|
173 | 173 | { |
174 | 174 | "name": "prompt", |
175 | 175 | "in": "query", |
176 | | - "description": "Space-delimited user interaction prompts (OIDC). Allowed tokens: none, login, consent, select_account. \"none\" cannot be combined with others. Example: \"login consent\"", |
| 176 | + "description": "Space-delimited user interaction prompts (OIDC)", |
177 | 177 | "required": false, |
178 | 178 | "schema": { |
179 | | - "type": "string" |
| 179 | + "type": "string", |
| 180 | + "enum": [ |
| 181 | + "none", |
| 182 | + "login", |
| 183 | + "consent", |
| 184 | + "select_account" |
| 185 | + ] |
180 | 186 | } |
181 | 187 | }, |
182 | 188 | { |
|
488 | 494 | } |
489 | 495 | } |
490 | 496 | } |
491 | | - } |
| 497 | + }, |
| 498 | + "security": [ |
| 499 | + { |
| 500 | + "OAuth2ProviderSecurity": [] |
| 501 | + } |
| 502 | + ] |
492 | 503 | } |
493 | 504 | }, |
494 | 505 | "/oauth2/token/revoke": { |
|
526 | 537 | } |
527 | 538 | }, |
528 | 539 | "security": [ |
| 540 | + { |
| 541 | + "OAuth2ProviderClientBasic": [] |
| 542 | + }, |
529 | 543 | { |
530 | 544 | "OAuth2ProviderSecurity": [] |
531 | 545 | } |
|
574 | 588 | } |
575 | 589 | }, |
576 | 590 | "security": [ |
| 591 | + { |
| 592 | + "OAuth2ProviderClientBasic": [] |
| 593 | + }, |
577 | 594 | { |
578 | 595 | "OAuth2ProviderSecurity": [] |
579 | 596 | } |
|
608 | 625 | "OAuth2 / OpenID Connect" |
609 | 626 | ], |
610 | 627 | "summary": "OpenID Connect Discovery Endpoint", |
611 | | - "description": "Returns the OpenID Provider Configuration document per OpenID Connect Discovery 1.0.", |
612 | | - "operationId": "OpenIdDiscovery", |
613 | | - "responses": { |
614 | | - "200": { |
615 | | - "description": "OpenID Connect Discovery document", |
616 | | - "content": { |
617 | | - "application/json": { |
618 | | - "schema": { |
619 | | - "$ref": "#/components/schemas/OpenIDDiscoveryResponse" |
620 | | - } |
621 | | - } |
622 | | - } |
623 | | - } |
624 | | - } |
625 | | - } |
626 | | - }, |
627 | | - "/oauth2/.well-known/openid-configuration": { |
628 | | - "get": { |
629 | | - "tags": [ |
630 | | - "OAuth2 / OpenID Connect" |
631 | | - ], |
632 | | - "summary": "OpenID Connect Discovery Endpoint", |
633 | | - "description": "Returns the OpenID Provider Configuration document per OpenID Connect Discovery 1.0.", |
634 | | - "operationId": "OAclient_secretuth2OpenIdDiscovery", |
| 628 | + "description": "Returns the OpenID Provider Configuration document per OpenID Connect Discovery 1.0. Also available at /oauth2/.well-known/openid-configuration.", |
| 629 | + "operationId": "oauth2Discovery", |
635 | 630 | "responses": { |
636 | 631 | "200": { |
637 | 632 | "description": "OpenID Connect Discovery document", |
|
710 | 705 | } |
711 | 706 | } |
712 | 707 | } |
713 | | - }, |
714 | | - "security": [ |
715 | | - { |
716 | | - "OAuth2ProviderSecurity": [] |
717 | | - } |
718 | | - ] |
| 708 | + } |
719 | 709 | }, |
720 | 710 | "post": { |
721 | 711 | "tags": [ |
|
752 | 742 | } |
753 | 743 | } |
754 | 744 | } |
755 | | - }, |
756 | | - "security": [ |
757 | | - { |
758 | | - "OAuth2ProviderSecurity": [] |
759 | | - } |
760 | | - ] |
| 745 | + } |
761 | 746 | } |
762 | 747 | } |
763 | 748 | }, |
|
1066 | 1051 | "OAuth2TokenResponse": { |
1067 | 1052 | "title": "OAuth2 Token Response", |
1068 | 1053 | "description": "Successful token response per RFC 6749 §5.1", |
1069 | | - "required": [ |
1070 | | - "access_token", |
1071 | | - "token_type" |
1072 | | - ], |
1073 | 1054 | "properties": { |
1074 | 1055 | "access_token": { |
1075 | 1056 | "description": "The access token issued by the authorization server", |
|
1242 | 1223 | "JWKSResponse": { |
1243 | 1224 | "title": "JSON Web Key Set", |
1244 | 1225 | "description": "JWK Set document per RFC 7517", |
1245 | | - "required": [ |
1246 | | - "keys" |
1247 | | - ], |
1248 | 1226 | "properties": { |
1249 | 1227 | "keys": { |
1250 | 1228 | "description": "Array of JSON Web Keys", |
|
1289 | 1267 | "OpenIDDiscoveryResponse": { |
1290 | 1268 | "title": "OpenID Connect Discovery Document", |
1291 | 1269 | "description": "OpenID Provider Configuration per OpenID Connect Discovery 1.0", |
1292 | | - "required": [ |
1293 | | - "issuer", |
1294 | | - "authorization_endpoint", |
1295 | | - "token_endpoint", |
1296 | | - "jwks_uri", |
1297 | | - "response_types_supported", |
1298 | | - "subject_types_supported", |
1299 | | - "id_token_signing_alg_values_supported" |
1300 | | - ], |
1301 | 1270 | "properties": { |
1302 | 1271 | "issuer": { |
1303 | 1272 | "description": "Issuer identifier URL", |
|
1442 | 1411 | ] |
1443 | 1412 | }, |
1444 | 1413 | "prompt": { |
1445 | | - "description": "Space-delimited user interaction prompts (OIDC). Allowed tokens: none, login, consent, select_account. \"none\" cannot be combined with others. Example: \"login consent\"", |
| 1414 | + "description": "User interaction prompts", |
1446 | 1415 | "type": "string" |
1447 | 1416 | }, |
1448 | 1417 | "login_hint": { |
|
1508 | 1477 | }, |
1509 | 1478 | "client_secret": { |
1510 | 1479 | "description": "Client secret (if not using HTTP Basic auth)", |
1511 | | - "type": "string", |
1512 | | - "format": "password" |
| 1480 | + "type": "string" |
1513 | 1481 | } |
1514 | 1482 | }, |
1515 | 1483 | "type": "object" |
|
1639 | 1607 | } |
1640 | 1608 | } |
1641 | 1609 | }, |
| 1610 | + "OAuth2ProviderClientBasic": { |
| 1611 | + "type": "http", |
| 1612 | + "description": "HTTP Basic authentication with OAuth2 client_id:client_secret (RFC 6749 §2.3.1).", |
| 1613 | + "scheme": "basic" |
| 1614 | + }, |
1642 | 1615 | "OAuth2UserSecurity": { |
1643 | 1616 | "type": "oauth2", |
1644 | 1617 | "description": "OAuth2 security scheme for user-related API endpoints", |
|
0 commit comments