Files
tinyauth/internal/swagger/swagger.yaml
T

691 lines
17 KiB
YAML

basePath: /
definitions:
controller.ACRApp:
properties:
appUrl:
type: string
cookieDomain:
type: string
subdomainsEnabled:
type: boolean
type: object
controller.ACRAuth:
properties:
providers:
items:
$ref: '#/definitions/model.Provider'
type: array
type: object
controller.ACROAuth:
properties:
autoRedirect:
type: string
type: object
controller.ACRUI:
properties:
backgroundImage:
type: string
forgotPasswordMessage:
type: string
title:
type: string
warningsEnabled:
type: boolean
type: object
controller.AppContextResponse:
properties:
app:
$ref: '#/definitions/controller.ACRApp'
auth:
$ref: '#/definitions/controller.ACRAuth'
message:
type: string
oauth:
$ref: '#/definitions/controller.ACROAuth'
status:
type: integer
ui:
$ref: '#/definitions/controller.ACRUI'
type: object
controller.AuthorizeCompleteResponse:
properties:
message:
type: string
redirect_uri:
type: string
status:
type: integer
type: object
controller.OAuthURLSuccessResponse:
properties:
message:
type: string
status:
type: integer
url:
type: string
type: object
controller.OIDCErrorResponse:
properties:
error:
type: string
type: object
controller.SimpleResponse:
properties:
message:
type: string
status:
type: integer
type: object
controller.UCRAuth:
properties:
authenticated:
type: boolean
email:
type: string
name:
type: string
providerId:
type: string
username:
type: string
type: object
controller.UCROAuth:
properties:
active:
type: boolean
displayName:
type: string
type: object
controller.UCRTOTP:
properties:
pending:
type: boolean
type: object
controller.UCRTailscale:
properties:
nodeName:
type: string
type: object
controller.UserContextResponse:
properties:
auth:
$ref: '#/definitions/controller.UCRAuth'
message:
type: string
oauth:
$ref: '#/definitions/controller.UCROAuth'
status:
type: integer
tailscale:
$ref: '#/definitions/controller.UCRTailscale'
totp:
$ref: '#/definitions/controller.UCRTOTP'
type: object
model.AddressClaim:
properties:
country:
type: string
formatted:
type: string
locality:
type: string
postal_code:
type: string
region:
type: string
street_address:
type: string
type: object
model.Provider:
properties:
id:
type: string
name:
type: string
oauth:
type: boolean
type: object
service.TokenResponse:
properties:
access_token:
type: string
expires_in:
type: integer
id_token:
type: string
refresh_token:
type: string
scope:
type: string
token_type:
type: string
type: object
service.UserinfoResponse:
properties:
address:
$ref: '#/definitions/model.AddressClaim'
birthdate:
type: string
email:
type: string
email_verified:
type: boolean
family_name:
type: string
gender:
type: string
given_name:
type: string
groups:
items:
type: string
type: array
locale:
type: string
middle_name:
type: string
name:
type: string
nickname:
type: string
phone_number:
type: string
phone_number_verified:
type: boolean
picture:
type: string
preferred_username:
type: string
profile:
type: string
sub:
type: string
updated_at:
type: integer
website:
type: string
zoneinfo:
type: string
type: object
info:
contact: {}
description: Swagger documentation for Tinyauth's API.
license:
name: AGPL-3.0
url: https://github.com/tinyauthapp/tinyauth/blob/main/LICENSE
title: Tinyauth API
version: development
paths:
/api/context/app:
get:
description: Get the app context
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/controller.AppContextResponse'
summary: App context
tags:
- context
/api/context/user:
get:
description: Get the user context
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/controller.UserContextResponse'
summary: User context
tags:
- context
/api/healthz:
get:
description: Check if the server is up and running
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/controller.SimpleResponse'
summary: Healthcheck
tags:
- health
head:
description: Check if the server is up and running
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/controller.SimpleResponse'
summary: Healthcheck
tags:
- health
/api/oauth/callback/{id}:
get:
description: Callback URL for OAuth providers
parameters:
- description: Provider ID
in: path
name: id
required: true
type: string
- description: State
in: query
name: code
required: true
type: string
- description: Code
in: query
name: state
required: true
type: string
responses:
"302":
description: Found
summary: OAuth Callback
tags:
- oauth
/api/oauth/url/{id}:
get:
description: Get an OAuth URL for the specified provider
parameters:
- description: Provider ID
in: path
name: id
required: true
type: string
- description: Login for
in: query
name: login_for
type: string
- description: OpenID Connect Ticket
in: query
name: oidc_ticket
type: string
- description: OpenID Connect Scope
in: query
name: oidc_scope
type: string
- description: OpenID Connect Name
in: query
name: oidc_name
type: string
- description: Redirect URI
in: query
name: redirect_uri
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/controller.OAuthURLSuccessResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/controller.SimpleResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/controller.SimpleResponse'
summary: OAuth URL
tags:
- oauth
/api/oidc/authorize-complete:
post:
consumes:
- application/json
description: Internal endpoint for the completion of the OpenID Connect authorization
flow
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/controller.AuthorizeCompleteResponse'
"500":
description: Internal Server Error
summary: Authorize Complete
tags:
- oidc
/authorize:
get:
consumes:
- application/x-www-form-urlencoded
description: OpenID Connect Authorize Endpoint
parameters:
- description: OAuth scopes (space separated, must include openid)
in: query
name: scope
type: string
- description: Response type (e.g. code)
in: query
name: response_type
type: string
- description: Client ID
in: query
name: client_id
type: string
- description: Redirect URI
in: query
name: redirect_uri
type: string
- description: Opaque state value returned to the client
