- feat(Sdk): Added a new Metadata property to both WorkflowDefinition and TaskDefinition, addressing serverlessworkflow/specification#996

- feat(Sdk): Added a `Certificate`, `Digest` and `OIDC` authentication schemes, and updated the OAuth2AuthenticationSchemeDefinition, addressing serverlessworkflow/specification#973

Signed-off-by: Charles d'Avernas <[email protected]>

Author: cdavernas

src/ServerlessWorkflow.Sdk.Builders/WorkflowDefinitionBuilder.cs

@@ -241,6 +241,7 @@ public virtual IWorkflowDefinitionBuilder Do(string name, Action<IGenericTaskDef
     public virtual WorkflowDefinition Build()
     {
         if (string.IsNullOrWhiteSpace(this.Name)) throw new NullReferenceException("The workflow name must be set");
+        if (string.IsNullOrWhiteSpace(this.Version)) throw new NullReferenceException("The workflow version must be set");
         if (this.Tasks == null || this.Tasks.Count < 1) throw new NullReferenceException("The workflow must define at least one task");
         return new()
         {
@@ -249,7 +250,7 @@ public virtual WorkflowDefinition Build()
                 Dsl = DslVersion.V010,
                 Namespace = string.IsNullOrWhiteSpace(this.Namespace) ? WorkflowDefinitionMetadata.DefaultNamespace : this.Namespace,
                 Name = this.Name,
-                Version = string.IsNullOrWhiteSpace(this.Version) ? "latest" : this.Version,
+                Version = this.Version,
                 Title = this.Title,
                 Summary = this.Summary,
                 Tags = this.Tags

src/ServerlessWorkflow.Sdk/AuthenticationScheme.cs

@@ -28,9 +28,21 @@ public static class AuthenticationScheme
     /// </summary>
     public const string Bearer = "Bearer";
     /// <summary>
-    /// Gets the 'OAuth2' authentication scheme
+    /// Gets the 'Certificate' authentication scheme
+    /// </summary>
+    public const string Certificate = "Certificate";
+    /// <summary>
+    /// Gets the 'Digest' authentication scheme
+    /// </summary>
+    public const string Digest = "Digest";
+    /// <summary>
+    /// Gets the 'OAUTH2' authentication scheme
     /// </summary>
     public const string OAuth2 = "OAuth2";
+    /// <summary>
+    /// Gets the 'OpenIDConnect' authentication scheme
+    /// </summary>
+    public const string OpenIDConnect = "OpenIDConnect";
 
     /// <summary>
     /// Gets a new <see cref="IEnumerable{T}"/> containing the authentication schemes supported by default
@@ -40,7 +52,10 @@ public static IEnumerable<string> AsEnumerable()
     {
         yield return Basic;
         yield return Bearer;
+        yield return Certificate;
+        yield return Digest;
         yield return OAuth2;
+        yield return OpenIDConnect;
     }
 
 }

src/ServerlessWorkflow.Sdk/HttpOutputFormat.cs

@@ -34,4 +34,15 @@ public static class HttpOutputFormat
     /// </summary>
     public const string Response = "response";
 
-}
+    /// <summary>
+    /// Gets a new <see cref="IEnumerable{T}"/> containing all supported values
+    /// </summary>
+    /// <returns>A new <see cref="IEnumerable{T}"/> containing all supported values</returns>
+    public static IEnumerable<string> AsEnumerable()
+    {
+        yield return Raw;
+        yield return Content;
+        yield return Response;
+    }
+
+}

src/ServerlessWorkflow.Sdk/Models/Authentication/BearerAuthenticationSchemeDefinition.cs

@@ -18,7 +18,7 @@ namespace ServerlessWorkflow.Sdk.Models.Authentication;
 /// </summary>
 [DataContract]
 public record BearerAuthenticationSchemeDefinition
-        : AuthenticationSchemeDefinition
+    : AuthenticationSchemeDefinition
 {
 
     /// <inheritdoc/>

src/ServerlessWorkflow.Sdk/Models/Authentication/CertificateAuthenticationSchemeDefinition.cs

