refactor(core): remove subject token api prefix (#6235)

packages/core/src/routes/init.ts

@@ -34,10 +34,10 @@ import resourceRoutes from './resource.js';
 import resourceScopeRoutes from './resource.scope.js';
 import roleRoutes from './role.js';
 import roleScopeRoutes from './role.scope.js';
-import securityRoutes from './security/index.js';
 import signInExperiencesRoutes from './sign-in-experience/index.js';
 import ssoConnectors from './sso-connector/index.js';
 import statusRoutes from './status.js';
+import subjectTokenRoutes from './subject-token.js';
 import swaggerRoutes from './swagger/index.js';
 import systemRoutes from './system.js';
 import type { AnonymousRouter, ManagementApiRouter } from './types.js';
@@ -89,7 +89,7 @@ const createRouters = (tenant: TenantContext) => {
   organizationRoutes(managementRouter, tenant);
   ssoConnectors(managementRouter, tenant);
   systemRoutes(managementRouter, tenant);
-  securityRoutes(managementRouter, tenant);
+  subjectTokenRoutes(managementRouter, tenant);
 
   const anonymousRouter: AnonymousRouter = new Router();
   wellKnownRoutes(anonymousRouter, tenant);

packages/core/src/routes/subject-token.openapi.json

@@ -1,13 +1,13 @@
 {
   "tags": [
     {
-      "name": "Security",
+      "name": "Subject tokens",
-      "description": "Security related endpoints."
+      "description": "The subject token API provides the ability to create a new subject token for the use of impersonating the user."
     },
     { "name": "Dev feature" }
   ],
   "paths": {
-    "/api/security/subject-tokens": {
+    "/api/subject-tokens": {
       "post": {
         "summary": "Create a new subject token.",
         "description": "Create a new subject token for the use of impersonating the user.",

packages/core/src/routes/subject-token.ts

@@ -8,9 +8,11 @@ import { EnvSet } from '#src/env-set/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
 
-import { type RouterInitArgs, type ManagementApiRouter } from '../types.js';
+import { type RouterInitArgs, type ManagementApiRouter } from './types.js';
 
-export default function securityRoutes<T extends ManagementApiRouter>(...args: RouterInitArgs<T>) {
+export default function subjectTokenRoutes<T extends ManagementApiRouter>(
+  ...args: RouterInitArgs<T>
+) {
   const [
     router,
     {
@@ -27,7 +29,7 @@ export default function securityRoutes<T extends ManagementApiRouter>(...args: R
   }
 
   router.post(
-    '/security/subject-tokens',
+    '/subject-tokens',
     koaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
     koaGuard({
       body: object({

packages/core/src/routes/swagger/index.ts

@@ -155,7 +155,7 @@ const identifiableEntityNames = Object.freeze([
 const additionalTags = Object.freeze(
   condArray<string>(
     'Organization applications',
-    EnvSet.values.isDevFeaturesEnabled && 'Security',
+    EnvSet.values.isDevFeaturesEnabled && 'Subject tokens',
     'Organization users'
   )
 );

packages/core/src/routes/swagger/utils/operation-id.ts

@@ -25,8 +25,8 @@ const methodToVerb = Object.freeze({
 type RouteDictionary = Record<`${OpenAPIV3.HttpMethods} ${string}`, string>;
 
 const devFeatureCustomRoutes: RouteDictionary = Object.freeze({
-  // Security
+  // Subject tokens
-  'post /security/subject-tokens': 'CreateSubjectToken',
+  'post /subject-tokens': 'CreateSubjectToken',
 });
 
 export const customRoutes: Readonly<RouteDictionary> = Object.freeze({

packages/integration-tests/src/api/subject-token.ts

@@ -4,7 +4,7 @@ import { authedAdminApi } from './api.js';
 
 export const createSubjectToken = async (userId: string, context?: JsonObject) =>
   authedAdminApi
-    .post('security/subject-tokens', {
+    .post('subject-tokens', {
       json: {
         userId,
         context,