Details

openapi: 3.0.0 info: version: '0.0' title: OIDC Provider servers: - url: 'https://banno.com' tags: - name: Provider Info - name: Token - name: Authorization paths: /a/oidc-provider/api/v0/.well-known/openid-configuration: get: tags: - Provider Info description: Gets a JSON listing of the OpenID/OAuth enpoints, supported scopes, supported claims, and other details. Clients can use this information in order to build a request to the OpenID server. responses: '200': description: OK '500': description: Internal Server Error /a/oidc-provider/api/v0/jwks: get: tags: - Provider Info summary: Gets the JSON Web Key Set (JWKS) for verifying JWTs received from the authentication server. responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/certsResponse' '500': description: Internal Server Error /a/oidc-provider/api/v0/token: post: tags: - Token summary: Exchanges authorization code for an access token requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/tokenRequest' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/tokenResponse' '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/tokenFailure' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/tokenUnauthorized' '500': description: Internal Server Error /a/oidc-provider/api/v0/token/revocation: post: tags: - Token summary: Revokes a token. description: See the [OAuth Token Revocation specs](https://tools.ietf.org/html/rfc7009). requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/tokenRevocationRequest' responses: '200': description: OK (no content) '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/tokenFailure' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/tokenUnauthorized' '500': description: Internal Server Error /a/oidc-provider/api/v0/auth: get: summary: Sends authentication request using query string parameters. description: 'Utilizing query string parameters, the `/auth` route will redirect to the specified `redirect_uri` with the result of the call found in the URL.' tags: - Authorization parameters: - name: response_type in: query description: The authorization type. Must be set to `code` required: true schema: type: string enum: - code example: code - name: client_id in: query description: ID of the client required: true schema: type: string example: 00000000-0000-0000-0000-000000000000 - name: redirect_uri in: query description: The redirect URI as registered by the client. required: false schema: type: string example: https://localhost/cb - name: scope in: query description: The possible scope of the request required: false schema: type: string example: openid - name: claims in: query description: Claims to return in the id_token or from the userinfo endpoint required: false schema: type: string example: "{\"id_token\":{\"email\":null}}" - name: state in: query description: Any client state that needs to be passed onto the redirect URI required: false schema: type: string example: 00000000-0000-0000-0000-000000000000 - name: prompt in: query description: Specific prompts a user must be presented with required: false schema: type: string enum: - login - consent example: consent - name: code_challenge in: query description: PKCE code challenge required: false schema: type: string example: base64UrlEncoded(sha256(code_verifier)) - name: code_challenge_method in: query description: PKCE code challenge method required: false schema: type: string enum: - S256 example: S256 responses: '200': description: OK '400': description: Bad Request '500': description: Internal Server Error post: tags: - Authorization summary: Sends authentication request using a POST request Body. description: 'Utilizing a `POST` request, the `/auth` route will redirect to the specified `redirect_uri` with the result of the call found in the URL.' requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/authRequest' responses: '200': description: OK content: text/html: schema: type: string '400': description: Bad Request content: text/html: schema: type: string '500': description: Internal Server Error /a/oidc-provider/api/v0/me: get: tags: - User Info summary: Returns info about the authenticated user. description: See the [OpenID Connect Core specs](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). security: - OpenID_Connect: - openid responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/userInfo' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/tokenUnauthorized' '500': description: Internal Server Error components: securitySchemes: clientCredentials: type: oauth2 description: OAuth2 using the client credentials flow flows: clientCredentials: tokenUrl: https://banno.com/a/oidc-provider/api/v0/token scopes: {} OpenID_Connect: type: oauth2 flows: implicit: authorizationUrl: https://banno.com/a/oidc-provider/api/v0/auth scopes: openid: Access to the user's OpenID schemas: certsResponse: type: object properties: keys: type: array items: required: - kid - kty - use type: object properties: kty: type: string example: string kid: type: string example: string use: type: string example: string crv: type: string example: string x: type: string example: string 