@@ -0,0 +1,28 @@
+// Copyright © 2024-Present The Serverless Workflow Specification Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"),
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+namespace ServerlessWorkflow.Sdk.Models.Authentication;
+
+/// <summary>
+/// Represents the definition of a certificate authentication scheme
+/// </summary>
+[DataContract]
+public record CertificateAuthenticationSchemeDefinition
+    : AuthenticationSchemeDefinition
+{
+
+    /// <inheritdoc/>
+    [IgnoreDataMember, JsonIgnore, YamlIgnore]
+    public override string Scheme => AuthenticationScheme.Certificate;
+
+}

src/ServerlessWorkflow.Sdk/Models/Authentication/DigestAuthenticationSchemeDefinition.cs

@@ -0,0 +1,40 @@
+// Copyright © 2024-Present The Serverless Workflow Specification Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"),
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+namespace ServerlessWorkflow.Sdk.Models.Authentication;
+
+/// <summary>
+/// Represents the definition of a digest authentication scheme
+/// </summary>
+[DataContract]
+public record DigestAuthenticationSchemeDefinition
+    : AuthenticationSchemeDefinition
+{
+
+    /// <inheritdoc/>
+    [IgnoreDataMember, JsonIgnore, YamlIgnore]
+    public override string Scheme => AuthenticationScheme.Digest;
+
+    /// <summary>
+    /// Gets/sets the username used for authentication
+    /// </summary>
+    [DataMember(Name = "username", Order = 1), JsonPropertyName("username"), JsonPropertyOrder(1), YamlMember(Alias = "username", Order = 1)]
+    public required virtual string Username { get; set; }
+
+    /// <summary>
+    /// Gets/sets the password used for authentication
+    /// </summary>
+    [DataMember(Name = "password", Order = 2), JsonPropertyName("password"), JsonPropertyOrder(2), YamlMember(Alias = "password", Order = 2)]
+    public required virtual string Password { get; set; }
+
+}

src/ServerlessWorkflow.Sdk/Models/Authentication/OAuth2AuthenticationClientDefinition.cs

@@ -21,16 +21,27 @@ public record OAuth2AuthenticationClientDefinition
 {
 
     /// <summary>
-    /// Gets/sets the OAUTH2 `client_id` to use
+    /// Gets/sets the OAUTH2 `client_id` to use. Required if 'Authentication' has NOT been set to 'none'.
     /// </summary>
-    [Required]
     [DataMember(Name = "id", Order = 1), JsonPropertyName("id"), JsonPropertyOrder(1), YamlMember(Alias = "id", Order = 1)]
-    public required virtual string Id { get; set; }
+    public virtual string? Id { get; set; }
 
     /// <summary>
     /// Gets/sets the OAUTH2 `client_secret` to use, if any
     /// </summary>
     [DataMember(Name = "secret", Order = 2), JsonPropertyName("secret"), JsonPropertyOrder(2), YamlMember(Alias = "secret", Order = 2)]
     public virtual string? Secret { get; set; }
 
-}
+    /// <summary>
+    /// Gets/sets a JWT containing a signed assertion with your application credentials
+    /// </summary>
+    [DataMember(Name = "assertion", Order = 3), JsonPropertyName("assertion"), JsonPropertyOrder(3), YamlMember(Alias = "assertion", Order = 3)]
+    public virtual string? Assertion { get; set; }
+
+    /// <summary>
+    /// Gets/sets the authentication method to use to authenticate the client. Defaults to 'client_secret_post'. See <see cref="OAuth2ClientAuthenticationMethod"/>
+    /// </summary>
+    [DataMember(Name = "authentication", Order = 4), JsonPropertyName("authentication"), JsonPropertyOrder(4), YamlMember(Alias = "authentication", Order = 4)]
+    public virtual string? Authentication { get; set; }
+
+}

src/ServerlessWorkflow.Sdk/Models/Authentication/OAuth2AuthenticationEndpointsDefinition.cs

@@ -0,0 +1,44 @@
+// Copyright © 2024-Present The Serverless Workflow Specification Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"),
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+namespace ServerlessWorkflow.Sdk.Models.Authentication;
+
+/// <summary>
+/// Represents the configuration of OAUTH2 endpoints
+/// </summary>
+[DataContract]
+public record OAuth2AuthenticationEndpointsDefinition
+{
+
+    /// <summary>
+    /// Gets/sets the relative path to the token endpoint. Defaults to `/oauth2/token`
+    /// </summary>
+    [Required]
+    [DataMember(Name = "authority", Order = 1), JsonPropertyName("authority"), JsonPropertyOrder(1), YamlMember(Alias = "authority", Order = 1)]
+    public virtual Uri Token { get; set; } = new("/oauth2/token");
+
+    /// <summary>
+    /// Gets/sets the relative path to the revocation endpoint. Defaults to `/oauth2/revoke`
+    /// </summary>
+    [Required]
+    [DataMember(Name = "revocation", Order = 2), JsonPropertyName("revocation"), JsonPropertyOrder(2), YamlMember(Alias = "revocation", Order = 2)]
+    public virtual Uri Revocation { get; set; } = new("/oauth2/revoke");
+
+    /// <summary>
+    /// Gets/sets the relative path to the introspection endpoint. Defaults to `/oauth2/introspect`
+    /// </summary>
+    [Required]
+    [DataMember(Name = "introspection", Order = 3), JsonPropertyName("introspection"), JsonPropertyOrder(3), YamlMember(Alias = "introspection", Order = 3)]
+    public virtual Uri Introspection { get; set; } = new("/oauth2/introspect");
+
+}

src/ServerlessWorkflow.Sdk/Models/Authentication/OAuth2AuthenticationRequestDefinition.cs

@@ -0,0 +1,28 @@
+// Copyright © 2024-Present The Serverless Workflow Specification Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"),
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+namespace ServerlessWorkflow.Sdk.Models.Authentication;
+
+/// <summary>
+/// Represents the configuration of an OAUTH2 authentication request
+/// </summary>
+[DataContract]
+public record OAuth2AuthenticationRequestDefinition
+{
+
+    /// <summary>
+    /// Gets/sets the encoding of the authentication request. Defaults to 'application/x-www-form-urlencoded'. See <see cref="OAuth2RequestEncoding"/>
+    /// </summary>
+    public virtual string Encoding { get; set; } = OAuth2RequestEncoding.FormUrl;
+
+}

src/ServerlessWorkflow.Sdk/Models/Authentication/OAuth2AuthenticationSchemeDefinition.cs

@@ -14,7 +14,7 @@
 namespace ServerlessWorkflow.Sdk.Models.Authentication;
 
 /// <summary>
-/// Represents the definition of an Open ID Connect authentication scheme
+/// Represents the definition of an OAUTH2 authentication scheme
 /// </summary>
 [DataContract]
 public record OAuth2AuthenticationSchemeDefinition
@@ -32,52 +32,70 @@ public record OAuth2AuthenticationSchemeDefinition
     public required virtual Uri Authority { get; set; }
 
     /// <summary>
-    /// Gets/sets the grant type to use
+    /// Gets/sets the configuration of the OAUTH2 endpoints to use
     /// </summary>
-    [DataMember(Name = "grant", Order = 2), JsonPropertyName("grant"), JsonPropertyOrder(2), YamlMember(Alias = "grant", Order = 2)]
+    [DataMember(Name = "endpoints", Order = 2), JsonPropertyName("endpoints"), JsonPropertyOrder(2), YamlMember(Alias = "endpoints", Order = 2)]
+    public virtual OAuth2AuthenticationEndpointsDefinition Endpoints { get; set; } = new();
+
+    /// <summary>
+    /// Gets/sets the grant type to use. See <see cref="OAuth2GrantType"/>
+    /// </summary>
+    [DataMember(Name = "grant", Order = 3), JsonPropertyName("grant"), JsonPropertyOrder(3), YamlMember(Alias = "grant", Order = 3)]
     public required virtual string Grant { get; set; }
 
     /// <summary>
     /// Gets/sets the definition of the client to use
     /// </summary>
-    [DataMember(Name = "client", Order = 3), JsonPropertyName("client"), JsonPropertyOrder(3), YamlMember(Alias = "client", Order = 3)]
-    public required virtual OAuth2AuthenticationClientDefinition Client { get; set; }
+    [DataMember(Name = "client", Order = 4), JsonPropertyName("client"), JsonPropertyOrder(4), YamlMember(Alias = "client", Order = 4)]
+    public virtual OAuth2AuthenticationClientDefinition? Client { get; set; }
+
+    /// <summary>
+    /// Gets/sets the configuration of the authentication request to perform
+    /// </summary>
+    [DataMember(Name = "request", Order = 5), JsonPropertyName("request"), JsonPropertyOrder(5), YamlMember(Alias = "request", Order = 5)]
+    public virtual OAuth2AuthenticationRequestDefinition Request { get; set; } = new();
+
+    /// <summary>
+    /// Gets/sets a list, if any, that contains valid issuers that will be used to check against the issuer of generated tokens
+    /// </summary>
+    [DataMember(Name = "issuers", Order = 6), JsonPropertyName("issuers"), JsonPropertyOrder(6), YamlMember(Alias = "issuers", Order = 6)]
+    public virtual EquatableList<string>? Issuers { get; set; }
 
     /// <summary>
     /// Gets/sets the scopes, if any, to request the token for
     /// </summary>
-    [DataMember(Name = "scopes", Order = 4), JsonPropertyName("scopes"), JsonPropertyOrder(4), YamlMember(Alias = "scopes", Order = 4)]
+    [DataMember(Name = "scopes", Order = 7), JsonPropertyName("scopes"), JsonPropertyOrder(7), YamlMember(Alias = "scopes", Order = 7)]
     public virtual EquatableList<string>? Scopes { get; set; }
 
     /// <summary>
     /// Gets/sets the audiences, if any, to request the token for
     /// </summary>
-    [DataMember(Name = "audiences", Order = 5), JsonPropertyName("audiences"), JsonPropertyOrder(5), YamlMember(Alias = "audiences", Order = 5)]
+    [DataMember(Name = "audiences", Order = 8), JsonPropertyName("audiences"), JsonPropertyOrder(8), YamlMember(Alias = "audiences", Order = 8)]
     public virtual EquatableList<string>? Audiences { get; set; }
 
     /// <summary>
     /// Gets/sets the username to use. Used only if <see cref="Grant"/> is <see cref="OAuth2GrantType.Password"/>
     /// </summary>
-    [DataMember(Name = "username", Order = 6), JsonPropertyName("username"), JsonPropertyOrder(6), YamlMember(Alias = "username", Order = 6)]
+    [DataMember(Name = "username", Order = 9), JsonPropertyName("username"), JsonPropertyOrder(9), YamlMember(Alias = "username", Order = 9)]
     public virtual string? Username { get; set; }
 
     /// <summary>
     /// Gets/sets the password to use. Used only if <see cref="Grant"/> is <see cref="OAuth2GrantType.Password"/>
     /// </summary>
-    [DataMember(Name = "password", Order = 7), JsonPropertyName("password"), JsonPropertyOrder(7), YamlMember(Alias = "password", Order = 7)]
+    [DataMember(Name = "password", Order = 10), JsonPropertyName("password"), JsonPropertyOrder(10), YamlMember(Alias = "password", Order = 10)]
     public virtual string? Password { get; set; }
 
     /// <summary>
     /// Gets/sets the security token that represents the identity of the party on behalf of whom the request is being made. Used only if <see cref="Grant"/> is <see cref="OAuth2GrantType.TokenExchange"/>, in which case it is required
     /// </summary>
-    [DataMember(Name = "subject", Order = 8), JsonPropertyName("subject"), JsonPropertyOrder(8), YamlMember(Alias = "subject", Order = 8)]
+    [DataMember(Name = "subject", Order = 11), JsonPropertyName("subject"), JsonPropertyOrder(11), YamlMember(Alias = "subject", Order = 11)]
     public virtual OAuth2TokenDefinition? Subject { get; set; }
 
     /// <summary>
     /// Gets/sets the security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject.
     /// Used only if <see cref="Grant"/> is <see cref="OAuth2GrantType.TokenExchange"/>, in which case it is required
     /// </summary>
-    [DataMember(Name = "actor", Order = 9), JsonPropertyName("actor"), JsonPropertyOrder(9), YamlMember(Alias = "actor", Order = 9)]
+    [DataMember(Name = "actor", Order = 12), JsonPropertyName("actor"), JsonPropertyOrder(12), YamlMember(Alias = "actor", Order = 12)]
     public virtual OAuth2TokenDefinition? Actor { get; set; }
 
 }