SCIM2.0 PATCH in WSO2 Identity Server(IS)

Anuradha Karunarathna
Identity Beyond Borders
3 min readApr 30, 2021

Find different flavors of PATCH operations under one hood

I thought to write this blog because I’ve seen many developers in the community are struggling to form the PATCH payload properly.

RFC 7644 3.5.2. Modifying with PATCH describes this fact more than enough. Here I’ll make the content in such a way that you can grab it within few minutes.

What is SCIM PATCH?

  • Optional function to support by SCIM service providers.
  • Can update one or more attributes of a SCIM resource.
  • Supported operations: add , replace , remove

This is the structure of a PATCH payload.

Base of the SCIM Patch Request

Form your PATCH request payload

You have to think of only two things.

  1. What type of attribute I’m going to update?
  2. What sort of update do I want (add/ replace/ remove)?

What type of attribute I’m going to update?

According to SCIM RFC 7643, there are 4 main attribute types. For more details, you can refer Let’s understand SCIM 2.0 — Core Schema.

  • Simple Singular Attributes
  • Complex Singular Attributes
  • Simple Multi-Valued Attributes
  • Complex Multi-Valued Attributes
SCIM attributes categorization

What sort of update do I want (add/ replace/ remove)?

There are only three types of update operations.

  • add — add a new value.
  • replace — replace the existing value.
  • remove — delete the existing value.

I choose Identity Server 5.11.0 for this blog. For simplicity following section shows the individual operations instead of the entire PATCH request payload. Here we go!!

1. Simple Singular Attribute

Here I have selected nickname from User core schema and urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:country from Enterprise user schema.

Since path is an optional param for add and replace operations, I have added samples with/without path.

1.1 add

The first example is to add a simple singular attribute namednickName in User Core Schema without the path param and with path param.

This example is to add a simple singular attribute named country in Enterprise User Schema, without the path param and with path param.

1.2 replace

This example is to replace a simple singular attribute namednickName in User Core Schema without the path param and with path param.

This example is to replace a simple singular attribute named country in Enterprise User Schema, without the path param and with path param.

1.3 remove

This is how simple singular attributes need to be removed.

2. Complex Singular Attribute

Here I have selected name from User core schema which has sub-attributes such as givenName , familyName etc. andurn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager from Enterprise user schema which has displayName , value , ref as us attributes.

2.1 add

2.2 replace

2.3 remove

If the path contains the complex attribute, it removes all sub-attribute values. (NOTE: There is a special case for the name attribute. Though “path”: “name” is given, it doesn’t remove familyName.)

If you just want to delete a sub-attribute of the complex attribute, use the format attribute.subattribute as shown below.

3. Simple Multi-Valued Attribute

This type of attribute is not found in the core schemas of SCIM specification. However, there is a capability to add simple multivalued attributes to our extended schemas. Here I have given examples based on hypothetical attributes called devices. You can add such attributes by following the blog “How to add SCIM Extended Attributes in WSO2 Identity Server”

3.1 add

3.2 replace

3.3 remove

4. Complex Multi-Valued Attribute

Here I have selected emails from User core schema which can have multiple emails types such as home, work , other . Each email attribute has sub-attributes such as value , type , primary .

4.1 add

4.2 replace

If you want to replace one object’s sub-attribute value filter out that and do the replace operation.

4.3 remove

Find the postman collection here: https://app.getpostman.com/run-collection/066316335c2bbaba3c60

Next time, Don’t make any mistakes in your PATCH request. 😉👊

--

--

Anuradha Karunarathna
Identity Beyond Borders

Technical Lead @ WSO2 | Computer Science and Engineering graduate@ University of Moratuwa, SriLanka