Details

openapi: 3.0.0 info: version: '0.0' title: OIDC Provider servers: - url: 'https://banno.com' tags: - name: Provider Info - name: Token - name: Authorization paths: /a/oidc-provider/api/v0/.well-known/openid-configuration: get: tags: - Provider Info description: Gets a JSON listing of the OpenID/OAuth enpoints, supported scopes, supported claims, and other details. Clients can use this information in order to build a request to the OpenID server. responses: '200': description: OK '500': description: Internal Server Error /a/oidc-provider/api/v0/jwks: get: tags: - Provider Info summary: Gets the JSON Web Key Set (JWKS) for verifying JWTs received from the authentication server. responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/certsResponse' '500': description: Internal Server Error /a/oidc-provider/api/v0/token: post: tags: - Token summary: Exchanges authorization code for an access token requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/tokenRequest' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/tokenResponse' '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/tokenFailure' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/tokenUnauthorized' '500': description: Internal Server Error /a/oidc-provider/api/v0/auth: get: summary: Sends authentication request using query string parameters. description: 'Utilizing query string parameters, the `/auth` route will redirect to the specified `redirect_uri` with the result of the call found in the URL.' tags: - Authorization parameters: - name: response_type in: query description: The authorization type. Must be set to `code` required: true schema: type: string enum: - code example: code - name: client_id in: query description: ID of the client required: true schema: type: string example: 00000000-0000-0000-0000-000000000000 - name: redirect_uri in: query description: The redirect URI as registered by the client. required: false schema: type: string example: https://localhost/cb - name: scope in: query description: The possible scope of the request required: false schema: type: string example: openid - name: claims in: query description: Claims to return in the id_token or from the userinfo endpoint required: false schema: type: string example: "{\"id_token\":{\"email\":null}}" - name: state in: query description: Any client state that needs to be passed onto the redirect URI required: false schema: type: string example: 00000000-0000-0000-0000-000000000000 - name: prompt in: query description: Specific prompts a user must be presented with required: false schema: type: string enum: - login - consent example: consent - name: code_challenge in: query description: PKCE code challenge required: false schema: type: string example: base64UrlEncoded(sha256(code_verifier)) - name: code_challenge_method in: query description: PKCE code challenge method required: false schema: type: string enum: - S256 example: S256 responses: '200': description: OK '400': description: Bad Request '500': description: Internal Server Error post: tags: - Authorization summary: Sends authentication request using a POST request Body. description: 'Utilizing a `POST` request, the `/auth` route will redirect to the specified `redirect_uri` with the result of the call found in the URL.' requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/authRequest' responses: '200': description: OK content: text/html: schema: type: string '400': description: Bad Request content: text/html: schema: type: string '500': description: Internal Server Error components: securitySchemes: clientCredentials: type: oauth2 description: OAuth2 using the client credentials flow flows: clientCredentials: tokenUrl: https://banno.com/a/oidc-provider/api/v0/token scopes: {} schemas: certsResponse: type: object properties: keys: type: array items: required: - kid - kty - use type: object properties: kty: type: string example: string kid: type: string example: string use: type: string example: string crv: type: string example: string x: type: string example: string 'y': type: string example: string d: type: string example: string e: type: string example: string 'n': type: string example: string p: type: string example: string q: type: string example: string dp: type: string example: string dq: type: string example: string qi: type: string example: string tokenRequest: required: - grant_type type: object properties: client_assertion: description: Properly signed JWT token (this houses the client id for the request). Test token payload at https://jwt.io/ type: string example: string client_assertion_type: $ref: "#/components/schemas/validClientAssertionTypes" grant_type: $ref: "#/components/schemas/validGrantTypes" scope: $ref: "#/components/schemas/validScopes" code: description: The authorization code received from the authorization endpoint. type: string example: string redirect_uri: description: The redirect URI used in the initial authorization request. type: string example: https://localhost/cb client_id: description: ID of the client type: string example: 00000000-0000-0000-0000-000000000000 code_verifier: description: PKCE code verifier type: string example: string tokenResponse: required: - access_token - token_type - refresh_token type: object properties: access_token: type: string description: The access token returned from the server example: string token_type: type: string description: the type of access token that was given. example: string expires_in: type: string description: the number of seconds the token will take to expire example: '600' refresh_token: type: string description: A refresh token for when the access token is expired. example: string tokenFailure: type: object properties: error: type: string example: Invalid request error_description: type: string example: no client authentication mechanism provided tokenUnauthorized: type: object properties: error: type: string example: invalid client error_description: type: string example: client authentication failed authRequest: required: - response_type - client_id type: object properties: response_type: description: The authorization type. Must be set to `code` type: string enum: - code example: code client_id: description: ID of the client type: string example: 00000000-0000-0000-0000-000000000000 redirect_uri: description: The redirect URI as registered by the client. type: string example: https://localhost/cb scope: description: The possible scope of the request type: string example: openid claims: description: Claims to return in the id_token or from the userinfo endpoint type: string example: "{\"id_token\":{\"email\":null}}" state: description: Any client state that needs to be passed onto the redirect URI type: string example: random+value prompt: description: Specific prompts a user must be presented with type: string enum: - login - consent example: consent code_challenge: description: PKCE code challenge type: string example: base64UrlEncoded(sha256(code_verifier)) code_challenge_method: description: PKCE code challenge method - must be `S256` type: string enum: - S256 example: S256 validClientAssertionTypes: type: string description: The possible client assertion types for the request enum: - urn:ietf:params:oauth:client-assertion-type:jwt-bearer validGrantTypes: type: string description: The possible grant types for the request enum: - client_credentials validScopes: type: string description: The possible scope of the request enum: - openid