/
example.yaml
205 lines (205 loc) · 5.66 KB
/
example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
swagger: '2.0'
info:
version: 1.0
title: Swagger Security Example
description: |
This specification demonstrates usage of protected resources with swagger.
basePath: /example
schemes:
- http
- https
consumes:
- application/json
produces:
- application/json
x-api-first-error-mapping:
301:
- java.lang.SecurityException
401:
- java.lang.IllegalArgumentException
paths:
/token:
x-api-first-handler: "example.yaml.TokenService.token"
post:
description: |
This API endpoint is used by the example itself to validate the security token,
basically representing an Authorization server.
Normally, this service will be operated by different company and deployed in different environment,
but for the demo purposes we placed it in the same specification.
consumes:
- application/x-www-form-urlencoded
produces:
- application/json
parameters:
- name: token
in: formData
description: oauth2 token
type: string
format: byte
pattern: "[A-Za-z0-9]*"
minLength: 5
maxLength: 100
required: true
responses:
200:
description: |
Normal response, a User in the case if valid token was provided .
The `User` needs to be inlined here. If it would be defined in the `definitions` area,
the scopes field would be an `ArrayWrapper` (for parsing purposes)
schema:
type: object
required:
- username
- scopes
properties:
username:
type: string
minLength: 3
maxLength: 200
scopes:
type: array
items:
type: string
minLength: 1
maxLength: 40
401:
description: |
In the case if no valid token was provided
# schema must be provided here, otherwise the returning type will be Null
schema:
type: string
default:
description: error payload
schema:
$ref: '#/definitions/ErrorModel'
get:
description: |
This endpoint is used by Swagger UI to get a token and store it into the UI session.
Normally, it would include some authentication procedure, but for the purpose of the example
this API ussues the same token for any combination of parameters and responds with a local redirect url
which is then used by the frontend to parse the token.
parameters:
- name: redirect_uri
in: query
description: the redirection URL
type: string
minLength: 1
maxLength: 1110
required: false
default: http://localhost:9000/example/token
- name: scope
in: query
description: requested scope
type: string
minLength: 1
maxLength: 110
required: false
default: "admin:org"
- name: response_type
in: query
type: string
pattern: "token"
required: false
default: "token"
- name: state
in: query
description: Any application state to be forwarded back to the frontend
type: string
minLength: 1
maxLength: 110
required: false
responses:
301:
description: |
A redirect from the login form
schema:
type: string
minLength: 10
maxLength: 100
401:
description: |
In the case if no valid combination of username and password was provided
# schema is not provided here, the returning type will be Null
default:
description: error payload
schema:
$ref: '#/definitions/ErrorModel'
/todos/{user_id}:
get:
parameters:
- name: user_id
in: path
description: ID of the user
required: true
type: integer
minimum: 0
exclusiveMinimum: true
- name: count
in: query
type: integer
description: Returns user's todo
operationId: getUserTodos
security:
- internalOAuth:
- user
- admin:org
- admin:public_key
produces:
- application/json+todos
responses:
200:
description: Normal response
schema:
type: array
items:
$ref: '#/definitions/Todo'
default:
description: No payload
securityDefinitions:
internalOAuth:
type: oauth2
scopes:
user: Grants read/write access to profile info only. Note that this scope includes user:email and user:follow.
admin:org: Fully manage organization, teams, and memberships.
admin:public_key: Fully manage public keys.
flow: implicit
# we use a single API here to issue token (for SwaggerUI)
authorizationUrl: http://localhost:9000/example/token
# and to validate it later
x-token-validation-url: http://localhost:9000/example/token
definitions:
Todo:
required:
- name
properties:
name:
type: string
tag:
type: string
description:
type: string
ErrorModel:
required:
- code
- message
properties:
code:
type: integer
format: int32
message:
type: string
# User:
# required:
# - name
# - scopes
# properties:
# name:
# type: string
# minLength: 3
# maxLength: 200
# scopes:
# type: array
# items:
# type: string
# minLength: 1
# maxLength: 40