diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php index 57f18a97f85c5..637b3240aba27 100644 --- a/apps/oauth2/lib/Controller/LoginRedirectorController.php +++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php @@ -8,6 +8,7 @@ * @author Daniel Kesselberg * @author Lukas Reschke * @author Roeland Jago Douma + * @author Kate Döen * * @license GNU AGPL version 3 or any later version * @@ -27,6 +28,7 @@ */ namespace OCA\OAuth2\Controller; +use OC\AppFramework\Http; use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Exceptions\ClientNotFoundException; use OCP\AppFramework\Controller; @@ -74,14 +76,19 @@ public function __construct(string $appName, * @NoCSRFRequired * @UseSession * - * @param string $client_id - * @param string $state - * @param string $response_type - * @return Response + * Authorize the user + * + * @param string $client_id Client ID + * @param string $state State of the flow + * @param string $response_type Response type for the flow + * @return TemplateResponse|RedirectResponse + * + * 200: Client not found + * 303: Redirect to login URL */ public function authorize($client_id, $state, - $response_type): Response { + $response_type) { try { $client = $this->clientMapper->getByIdentifier($client_id); } catch (ClientNotFoundException $e) { diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 910fdc9943230..38da2c9a3e67a 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -8,6 +8,7 @@ * @author Christoph Wurst * @author Lukas Reschke * @author Roeland Jago Douma + * @author Kate Döen * * @license GNU AGPL version 3 or any later version * @@ -82,12 +83,17 @@ public function __construct(string $appName, * @PublicPage * @NoCSRFRequired * - * @param string $grant_type - * @param string $code - * @param string $refresh_token - * @param string $client_id - * @param string $client_secret - * @return JSONResponse + * Get a token + * + * @param string $grant_type Token type that should be granted + * @param string $code Code of the flow + * @param string $refresh_token Refresh token + * @param string $client_id Client ID + * @param string $client_secret Client secret + * @return JSONResponse|JSONResponse + * + * 200: Token returned + * 400: Getting token is not possible */ public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret): JSONResponse { diff --git a/apps/oauth2/openapi.json b/apps/oauth2/openapi.json new file mode 100644 index 0000000000000..d72b7e8283940 --- /dev/null +++ b/apps/oauth2/openapi.json @@ -0,0 +1,198 @@ +{ + "openapi": "3.0.3", + "info": { + "title": "OAuth 2.0", + "description": "Allows OAuth2 compatible authentication from other web applications.", + "license": { + "name": "agpl" + }, + "version": "1.14.0" + }, + "paths": { + "/index.php/apps/oauth2/authorize": { + "get": { + "tags": [ + "login_redirector" + ], + "summary": "Authorize the user", + "operationId": "login_redirector-authorize", + "parameters": [ + { + "name": "client_id", + "in": "query", + "description": "Client ID", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "in": "query", + "description": "State of the flow", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "response_type", + "in": "query", + "description": "Response type for the flow", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Client not found", + "content": { + "text/html": { + "schema": { + "type": "string" + } + } + } + }, + "303": { + "description": "Redirect to login URL", + "headers": { + "Location": { + "schema": { + "type": "string" + } + } + } + } + } + } + }, + "/index.php/apps/oauth2/api/v1/token": { + "post": { + "tags": [ + "oauth_api" + ], + "summary": "Get a token", + "operationId": "oauth_api-get-token", + "parameters": [ + { + "name": "grant_type", + "in": "query", + "description": "Token type that should be granted", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "code", + "in": "query", + "description": "Code of the flow", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "refresh_token", + "in": "query", + "description": "Refresh token", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "client_id", + "in": "query", + "description": "Client ID", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "client_secret", + "in": "query", + "description": "Client secret", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Token returned", + "content": { + "application/json": { + "schema": { + "required": [ + "access_token", + "token_type", + "expires_in", + "refresh_token", + "user_id" + ], + "type": "object", + "properties": { + "access_token": { + "type": "string" + }, + "token_type": { + "type": "string" + }, + "expires_in": { + "type": "integer" + }, + "refresh_token": { + "type": "string" + }, + "user_id": { + "type": "string" + } + } + } + } + } + }, + "400": { + "description": "Getting token is not possible", + "content": { + "application/json": { + "schema": { + "required": [ + "error" + ], + "type": "object", + "properties": { + "error": { + "type": "string" + } + } + } + } + } + } + } + } + } + }, + "components": { + "schemas": {}, + "securitySchemes": { + "basic_auth": { + "type": "http", + "scheme": "basic" + } + } + }, + "security": [ + { + "basic_auth": [] + } + ], + "tags": [] +} \ No newline at end of file