Record Metadata | SCIM 2.0 REST Web Service
The SCIM 2.0 Web Service is internally services by the AppRepo Service, which is subject to an internal authorization process. The internal authorization enables the authorization decisions to be at the level of configuration object parameters (as opposed to the REST-API-level authorization that enables making the decision at the level of complete operations). This scenario introduces two difficult tasks to solve:
-
How to express in a typed environment the difference between a non-existing attribute and an attribute that was filtered out due to authorization
-
How to transfer to the GUI dependent on the SCIM 2.0 API the information about what attribute types and input fields to display
These tasks are reflected by the SCIM 2.0 record metadata. The metadata (that have nothing in common with the SCIM metadata) contain the JSON Schema description of the configuration object after the authorization has been applied. The metadata are reachable in two ways:
-
As a part of the SCIM 2.0 success response, if the request contains
AcceptHTTP Header with valueapplication/json;dxaresultschemaformat=json-schema -
Via the
{scim_rest_web_application_location}/MetadataRecordsendpoint that enables getting the metadata in advance of the request for any type of the operation (e.g., create, update, etc.).