Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

scim

package

Go to main page

Versions in this module

v0

v0.7.0

May 10, 2026

Changes in this version

+ const ErrorTypeInvalidFilter

+ const ErrorTypeInvalidPath

+ const ErrorTypeInvalidSyntax

+ const ErrorTypeInvalidValue

+ const ErrorTypeInvalidVers

+ const ErrorTypeMutability

+ const ErrorTypeNoTarget

+ const ErrorTypeSensitive

+ const ErrorTypeTooMany

+ const ErrorTypeUniqueness

+ const ResourceTypeGroup

+ const ResourceTypeUser

+ const ScopeFull

+ const ScopeGroupsRead

+ const ScopeGroupsWrite

+ const ScopeUsersRead

+ const ScopeUsersWrite

+ var SchemaBulkRequest = schema.URIBulkRequest

+ var SchemaBulkResponse = schema.URIBulkResponse

+ var SchemaEnterpriseUser = schema.URIEnterpriseUser

+ var SchemaError = schema.URIError

+ var SchemaGroup = schema.URIGroup

+ var SchemaListResponse = schema.URIListResponse

+ var SchemaPatchOp = schema.URIPatchOp

+ var SchemaUser = schema.URIUser

+ func AuthScopesFromContext(ctx context.Context) []string

+ func AuthSubjectFromContext(ctx context.Context) string

+ func GenerateETag(version string) string

+ func HasAuthScope(ctx context.Context, scope string) bool

+ func LoggerFromContext(ctx context.Context) *slog.Logger

+ func ParseETag(etag string) string

+ func ParseScopes(scopeString string) []string

+ func RequestIDFromContext(ctx context.Context) string

+ func RolesFromContext(ctx context.Context) []string

+ func ScopesString(scopes []string) string

+ func ValidateScopes(scopes []string) []string

+ func WithAuthScopes(ctx context.Context, scopes []string) context.Context

+ func WithAuthSubject(ctx context.Context, subject string) context.Context

+ func WithRequestID(ctx context.Context, requestID string) context.Context

+ func WithRoles(ctx context.Context, roles []string) context.Context

+ func WriteError(w http.ResponseWriter, err *Error)

+ func WriteResponse(w http.ResponseWriter, status int, etag string, body []byte)

+ type API struct

+ func NewAPI(provider *Provider, opts ...Option) (*API, error)

+ func (a *API) Huma() huma.API

+ func (a *API) Logger() *slog.Logger

+ func (a *API) Middleware(authFn func(r *http.Request) (subject string, scopes []string, err error)) func(http.Handler) http.Handler

+ func (a *API) Provider() *Provider

+ func (a *API) Router() chi.Router

+ func (a *API) ServeHTTP(w http.ResponseWriter, r *http.Request)

+ type Address struct

+ Country string

+ Formatted string

+ Locality string

+ PostalCode string

+ Primary bool

+ Region string

+ StreetAddress string

+ Type string

+ type AttributeFilter struct

+ Attributes []string

+ ExcludedAttributes []string

+ func NewAttributeFilter(attributes, excludedAttributes []string) *AttributeFilter

+ func (f *AttributeFilter) FilterGroup(group *Group) *Group

+ func (f *AttributeFilter) FilterListResponse(response *ListResponse) *ListResponse

+ func (f *AttributeFilter) FilterResource(resource any) any

+ func (f *AttributeFilter) FilterUser(user *User) *User

+ func (f *AttributeFilter) IsEmpty() bool

+ type AuthenticationScheme struct

+ Description string

+ DocumentationURI string

+ Name string

+ Primary bool

+ SpecURI string

+ Type string

+ type AuthorizationHook interface

+ CanCreate func(ctx context.Context, resourceType string) error

+ CanDelete func(ctx context.Context, resourceType, resourceID string) error

+ CanRead func(ctx context.Context, resourceType, resourceID string) error

+ CanUpdate func(ctx context.Context, resourceType, resourceID string) error

+ type BcryptHasher struct

+ Cost int

+ func NewBcryptHasher(cost int) *BcryptHasher

+ func (h *BcryptHasher) Hash(password string) (string, error)

+ func (h *BcryptHasher) Verify(password, hash string) error

+ type BulkInput struct

+ Body *BulkRequest

+ type BulkOperation struct

+ BulkID string

+ Data any

+ Method string

+ Path string

+ Version string

+ type BulkOutput struct

+ Body *BulkResponse

+ type BulkRequest struct

+ FailOnErrors int

+ Operations []BulkOperation

+ Schemas []string

+ type BulkResponse struct

+ Operations []BulkResponseOperation

+ Schemas []string

+ type BulkResponseOperation struct

+ BulkID string

+ Location string

+ Method string

+ Response any

+ Status string

+ Version string

+ type CompositeAuthorizationHook struct

+ func NewCompositeAuthorizationHook(hooks ...AuthorizationHook) *CompositeAuthorizationHook

