feat: Add SAML metadata preview cmdlet for applications (#96)

Author: aniket-okta

API_README.md

@@ -54,6 +54,7 @@ Class | Method | HTTP request | Description
 *OktaApplicationApi* | [**Invoke-OktaListFeaturesForApplication**](docs/OktaApplicationApi.md#Invoke-OktaListFeaturesForApplication) | **GET** /api/v1/apps/{appId}/features | List all Features
 *OktaApplicationApi* | [**Invoke-OktaListOAuth2TokensForApplication**](docs/OktaApplicationApi.md#Invoke-OktaListOAuth2TokensForApplication) | **GET** /api/v1/apps/{appId}/tokens | List all OAuth 2.0 Tokens
 *OktaApplicationApi* | [**Invoke-OktaListScopeConsentGrants**](docs/OktaApplicationApi.md#Invoke-OktaListScopeConsentGrants) | **GET** /api/v1/apps/{appId}/grants | List all Scope Consent Grants
+*OktaApplicationApi* | [**Invoke-OktaPreviewSAMLMetadataForApplication**](docs/OktaApplicationApi.md#Invoke-OktaPreviewSAMLMetadataForApplication) | **GET** /api/v1/apps/{appId}/sso/saml/metadata | Preview SAML Metadata
 *OktaApplicationApi* | [**Publish-OktaCsrFromApplication**](docs/OktaApplicationApi.md#Publish-OktaCsrFromApplication) | **POST** /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish | Publish a Certificate Signing Request
 *OktaApplicationApi* | [**Revoke-OktaCsrFromApplication**](docs/OktaApplicationApi.md#Revoke-OktaCsrFromApplication) | **DELETE** /api/v1/apps/{appId}/credentials/csrs/{csrId} | Revoke a Certificate Signing Request
 *OktaApplicationApi* | [**Revoke-OktaOAuth2TokenForApplication**](docs/OktaApplicationApi.md#Revoke-OktaOAuth2TokenForApplication) | **DELETE** /api/v1/apps/{appId}/tokens/{tokenId} | Revoke an OAuth 2.0 Token

docs/OktaApplicationApi.md

@@ -36,6 +36,7 @@ Method | HTTP request | Description
 [**Invoke-OktaListFeaturesForApplication**](OktaApplicationApi.md#Invoke-OktaListFeaturesForApplication) | **GET** /api/v1/apps/{appId}/features | List all Features
 [**Invoke-OktaListOAuth2TokensForApplication**](OktaApplicationApi.md#Invoke-OktaListOAuth2TokensForApplication) | **GET** /api/v1/apps/{appId}/tokens | List all OAuth 2.0 Tokens
 [**Invoke-OktaListScopeConsentGrants**](OktaApplicationApi.md#Invoke-OktaListScopeConsentGrants) | **GET** /api/v1/apps/{appId}/grants | List all Scope Consent Grants
+[**Invoke-OktaPreviewSAMLMetadataForApplication**](OktaApplicationApi.md#Invoke-OktaPreviewSAMLMetadataForApplication) | **GET** /api/v1/apps/{appId}/sso/saml/metadata | Preview SAML Metadata
 [**Publish-OktaCsrFromApplication**](OktaApplicationApi.md#Publish-OktaCsrFromApplication) | **POST** /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish | Publish a Certificate Signing Request
 [**Revoke-OktaCsrFromApplication**](OktaApplicationApi.md#Revoke-OktaCsrFromApplication) | **DELETE** /api/v1/apps/{appId}/credentials/csrs/{csrId} | Revoke a Certificate Signing Request
 [**Revoke-OktaOAuth2TokenForApplication**](OktaApplicationApi.md#Revoke-OktaOAuth2TokenForApplication) | **DELETE** /api/v1/apps/{appId}/tokens/{tokenId} | Revoke an OAuth 2.0 Token
@@ -1783,6 +1784,59 @@ Name | Type | Description  | Notes
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 
+<a id="Invoke-OktaPreviewSAMLMetadataForApplication"></a>
+# **Invoke-OktaPreviewSAMLMetadataForApplication**
+> String Invoke-OktaPreviewSAMLMetadataForApplication<br>
+> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[-AppId] <String><br>
+> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[-KeyId] <String><br>
+
+Preview SAML Metadata
+
+Previews SAML metadata based on a specific key credential for an application
+
+### Example
+```powershell
+# general setting of the PowerShell module, e.g. base URL, authentication, etc
+$Configuration = Get-OktaConfiguration
+
+# Configure your client ID and scope for authorization
+$Configuration.ClientId = "YOUR_CLIENT_ID"
+$Configuration.Scope = "OKTA_SCOPES" # for example okta.users.read
+
+$AppId = "MyAppId" # String | Application ID
+$KeyId = "MyKeyId" # String | Application key credential ID (optional)
+
+# Preview SAML Metadata
+try {
+    $Result = Invoke-OktaPreviewSAMLMetadataForApplication -AppId $AppId -KeyId $KeyId
+} catch {
+    Write-Host ("Exception occurred when calling Invoke-OktaPreviewSAMLMetadataForApplication: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
+    Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **AppId** | **String**| Application ID | 
+ **KeyId** | **String**| Application key credential ID | [optional] 
+
+### Return type
+
+**String**
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/xml, application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
 <a id="Publish-OktaCsrFromApplication"></a>
 # **Publish-OktaCsrFromApplication**
 > JsonWebKey Publish-OktaCsrFromApplication<br>

openapi3/README.md

@@ -43,31 +43,7 @@ For troubleshooting, please run `$DebugPreference = 'Continue'` to turn on debug
 
 ## Getting Started 
 
-### Regenerating the SDK
-
-To regenerate the SDK from the OpenAPI specification:
-
-1. Install the [OpenAPI generator CLI](https://www.npmjs.com/package/@openapitools/openapi-generator-cli)
-2. Navigate to the `openapi3` directory
-3. Run the automated generation script:
-   ```powershell
-   .\generate.ps1
-   ```
-
-This script will:
-- Generate code using `openapi-generator-cli` with the configuration in `config.json`
-- Automatically fix documentation to include the `Okta` prefix in `Initialize-` functions
+- Install the [OpenAPI generator CLI](https://www.npmjs.com/package/@openapitools/openapi-generator-cli)
+- Run `openapi-generator-cli generate -g powershell -c config.json --skip-validate-spec`
 
 > Note that `config.json` contains all the configuration required (templates, supporting files, global configuration, etc) to generate the Okta SDK. For more details about the generator's customization visit [this link](https://openapi-generator.tech/docs/customization).
-
-### Manual Generation (Advanced)
-
-If you need to run the steps manually:
-
-```powershell
-# Step 1: Generate code
-openapi-generator-cli generate -g powershell -c config.json --skip-validate-spec
-
-# Step 2: Fix documentation
-.\fix-docs.ps1
-```

openapi3/management.yaml

@@ -2373,6 +2373,43 @@ paths:
             - okta.apps.manage
       tags:
         - Application
+  /api/v1/apps/{appId}/sso/saml/metadata:
+    get:
+      summary: Preview SAML Metadata
+      description: Previews SAML metadata based on a specific key credential for an application
+      operationId: previewSAMLMetadataForApplication
+      parameters:
+        - name: appId
+          in: path
+          description: Application ID
+          required: true
+          schema:
+            type: string
+        - name: keyId
+          in: query
+          description: Application key credential ID
+          required: false
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/xml:
+              schema:
+                type: string
+        '403':
+          $ref: '#/components/responses/ErrorAccessDenied403'
+        '404':
+          $ref: '#/components/responses/ErrorResourceNotFound404'
+        '429':
+          $ref: '#/components/responses/ErrorTooManyRequests429'
+      security:
+        - apiToken: []
+        - oauth2:
+            - okta.apps.read
+      tags:
+        - Application
   /api/v1/authenticators:
     get:
       summary: List all Authenticators

src/Okta.PowerShell/Api/OktaApplicationApi.ps1

@@ -4126,6 +4126,141 @@ function Invoke-OktaListScopeConsentGrants {
 <#
 .SYNOPSIS
 
+Preview SAML Metadata
+
+.DESCRIPTION
+
+No description available.
+
+.PARAMETER AppId
+Application ID
+
+.PARAMETER KeyId
+Application key credential ID
+
+.PARAMETER ReturnType
+
+Select the return type (optional): application/xml, application/json
+
+
+.PARAMETER Uri
+
+Specifies the absolute Uri to be used when making the request. Recommended for paginated results. Optional.
+
+.PARAMETER WithHttpInfo
+
+A switch when turned on will return a hash table of Response, StatusCode and Headers instead of just the Response
+
+.PARAMETER IncludeNullValues
+
+A switch when turned on will include any null values in the payload; Null values are removed by default. Optional.
+
+.OUTPUTS
+
+String
+#>
+function Invoke-OktaPreviewSAMLMetadataForApplication {
+    [CmdletBinding()]
+    Param (
+        [Parameter(Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
+        [String]
+        ${AppId},
+        [Parameter(Position = 1, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
+        [String]
+        ${KeyId},
+        [String]
+        [ValidateSet("application/xml", "application/json")]
+        $ReturnType,
+        [Parameter(ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
+        [String]
+        ${Uri},
+        [Switch]
+        $WithHttpInfo,
+        [Switch]
+        $IncludeNullValues        
+    )
+
+    Process {
+        'Calling method: Invoke-OktaPreviewSAMLMetadataForApplication' | Write-Debug
+        $PSBoundParameters | Out-DebugParameter | Write-Debug
+
+        $LocalVarAccepts = @()
+        $LocalVarContentTypes = @()
+        $LocalVarQueryParameters = @{}
+        $LocalVarHeaderParameters = @{}
+        $LocalVarFormParameters = @{}
+        $LocalVarPathParameters = @{}
+        $LocalVarCookieParameters = @{}
+        $LocalVarBodyParameter = $null
+
+        $Configuration = Get-OktaConfiguration
+        # HTTP header 'Accept' (if needed)
+        $LocalVarAccepts = @('application/xml', 'application/json')
+
+        if ($ReturnType) {
+            # use the return type (MIME) provided by the user
+            $LocalVarAccepts = @($ReturnType)
+        }
+
+        $LocalVarUri = '/api/v1/apps/{appId}/sso/saml/metadata'
+        if (!$PSCmdlet.MyInvocation.BoundParameters.ContainsKey("AppId") -or $null -eq $AppId) {
+            throw "Error! The required parameter `AppId` missing when calling previewSAMLMetadataForApplication."
+        }
+        $LocalVarUri = $LocalVarUri.replace('{appId}', [System.Web.HTTPUtility]::UrlEncode($AppId))
+
+        if ($PSCmdlet.MyInvocation.BoundParameters.ContainsKey("Uri")) {
+            $ParsedUri = Invoke-ParseAbsoluteUri -Uri $Uri
+            $LocalVarUri = $ParsedUri["RelativeUri"]
+            $LocalVarQueryParameters = $ParsedUri["QueryParameters"]
+        }
+
+        if ($PSCmdlet.MyInvocation.BoundParameters.ContainsKey("KeyId")) {
+            $LocalVarQueryParameters['keyId'] = $KeyId
+        }
+
+        if ($Configuration["ApiKey"] -and $Configuration["ApiKey"]["apiToken"]) {
+            $LocalVarHeaderParameters['apiToken'] = $Configuration["ApiKey"]["apiToken"]
+            Write-Verbose ("Using API key 'apiToken' in the header for authentication in {0}" -f $MyInvocation.MyCommand)
+        }
+
+
+        if ($Configuration["AccessToken"]) {
+            $LocalVarHeaderParameters['Authorization'] = "Bearer " + $Configuration["AccessToken"]
+            Write-Verbose ("Using Bearer authentication in {0}" -f $MyInvocation.MyCommand)
+        }
+
+        $LocalVarResult = Invoke-OktaApiClient -Method 'GET' `
+                                -Uri $LocalVarUri `
+                                -Accepts $LocalVarAccepts `
+                                -ContentTypes $LocalVarContentTypes `
+                                -Body $LocalVarBodyParameter `
+                                -HeaderParameters $LocalVarHeaderParameters `
+                                -QueryParameters $LocalVarQueryParameters `
+                                -FormParameters $LocalVarFormParameters `
+                                -CookieParameters $LocalVarCookieParameters `
+                                -ReturnType "String" `
+                                -IsBodyNullable $false
+
+        if ($WithHttpInfo.IsPresent) {
+            if ($null -ne $LocalVarResult.Headers.Link) {
+                foreach($Link in $LocalVarResult.Headers.Link)   {
+                    # Link looks like '<https://myorg.okta.com/api/v1/groups?after=00g9erhe4rJGXhdYs5d7&limit=1>;rel="next"
+                    if ($Link.Contains('rel="next"', 'InvariantCultureIgnoreCase')) {
+                        $LinkValue = $Link.split(";")[0].ToString()
+                        $LocalVarResult.NextPageUri = $LinkValue -replace '[<>]',''
+                    }
+                }
+            }
+            return $LocalVarResult
+        } else {
+            return $LocalVarResult["Response"]
+        }
+    }
+}
+
+<#
+.SYNOPSIS
+
 Publish a Certificate Signing Request
 