'y': type: string example: string d: type: string example: string e: type: string example: string 'n': type: string example: string p: type: string example: string q: type: string example: string dp: type: string example: string dq: type: string example: string qi: type: string example: string tokenRequest: required: - grant_type type: object properties: client_assertion: description: Properly signed JWT token (this houses the client id for the request). Test token payload at https://jwt.io/ type: string example: string client_assertion_type: $ref: "#/components/schemas/validClientAssertionTypes" grant_type: $ref: "#/components/schemas/validGrantTypes" scope: $ref: "#/components/schemas/validScopes" code: description: The authorization code received from the authorization endpoint. type: string example: string redirect_uri: description: The redirect URI used in the initial authorization request. type: string example: https://localhost/cb client_id: description: ID of the client type: string example: 00000000-0000-0000-0000-000000000000 code_verifier: description: PKCE code verifier type: string example: string tokenRevocationRequest: required: - client_id - client_secret - token type: object properties: client_id: type: string example: 0cd6b55a-3017-4e16-aa50-f0cbdb1cd12f client_secret: type: string example: b63f559e-1425-41f9-9381-454b64e1981a token: type: string description: ID of the token to revoke token_type_hint: type: string example: access_token description: Suggests the type of token passed tokenResponse: required: - access_token - token_type - refresh_token type: object properties: access_token: type: string description: The access token returned from the server example: string token_type: type: string description: the type of access token that was given. example: string expires_in: type: string description: the number of seconds the token will take to expire example: '600' refresh_token: type: string description: A refresh token for when the access token is expired. example: string tokenFailure: type: object properties: error: type: string example: Invalid request error_description: type: string example: no client authentication mechanism provided tokenUnauthorized: type: object properties: error: type: string example: invalid client error_description: type: string example: client authentication failed authRequest: required: - response_type - client_id type: object properties: response_type: description: The authorization type. Must be set to `code` type: string enum: - code example: code client_id: description: ID of the client type: string example: 00000000-0000-0000-0000-000000000000 redirect_uri: description: The redirect URI as registered by the client. type: string example: https://localhost/cb scope: description: The possible scope of the request type: string example: openid claims: description: Claims to return in the id_token or from the userinfo endpoint type: string example: "{\"id_token\":{\"email\":null}}" state: description: Any client state that needs to be passed onto the redirect URI type: string example: random+value prompt: description: Specific prompts a user must be presented with type: string enum: - login - consent example: consent code_challenge: description: PKCE code challenge type: string example: base64UrlEncoded(sha256(code_verifier)) code_challenge_method: description: PKCE code challenge method - must be `S256` type: string enum: - S256 example: S256 validClientAssertionTypes: type: string description: The possible client assertion types for the request enum: - urn:ietf:params:oauth:client-assertion-type:jwt-bearer validGrantTypes: type: string description: The possible grant types for the request enum: - client_credentials validScopes: type: string description: The possible scope of the request enum: - openid userInfo: type: object properties: sub: type: string description: User ID example: cf857130-6d24-11e9-870c-0242b75cad58 cash_management_user: type: object example: {} cash_management_user_id: type: string example: example esi_bsl_token: type: string example: example institution_id: type: string example: c8b309b0-fc09-11e5-8adf-0e09432615dc netteller_id: type: string example: '"888800000001"' theme_data: type: object example: {} birthdate: type: string example: '1900-01-01' family_name: type: string example: John given_name: type: string example: Doe middle_name: type: string nullable: true example: Q name: type: string example: John Doe picture: type: string example: https://ovation.banno-uat.com/a/consumer/api/node/public-profile-photo/dmF1bHQ6djE6Ny84ejdFdjBLTlFYWUxxcXZJSGVFS1ljNndSN3NYRGtKTlBVVzdXZXNBNy9rSnEzelpiT0NCcENHY0dNUWNQRS9QRGV0TElGdEhVV1RIVHpDMkpVZ3c9PQ== preferred_username: type: string example: jdoe email: type: string example: jdoe@example.com phone_number: type: string example: '"+15555556652"' address: type: object $ref: '#/components/schemas/userAddress' userAddress: type: object properties: locality: type: string example: Cedar Falls postal_code: type: string example: '"506130000"' region: type: string example: IA street_address: type: string example: 2911 Lovejoy Drive