Update controller and group

ee/app/controllers/groups/scim_oauth_controller.rb

 # frozen_string_literal: true
 
 class Groups::ScimOauthController < Groups::ApplicationController
-  before_action :require_top_level_group
-  before_action :authorize_manage_saml!
-  before_action :check_group_saml_available!
-  before_action :check_group_saml_configured
+  # before_action :require_top_level_group
+  # before_action :authorize_manage_saml!
+  # before_action :check_group_saml_available!
+  # before_action :check_group_saml_configured
+  skip_before_filter :verify_authenticity_token
+
 
   def show
-    @saml_provider = @group.saml_provider || @group.build_saml_provider
+    scim_token = ScimOauthAccessToken.find_by_group_id(@group.id)
+
+    respond_to do |format|
+      format.json do
+        if scim_token
+          render json: ScimOauthAccessTokenEntity.new(scim_token).as_json
+        else
+          render json: {}
+        end
+      end
+    end
   end
 
   def create
-    @saml_provider = @group.build_saml_provider(saml_provider_params)
-
-    @saml_provider.save
+    scim_token = ScimOauthAccessToken.safe_find_or_create_by(group: @group)
 
-    render :show
+    respond_to do |format|
+      format.json do
+        if scim_token&.valid?
+          render json: ScimOauthAccessTokenEntity.new(scim_token).as_json
+        else
+          render json: { errors: scim_token&.errors&.full_messages }, status: :unprocessable_entity
+        end
+      end
+    end
   end
 end

ee/app/models/ee/group.rb

@@ -20,6 +20,7 @@ module EE
       has_one :saml_provider
       has_one :insight, foreign_key: :namespace_id
       accepts_nested_attributes_for :insight
+      has_one :scim_ouath_access_token, dependent: :destroy
 
       has_many :ldap_group_links, foreign_key: 'group_id', dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
       has_many :hooks, dependent: :destroy, class_name: 'GroupHook' # rubocop:disable Cop/ActiveRecordDependent

ee/config/routes/group.rb

@@ -89,6 +89,8 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
       delete :unlink, to: 'sso#unlink'
     end
 
+    resource :scim_oauth, only: [:show, :create], controller: :scim_oauth
+
     resource :roadmap, only: [:show], controller: 'roadmap'
 
     legacy_ee_group_boards_redirect = redirect do |params, request|