-
Notifications
You must be signed in to change notification settings - Fork 2
/
govsso-session-api.yml
207 lines (207 loc) · 7.01 KB
/
govsso-session-api.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
openapi: '3.0.3'
info:
title: GovSSO Session Service
version: 0.1.0
servers:
- url: https://session.localhost:15443
paths:
/login/init:
get:
summary: Start authentication.
operationId: authInit
parameters:
- in: query
name: login_challenge
description: ID of Ory Hydra's login request.
required: true
schema:
type: string
pattern: '^[a-f0-9]{32}$'
minLength: 32
maxLength: 32
example: '824113da6da44889943b98715a06d699'
responses:
'302':
description: Redirect to TARA for authentication.
headers:
Set-Cookie:
description: Session cookie.
schema:
type: string
example: SESSION=Nzc5ODFlZTktODhhNS00ZTEwLTk0NWQtN2EzNTU5N2E2MmY5; Path=/; HttpOnly; SameSite=Lax
Location:
description: TARA authentication request.
schema:
type: string
format: uri
example: scope=openid&response_type=code&redirect_uri=http%3A%2F%2Fsession.localhost:15443%2Fauth%2Ftaracallback&state=1CdQPV8h6Oej8czeP2GJiqLOkUR70yIPlTNd16DBwGM&nonce=O15XCSiGW2FMeU0u9nN0kNEnwY9mfO7xOm-9wV5KQpI&client_id=govsso
'400':
description: User error (invalid request etc).
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
text/html:
schema:
type: string
example: HTML error view.
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
text/html:
schema:
type: string
example: HTML error view.
/login/taracallback:
get:
summary: TARA authentication completed, request ID token from TARA.
operationId: authTaraCallback
parameters:
- in: cookie
name: SESSION
description: Session cookie.
required: true
schema:
type: string
pattern: '^[A-Za-z0-9]{48}$'
minLength: 48
maxLength: 48
example: Nzc5ODFlZTktODhhNS00ZTEwLTk0NWQtN2EzNTU5N2E2MmY5
- in: query
name: code
description: Authorization code to use for requesting ID token from TARA.
required: true
schema:
type: string
pattern: '^[A-Za-z0-9\-_.]{6,87}$'
minLength: 6
maxLength: 87
example: gSVzQ6iWTLWDtD1f7_QZdHNweXzrraQYdys_MWoRK-A.nQ2epEBSzxo_n-P6hQt_I_HvusERdqkGaC31TrjSIlU
- in: query
name: state
description: Security code against false request attacks.
required: true
schema:
type: string
pattern: '^[A-Za-z0-9\-_]{43}$'
minLength: 43
maxLength: 43
example: 1CdQPV8h6Oej8czeP2GJiqLOkUR70yIPlTNd16DBwGM
responses:
'302':
description: ID token from TARA obtained successfully, redirect to Ory Hydra for accepting login request.
headers:
Location:
description: Ory Hydra accept login request.
schema:
type: string
format: uri
example: https://hydra.localhost:14443/oauth2/auth?client_id=client-a&login_verifier=824113da6da44889943b98715a06d699&redirect_uri=https%3A%2F%2Flocalhost:11443%2Foauth%2Fresponse&response_type=code&scope=openid&state=I00ORQdhpLdhZVa5mliUexwkWFevHV0Z8Xuh7gaps0E%3D
'400':
description: User error (invalid request etc).
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
text/html:
schema:
type: string
example: HTML error view.
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
text/html:
schema:
type: string
example: HTML error view.
/auth/consent:
get:
summary: Display consent view.
operationId: authConsent
parameters:
- in: cookie
name: SESSION
description: Session cookie.
required: true
schema:
type: string
pattern: '^[A-Za-z0-9]{48}$'
minLength: 48
maxLength: 48
example: Nzc5ODFlZTktODhhNS00ZTEwLTk0NWQtN2EzNTU5N2E2MmY5
- in: query
name: consent_challenge
description: ID of Ory Hydra's consent request.
required: true
schema:
type: string
pattern: '^[a-f0-9]{32}$'
minLength: 32
maxLength: 32
example: '01a9d709fb014160b4f1016bf7868574'
responses:
'302':
description: Consent display skipped, redirect to Ory Hydra for accepting consent request.
headers:
Location:
description: Ory Hydra accept consent request.
schema:
type: string
format: uri
example: https://hydra.localhost:14443/oauth2/auth?client_id=client-a&consent_verifier=01a9d709fb014160b4f1016bf7868574&redirect_uri=https%3A%2F%2Flocalhost:11443%2Foauth%2Fresponse&response_type=code&scope=openid&state=I00ORQdhpLdhZVa5mliUexwkWFevHV0Z8Xuh7gaps0E%3D
'400':
description: User error (invalid request etc).
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
text/html:
schema:
type: string
example: HTML error view.
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
text/html:
schema:
type: string
example: HTML error view.
components:
schemas:
ErrorResponse:
type: object
required:
- timestamp
- status
- error
properties:
timestamp:
type: string
description: Time that the error occurred.
example: '2020-12-22T09:09:23.463+00:00'
status:
type: integer
format: int32
description: HTTP status code.
example: 400
error:
type: string
description: Error code.
example: USER_INPUT_OR_EXPIRED
message:
type: string
description: Human readable error description.
example: Invalid request or request has expired. Please return to service provider and try again.
path:
type: string
description: URL path when the error occurred.
example: /sample/path