+ func (h *CompositeAuthorizationHook) CanCreate(ctx context.Context, resourceType string) error

+ func (h *CompositeAuthorizationHook) CanDelete(ctx context.Context, resourceType, resourceID string) error

+ func (h *CompositeAuthorizationHook) CanRead(ctx context.Context, resourceType, resourceID string) error

+ func (h *CompositeAuthorizationHook) CanUpdate(ctx context.Context, resourceType, resourceID string) error

+ type Config struct

+ AuthenticationSchemes []AuthenticationScheme

+ BaseURL string

+ BulkMaxOperations int

+ BulkMaxPayloadSize int

+ DefaultPageSize int

+ DocumentationURI string

+ MaxResults int

+ SupportBulk bool

+ SupportChangePassword bool

+ SupportETag bool

+ SupportFiltering bool

+ SupportPatch bool

+ SupportSorting bool

+ func DefaultConfig() *Config

+ func (c *Config) GroupLocation(id string) string

+ func (c *Config) ResourceLocation(resourceType, id string) string

+ func (c *Config) UserLocation(id string) string

+ func (c *Config) Validate() error

+ type CreateGroupInput struct

+ Body *Group

+ type CreateGroupOutput struct

+ Body *Group

+ ETag string

+ Location string

+ type CreateUserInput struct

+ Body *User

+ type CreateUserOutput struct

+ Body *User

+ ETag string

+ Location string

+ type DefaultAuthorizationHook struct

+ func (DefaultAuthorizationHook) CanCreate(ctx context.Context, resourceType string) error

+ func (DefaultAuthorizationHook) CanDelete(ctx context.Context, resourceType, resourceID string) error

+ func (DefaultAuthorizationHook) CanRead(ctx context.Context, resourceType, resourceID string) error

+ func (DefaultAuthorizationHook) CanUpdate(ctx context.Context, resourceType, resourceID string) error

+ type DeleteResourceInput struct

+ ID string

+ type EnterpriseUser struct

+ CostCenter string

+ Department string

+ Division string

+ EmployeeNumber string

+ Manager *ManagerRef

+ Organization string

+ type Error struct

+ Detail string

+ Schemas []string

+ ScimType string

+ Status int

+ func ErrBadRequest(detail string) *Error

+ func ErrConflict(detail string) *Error

+ func ErrForbidden(detail string) *Error

+ func ErrInternal(detail string) *Error

+ func ErrInvalidFilter(detail string) *Error

+ func ErrInvalidPath(detail string) *Error

+ func ErrInvalidSyntax(detail string) *Error

+ func ErrInvalidValue(detail string) *Error

+ func ErrMutability(detail string) *Error

+ func ErrNoTarget(detail string) *Error

+ func ErrNotFound(detail string) *Error

+ func ErrNotImplemented(detail string) *Error

+ func ErrPreconditionFailed(detail string) *Error

+ func ErrTooMany(detail string) *Error

+ func ErrUnauthorized(detail string) *Error

+ func NewError(status int, scimType, detail string) *Error

+ func ToSCIMError(err error) *Error

+ func (e *Error) Error() string

+ type GetGroupOutput struct

+ Body *Group

+ ETag string

+ type GetResourceInput struct

+ Attributes string

+ ExcludedAttributes string

+ ID string

+ IfNoneMatch string

+ func (i *GetResourceInput) ToAttributeFilter() *AttributeFilter

+ type GetResourceTypeOutput struct

+ Body *schema.ResourceType

+ type GetSchemaOutput struct

+ Body *schema.Schema

+ type GetUserOutput struct

+ Body *User

+ ETag string

+ type Group struct

+ DisplayName string

+ Members []MemberRef

+ type GroupRef struct

+ Display string

+ Ref string

+ Type string

+ Value string

+ type ListGroupsOutput struct

+ Body *ListResponse

+ type ListOptions struct

+ Attributes []string

+ Count int

+ Filter string

+ SortBy string

+ SortOrder string

+ StartIndex int

+ func DefaultListOptions() ListOptions

+ type ListResourceTypesOutput struct

+ Body *ListResponse

+ type ListResourcesInput struct

+ Attributes string

+ Count int

+ ExcludedAttributes string

+ Filter string

+ SortBy string

+ SortOrder string

+ StartIndex int

+ func (i *ListResourcesInput) ToAttributeFilter() *AttributeFilter

+ func (i *ListResourcesInput) ToListOptions(defaultCount int) ListOptions

+ type ListResponse struct

+ ItemsPerPage int

+ Resources []any

+ Schemas []string

+ StartIndex int

+ TotalResults int

+ func NewListResponse(resources []any, totalResults, startIndex, itemsPerPage int) *ListResponse