in: query
name: state
type: string
- description: Nonce for ID token replay protection
in: query
name: nonce
type: string
- description: PKCE code challenge
in: query
name: code_challenge
type: string
- description: PKCE code challenge method (S256 or plain)
in: query
name: code_challenge_method
type: string
- description: Prompt parameter (none, login, consent)
in: query
name: prompt
type: string
- description: Max authentication age in seconds
in: query
name: max_age
type: string
- description: OAuth scopes (space separated, must include openid)
in: formData
name: scope
type: string
- description: Response type (e.g. code)
in: formData
name: response_type
type: string
- description: Client ID
in: formData
name: client_id
type: string
- description: Redirect URI
in: formData
name: redirect_uri
type: string
- description: Opaque state value returned to the client
in: formData
name: state
type: string
- description: Nonce for ID token replay protection
in: formData
name: nonce
type: string
- description: PKCE code challenge
in: formData
name: code_challenge
type: string
- description: PKCE code challenge method (S256 or plain)
in: formData
name: code_challenge_method
type: string
- description: Prompt parameter (none, login, consent)
in: formData
name: prompt
type: string
- description: Max authentication age in seconds
in: formData
name: max_age
type: string
responses:
"302":
description: Found
summary: Authorize
tags:
- oidc
post:
consumes:
- application/x-www-form-urlencoded
description: OpenID Connect Authorize Endpoint
parameters:
- description: OAuth scopes (space separated, must include openid)
in: query
name: scope
type: string
- description: Response type (e.g. code)
in: query
name: response_type
type: string
- description: Client ID
in: query
name: client_id
type: string
- description: Redirect URI
in: query
name: redirect_uri
type: string
- description: Opaque state value returned to the client
in: query
name: state
type: string
- description: Nonce for ID token replay protection
in: query
name: nonce
type: string
- description: PKCE code challenge
in: query
name: code_challenge
type: string
- description: PKCE code challenge method (S256 or plain)
in: query
name: code_challenge_method
type: string
- description: Prompt parameter (none, login, consent)
in: query
name: prompt
type: string
- description: Max authentication age in seconds
in: query
name: max_age
type: string
- description: OAuth scopes (space separated, must include openid)
in: formData
name: scope
type: string
- description: Response type (e.g. code)
in: formData
name: response_type
type: string
- description: Client ID
in: formData
name: client_id
type: string
- description: Redirect URI
in: formData
name: redirect_uri
type: string
- description: Opaque state value returned to the client
in: formData
name: state
type: string
- description: Nonce for ID token replay protection
in: formData
name: nonce
type: string
- description: PKCE code challenge
in: formData
name: code_challenge
type: string
- description: PKCE code challenge method (S256 or plain)
in: formData
name: code_challenge_method
type: string
- description: Prompt parameter (none, login, consent)
in: formData
name: prompt
type: string
- description: Max authentication age in seconds
in: formData
name: max_age
type: string
responses:
"302":
description: Found
summary: Authorize
tags:
- oidc
/oidc/token:
post:
consumes:
- application/x-www-form-urlencoded
description: OpenID Connect Token Endpoint
parameters:
- description: Grant type (authorization_code or refresh_token)
in: query
name: grant_type
required: true
type: string
- description: Authorization code (required for authorization_code grant)
in: query
name: code
type: string
- description: Redirect URI (must match the one from the authorize request)
in: query
name: redirect_uri
type: string
- description: Refresh token (required for refresh_token grant)
in: query
name: refresh_token
type: string
- description: Client ID (required if not using Basic auth)
in: query
name: client_id
type: string
- description: Client secret (required for confidential clients without Basic
auth)
in: query
name: client_secret
type: string
- description: PKCE code verifier (required if code_challenge was sent)
in: query
name: code_verifier
type: string
- description: Grant type (authorization_code or refresh_token)
in: formData
name: grant_type
type: string
- description: Authorization code (required for authorization_code grant)
in: formData
name: code
type: string
- description: Redirect URI (must match the one from the authorize request)
in: formData
name: redirect_uri
type: string
- description: Refresh token (required for refresh_token grant)
in: formData
name: refresh_token
type: string
- description: Client ID (required if not using Basic auth)
in: formData
name: client_id
type: string
- description: Client secret (required for confidential clients without Basic
auth)
in: formData
name: client_secret
type: string
- description: PKCE code verifier (required if code_challenge was sent)
in: formData
name: code_verifier
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/service.TokenResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
summary: Token
tags:
- oidc
/oidc/userinfo:
get:
consumes:
- application/x-www-form-urlencoded
description: OpenID Connect Userinfo Endpoint
parameters:
- description: OpenID Connect Access Token
in: formData
name: access_token
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/service.UserinfoResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
summary: Userinfo
tags:
- oidc
post:
consumes:
- application/x-www-form-urlencoded
description: OpenID Connect Userinfo Endpoint
parameters:
- description: OpenID Connect Access Token
in: formData
name: access_token
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/service.UserinfoResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/controller.OIDCErrorResponse'
summary: Userinfo
tags:
- oidc
swagger: "2.0"