Details

openapi: 3.0.0 info: version: '0.0' title: OIDC Provider servers: - url: 'https://banno.com' tags: - name: Provider Info - name: Token - name: Authorization paths: /a/oidc-provider/api/v0/.well-known/openid-configuration: get: tags: - Provider Info description: Gets a JSON listing of the OpenID/OAuth enpoints, supported scopes, supported claims, and other details. Clients can use this information in order to build a request to the OpenID server. responses: '200': description: OK '500': description: Internal Server Error /a/oidc-provider/api/v0/jwks: get: tags: - Provider Info summary: Gets the JSON Web Key Set (JWKS) for verifying JWTs received from the authentication server. responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/certsResponse' '500': description: Internal Server Error /a/oidc-provider/api/v0/token: post: tags: - Token summary: Exchanges authorization code for an access token requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/tokenRequest' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/tokenResponse' '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/tokenFailure' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/tokenUnauthorized' '500': description: Internal Server Error /a/oidc-provider/api/v0/auth: get: summary: Sends authentication request using query string parameters. description: 'Utilizing query string parameters, the `/auth` route will redirect to the specified `redirect_uri` with the result of the call found in the URL.' tags: - Authorization parameters: - name: response_type in: query description: The authorization type. Must be set to `code` required: true schema: type: string example: code - name: client_id in: query description: ID of the client required: true schema: type: string example: string - name: redirect_uri in: query description: The redirect URI as registered by the client. required: false schema: type: string example: string - name: scope in: query description: The possible scope of the request required: false schema: type: string example: string - name: state in: query description: Any client state that needs to be passed onto the redirect URI required: false schema: type: string example: string - name: prompt in: query required: false schema: type: string example: consent responses: '200': description: OK '400': description: Bad Request '500': description: Internal Server Error post: tags: - Authorization summary: Sends authentication request using a POST request Body. description: 'Utilizing a `POST` request, the `/auth` route will redirect to the specified `redirect_uri` with the result of the call found in the URL.' requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/authRequest' responses: '200': description: OK content: text/html: schema: type: string '400': description: Bad Request content: text/html: schema: type: string '500': description: Internal Server Error components: securitySchemes: clientCredentials: type: oauth2 description: OAuth2 using the client credentials flow flows: clientCredentials: tokenUrl: https://banno.com/a/oidc-provider/api/v0/token scopes: {} schemas: certsResponse: type: object properties: keys: type: array items: required: - kid - kty - use type: object properties: kty: type: string example: string kid: type: string example: string use: type: string example: string crv: type: string example: string x: type: string example: string 'y': type: string example: string d: type: string example: string e: type: string example: string 'n': type: string example: string p: type: string example: string q: type: string example: string dp: type: string example: string dq: type: string example: string qi: type: string example: string tokenRequest: required: - client_assertion - client_assertion_type - grant_type - scope type: object properties: client_assertion: description: Properly signed JWT token (this houses the client id for the request). Test token payload at https://jwt.io/ type: string example: string client_assertion_type: $ref: "#/components/schemas/validClientAssertionTypes" grant_type: $ref: "#/components/schemas/validGrantTypes" scope: $ref: "#/components/schemas/validScopes" tokenResponse: required: - access_token - token_type - refresh_token type: object properties: access_token: type: string description: The access token returned from the server example: string token_type: type: string description: the type of access token that was given. example: string expires_in: type: string description: the number of seconds the token will take to expire example: '600' refresh_token: type: string description: A refresh token for when the access token is expired. example: string tokenFailure: type: object properties: error: type: string example: Invalid request error_description: type: string example: no client authentication mechanism provided tokenUnauthorized: type: object properties: error: type: string example: invalid client error_description: type: string example: client authentication failed authRequest: required: - response_type - client_id type: object properties: response_type: type: string description: the authorization response type. This must be set to code. example: code client_id: type: string description: ID of client as given by the authorization server example: string redirect_uri: type: string description: the redirect URI registered by the client example: string scope: type: string description: The possible scope of the request example: string state: type: string description: Any client state that needs to be passed onto the redirect uri example: string prompt: type: string example: consent validClientAssertionTypes: type: string description: The possible client assertion types for the request enum: - urn:ietf:params:oauth:client-assertion-type:jwt-bearer validGrantTypes: type: string description: The possible grant types for the request enum: - client_credentials validScopes: type: string description: The possible scope of the request enum: - openid