|
92 | 92 | { |
93 | 93 | "name": "response_type", |
94 | 94 | "in": "query", |
95 | | - "description": "OAuth2 response type", |
| 95 | + "description": "The OAuth 2.0 specification allows for registration of space-separated response_type parameter values. If a Response Type contains one of more space characters (%20), it is compared as a space-delimited list of values in which the order of values does not matter. Possible values are: code, token, id_token, otp, none. The \"none\" value cannot be used with any other response type value.", |
96 | 96 | "required": true, |
97 | 97 | "schema": { |
98 | | - "type": "string", |
99 | | - "enum": [ |
100 | | - "code", |
101 | | - "token", |
102 | | - "id_token", |
103 | | - "code token", |
104 | | - "code id_token", |
105 | | - "token id_token", |
106 | | - "code token id_token", |
107 | | - "otp", |
108 | | - "none" |
109 | | - ] |
| 98 | + "type": "string" |
110 | 99 | } |
111 | 100 | }, |
112 | 101 | { |
|
121 | 110 | { |
122 | 111 | "name": "redirect_uri", |
123 | 112 | "in": "query", |
124 | | - "description": "Redirect URI (must match a registered URI)", |
| 113 | + "description": "Redirect URI", |
125 | 114 | "required": true, |
126 | 115 | "schema": { |
127 | 116 | "type": "string", |
|
131 | 120 | { |
132 | 121 | "name": "scope", |
133 | 122 | "in": "query", |
134 | | - "description": "Space-delimited scopes (include \"openid\" for OIDC)", |
| 123 | + "description": "Space-delimited scopes", |
135 | 124 | "required": false, |
136 | 125 | "schema": { |
137 | 126 | "type": "string" |
|
140 | 129 | { |
141 | 130 | "name": "state", |
142 | 131 | "in": "query", |
143 | | - "description": "Opaque state parameter returned in the redirect", |
144 | | - "required": false, |
145 | | - "schema": { |
146 | | - "type": "string" |
147 | | - } |
148 | | - }, |
149 | | - { |
150 | | - "name": "nonce", |
151 | | - "in": "query", |
152 | | - "description": "Nonce for ID token replay protection (OIDC)", |
| 132 | + "description": "Opaque state parameter", |
153 | 133 | "required": false, |
154 | 134 | "schema": { |
155 | 135 | "type": "string" |
156 | 136 | } |
157 | 137 | }, |
158 | 138 | { |
159 | | - "name": "response_mode", |
| 139 | + "name": "approval_prompt", |
160 | 140 | "in": "query", |
161 | | - "description": "Response mode override", |
| 141 | + "description": "Indicates whether the user should be re-prompted for consent. The default is auto, so a given user should only see the consent page for a given set of scopes the first time through the sequence. If the value is force, then the user sees a consent page even if they previously gave consent to your application for a given set of scopes.", |
162 | 142 | "required": false, |
163 | 143 | "schema": { |
164 | 144 | "type": "string", |
165 | 145 | "enum": [ |
166 | | - "query", |
167 | | - "fragment", |
168 | | - "form_post", |
169 | | - "direct" |
| 146 | + "auto", |
| 147 | + "force" |
170 | 148 | ] |
171 | 149 | } |
172 | 150 | }, |
173 | 151 | { |
174 | | - "name": "prompt", |
| 152 | + "name": "access_type", |
175 | 153 | "in": "query", |
176 | | - "description": "Space-delimited user interaction prompts (OIDC)", |
| 154 | + "description": "Indicates whether your application needs to access an API when the user is not present at the browser. This parameter defaults to online. If your application needs to refresh access tokens when the user is not present at the browser, then use offline. This will result in your application obtaining a refresh token the first time your application exchanges an authorization code for a user.", |
177 | 155 | "required": false, |
178 | 156 | "schema": { |
179 | 157 | "type": "string", |
180 | 158 | "enum": [ |
181 | | - "none", |
182 | | - "login", |
183 | | - "consent", |
184 | | - "select_account" |
| 159 | + "online", |
| 160 | + "offline" |
185 | 161 | ] |
186 | 162 | } |
187 | 163 | }, |
188 | 164 | { |
189 | | - "name": "login_hint", |
190 | | - "in": "query", |
191 | | - "description": "Hint about login identifier (OIDC)", |
192 | | - "required": false, |
193 | | - "schema": { |
194 | | - "type": "string" |
195 | | - } |
196 | | - }, |
197 | | - { |
198 | | - "name": "display", |
| 165 | + "name": "response_mode", |
199 | 166 | "in": "query", |
200 | | - "description": "UI display preference (OIDC)", |
| 167 | + "description": "OPTIONAL. Informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED with a value that specifies the same Response Mode as the default Response Mode for the Response Type used.\\nThe default Response Mode for the OAuth 2.0 code Response Type is the query encoding. For purposes of this specification, the default Response Mode for the OAuth 2.0 token Response Type is the fragment encoding.", |
201 | 168 | "required": false, |
202 | 169 | "schema": { |
203 | 170 | "type": "string", |
204 | 171 | "enum": [ |
205 | | - "page", |
206 | | - "popup", |
207 | | - "touch", |
208 | | - "wap", |
209 | | - "native" |
| 172 | + "query", |
| 173 | + "fragment", |
| 174 | + "form_post", |
| 175 | + "direct" |
210 | 176 | ] |
211 | 177 | } |
212 | 178 | }, |
213 | | - { |
214 | | - "name": "max_age", |
215 | | - "in": "query", |
216 | | - "description": "Maximum authentication age in seconds (OIDC)", |
217 | | - "required": false, |
218 | | - "schema": { |
219 | | - "type": "integer" |
220 | | - } |
221 | | - }, |
222 | | - { |
223 | | - "name": "acr_values", |
224 | | - "in": "query", |
225 | | - "description": "Authentication context class reference values (OIDC)", |
226 | | - "required": false, |
227 | | - "schema": { |
228 | | - "type": "string" |
229 | | - } |
230 | | - }, |
231 | 179 | { |
232 | 180 | "name": "code_challenge", |
233 | 181 | "in": "query", |
|
240 | 188 | { |
241 | 189 | "name": "code_challenge_method", |
242 | 190 | "in": "query", |
243 | | - "description": "PKCE challenge method", |
| 191 | + "description": "Optional. PKCE challenge method", |
244 | 192 | "required": false, |
245 | 193 | "schema": { |
246 | 194 | "type": "string", |
|
251 | 199 | } |
252 | 200 | }, |
253 | 201 | { |
254 | | - "name": "id_token_hint", |
255 | | - "in": "query", |
256 | | - "description": "Previously issued ID token hint (OIDC)", |
257 | | - "required": false, |
258 | | - "schema": { |
259 | | - "type": "string" |
260 | | - } |
261 | | - }, |
262 | | - { |
263 | | - "name": "approval_prompt", |
| 202 | + "name": "display", |
264 | 203 | "in": "query", |
265 | | - "description": "Consent handling", |
| 204 | + "description": "UI display preference (OIDC)", |
266 | 205 | "required": false, |
267 | 206 | "schema": { |
268 | 207 | "type": "string", |
269 | 208 | "enum": [ |
270 | | - "auto", |
271 | | - "force" |
| 209 | + "page", |
| 210 | + "popup", |
| 211 | + "touch", |
| 212 | + "wap", |
| 213 | + "native" |
272 | 214 | ] |
273 | 215 | } |
274 | 216 | }, |
275 | 217 | { |
276 | | - "name": "access_type", |
| 218 | + "name": "tenant", |
277 | 219 | "in": "query", |
278 | | - "description": "Token refresh behavior", |
| 220 | + "description": "Tenant identifier", |
279 | 221 | "required": false, |
280 | 222 | "schema": { |
281 | | - "type": "string", |
282 | | - "enum": [ |
283 | | - "online", |
284 | | - "offline" |
285 | | - ] |
| 223 | + "type": "string" |
286 | 224 | } |
287 | 225 | } |
288 | 226 | ], |
|
496 | 434 | } |
497 | 435 | }, |
498 | 436 | "security": [ |
| 437 | + { |
| 438 | + "OAuth2ProviderClientBasic": [] |
| 439 | + }, |
499 | 440 | { |
500 | 441 | "OAuth2ProviderSecurity": [] |
501 | 442 | } |
|
625 | 566 | "OAuth2 / OpenID Connect" |
626 | 567 | ], |
627 | 568 | "summary": "OpenID Connect Discovery Endpoint", |
628 | | - "description": "Returns the OpenID Provider Configuration document per OpenID Connect Discovery 1.0. Also available at /oauth2/.well-known/openid-configuration.", |
| 569 | + "description": "Returns the OpenID Provider Configuration document per OpenID Connect Discovery 1.0.", |
629 | 570 | "operationId": "oauth2Discovery", |
630 | 571 | "responses": { |
631 | 572 | "200": { |
|
1051 | 992 | "OAuth2TokenResponse": { |
1052 | 993 | "title": "OAuth2 Token Response", |
1053 | 994 | "description": "Successful token response per RFC 6749 §5.1", |
| 995 | + "required": [ |
| 996 | + "access_token", |
| 997 | + "token_type" |
| 998 | + ], |
1054 | 999 | "properties": { |
1055 | 1000 | "access_token": { |
1056 | 1001 | "description": "The access token issued by the authorization server", |
|
1105 | 1050 | "OAuth2IntrospectionResponse": { |
1106 | 1051 | "title": "OAuth2 Token Introspection Response", |
1107 | 1052 | "description": "Token introspection response per RFC 7662", |
| 1053 | + "required": [ |
| 1054 | + "active" |
| 1055 | + ], |
1108 | 1056 | "properties": { |
1109 | 1057 | "active": { |
1110 | 1058 | "description": "Whether the token is active", |
|
1223 | 1171 | "JWKSResponse": { |
1224 | 1172 | "title": "JSON Web Key Set", |
1225 | 1173 | "description": "JWK Set document per RFC 7517", |
| 1174 | + "required": [ |
| 1175 | + "keys" |
| 1176 | + ], |
1226 | 1177 | "properties": { |
1227 | 1178 | "keys": { |
1228 | 1179 | "description": "Array of JSON Web Keys", |
|
1267 | 1218 | "OpenIDDiscoveryResponse": { |
1268 | 1219 | "title": "OpenID Connect Discovery Document", |
1269 | 1220 | "description": "OpenID Provider Configuration per OpenID Connect Discovery 1.0", |
| 1221 | + "required": [ |
| 1222 | + "issuer", |
| 1223 | + "authorization_endpoint", |
| 1224 | + "token_endpoint", |
| 1225 | + "jwks_uri", |
| 1226 | + "response_types_supported", |
| 1227 | + "subject_types_supported", |
| 1228 | + "id_token_signing_alg_values_supported" |
| 1229 | + ], |
1270 | 1230 | "properties": { |
1271 | 1231 | "issuer": { |
1272 | 1232 | "description": "Issuer identifier URL", |
|
1365 | 1325 | ], |
1366 | 1326 | "properties": { |
1367 | 1327 | "response_type": { |
1368 | | - "description": "OAuth2 response type", |
1369 | | - "type": "string", |
1370 | | - "enum": [ |
1371 | | - "code", |
1372 | | - "token", |
1373 | | - "id_token", |
1374 | | - "code token", |
1375 | | - "code id_token", |
1376 | | - "token id_token", |
1377 | | - "code token id_token", |
1378 | | - "otp", |
1379 | | - "none" |
1380 | | - ] |
| 1328 | + "description": "The OAuth 2.0 specification allows for registration of space-separated response_type parameter values. If a Response Type contains one of more space characters (%20), it is compared as a space-delimited list of values in which the order of values does not matter. Possible values are: code, token, id_token, otp, none. The \"none\" value cannot be used with any other response type value.", |
| 1329 | + "type": "string" |
1381 | 1330 | }, |
1382 | 1331 | "client_id": { |
1383 | 1332 | "description": "OAuth2 client identifier", |
|
1396 | 1345 | "description": "Opaque state parameter", |
1397 | 1346 | "type": "string" |
1398 | 1347 | }, |
1399 | | - "nonce": { |
1400 | | - "description": "Nonce for ID token replay protection", |
1401 | | - "type": "string" |
| 1348 | + "approval_prompt": { |
| 1349 | + "description": "Indicates whether the user should be re-prompted for consent. The default is auto, so a given user should only see the consent page for a given set of scopes the first time through the sequence. If the value is force, then the user sees a consent page even if they previously gave consent to your application for a given set of scopes.", |
| 1350 | + "type": "string", |
| 1351 | + "enum": [ |
| 1352 | + "auto", |
| 1353 | + "force" |
| 1354 | + ] |
| 1355 | + }, |
| 1356 | + "access_type": { |
| 1357 | + "description": "Indicates whether your application needs to access an API when the user is not present at the browser. This parameter defaults to online. If your application needs to refresh access tokens when the user is not present at the browser, then use offline. This will result in your application obtaining a refresh token the first time your application exchanges an authorization code for a user.", |
| 1358 | + "type": "string", |
| 1359 | + "enum": [ |
| 1360 | + "online", |
| 1361 | + "offline" |
| 1362 | + ] |
1402 | 1363 | }, |
1403 | 1364 | "response_mode": { |
1404 | | - "description": "Response mode override", |
| 1365 | + "description": "OPTIONAL. Informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED with a value that specifies the same Response Mode as the default Response Mode for the Response Type used.\\nThe default Response Mode for the OAuth 2.0 code Response Type is the query encoding. For purposes of this specification, the default Response Mode for the OAuth 2.0 token Response Type is the fragment encoding.", |
1405 | 1366 | "type": "string", |
1406 | 1367 | "enum": [ |
1407 | 1368 | "query", |
|
1410 | 1371 | "direct" |
1411 | 1372 | ] |
1412 | 1373 | }, |
1413 | | - "prompt": { |
1414 | | - "description": "User interaction prompts", |
1415 | | - "type": "string" |
1416 | | - }, |
1417 | | - "login_hint": { |
1418 | | - "description": "Login identifier hint", |
1419 | | - "type": "string" |
1420 | | - }, |
1421 | 1374 | "code_challenge": { |
1422 | 1375 | "description": "PKCE code challenge", |
1423 | 1376 | "type": "string" |
1424 | 1377 | }, |
1425 | 1378 | "code_challenge_method": { |
1426 | | - "description": "PKCE challenge method", |
| 1379 | + "description": "Optional. PKCE challenge method", |
1427 | 1380 | "type": "string", |
1428 | 1381 | "enum": [ |
1429 | 1382 | "plain", |
1430 | 1383 | "S256" |
1431 | 1384 | ] |
| 1385 | + }, |
| 1386 | + "display": { |
| 1387 | + "description": "UI display preference (OIDC)", |
| 1388 | + "type": "string", |
| 1389 | + "enum": [ |
| 1390 | + "page", |
| 1391 | + "popup", |
| 1392 | + "touch", |
| 1393 | + "wap", |
| 1394 | + "native" |
| 1395 | + ] |
| 1396 | + }, |
| 1397 | + "tenant": { |
| 1398 | + "description": "Tenant identifier", |
| 1399 | + "type": "string" |
1432 | 1400 | } |
1433 | 1401 | }, |
1434 | 1402 | "type": "object" |
|
1542 | 1510 | "type": "string", |
1543 | 1511 | "enum": [ |
1544 | 1512 | "sms", |
1545 | | - "email", |
1546 | | - "inline" |
| 1513 | + "email" |
1547 | 1514 | ] |
1548 | 1515 | }, |
1549 | 1516 | "send": { |
|
0 commit comments