docs(jans-lock): add swagger

[SafinWasi]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8753

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Closes #8762,

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes appear to be an OpenAPI specification for the "Lock Master" application, which is part of the Jans platform. The specification defines various endpoints and their corresponding functionality, security requirements, and response schemas. From an application security perspective, the specification includes several security-focused features, such as the use of OAuth 2.0 client credentials flow for authentication and authorization, standardized error handling, audit logging capabilities, and configuration management endpoints. These security practices are commendable and demonstrate a security-conscious approach to the application's design. However, it's important to ensure that the actual implementation of the application aligns with the security considerations outlined in the specification.

Files Changed:

• jans-lock/lock-master.yaml: This file contains the OpenAPI specification for the "Lock Master" application. The specification defines the following key security-related aspects:
  1. Security Schemes: The specification defines two security schemes - "Bearer" and "Client Credentials". The "Client Credentials" scheme is used for accessing various endpoints, requiring a valid access token obtained from the Jans Auth Server.
  2. Error Handling: The specification defines two custom error response schemas - "DEFAULT_ERROR" and "UNPROCESSABLE_ENTITY", which help to provide consistent and informative error information to clients.
  3. Audit Logging: The specification includes several endpoints ("/audit/health", "/audit/log", and "/audit/telemetry") that allow clients to send audit-related data to the application, enabling logging and monitoring of various events and activities.
  4. Configuration Management: The specification includes endpoints ("/config", "/config/issuers", "/config/policy", and "/config/schema") that allow clients to retrieve configuration-related data, such as policy stores and trusted issuer information.
  5. Server-Sent Events (SSE): The specification includes an endpoint ("/lock_sse") that allows clients to subscribe to a real-time event stream, which may be used for various purposes, such as monitoring or notifications.

Powered by DryRun Security

[nynymike]

ok

[mo-auto]

Error: Hi @SafinWasi, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.