diff --git a/cmd/cmd_delete_tokens.go b/cmd/cmd_delete_tokens.go index 3e42939627..149245aab6 100644 --- a/cmd/cmd_delete_tokens.go +++ b/cmd/cmd_delete_tokens.go @@ -40,7 +40,7 @@ func NewDeleteAccessTokensCmd() *cobra.Command { } clientID := args[0] - _, err = client.V0alpha2Api.AdminDeleteOAuth2Token(cmd.Context()).ClientId(clientID).Execute() //nolint:bodyclose + _, err = client.OAuth2Api.DeleteOAuth2Token(cmd.Context()).ClientId(clientID).Execute() //nolint:bodyclose if err != nil { return cmdx.PrintOpenAPIError(cmd, err) } diff --git a/cmd/cmd_introspect_token.go b/cmd/cmd_introspect_token.go index afdd8e2246..3e4299bba3 100644 --- a/cmd/cmd_introspect_token.go +++ b/cmd/cmd_introspect_token.go @@ -42,7 +42,7 @@ func NewIntrospectTokenCmd() *cobra.Command { return err } - result, _, err := client.V0alpha2Api.AdminIntrospectOAuth2Token(cmd.Context()). + result, _, err := client.OAuth2Api.IntrospectOAuth2Token(cmd.Context()). Token(args[0]). Scope(strings.Join(flagx.MustGetStringSlice(cmd, "scope"), " ")).Execute() //nolint:bodyclose if err != nil { diff --git a/cmd/cmd_revoke_token.go b/cmd/cmd_revoke_token.go index 5d839c04c2..1671045e03 100644 --- a/cmd/cmd_revoke_token.go +++ b/cmd/cmd_revoke_token.go @@ -55,7 +55,7 @@ Please provide a Client ID and Client Secret using flags --client-id and --clien } token := args[0] - _, err = client.V0alpha2Api.RevokeOAuth2Token( + _, err = client.OAuth2Api.RevokeOAuth2Token( context.WithValue(cmd.Context(), hydra.ContextBasicAuth, hydra.BasicAuth{ UserName: clientID, Password: clientSecret, diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES index 018587f532..2208c294ab 100644 --- a/internal/httpclient/.openapi-generator/FILES +++ b/internal/httpclient/.openapi-generator/FILES @@ -41,7 +41,7 @@ docs/OAuth2ConsentSessionExpiresAt.md docs/OAuth2LoginRequest.md docs/OAuth2LogoutRequest.md docs/OAuth2RedirectTo.md -docs/OAuth2TokenResponse.md +docs/OAuth2TokenExchange.md docs/OidcApi.md docs/OidcConfiguration.md docs/OidcUserInfo.md @@ -90,7 +90,7 @@ model_o_auth2_consent_session_expires_at.go model_o_auth2_login_request.go model_o_auth2_logout_request.go model_o_auth2_redirect_to.go -model_o_auth2_token_response.go +model_o_auth2_token_exchange.go model_oidc_configuration.go model_oidc_user_info.go model_pagination.go diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md index 530c7eb967..a07f440ccc 100644 --- a/internal/httpclient/README.md +++ b/internal/httpclient/README.md @@ -87,54 +87,54 @@ ctx = context.WithValue(context.Background(), openapi.ContextOperationServerVari All URIs are relative to _http://localhost_ -| Class | Method | HTTP request | Description | -| -------------- | -------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ---------------------------------------------------------------------------------------- | -| _JwkApi_ | [**CreateJsonWebKeySet**](docs/JwkApi.md#createjsonwebkeyset) | **Post** /admin/keys/{set} | Create JSON Web Key | -| _JwkApi_ | [**DeleteJsonWebKey**](docs/JwkApi.md#deletejsonwebkey) | **Delete** /admin/keys/{set}/{kid} | Delete JSON Web Key | -| _JwkApi_ | [**DeleteJsonWebKeySet**](docs/JwkApi.md#deletejsonwebkeyset) | **Delete** /admin/keys/{set} | Delete JSON Web Key Set | -| _JwkApi_ | [**GetJsonWebKey**](docs/JwkApi.md#getjsonwebkey) | **Get** /admin/keys/{set}/{kid} | Get JSON Web Key | -| _JwkApi_ | [**GetJsonWebKeySet**](docs/JwkApi.md#getjsonwebkeyset) | **Get** /admin/keys/{set} | Retrieve a JSON Web Key Set | -| _JwkApi_ | [**SetJsonWebKey**](docs/JwkApi.md#setjsonwebkey) | **Put** /admin/keys/{set}/{kid} | Set JSON Web Key | -| _JwkApi_ | [**SetJsonWebKeySet**](docs/JwkApi.md#setjsonwebkeyset) | **Put** /admin/keys/{set} | Update a JSON Web Key Set | -| _MetadataApi_ | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version. | -| _MetadataApi_ | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status | -| _MetadataApi_ | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status | -| _OAuth2Api_ | [**AcceptOAuth2ConsentRequest**](docs/OAuth2Api.md#acceptoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request | -| _OAuth2Api_ | [**AcceptOAuth2LoginRequest**](docs/OAuth2Api.md#acceptoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request | -| _OAuth2Api_ | [**AcceptOAuth2LogoutRequest**](docs/OAuth2Api.md#acceptoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request | -| _OAuth2Api_ | [**CreateOAuth2Client**](docs/OAuth2Api.md#createoauth2client) | **Post** /admin/clients | Create OAuth 2.0 Client | -| _OAuth2Api_ | [**DeleteOAuth2Client**](docs/OAuth2Api.md#deleteoauth2client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client | -| _OAuth2Api_ | [**DeleteTrustedOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#deletetrustedoauth2jwtgrantissuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer | -| _OAuth2Api_ | [**GetOAuth2Client**](docs/OAuth2Api.md#getoauth2client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client | -| _OAuth2Api_ | [**GetOAuth2ConsentRequest**](docs/OAuth2Api.md#getoauth2consentrequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request | -| _OAuth2Api_ | [**GetOAuth2LoginRequest**](docs/OAuth2Api.md#getoauth2loginrequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request | -| _OAuth2Api_ | [**GetOAuth2LogoutRequest**](docs/OAuth2Api.md#getoauth2logoutrequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request | -| _OAuth2Api_ | [**GetTrustedOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#gettrustedoauth2jwtgrantissuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer | -| _OAuth2Api_ | [**ListOAuth2Clients**](docs/OAuth2Api.md#listoauth2clients) | **Get** /admin/clients | List OAuth 2.0 Clients | -| _OAuth2Api_ | [**ListOAuth2ConsentSessions**](docs/OAuth2Api.md#listoauth2consentsessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject | -| _OAuth2Api_ | [**ListTrustedOAuth2JwtGrantIssuers**](docs/OAuth2Api.md#listtrustedoauth2jwtgrantissuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers | -| _OAuth2Api_ | [**PatchOAuth2Client**](docs/OAuth2Api.md#patchoauth2client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client | -| _OAuth2Api_ | [**RejectOAuth2ConsentRequest**](docs/OAuth2Api.md#rejectoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request | -| _OAuth2Api_ | [**RejectOAuth2LoginRequest**](docs/OAuth2Api.md#rejectoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request | -| _OAuth2Api_ | [**RejectOAuth2LogoutRequest**](docs/OAuth2Api.md#rejectoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request | -| _OAuth2Api_ | [**RevokeOAuth2ConsentSessions**](docs/OAuth2Api.md#revokeoauth2consentsessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject | -| _OAuth2Api_ | [**RevokeOAuth2LoginSessions**](docs/OAuth2Api.md#revokeoauth2loginsessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes All OAuth 2.0 Login Sessions of a Subject | -| _OAuth2Api_ | [**SetOAuth2Client**](docs/OAuth2Api.md#setoauth2client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client | -| _OAuth2Api_ | [**SetOAuth2ClientLifespans**](docs/OAuth2Api.md#setoauth2clientlifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans | -| _OAuth2Api_ | [**TrustOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#trustoauth2jwtgrantissuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer | -| _OidcApi_ | [**CreateOidcDynamicClient**](docs/OidcApi.md#createoidcdynamicclient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration | -| _OidcApi_ | [**GetOidcDynamicClient**](docs/OidcApi.md#getoidcdynamicclient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration | -| _OidcApi_ | [**SetOidcDynamicClient**](docs/OidcApi.md#setoidcdynamicclient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration | -| _V0alpha2Api_ | [**AdminDeleteOAuth2Token**](docs/V0alpha2Api.md#admindeleteoauth2token) | **Delete** /admin/oauth2/tokens | Delete OAuth2 Access Tokens from a Client | -| _V0alpha2Api_ | [**AdminIntrospectOAuth2Token**](docs/V0alpha2Api.md#adminintrospectoauth2token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access or Refresh Tokens | -| _V0alpha2Api_ | [**DeleteOidcDynamicClient**](docs/V0alpha2Api.md#deleteoidcdynamicclient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol | -| _V0alpha2Api_ | [**DiscoverOidcConfiguration**](docs/V0alpha2Api.md#discoveroidcconfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery | -| _V0alpha2Api_ | [**GetOidcUserInfo**](docs/V0alpha2Api.md#getoidcuserinfo) | **Get** /userinfo | OpenID Connect Userinfo | -| _V0alpha2Api_ | [**PerformOAuth2AuthorizationFlow**](docs/V0alpha2Api.md#performoauth2authorizationflow) | **Get** /oauth2/auth | The OAuth 2.0 Authorize Endpoint | -| _V0alpha2Api_ | [**PerformOAuth2TokenFlow**](docs/V0alpha2Api.md#performoauth2tokenflow) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint | -| _V0alpha2Api_ | [**PerformOidcFrontOrBackChannelLogout**](docs/V0alpha2Api.md#performoidcfrontorbackchannellogout) | **Get** /oauth2/sessions/logout | OpenID Connect Front- or Back-channel Enabled Logout | -| _V0alpha2Api_ | [**RevokeOAuth2Token**](docs/V0alpha2Api.md#revokeoauth2token) | **Post** /oauth2/revoke | Revoke an OAuth2 Access or Refresh Token | -| _WellknownApi_ | [**DiscoverJsonWebKeys**](docs/WellknownApi.md#discoverjsonwebkeys) | **Get** /.well-known/jwks.json | Discover Well-Known JSON Web Keys | +| Class | Method | HTTP request | Description | +| -------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ---------------------------------------------------------------------------------------- | +| _JwkApi_ | [**CreateJsonWebKeySet**](docs/JwkApi.md#createjsonwebkeyset) | **Post** /admin/keys/{set} | Create JSON Web Key | +| _JwkApi_ | [**DeleteJsonWebKey**](docs/JwkApi.md#deletejsonwebkey) | **Delete** /admin/keys/{set}/{kid} | Delete JSON Web Key | +| _JwkApi_ | [**DeleteJsonWebKeySet**](docs/JwkApi.md#deletejsonwebkeyset) | **Delete** /admin/keys/{set} | Delete JSON Web Key Set | +| _JwkApi_ | [**GetJsonWebKey**](docs/JwkApi.md#getjsonwebkey) | **Get** /admin/keys/{set}/{kid} | Get JSON Web Key | +| _JwkApi_ | [**GetJsonWebKeySet**](docs/JwkApi.md#getjsonwebkeyset) | **Get** /admin/keys/{set} | Retrieve a JSON Web Key Set | +| _JwkApi_ | [**SetJsonWebKey**](docs/JwkApi.md#setjsonwebkey) | **Put** /admin/keys/{set}/{kid} | Set JSON Web Key | +| _JwkApi_ | [**SetJsonWebKeySet**](docs/JwkApi.md#setjsonwebkeyset) | **Put** /admin/keys/{set} | Update a JSON Web Key Set | +| _MetadataApi_ | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version. | +| _MetadataApi_ | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status | +| _MetadataApi_ | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status | +| _OAuth2Api_ | [**AcceptOAuth2ConsentRequest**](docs/OAuth2Api.md#acceptoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request | +| _OAuth2Api_ | [**AcceptOAuth2LoginRequest**](docs/OAuth2Api.md#acceptoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request | +| _OAuth2Api_ | [**AcceptOAuth2LogoutRequest**](docs/OAuth2Api.md#acceptoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request | +| _OAuth2Api_ | [**CreateOAuth2Client**](docs/OAuth2Api.md#createoauth2client) | **Post** /admin/clients | Create OAuth 2.0 Client | +| _OAuth2Api_ | [**DeleteOAuth2Client**](docs/OAuth2Api.md#deleteoauth2client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client | +| _OAuth2Api_ | [**DeleteOAuth2Token**](docs/OAuth2Api.md#deleteoauth2token) | **Delete** /admin/oauth2/tokens | Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client | +| _OAuth2Api_ | [**DeleteTrustedOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#deletetrustedoauth2jwtgrantissuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer | +| _OAuth2Api_ | [**GetOAuth2Client**](docs/OAuth2Api.md#getoauth2client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client | +| _OAuth2Api_ | [**GetOAuth2ConsentRequest**](docs/OAuth2Api.md#getoauth2consentrequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request | +| _OAuth2Api_ | [**GetOAuth2LoginRequest**](docs/OAuth2Api.md#getoauth2loginrequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request | +| _OAuth2Api_ | [**GetOAuth2LogoutRequest**](docs/OAuth2Api.md#getoauth2logoutrequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request | +| _OAuth2Api_ | [**GetTrustedOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#gettrustedoauth2jwtgrantissuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer | +| _OAuth2Api_ | [**IntrospectOAuth2Token**](docs/OAuth2Api.md#introspectoauth2token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access and Refresh Tokens | +| _OAuth2Api_ | [**ListOAuth2Clients**](docs/OAuth2Api.md#listoauth2clients) | **Get** /admin/clients | List OAuth 2.0 Clients | +| _OAuth2Api_ | [**ListOAuth2ConsentSessions**](docs/OAuth2Api.md#listoauth2consentsessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject | +| _OAuth2Api_ | [**ListTrustedOAuth2JwtGrantIssuers**](docs/OAuth2Api.md#listtrustedoauth2jwtgrantissuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers | +| _OAuth2Api_ | [**OAuth2Authorize**](docs/OAuth2Api.md#oauth2authorize) | **Get** /oauth2/auth | OAuth 2.0 Authorize Endpoint | +| _OAuth2Api_ | [**Oauth2TokenExchange**](docs/OAuth2Api.md#oauth2tokenexchange) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint | +| _OAuth2Api_ | [**PatchOAuth2Client**](docs/OAuth2Api.md#patchoauth2client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client | +| _OAuth2Api_ | [**RejectOAuth2ConsentRequest**](docs/OAuth2Api.md#rejectoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request | +| _OAuth2Api_ | [**RejectOAuth2LoginRequest**](docs/OAuth2Api.md#rejectoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request | +| _OAuth2Api_ | [**RejectOAuth2LogoutRequest**](docs/OAuth2Api.md#rejectoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request | +| _OAuth2Api_ | [**RevokeOAuth2ConsentSessions**](docs/OAuth2Api.md#revokeoauth2consentsessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject | +| _OAuth2Api_ | [**RevokeOAuth2LoginSessions**](docs/OAuth2Api.md#revokeoauth2loginsessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes All OAuth 2.0 Login Sessions of a Subject | +| _OAuth2Api_ | [**RevokeOAuth2Token**](docs/OAuth2Api.md#revokeoauth2token) | **Post** /oauth2/revoke | Revoke OAuth 2.0 Access or Refresh Token | +| _OAuth2Api_ | [**SetOAuth2Client**](docs/OAuth2Api.md#setoauth2client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client | +| _OAuth2Api_ | [**SetOAuth2ClientLifespans**](docs/OAuth2Api.md#setoauth2clientlifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans | +| _OAuth2Api_ | [**TrustOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#trustoauth2jwtgrantissuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer | +| _OidcApi_ | [**CreateOidcDynamicClient**](docs/OidcApi.md#createoidcdynamicclient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration | +| _OidcApi_ | [**DiscoverOidcConfiguration**](docs/OidcApi.md#discoveroidcconfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery | +| _OidcApi_ | [**GetOidcDynamicClient**](docs/OidcApi.md#getoidcdynamicclient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration | +| _OidcApi_ | [**GetOidcUserInfo**](docs/OidcApi.md#getoidcuserinfo) | **Get** /userinfo | OpenID Connect Userinfo | +| _OidcApi_ | [**RevokeOidcSession**](docs/OidcApi.md#revokeoidcsession) | **Get** /oauth2/sessions/logout | OpenID Connect Front- and Back-channel Enabled Logout | +| _OidcApi_ | [**SetOidcDynamicClient**](docs/OidcApi.md#setoidcdynamicclient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration | +| _V0alpha2Api_ | [**DeleteOidcDynamicClient**](docs/V0alpha2Api.md#deleteoidcdynamicclient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol | +| _WellknownApi_ | [**DiscoverJsonWebKeys**](docs/WellknownApi.md#discoverjsonwebkeys) | **Get** /.well-known/jwks.json | Discover Well-Known JSON Web Keys | ## Documentation For Models @@ -165,7 +165,7 @@ All URIs are relative to _http://localhost_ - [OAuth2LoginRequest](docs/OAuth2LoginRequest.md) - [OAuth2LogoutRequest](docs/OAuth2LogoutRequest.md) - [OAuth2RedirectTo](docs/OAuth2RedirectTo.md) -- [OAuth2TokenResponse](docs/OAuth2TokenResponse.md) +- [OAuth2TokenExchange](docs/OAuth2TokenExchange.md) - [OidcConfiguration](docs/OidcConfiguration.md) - [OidcUserInfo](docs/OidcUserInfo.md) - [Pagination](docs/Pagination.md) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index e5d3da86e2..8a10643cde 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -48,19 +48,16 @@ paths: - wellknown /.well-known/openid-configuration: get: - description: "The well known endpoint an be used to retrieve information + description: "A mechanism for an OpenID Connect Relying Party to discover + the\ + \ End-User's OpenID Provider and obtain information needed to interact + with\ + \ it, including its OAuth 2.0 endpoint locations.\n\nPopular libraries for\ - \ OpenID Connect clients. We encourage you to not roll\nyour own OpenID - Connect\ - \ client but to use an OpenID Connect client library instead. You can - learn\ - \ more on this\nflow at - https://openid.net/specs/openid-connect-discovery-1_0.html\ - \ .\n\nPopular libraries for OpenID Connect clients include - oidc-client-js\ - \ (JavaScript), go-oidc (Golang), and others.\nFor a full list of - clients\ - \ go here: https://openid.net/developers/certified/" + \ OpenID Connect clients include oidc-client-js (JavaScript), go-oidc + (Golang),\ + \ and others.\nFor a full list of clients go here: + https://openid.net/developers/certified/" operationId: discoverOidcConfiguration responses: "200": @@ -77,7 +74,7 @@ paths: description: errorOAuth2 summary: OpenID Connect Discovery tags: - - v0alpha2 + - oidc /admin/clients: get: description: "This endpoint lists all clients in the database, and never @@ -1335,16 +1332,15 @@ paths: revoked.\ \ If a token is active, additional information on the token will be included.\ - \ You can\nset additional data for a token by setting `accessTokenExtra` - during\ - \ the consent flow.\n\nFor more information [read this blog - post](https://www.oauth.com/oauth2-servers/token-introspection-endpoint/)." - operationId: adminIntrospectOAuth2Token + \ You can\nset additional data for a token by setting + `session.access_token`\ + \ during the consent flow." + operationId: introspectOAuth2Token requestBody: content: application/x-www-form-urlencoded: schema: - $ref: "#/components/schemas/adminIntrospectOAuth2Token_request" + $ref: "#/components/schemas/introspectOAuth2Token_request" responses: "200": content: @@ -1358,17 +1354,18 @@ paths: schema: $ref: "#/components/schemas/errorOAuth2" description: errorOAuth2 - summary: Introspect OAuth2 Access or Refresh Tokens + summary: Introspect OAuth2 Access and Refresh Tokens tags: - - v0alpha2 + - oAuth2 /admin/oauth2/tokens: delete: description: - This endpoint deletes OAuth2 access tokens issued for a client from the - database - operationId: adminDeleteOAuth2Token + This endpoint deletes OAuth2 access tokens issued to an OAuth 2.0 Client + from the database. + operationId: deleteOAuth2Token parameters: - - explode: true + - description: OAuth 2.0 Client ID + explode: true in: query name: client_id required: true @@ -1387,9 +1384,9 @@ paths: schema: $ref: "#/components/schemas/errorOAuth2" description: errorOAuth2 - summary: Delete OAuth2 Access Tokens from a Client + summary: Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client tags: - - v0alpha2 + - oAuth2 /admin/trust/grants/jwt-bearer/issuers: get: description: @@ -1598,15 +1595,12 @@ paths: - metadata /oauth2/auth: get: - description: "This endpoint is not documented here because you should - never\ - \ use your own implementation to perform OAuth2 flows.\nOAuth2 is a very - popular\ - \ protocol and a library for your programming language will - exists.\n\nTo\ - \ learn more about this flow please refer to the specification: - https://tools.ietf.org/html/rfc6749" - operationId: performOAuth2AuthorizationFlow + description: |- + Use open source libraries to perform OAuth 2.0 and OpenID Connect + available for any programming language. You can find a list of libraries at https://oauth.net/code/ + + The Ory SDK is not yet able to this endpoint properly. + operationId: oAuth2Authorize responses: "302": description: "Empty responses are sent when, for example, resources @@ -1619,9 +1613,9 @@ paths: schema: $ref: "#/components/schemas/errorOAuth2" description: errorOAuth2 - summary: The OAuth 2.0 Authorize Endpoint + summary: OAuth 2.0 Authorize Endpoint tags: - - v0alpha2 + - oAuth2 /oauth2/register: post: description: |- @@ -1869,56 +1863,48 @@ paths: security: - basic: [] - oauth2: [] - summary: Revoke an OAuth2 Access or Refresh Token + summary: Revoke OAuth 2.0 Access or Refresh Token tags: - - v0alpha2 + - oAuth2 /oauth2/sessions/logout: get: description: |- - This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front- / Back-channel logout: + This endpoint initiates and completes user logout at the Ory OAuth2 & OpenID provider and initiates OpenID Connect Front- / Back-channel logout: https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-backchannel-1_0.html Back-channel logout is performed asynchronously and does not affect logout flow. - operationId: performOidcFrontOrBackChannelLogout + operationId: revokeOidcSession responses: "302": description: "Empty responses are sent when, for example, resources are\ \ deleted. The HTTP status code for empty responses is\ntypically 201." - summary: OpenID Connect Front- or Back-channel Enabled Logout + summary: OpenID Connect Front- and Back-channel Enabled Logout tags: - - v0alpha2 + - oidc /oauth2/token: post: - description: "The client makes a request to the token endpoint by sending - the\n\ - following parameters using the \"application/x-www-form-urlencoded\" - HTTP\n\ - request entity-body.\n\n> Do not implement a client for this endpoint - yourself.\ - \ Use a library. There are many libraries\n> available for any - programming\ - \ language. You can find a list of libraries here: - https://oauth.net/code/\n\ - >\n> Do note that Hydra SDK does not implement this endpoint properly. - Use\ - \ one of the libraries listed above" - operationId: performOAuth2TokenFlow + description: |- + Use open source libraries to perform OAuth 2.0 and OpenID Connect + available for any programming language. You can find a list of libraries here https://oauth.net/code/ + + The Ory SDK is not yet able to this endpoint properly. + operationId: oauth2TokenExchange requestBody: content: application/x-www-form-urlencoded: schema: - $ref: "#/components/schemas/performOAuth2TokenFlow_request" + $ref: "#/components/schemas/oauth2TokenExchange_request" responses: "200": content: application/json: schema: - $ref: "#/components/schemas/oAuth2TokenResponse" - description: oAuth2TokenResponse + $ref: "#/components/schemas/oAuth2TokenExchange" + description: oAuth2TokenExchange default: content: application/json: @@ -1930,18 +1916,16 @@ paths: - oauth2: [] summary: The OAuth 2.0 Token Endpoint tags: - - v0alpha2 + - oAuth2 /userinfo: get: description: "This endpoint returns the payload of the ID Token, including - the\ - \ idTokenExtra values, of\nthe provided OAuth 2.0 Access Token.\n\nFor - more\ - \ information please [refer to the - spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo).\n\ - \nIn the case of authentication error, a WWW-Authenticate header might - be\ - \ set in the response\nwith more information about the error. See [the + `session.id_token`\ + \ values, of\nthe provided OAuth 2.0 Access Token's consent + request.\n\nIn\ + \ the case of authentication error, a WWW-Authenticate header might be + set\ + \ in the response\nwith more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)\n\ for more details about header format." operationId: getOidcUserInfo @@ -1962,7 +1946,7 @@ paths: - oauth2: [] summary: OpenID Connect Userinfo tags: - - v0alpha2 + - oidc /version: get: description: "This endpoint returns the version of Ory Hydra.\n\nIf the @@ -3999,8 +3983,8 @@ components: - redirect_to title: OAuth 2.0 Redirect Browser To type: object - oAuth2TokenResponse: - description: OAuth2 Token Response + oAuth2TokenExchange: + description: OAuth2 Token Exchange Result example: access_token: access_token refresh_token: refresh_token @@ -4013,8 +3997,8 @@ components: description: The access token issued by the authorization server. type: string expires_in: - description: "The lifetime in seconds of the access - token. For\nexample,\ + description: "The lifetime in seconds of the access token. + For\nexample,\ \ the value \"3600\" denotes that the access token will\nexpire in one\ \ hour from the time the response was generated." @@ -4041,7 +4025,7 @@ components: type: object oidcConfiguration: description: |- - It includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms + Includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms among others. example: request_parameter_supported: true @@ -4088,7 +4072,7 @@ components: - code_challenge_methods_supported - code_challenge_methods_supported frontchannel_logout_session_supported: true - jwks_uri: https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json + jwks_uri: "https://{slug}.projects.oryapis.com/.well-known/jwks.json" subject_types_supported: - subject_types_supported - subject_types_supported @@ -4101,222 +4085,268 @@ components: - request_object_signing_alg_values_supported properties: authorization_endpoint: - description: URL of the OP's OAuth 2.0 Authorization Endpoint. + description: OAuth 2.0 Authorization Endpoint URL example: https://playground.ory.sh/ory-hydra/public/oauth2/auth type: string backchannel_logout_session_supported: - description: "Boolean value specifying whether the OP can pass a sid - (session\ - \ ID) Claim in the Logout Token to identify the RP\nsession with the - OP.