diff --git a/api/openapi.yml b/api/openapi.yml index ad7115be9..6bc5cfb79 100644 --- a/api/openapi.yml +++ b/api/openapi.yml @@ -111,12 +111,8 @@ paths: application/json: schema: $ref: '#/components/schemas/handlers.StateResponse' - {{- $redir := "https://auth.example.com/?rd=https%3A%2F%2Fexample.com&rm=GET" }} - {{- if .Domain }} - {{- $redir = printf "%s?rd=%s&rm=GET" .BaseURL (urlquery (printf "https://%s" .Domain)) }} - {{- else if .BaseURL }} - {{- $redir = printf "%s?rd=%s&rm=GET" .BaseURL (urlquery .BaseURL) }} - {{- end }} + {{- $app := "" }}{{ if .Domain }}{{ $app = printf "https://%s/" .Domain }}{{ else if .BaseURL }}{{ $app = .BaseURL }}{{ else }}{{ $app = "https://app.example.com" }}{{ end }} + {{- $redir := printf "%s?rd=%s&rm=GET" (.BaseURL | default "https://auth.example.com/") (urlquery $app) }} {{- range $name, $config := .EndpointsAuthz }} {{- $uri := printf "/api/authz/%s" $name }} {{- if (eq $name "legacy") }}{{ $uri = "/api/verify" }}{{ end }} @@ -147,7 +143,7 @@ paths: required: false style: simple explode: true - example: "https" + example: 'https' schema: type: string - name: X-Forwarded-Host @@ -156,7 +152,7 @@ paths: required: false style: simple explode: true - example: "example.com" + example: '{{ $.Domain | default "example.com" }}' schema: type: string - name: X-Forwarded-Uri @@ -165,7 +161,7 @@ paths: required: false style: simple explode: true - example: "/path/example" + example: '/path/example' schema: type: string - $ref: '#/components/parameters/forwardedForParam' @@ -203,7 +199,7 @@ paths: headers: location: description: Redirect Location for user authorization - example: {{ $redir }} + example: '{{ $redir }}' set-cookie: description: Sets a new cookie value schema: @@ -213,7 +209,7 @@ paths: headers: location: description: Redirect Location for user authorization - example: {{ $redir }} + example: '{{ $redir }}' set-cookie: description: Sets a new cookie value schema: @@ -276,7 +272,7 @@ paths: headers: location: description: Redirect Location for user authorization - example: {{ $redir }} + example: '{{ $redir }}' set-cookie: description: Sets a new cookie value schema: @@ -286,7 +282,7 @@ paths: headers: location: description: Redirect Location for user authorization - example: {{ $redir }} + example: '{{ $redir }}' set-cookie: description: Sets a new cookie value schema: @@ -345,7 +341,7 @@ paths: headers: location: description: Redirect Location for user authorization - example: {{ $redir }} + example: '{{ $redir }}' set-cookie: description: Sets a new cookie value schema: @@ -355,7 +351,7 @@ paths: headers: location: description: Redirect Location for user authorization - example: {{ $redir }} + example: '{{ $redir }}' set-cookie: description: Sets a new cookie value schema: @@ -414,7 +410,7 @@ paths: headers: location: description: Redirect Location for user authorization - example: {{ $redir }} + example: '{{ $redir }}' set-cookie: description: Sets a new cookie value schema: @@ -968,14 +964,14 @@ paths: type: string format: uuid pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$' - example: "713ef767-81bc-4a27-9b83-5fe2e101b2b4" + example: '713ef767-81bc-4a27-9b83-5fe2e101b2b4' - in: query name: scope description: The requested scope. required: true schema: type: string - example: "openid profile groups" + example: 'openid profile groups' - in: query name: response_type description: The OAuth 2.0 response type. @@ -988,7 +984,7 @@ paths: required: true schema: type: string - example: "app" + example: 'app' - in: query name: redirect_uri description: > @@ -1002,7 +998,7 @@ paths: required: true schema: type: string - example: "https://app.example.com" + example: 'https://app.{{ .Domain | default "example.com" }}' - in: query name: state description: > @@ -1012,7 +1008,7 @@ paths: required: false schema: type: string - example: "oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f" + example: 'oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f' - in: query name: response_mode description: > @@ -1032,7 +1028,7 @@ paths: required: false schema: type: string - example: "TRMLqchoKGQNcooXvBvUy9PtmLdJGf" + example: 'TRMLqchoKGQNcooXvBvUy9PtmLdJGf' - in: query name: display description: > @@ -1072,7 +1068,7 @@ paths: required: false schema: type: string - example: "en-US" + example: 'en-US' - in: query name: claims_locales description: > @@ -1082,7 +1078,7 @@ paths: required: false schema: type: string - example: "en-US" + example: 'en-US' - in: query name: id_token_hint required: false @@ -1320,7 +1316,7 @@ paths: description: The OAuth 2.0 Access Token issued by this OpenID Connect 1.0 Provider. schema: type: string - example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn" + example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn' responses: "200": description: OK @@ -1349,7 +1345,7 @@ paths: description: The OAuth 2.0 Access Token issued by this OpenID Connect 1.0 Provider. schema: type: string - example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn" + example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn' requestBody: content: application/x-www-form-urlencoded: @@ -1359,7 +1355,7 @@ paths: access_token: description: The OAuth 2.0 Access Token issued by this OpenID Connect 1.0 Provider. type: string - example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn" + example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn' responses: "200": description: OK @@ -1484,7 +1480,7 @@ components: required: true style: simple explode: true - example: "https" + example: 'https' schema: type: string forwardedHostParam: @@ -1494,7 +1490,7 @@ components: required: true style: simple explode: true - example: "example.com" + example: '{{ .Domain | default "example.com" }}' schema: type: string forwardedURIParam: @@ -1504,7 +1500,7 @@ components: required: true style: simple explode: true - example: "/path/example" + example: '/path/example' schema: type: string forwardedForParam: @@ -1514,7 +1510,7 @@ components: required: false style: simple explode: true - example: "192.168.0.55,192.168.0.20" + example: '192.168.0.55,192.168.0.20' schema: type: string autheliaURLParam: @@ -1524,7 +1520,7 @@ components: required: false style: simple explode: true - example: "https://auth.example.com" + example: '{{ .BaseURL | default "https://auth.example.com" }}' schema: type: string authParam: @@ -1548,7 +1544,7 @@ components: properties: uri: type: string - example: https://secure.example.com + example: 'https://secure.{{ .Domain | default "example.com" }}' handlers.checkURIWithinDomainResponseBody: type: object properties: @@ -1665,7 +1661,7 @@ components: example: password targetURL: type: string - example: https://home.example.com + example: 'https://home.{{ .Domain | default "example.com" }}' workflow: type: string example: openid_connect @@ -1673,7 +1669,7 @@ components: type: string format: uuid pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$' - example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c" + example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c' requestMethod: type: string example: GET @@ -1685,7 +1681,7 @@ components: properties: targetURL: type: string - example: https://redirect.example.com + example: 'https://redirect.{{ .Domain | default "example.com" }}' handlers.logoutResponseBody: type: object properties: @@ -1709,7 +1705,7 @@ components: properties: redirect: type: string - example: https://home.example.com + example: 'https://home.{{ .Domain | default "example.com" }}' {{- if .PasswordReset }} handlers.PasswordResetStep1RequestBody: required: @@ -1734,7 +1730,7 @@ components: properties: targetURL: type: string - example: https://secure.example.com + example: 'https://secure.{{ .Domain | default "example.com" }}' passcode: type: string workflow: @@ -1744,7 +1740,7 @@ components: type: string format: uuid pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$' - example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c" + example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c' {{- end }} handlers.StateResponse: type: object @@ -1763,7 +1759,7 @@ components: example: 1 default_redirection_url: type: string - example: https://home.example.com + example: 'https://home.{{ .Domain | default "example.com" }}' middlewares.ErrorResponse: type: object properties: @@ -1854,10 +1850,10 @@ components: properties: token: type: string - example: "123456" + example: '123456' targetURL: type: string - example: https://secure.example.com + example: 'https://secure.{{ .Domain | default "example.com" }}' workflow: type: string example: openid_connect @@ -1865,7 +1861,7 @@ components: type: string format: uuid pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$' - example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c" + example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c' handlers.TOTPKeyResponse: type: object properties: @@ -1880,7 +1876,7 @@ components: example: 5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q otpauth_url: type: string - example: otpauth://totp/auth.example.com:john?algorithm=SHA1&digits=6&issuer=auth.example.com&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q + example: 'otpauth://totp/{{ .Domain | default "example.com" }}:john?algorithm=SHA1&digits=6&issuer=auth.{{ .Domain | default "example.com" }}&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q' {{- end }} {{- if .Webauthn }} webauthn.PublicKeyCredential: @@ -1953,7 +1949,7 @@ components: type: string format: uuid pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$' - example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c" + example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c' webauthn.PublicKeyCredentialCreationOptions: type: object properties: @@ -2005,7 +2001,7 @@ components: properties: appidExclude: type: string - example: {{ .BaseURL }} + example: '{{ .BaseURL }}' webauthn.PublicKeyCredentialRequestOptions: type: object properties: @@ -2029,7 +2025,7 @@ components: example: 60000 rpId: type: string - example: auth.example.com + example: 'auth.