+ type ListSchemasOutput struct

+ Body *ListResponse

+ type ListUsersOutput struct

+ Body *ListResponse

+ type ManagerRef struct

+ DisplayName string

+ Ref string

+ Value string

+ type MeOutput struct

+ Body *User

+ ETag string

+ type MePatchInput struct

+ Body *PatchRequest

+ IfMatch string

+ type MemberRef struct

+ Display string

+ Ref string

+ Type string

+ Value string

+ type Meta struct

+ Created *time.Time

+ LastModified *time.Time

+ Location string

+ ResourceType string

+ Version string

+ type MultiValue struct

+ Display string

+ Primary bool

+ Type string

+ Value string

+ type Name struct

+ FamilyName string

+ Formatted string

+ GivenName string

+ HonorificPrefix string

+ HonorificSuffix string

+ MiddleName string

+ type NoOpHasher struct

+ func (h *NoOpHasher) Hash(password string) (string, error)

+ func (h *NoOpHasher) Verify(password, hash string) error

+ type Option func(*API)

+ func WithLogger(logger *slog.Logger) Option

+ type PasswordHasher interface

+ Hash func(password string) (string, error)

+ Verify func(password, hash string) error

+ func DefaultPasswordHasher() PasswordHasher

+ type PatchOperation struct

+ Op string

+ Path string

+ Value any

+ type PatchRequest struct

+ Operations []PatchOperation

+ Schemas []string

+ type PatchResourceInput struct

+ Body *PatchRequest

+ ID string

+ IfMatch string

+ type Provider struct

+ func NewProvider(config *Config, store Store, opts ...ProviderOption) (*Provider, error)

+ func (p *Provider) Config() *Config

+ func (p *Provider) PasswordHasher() PasswordHasher

+ func (p *Provider) ResourceTypes() []schema.ResourceType

+ func (p *Provider) Schemas() []schema.Schema

+ func (p *Provider) Service() Service

+ func (p *Provider) ServiceProviderConfig() schema.ServiceProviderConfig

+ type ProviderOption func(*Provider)

+ func WithAuthorizationHook(hook AuthorizationHook) ProviderOption

+ func WithPasswordHasher(hasher PasswordHasher) ProviderOption

+ type RequestMetadata struct

+ Attributes []string

+ Count int

+ ExcludedAttributes []string

+ Filter string

+ IfMatch string

+ IfNoneMatch string

+ SortBy string

+ SortOrder string

+ StartIndex int

+ func ExtractRequestMetadata(r *http.Request) RequestMetadata

+ func (m RequestMetadata) ToListOptions(defaultCount int) ListOptions

+ type Resource struct

+ ExternalID string

+ ID string

+ Meta *Meta

+ Schemas []string

+ type ResourceTypeNameInput struct

+ Name string

+ type RoleBasedAuthorizationHook struct

+ AdminRoles []string

+ ReadOnlyRoles []string

+ RoleExtractor func(ctx context.Context) []string

+ func NewRoleBasedAuthorizationHook(adminRoles, readOnlyRoles []string) *RoleBasedAuthorizationHook

+ func (h *RoleBasedAuthorizationHook) CanCreate(ctx context.Context, resourceType string) error

+ func (h *RoleBasedAuthorizationHook) CanDelete(ctx context.Context, resourceType, resourceID string) error

+ func (h *RoleBasedAuthorizationHook) CanRead(ctx context.Context, resourceType, resourceID string) error

+ func (h *RoleBasedAuthorizationHook) CanUpdate(ctx context.Context, resourceType, resourceID string) error

+ type SchemaIDInput struct

+ ID string

+ type ScopedAuthorizationHook struct

+ RequireScopes bool

+ func NewScopedAuthorizationHook(requireScopes bool) *ScopedAuthorizationHook

+ func (h *ScopedAuthorizationHook) CanCreate(ctx context.Context, resourceType string) error

+ func (h *ScopedAuthorizationHook) CanDelete(ctx context.Context, resourceType, resourceID string) error