\ - \ If supported, the sid Claim is also included in ID Tokens issued - by\ - \ the OP" + description: "OpenID Connect Back-Channel Logout Session + Required\n\nBoolean\ + \ value specifying whether the OP can pass a sid (session ID) Claim + in\ + \ the Logout Token to identify the RP\nsession with the OP. If + supported,\ + \ the sid Claim is also included in ID Tokens issued by the OP" type: boolean backchannel_logout_supported: - description: "Boolean value specifying whether the OP supports - back-channel\ - \ logout, with true indicating support." + description: "OpenID Connect Back-Channel Logout Supported\n\nBoolean + value\ + \ specifying whether the OP supports back-channel logout, with true + indicating\ + \ support." type: boolean claims_parameter_supported: - description: "Boolean value specifying whether the OP supports use of - the\ - \ claims parameter, with true indicating support." + description: "OpenID Connect Claims Parameter Parameter + Supported\n\nBoolean\ + \ value specifying whether the OP supports use of the claims + parameter,\ + \ with true indicating support." type: boolean claims_supported: - description: "JSON array containing a list of the Claim Names of the - Claims\ - \ that the OpenID Provider MAY be able to supply\nvalues for. Note - that\ - \ for privacy or other reasons, this might not be an exhaustive - list." + description: "OpenID Connect Supported Claims\n\nJSON array containing + a\ + \ list of the Claim Names of the Claims that the OpenID Provider MAY + be\ + \ able to supply\nvalues for. Note that for privacy or other + reasons,\ + \ this might not be an exhaustive list." items: type: string type: array code_challenge_methods_supported: - description: "JSON array containing a list of Proof Key for Code - Exchange\ - \ (PKCE) [RFC7636] code challenge methods supported\nby this - authorization\ - \ server." + description: "OAuth 2.0 PKCE Supported Code Challenge Methods\n\nJSON + array\ + \ containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] + code\ + \ challenge methods supported\nby this authorization server." items: type: string type: array end_session_endpoint: - description: - URL at the OP to which an RP can perform a redirect to request that - the End-User be logged out at the OP. + description: |- + OpenID Connect End-Session Endpoint + + URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. type: string frontchannel_logout_session_supported: - description: "Boolean value specifying whether the OP can pass iss - (issuer)\ - \ and sid (session ID) query parameters to identify\nthe RP session - with\ - \ the OP when the frontchannel_logout_uri is used. If supported, the - sid\ - \ Claim is also\nincluded in ID Tokens issued by the OP." + description: "OpenID Connect Front-Channel Logout Session + Required\n\nBoolean\ + \ value specifying whether the OP can pass iss (issuer) and sid + (session\ + \ ID) query parameters to identify\nthe RP session with the OP when + the\ + \ frontchannel_logout_uri is used. If supported, the sid Claim is + also\n\ + included in ID Tokens issued by the OP." type: boolean frontchannel_logout_supported: - description: "Boolean value specifying whether the OP supports - HTTP-based\ - \ logout, with true indicating support." + description: "OpenID Connect Front-Channel Logout Supported\n\nBoolean + value\ + \ specifying whether the OP supports HTTP-based logout, with true + indicating\ + \ support." type: boolean grant_types_supported: - description: - JSON array containing a list of the OAuth 2.0 Grant Type values that - this OP supports. + description: |- + OAuth 2.0 Supported Grant Types + + JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. items: type: string type: array id_token_signed_response_alg: - description: Algorithm used to sign OpenID Connect ID Tokens. + description: |- + OpenID Connect Default ID Token Signing Algorithms + + Algorithm used to sign OpenID Connect ID Tokens. items: type: string type: array id_token_signing_alg_values_supported: description: |- + OpenID Connect Supported ID Token Signing Algorithms + JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. items: type: string type: array issuer: - description: "URL using the https scheme with no query or fragment - component\ - \ that the OP asserts as its IssuerURL Identifier.\nIf IssuerURL - discovery\ - \ is supported , this value MUST be identical to the issuer value - returned\n\ - by WebFinger. This also MUST be identical to the iss Claim value in - ID\ - \ Tokens issued from this IssuerURL." + description: "OpenID Connect Issuer URL\n\nAn URL using the https + scheme\ + \ with no query or fragment component that the OP asserts as its + IssuerURL\ + \ Identifier.\nIf IssuerURL discovery is supported , this value MUST + be\ + \ identical to the issuer value returned\nby WebFinger. This also + MUST\ + \ be identical to the iss Claim value in ID Tokens issued from this + IssuerURL." example: https://playground.ory.sh/ory-hydra/public/ type: string jwks_uri: - description: "URL of the OP's JSON Web Key Set [JWK] document. This - contains\ - \ the signing key(s) the RP uses to validate\nsignatures from the - OP.\ - \ The JWK Set MAY also contain the Server's encryption key(s), which - are\ - \ used by RPs\nto encrypt requests to the Server. When both signing + description: "OpenID Connect Well-Known JSON Web Keys URL\n\nURL of + the\ + \ OP's JSON Web Key Set [JWK] document. This contains the signing + key(s)\ + \ the RP uses to validate\nsignatures from the OP. The JWK Set MAY + also\ + \ contain the Server's encryption key(s), which are used by RPs\nto + encrypt\ + \ requests to the Server. When both signing and encryption keys are + made\ + \ available, a use (Key Use)\nparameter value is REQUIRED for all + keys\ + \ in the referenced JWK Set to indicate each key's intended + usage.\nAlthough\ + \ some algorithms allow the same key to be used for both signatures and\ - \ encryption keys are made available, a use (Key Use)\nparameter - value\ - \ is REQUIRED for all keys in the referenced JWK Set to indicate - each\ - \ key's intended usage.\nAlthough some algorithms allow the same key - to\ - \ be used for both signatures and encryption, doing so is\nNOT - RECOMMENDED,\ - \ as it is less secure. The JWK x5c parameter MAY be used to provide - X.509\ - \ representations of\nkeys provided. When used, the bare key values - MUST\ - \ still be present and MUST match those in the certificate." - example: https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json + \ encryption, doing so is\nNOT RECOMMENDED, as it is less secure. + The\ + \ JWK x5c parameter MAY be used to provide X.509 representations + of\n\ + keys provided. When used, the bare key values MUST still be present + and\ + \ MUST match those in the certificate." + example: "https://{slug}.projects.oryapis.com/.well-known/jwks.json" type: string registration_endpoint: - description: URL of the OP's Dynamic Client Registration Endpoint. + description: OpenID Connect Dynamic Client Registration Endpoint URL example: https://playground.ory.sh/ory-hydra/admin/client type: string request_object_signing_alg_values_supported: - description: "JSON array containing a list of the JWS signing - algorithms\ - \ (alg values) supported by the OP for Request Objects,\nwhich are - described\ - \ in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These - algorithms\ - \ are used both when\nthe Request Object is passed by value (using - the\ - \ request parameter) and when it is passed by reference\n(using the + description: "OpenID Connect Supported Request Object Signing + Algorithms\n\ + \nJSON array containing a list of the JWS signing algorithms (alg + values)\ + \ supported by the OP for Request Objects,\nwhich are described in + Section\ + \ 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are + used\ + \ both when\nthe Request Object is passed by value (using the + request\ + \ parameter) and when it is passed by reference\n(using the request_uri\ \ parameter)." items: type: string type: array request_parameter_supported: - description: "Boolean value specifying whether the OP supports use of - the\ - \ request parameter, with true indicating support." + description: "OpenID Connect Request Parameter Supported\n\nBoolean + value\ + \ specifying whether the OP supports use of the request parameter, + with\ + \ true indicating support." type: boolean request_uri_parameter_supported: - description: "Boolean value specifying whether the OP supports use of - the\ - \ request_uri parameter, with true indicating support." + description: "OpenID Connect Request URI Parameter + Supported\n\nBoolean\ + \ value specifying whether the OP supports use of the request_uri + parameter,\ + \ with true indicating support." type: boolean require_request_uri_registration: description: |- + OpenID Connect Requires Request URI Registration + Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. type: boolean response_modes_supported: - description: - JSON array containing a list of the OAuth 2.0 response_mode values - that this OP supports. + description: |- + OAuth 2.0 Supported Response Modes + + JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports. items: type: string type: array response_types_supported: - description: "JSON array containing a list of the OAuth 2.0 - response_type\ - \ values that this OP supports. Dynamic OpenID\nProviders MUST - support\ - \ the code, id_token, and the token id_token Response Type values." + description: "OAuth 2.0 Supported Response Types\n\nJSON array + containing\ + \ a list of the OAuth 2.0 response_type values that this OP + supports.\ + \ Dynamic OpenID\nProviders MUST support the code, id_token, and the + token\ + \ id_token Response Type values." items: type: string type: array revocation_endpoint: - description: + description: |- + OAuth 2.0 Token Revocation URL + URL of the authorization server's OAuth 2.0 revocation endpoint. type: string scopes_supported: - description: "SON array containing a list of the OAuth 2.0 [RFC6749] - scope\ - \ values that this server supports. The server MUST\nsupport the - openid\ - \ scope value. Servers MAY choose not to advertise some supported - scope\ - \ values even when this parameter is used" + description: "OAuth 2.0 Supported Scope Values\n\nJSON array + containing\ + \ a list of the OAuth 2.0 [RFC6749] scope values that this server + supports.\ + \ The server MUST\nsupport the openid scope value. Servers MAY + choose\ + \ not to advertise some supported scope values even when this + parameter\ + \ is used" items: type: string type: array subject_types_supported: description: |- + OpenID Connect Supported Subject Types + JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. items: type: string type: array token_endpoint: - description: URL of the OP's OAuth 2.0 Token Endpoint + description: OAuth 2.0 Token Endpoint URL example: https://playground.ory.sh/ory-hydra/public/oauth2/token type: string token_endpoint_auth_methods_supported: - description: "JSON array containing a list of Client Authentication - methods\ - \ supported by this Token Endpoint. The options - are\nclient_secret_post,\ - \ client_secret_basic, client_secret_jwt, and private_key_jwt, as - described\ - \ in Section 9 of OpenID Connect Core 1.0" + description: "OAuth 2.0 Supported Client Authentication + Methods\n\nJSON\ + \ array containing a list of Client Authentication methods supported + by\ + \ this Token Endpoint. The options are\nclient_secret_post, + client_secret_basic,\ + \ client_secret_jwt, and private_key_jwt, as described in Section 9 + of\ + \ OpenID Connect Core 1.0" items: type: string type: array userinfo_endpoint: - description: URL of the OP's UserInfo Endpoint. + description: |- + OpenID Connect Userinfo URL + + URL of the OP's UserInfo Endpoint. type: string userinfo_signed_response_alg: - description: Algorithm used to sign OpenID Connect Userinfo Responses. + description: |- + OpenID Connect User Userinfo Signing Algorithm + + Algorithm used to sign OpenID Connect Userinfo Responses. items: type: string type: array userinfo_signing_alg_values_supported: - description: "JSON array containing a list of the JWS [JWS] signing - algorithms\ - \ (alg values) [JWA] supported by the UserInfo Endpoint to encode - the\ - \ Claims in a JWT [JWT]." + description: "OpenID Connect Supported Userinfo Signing + Algorithm\n\nJSON\ + \ array containing a list of the JWS [JWS] signing algorithms (alg + values)\ + \ [JWA] supported by the UserInfo Endpoint to encode the Claims in a + JWT\ + \ [JWT]." items: type: string type: array @@ -4330,10 +4360,10 @@ components: - subject_types_supported - token_endpoint - userinfo_signed_response_alg - title: OpenID Connect Discovery ;etadata + title: OpenID Connect Discovery Metadata type: object oidcUserInfo: - description: The userinfo response + description: OpenID Connect Userinfo example: sub: sub website: website @@ -4863,7 +4893,7 @@ components: description: Version is the service's version. type: string type: object - adminIntrospectOAuth2Token_request: + introspectOAuth2Token_request: properties: scope: description: "An optional, space separated list of required scopes. If @@ -4915,7 +4945,7 @@ components: required: - token type: object - performOAuth2TokenFlow_request: + oauth2TokenExchange_request: properties: client_id: type: string diff --git a/internal/httpclient/api_o_auth2.go b/internal/httpclient/api_o_auth2.go index 7d67596677..7687167f74 100644 --- a/internal/httpclient/api_o_auth2.go +++ b/internal/httpclient/api_o_auth2.go @@ -654,6 +654,112 @@ func (a *OAuth2ApiService) DeleteOAuth2ClientExecute(r ApiDeleteOAuth2ClientRequ return localVarHTTPResponse, nil } +type ApiDeleteOAuth2TokenRequest struct { + ctx context.Context + ApiService *OAuth2ApiService + clientId *string +} + +// OAuth 2.0 Client ID +func (r ApiDeleteOAuth2TokenRequest) ClientId(clientId string) ApiDeleteOAuth2TokenRequest { + r.clientId = &clientId + return r +} + +func (r ApiDeleteOAuth2TokenRequest) Execute() (*http.Response, error) { + return r.ApiService.DeleteOAuth2TokenExecute(r) +} + +/* +DeleteOAuth2Token Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client + +This endpoint deletes OAuth2 access tokens issued to an OAuth 2.0 Client from the database. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiDeleteOAuth2TokenRequest +*/ +func (a *OAuth2ApiService) DeleteOAuth2Token(ctx context.Context) ApiDeleteOAuth2TokenRequest { + return ApiDeleteOAuth2TokenRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +func (a *OAuth2ApiService) DeleteOAuth2TokenExecute(r ApiDeleteOAuth2TokenRequest) (*http.Response, error) { + var ( + localVarHTTPMethod = http.MethodDelete + localVarPostBody interface{} + formFiles []formFile + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.DeleteOAuth2Token") + if err != nil { + return nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/admin/oauth2/tokens" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + if r.clientId == nil { + return nil, reportError("clientId is required and must be specified") + } + + localVarQueryParams.Add("client_id", parameterToString(*r.clientId, "")) + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarHTTPResponse, newErr + } + newErr.model = v + return localVarHTTPResponse, newErr + } + + return localVarHTTPResponse, nil +} + type ApiDeleteTrustedOAuth2JwtGrantIssuerRequest struct { ctx context.Context ApiService *OAuth2ApiService @@ -1383,6 +1489,136 @@ func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuerExecute(r ApiGetTrusted return localVarReturnValue, localVarHTTPResponse, nil } +type ApiIntrospectOAuth2TokenRequest struct { + ctx context.Context + ApiService *OAuth2ApiService + token *string + scope *string +} + +// The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned. +func (r ApiIntrospectOAuth2TokenRequest) Token(token string) ApiIntrospectOAuth2TokenRequest { + r.token = &token + return r +} + +// An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. +func (r ApiIntrospectOAuth2TokenRequest) Scope(scope string) ApiIntrospectOAuth2TokenRequest { + r.scope = &scope + return r +} + +func (r ApiIntrospectOAuth2TokenRequest) Execute() (*IntrospectedOAuth2Token, *http.Response, error) { + return r.ApiService.IntrospectOAuth2TokenExecute(r) +} + +/* +IntrospectOAuth2Token Introspect OAuth2 Access and Refresh Tokens + +The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token +is neither expired nor revoked. If a token is active, additional information on the token will be included. You can +set additional data for a token by setting `session.access_token` during the consent flow. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiIntrospectOAuth2TokenRequest +*/ +func (a *OAuth2ApiService) IntrospectOAuth2Token(ctx context.Context) ApiIntrospectOAuth2TokenRequest { + return ApiIntrospectOAuth2TokenRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +// +// @return IntrospectedOAuth2Token +func (a *OAuth2ApiService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2TokenRequest) (*IntrospectedOAuth2Token, *http.Response, error) { + var ( + localVarHTTPMethod = http.MethodPost + localVarPostBody interface{} + formFiles []formFile + localVarReturnValue *IntrospectedOAuth2Token + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.IntrospectOAuth2Token") + if err != nil { + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/admin/oauth2/introspect" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + if r.token == nil { + return localVarReturnValue, nil, reportError("token is required and must be specified") + } + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{"application/x-www-form-urlencoded"} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + if r.scope != nil { + localVarFormParams.Add("scope", parameterToString(*r.scope, "")) + } + localVarFormParams.Add("token", parameterToString(*r.token, "")) + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + type ApiListOAuth2ClientsRequest struct { ctx context.Context ApiService *OAuth2ApiService @@ -1806,6 +2042,272 @@ func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrus return localVarReturnValue, localVarHTTPResponse, nil } +type ApiOAuth2AuthorizeRequest struct { + ctx context.Context + ApiService *OAuth2ApiService +} + +func (r ApiOAuth2AuthorizeRequest) Execute() (*ErrorOAuth2, *http.Response, error) { + return r.ApiService.OAuth2AuthorizeExecute(r) +} + +/* +OAuth2Authorize OAuth 2.0 Authorize Endpoint + +Use open source libraries to perform OAuth 2.0 and OpenID Connect +available for any programming language. You can find a list of libraries at https://oauth.net/code/ + +The Ory SDK is not yet able to this endpoint properly. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiOAuth2AuthorizeRequest +*/ +func (a *OAuth2ApiService) OAuth2Authorize(ctx context.Context) ApiOAuth2AuthorizeRequest { + return ApiOAuth2AuthorizeRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +// +// @return ErrorOAuth2 +func (a *OAuth2ApiService) OAuth2AuthorizeExecute(r ApiOAuth2AuthorizeRequest) (*ErrorOAuth2, *http.Response, error) { + var ( + localVarHTTPMethod = http.MethodGet + localVarPostBody interface{} + formFiles []formFile + localVarReturnValue *ErrorOAuth2 + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.OAuth2Authorize") + if err != nil { + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/oauth2/auth" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + +type ApiOauth2TokenExchangeRequest struct { + ctx context.Context + ApiService *OAuth2ApiService + grantType *string + clientId *string + code *string + redirectUri *string + refreshToken *string +} + +func (r ApiOauth2TokenExchangeRequest) GrantType(grantType string) ApiOauth2TokenExchangeRequest { + r.grantType = &grantType + return r +} + +func (r ApiOauth2TokenExchangeRequest) ClientId(clientId string) ApiOauth2TokenExchangeRequest { + r.clientId = &clientId + return r +} + +func (r ApiOauth2TokenExchangeRequest) Code(code string) ApiOauth2TokenExchangeRequest { + r.code = &code + return r +} + +func (r ApiOauth2TokenExchangeRequest) RedirectUri(redirectUri string) ApiOauth2TokenExchangeRequest { + r.redirectUri = &redirectUri + return r +} + +func (r ApiOauth2TokenExchangeRequest) RefreshToken(refreshToken string) ApiOauth2TokenExchangeRequest { + r.refreshToken = &refreshToken + return r +} + +func (r ApiOauth2TokenExchangeRequest) Execute() (*OAuth2TokenExchange, *http.Response, error) { + return r.ApiService.Oauth2TokenExchangeExecute(r) +} + +/* +Oauth2TokenExchange The OAuth 2.0 Token Endpoint + +Use open source libraries to perform OAuth 2.0 and OpenID Connect +available for any programming language. You can find a list of libraries here https://oauth.net/code/ + +The Ory SDK is not yet able to this endpoint properly. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiOauth2TokenExchangeRequest +*/ +func (a *OAuth2ApiService) Oauth2TokenExchange(ctx context.Context) ApiOauth2TokenExchangeRequest { + return ApiOauth2TokenExchangeRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +// +// @return OAuth2TokenExchange +func (a *OAuth2ApiService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRequest) (*OAuth2TokenExchange, *http.Response, error) { + var ( + localVarHTTPMethod = http.MethodPost + localVarPostBody interface{} + formFiles []formFile + localVarReturnValue *OAuth2TokenExchange + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.Oauth2TokenExchange") + if err != nil { + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/oauth2/token" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + if r.grantType == nil { + return localVarReturnValue, nil, reportError("grantType is required and must be specified") + } + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{"application/x-www-form-urlencoded"} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + if r.clientId != nil { + localVarFormParams.Add("client_id", parameterToString(*r.clientId, "")) + } + if r.code != nil { + localVarFormParams.Add("code", parameterToString(*r.code, "")) + } + localVarFormParams.Add("grant_type", parameterToString(*r.grantType, "")) + if r.redirectUri != nil { + localVarFormParams.Add("redirect_uri", parameterToString(*r.redirectUri, "")) + } + if r.refreshToken != nil { + localVarFormParams.Add("refresh_token", parameterToString(*r.refreshToken, "")) + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + type ApiPatchOAuth2ClientRequest struct { ctx context.Context ApiService *OAuth2ApiService @@ -2562,6 +3064,114 @@ func (a *OAuth2ApiService) RevokeOAuth2LoginSessionsExecute(r ApiRevokeOAuth2Log return localVarHTTPResponse, nil } +type ApiRevokeOAuth2TokenRequest struct { + ctx context.Context + ApiService *OAuth2ApiService + token *string +} + +func (r ApiRevokeOAuth2TokenRequest) Token(token string) ApiRevokeOAuth2TokenRequest { + r.token = &token + return r +} + +func (r ApiRevokeOAuth2TokenRequest) Execute() (*http.Response, error) { + return r.ApiService.RevokeOAuth2TokenExecute(r) +} + +/* +RevokeOAuth2Token Revoke OAuth 2.0 Access or Refresh Token + +Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no +longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token. +Revoking a refresh token also invalidates the access token that was created with it. A token may only be revoked by +the client the token was generated for. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiRevokeOAuth2TokenRequest +*/ +func (a *OAuth2ApiService) RevokeOAuth2Token(ctx context.Context) ApiRevokeOAuth2TokenRequest { + return ApiRevokeOAuth2TokenRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +func (a *OAuth2ApiService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenRequest) (*http.Response, error) { + var ( + localVarHTTPMethod = http.MethodPost + localVarPostBody interface{} + formFiles []formFile + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RevokeOAuth2Token") + if err != nil { + return nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/oauth2/revoke" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + if r.token == nil { + return nil, reportError("token is required and must be specified") + } + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{"application/x-www-form-urlencoded"} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + localVarFormParams.Add("token", parameterToString(*r.token, "")) + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarHTTPResponse, newErr + } + newErr.model = v + return localVarHTTPResponse, newErr + } + + return localVarHTTPResponse, nil +} + type ApiSetOAuth2ClientRequest struct { ctx context.Context ApiService *OAuth2ApiService diff --git a/internal/httpclient/api_oidc.go b/internal/httpclient/api_oidc.go index 1e0dc833c9..60c9b212ce 100644 --- a/internal/httpclient/api_oidc.go +++ b/internal/httpclient/api_oidc.go @@ -162,6 +162,116 @@ func (a *OidcApiService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicCl return localVarReturnValue, localVarHTTPResponse, nil } +type ApiDiscoverOidcConfigurationRequest struct { + ctx context.Context + ApiService *OidcApiService +} + +func (r ApiDiscoverOidcConfigurationRequest) Execute() (*OidcConfiguration, *http.Response, error) { + return r.ApiService.DiscoverOidcConfigurationExecute(r) +} + +/* +DiscoverOidcConfiguration OpenID Connect Discovery + +A mechanism for an OpenID Connect Relying Party to discover the End-User's OpenID Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations. + +Popular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others. +For a full list of clients go here: https://openid.net/developers/certified/ + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiDiscoverOidcConfigurationRequest +*/ +func (a *OidcApiService) DiscoverOidcConfiguration(ctx context.Context) ApiDiscoverOidcConfigurationRequest { + return ApiDiscoverOidcConfigurationRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +// +// @return OidcConfiguration +func (a *OidcApiService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfigurationRequest) (*OidcConfiguration, *http.Response, error) { + var ( + localVarHTTPMethod = http.MethodGet + localVarPostBody interface{} + formFiles []formFile + localVarReturnValue *OidcConfiguration + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.DiscoverOidcConfiguration") + if err != nil { + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/.well-known/openid-configuration" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + type ApiGetOidcDynamicClientRequest struct { ctx context.Context ApiService *OidcApiService @@ -279,6 +389,211 @@ func (a *OidcApiService) GetOidcDynamicClientExecute(r ApiGetOidcDynamicClientRe return localVarReturnValue, localVarHTTPResponse, nil } +type ApiGetOidcUserInfoRequest struct { + ctx context.Context + ApiService *OidcApiService +} + +func (r ApiGetOidcUserInfoRequest) Execute() (*OidcUserInfo, *http.Response, error) { + return r.ApiService.GetOidcUserInfoExecute(r) +} + +/* +GetOidcUserInfo OpenID Connect Userinfo + +This endpoint returns the payload of the ID Token, including `session.id_token` values, of +the provided OAuth 2.0 Access Token's consent request. + +In the case of authentication error, a WWW-Authenticate header might be set in the response +with more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3) +for more details about header format. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiGetOidcUserInfoRequest +*/ +func (a *OidcApiService) GetOidcUserInfo(ctx context.Context) ApiGetOidcUserInfoRequest { + return ApiGetOidcUserInfoRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +// +// @return OidcUserInfo +func (a *OidcApiService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*OidcUserInfo, *http.Response, error) { + var ( + localVarHTTPMethod = http.MethodGet + localVarPostBody interface{} + formFiles []formFile + localVarReturnValue *OidcUserInfo + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.GetOidcUserInfo") + if err != nil { + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/userinfo" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.model = v + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + +type ApiRevokeOidcSessionRequest struct { + ctx context.Context + ApiService *OidcApiService +} + +func (r ApiRevokeOidcSessionRequest) Execute() (*http.Response, error) { + return r.ApiService.RevokeOidcSessionExecute(r) +} + +/* +RevokeOidcSession OpenID Connect Front- and Back-channel Enabled Logout + +This endpoint initiates and completes user logout at the Ory OAuth2 & OpenID provider and initiates OpenID Connect Front- / Back-channel logout: + +https://openid.net/specs/openid-connect-frontchannel-1_0.html +https://openid.net/specs/openid-connect-backchannel-1_0.html + +Back-channel logout is performed asynchronously and does not affect logout flow. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @return ApiRevokeOidcSessionRequest +*/ +func (a *OidcApiService) RevokeOidcSession(ctx context.Context) ApiRevokeOidcSessionRequest { + return ApiRevokeOidcSessionRequest{ + ApiService: a, + ctx: ctx, + } +} + +// Execute executes the request +func (a *OidcApiService) RevokeOidcSessionExecute(r ApiRevokeOidcSessionRequest) (*http.Response, error) { + var ( + localVarHTTPMethod = http.MethodGet + localVarPostBody interface{} + formFiles []formFile + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.RevokeOidcSession") + if err != nil { + return nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/oauth2/sessions/logout" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + return localVarHTTPResponse, newErr + } + + return localVarHTTPResponse, nil +} + type ApiSetOidcDynamicClientRequest struct { ctx context.Context ApiService *OidcApiService diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index f39fa48f24..ce8c9c519b 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -23,243 +23,6 @@ import ( // V0alpha2ApiService V0alpha2Api service type V0alpha2ApiService service -type ApiAdminDeleteOAuth2TokenRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService - clientId *string -} - -func (r ApiAdminDeleteOAuth2TokenRequest) ClientId(clientId string) ApiAdminDeleteOAuth2TokenRequest { - r.clientId = &clientId - return r -} - -func (r ApiAdminDeleteOAuth2TokenRequest) Execute() (*http.Response, error) { - return r.ApiService.AdminDeleteOAuth2TokenExecute(r) -} - -/* -AdminDeleteOAuth2Token Delete OAuth2 Access Tokens from a Client - -This endpoint deletes OAuth2 access tokens issued for a client from the database - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiAdminDeleteOAuth2TokenRequest -*/ -func (a *V0alpha2ApiService) AdminDeleteOAuth2Token(ctx context.Context) ApiAdminDeleteOAuth2TokenRequest { - return ApiAdminDeleteOAuth2TokenRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -func (a *V0alpha2ApiService) AdminDeleteOAuth2TokenExecute(r ApiAdminDeleteOAuth2TokenRequest) (*http.Response, error) { - var ( - localVarHTTPMethod = http.MethodDelete - localVarPostBody interface{} - formFiles []formFile - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.AdminDeleteOAuth2Token") - if err != nil { - return nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/admin/oauth2/tokens" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - if r.clientId == nil { - return nil, reportError("clientId is required and must be specified") - } - - localVarQueryParams.Add("client_id", parameterToString(*r.clientId, "")) - // to determine the Content-Type header - localVarHTTPContentTypes := []string{} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{"application/json"} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - var v ErrorOAuth2 - err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr.error = err.Error() - return localVarHTTPResponse, newErr - } - newErr.model = v - return localVarHTTPResponse, newErr - } - - return localVarHTTPResponse, nil -} - -type ApiAdminIntrospectOAuth2TokenRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService - token *string - scope *string -} - -// The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned. -func (r ApiAdminIntrospectOAuth2TokenRequest) Token(token string) ApiAdminIntrospectOAuth2TokenRequest { - r.token = &token - return r -} - -// An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. -func (r ApiAdminIntrospectOAuth2TokenRequest) Scope(scope string) ApiAdminIntrospectOAuth2TokenRequest { - r.scope = &scope - return r -} - -func (r ApiAdminIntrospectOAuth2TokenRequest) Execute() (*IntrospectedOAuth2Token, *http.Response, error) { - return r.ApiService.AdminIntrospectOAuth2TokenExecute(r) -} - -/* -AdminIntrospectOAuth2Token Introspect OAuth2 Access or Refresh Tokens - -The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token -is neither expired nor revoked. If a token is active, additional information on the token will be included. You can -set additional data for a token by setting `accessTokenExtra` during the consent flow. - -For more information [read this blog post](https://www.oauth.com/oauth2-servers/token-introspection-endpoint/). - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiAdminIntrospectOAuth2TokenRequest -*/ -func (a *V0alpha2ApiService) AdminIntrospectOAuth2Token(ctx context.Context) ApiAdminIntrospectOAuth2TokenRequest { - return ApiAdminIntrospectOAuth2TokenRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -// -// @return IntrospectedOAuth2Token -func (a *V0alpha2ApiService) AdminIntrospectOAuth2TokenExecute(r ApiAdminIntrospectOAuth2TokenRequest) (*IntrospectedOAuth2Token, *http.Response, error) { - var ( - localVarHTTPMethod = http.MethodPost - localVarPostBody interface{} - formFiles []formFile - localVarReturnValue *IntrospectedOAuth2Token - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.AdminIntrospectOAuth2Token") - if err != nil { - return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/admin/oauth2/introspect" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - if r.token == nil { - return localVarReturnValue, nil, reportError("token is required and must be specified") - } - - // to determine the Content-Type header - localVarHTTPContentTypes := []string{"application/x-www-form-urlencoded"} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{"application/json"} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - if r.scope != nil { - localVarFormParams.Add("scope", parameterToString(*r.scope, "")) - } - localVarFormParams.Add("token", parameterToString(*r.token, "")) - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return localVarReturnValue, nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - var v ErrorOAuth2 - err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr.error = err.Error() - return localVarReturnValue, localVarHTTPResponse, newErr - } - newErr.model = v - return localVarReturnValue, localVarHTTPResponse, newErr - } - - err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: err.Error(), - } - return localVarReturnValue, localVarHTTPResponse, newErr - } - - return localVarReturnValue, localVarHTTPResponse, nil -} - type ApiDeleteOidcDynamicClientRequest struct { ctx context.Context ApiService *V0alpha2ApiService @@ -368,700 +131,3 @@ func (a *V0alpha2ApiService) DeleteOidcDynamicClientExecute(r ApiDeleteOidcDynam return localVarHTTPResponse, nil } - -type ApiDiscoverOidcConfigurationRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService -} - -func (r ApiDiscoverOidcConfigurationRequest) Execute() (*OidcConfiguration, *http.Response, error) { - return r.ApiService.DiscoverOidcConfigurationExecute(r) -} - -/* -DiscoverOidcConfiguration OpenID Connect Discovery - -The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll -your own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this -flow at https://openid.net/specs/openid-connect-discovery-1_0.html . - -Popular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others. -For a full list of clients go here: https://openid.net/developers/certified/ - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiDiscoverOidcConfigurationRequest -*/ -func (a *V0alpha2ApiService) DiscoverOidcConfiguration(ctx context.Context) ApiDiscoverOidcConfigurationRequest { - return ApiDiscoverOidcConfigurationRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -// -// @return OidcConfiguration -func (a *V0alpha2ApiService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfigurationRequest) (*OidcConfiguration, *http.Response, error) { - var ( - localVarHTTPMethod = http.MethodGet - localVarPostBody interface{} - formFiles []formFile - localVarReturnValue *OidcConfiguration - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.DiscoverOidcConfiguration") - if err != nil { - return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/.well-known/openid-configuration" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - - // to determine the Content-Type header - localVarHTTPContentTypes := []string{} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{"application/json"} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return localVarReturnValue, nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - var v ErrorOAuth2 - err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr.error = err.Error() - return localVarReturnValue, localVarHTTPResponse, newErr - } - newErr.model = v - return localVarReturnValue, localVarHTTPResponse, newErr - } - - err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: err.Error(), - } - return localVarReturnValue, localVarHTTPResponse, newErr - } - - return localVarReturnValue, localVarHTTPResponse, nil -} - -type ApiGetOidcUserInfoRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService -} - -func (r ApiGetOidcUserInfoRequest) Execute() (*OidcUserInfo, *http.Response, error) { - return r.ApiService.GetOidcUserInfoExecute(r) -} - -/* -GetOidcUserInfo OpenID Connect Userinfo - -This endpoint returns the payload of the ID Token, including the idTokenExtra values, of -the provided OAuth 2.0 Access Token. - -For more information please [refer to the spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo). - -In the case of authentication error, a WWW-Authenticate header might be set in the response -with more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3) -for more details about header format. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiGetOidcUserInfoRequest -*/ -func (a *V0alpha2ApiService) GetOidcUserInfo(ctx context.Context) ApiGetOidcUserInfoRequest { - return ApiGetOidcUserInfoRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -// -// @return OidcUserInfo -func (a *V0alpha2ApiService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*OidcUserInfo, *http.Response, error) { - var ( - localVarHTTPMethod = http.MethodGet - localVarPostBody interface{} - formFiles []formFile - localVarReturnValue *OidcUserInfo - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.GetOidcUserInfo") - if err != nil { - return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/userinfo" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - - // to determine the Content-Type header - localVarHTTPContentTypes := []string{} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{"application/json"} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return localVarReturnValue, nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - var v ErrorOAuth2 - err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr.error = err.Error() - return localVarReturnValue, localVarHTTPResponse, newErr - } - newErr.model = v - return localVarReturnValue, localVarHTTPResponse, newErr - } - - err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: err.Error(), - } - return localVarReturnValue, localVarHTTPResponse, newErr - } - - return localVarReturnValue, localVarHTTPResponse, nil -} - -type ApiPerformOAuth2AuthorizationFlowRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService -} - -func (r ApiPerformOAuth2AuthorizationFlowRequest) Execute() (*ErrorOAuth2, *http.Response, error) { - return r.ApiService.PerformOAuth2AuthorizationFlowExecute(r) -} - -/* -PerformOAuth2AuthorizationFlow The OAuth 2.0 Authorize Endpoint - -This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows. -OAuth2 is a very popular protocol and a library for your programming language will exists. - -To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749 - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiPerformOAuth2AuthorizationFlowRequest -*/ -func (a *V0alpha2ApiService) PerformOAuth2AuthorizationFlow(ctx context.Context) ApiPerformOAuth2AuthorizationFlowRequest { - return ApiPerformOAuth2AuthorizationFlowRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -// -// @return ErrorOAuth2 -func (a *V0alpha2ApiService) PerformOAuth2AuthorizationFlowExecute(r ApiPerformOAuth2AuthorizationFlowRequest) (*ErrorOAuth2, *http.Response, error) { - var ( - localVarHTTPMethod = http.MethodGet - localVarPostBody interface{} - formFiles []formFile - localVarReturnValue *ErrorOAuth2 - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.PerformOAuth2AuthorizationFlow") - if err != nil { - return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/oauth2/auth" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - - // to determine the Content-Type header - localVarHTTPContentTypes := []string{} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{"application/json"} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return localVarReturnValue, nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - var v ErrorOAuth2 - err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr.error = err.Error() - return localVarReturnValue, localVarHTTPResponse, newErr - } - newErr.model = v - return localVarReturnValue, localVarHTTPResponse, newErr - } - - err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: err.Error(), - } - return localVarReturnValue, localVarHTTPResponse, newErr - } - - return localVarReturnValue, localVarHTTPResponse, nil -} - -type ApiPerformOAuth2TokenFlowRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService - grantType *string - clientId *string - code *string - redirectUri *string - refreshToken *string -} - -func (r ApiPerformOAuth2TokenFlowRequest) GrantType(grantType string) ApiPerformOAuth2TokenFlowRequest { - r.grantType = &grantType - return r -} - -func (r ApiPerformOAuth2TokenFlowRequest) ClientId(clientId string) ApiPerformOAuth2TokenFlowRequest { - r.clientId = &clientId - return r -} - -func (r ApiPerformOAuth2TokenFlowRequest) Code(code string) ApiPerformOAuth2TokenFlowRequest { - r.code = &code - return r -} - -func (r ApiPerformOAuth2TokenFlowRequest) RedirectUri(redirectUri string) ApiPerformOAuth2TokenFlowRequest { - r.redirectUri = &redirectUri - return r -} - -func (r ApiPerformOAuth2TokenFlowRequest) RefreshToken(refreshToken string) ApiPerformOAuth2TokenFlowRequest { - r.refreshToken = &refreshToken - return r -} - -func (r ApiPerformOAuth2TokenFlowRequest) Execute() (*OAuth2TokenResponse, *http.Response, error) { - return r.ApiService.PerformOAuth2TokenFlowExecute(r) -} - -/* -PerformOAuth2TokenFlow The OAuth 2.0 Token Endpoint - -The client makes a request to the token endpoint by sending the -following parameters using the "application/x-www-form-urlencoded" HTTP -request entity-body. - -> Do not implement a client for this endpoint yourself. Use a library. There are many libraries -> available for any programming language. You can find a list of libraries here: https://oauth.net/code/ -> -> Do note that Hydra SDK does not implement this endpoint properly. Use one of the libraries listed above - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiPerformOAuth2TokenFlowRequest -*/ -func (a *V0alpha2ApiService) PerformOAuth2TokenFlow(ctx context.Context) ApiPerformOAuth2TokenFlowRequest { - return ApiPerformOAuth2TokenFlowRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -// -// @return OAuth2TokenResponse -func (a *V0alpha2ApiService) PerformOAuth2TokenFlowExecute(r ApiPerformOAuth2TokenFlowRequest) (*OAuth2TokenResponse, *http.Response, error) { - var ( - localVarHTTPMethod = http.MethodPost - localVarPostBody interface{} - formFiles []formFile - localVarReturnValue *OAuth2TokenResponse - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.PerformOAuth2TokenFlow") - if err != nil { - return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/oauth2/token" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - if r.grantType == nil { - return localVarReturnValue, nil, reportError("grantType is required and must be specified") - } - - // to determine the Content-Type header - localVarHTTPContentTypes := []string{"application/x-www-form-urlencoded"} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{"application/json"} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - if r.clientId != nil { - localVarFormParams.Add("client_id", parameterToString(*r.clientId, "")) - } - if r.code != nil { - localVarFormParams.Add("code", parameterToString(*r.code, "")) - } - localVarFormParams.Add("grant_type", parameterToString(*r.grantType, "")) - if r.redirectUri != nil { - localVarFormParams.Add("redirect_uri", parameterToString(*r.redirectUri, "")) - } - if r.refreshToken != nil { - localVarFormParams.Add("refresh_token", parameterToString(*r.refreshToken, "")) - } - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return localVarReturnValue, nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarReturnValue, localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - var v ErrorOAuth2 - err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr.error = err.Error() - return localVarReturnValue, localVarHTTPResponse, newErr - } - newErr.model = v - return localVarReturnValue, localVarHTTPResponse, newErr - } - - err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: err.Error(), - } - return localVarReturnValue, localVarHTTPResponse, newErr - } - - return localVarReturnValue, localVarHTTPResponse, nil -} - -type ApiPerformOidcFrontOrBackChannelLogoutRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService -} - -func (r ApiPerformOidcFrontOrBackChannelLogoutRequest) Execute() (*http.Response, error) { - return r.ApiService.PerformOidcFrontOrBackChannelLogoutExecute(r) -} - -/* -PerformOidcFrontOrBackChannelLogout OpenID Connect Front- or Back-channel Enabled Logout - -This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front- / Back-channel logout: - -https://openid.net/specs/openid-connect-frontchannel-1_0.html -https://openid.net/specs/openid-connect-backchannel-1_0.html - -Back-channel logout is performed asynchronously and does not affect logout flow. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiPerformOidcFrontOrBackChannelLogoutRequest -*/ -func (a *V0alpha2ApiService) PerformOidcFrontOrBackChannelLogout(ctx context.Context) ApiPerformOidcFrontOrBackChannelLogoutRequest { - return ApiPerformOidcFrontOrBackChannelLogoutRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -func (a *V0alpha2ApiService) PerformOidcFrontOrBackChannelLogoutExecute(r ApiPerformOidcFrontOrBackChannelLogoutRequest) (*http.Response, error) { - var ( - localVarHTTPMethod = http.MethodGet - localVarPostBody interface{} - formFiles []formFile - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.PerformOidcFrontOrBackChannelLogout") - if err != nil { - return nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/oauth2/sessions/logout" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - - // to determine the Content-Type header - localVarHTTPContentTypes := []string{} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - return localVarHTTPResponse, newErr - } - - return localVarHTTPResponse, nil -} - -type ApiRevokeOAuth2TokenRequest struct { - ctx context.Context - ApiService *V0alpha2ApiService - token *string -} - -func (r ApiRevokeOAuth2TokenRequest) Token(token string) ApiRevokeOAuth2TokenRequest { - r.token = &token - return r -} - -func (r ApiRevokeOAuth2TokenRequest) Execute() (*http.Response, error) { - return r.ApiService.RevokeOAuth2TokenExecute(r) -} - -/* -RevokeOAuth2Token Revoke an OAuth2 Access or Refresh Token - -Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no -longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token. -Revoking a refresh token also invalidates the access token that was created with it. A token may only be revoked by -the client the token was generated for. - - @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @return ApiRevokeOAuth2TokenRequest -*/ -func (a *V0alpha2ApiService) RevokeOAuth2Token(ctx context.Context) ApiRevokeOAuth2TokenRequest { - return ApiRevokeOAuth2TokenRequest{ - ApiService: a, - ctx: ctx, - } -} - -// Execute executes the request -func (a *V0alpha2ApiService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenRequest) (*http.Response, error) { - var ( - localVarHTTPMethod = http.MethodPost - localVarPostBody interface{} - formFiles []formFile - ) - - localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "V0alpha2ApiService.RevokeOAuth2Token") - if err != nil { - return nil, &GenericOpenAPIError{error: err.Error()} - } - - localVarPath := localBasePath + "/oauth2/revoke" - - localVarHeaderParams := make(map[string]string) - localVarQueryParams := url.Values{} - localVarFormParams := url.Values{} - if r.token == nil { - return nil, reportError("token is required and must be specified") - } - - // to determine the Content-Type header - localVarHTTPContentTypes := []string{"application/x-www-form-urlencoded"} - - // set Content-Type header - localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) - if localVarHTTPContentType != "" { - localVarHeaderParams["Content-Type"] = localVarHTTPContentType - } - - // to determine the Accept header - localVarHTTPHeaderAccepts := []string{"application/json"} - - // set Accept header - localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) - if localVarHTTPHeaderAccept != "" { - localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept - } - localVarFormParams.Add("token", parameterToString(*r.token, "")) - req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) - if err != nil { - return nil, err - } - - localVarHTTPResponse, err := a.client.callAPI(req) - if err != nil || localVarHTTPResponse == nil { - return localVarHTTPResponse, err - } - - localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) - localVarHTTPResponse.Body.Close() - localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) - if err != nil { - return localVarHTTPResponse, err - } - - if localVarHTTPResponse.StatusCode >= 300 { - newErr := &GenericOpenAPIError{ - body: localVarBody, - error: localVarHTTPResponse.Status, - } - var v ErrorOAuth2 - err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) - if err != nil { - newErr.error = err.Error() - return localVarHTTPResponse, newErr - } - newErr.model = v - return localVarHTTPResponse, newErr - } - - return localVarHTTPResponse, nil -} diff --git a/internal/httpclient/docs/OAuth2TokenResponse.md b/internal/httpclient/docs/OAuth2TokenExchange.md similarity index 74% rename from internal/httpclient/docs/OAuth2TokenResponse.md rename to internal/httpclient/docs/OAuth2TokenExchange.md index 69e8687552..27a7c4690c 100644 --- a/internal/httpclient/docs/OAuth2TokenResponse.md +++ b/internal/httpclient/docs/OAuth2TokenExchange.md @@ -1,4 +1,4 @@ -# OAuth2TokenResponse +# OAuth2TokenExchange ## Properties @@ -13,170 +13,170 @@ ## Methods -### NewOAuth2TokenResponse +### NewOAuth2TokenExchange -`func NewOAuth2TokenResponse() *OAuth2TokenResponse` +`func NewOAuth2TokenExchange() *OAuth2TokenExchange` -NewOAuth2TokenResponse instantiates a new OAuth2TokenResponse object This +NewOAuth2TokenExchange instantiates a new OAuth2TokenExchange object This constructor will assign default values to properties that have it defined, and makes sure properties required by API are set, but the set of arguments will change when the set of required properties is changed -### NewOAuth2TokenResponseWithDefaults +### NewOAuth2TokenExchangeWithDefaults -`func NewOAuth2TokenResponseWithDefaults() *OAuth2TokenResponse` +`func NewOAuth2TokenExchangeWithDefaults() *OAuth2TokenExchange` -NewOAuth2TokenResponseWithDefaults instantiates a new OAuth2TokenResponse object +NewOAuth2TokenExchangeWithDefaults instantiates a new OAuth2TokenExchange object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set ### GetAccessToken -`func (o *OAuth2TokenResponse) GetAccessToken() string` +`func (o *OAuth2TokenExchange) GetAccessToken() string` GetAccessToken returns the AccessToken field if non-nil, zero value otherwise. ### GetAccessTokenOk -`func (o *OAuth2TokenResponse) GetAccessTokenOk() (*string, bool)` +`func (o *OAuth2TokenExchange) GetAccessTokenOk() (*string, bool)` GetAccessTokenOk returns a tuple with the AccessToken field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetAccessToken -`func (o *OAuth2TokenResponse) SetAccessToken(v string)` +`func (o *OAuth2TokenExchange) SetAccessToken(v string)` SetAccessToken sets AccessToken field to given value. ### HasAccessToken -`func (o *OAuth2TokenResponse) HasAccessToken() bool` +`func (o *OAuth2TokenExchange) HasAccessToken() bool` HasAccessToken returns a boolean if a field has been set. ### GetExpiresIn -`func (o *OAuth2TokenResponse) GetExpiresIn() int64` +`func (o *OAuth2TokenExchange) GetExpiresIn() int64` GetExpiresIn returns the ExpiresIn field if non-nil, zero value otherwise. ### GetExpiresInOk -`func (o *OAuth2TokenResponse) GetExpiresInOk() (*int64, bool)` +`func (o *OAuth2TokenExchange) GetExpiresInOk() (*int64, bool)` GetExpiresInOk returns a tuple with the ExpiresIn field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetExpiresIn -`func (o *OAuth2TokenResponse) SetExpiresIn(v int64)` +`func (o *OAuth2TokenExchange) SetExpiresIn(v int64)` SetExpiresIn sets ExpiresIn field to given value. ### HasExpiresIn -`func (o *OAuth2TokenResponse) HasExpiresIn() bool` +`func (o *OAuth2TokenExchange) HasExpiresIn() bool` HasExpiresIn returns a boolean if a field has been set. ### GetIdToken -`func (o *OAuth2TokenResponse) GetIdToken() int64` +`func (o *OAuth2TokenExchange) GetIdToken() int64` GetIdToken returns the IdToken field if non-nil, zero value otherwise. ### GetIdTokenOk -`func (o *OAuth2TokenResponse) GetIdTokenOk() (*int64, bool)` +`func (o *OAuth2TokenExchange) GetIdTokenOk() (*int64, bool)` GetIdTokenOk returns a tuple with the IdToken field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetIdToken -`func (o *OAuth2TokenResponse) SetIdToken(v int64)` +`func (o *OAuth2TokenExchange) SetIdToken(v int64)` SetIdToken sets IdToken field to given value. ### HasIdToken -`func (o *OAuth2TokenResponse) HasIdToken() bool` +`func (o *OAuth2TokenExchange) HasIdToken() bool` HasIdToken returns a boolean if a field has been set. ### GetRefreshToken -`func (o *OAuth2TokenResponse) GetRefreshToken() string` +`func (o *OAuth2TokenExchange) GetRefreshToken() string` GetRefreshToken returns the RefreshToken field if non-nil, zero value otherwise. ### GetRefreshTokenOk -`func (o *OAuth2TokenResponse) GetRefreshTokenOk() (*string, bool)` +`func (o *OAuth2TokenExchange) GetRefreshTokenOk() (*string, bool)` GetRefreshTokenOk returns a tuple with the RefreshToken field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetRefreshToken -`func (o *OAuth2TokenResponse) SetRefreshToken(v string)` +`func (o *OAuth2TokenExchange) SetRefreshToken(v string)` SetRefreshToken sets RefreshToken field to given value. ### HasRefreshToken -`func (o *OAuth2TokenResponse) HasRefreshToken() bool` +`func (o *OAuth2TokenExchange) HasRefreshToken() bool` HasRefreshToken returns a boolean if a field has been set. ### GetScope -`func (o *OAuth2TokenResponse) GetScope() int64` +`func (o *OAuth2TokenExchange) GetScope() int64` GetScope returns the Scope field if non-nil, zero value otherwise. ### GetScopeOk -`func (o *OAuth2TokenResponse) GetScopeOk() (*int64, bool)` +`func (o *OAuth2TokenExchange) GetScopeOk() (*int64, bool)` GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetScope -`func (o *OAuth2TokenResponse) SetScope(v int64)` +`func (o *OAuth2TokenExchange) SetScope(v int64)` SetScope sets Scope field to given value. ### HasScope -`func (o *OAuth2TokenResponse) HasScope() bool` +`func (o *OAuth2TokenExchange) HasScope() bool` HasScope returns a boolean if a field has been set. ### GetTokenType -`func (o *OAuth2TokenResponse) GetTokenType() string` +`func (o *OAuth2TokenExchange) GetTokenType() string` GetTokenType returns the TokenType field if non-nil, zero value otherwise. ### GetTokenTypeOk -`func (o *OAuth2TokenResponse) GetTokenTypeOk() (*string, bool)` +`func (o *OAuth2TokenExchange) GetTokenTypeOk() (*string, bool)` GetTokenTypeOk returns a tuple with the TokenType field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. ### SetTokenType -`func (o *OAuth2TokenResponse) SetTokenType(v string)` +`func (o *OAuth2TokenExchange) SetTokenType(v string)` SetTokenType sets TokenType field to given value. ### HasTokenType -`func (o *OAuth2TokenResponse) HasTokenType() bool` +`func (o *OAuth2TokenExchange) HasTokenType() bool` HasTokenType returns a boolean if a field has been set. diff --git a/internal/httpclient/docs/Oauth2Api.md b/internal/httpclient/docs/Oauth2Api.md index ae348b75f2..fdf95ea1a7 100644 --- a/internal/httpclient/docs/Oauth2Api.md +++ b/internal/httpclient/docs/Oauth2Api.md @@ -2,31 +2,36 @@ All URIs are relative to _http://localhost_ -| Method | HTTP request | Description | -| --------------------------------------------------------------------------------------- | ------------------------------------------------------ | -------------------------------------------------- | -| [**AcceptOAuth2ConsentRequest**](OAuth2Api.md#AcceptOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request | -| [**AcceptOAuth2LoginRequest**](OAuth2Api.md#AcceptOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request | -| [**AcceptOAuth2LogoutRequest**](OAuth2Api.md#AcceptOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request | -| [**CreateOAuth2Client**](OAuth2Api.md#CreateOAuth2Client) | **Post** /admin/clients | Create OAuth 2.0 Client | -| [**DeleteOAuth2Client**](OAuth2Api.md#DeleteOAuth2Client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client | -| [**DeleteTrustedOAuth2JwtGrantIssuer**](OAuth2Api.md#DeleteTrustedOAuth2JwtGrantIssuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer | -| [**GetOAuth2Client**](OAuth2Api.md#GetOAuth2Client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client | -| [**GetOAuth2ConsentRequest**](OAuth2Api.md#GetOAuth2ConsentRequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request | -| [**GetOAuth2LoginRequest**](OAuth2Api.md#GetOAuth2LoginRequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request | -| [**GetOAuth2LogoutRequest**](OAuth2Api.md#GetOAuth2LogoutRequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request | -| [**GetTrustedOAuth2JwtGrantIssuer**](OAuth2Api.md#GetTrustedOAuth2JwtGrantIssuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer | -| [**ListOAuth2Clients**](OAuth2Api.md#ListOAuth2Clients) | **Get** /admin/clients | List OAuth 2.0 Clients | -| [**ListOAuth2ConsentSessions**](OAuth2Api.md#ListOAuth2ConsentSessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject | -| [**ListTrustedOAuth2JwtGrantIssuers**](OAuth2Api.md#ListTrustedOAuth2JwtGrantIssuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers | -| [**PatchOAuth2Client**](OAuth2Api.md#PatchOAuth2Client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client | -| [**RejectOAuth2ConsentRequest**](OAuth2Api.md#RejectOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request | -| [**RejectOAuth2LoginRequest**](OAuth2Api.md#RejectOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request | -| [**RejectOAuth2LogoutRequest**](OAuth2Api.md#RejectOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request | -| [**RevokeOAuth2ConsentSessions**](OAuth2Api.md#RevokeOAuth2ConsentSessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject | -| [**RevokeOAuth2LoginSessions**](OAuth2Api.md#RevokeOAuth2LoginSessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes All OAuth 2.0 Login Sessions of a Subject | -| [**SetOAuth2Client**](OAuth2Api.md#SetOAuth2Client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client | -| [**SetOAuth2ClientLifespans**](OAuth2Api.md#SetOAuth2ClientLifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans | -| [**TrustOAuth2JwtGrantIssuer**](OAuth2Api.md#TrustOAuth2JwtGrantIssuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer | +| Method | HTTP request | Description | +| --------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------- | +| [**AcceptOAuth2ConsentRequest**](OAuth2Api.md#AcceptOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request | +| [**AcceptOAuth2LoginRequest**](OAuth2Api.md#AcceptOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request | +| [**AcceptOAuth2LogoutRequest**](OAuth2Api.md#AcceptOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request | +| [**CreateOAuth2Client**](OAuth2Api.md#CreateOAuth2Client) | **Post** /admin/clients | Create OAuth 2.0 Client | +| [**DeleteOAuth2Client**](OAuth2Api.md#DeleteOAuth2Client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client | +| [**DeleteOAuth2Token**](OAuth2Api.md#DeleteOAuth2Token) | **Delete** /admin/oauth2/tokens | Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client | +| [**DeleteTrustedOAuth2JwtGrantIssuer**](OAuth2Api.md#DeleteTrustedOAuth2JwtGrantIssuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer | +| [**GetOAuth2Client**](OAuth2Api.md#GetOAuth2Client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client | +| [**GetOAuth2ConsentRequest**](OAuth2Api.md#GetOAuth2ConsentRequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request | +| [**GetOAuth2LoginRequest**](OAuth2Api.md#GetOAuth2LoginRequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request | +| [**GetOAuth2LogoutRequest**](OAuth2Api.md#GetOAuth2LogoutRequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request | +| [**GetTrustedOAuth2JwtGrantIssuer**](OAuth2Api.md#GetTrustedOAuth2JwtGrantIssuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer | +| [**IntrospectOAuth2Token**](OAuth2Api.md#IntrospectOAuth2Token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access and Refresh Tokens | +| [**ListOAuth2Clients**](OAuth2Api.md#ListOAuth2Clients) | **Get** /admin/clients | List OAuth 2.0 Clients | +| [**ListOAuth2ConsentSessions**](OAuth2Api.md#ListOAuth2ConsentSessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject | +| [**ListTrustedOAuth2JwtGrantIssuers**](OAuth2Api.md#ListTrustedOAuth2JwtGrantIssuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers | +| [**OAuth2Authorize**](OAuth2Api.md#OAuth2Authorize) | **Get** /oauth2/auth | OAuth 2.0 Authorize Endpoint | +| [**Oauth2TokenExchange**](OAuth2Api.md#Oauth2TokenExchange) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint | +| [**PatchOAuth2Client**](OAuth2Api.md#PatchOAuth2Client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client | +| [**RejectOAuth2ConsentRequest**](OAuth2Api.md#RejectOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request | +| [**RejectOAuth2LoginRequest**](OAuth2Api.md#RejectOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request | +| [**RejectOAuth2LogoutRequest**](OAuth2Api.md#RejectOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request | +| [**RevokeOAuth2ConsentSessions**](OAuth2Api.md#RevokeOAuth2ConsentSessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject | +| [**RevokeOAuth2LoginSessions**](OAuth2Api.md#RevokeOAuth2LoginSessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes All OAuth 2.0 Login Sessions of a Subject | +| [**RevokeOAuth2Token**](OAuth2Api.md#RevokeOAuth2Token) | **Post** /oauth2/revoke | Revoke OAuth 2.0 Access or Refresh Token | +| [**SetOAuth2Client**](OAuth2Api.md#SetOAuth2Client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client | +| [**SetOAuth2ClientLifespans**](OAuth2Api.md#SetOAuth2ClientLifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans | +| [**TrustOAuth2JwtGrantIssuer**](OAuth2Api.md#TrustOAuth2JwtGrantIssuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer | ## AcceptOAuth2ConsentRequest @@ -347,6 +352,66 @@ No authorization required [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +## DeleteOAuth2Token + +> DeleteOAuth2Token(ctx).ClientId(clientId).Execute() + +Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + clientId := "clientId_example" // string | OAuth 2.0 Client ID + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OAuth2Api.DeleteOAuth2Token(context.Background()).ClientId(clientId).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.DeleteOAuth2Token``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } +} +``` + +### Path Parameters + +### Other Parameters + +Other parameters are passed through a pointer to a apiDeleteOAuth2TokenRequest +struct via the builder pattern + +| Name | Type | Description | Notes | +| ------------ | ---------- | ------------------- | ----- | +| **clientId** | **string** | OAuth 2.0 Client ID | + +### Return type + +(empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + ## DeleteTrustedOAuth2JwtGrantIssuer > DeleteTrustedOAuth2JwtGrantIssuer(ctx, id).Execute() @@ -732,6 +797,71 @@ No authorization required [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +## IntrospectOAuth2Token + +> IntrospectedOAuth2Token +> IntrospectOAuth2Token(ctx).Token(token).Scope(scope).Execute() + +Introspect OAuth2 Access and Refresh Tokens + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + token := "token_example" // string | The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned. + scope := "scope_example" // string | An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. (optional) + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OAuth2Api.IntrospectOAuth2Token(context.Background()).Token(token).Scope(scope).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.IntrospectOAuth2Token``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + // response from `IntrospectOAuth2Token`: IntrospectedOAuth2Token + fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.IntrospectOAuth2Token`: %v\n", resp) +} +``` + +### Path Parameters + +### Other Parameters + +Other parameters are passed through a pointer to a +apiIntrospectOAuth2TokenRequest struct via the builder pattern + +| Name | Type | Description | Notes | +| --------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| **token** | **string** | The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned. | +| **scope** | **string** | An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. | + +### Return type + +[**IntrospectedOAuth2Token**](IntrospectedOAuth2Token.md) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: application/x-www-form-urlencoded +- **Accept**: application/json + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + ## ListOAuth2Clients > []OAuth2Client @@ -935,6 +1065,136 @@ No authorization required [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +## OAuth2Authorize + +> ErrorOAuth2 OAuth2Authorize(ctx).Execute() + +OAuth 2.0 Authorize Endpoint + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OAuth2Api.OAuth2Authorize(context.Background()).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.OAuth2Authorize``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + // response from `OAuth2Authorize`: ErrorOAuth2 + fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.OAuth2Authorize`: %v\n", resp) +} +``` + +### Path Parameters + +This endpoint does not need any parameter. + +### Other Parameters + +Other parameters are passed through a pointer to a apiOAuth2AuthorizeRequest +struct via the builder pattern + +### Return type + +[**ErrorOAuth2**](ErrorOAuth2.md) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + +## Oauth2TokenExchange + +> OAuth2TokenExchange +> Oauth2TokenExchange(ctx).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() + +The OAuth 2.0 Token Endpoint + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + grantType := "grantType_example" // string | + clientId := "clientId_example" // string | (optional) + code := "code_example" // string | (optional) + redirectUri := "redirectUri_example" // string | (optional) + refreshToken := "refreshToken_example" // string | (optional) + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OAuth2Api.Oauth2TokenExchange(context.Background()).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.Oauth2TokenExchange``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + // response from `Oauth2TokenExchange`: OAuth2TokenExchange + fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.Oauth2TokenExchange`: %v\n", resp) +} +``` + +### Path Parameters + +### Other Parameters + +Other parameters are passed through a pointer to a apiOauth2TokenExchangeRequest +struct via the builder pattern + +| Name | Type | Description | Notes | +| ---------------- | ---------- | ----------- | ----- | +| **grantType** | **string** | | +| **clientId** | **string** | | +| **code** | **string** | | +| **redirectUri** | **string** | | +| **refreshToken** | **string** | | + +### Return type + +[**OAuth2TokenExchange**](OAuth2TokenExchange.md) + +### Authorization + +[basic](../README.md#basic), [oauth2](../README.md#oauth2) + +### HTTP request headers + +- **Content-Type**: application/x-www-form-urlencoded +- **Accept**: application/json + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + ## PatchOAuth2Client > OAuth2Client PatchOAuth2Client(ctx, id).JsonPatch(jsonPatch).Execute() @@ -1319,6 +1579,66 @@ No authorization required [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +## RevokeOAuth2Token + +> RevokeOAuth2Token(ctx).Token(token).Execute() + +Revoke OAuth 2.0 Access or Refresh Token + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + token := "token_example" // string | + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OAuth2Api.RevokeOAuth2Token(context.Background()).Token(token).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.RevokeOAuth2Token``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } +} +``` + +### Path Parameters + +### Other Parameters + +Other parameters are passed through a pointer to a apiRevokeOAuth2TokenRequest +struct via the builder pattern + +| Name | Type | Description | Notes | +| --------- | ---------- | ----------- | ----- | +| **token** | **string** | | + +### Return type + +(empty response body) + +### Authorization + +[basic](../README.md#basic), [oauth2](../README.md#oauth2) + +### HTTP request headers + +- **Content-Type**: application/x-www-form-urlencoded +- **Accept**: application/json + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + ## SetOAuth2Client > OAuth2Client SetOAuth2Client(ctx, id).OAuth2Client(oAuth2Client).Execute() diff --git a/internal/httpclient/docs/OidcApi.md b/internal/httpclient/docs/OidcApi.md index 1353c1aa37..bd0821a856 100644 --- a/internal/httpclient/docs/OidcApi.md +++ b/internal/httpclient/docs/OidcApi.md @@ -2,11 +2,14 @@ All URIs are relative to _http://localhost_ -| Method | HTTP request | Description | -| ----------------------------------------------------------------- | ----------------------------- | --------------------------------------------------------------- | -| [**CreateOidcDynamicClient**](OidcApi.md#CreateOidcDynamicClient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration | -| [**GetOidcDynamicClient**](OidcApi.md#GetOidcDynamicClient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration | -| [**SetOidcDynamicClient**](OidcApi.md#SetOidcDynamicClient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration | +| Method | HTTP request | Description | +| --------------------------------------------------------------------- | ----------------------------------------- | --------------------------------------------------------------- | +| [**CreateOidcDynamicClient**](OidcApi.md#CreateOidcDynamicClient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration | +| [**DiscoverOidcConfiguration**](OidcApi.md#DiscoverOidcConfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery | +| [**GetOidcDynamicClient**](OidcApi.md#GetOidcDynamicClient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration | +| [**GetOidcUserInfo**](OidcApi.md#GetOidcUserInfo) | **Get** /userinfo | OpenID Connect Userinfo | +| [**RevokeOidcSession**](OidcApi.md#RevokeOidcSession) | **Get** /oauth2/sessions/logout | OpenID Connect Front- and Back-channel Enabled Logout | +| [**SetOidcDynamicClient**](OidcApi.md#SetOidcDynamicClient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration | ## CreateOidcDynamicClient @@ -70,6 +73,65 @@ No authorization required [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +## DiscoverOidcConfiguration + +> OidcConfiguration DiscoverOidcConfiguration(ctx).Execute() + +OpenID Connect Discovery + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OidcApi.DiscoverOidcConfiguration(context.Background()).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.DiscoverOidcConfiguration``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + // response from `DiscoverOidcConfiguration`: OidcConfiguration + fmt.Fprintf(os.Stdout, "Response from `OidcApi.DiscoverOidcConfiguration`: %v\n", resp) +} +``` + +### Path Parameters + +This endpoint does not need any parameter. + +### Other Parameters + +Other parameters are passed through a pointer to a +apiDiscoverOidcConfigurationRequest struct via the builder pattern + +### Return type + +[**OidcConfiguration**](OidcConfiguration.md) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + ## GetOidcDynamicClient > OAuth2Client GetOidcDynamicClient(ctx, id).Execute() @@ -136,6 +198,122 @@ apiGetOidcDynamicClientRequest struct via the builder pattern [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +## GetOidcUserInfo + +> OidcUserInfo GetOidcUserInfo(ctx).Execute() + +OpenID Connect Userinfo + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OidcApi.GetOidcUserInfo(context.Background()).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.GetOidcUserInfo``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + // response from `GetOidcUserInfo`: OidcUserInfo + fmt.Fprintf(os.Stdout, "Response from `OidcApi.GetOidcUserInfo`: %v\n", resp) +} +``` + +### Path Parameters + +This endpoint does not need any parameter. + +### Other Parameters + +Other parameters are passed through a pointer to a apiGetOidcUserInfoRequest +struct via the builder pattern + +### Return type + +[**OidcUserInfo**](OidcUserInfo.md) + +### Authorization + +[oauth2](../README.md#oauth2) + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + +## RevokeOidcSession + +> RevokeOidcSession(ctx).Execute() + +OpenID Connect Front- and Back-channel Enabled Logout + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.OidcApi.RevokeOidcSession(context.Background()).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.RevokeOidcSession``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } +} +``` + +### Path Parameters + +This endpoint does not need any parameter. + +### Other Parameters + +Other parameters are passed through a pointer to a apiRevokeOidcSessionRequest +struct via the builder pattern + +### Return type + +(empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: Not defined + +[[Back to top]](#) +[[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + ## SetOidcDynamicClient > OAuth2Client SetOidcDynamicClient(ctx, diff --git a/internal/httpclient/docs/OidcConfiguration.md b/internal/httpclient/docs/OidcConfiguration.md index 3190f4b6ce..c04aefe7a6 100644 --- a/internal/httpclient/docs/OidcConfiguration.md +++ b/internal/httpclient/docs/OidcConfiguration.md @@ -2,37 +2,37 @@ ## Properties -| Name | Type | Description | Notes | -| ------------------------------------------ | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | -| **AuthorizationEndpoint** | **string** | URL of the OP's OAuth 2.0 Authorization Endpoint. | -| **BackchannelLogoutSessionSupported** | Pointer to **bool** | Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP | [optional] | -| **BackchannelLogoutSupported** | Pointer to **bool** | Boolean value specifying whether the OP supports back-channel logout, with true indicating support. | [optional] | -| **ClaimsParameterSupported** | Pointer to **bool** | Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. | [optional] | -| **ClaimsSupported** | Pointer to **[]string** | JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. | [optional] | -| **CodeChallengeMethodsSupported** | Pointer to **[]string** | JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. | [optional] | -| **EndSessionEndpoint** | Pointer to **string** | URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. | [optional] | -| **FrontchannelLogoutSessionSupported** | Pointer to **bool** | Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP. | [optional] | -| **FrontchannelLogoutSupported** | Pointer to **bool** | Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support. | [optional] | -| **GrantTypesSupported** | Pointer to **[]string** | JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. | [optional] | -| **IdTokenSignedResponseAlg** | **[]string** | Algorithm used to sign OpenID Connect ID Tokens. | -| **IdTokenSigningAlgValuesSupported** | **[]string** | JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. | -| **Issuer** | **string** | URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier. If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL. | -| **JwksUri** | **string** | URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. | -| **RegistrationEndpoint** | Pointer to **string** | URL of the OP's Dynamic Client Registration Endpoint. | [optional] | -| **RequestObjectSigningAlgValuesSupported** | Pointer to **[]string** | JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects, which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). | [optional] | -| **RequestParameterSupported** | Pointer to **bool** | Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. | [optional] | -| **RequestUriParameterSupported** | Pointer to **bool** | Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. | [optional] | -| **RequireRequestUriRegistration** | Pointer to **bool** | Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. | [optional] | -| **ResponseModesSupported** | Pointer to **[]string** | JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports. | [optional] | -| **ResponseTypesSupported** | **[]string** | JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values. | -| **RevocationEndpoint** | Pointer to **string** | URL of the authorization server's OAuth 2.0 revocation endpoint. | [optional] | -| **ScopesSupported** | Pointer to **[]string** | SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used | [optional] | -| **SubjectTypesSupported** | **[]string** | JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. | -| **TokenEndpoint** | **string** | URL of the OP's OAuth 2.0 Token Endpoint | -| **TokenEndpointAuthMethodsSupported** | Pointer to **[]string** | JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 | [optional] | -| **UserinfoEndpoint** | Pointer to **string** | URL of the OP's UserInfo Endpoint. | [optional] | -| **UserinfoSignedResponseAlg** | **[]string** | Algorithm used to sign OpenID Connect Userinfo Responses. | -| **UserinfoSigningAlgValuesSupported** | Pointer to **[]string** | JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. | [optional] | +| Name | Type | Description | Notes | +| ------------------------------------------ | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | +| **AuthorizationEndpoint** | **string** | OAuth 2.0 Authorization Endpoint URL | +| **BackchannelLogoutSessionSupported** | Pointer to **bool** | OpenID Connect Back-Channel Logout Session Required Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP | [optional] | +| **BackchannelLogoutSupported** | Pointer to **bool** | OpenID Connect Back-Channel Logout Supported Boolean value specifying whether the OP supports back-channel logout, with true indicating support. | [optional] | +| **ClaimsParameterSupported** | Pointer to **bool** | OpenID Connect Claims Parameter Parameter Supported Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. | [optional] | +| **ClaimsSupported** | Pointer to **[]string** | OpenID Connect Supported Claims JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. | [optional] | +| **CodeChallengeMethodsSupported** | Pointer to **[]string** | OAuth 2.0 PKCE Supported Code Challenge Methods JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. | [optional] | +| **EndSessionEndpoint** | Pointer to **string** | OpenID Connect End-Session Endpoint URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. | [optional] | +| **FrontchannelLogoutSessionSupported** | Pointer to **bool** | OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP. | [optional] | +| **FrontchannelLogoutSupported** | Pointer to **bool** | OpenID Connect Front-Channel Logout Supported Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support. | [optional] | +| **GrantTypesSupported** | Pointer to **[]string** | OAuth 2.0 Supported Grant Types JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. | [optional] | +| **IdTokenSignedResponseAlg** | **[]string** | OpenID Connect Default ID Token Signing Algorithms Algorithm used to sign OpenID Connect ID Tokens. | +| **IdTokenSigningAlgValuesSupported** | **[]string** | OpenID Connect Supported ID Token Signing Algorithms JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. | +| **Issuer** | **string** | OpenID Connect Issuer URL An URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier. If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL. | +| **JwksUri** | **string** | OpenID Connect Well-Known JSON Web Keys URL URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. | +| **RegistrationEndpoint** | Pointer to **string** | OpenID Connect Dynamic Client Registration Endpoint URL | [optional] | +| **RequestObjectSigningAlgValuesSupported** | Pointer to **[]string** | OpenID Connect Supported Request Object Signing Algorithms JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects, which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). | [optional] | +| **RequestParameterSupported** | Pointer to **bool** | OpenID Connect Request Parameter Supported Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. | [optional] | +| **RequestUriParameterSupported** | Pointer to **bool** | OpenID Connect Request URI Parameter Supported Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. | [optional] | +| **RequireRequestUriRegistration** | Pointer to **bool** | OpenID Connect Requires Request URI Registration Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. | [optional] | +| **ResponseModesSupported** | Pointer to **[]string** | OAuth 2.0 Supported Response Modes JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports. | [optional] | +| **ResponseTypesSupported** | **[]string** | OAuth 2.0 Supported Response Types JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values. | +| **RevocationEndpoint** | Pointer to **string** | OAuth 2.0 Token Revocation URL URL of the authorization server's OAuth 2.0 revocation endpoint. | [optional] | +| **ScopesSupported** | Pointer to **[]string** | OAuth 2.0 Supported Scope Values JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used | [optional] | +| **SubjectTypesSupported** | **[]string** | OpenID Connect Supported Subject Types JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. | +| **TokenEndpoint** | **string** | OAuth 2.0 Token Endpoint URL | +| **TokenEndpointAuthMethodsSupported** | Pointer to **[]string** | OAuth 2.0 Supported Client Authentication Methods JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 | [optional] | +| **UserinfoEndpoint** | Pointer to **string** | OpenID Connect Userinfo URL URL of the OP's UserInfo Endpoint. | [optional] | +| **UserinfoSignedResponseAlg** | **[]string** | OpenID Connect User Userinfo Signing Algorithm Algorithm used to sign OpenID Connect Userinfo Responses. | +| **UserinfoSigningAlgValuesSupported** | Pointer to **[]string** | OpenID Connect Supported Userinfo Signing Algorithm JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. | [optional] | ## Methods diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 30d88d7b5d..741a3e4527 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -2,142 +2,9 @@ All URIs are relative to _http://localhost_ -| Method | HTTP request | Description | -| --------------------------------------------------------------------------------------------- | ----------------------------------------- | ---------------------------------------------------------------------------------------- | -| [**AdminDeleteOAuth2Token**](V0alpha2Api.md#AdminDeleteOAuth2Token) | **Delete** /admin/oauth2/tokens | Delete OAuth2 Access Tokens from a Client | -| [**AdminIntrospectOAuth2Token**](V0alpha2Api.md#AdminIntrospectOAuth2Token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access or Refresh Tokens | -| [**DeleteOidcDynamicClient**](V0alpha2Api.md#DeleteOidcDynamicClient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol | -| [**DiscoverOidcConfiguration**](V0alpha2Api.md#DiscoverOidcConfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery | -| [**GetOidcUserInfo**](V0alpha2Api.md#GetOidcUserInfo) | **Get** /userinfo | OpenID Connect Userinfo | -| [**PerformOAuth2AuthorizationFlow**](V0alpha2Api.md#PerformOAuth2AuthorizationFlow) | **Get** /oauth2/auth | The OAuth 2.0 Authorize Endpoint | -| [**PerformOAuth2TokenFlow**](V0alpha2Api.md#PerformOAuth2TokenFlow) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint | -| [**PerformOidcFrontOrBackChannelLogout**](V0alpha2Api.md#PerformOidcFrontOrBackChannelLogout) | **Get** /oauth2/sessions/logout | OpenID Connect Front- or Back-channel Enabled Logout | -| [**RevokeOAuth2Token**](V0alpha2Api.md#RevokeOAuth2Token) | **Post** /oauth2/revoke | Revoke an OAuth2 Access or Refresh Token | - -## AdminDeleteOAuth2Token - -> AdminDeleteOAuth2Token(ctx).ClientId(clientId).Execute() - -Delete OAuth2 Access Tokens from a Client - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - clientId := "clientId_example" // string | - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.AdminDeleteOAuth2Token(context.Background()).ClientId(clientId).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminDeleteOAuth2Token``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } -} -``` - -### Path Parameters - -### Other Parameters - -Other parameters are passed through a pointer to a -apiAdminDeleteOAuth2TokenRequest struct via the builder pattern - -| Name | Type | Description | Notes | -| ------------ | ---------- | ----------- | ----- | -| **clientId** | **string** | | - -### Return type - -(empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) - -## AdminIntrospectOAuth2Token - -> IntrospectedOAuth2Token -> AdminIntrospectOAuth2Token(ctx).Token(token).Scope(scope).Execute() - -Introspect OAuth2 Access or Refresh Tokens - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - token := "token_example" // string | The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned. - scope := "scope_example" // string | An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. (optional) - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.AdminIntrospectOAuth2Token(context.Background()).Token(token).Scope(scope).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.AdminIntrospectOAuth2Token``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } - // response from `AdminIntrospectOAuth2Token`: IntrospectedOAuth2Token - fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.AdminIntrospectOAuth2Token`: %v\n", resp) -} -``` - -### Path Parameters - -### Other Parameters - -Other parameters are passed through a pointer to a -apiAdminIntrospectOAuth2TokenRequest struct via the builder pattern - -| Name | Type | Description | Notes | -| --------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| **token** | **string** | The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned. | -| **scope** | **string** | An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. | - -### Return type - -[**IntrospectedOAuth2Token**](IntrospectedOAuth2Token.md) - -### Authorization - -No authorization required - -### HTTP request headers - -- **Content-Type**: application/x-www-form-urlencoded -- **Accept**: application/json - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) +| Method | HTTP request | Description | +| --------------------------------------------------------------------- | -------------------------------- | ---------------------------------------------------------------------------------------- | +| [**DeleteOidcDynamicClient**](V0alpha2Api.md#DeleteOidcDynamicClient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol | ## DeleteOidcDynamicClient @@ -203,368 +70,3 @@ apiDeleteOidcDynamicClientRequest struct via the builder pattern [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) - -## DiscoverOidcConfiguration - -> OidcConfiguration DiscoverOidcConfiguration(ctx).Execute() - -OpenID Connect Discovery - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.DiscoverOidcConfiguration(context.Background()).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.DiscoverOidcConfiguration``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } - // response from `DiscoverOidcConfiguration`: OidcConfiguration - fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.DiscoverOidcConfiguration`: %v\n", resp) -} -``` - -### Path Parameters - -This endpoint does not need any parameter. - -### Other Parameters - -Other parameters are passed through a pointer to a -apiDiscoverOidcConfigurationRequest struct via the builder pattern - -### Return type - -[**OidcConfiguration**](OidcConfiguration.md) - -### Authorization - -No authorization required - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) - -## GetOidcUserInfo - -> OidcUserInfo GetOidcUserInfo(ctx).Execute() - -OpenID Connect Userinfo - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.GetOidcUserInfo(context.Background()).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.GetOidcUserInfo``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } - // response from `GetOidcUserInfo`: OidcUserInfo - fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.GetOidcUserInfo`: %v\n", resp) -} -``` - -### Path Parameters - -This endpoint does not need any parameter. - -### Other Parameters - -Other parameters are passed through a pointer to a apiGetOidcUserInfoRequest -struct via the builder pattern - -### Return type - -[**OidcUserInfo**](OidcUserInfo.md) - -### Authorization - -[oauth2](../README.md#oauth2) - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) - -## PerformOAuth2AuthorizationFlow - -> ErrorOAuth2 PerformOAuth2AuthorizationFlow(ctx).Execute() - -The OAuth 2.0 Authorize Endpoint - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.PerformOAuth2AuthorizationFlow(context.Background()).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.PerformOAuth2AuthorizationFlow``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } - // response from `PerformOAuth2AuthorizationFlow`: ErrorOAuth2 - fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.PerformOAuth2AuthorizationFlow`: %v\n", resp) -} -``` - -### Path Parameters - -This endpoint does not need any parameter. - -### Other Parameters - -Other parameters are passed through a pointer to a -apiPerformOAuth2AuthorizationFlowRequest struct via the builder pattern - -### Return type - -[**ErrorOAuth2**](ErrorOAuth2.md) - -### Authorization - -No authorization required - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) - -## PerformOAuth2TokenFlow - -> OAuth2TokenResponse -> PerformOAuth2TokenFlow(ctx).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() - -The OAuth 2.0 Token Endpoint - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - grantType := "grantType_example" // string | - clientId := "clientId_example" // string | (optional) - code := "code_example" // string | (optional) - redirectUri := "redirectUri_example" // string | (optional) - refreshToken := "refreshToken_example" // string | (optional) - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.PerformOAuth2TokenFlow(context.Background()).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.PerformOAuth2TokenFlow``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } - // response from `PerformOAuth2TokenFlow`: OAuth2TokenResponse - fmt.Fprintf(os.Stdout, "Response from `V0alpha2Api.PerformOAuth2TokenFlow`: %v\n", resp) -} -``` - -### Path Parameters - -### Other Parameters - -Other parameters are passed through a pointer to a -apiPerformOAuth2TokenFlowRequest struct via the builder pattern - -| Name | Type | Description | Notes | -| ---------------- | ---------- | ----------- | ----- | -| **grantType** | **string** | | -| **clientId** | **string** | | -| **code** | **string** | | -| **redirectUri** | **string** | | -| **refreshToken** | **string** | | - -### Return type - -[**OAuth2TokenResponse**](OAuth2TokenResponse.md) - -### Authorization - -[basic](../README.md#basic), [oauth2](../README.md#oauth2) - -### HTTP request headers - -- **Content-Type**: application/x-www-form-urlencoded -- **Accept**: application/json - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) - -## PerformOidcFrontOrBackChannelLogout - -> PerformOidcFrontOrBackChannelLogout(ctx).Execute() - -OpenID Connect Front- or Back-channel Enabled Logout - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.PerformOidcFrontOrBackChannelLogout(context.Background()).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.PerformOidcFrontOrBackChannelLogout``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } -} -``` - -### Path Parameters - -This endpoint does not need any parameter. - -### Other Parameters - -Other parameters are passed through a pointer to a -apiPerformOidcFrontOrBackChannelLogoutRequest struct via the builder pattern - -### Return type - -(empty response body) - -### Authorization - -No authorization required - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: Not defined - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) - -## RevokeOAuth2Token - -> RevokeOAuth2Token(ctx).Token(token).Execute() - -Revoke an OAuth2 Access or Refresh Token - -### Example - -```go -package main - -import ( - "context" - "fmt" - "os" - openapiclient "./openapi" -) - -func main() { - token := "token_example" // string | - - configuration := openapiclient.NewConfiguration() - apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.RevokeOAuth2Token(context.Background()).Token(token).Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.RevokeOAuth2Token``: %v\n", err) - fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) - } -} -``` - -### Path Parameters - -### Other Parameters - -Other parameters are passed through a pointer to a apiRevokeOAuth2TokenRequest -struct via the builder pattern - -| Name | Type | Description | Notes | -| --------- | ---------- | ----------- | ----- | -| **token** | **string** | | - -### Return type - -(empty response body) - -### Authorization - -[basic](../README.md#basic), [oauth2](../README.md#oauth2) - -### HTTP request headers - -- **Content-Type**: application/x-www-form-urlencoded -- **Accept**: application/json - -[[Back to top]](#) -[[Back to API list]](../README.md#documentation-for-api-endpoints) -[[Back to Model list]](../README.md#documentation-for-models) -[[Back to README]](../README.md) diff --git a/internal/httpclient/model_o_auth2_token_response.go b/internal/httpclient/model_o_auth2_token_exchange.go similarity index 69% rename from internal/httpclient/model_o_auth2_token_response.go rename to internal/httpclient/model_o_auth2_token_exchange.go index 3a7c73d377..fa5aa94c17 100644 --- a/internal/httpclient/model_o_auth2_token_response.go +++ b/internal/httpclient/model_o_auth2_token_exchange.go @@ -15,11 +15,11 @@ import ( "encoding/json" ) -// OAuth2TokenResponse OAuth2 Token Response -type OAuth2TokenResponse struct { +// OAuth2TokenExchange OAuth2 Token Exchange Result +type OAuth2TokenExchange struct { // The access token issued by the authorization server. AccessToken *string `json:"access_token,omitempty"` - // The lifetime in seconds of the access token. For example, the value \"3600\" denotes that the access token will expire in one hour from the time the response was generated. + // The lifetime in seconds of the access token. For example, the value \"3600\" denotes that the access token will expire in one hour from the time the response was generated. ExpiresIn *int64 `json:"expires_in,omitempty"` // To retrieve a refresh token request the id_token scope. IdToken *int64 `json:"id_token,omitempty"` @@ -31,25 +31,25 @@ type OAuth2TokenResponse struct { TokenType *string `json:"token_type,omitempty"` } -// NewOAuth2TokenResponse instantiates a new OAuth2TokenResponse object +// NewOAuth2TokenExchange instantiates a new OAuth2TokenExchange object // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewOAuth2TokenResponse() *OAuth2TokenResponse { - this := OAuth2TokenResponse{} +func NewOAuth2TokenExchange() *OAuth2TokenExchange { + this := OAuth2TokenExchange{} return &this } -// NewOAuth2TokenResponseWithDefaults instantiates a new OAuth2TokenResponse object +// NewOAuth2TokenExchangeWithDefaults instantiates a new OAuth2TokenExchange object // This constructor will only assign default values to properties that have it defined, // but it doesn't guarantee that properties required by API are set -func NewOAuth2TokenResponseWithDefaults() *OAuth2TokenResponse { - this := OAuth2TokenResponse{} +func NewOAuth2TokenExchangeWithDefaults() *OAuth2TokenExchange { + this := OAuth2TokenExchange{} return &this } // GetAccessToken returns the AccessToken field value if set, zero value otherwise. -func (o *OAuth2TokenResponse) GetAccessToken() string { +func (o *OAuth2TokenExchange) GetAccessToken() string { if o == nil || o.AccessToken == nil { var ret string return ret @@ -59,7 +59,7 @@ func (o *OAuth2TokenResponse) GetAccessToken() string { // GetAccessTokenOk returns a tuple with the AccessToken field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *OAuth2TokenResponse) GetAccessTokenOk() (*string, bool) { +func (o *OAuth2TokenExchange) GetAccessTokenOk() (*string, bool) { if o == nil || o.AccessToken == nil { return nil, false } @@ -67,7 +67,7 @@ func (o *OAuth2TokenResponse) GetAccessTokenOk() (*string, bool) { } // HasAccessToken returns a boolean if a field has been set. -func (o *OAuth2TokenResponse) HasAccessToken() bool { +func (o *OAuth2TokenExchange) HasAccessToken() bool { if o != nil && o.AccessToken != nil { return true } @@ -76,12 +76,12 @@ func (o *OAuth2TokenResponse) HasAccessToken() bool { } // SetAccessToken gets a reference to the given string and assigns it to the AccessToken field. -func (o *OAuth2TokenResponse) SetAccessToken(v string) { +func (o *OAuth2TokenExchange) SetAccessToken(v string) { o.AccessToken = &v } // GetExpiresIn returns the ExpiresIn field value if set, zero value otherwise. -func (o *OAuth2TokenResponse) GetExpiresIn() int64 { +func (o *OAuth2TokenExchange) GetExpiresIn() int64 { if o == nil || o.ExpiresIn == nil { var ret int64 return ret @@ -91,7 +91,7 @@ func (o *OAuth2TokenResponse) GetExpiresIn() int64 { // GetExpiresInOk returns a tuple with the ExpiresIn field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *OAuth2TokenResponse) GetExpiresInOk() (*int64, bool) { +func (o *OAuth2TokenExchange) GetExpiresInOk() (*int64, bool) { if o == nil || o.ExpiresIn == nil { return nil, false } @@ -99,7 +99,7 @@ func (o *OAuth2TokenResponse) GetExpiresInOk() (*int64, bool) { } // HasExpiresIn returns a boolean if a field has been set. -func (o *OAuth2TokenResponse) HasExpiresIn() bool { +func (o *OAuth2TokenExchange) HasExpiresIn() bool { if o != nil && o.ExpiresIn != nil { return true } @@ -108,12 +108,12 @@ func (o *OAuth2TokenResponse) HasExpiresIn() bool { } // SetExpiresIn gets a reference to the given int64 and assigns it to the ExpiresIn field. -func (o *OAuth2TokenResponse) SetExpiresIn(v int64) { +func (o *OAuth2TokenExchange) SetExpiresIn(v int64) { o.ExpiresIn = &v } // GetIdToken returns the IdToken field value if set, zero value otherwise. -func (o *OAuth2TokenResponse) GetIdToken() int64 { +func (o *OAuth2TokenExchange) GetIdToken() int64 { if o == nil || o.IdToken == nil { var ret int64 return ret @@ -123,7 +123,7 @@ func (o *OAuth2TokenResponse) GetIdToken() int64 { // GetIdTokenOk returns a tuple with the IdToken field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *OAuth2TokenResponse) GetIdTokenOk() (*int64, bool) { +func (o *OAuth2TokenExchange) GetIdTokenOk() (*int64, bool) { if o == nil || o.IdToken == nil { return nil, false } @@ -131,7 +131,7 @@ func (o *OAuth2TokenResponse) GetIdTokenOk() (*int64, bool) { } // HasIdToken returns a boolean if a field has been set. -func (o *OAuth2TokenResponse) HasIdToken() bool { +func (o *OAuth2TokenExchange) HasIdToken() bool { if o != nil && o.IdToken != nil { return true } @@ -140,12 +140,12 @@ func (o *OAuth2TokenResponse) HasIdToken() bool { } // SetIdToken gets a reference to the given int64 and assigns it to the IdToken field. -func (o *OAuth2TokenResponse) SetIdToken(v int64) { +func (o *OAuth2TokenExchange) SetIdToken(v int64) { o.IdToken = &v } // GetRefreshToken returns the RefreshToken field value if set, zero value otherwise. -func (o *OAuth2TokenResponse) GetRefreshToken() string { +func (o *OAuth2TokenExchange) GetRefreshToken() string { if o == nil || o.RefreshToken == nil { var ret string return ret @@ -155,7 +155,7 @@ func (o *OAuth2TokenResponse) GetRefreshToken() string { // GetRefreshTokenOk returns a tuple with the RefreshToken