optional[str] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -470,13 +504,24 @@ async def create(
 
         - Create basic SCIM configuration:
 
-          Creates a SCIM configuration linked to an SSO provider.
+          Creates a SCIM configuration linked to an SSO provider with default 1 year
+          token expiration.
 
           ```yaml
           organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
           ssoConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
           ```
 
+        - Create SCIM configuration with custom token expiration:
+
+          Creates a SCIM configuration with a 90-day token expiration.
+
+          ```yaml
+          organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
+          ssoConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
+          tokenExpiresIn: "7776000s"
+          ```
+
         Args:
           organization_id: organization_id is the ID of the organization to create the SCIM configuration
               for
@@ -486,6 +531,9 @@ async def create(
 
           name: name is a human-readable name for the SCIM configuration
 
+          token_expires_in: token_expires_in is the duration until the token expires. Defaults to 1 year.
+              Minimum 1 day, maximum 2 years.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -501,6 +549,7 @@ async def create(
                     "organization_id": organization_id,
                     "sso_configuration_id": sso_configuration_id,
                     "name": name,
+                    "token_expires_in": token_expires_in,
                 },
                 scim_configuration_create_params.ScimConfigurationCreateParams,
             ),
@@ -762,6 +811,7 @@ async def regenerate_token(
         self,
         *,
         scim_configuration_id: str,
+        token_expires_in: Optional[str] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -782,16 +832,29 @@ async def regenerate_token(
 
         - Regenerate token:
 
-          Creates a new bearer token, invalidating the old one.
+          Creates a new bearer token with the same expiration duration as the previous
+          token.
 
           ```yaml
           scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
           ```
 
+        - Regenerate token with new expiration:
+
+          Creates a new bearer token with a custom 180-day expiration.
+
+          ```yaml
+          scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
+          tokenExpiresIn: "15552000s"
+          ```
+
         Args:
           scim_configuration_id: scim_configuration_id is the ID of the SCIM configuration to regenerate token
               for
 
+          token_expires_in: token_expires_in is the duration until the new token expires. If not specified,
+              uses the same duration as the previous token.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -803,7 +866,10 @@ async def regenerate_token(
         return await self._post(
             "/gitpod.v1.OrganizationService/RegenerateSCIMToken",
             body=await async_maybe_transform(
-                {"scim_configuration_id": scim_configuration_id},
+                {
+                    "scim_configuration_id": scim_configuration_id,
+                    "token_expires_in": token_expires_in,
+                },
                 scim_configuration_regenerate_token_params.ScimConfigurationRegenerateTokenParams,
             ),
             options=make_request_options(

src/gitpod/types/organizations/scim_configuration.py

@@ -24,6 +24,9 @@ class ScimConfiguration(BaseModel):
     organization_id is the ID of the organization this SCIM configuration belongs to
     """
 
+    token_expires_at: datetime = FieldInfo(alias="tokenExpiresAt")
+    """token_expires_at is when the current SCIM token expires"""
+
     updated_at: datetime = FieldInfo(alias="updatedAt")
     """updated_at is when the SCIM configuration was last updated"""
 

src/gitpod/types/organizations/scim_configuration_create_params.py

@@ -25,3 +25,9 @@ class ScimConfigurationCreateParams(TypedDict, total=False):
 
     name: Optional[str]
     """name is a human-readable name for the SCIM configuration"""
+
+    token_expires_in: Annotated[Optional[str], PropertyInfo(alias="tokenExpiresIn")]
+    """token_expires_in is the duration until the token expires. Defaults to 1 year.
+
+    Minimum 1 day, maximum 2 years.
+    """

src/gitpod/types/organizations/scim_configuration_create_response.py

@@ -1,5 +1,7 @@
 # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
 
+from datetime import datetime
+
 from pydantic import Field as FieldInfo
 
 from ..._models import BaseModel
@@ -17,3 +19,6 @@ class ScimConfigurationCreateResponse(BaseModel):
 
     scim_configuration: ScimConfiguration = FieldInfo(alias="scimConfiguration")
     """scim_configuration is the created SCIM configuration"""
+
+    token_expires_at: datetime = FieldInfo(alias="tokenExpiresAt")
+    """token_expires_at is when the token will expire"""

src/gitpod/types/organizations/scim_configuration_regenerate_token_params.py

@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+from typing import Optional
 from typing_extensions import Required, Annotated, TypedDict
 
 from ..._utils import PropertyInfo
@@ -15,3 +16,9 @@ class ScimConfigurationRegenerateTokenParams(TypedDict, total=False):
     scim_configuration_id is the ID of the SCIM configuration to regenerate token
     for
     """
+
+    token_expires_in: Annotated[Optional[str], PropertyInfo(alias="tokenExpiresIn")]
+    """
+    token_expires_in is the duration until the new token expires. If not specified,
+    uses the same duration as the previous token.
+    """

src/gitpod/types/organizations/scim_configuration_regenerate_token_response.py

@@ -1,5 +1,9 @@
 # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
 
+from datetime import datetime
+
+from pydantic import Field as FieldInfo
+
 from ..._models import BaseModel
 
 __all__ = ["ScimConfigurationRegenerateTokenResponse"]
@@ -11,3 +15,6 @@ class ScimConfigurationRegenerateTokenResponse(BaseModel):
     token is the new bearer token for SCIM API authentication. This invalidates the
     previous token - store it securely.
     """
+
+    token_expires_at: datetime = FieldInfo(alias="tokenExpiresAt")
+    """token_expires_at is when the new token will expire"""

tests/api_resources/organizations/test_scim_configurations.py

@@ -40,6 +40,7 @@ def test_method_create_with_all_params(self, client: Gitpod) -> None:
             organization_id="b0e12f6c-4c67-429d-a4a6-d9838b5da047",
             sso_configuration_id="d2c94c27-3b76-4a42-b88c-95a85e392c68",
             name="name",
+            token_expires_in="+9125115.360s",
         )
         assert_matches_type(ScimConfigurationCreateResponse, scim_configuration, path=["response"])
 
@@ -233,6 +234,15 @@ def test_method_regenerate_token(self, client: Gitpod) -> None:
         )
         assert_matches_type(ScimConfigurationRegenerateTokenResponse, scim_configuration, path=["response"])
 
+    @pytest.mark.skip(reason="Prism tests are disabled")
+    @parametrize
+    def test_method_regenerate_token_with_all_params(self, client: Gitpod) -> None:
+        scim_configuration = client.organizations.scim_configurations.regenerate_token(
+            scim_configuration_id="d2c94c27-3b76-4a42-b88c-95a85e392c68",
+            token_expires_in="+9125115.360s",
+        )
+        assert_matches_type(ScimConfigurationRegenerateTokenResponse, scim_configuration, path=["response"])
+
     @pytest.mark.skip(reason="Prism tests are disabled")
     @parametrize
     def test_raw_response_regenerate_token(self, client: Gitpod) -> None:
@@ -281,6 +291,7 @@ async def test_method_create_with_all_params(self, async_client: AsyncGitpod) ->
             organization_id="b0e12f6c-4c67-429d-a4a6-d9838b5da047",
             sso_configuration_id="d2c94c27-3b76-4a42-b88c-95a85e392c68",
             name="name",
+            token_expires_in="+9125115.360s",
         )
         assert_matches_type(ScimConfigurationCreateResponse, scim_configuration, path=["response"])
 
@@ -474,6 +485,15 @@ async def test_method_regenerate_token(self, async_client: AsyncGitpod) -> None:
         )
         assert_matches_type(ScimConfigurationRegenerateTokenResponse, scim_configuration, path=["response"])
 
+    @pytest.mark.skip(reason="Prism tests are disabled")
+    @parametrize
+    async def test_method_regenerate_token_with_all_params(self, async_client: AsyncGitpod) -> None:
+        scim_configuration = await async_client.organizations.scim_configurations.regenerate_token(
+            scim_configuration_id="d2c94c27-3b76-4a42-b88c-95a85e392c68",
+            token_expires_in="+9125115.360s",
+        )
+        assert_matches_type(ScimConfigurationRegenerateTokenResponse, scim_configuration, path=["response"])
+
     @pytest.mark.skip(reason="Prism tests are disabled")
     @parametrize
     async def test_raw_response_regenerate_token(self, async_client: AsyncGitpod) -> None: