Scim2SelfService¶
Scim2SelfService is a SCIM2-compliant /Me endpoint.
Scim2SelfService is an API service of UnityCatalogServer to handle HTTP requests at /api/1.0/unity-control/scim2/Me URL.
| Method | URL | Handler | Params |
|---|---|---|---|
| GET | - | getCurrentUser | - |
# 🛑 Start the UC server with server authorization enabled
$ http http://localhost:8080/api/1.0/unity-control/scim2/Me
HTTP/1.1 401 Unauthorized
content-length: 173
content-type: application/json
date: Tue, 17 Dec 2024 21:23:01 GMT
server: Armeria/1.28.4
{
"details": [
{
"@type": "google.rpc.ErrorInfo",
"metadata": {},
"reason": "UNAUTHENTICATED"
}
],
"error_code": "UNAUTHENTICATED",
"message": "No authorization found.",
"stack_trace": null
}
$ http -A bearer -a $(cat etc/conf/token.txt) \
http://localhost:8080/api/1.0/unity-control/scim2/Me
HTTP/1.1 200 OK
content-length: 345
content-type: application/scim+json
date: Tue, 17 Dec 2024 21:23:29 GMT
server: Armeria/1.28.4
{
"active": true,
"displayName": "Admin",
"emails": [
{
"primary": true,
"value": "admin"
}
],
"id": "cd941442-6635-45b9-bc7a-c9b527600b3b",
"meta": {
"created": "2024-11-08T17:40:16.216+00:00",
"lastModified": "2024-12-17T21:23:29.251+00:00",
"resourceType": "User"
},
"photos": [
{
"value": ""
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "admin"
}
Creating Instance¶
Scim2SelfService takes the following to be created:
Scim2SelfService is created when:
UnityCatalogServeris requested to register the API services
UserRepository¶
Scim2SelfService looks up the system-wide UserRepository when created.
Get Current User¶
getCurrentUser finds a JSON web token in the server-side request context.
getCurrentUser uses the sub claim (of the decoded JSON web token) as the email of a user to look up.
getCurrentUser requests the system-wide UserRepository instance to look up a user by the email.
Scim2RuntimeException
getCurrentUser reports a Scim2RuntimeException when there is no JSON web token in the server-side request context: