chore: Add PR's requested changes

matiasperrone-exo · matiasperrone-exo · commit 4b1b79771b3f · 2026-05-07T21:45:50.000Z
diff --git a/app/Http/Controllers/OAuth2/OAuth2ProviderController.php b/app/Http/Controllers/OAuth2/OAuth2ProviderController.php
@@ -424,6 +424,16 @@ public function certs()
             new OA\Response(response: HttpResponse::HTTP_OK, description: 'OpenID Connect Discovery document', content: new OA\JsonContent(ref: '#/components/schemas/OpenIDDiscoveryResponse')),
         ]
     )]
+    #[OA\Get(
+        path: '/oauth2/.well-known/openid-configuration',
+        operationId: 'oauth2DiscoveryAlias',
+        summary: 'OpenID Connect Discovery Endpoint (oauth2-prefixed alias)',
+        description: 'Alias for /.well-known/openid-configuration. Returns the OpenID Provider Configuration document per OpenID Connect Discovery 1.0.',
+        tags: ['OAuth2 / OpenID Connect'],
+        responses: [
+            new OA\Response(response: HttpResponse::HTTP_OK, description: 'OpenID Connect Discovery document', content: new OA\JsonContent(ref: '#/components/schemas/OpenIDDiscoveryResponse')),
+        ]
+    )]
     public function discovery()
     {
 
@@ -437,6 +447,16 @@ public function discovery()
     /**
      * @see http://openid.net/specs/openid-connect-session-1_0.html#OPiframe
      */
+    #[OA\Get(
+        path: '/oauth2/check-session',
+        operationId: 'oauth2CheckSession',
+        summary: 'OpenID Connect Check Session iFrame',
+        description: 'Returns the HTML iFrame page used by clients for OIDC Session Management (OpenID Connect Session Management 1.0 §3). The URL is advertised as check_session_iframe in the discovery document.',
+        tags: ['OAuth2 / OpenID Connect'],
+        responses: [
+            new OA\Response(response: HttpResponse::HTTP_OK, description: 'Session check iFrame HTML page', content: new OA\MediaType(mediaType: 'text/html')),
+        ]
+    )]
     public function checkSessionIFrame()
     {
         $data = [];
diff --git a/app/Swagger/Requests/OAuth2TokenRequestSchema.php b/app/Swagger/Requests/OAuth2TokenRequestSchema.php
@@ -11,22 +11,21 @@
     type: 'object',
     required: ['grant_type'],
     properties: [
-        new OA\Property(property: 'grant_type', type: 'string', description: 'OAuth2 grant type', enum: ['authorization_code', 'client_credentials', 'password', 'refresh_token', 'passwordless']),
+        new OA\Property(property: 'grant_type', type: 'string', description: 'OAuth2 grant type', enum: ['authorization_code', 'client_credentials', 'implicit', 'refresh_token', 'passwordless', 'hybrid']),
         new OA\Property(property: 'code', type: 'string', description: 'Authorization code (authorization_code grant)'),
+        new OA\Property(property: 'code_verifier', type: 'string', description: 'PKCE code verifier (authorization_code grant with PKCE)'),
         new OA\Property(property: 'redirect_uri', type: 'string', format: 'uri', description: 'Redirect URI (must match the one used in authorization request)'),
         new OA\Property(property: 'client_id', type: 'string', description: 'Client identifier (if not using HTTP Basic auth)'),
         new OA\Property(property: 'client_secret', type: 'string', description: 'Client secret (if not using HTTP Basic auth)'),
         new OA\Property(property: 'refresh_token', type: 'string', description: 'Refresh token (refresh_token grant)'),
         new OA\Property(property: 'scope', type: 'string', description: 'Space-delimited scopes'),
-        new OA\Property(property: 'username', type: 'string', description: 'Username (password grant)'),
-        new OA\Property(property: 'password', type: 'string', description: 'Password (password grant)'),
         new OA\Property(property: 'audience', type: 'string', description: 'Target audience (client_credentials grant)'),
         new OA\Property(property: 'connection', type: 'string', description: 'Connection type (passwordless grant)', enum: ['sms', 'email']),
-        new OA\Property(property: 'send', type: 'string', description: 'Delivery method (passwordless grant)', enum: ['code', 'link']),
-        new OA\Property(property: 'email', type: 'string', description: 'Email address (passwordless grant)'),
-        new OA\Property(property: 'phone_number', type: 'string', description: 'Phone number (passwordless grant)'),
+        new OA\Property(property: 'otp', type: 'string', description: 'One-time password code (passwordless grant)'),
+        new OA\Property(property: 'email', type: 'string', description: 'Email address (passwordless grant, connection=email)'),
+        new OA\Property(property: 'phone_number', type: 'string', description: 'Phone number (passwordless grant, connection=sms)'),
     ]
 )]
 class OAuth2TokenRequestSchema
 {
-}
+}
