Kernia
Plugins

SCIM

Expose SCIM 2.0 user and group provisioning endpoints.

The SCIM package exposes standard SCIM 2.0 routes for identity provider directory sync. It can authorize requests through an admin session or an API key with SCIM scope, depending on configuration.

Installation

uv add kernia-scim

Import path

from kernia_scim import SCIMOptions, scim

Server configuration

auth.py
import os

from kernia import KerniaOptions
from kernia.auth import init
from kernia_scim import SCIMOptions, scim

from .db import adapter

auth = init(KerniaOptions(
    database=adapter,
    secret=os.environ["KERNIA_SECRET"],
    base_url=os.environ["KERNIA_BASE_URL"],
    base_path="/api/auth",
    plugins=(
        scim(SCIMOptions()),
    ),
))

API routes

GET/api/auth/scim/v2/Users

Lists users in SCIM ListResponse format.

POST/api/auth/scim/v2/Users

Creates a user from SCIM payload data.

GET/api/auth/scim/v2/Users/:id

Returns a SCIM user.

PUT/api/auth/scim/v2/Users/:id

Replaces user fields from a SCIM payload.

PATCH/api/auth/scim/v2/Users/:id

Applies SCIM patch operations.

DELETE/api/auth/scim/v2/Users/:id

Deprovisions or deletes a user according to configuration.

GET/api/auth/scim/v2/ServiceProviderConfig

Returns supported SCIM capabilities.

GET/api/auth/scim/v2/ResourceTypes

Returns supported resource types.

GET/api/auth/scim/v2/Schemas

Returns supported SCIM schemas.

Schema impact

Uses core user data and SCIM package state. Generate migrations when provider ownership or token tables are enabled in your package version.

Behavior and options

  • Map IdP attributes to Kernia user fields deliberately.
  • Decide whether delete means hard delete, soft deprovision, or app-specific disable.
  • Use API keys with narrow SCIM scope for directory sync integrations.

Redis Storage

Kernia plugin documentation for Redis Storage.

SIWE

Sign in with Ethereum using EIP-4361 nonce and signature verification.

On this page

InstallationImport pathServer configurationAPI routesSchema impactBehavior and options