diff --git a/openapi.yaml b/openapi.yaml index 221a5d5..c2915aa 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -99,6 +99,16 @@ components: userId: type: string format: uuid + AccessTokenIntrospectRequest: + description: The request object for introspecting an access token. + type: object + properties: + client_id: + type: string + tenantId: + type: string + token: + type: string ActionData: type: object properties: @@ -1158,6 +1168,30 @@ components: - Required - NotRequired - NotRequiredWhenUsingPKCE + ClientCredentialsAccessTokenIntrospectRequest: + description: Contains the parameters used to introspect an access token that + was obtained via the client credentials grant. + type: object + properties: + tenantId: + type: string + token: + type: string + ClientCredentialsGrantRequest: + description: The request object to make a Client Credentials grant request to + obtain an access token. + type: object + properties: + client_id: + type: string + client_secret: + type: string + grant_type: + type: string + scope: + type: string + tenantId: + type: string ConnectorLambdaConfiguration: type: object properties: @@ -1365,6 +1399,23 @@ components: type: integer enabled: type: boolean + DeviceApprovalRequest: + description: The request object to approve a device grant. + type: object + properties: + client_id: + type: string + client_secret: + type: string + metaData: + "$ref": "#/components/schemas/MetaData" + tenantId: + type: string + format: uuid + token: + type: string + user_code: + type: string DeviceApprovalResponse: description: '' type: object @@ -1381,6 +1432,21 @@ components: userId: type: string format: uuid + DeviceAuthorizationRequest: + description: '' + type: object + properties: + client_id: + type: string + client_secret: + type: string + metaData: + "$ref": "#/components/schemas/MetaData" + scope: + type: string + tenantId: + type: string + format: uuid DeviceInfo: description: '' type: object @@ -3780,7 +3846,7 @@ components: type: string kty: "$ref": "#/components/schemas/KeyType" - "n": + n: type: string other: type: object @@ -3804,7 +3870,7 @@ components: type: string x5t#S256: type: string - "y": + y: type: string JSONWebKeyInfoProvider: description: Interface for any object that can provide JSON Web key Information. @@ -5013,6 +5079,44 @@ components: enum: - FirstParty - ThirdParty + OAuthCodeAccessTokenRequest: + description: The request object for exchanging an OAuth authorization code for + an access token. + type: object + properties: + client_id: + type: string + client_secret: + type: string + code: + type: string + grant_type: + type: string + redirect_uri: + type: string + tenantId: + type: string + OAuthCodePKCEAccessTokenRequest: + description: The request object to make a request to the Token endpoint to exchange + the authorization code returned from the Authorize endpoint and a code_verifier + for an access token. + type: object + properties: + client_id: + type: string + client_secret: + type: string + code: + type: string + code_verifier: + type: string + grant_type: + type: string + redirect_uri: + type: string + tenantId: + type: string + format: uuid OAuthConfigurationResponse: description: '' type: object @@ -5806,6 +5910,25 @@ components: userId: type: string format: uuid + RefreshTokenAccessTokenRequest: + description: The request object to exchange a Refresh Token for an Access Token. + type: object + properties: + client_id: + type: string + client_secret: + type: string + grant_type: + type: string + refresh_token: + type: string + scope: + type: string + tenantId: + type: string + format: uuid + user_code: + type: string RefreshTokenExpirationPolicy: description: '' type: string @@ -6022,6 +6145,30 @@ components: - discouraged - preferred - required + RetrieveUserCodeRequest: + description: The request object for retrieving a user code that is part of an + in-progress Device Authorization Grant. + type: object + properties: + client_id: + type: string + client_secret: + type: string + tenantId: + type: string + format: uuid + user_code: + type: string + RetrieveUserCodeUsingAPIKeyRequest: + description: The request object for retrieving a user code that is part of an + in-progress Device Authorization Grant using an API key + type: object + properties: + tenantId: + type: string + format: uuid + user_code: + type: string SAMLLogoutBehavior: type: string enum: @@ -8267,6 +8414,27 @@ components: properties: user: "$ref": "#/components/schemas/User" + UserCredentialsAccessTokenRequest: + description: The request object for exchanging user credentials (username and + password) for an access token. + type: object + properties: + client_id: + type: string + client_secret: + type: string + grant_type: + type: string + password: + type: string + scope: + type: string + tenantId: + type: string + user_code: + type: string + username: + type: string UserDeactivateEvent: description: Models the User Deactivate Event. type: object @@ -8857,6 +9025,18 @@ components: format: uuid enabled: type: boolean + ValidateDeviceRequest: + description: The request object for validating an end-user provided user_code + from the user-interaction of the Device Authorization Grant + type: object + properties: + client_id: + type: string + tenantId: + type: string + format: uuid + user_code: + type: string ValidateResponse: description: '' type: object @@ -18133,9 +18313,14 @@ paths: "$ref": "#/components/schemas/Errors" "/oauth2/device/approve": post: - description: Approve a device grant. - operationId: approveDeviceWithId + description: Approve a device grant. OR Approve a device grant. + operationId: createDeviceApprove parameters: [] + requestBody: + content: + application/json: + schema: + "$ref": "#/components/schemas/DeviceApprovalRequest" responses: '200': description: Success @@ -18164,6 +18349,25 @@ paths: description: Success default: description: Error + post: + description: Retrieve a user_code that is part of an in-progress Device Authorization + Grant. This API is useful if you want to build your own login workflow to + complete a device grant. OR Retrieve a user_code that is part of an in-progress + Device Authorization Grant. This API is useful if you want to build your + own login workflow to complete a device grant. This request will require + an API key. + operationId: createDeviceUserCode + parameters: [] + requestBody: + content: + application/json: + schema: + "$ref": "#/components/schemas/RetrieveUserCodeRequest" + responses: + '200': + description: Success + default: + description: Error "/oauth2/device/validate": get: description: Validates the end-user provided user_code from the user-interaction @@ -18187,14 +18391,63 @@ paths: description: Success default: description: Error + post: + description: Validates the end-user provided user_code from the user-interaction + of the Device Authorization Grant. If you build your own activation form you + should validate the user provided code prior to beginning the Authorization + grant. + operationId: validateDeviceWithRequestWithId + parameters: [] + requestBody: + content: + application/json: + schema: + "$ref": "#/components/schemas/ValidateDeviceRequest" + responses: + '200': + description: Success + default: + description: Error + "/oauth2/device_authorize": + post: + description: Start the Device Authorization flow using a request body OR Start + the Device Authorization flow using form-encoded parameters + operationId: createDevice_authorize + parameters: [] + requestBody: + content: + application/json: + schema: + "$ref": "#/components/schemas/DeviceAuthorizationRequest" + responses: + '200': + description: Success + content: + application/json: + schema: + "$ref": "#/components/schemas/DeviceResponse" + default: + description: Error + content: + application/json: + schema: + "$ref": "#/components/schemas/OAuthError" "/oauth2/introspect": post: description: Inspect an access token issued as the result of the Client Credentials + Grant. OR Inspect an access token issued as the result of the Client Credentials Grant. OR Inspect an access token issued as the result of the User based grant such as the Authorization Code Grant, Implicit Grant, the User Credentials - Grant or the Refresh Grant. + Grant or the Refresh Grant. OR Inspect an access token issued as the result + of the User based grant such as the Authorization Code Grant, Implicit Grant, + the User Credentials Grant or the Refresh Grant. operationId: createIntrospect parameters: [] + requestBody: + content: + application/json: + schema: + "$ref": "#/components/schemas/ClientCredentialsAccessTokenIntrospectRequest" responses: '200': description: Success @@ -18213,17 +18466,34 @@ paths: description: Exchange User Credentials for a Token. If you will be using the Resource Owner Password Credential Grant, you will make a request to the Token endpoint to exchange the user’s email and password for an access token. OR - Exchange a Refresh Token for an Access Token. If you will be using the Refresh - Token Grant, you will make a request to the Token endpoint to exchange the - user’s refresh token for an access token. OR Exchanges an OAuth authorization + Exchange User Credentials for a Token. If you will be using the Resource Owner + Password Credential Grant, you will make a request to the Token endpoint to + exchange the user’s email and password for an access token. OR Exchange a + Refresh Token for an Access Token. If you will be using the Refresh Token + Grant, you will make a request to the Token endpoint to exchange the user’s + refresh token for an access token. OR Exchange a Refresh Token for an Access + Token. If you will be using the Refresh Token Grant, you will make a request + to the Token endpoint to exchange the user’s refresh token for an access token. + OR Exchanges an OAuth authorization code for an access token. Makes a request + to the Token endpoint to exchange the authorization code returned from the + Authorize endpoint for an access token. OR Exchanges an OAuth authorization code and code_verifier for an access token. Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token. OR Exchanges an OAuth authorization code + and code_verifier for an access token. Makes a request to the Token endpoint + to exchange the authorization code returned from the Authorize endpoint and + a code_verifier for an access token. OR Exchanges an OAuth authorization code for an access token. Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token. - OR Make a Client Credentials grant request to obtain an access token. + OR Make a Client Credentials grant request to obtain an access token. OR Make + a Client Credentials grant request to obtain an access token. operationId: createToken parameters: [] + requestBody: + content: + application/json: + schema: + "$ref": "#/components/schemas/UserCredentialsAccessTokenRequest" responses: '200': description: Success