Authentication type should not be an explicit list

[itineric]

When trying to use the tool with an authentication type defined as "access token" (or personnal access token in some tools), an error occurs :
instance value (\"accesstoken\") not found in enum (possible values: [\"oauth\",\"oauth2\",\"oauthbearertoken\",\"httpbasic\",\"httpdigest\",\"bearer\",\"Bearer\"])

But SCIM spec never declares the authentication types given as examples as explicit.

the following methodologies could be used, among others

See here: https://datatracker.ietf.org/doc/html/rfc7644#section-2

[Captain-P-Goldfish]

Also, the specification notes several values but does not forbid other values. What if authentication is done with SAML? The spec does not define a value for this but it is a perfectly legal usecase

[suvera]

You are correct, currently this tool has setup some of the ENUM values and checking against that.

https://github.com/suvera/scim2-compliance-test-utility/blob/master/src/main/resources/schema/ServiceProviderConfig.schema.json#L126

"type": {
        "type": "string",
        "enum": [
            "oauth",
            "oauth2",
            "oauthbearertoken",
            "httpbasic",
            "httpdigest",
            "bearer",
            "Bearer"
        ]
},

"enum" must be removed.

Fixed! 👍 df2c862