+ func (h *ScopedAuthorizationHook) CanRead(ctx context.Context, resourceType, resourceID string) error

+ func (h *ScopedAuthorizationHook) CanUpdate(ctx context.Context, resourceType, resourceID string) error

+ type SearchInput struct

+ Body *SearchRequest

+ type SearchOutput struct

+ Body *ListResponse

+ type SearchRequest struct

+ Attributes []string

+ Count int

+ ExcludedAttributes []string

+ Filter string

+ Schemas []string

+ SortBy string

+ SortOrder string

+ StartIndex int

+ func (s *SearchRequest) ToAttributeFilter() *AttributeFilter

+ func (s *SearchRequest) ToListOptions(defaultCount int) ListOptions

+ type Service interface

+ CreateGroup func(ctx context.Context, group *Group) (*Group, error)

+ CreateUser func(ctx context.Context, user *User) (*User, error)

+ DeleteGroup func(ctx context.Context, id string) error

+ DeleteUser func(ctx context.Context, id string) error

+ GetGroup func(ctx context.Context, id string) (*Group, error)

+ GetMe func(ctx context.Context) (*User, error)

+ GetUser func(ctx context.Context, id string) (*User, error)

+ ListGroups func(ctx context.Context, opts ListOptions) (*ListResponse, error)

+ ListUsers func(ctx context.Context, opts ListOptions) (*ListResponse, error)

+ PatchGroup func(ctx context.Context, id string, patch *PatchRequest, etag string) (*Group, error)

+ PatchMe func(ctx context.Context, patch *PatchRequest, etag string) (*User, error)

+ PatchUser func(ctx context.Context, id string, patch *PatchRequest, etag string) (*User, error)

+ ProcessBulk func(ctx context.Context, req *BulkRequest) (*BulkResponse, error)

+ UpdateGroup func(ctx context.Context, id string, group *Group, etag string) (*Group, error)

+ UpdateUser func(ctx context.Context, id string, user *User, etag string) (*User, error)

+ type ServiceProviderConfigOutput struct

+ Body schema.ServiceProviderConfig

+ type Store interface

+ AddMemberToGroup func(ctx context.Context, groupID, userID string) error

+ CreateGroup func(ctx context.Context, group *Group) (*Group, error)

+ CreateUser func(ctx context.Context, user *User) (*User, error)

+ DeleteGroup func(ctx context.Context, id string) error

+ DeleteUser func(ctx context.Context, id string) error

+ GetGroupByDisplayName func(ctx context.Context, displayName string) (*Group, error)

+ GetGroupByExternalID func(ctx context.Context, externalID string) (*Group, error)

+ GetGroupByID func(ctx context.Context, id string) (*Group, error)

+ GetGroupsForUser func(ctx context.Context, userID string) ([]GroupRef, error)

+ GetMembersForGroup func(ctx context.Context, groupID string) ([]MemberRef, error)

+ GetUserByExternalID func(ctx context.Context, externalID string) (*User, error)

+ GetUserByID func(ctx context.Context, id string) (*User, error)

+ GetUserByUserName func(ctx context.Context, userName string) (*User, error)

+ ListGroups func(ctx context.Context, opts ListOptions) ([]*Group, int, error)

+ ListUsers func(ctx context.Context, opts ListOptions) ([]*User, int, error)

+ RemoveMemberFromGroup func(ctx context.Context, groupID, userID string) error

+ UpdateGroup func(ctx context.Context, id string, group *Group) (*Group, error)

+ UpdateUser func(ctx context.Context, id string, user *User) (*User, error)

+ type UpdateGroupInput struct

+ Body *Group

+ ID string

+ IfMatch string

+ type UpdateGroupOutput struct

+ Body *Group

+ ETag string

+ type UpdateUserInput struct

+ Body *User

+ ID string

+ IfMatch string

+ type UpdateUserOutput struct

+ Body *User

+ ETag string

+ type User struct

+ Active *bool

+ Addresses []Address

+ DisplayName string

+ Emails []MultiValue

+ EnterpriseUser *EnterpriseUser

+ Entitlements []MultiValue

+ Groups []GroupRef

+ IMs []MultiValue

+ Locale string

+ Name *Name

+ NickName string

+ Password string

+ PhoneNumbers []MultiValue

+ Photos []MultiValue

+ PreferredLanguage string

+ ProfileURL string

+ Roles []MultiValue

+ Timezone string

+ Title string

+ UserName string

+ UserType string

+ X509Certificates []MultiValue