-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathendpoints-api-orig.yaml
499 lines (482 loc) · 14.7 KB
/
endpoints-api-orig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
openapi: 3.1.0
info:
title: Federation endpoints API
description: |-
APIs for OpenID federation endpoints provided by this application
The server URL:s provided in this API documentation describes the server URL:s that are made
available when running the demo setup.
The name component of all URLs is a URL safe name assigned to each Federation Entity through the
configuration setup of this application. The configuration setup allows creation of any number of
individual federation entities, each supporting a configurable set of the endpoints described here.
version: 1.0.0
servers:
- url: 'http://localhost:8080/oidfed'
paths:
/{name}/.well-known/openid-federation:
get:
description: Get Entity Configuration
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
responses:
200:
description: OK
content:
application/entity-statement+jwt:
schema:
type: string
title: Entity Configuration Signed JWT
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/{name}/fetch:
get:
description: Fetch Entity Statement endpoint
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
- in: query
name: iss
title: Issuer
description: |-
The Entity Identifier of the issuer of the Entity Statement
Note that the standard draft currently requires the 'iss' query parameter to be provided
in the request, but we allow it to be absent as it is not used for anything.
If issuer is not provided, we can safely assume that the request was intended for the entity
that provides this endpoint.
required: false
schema:
type: string
- in: query
name: sub
title: Subject
description: The Entity Identifier of the subject of the Entity Statement
required: true
schema:
type: string
responses:
200:
description: OK
content:
application/entity-statement+jwt:
schema:
type: string
title: Entity Configuration Signed JWT
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
500:
description: Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/{name}/subordinate_listing:
get:
description: Subordinate Listings endpoint
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
- in: query
name: entity_type
title: Entity type
description: Filter the response to only entities of this type
required: false
schema:
$ref: '#/components/schemas/EntityTypes'
- in: query
name: trust_marked
title: Trust marked
description: Determines if the list is limited to only entities with an active trust mark
required: false
schema:
type: boolean
- in: query
name: trust_mark_id
title: Trust Mark ID
description: Filter the response to only entities with an active trust mark with this ID
required: false
schema:
type: string
- in: query
name: intermediate
title: Intermediate
description: Determines if the list is limited to only Intermediate Entities
required: false
schema:
type: boolean
responses:
200:
description: OK
content:
application/json:
title: List of supported subordinate entities Entity Identifier
schema:
type: array
items:
type: string
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
500:
description: Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/{name}/trust_mark:
get:
description: Trust Mark endpoint
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
- in: query
name: trust_mark_id
title: Trust Mark ID
description: The ID of the requested Trust Mark
required: true
schema:
type: string
- in: query
name: sub
title: Subject
description: The subject for which the Trust Mark should be issued
required: true
schema:
type: string
responses:
200:
description: OK
content:
application/trust-mark+jwt:
title: A Trust Mark for the requested subject
schema:
type: string
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
500:
description: Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/{name}/trust_mark_listing:
get:
description: Trust Marked Entities Listing endpoint
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
- in: query
name: trust_mark_id
title: Trust Mark ID
description: The ID that must match listed Trust Marks
required: true
schema:
type: string
- in: query
name: sub
title: Subject
description: Optional subject that must match listed Trust Marks
required: false
schema:
type: string
responses:
200:
description: OK
content:
application/json:
title: List of subjects that have an active Trust Mark matching the request
schema:
type: array
items:
type: string
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
500:
description: Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/{name}/trust_mark_status:
post:
description: Trust Mark Status endpoint
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
- in: query
name: trust_mark_id
title: Trust Mark ID
description: The Trust Mark ID of the status request
required: false
schema:
type: string
- in: query
name: sub
title: Subject
description: The Trust Mark subject of the status request
required: false
schema:
type: string
- in: query
name: trust_mark
title: Trust Mark
description: A Trust Mark to be checked
required: false
schema:
type: string
responses:
200:
description: OK
content:
application/json:
title: The status of the Trust Mark matching the request
schema:
$ref: '#/components/schemas/TrustMarkStatusResponse'
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
500:
description: Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/{name}/resolve:
get:
description: Resolve Entity endpoint
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
- in: query
name: sub
title: Subject
description: The Entity Identifier of the subject to resolve
required: true
schema:
type: string
- in: query
name: anchor
title: Trust Anchor
description: A Trust Mark to be checked
required: true
schema:
type: string
- in: query
name: type
title: Entity Type
description: Optional entity type that limits metadata returned to include just this type along with federation entity metadata if present
required: false
schema:
$ref: '#/components/schemas/EntityTypes'
responses:
200:
description: OK
content:
application/resolve-response+jwt:
title: Resolve response for the specified Entity, Entity Type and Trust Anchor
schema:
type: string
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
500:
description: Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/{name}/discovery:
get:
description: Discovery endpoint
parameters:
- in: path
name: name
required: true
title: Federation Entity name
description: The configured name of the federation entity providing this endpoint
schema:
type: string
- in: query
name: anchor
title: Trust Anchor
description: The Trust Anchor used to validate entity data
required: true
schema:
type: string
- in: query
name: type
title: Entity Type
description: Optional array of entity types to include in the discovery response
required: false
schema:
type: array
items:
$ref: '#/components/schemas/EntityTypes'
- in: query
name: trust_mark_id
title: Subject
description: Optional array of IDs of Trust Marks that listed entities must have
required: false
schema:
type: array
items:
type: string
responses:
200:
description: OK
content:
application/json:
title: Discovery response
schema:
type: array
items:
type: string
400:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
404:
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
500:
description: Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
components:
schemas:
ErrorResponse:
description: Error response from a Federation Endpoint
properties:
error:
$ref: '#/components/schemas/ErrorCodes'
error_description:
title: Human readable description of the error
type: string
TrustMarkStatusResponse:
description: Trust Mark status response from a Trust Mark Status endpoint
properties:
active:
type: boolean
ErrorCodes:
title: Federation endpoint error codes
type: string
enum:
- invalid_request
- invalid_client
- invalid_issuer
- not_found
- server_error
- temporarily_unavailable
- unsupported_parameter
EntityTypes:
title: Federation endpoint error codes
type: string
enum:
- federation_entity
- openid_relying_party
- openid_provider
- oauth_authorization_server
- oauth_client
- oauth_resource