field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *OAuth2TokenResponse) GetRefreshTokenOk() (*string, bool) { +func (o *OAuth2TokenExchange) GetRefreshTokenOk() (*string, bool) { if o == nil || o.RefreshToken == nil { return nil, false } @@ -163,7 +163,7 @@ func (o *OAuth2TokenResponse) GetRefreshTokenOk() (*string, bool) { } // HasRefreshToken returns a boolean if a field has been set. -func (o *OAuth2TokenResponse) HasRefreshToken() bool { +func (o *OAuth2TokenExchange) HasRefreshToken() bool { if o != nil && o.RefreshToken != nil { return true } @@ -172,12 +172,12 @@ func (o *OAuth2TokenResponse) HasRefreshToken() bool { } // SetRefreshToken gets a reference to the given string and assigns it to the RefreshToken field. -func (o *OAuth2TokenResponse) SetRefreshToken(v string) { +func (o *OAuth2TokenExchange) SetRefreshToken(v string) { o.RefreshToken = &v } // GetScope returns the Scope field value if set, zero value otherwise. -func (o *OAuth2TokenResponse) GetScope() int64 { +func (o *OAuth2TokenExchange) GetScope() int64 { if o == nil || o.Scope == nil { var ret int64 return ret @@ -187,7 +187,7 @@ func (o *OAuth2TokenResponse) GetScope() int64 { // GetScopeOk returns a tuple with the Scope field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *OAuth2TokenResponse) GetScopeOk() (*int64, bool) { +func (o *OAuth2TokenExchange) GetScopeOk() (*int64, bool) { if o == nil || o.Scope == nil { return nil, false } @@ -195,7 +195,7 @@ func (o *OAuth2TokenResponse) GetScopeOk() (*int64, bool) { } // HasScope returns a boolean if a field has been set. -func (o *OAuth2TokenResponse) HasScope() bool { +func (o *OAuth2TokenExchange) HasScope() bool { if o != nil && o.Scope != nil { return true } @@ -204,12 +204,12 @@ func (o *OAuth2TokenResponse) HasScope() bool { } // SetScope gets a reference to the given int64 and assigns it to the Scope field. -func (o *OAuth2TokenResponse) SetScope(v int64) { +func (o *OAuth2TokenExchange) SetScope(v int64) { o.Scope = &v } // GetTokenType returns the TokenType field value if set, zero value otherwise. -func (o *OAuth2TokenResponse) GetTokenType() string { +func (o *OAuth2TokenExchange) GetTokenType() string { if o == nil || o.TokenType == nil { var ret string return ret @@ -219,7 +219,7 @@ func (o *OAuth2TokenResponse) GetTokenType() string { // GetTokenTypeOk returns a tuple with the TokenType field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *OAuth2TokenResponse) GetTokenTypeOk() (*string, bool) { +func (o *OAuth2TokenExchange) GetTokenTypeOk() (*string, bool) { if o == nil || o.TokenType == nil { return nil, false } @@ -227,7 +227,7 @@ func (o *OAuth2TokenResponse) GetTokenTypeOk() (*string, bool) { } // HasTokenType returns a boolean if a field has been set. -func (o *OAuth2TokenResponse) HasTokenType() bool { +func (o *OAuth2TokenExchange) HasTokenType() bool { if o != nil && o.TokenType != nil { return true } @@ -236,11 +236,11 @@ func (o *OAuth2TokenResponse) HasTokenType() bool { } // SetTokenType gets a reference to the given string and assigns it to the TokenType field. -func (o *OAuth2TokenResponse) SetTokenType(v string) { +func (o *OAuth2TokenExchange) SetTokenType(v string) { o.TokenType = &v } -func (o OAuth2TokenResponse) MarshalJSON() ([]byte, error) { +func (o OAuth2TokenExchange) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if o.AccessToken != nil { toSerialize["access_token"] = o.AccessToken @@ -263,38 +263,38 @@ func (o OAuth2TokenResponse) MarshalJSON() ([]byte, error) { return json.Marshal(toSerialize) } -type NullableOAuth2TokenResponse struct { - value *OAuth2TokenResponse +type NullableOAuth2TokenExchange struct { + value *OAuth2TokenExchange isSet bool } -func (v NullableOAuth2TokenResponse) Get() *OAuth2TokenResponse { +func (v NullableOAuth2TokenExchange) Get() *OAuth2TokenExchange { return v.value } -func (v *NullableOAuth2TokenResponse) Set(val *OAuth2TokenResponse) { +func (v *NullableOAuth2TokenExchange) Set(val *OAuth2TokenExchange) { v.value = val v.isSet = true } -func (v NullableOAuth2TokenResponse) IsSet() bool { +func (v NullableOAuth2TokenExchange) IsSet() bool { return v.isSet } -func (v *NullableOAuth2TokenResponse) Unset() { +func (v *NullableOAuth2TokenExchange) Unset() { v.value = nil v.isSet = false } -func NewNullableOAuth2TokenResponse(val *OAuth2TokenResponse) *NullableOAuth2TokenResponse { - return &NullableOAuth2TokenResponse{value: val, isSet: true} +func NewNullableOAuth2TokenExchange(val *OAuth2TokenExchange) *NullableOAuth2TokenExchange { + return &NullableOAuth2TokenExchange{value: val, isSet: true} } -func (v NullableOAuth2TokenResponse) MarshalJSON() ([]byte, error) { +func (v NullableOAuth2TokenExchange) MarshalJSON() ([]byte, error) { return json.Marshal(v.value) } -func (v *NullableOAuth2TokenResponse) UnmarshalJSON(src []byte) error { +func (v *NullableOAuth2TokenExchange) UnmarshalJSON(src []byte) error { v.isSet = true return json.Unmarshal(src, &v.value) } diff --git a/internal/httpclient/model_oidc_configuration.go b/internal/httpclient/model_oidc_configuration.go index 484860558b..78411e52b7 100644 --- a/internal/httpclient/model_oidc_configuration.go +++ b/internal/httpclient/model_oidc_configuration.go @@ -15,65 +15,65 @@ import ( "encoding/json" ) -// OidcConfiguration It includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms among others. +// OidcConfiguration Includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms among others. type OidcConfiguration struct { - // URL of the OP's OAuth 2.0 Authorization Endpoint. + // OAuth 2.0 Authorization Endpoint URL AuthorizationEndpoint string `json:"authorization_endpoint"` - // Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP + // OpenID Connect Back-Channel Logout Session Required Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP BackchannelLogoutSessionSupported *bool `json:"backchannel_logout_session_supported,omitempty"` - // Boolean value specifying whether the OP supports back-channel logout, with true indicating support. + // OpenID Connect Back-Channel Logout Supported Boolean value specifying whether the OP supports back-channel logout, with true indicating support. BackchannelLogoutSupported *bool `json:"backchannel_logout_supported,omitempty"` - // Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. + // OpenID Connect Claims Parameter Parameter Supported Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. ClaimsParameterSupported *bool `json:"claims_parameter_supported,omitempty"` - // JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. + // OpenID Connect Supported Claims JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. ClaimsSupported []string `json:"claims_supported,omitempty"` - // JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. + // OAuth 2.0 PKCE Supported Code Challenge Methods JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` - // URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. + // OpenID Connect End-Session Endpoint URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. EndSessionEndpoint *string `json:"end_session_endpoint,omitempty"` - // Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP. + // OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP. FrontchannelLogoutSessionSupported *bool `json:"frontchannel_logout_session_supported,omitempty"` - // Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support. + // OpenID Connect Front-Channel Logout Supported Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support. FrontchannelLogoutSupported *bool `json:"frontchannel_logout_supported,omitempty"` - // JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. + // OAuth 2.0 Supported Grant Types JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. GrantTypesSupported []string `json:"grant_types_supported,omitempty"` - // Algorithm used to sign OpenID Connect ID Tokens. + // OpenID Connect Default ID Token Signing Algorithms Algorithm used to sign OpenID Connect ID Tokens. IdTokenSignedResponseAlg []string `json:"id_token_signed_response_alg"` - // JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. + // OpenID Connect Supported ID Token Signing Algorithms JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. IdTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"` - // URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier. If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL. + // OpenID Connect Issuer URL An URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier. If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL. Issuer string `json:"issuer"` - // URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. + // OpenID Connect Well-Known JSON Web Keys URL URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. JwksUri string `json:"jwks_uri"` - // URL of the OP's Dynamic Client Registration Endpoint. + // OpenID Connect Dynamic Client Registration Endpoint URL RegistrationEndpoint *string `json:"registration_endpoint,omitempty"` - // JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects, which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). + // OpenID Connect Supported Request Object Signing Algorithms JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects, which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported,omitempty"` - // Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. + // OpenID Connect Request Parameter Supported Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. RequestParameterSupported *bool `json:"request_parameter_supported,omitempty"` - // Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. + // OpenID Connect Request URI Parameter Supported Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. RequestUriParameterSupported *bool `json:"request_uri_parameter_supported,omitempty"` - // Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. + // OpenID Connect Requires Request URI Registration Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. RequireRequestUriRegistration *bool `json:"require_request_uri_registration,omitempty"` - // JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports. + // OAuth 2.0 Supported Response Modes JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports. ResponseModesSupported []string `json:"response_modes_supported,omitempty"` - // JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values. + // OAuth 2.0 Supported Response Types JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values. ResponseTypesSupported []string `json:"response_types_supported"` - // URL of the authorization server's OAuth 2.0 revocation endpoint. + // OAuth 2.0 Token Revocation URL URL of the authorization server's OAuth 2.0 revocation endpoint. RevocationEndpoint *string `json:"revocation_endpoint,omitempty"` - // SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used + // OAuth 2.0 Supported Scope Values JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used ScopesSupported []string `json:"scopes_supported,omitempty"` - // JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. + // OpenID Connect Supported Subject Types JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. SubjectTypesSupported []string `json:"subject_types_supported"` - // URL of the OP's OAuth 2.0 Token Endpoint + // OAuth 2.0 Token Endpoint URL TokenEndpoint string `json:"token_endpoint"` - // JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 + // OAuth 2.0 Supported Client Authentication Methods JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"` - // URL of the OP's UserInfo Endpoint. + // OpenID Connect Userinfo URL URL of the OP's UserInfo Endpoint. UserinfoEndpoint *string `json:"userinfo_endpoint,omitempty"` - // Algorithm used to sign OpenID Connect Userinfo Responses. + // OpenID Connect User Userinfo Signing Algorithm Algorithm used to sign OpenID Connect Userinfo Responses. UserinfoSignedResponseAlg []string `json:"userinfo_signed_response_alg"` - // JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. + // OpenID Connect Supported Userinfo Signing Algorithm JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported,omitempty"` } diff --git a/internal/httpclient/model_oidc_user_info.go b/internal/httpclient/model_oidc_user_info.go index 086752898e..f1b942a7b6 100644 --- a/internal/httpclient/model_oidc_user_info.go +++ b/internal/httpclient/model_oidc_user_info.go @@ -15,7 +15,7 @@ import ( "encoding/json" ) -// OidcUserInfo The userinfo response +// OidcUserInfo OpenID Connect Userinfo type OidcUserInfo struct { // End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates. Birthdate *string `json:"birthdate,omitempty"` diff --git a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json index 9d8f91faba..330e25c43a 100644 --- a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json +++ b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json @@ -1,76 +1,76 @@ { - "issuer": "http://hydra.localhost", "authorization_endpoint": "http://hydra.localhost/oauth2/auth", - "registration_endpoint": "http://client-register/registration", - "token_endpoint": "http://hydra.localhost/oauth2/token", - "jwks_uri": "http://hydra.localhost/.well-known/jwks.json", - "subject_types_supported": [ - "pairwise", - "public" - ], - "response_types_supported": [ - "code", - "code id_token", - "id_token", - "token id_token", - "token", - "token id_token code" - ], + "backchannel_logout_session_supported": true, + "backchannel_logout_supported": true, + "claims_parameter_supported": false, "claims_supported": [ "sub" ], + "code_challenge_methods_supported": [ + "plain", + "S256" + ], + "end_session_endpoint": "http://hydra.localhost/oauth2/sessions/logout", + "frontchannel_logout_session_supported": true, + "frontchannel_logout_supported": true, "grant_types_supported": [ "authorization_code", "implicit", "client_credentials", "refresh_token" ], + "id_token_signed_response_alg": [ + "RS256" + ], + "id_token_signing_alg_values_supported": [ + "RS256" + ], + "issuer": "http://hydra.localhost", + "jwks_uri": "http://hydra.localhost/.well-known/jwks.json", + "registration_endpoint": "http://client-register/registration", + "request_object_signing_alg_values_supported": [ + "none", + "RS256", + "ES256" + ], + "request_parameter_supported": true, + "request_uri_parameter_supported": true, + "require_request_uri_registration": true, "response_modes_supported": [ "query", "fragment" ], - "userinfo_endpoint": "/userinfo", + "response_types_supported": [ + "code", + "code id_token", + "id_token", + "token id_token", + "token", + "token id_token code" + ], + "revocation_endpoint": "http://hydra.localhost/oauth2/revoke", "scopes_supported": [ "offline_access", "offline", "openid" ], + "subject_types_supported": [ + "pairwise", + "public" + ], + "token_endpoint": "http://hydra.localhost/oauth2/token", "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic", "private_key_jwt", "none" ], - "userinfo_signing_alg_values_supported": [ - "none", - "RS256" - ], - "id_token_signing_alg_values_supported": [ - "RS256" - ], - "id_token_signed_response_alg": [ - "RS256" - ], + "userinfo_endpoint": "/userinfo", "userinfo_signed_response_alg": [ "RS256" ], - "request_parameter_supported": true, - "request_uri_parameter_supported": true, - "require_request_uri_registration": true, - "claims_parameter_supported": false, - "revocation_endpoint": "http://hydra.localhost/oauth2/revoke", - "backchannel_logout_supported": true, - "backchannel_logout_session_supported": true, - "frontchannel_logout_supported": true, - "frontchannel_logout_session_supported": true, - "end_session_endpoint": "http://hydra.localhost/oauth2/sessions/logout", - "request_object_signing_alg_values_supported": [ + "userinfo_signing_alg_values_supported": [ "none", - "RS256", - "ES256" - ], - "code_challenge_methods_supported": [ - "plain", - "S256" + "RS256" ] } diff --git a/oauth2/handler.go b/oauth2/handler.go index b128a76337..e26b758e79 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -84,10 +84,10 @@ func NewHandler(r InternalRegistry, c *config.DefaultProvider) *Handler { func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin, public *httprouterx.RouterPublic, corsMiddleware func(http.Handler) http.Handler) { public.Handler("OPTIONS", TokenPath, corsMiddleware(http.HandlerFunc(h.handleOptions))) - public.Handler("POST", TokenPath, corsMiddleware(http.HandlerFunc(h.performOAuth2TokenFlow))) + public.Handler("POST", TokenPath, corsMiddleware(http.HandlerFunc(h.oauth2TokenExchange))) - public.GET(AuthPath, h.performOAuth2AuthorizationFlow) - public.POST(AuthPath, h.performOAuth2AuthorizationFlow) + public.GET(AuthPath, h.oAuth2Authorize) + public.POST(AuthPath, h.oAuth2Authorize) public.GET(LogoutPath, h.performOidcFrontOrBackChannelLogout) public.POST(LogoutPath, h.performOidcFrontOrBackChannelLogout) @@ -110,15 +110,15 @@ func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin, public *httprouterx. public.Handler("GET", UserinfoPath, corsMiddleware(http.HandlerFunc(h.getOidcUserInfo))) public.Handler("POST", UserinfoPath, corsMiddleware(http.HandlerFunc(h.getOidcUserInfo))) - admin.POST(IntrospectPath, h.adminIntrospectOAuth2Token) - admin.DELETE(DeleteTokensPath, h.adminDeleteOAuth2Token) + admin.POST(IntrospectPath, h.introspectOAuth2Token) + admin.DELETE(DeleteTokensPath, h.deleteOAuth2Token) } -// swagger:route GET /oauth2/sessions/logout v0alpha2 performOidcFrontOrBackChannelLogout +// swagger:route GET /oauth2/sessions/logout oidc revokeOidcSession // -// # OpenID Connect Front- or Back-channel Enabled Logout +// # OpenID Connect Front- and Back-channel Enabled Logout // -// This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front- / Back-channel logout: +// This endpoint initiates and completes user logout at the Ory OAuth2 & OpenID provider and initiates OpenID Connect Front- / Back-channel logout: // // - https://openid.net/specs/openid-connect-frontchannel-1_0.html // - https://openid.net/specs/openid-connect-backchannel-1_0.html @@ -210,14 +210,16 @@ func (h *Handler) performOidcFrontOrBackChannelLogout(w http.ResponseWriter, r * } } -// OpenID Connect Discovery ;etadata +// OpenID Connect Discovery Metadata // -// It includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms +// Includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms // among others. // // swagger:model oidcConfiguration -type OIDCConfiguration struct { - // URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier. +type oidcConfiguration struct { + // OpenID Connect Issuer URL + // + // An URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier. // If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned // by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL. // @@ -225,22 +227,25 @@ type OIDCConfiguration struct { // example: https://playground.ory.sh/ory-hydra/public/ Issuer string `json:"issuer"` - // URL of the OP's OAuth 2.0 Authorization Endpoint. + // OAuth 2.0 Authorization Endpoint URL // // required: true // example: https://playground.ory.sh/ory-hydra/public/oauth2/auth AuthURL string `json:"authorization_endpoint"` - // URL of the OP's Dynamic Client Registration Endpoint. + // OpenID Connect Dynamic Client Registration Endpoint URL + // // example: https://playground.ory.sh/ory-hydra/admin/client RegistrationEndpoint string `json:"registration_endpoint,omitempty"` - // URL of the OP's OAuth 2.0 Token Endpoint + // OAuth 2.0 Token Endpoint URL // // required: true // example: https://playground.ory.sh/ory-hydra/public/oauth2/token TokenURL string `json:"token_endpoint"` + // OpenID Connect Well-Known JSON Web Keys URL + // // URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate // signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs // to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) @@ -250,9 +255,11 @@ type OIDCConfiguration struct { // keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. // // required: true - // example: https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json + // example: https://{slug}.projects.oryapis.com/.well-known/jwks.json JWKsURI string `json:"jwks_uri"` + // OpenID Connect Supported Subject Types + // // JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include // pairwise and public. // @@ -262,104 +269,148 @@ type OIDCConfiguration struct { // - pairwise SubjectTypes []string `json:"subject_types_supported"` + // OAuth 2.0 Supported Response Types + // // JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID // Providers MUST support the code, id_token, and the token id_token Response Type values. // // required: true ResponseTypes []string `json:"response_types_supported"` + // OpenID Connect Supported Claims + // // JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply // values for. Note that for privacy or other reasons, this might not be an exhaustive list. ClaimsSupported []string `json:"claims_supported"` + // OAuth 2.0 Supported Grant Types + // // JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. GrantTypesSupported []string `json:"grant_types_supported"` + // OAuth 2.0 Supported Response Modes + // // JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports. ResponseModesSupported []string `json:"response_modes_supported"` + // OpenID Connect Userinfo URL + // // URL of the OP's UserInfo Endpoint. UserinfoEndpoint string `json:"userinfo_endpoint"` - // SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST + // OAuth 2.0 Supported Scope Values + // + // JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST // support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used ScopesSupported []string `json:"scopes_supported"` + // OAuth 2.0 Supported Client Authentication Methods + // // JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are // client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` + // OpenID Connect Supported Userinfo Signing Algorithm + // // JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"` + // OpenID Connect Supported ID Token Signing Algorithms + // // JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token // to encode the Claims in a JWT. // // required: true IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"` + // OpenID Connect Default ID Token Signing Algorithms + // // Algorithm used to sign OpenID Connect ID Tokens. // // required: true IDTokenSignedResponseAlg []string `json:"id_token_signed_response_alg"` + // OpenID Connect User Userinfo Signing Algorithm + // // Algorithm used to sign OpenID Connect Userinfo Responses. // // required: true UserinfoSignedResponseAlg []string `json:"userinfo_signed_response_alg"` - // Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. + // OpenID Connect Request Parameter Supported + // + // Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. RequestParameterSupported bool `json:"request_parameter_supported"` + // OpenID Connect Request URI Parameter Supported + // // Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. RequestURIParameterSupported bool `json:"request_uri_parameter_supported"` + // OpenID Connect Requires Request URI Registration + // // Boolean value specifying whether the OP requires any request_uri values used to be pre-registered // using the request_uris registration parameter. RequireRequestURIRegistration bool `json:"require_request_uri_registration"` + // OpenID Connect Claims Parameter Parameter Supported + // // Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. ClaimsParameterSupported bool `json:"claims_parameter_supported"` + // OAuth 2.0 Token Revocation URL + // // URL of the authorization server's OAuth 2.0 revocation endpoint. RevocationEndpoint string `json:"revocation_endpoint"` + // OpenID Connect Back-Channel Logout Supported + // // Boolean value specifying whether the OP supports back-channel logout, with true indicating support. BackChannelLogoutSupported bool `json:"backchannel_logout_supported"` + // OpenID Connect Back-Channel Logout Session Required + // // Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP // session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP BackChannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported"` + // OpenID Connect Front-Channel Logout Supported + // // Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support. FrontChannelLogoutSupported bool `json:"frontchannel_logout_supported"` + // OpenID Connect Front-Channel Logout Session Required + // // Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify // the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also // included in ID Tokens issued by the OP. FrontChannelLogoutSessionSupported bool `json:"frontchannel_logout_session_supported"` + // OpenID Connect End-Session Endpoint + // // URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. EndSessionEndpoint string `json:"end_session_endpoint"` + // OpenID Connect Supported Request Object Signing Algorithms + // // JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects, // which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when // the Request Object is passed by value (using the request parameter) and when it is passed by reference // (using the request_uri parameter). RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"` + // OAuth 2.0 PKCE Supported Code Challenge Methods + // // JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported // by this authorization server. CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"` } -// swagger:route GET /.well-known/openid-configuration v0alpha2 discoverOidcConfiguration +// swagger:route GET /.well-known/openid-configuration oidc discoverOidcConfiguration // // # OpenID Connect Discovery // -// The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll -// your own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this -// flow at https://openid.net/specs/openid-connect-discovery-1_0.html . +// A mechanism for an OpenID Connect Relying Party to discover the End-User's OpenID Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations. // // Popular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others. // For a full list of clients go here: https://openid.net/developers/certified/ @@ -378,7 +429,7 @@ func (h *Handler) discoverOidcConfiguration(w http.ResponseWriter, r *http.Reque h.r.Writer().WriteError(w, r, err) return } - h.r.Writer().Write(w, r, &OIDCConfiguration{ + h.r.Writer().Write(w, r, &oidcConfiguration{ Issuer: h.c.IssuerURL(r.Context()).String(), AuthURL: h.c.OAuth2AuthURL(r.Context()).String(), TokenURL: h.c.OAuth2TokenURL(r.Context()).String(), @@ -410,7 +461,8 @@ func (h *Handler) discoverOidcConfiguration(w http.ResponseWriter, r *http.Reque }) } -// The userinfo response +// OpenID Connect Userinfo +// // swagger:model oidcUserInfo type oidcUserInfo struct { // Subject - Identifier for the End-User at the IssuerURL. @@ -471,14 +523,12 @@ type oidcUserInfo struct { UpdatedAt int `json:"updated_at,omitempty"` } -// swagger:route GET /userinfo v0alpha2 getOidcUserInfo +// swagger:route GET /userinfo oidc getOidcUserInfo // // # OpenID Connect Userinfo // -// This endpoint returns the payload of the ID Token, including the idTokenExtra values, of -// the provided OAuth 2.0 Access Token. -// -// For more information please [refer to the spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo). +// This endpoint returns the payload of the ID Token, including `session.id_token` values, of +// the provided OAuth 2.0 Access Token's consent request. // // In the case of authentication error, a WWW-Authenticate header might be set in the response // with more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3) @@ -574,6 +624,8 @@ func (h *Handler) getOidcUserInfo(w http.ResponseWriter, r *http.Request) { } } +// Revoke OAuth 2.0 Access or Refresh Token Request +// // swagger:parameters revokeOAuth2Token type revokeOAuth2Token struct { // in: formData @@ -581,9 +633,9 @@ type revokeOAuth2Token struct { Token string `json:"token"` } -// swagger:route POST /oauth2/revoke v0alpha2 revokeOAuth2Token +// swagger:route POST /oauth2/revoke oAuth2 revokeOAuth2Token // -// # Revoke an OAuth2 Access or Refresh Token +// # Revoke OAuth 2.0 Access or Refresh Token // // Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no // longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token. @@ -613,8 +665,10 @@ func (h *Handler) revokeOAuth2Token(w http.ResponseWriter, r *http.Request) { h.r.OAuth2Provider().WriteRevocationResponse(ctx, w, err) } -// swagger:parameters adminIntrospectOAuth2Token -type adminIntrospectOAuth2Token struct { +// Introspect OAuth 2.0 Access or Refresh Token Request +// +// swagger:parameters introspectOAuth2Token +type introspectOAuth2Token struct { // The string value of the token. For access tokens, this // is the "access_token" value returned from the token endpoint // defined in OAuth 2.0. For refresh tokens, this is the "refresh_token" @@ -631,15 +685,13 @@ type adminIntrospectOAuth2Token struct { Scope string `json:"scope"` } -// swagger:route POST /admin/oauth2/introspect v0alpha2 adminIntrospectOAuth2Token +// swagger:route POST /admin/oauth2/introspect oAuth2 introspectOAuth2Token // -// # Introspect OAuth2 Access or Refresh Tokens +// # Introspect OAuth2 Access and Refresh Tokens // // The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token // is neither expired nor revoked. If a token is active, additional information on the token will be included. You can -// set additional data for a token by setting `accessTokenExtra` during the consent flow. -// -// For more information [read this blog post](https://www.oauth.com/oauth2-servers/token-introspection-endpoint/). +// set additional data for a token by setting `session.access_token` during the consent flow. // // Consumes: // - application/x-www-form-urlencoded @@ -652,7 +704,7 @@ type adminIntrospectOAuth2Token struct { // Responses: // 200: introspectedOAuth2Token // default: errorOAuth2 -func (h *Handler) adminIntrospectOAuth2Token(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { +func (h *Handler) introspectOAuth2Token(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var session = NewSessionWithCustomClaims("", h.c.AllowedTopLevelClaims(r.Context())) var ctx = r.Context() @@ -741,7 +793,9 @@ func (h *Handler) adminIntrospectOAuth2Token(w http.ResponseWriter, r *http.Requ } } -// swagger:parameters performOAuth2TokenFlow +// OAuth 2.0 Token Exchange Parameters +// +// swagger:parameters oauth2TokenExchange type performOAuth2TokenFlow struct { // in: formData // required: true @@ -760,11 +814,12 @@ type performOAuth2TokenFlow struct { ClientID string `json:"client_id"` } -// OAuth2 Token Response -// swagger:model oAuth2TokenResponse -type oAuth2TokenResponse struct { - // The lifetime in seconds of the access token. For - // example, the value "3600" denotes that the access token will +// OAuth2 Token Exchange Result +// +// swagger:model oAuth2TokenExchange +type oAuth2TokenExchange struct { + // The lifetime in seconds of the access token. For + // example, the value "3600" denotes that the access token will // expire in one hour from the time the response was generated. ExpiresIn int `json:"expires_in"` @@ -785,18 +840,14 @@ type oAuth2TokenResponse struct { TokenType string `json:"token_type"` } -// swagger:route POST /oauth2/token v0alpha2 performOAuth2TokenFlow +// swagger:route POST /oauth2/token oAuth2 oauth2TokenExchange // // # The OAuth 2.0 Token Endpoint // -// The client makes a request to the token endpoint by sending the -// following parameters using the "application/x-www-form-urlencoded" HTTP -// request entity-body. +// Use open source libraries to perform OAuth 2.0 and OpenID Connect +// available for any programming language. You can find a list of libraries here https://oauth.net/code/ // -// > Do not implement a client for this endpoint yourself. Use a library. There are many libraries -// > available for any programming language. You can find a list of libraries here: https://oauth.net/code/ -// > -// > Do note that Hydra SDK does not implement this endpoint properly. Use one of the libraries listed above +// The Ory SDK is not yet able to this endpoint properly. // // Consumes: // - application/x-www-form-urlencoded @@ -811,9 +862,9 @@ type oAuth2TokenResponse struct { // oauth2: // // Responses: -// 200: oAuth2TokenResponse +// 200: oAuth2TokenExchange // default: errorOAuth2 -func (h *Handler) performOAuth2TokenFlow(w http.ResponseWriter, r *http.Request) { +func (h *Handler) oauth2TokenExchange(w http.ResponseWriter, r *http.Request) { var session = NewSessionWithCustomClaims("", h.c.AllowedTopLevelClaims(r.Context())) var ctx = r.Context() @@ -884,14 +935,14 @@ func (h *Handler) performOAuth2TokenFlow(w http.ResponseWriter, r *http.Request) h.r.OAuth2Provider().WriteAccessResponse(ctx, w, accessRequest, accessResponse) } -// swagger:route GET /oauth2/auth v0alpha2 performOAuth2AuthorizationFlow +// swagger:route GET /oauth2/auth oAuth2 oAuth2Authorize // -// # The OAuth 2.0 Authorize Endpoint +// # OAuth 2.0 Authorize Endpoint // -// This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows. -// OAuth2 is a very popular protocol and a library for your programming language will exists. +// Use open source libraries to perform OAuth 2.0 and OpenID Connect +// available for any programming language. You can find a list of libraries at https://oauth.net/code/ // -// To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749 +// The Ory SDK is not yet able to this endpoint properly. // // Consumes: // - application/x-www-form-urlencoded @@ -901,7 +952,7 @@ func (h *Handler) performOAuth2TokenFlow(w http.ResponseWriter, r *http.Request) // Responses: // 302: emptyResponse // default: errorOAuth2 -func (h *Handler) performOAuth2AuthorizationFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { +func (h *Handler) oAuth2Authorize(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { var ctx = r.Context() authorizeRequest, err := h.r.OAuth2Provider().NewAuthorizeRequest(ctx, r) @@ -1008,18 +1059,22 @@ func (h *Handler) performOAuth2AuthorizationFlow(w http.ResponseWriter, r *http. h.r.OAuth2Provider().WriteAuthorizeResponse(ctx, w, authorizeRequest, response) } -// swagger:parameters adminDeleteOAuth2Token -type adminDeleteOAuth2Token struct { - //required: true +// Delete OAuth 2.0 Access Token Parameters +// +// swagger:parameters deleteOAuth2Token +type deleteOAuth2Token struct { + // OAuth 2.0 Client ID + // + // required: true // in: query ClientID string `json:"client_id"` } -// swagger:route DELETE /admin/oauth2/tokens v0alpha2 adminDeleteOAuth2Token +// swagger:route DELETE /admin/oauth2/tokens oAuth2 deleteOAuth2Token // -// # Delete OAuth2 Access Tokens from a Client +// # Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client // -// This endpoint deletes OAuth2 access tokens issued for a client from the database +// This endpoint deletes OAuth2 access tokens issued to an OAuth 2.0 Client from the database. // // Consumes: // - application/json @@ -1029,7 +1084,7 @@ type adminDeleteOAuth2Token struct { // Responses: // 204: emptyResponse // default: errorOAuth2 -func (h *Handler) adminDeleteOAuth2Token(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { +func (h *Handler) deleteOAuth2Token(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { clientID := r.URL.Query().Get("client_id") if clientID == "" { h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'client_id' is not defined but it should have been.`))) diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go index 7475f50e59..4524945fff 100644 --- a/oauth2/handler_test.go +++ b/oauth2/handler_test.go @@ -95,7 +95,9 @@ func TestHandlerDeleteHandler(t *testing.T) { c := hydra.NewAPIClient(hydra.NewConfiguration()) c.GetConfig().Servers = hydra.ServerConfigurations{{URL: ts.URL}} - _, err := c.V0alpha2Api.AdminDeleteOAuth2Token(context.Background()).ClientId("foobar").Execute() + _, err := c. + OAuth2Api.DeleteOAuth2Token(context.Background()). + ClientId("foobar").Execute() require.NoError(t, err) ds := new(oauth2.Session) @@ -380,7 +382,7 @@ func TestHandlerWellKnown(t *testing.T) { require.NoError(t, err) defer res.Body.Close() - var wellKnownResp oauth2.OIDCConfiguration + var wellKnownResp hydra.OidcConfiguration err = json.NewDecoder(res.Body).Decode(&wellKnownResp) require.NoError(t, err, "problem decoding wellknown json response: %+v", err) snapshotx.SnapshotT(t, wellKnownResp) diff --git a/oauth2/introspector_test.go b/oauth2/introspector_test.go index e8d88510bc..1200a5a785 100644 --- a/oauth2/introspector_test.go +++ b/oauth2/introspector_test.go @@ -165,10 +165,8 @@ func TestIntrospectorSDK(t *testing.T) { client.GetConfig().Servers = hydra.ServerConfigurations{{URL: server.URL}} } - ctx, _, err := client.V0alpha2Api.AdminIntrospectOAuth2Token(context.Background()). - Token(c.token). - Scope(strings.Join(c.scopes, " ")). - Execute() + ctx, _, err := client.OAuth2Api.IntrospectOAuth2Token(context.Background()). + Token(c.token).Scope(strings.Join(c.scopes, " ")).Execute() require.NoError(t, err) if c.expectInactive { diff --git a/oauth2/revocator_test.go b/oauth2/revocator_test.go index ff02e15fbb..3596eb9e78 100644 --- a/oauth2/revocator_test.go +++ b/oauth2/revocator_test.go @@ -142,7 +142,7 @@ func TestRevoke(t *testing.T) { }, } { t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { - _, err := client.V0alpha2Api.RevokeOAuth2Token( + _, err := client.OAuth2Api.RevokeOAuth2Token( context.WithValue( context.Background(), hydra.ContextBasicAuth, diff --git a/spec/api.json b/spec/api.json index ebfc63f380..6d3a9844e1 100644 --- a/spec/api.json +++ b/spec/api.json @@ -1059,15 +1059,15 @@ "title": "OAuth 2.0 Redirect Browser To", "type": "object" }, - "oAuth2TokenResponse": { - "description": "OAuth2 Token Response", + "oAuth2TokenExchange": { + "description": "OAuth2 Token Exchange Result", "properties": { "access_token": { "description": "The access token issued by the authorization server.", "type": "string" }, "expires_in": { - "description": "The lifetime in seconds of the access token. For\nexample, the value \"3600\" denotes that the access token will\nexpire in one hour from the time the response was generated.", + "description": "The lifetime in seconds of the access token. For\nexample, the value \"3600\" denotes that the access token will\nexpire in one hour from the time the response was generated.", "format": "int64", "type": "integer" }, @@ -1093,163 +1093,163 @@ "type": "object" }, "oidcConfiguration": { - "description": "It includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms\namong others.", + "description": "Includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms\namong others.", "properties": { "authorization_endpoint": { - "description": "URL of the OP's OAuth 2.0 Authorization Endpoint.", + "description": "OAuth 2.0 Authorization Endpoint URL", "example": "https://playground.ory.sh/ory-hydra/public/oauth2/auth", "type": "string" }, "backchannel_logout_session_supported": { - "description": "Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP\nsession with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP", + "description": "OpenID Connect Back-Channel Logout Session Required\n\nBoolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP\nsession with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP", "type": "boolean" }, "backchannel_logout_supported": { - "description": "Boolean value specifying whether the OP supports back-channel logout, with true indicating support.", + "description": "OpenID Connect Back-Channel Logout Supported\n\nBoolean value specifying whether the OP supports back-channel logout, with true indicating support.", "type": "boolean" }, "claims_parameter_supported": { - "description": "Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.", + "description": "OpenID Connect Claims Parameter Parameter Supported\n\nBoolean value specifying whether the OP supports use of the claims parameter, with true indicating support.", "type": "boolean" }, "claims_supported": { - "description": "JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply\nvalues for. Note that for privacy or other reasons, this might not be an exhaustive list.", + "description": "OpenID Connect Supported Claims\n\nJSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply\nvalues for. Note that for privacy or other reasons, this might not be an exhaustive list.", "items": { "type": "string" }, "type": "array" }, "code_challenge_methods_supported": { - "description": "JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported\nby this authorization server.", + "description": "OAuth 2.0 PKCE Supported Code Challenge Methods\n\nJSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported\nby this authorization server.", "items": { "type": "string" }, "type": "array" }, "end_session_endpoint": { - "description": "URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.", + "description": "OpenID Connect End-Session Endpoint\n\nURL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.", "type": "string" }, "frontchannel_logout_session_supported": { - "description": "Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify\nthe RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also\nincluded in ID Tokens issued by the OP.", + "description": "OpenID Connect Front-Channel Logout Session Required\n\nBoolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify\nthe RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also\nincluded in ID Tokens issued by the OP.", "type": "boolean" }, "frontchannel_logout_supported": { - "description": "Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support.", + "description": "OpenID Connect Front-Channel Logout Supported\n\nBoolean value specifying whether the OP supports HTTP-based logout, with true indicating support.", "type": "boolean" }, "grant_types_supported": { - "description": "JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.", + "description": "OAuth 2.0 Supported Grant Types\n\nJSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.", "items": { "type": "string" }, "type": "array" }, "id_token_signed_response_alg": { - "description": "Algorithm used to sign OpenID Connect ID Tokens.", + "description": "OpenID Connect Default ID Token Signing Algorithms\n\nAlgorithm used to sign OpenID Connect ID Tokens.", "items": { "type": "string" }, "type": "array" }, "id_token_signing_alg_values_supported": { - "description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token\nto encode the Claims in a JWT.", + "description": "OpenID Connect Supported ID Token Signing Algorithms\n\nJSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token\nto encode the Claims in a JWT.", "items": { "type": "string" }, "type": "array" }, "issuer": { - "description": "URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.\nIf IssuerURL discovery is supported , this value MUST be identical to the issuer value returned\nby WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.", + "description": "OpenID Connect Issuer URL\n\nAn URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.\nIf IssuerURL discovery is supported , this value MUST be identical to the issuer value returned\nby WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.", "example": "https://playground.ory.sh/ory-hydra/public/", "type": "string" }, "jwks_uri": { - "description": "URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate\nsignatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs\nto encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)\nparameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.\nAlthough some algorithms allow the same key to be used for both signatures and encryption, doing so is\nNOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of\nkeys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.", - "example": "https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json", + "description": "OpenID Connect Well-Known JSON Web Keys URL\n\nURL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate\nsignatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs\nto encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)\nparameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.\nAlthough some algorithms allow the same key to be used for both signatures and encryption, doing so is\nNOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of\nkeys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.", + "example": "https://{slug}.projects.oryapis.com/.well-known/jwks.json", "type": "string" }, "registration_endpoint": { - "description": "URL of the OP's Dynamic Client Registration Endpoint.", + "description": "OpenID Connect Dynamic Client Registration Endpoint URL", "example": "https://playground.ory.sh/ory-hydra/admin/client", "type": "string" }, "request_object_signing_alg_values_supported": { - "description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,\nwhich are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when\nthe Request Object is passed by value (using the request parameter) and when it is passed by reference\n(using the request_uri parameter).", + "description": "OpenID Connect Supported Request Object Signing Algorithms\n\nJSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,\nwhich are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when\nthe Request Object is passed by value (using the request parameter) and when it is passed by reference\n(using the request_uri parameter).", "items": { "type": "string" }, "type": "array" }, "request_parameter_supported": { - "description": "Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.", + "description": "OpenID Connect Request Parameter Supported\n\nBoolean value specifying whether the OP supports use of the request parameter, with true indicating support.", "type": "boolean" }, "request_uri_parameter_supported": { - "description": "Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.", + "description": "OpenID Connect Request URI Parameter Supported\n\nBoolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.", "type": "boolean" }, "require_request_uri_registration": { - "description": "Boolean value specifying whether the OP requires any request_uri values used to be pre-registered\nusing the request_uris registration parameter.", + "description": "OpenID Connect Requires Request URI Registration\n\nBoolean value specifying whether the OP requires any request_uri values used to be pre-registered\nusing the request_uris registration parameter.", "type": "boolean" }, "response_modes_supported": { - "description": "JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.", + "description": "OAuth 2.0 Supported Response Modes\n\nJSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.", "items": { "type": "string" }, "type": "array" }, "response_types_supported": { - "description": "JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID\nProviders MUST support the code, id_token, and the token id_token Response Type values.", + "description": "OAuth 2.0 Supported Response Types\n\nJSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID\nProviders MUST support the code, id_token, and the token id_token Response Type values.", "items": { "type": "string" }, "type": "array" }, "revocation_endpoint": { - "description": "URL of the authorization server's OAuth 2.0 revocation endpoint.", + "description": "OAuth 2.0 Token Revocation URL\n\nURL of the authorization server's OAuth 2.0 revocation endpoint.", "type": "string" }, "scopes_supported": { - "description": "SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST\nsupport the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used", + "description": "OAuth 2.0 Supported Scope Values\n\nJSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST\nsupport the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used", "items": { "type": "string" }, "type": "array" }, "subject_types_supported": { - "description": "JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include\npairwise and public.", + "description": "OpenID Connect Supported Subject Types\n\nJSON array containing a list of the Subject Identifier types that this OP supports. Valid types include\npairwise and public.", "items": { "type": "string" }, "type": "array" }, "token_endpoint": { - "description": "URL of the OP's OAuth 2.0 Token Endpoint", + "description": "OAuth 2.0 Token Endpoint URL", "example": "https://playground.ory.sh/ory-hydra/public/oauth2/token", "type": "string" }, "token_endpoint_auth_methods_supported": { - "description": "JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are\nclient_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0", + "description": "OAuth 2.0 Supported Client Authentication Methods\n\nJSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are\nclient_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0", "items": { "type": "string" }, "type": "array" }, "userinfo_endpoint": { - "description": "URL of the OP's UserInfo Endpoint.", + "description": "OpenID Connect Userinfo URL\n\nURL of the OP's UserInfo Endpoint.", "type": "string" }, "userinfo_signed_response_alg": { - "description": "Algorithm used to sign OpenID Connect Userinfo Responses.", + "description": "OpenID Connect User Userinfo Signing Algorithm\n\nAlgorithm used to sign OpenID Connect Userinfo Responses.", "items": { "type": "string" }, "type": "array" }, "userinfo_signing_alg_values_supported": { - "description": "JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].", + "description": "OpenID Connect Supported Userinfo Signing Algorithm\n\nJSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].", "items": { "type": "string" }, @@ -1267,11 +1267,11 @@ "id_token_signed_response_alg", "userinfo_signed_response_alg" ], - "title": "OpenID Connect Discovery ;etadata", + "title": "OpenID Connect Discovery Metadata", "type": "object" }, "oidcUserInfo": { - "description": "The userinfo response", + "description": "OpenID Connect Userinfo", "properties": { "birthdate": { "description": "End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.", @@ -1722,7 +1722,7 @@ }, "/.well-known/openid-configuration": { "get": { - "description": "The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll\nyour own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this\nflow at https://openid.net/specs/openid-connect-discovery-1_0.html .\n\nPopular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others.\nFor a full list of clients go here: https://openid.net/developers/certified/", + "description": "A mechanism for an OpenID Connect Relying Party to discover the End-User's OpenID Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations.\n\nPopular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others.\nFor a full list of clients go here: https://openid.net/developers/certified/", "operationId": "discoverOidcConfiguration", "responses": { "200": { @@ -1748,7 +1748,7 @@ }, "summary": "OpenID Connect Discovery", "tags": [ - "v0alpha2" + "oidc" ] } }, @@ -3008,8 +3008,8 @@ }, "/admin/oauth2/introspect": { "post": { - "description": "The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token\nis neither expired nor revoked. If a token is active, additional information on the token will be included. You can\nset additional data for a token by setting `accessTokenExtra` during the consent flow.\n\nFor more information [read this blog post](https://www.oauth.com/oauth2-servers/token-introspection-endpoint/).", - "operationId": "adminIntrospectOAuth2Token", + "description": "The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token\nis neither expired nor revoked. If a token is active, additional information on the token will be included. You can\nset additional data for a token by setting `session.access_token` during the consent flow.", + "operationId": "introspectOAuth2Token", "requestBody": { "content": { "application/x-www-form-urlencoded": { @@ -3059,18 +3059,19 @@ "description": "errorOAuth2" } }, - "summary": "Introspect OAuth2 Access or Refresh Tokens", + "summary": "Introspect OAuth2 Access and Refresh Tokens", "tags": [ - "v0alpha2" + "oAuth2" ] } }, "/admin/oauth2/tokens": { "delete": { - "description": "This endpoint deletes OAuth2 access tokens issued for a client from the database", - "operationId": "adminDeleteOAuth2Token", + "description": "This endpoint deletes OAuth2 access tokens issued to an OAuth 2.0 Client from the database.", + "operationId": "deleteOAuth2Token", "parameters": [ { + "description": "OAuth 2.0 Client ID", "in": "query", "name": "client_id", "required": true, @@ -3094,9 +3095,9 @@ "description": "errorOAuth2" } }, - "summary": "Delete OAuth2 Access Tokens from a Client", + "summary": "Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client", "tags": [ - "v0alpha2" + "oAuth2" ] } }, @@ -3356,8 +3357,8 @@ }, "/oauth2/auth": { "get": { - "description": "This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.\nOAuth2 is a very popular protocol and a library for your programming language will exists.\n\nTo learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749", - "operationId": "performOAuth2AuthorizationFlow", + "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries at https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.", + "operationId": "oAuth2Authorize", "responses": { "302": { "$ref": "#/components/responses/emptyResponse" @@ -3373,9 +3374,9 @@ "description": "errorOAuth2" } }, - "summary": "The OAuth 2.0 Authorize Endpoint", + "summary": "OAuth 2.0 Authorize Endpoint", "tags": [ - "v0alpha2" + "oAuth2" ] } }, @@ -3601,31 +3602,31 @@ "oauth2": [] } ], - "summary": "Revoke an OAuth2 Access or Refresh Token", + "summary": "Revoke OAuth 2.0 Access or Refresh Token", "tags": [ - "v0alpha2" + "oAuth2" ] } }, "/oauth2/sessions/logout": { "get": { - "description": "This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front- / Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html\n\nBack-channel logout is performed asynchronously and does not affect logout flow.", - "operationId": "performOidcFrontOrBackChannelLogout", + "description": "This endpoint initiates and completes user logout at the Ory OAuth2 \u0026 OpenID provider and initiates OpenID Connect Front- / Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html\n\nBack-channel logout is performed asynchronously and does not affect logout flow.", + "operationId": "revokeOidcSession", "responses": { "302": { "$ref": "#/components/responses/emptyResponse" } }, - "summary": "OpenID Connect Front- or Back-channel Enabled Logout", + "summary": "OpenID Connect Front- and Back-channel Enabled Logout", "tags": [ - "v0alpha2" + "oidc" ] } }, "/oauth2/token": { "post": { - "description": "The client makes a request to the token endpoint by sending the\nfollowing parameters using the \"application/x-www-form-urlencoded\" HTTP\nrequest entity-body.\n\n\u003e Do not implement a client for this endpoint yourself. Use a library. There are many libraries\n\u003e available for any programming language. You can find a list of libraries here: https://oauth.net/code/\n\u003e\n\u003e Do note that Hydra SDK does not implement this endpoint properly. Use one of the libraries listed above", - "operationId": "performOAuth2TokenFlow", + "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries here https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.", + "operationId": "oauth2TokenExchange", "requestBody": { "content": { "application/x-www-form-urlencoded": { @@ -3668,11 +3669,11 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/oAuth2TokenResponse" + "$ref": "#/components/schemas/oAuth2TokenExchange" } } }, - "description": "oAuth2TokenResponse" + "description": "oAuth2TokenExchange" }, "default": { "content": { @@ -3695,13 +3696,13 @@ ], "summary": "The OAuth 2.0 Token Endpoint", "tags": [ - "v0alpha2" + "oAuth2" ] } }, "/userinfo": { "get": { - "description": "This endpoint returns the payload of the ID Token, including the idTokenExtra values, of\nthe provided OAuth 2.0 Access Token.\n\nFor more information please [refer to the spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo).\n\nIn the case of authentication error, a WWW-Authenticate header might be set in the response\nwith more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)\nfor more details about header format.", + "description": "This endpoint returns the payload of the ID Token, including `session.id_token` values, of\nthe provided OAuth 2.0 Access Token's consent request.\n\nIn the case of authentication error, a WWW-Authenticate header might be set in the response\nwith more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)\nfor more details about header format.", "operationId": "getOidcUserInfo", "responses": { "200": { @@ -3732,7 +3733,7 @@ ], "summary": "OpenID Connect Userinfo", "tags": [ - "v0alpha2" + "oidc" ] } }, diff --git a/spec/swagger.json b/spec/swagger.json index 667e57f23b..3d76400cf7 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -54,7 +54,7 @@ }, "/.well-known/openid-configuration": { "get": { - "description": "The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll\nyour own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this\nflow at https://openid.net/specs/openid-connect-discovery-1_0.html .\n\nPopular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others.\nFor a full list of clients go here: https://openid.net/developers/certified/", + "description": "A mechanism for an OpenID Connect Relying Party to discover the End-User's OpenID Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations.\n\nPopular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others.\nFor a full list of clients go here: https://openid.net/developers/certified/", "produces": [ "application/json" ], @@ -63,7 +63,7 @@ "https" ], "tags": [ - "v0alpha2" + "oidc" ], "summary": "OpenID Connect Discovery", "operationId": "discoverOidcConfiguration", @@ -1314,7 +1314,7 @@ }, "/admin/oauth2/introspect": { "post": { - "description": "The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token\nis neither expired nor revoked. If a token is active, additional information on the token will be included. You can\nset additional data for a token by setting `accessTokenExtra` during the consent flow.\n\nFor more information [read this blog post](https://www.oauth.com/oauth2-servers/token-introspection-endpoint/).", + "description": "The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token\nis neither expired nor revoked. If a token is active, additional information on the token will be included. You can\nset additional data for a token by setting `session.access_token` during the consent flow.", "consumes": [ "application/x-www-form-urlencoded" ], @@ -1326,10 +1326,10 @@ "https" ], "tags": [ - "v0alpha2" + "oAuth2" ], - "summary": "Introspect OAuth2 Access or Refresh Tokens", - "operationId": "adminIntrospectOAuth2Token", + "summary": "Introspect OAuth2 Access and Refresh Tokens", + "operationId": "introspectOAuth2Token", "parameters": [ { "type": "string", @@ -1363,7 +1363,7 @@ }, "/admin/oauth2/tokens": { "delete": { - "description": "This endpoint deletes OAuth2 access tokens issued for a client from the database", + "description": "This endpoint deletes OAuth2 access tokens issued to an OAuth 2.0 Client from the database.", "consumes": [ "application/json" ], @@ -1372,13 +1372,14 @@ "https" ], "tags": [ - "v0alpha2" + "oAuth2" ], - "summary": "Delete OAuth2 Access Tokens from a Client", - "operationId": "adminDeleteOAuth2Token", + "summary": "Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client", + "operationId": "deleteOAuth2Token", "parameters": [ { "type": "string", + "description": "OAuth 2.0 Client ID", "name": "client_id", "in": "query", "required": true @@ -1629,7 +1630,7 @@ }, "/oauth2/auth": { "get": { - "description": "This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.\nOAuth2 is a very popular protocol and a library for your programming language will exists.\n\nTo learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749", + "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries at https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.", "consumes": [ "application/x-www-form-urlencoded" ], @@ -1638,10 +1639,10 @@ "https" ], "tags": [ - "v0alpha2" + "oAuth2" ], - "summary": "The OAuth 2.0 Authorize Endpoint", - "operationId": "performOAuth2AuthorizationFlow", + "summary": "OAuth 2.0 Authorize Endpoint", + "operationId": "oAuth2Authorize", "responses": { "302": { "$ref": "#/responses/emptyResponse" @@ -1859,9 +1860,9 @@ "https" ], "tags": [ - "v0alpha2" + "oAuth2" ], - "summary": "Revoke an OAuth2 Access or Refresh Token", + "summary": "Revoke OAuth 2.0 Access or Refresh Token", "operationId": "revokeOAuth2Token", "parameters": [ { @@ -1886,16 +1887,16 @@ }, "/oauth2/sessions/logout": { "get": { - "description": "This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front- / Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html\n\nBack-channel logout is performed asynchronously and does not affect logout flow.", + "description": "This endpoint initiates and completes user logout at the Ory OAuth2 \u0026 OpenID provider and initiates OpenID Connect Front- / Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html\n\nBack-channel logout is performed asynchronously and does not affect logout flow.", "schemes": [ "http", "https" ], "tags": [ - "v0alpha2" + "oidc" ], - "summary": "OpenID Connect Front- or Back-channel Enabled Logout", - "operationId": "performOidcFrontOrBackChannelLogout", + "summary": "OpenID Connect Front- and Back-channel Enabled Logout", + "operationId": "revokeOidcSession", "responses": { "302": { "$ref": "#/responses/emptyResponse" @@ -1913,7 +1914,7 @@ "oauth2": [] } ], - "description": "The client makes a request to the token endpoint by sending the\nfollowing parameters using the \"application/x-www-form-urlencoded\" HTTP\nrequest entity-body.\n\n\u003e Do not implement a client for this endpoint yourself. Use a library. There are many libraries\n\u003e available for any programming language. You can find a list of libraries here: https://oauth.net/code/\n\u003e\n\u003e Do note that Hydra SDK does not implement this endpoint properly. Use one of the libraries listed above", + "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries here https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.", "consumes": [ "application/x-www-form-urlencoded" ], @@ -1925,10 +1926,10 @@ "https" ], "tags": [ - "v0alpha2" + "oAuth2" ], "summary": "The OAuth 2.0 Token Endpoint", - "operationId": "performOAuth2TokenFlow", + "operationId": "oauth2TokenExchange", "parameters": [ { "type": "string", @@ -1959,9 +1960,9 @@ ], "responses": { "200": { - "description": "oAuth2TokenResponse", + "description": "oAuth2TokenExchange", "schema": { - "$ref": "#/definitions/oAuth2TokenResponse" + "$ref": "#/definitions/oAuth2TokenExchange" } }, "default": { @@ -1980,7 +1981,7 @@ "oauth2": [] } ], - "description": "This endpoint returns the payload of the ID Token, including the idTokenExtra values, of\nthe provided OAuth 2.0 Access Token.\n\nFor more information please [refer to the spec](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo).\n\nIn the case of authentication error, a WWW-Authenticate header might be set in the response\nwith more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)\nfor more details about header format.", + "description": "This endpoint returns the payload of the ID Token, including `session.id_token` values, of\nthe provided OAuth 2.0 Access Token's consent request.\n\nIn the case of authentication error, a WWW-Authenticate header might be set in the response\nwith more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)\nfor more details about header format.", "produces": [ "application/json" ], @@ -1989,7 +1990,7 @@ "https" ], "tags": [ - "v0alpha2" + "oidc" ], "summary": "OpenID Connect Userinfo", "operationId": "getOidcUserInfo", @@ -3009,8 +3010,8 @@ } } }, - "oAuth2TokenResponse": { - "description": "OAuth2 Token Response", + "oAuth2TokenExchange": { + "description": "OAuth2 Token Exchange Result", "type": "object", "properties": { "access_token": { @@ -3018,7 +3019,7 @@ "type": "string" }, "expires_in": { - "description": "The lifetime in seconds of the access token. For\nexample, the value \"3600\" denotes that the access token will\nexpire in one hour from the time the response was generated.", + "description": "The lifetime in seconds of the access token. For\nexample, the value \"3600\" denotes that the access token will\nexpire in one hour from the time the response was generated.", "type": "integer", "format": "int64" }, @@ -3043,9 +3044,9 @@ } }, "oidcConfiguration": { - "description": "It includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms\namong others.", + "description": "Includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms\namong others.", "type": "object", - "title": "OpenID Connect Discovery ;etadata", + "title": "OpenID Connect Discovery Metadata", "required": [ "issuer", "authorization_endpoint", @@ -3059,160 +3060,160 @@ ], "properties": { "authorization_endpoint": { - "description": "URL of the OP's OAuth 2.0 Authorization Endpoint.", + "description": "OAuth 2.0 Authorization Endpoint URL", "type": "string", "example": "https://playground.ory.sh/ory-hydra/public/oauth2/auth" }, "backchannel_logout_session_supported": { - "description": "Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP\nsession with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP", + "description": "OpenID Connect Back-Channel Logout Session Required\n\nBoolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP\nsession with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP", "type": "boolean" }, "backchannel_logout_supported": { - "description": "Boolean value specifying whether the OP supports back-channel logout, with true indicating support.", + "description": "OpenID Connect Back-Channel Logout Supported\n\nBoolean value specifying whether the OP supports back-channel logout, with true indicating support.", "type": "boolean" }, "claims_parameter_supported": { - "description": "Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.", + "description": "OpenID Connect Claims Parameter Parameter Supported\n\nBoolean value specifying whether the OP supports use of the claims parameter, with true indicating support.", "type": "boolean" }, "claims_supported": { - "description": "JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply\nvalues for. Note that for privacy or other reasons, this might not be an exhaustive list.", + "description": "OpenID Connect Supported Claims\n\nJSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply\nvalues for. Note that for privacy or other reasons, this might not be an exhaustive list.", "type": "array", "items": { "type": "string" } }, "code_challenge_methods_supported": { - "description": "JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported\nby this authorization server.", + "description": "OAuth 2.0 PKCE Supported Code Challenge Methods\n\nJSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported\nby this authorization server.", "type": "array", "items": { "type": "string" } }, "end_session_endpoint": { - "description": "URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.", + "description": "OpenID Connect End-Session Endpoint\n\nURL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.", "type": "string" }, "frontchannel_logout_session_supported": { - "description": "Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify\nthe RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also\nincluded in ID Tokens issued by the OP.", + "description": "OpenID Connect Front-Channel Logout Session Required\n\nBoolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify\nthe RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also\nincluded in ID Tokens issued by the OP.", "type": "boolean" }, "frontchannel_logout_supported": { - "description": "Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support.", + "description": "OpenID Connect Front-Channel Logout Supported\n\nBoolean value specifying whether the OP supports HTTP-based logout, with true indicating support.", "type": "boolean" }, "grant_types_supported": { - "description": "JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.", + "description": "OAuth 2.0 Supported Grant Types\n\nJSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.", "type": "array", "items": { "type": "string" } }, "id_token_signed_response_alg": { - "description": "Algorithm used to sign OpenID Connect ID Tokens.", + "description": "OpenID Connect Default ID Token Signing Algorithms\n\nAlgorithm used to sign OpenID Connect ID Tokens.", "type": "array", "items": { "type": "string" } }, "id_token_signing_alg_values_supported": { - "description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token\nto encode the Claims in a JWT.", + "description": "OpenID Connect Supported ID Token Signing Algorithms\n\nJSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token\nto encode the Claims in a JWT.", "type": "array", "items": { "type": "string" } }, "issuer": { - "description": "URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.\nIf IssuerURL discovery is supported , this value MUST be identical to the issuer value returned\nby WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.", + "description": "OpenID Connect Issuer URL\n\nAn URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.\nIf IssuerURL discovery is supported , this value MUST be identical to the issuer value returned\nby WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.", "type": "string", "example": "https://playground.ory.sh/ory-hydra/public/" }, "jwks_uri": { - "description": "URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate\nsignatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs\nto encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)\nparameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.\nAlthough some algorithms allow the same key to be used for both signatures and encryption, doing so is\nNOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of\nkeys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.", + "description": "OpenID Connect Well-Known JSON Web Keys URL\n\nURL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate\nsignatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs\nto encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)\nparameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.\nAlthough some algorithms allow the same key to be used for both signatures and encryption, doing so is\nNOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of\nkeys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.", "type": "string", - "example": "https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json" + "example": "https://{slug}.projects.oryapis.com/.well-known/jwks.json" }, "registration_endpoint": { - "description": "URL of the OP's Dynamic Client Registration Endpoint.", + "description": "OpenID Connect Dynamic Client Registration Endpoint URL", "type": "string", "example": "https://playground.ory.sh/ory-hydra/admin/client" }, "request_object_signing_alg_values_supported": { - "description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,\nwhich are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when\nthe Request Object is passed by value (using the request parameter) and when it is passed by reference\n(using the request_uri parameter).", + "description": "OpenID Connect Supported Request Object Signing Algorithms\n\nJSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,\nwhich are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when\nthe Request Object is passed by value (using the request parameter) and when it is passed by reference\n(using the request_uri parameter).", "type": "array", "items": { "type": "string" } }, "request_parameter_supported": { - "description": "Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.", + "description": "OpenID Connect Request Parameter Supported\n\nBoolean value specifying whether the OP supports use of the request parameter, with true indicating support.", "type": "boolean" }, "request_uri_parameter_supported": { - "description": "Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.", + "description": "OpenID Connect Request URI Parameter Supported\n\nBoolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.", "type": "boolean" }, "require_request_uri_registration": { - "description": "Boolean value specifying whether the OP requires any request_uri values used to be pre-registered\nusing the request_uris registration parameter.", + "description": "OpenID Connect Requires Request URI Registration\n\nBoolean value specifying whether the OP requires any request_uri values used to be pre-registered\nusing the request_uris registration parameter.", "type": "boolean" }, "response_modes_supported": { - "description": "JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.", + "description": "OAuth 2.0 Supported Response Modes\n\nJSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.", "type": "array", "items": { "type": "string" } }, "response_types_supported": { - "description": "JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID\nProviders MUST support the code, id_token, and the token id_token Response Type values.", + "description": "OAuth 2.0 Supported Response Types\n\nJSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID\nProviders MUST support the code, id_token, and the token id_token Response Type values.", "type": "array", "items": { "type": "string" } }, "revocation_endpoint": { - "description": "URL of the authorization server's OAuth 2.0 revocation endpoint.", + "description": "OAuth 2.0 Token Revocation URL\n\nURL of the authorization server's OAuth 2.0 revocation endpoint.", "type": "string" }, "scopes_supported": { - "description": "SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST\nsupport the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used", + "description": "OAuth 2.0 Supported Scope Values\n\nJSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST\nsupport the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used", "type": "array", "items": { "type": "string" } }, "subject_types_supported": { - "description": "JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include\npairwise and public.", + "description": "OpenID Connect Supported Subject Types\n\nJSON array containing a list of the Subject Identifier types that this OP supports. Valid types include\npairwise and public.", "type": "array", "items": { "type": "string" } }, "token_endpoint": { - "description": "URL of the OP's OAuth 2.0 Token Endpoint", + "description": "OAuth 2.0 Token Endpoint URL", "type": "string", "example": "https://playground.ory.sh/ory-hydra/public/oauth2/token" }, "token_endpoint_auth_methods_supported": { - "description": "JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are\nclient_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0", + "description": "OAuth 2.0 Supported Client Authentication Methods\n\nJSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are\nclient_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0", "type": "array", "items": { "type": "string" } }, "userinfo_endpoint": { - "description": "URL of the OP's UserInfo Endpoint.", + "description": "OpenID Connect Userinfo URL\n\nURL of the OP's UserInfo Endpoint.", "type": "string" }, "userinfo_signed_response_alg": { - "description": "Algorithm used to sign OpenID Connect Userinfo Responses.", + "description": "OpenID Connect User Userinfo Signing Algorithm\n\nAlgorithm used to sign OpenID Connect Userinfo Responses.", "type": "array", "items": { "type": "string" } }, "userinfo_signing_alg_values_supported": { - "description": "JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].", + "description": "OpenID Connect Supported Userinfo Signing Algorithm\n\nJSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].", "type": "array", "items": { "type": "string" @@ -3221,7 +3222,7 @@ } }, "oidcUserInfo": { - "description": "The userinfo response", + "description": "OpenID Connect Userinfo", "type": "object", "properties": { "birthdate": { diff --git a/test/mock-client/main.go b/test/mock-client/main.go index 6fdd6e4f8e..a0d860a823 100644 --- a/test/mock-client/main.go +++ b/test/mock-client/main.go @@ -198,7 +198,7 @@ func checkTokenResponse(token oauth2token) { } } - intro, resp, err := sdk.V0alpha2Api.AdminIntrospectOAuth2Token(context.Background()).Token(token.AccessToken).Execute() + intro, resp, err := sdk.OAuth2Api.IntrospectOAuth2Token(context.Background()).Token(token.AccessToken).Execute() defer resp.Body.Close() if err != nil { log.Fatalf("Unable to introspect OAuth2 token: %s", err)