 .DESCRIPTION

src/Okta.PowerShell/Okta.PowerShell.PrivateFunctions.psd1

@@ -3,7 +3,7 @@
 #
 # Generated by: Okta, Inc.
 #
-# Generated on: 11/6/2025
+# Generated on: 11/7/2025
 #
 
 @{

src/Okta.PowerShell/Okta.PowerShell.psd1

@@ -3,7 +3,7 @@
 #
 # Generated by: Okta, Inc.
 #
-# Generated on: 11/6/2025
+# Generated on: 11/7/2025
 #
 
 @{
@@ -102,6 +102,7 @@ FunctionsToExport = 'Invoke-OktaActivateAgentPoolsUpdate', 'New-OktaAgentPoolsUp
                'Invoke-OktaListFeaturesForApplication', 
                'Invoke-OktaListOAuth2TokensForApplication', 
                'Invoke-OktaListScopeConsentGrants', 
+               'Invoke-OktaPreviewSAMLMetadataForApplication', 
                'Publish-OktaCsrFromApplication', 'Revoke-OktaCsrFromApplication', 
                'Revoke-OktaOAuth2TokenForApplication', 
                'Revoke-OktaOAuth2TokensForApplication', 

tests/Api/OktaApplicationApi.Tests.ps1

@@ -369,4 +369,53 @@ Describe -tag 'Okta.PowerShell' -name 'OktaOktaApplicationApi' {
             $TestResult.Status | Should -Be "ACTIVE"
         }
     }
+
+    Context 'Invoke-OktaPreviewSAMLMetadataForApplication' {
+        It 'Should call the correct endpoint for SAML metadata preview' {
+            # Arrange
+            $AppId = "0oa1gjh63g214q0Hq0g4"
+            $ExpectedXml = '<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exk1234567890"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"></md:IDPSSODescriptor></md:EntityDescriptor>'
+            
+            $Response = @{
+                Response   = $ExpectedXml
+                StatusCode = 200
+                Headers = @{ "Content-Type" = @("application/xml")}
+            }
+            
+            Mock -ModuleName Okta.PowerShell Invoke-OktaApiClient { return $Response } -Verifiable
+            
+            # Act
+            $Result = Invoke-OktaPreviewSAMLMetadataForApplication -AppId $AppId
+            
+            # Assert
+            Assert-MockCalled -ModuleName Okta.PowerShell Invoke-OktaApiClient -Exactly -Times 1 -Scope It -ParameterFilter {
+                $Uri -like "*/api/v1/apps/$AppId/sso/saml/metadata" -and
+                $Method -eq 'GET'
+            }
+            $Result | Should -Be $ExpectedXml
+        }
+        
+        It 'Should include keyId query parameter when provided' {
+            # Arrange
+            $AppId = "0oa1gjh63g214q0Hq0g4"
+            $KeyId = "SIMcCQNY3uwXoW3y0g3"
+            
+            $Response = @{
+                Response   = '<?xml version="1.0"?><metadata></metadata>'
+                StatusCode = 200
+                Headers = @{ "Content-Type" = @("application/xml")}
+            }
+            
+            Mock -ModuleName Okta.PowerShell Invoke-OktaApiClient { return $Response } -Verifiable
+            
+            # Act
+            $Result = Invoke-OktaPreviewSAMLMetadataForApplication -AppId $AppId -KeyId $KeyId
+            
+            # Assert
+            Assert-MockCalled -ModuleName Okta.PowerShell Invoke-OktaApiClient -Exactly -Times 1 -Scope It -ParameterFilter {
+                $QueryParameters.ContainsKey('keyId') -and 
+                $QueryParameters['keyId'] -eq $KeyId
+            }
+        }
+    }
 }