{{ .Domain | default "example.com" }}' allowCredentials: type: array items: @@ -2040,7 +2036,7 @@ components: properties: appid: type: string - example: {{ .BaseURL }} + example: '{{ .BaseURL }}' webauthn.Transports: type: object properties: @@ -2195,11 +2191,11 @@ components: client_id: type: string description: The identifier of the client for the user to provide consent for. - example: "app" + example: 'app' client_description: description: The descriptive name of the client for the user to provide consent for. type: string - example: "App Platform" + example: 'App Platform' scopes: description: The list of the requested scopes for the user to provide consent for. type: array @@ -2234,11 +2230,11 @@ components: type: string format: uuid pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$' - example: "713ef767-81bc-4a27-9b83-5fe2e101b2b4" + example: '713ef767-81bc-4a27-9b83-5fe2e101b2b4' client_id: description: The identifier of the client for the user to provide consent for. type: string - example: "app" + example: 'app' consent: description: Indicates if the user consented to the consent request. type: boolean @@ -2261,7 +2257,7 @@ components: URL of the OP''s OAuth 2.0 Authorization Endpoint [OpenID.Core]. See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html type: string - example: "{{ .BaseURL }}api/oidc/authorization" + example: '{{ .BaseURL }}api/oidc/authorization' claims_supported: description: > JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply @@ -2313,7 +2309,7 @@ components: URL of the authorization server''s OAuth 2.0 introspection endpoint [RFC7662]. See Also: OAuth 2.0 Token Introspection: https://datatracker.ietf.org/doc/html/rfc7662 type: string - example: "{{ .BaseURL }}api/oidc/introspection" + example: '{{ .BaseURL }}api/oidc/introspection' introspection_endpoint_auth_methods_supported: description: > JSON array containing a list of client authentication methods supported by this introspection endpoint. The @@ -2346,7 +2342,7 @@ components: If Issuer discovery is supported (see Section 2), this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this Issuer. type: string - example: "{{ .BaseURL }}" + example: '{{ .BaseURL }}' jwks_uri: description: > URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate @@ -2357,7 +2353,7 @@ components: RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. type: string - example: "{{ .BaseURL }}jwks.json" + example: '{{ .BaseURL }}jwks.json' op_policy_uri: description: URL that the OpenID Provider provides to the person registering the Client to read about the OP's @@ -2375,13 +2371,13 @@ components: The URL of the pushed authorization request endpoint at which a client can post an authorization request to exchange for a "request_uri" value usable at the authorization server. type: string - example: "{{ .BaseURL }}api/oidc/par" + example: '{{ .BaseURL }}api/oidc/par' registration_endpoint: description: > URL of the authorization server''s OAuth 2.0 Dynamic Client Registration endpoint [RFC7591]. See Also: OAuth 2.0 Dynamic Client Registration Protocol: https://datatracker.ietf.org/doc/html/rfc7591 type: string - example: "{{ .BaseURL }}api/oidc/registration" + example: '{{ .BaseURL }}api/oidc/registration' require_pushed_authorization_requests: description: > Boolean parameter indicating whether the authorization server accepts authorization request data only via @@ -2410,7 +2406,7 @@ components: URL of the authorization server''s OAuth 2.0 revocation endpoint [RFC7009]. See Also: OAuth 2.0 Token Revocation: https://datatracker.ietf.org/doc/html/rfc7009 type: string - example: "{{ .BaseURL }}api/oidc/revocation" + example: '{{ .BaseURL }}api/oidc/revocation' revocation_endpoint_auth_methods_supported: description: > JSON array containing a list of client authentication methods supported by this revocation endpoint. The @@ -2456,7 +2452,7 @@ components: the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic Client Registration, then information on how to register Clients needs to be provided in this documentation. type: string - example: "https://authelia.com" + example: 'https://authelia.com' subject_types_supported: description: > JSON array containing a list of the Subject Identifier types that this OP supports. @@ -2470,7 +2466,7 @@ components: URL of the OP''s OAuth 2.0 Token Endpoint [OpenID.Core]. This is REQUIRED unless only the Implicit Flow is used. See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html type: string - example: "{{ .BaseURL }}api/oidc/token" + example: '{{ .BaseURL }}api/oidc/token' token_endpoint_auth_methods_supported: description: > JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options @@ -2528,7 +2524,7 @@ components: URL of the OP''s OAuth 2.0 Authorization Endpoint [OpenID.Core]. See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html type: string - example: "{{ .BaseURL }}api/oidc/authorization" + example: '{{ .BaseURL }}api/oidc/authorization' backchannel_logout_session_supported: description: > Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify @@ -2670,7 +2666,7 @@ components: URL of the authorization server''s OAuth 2.0 introspection endpoint [RFC7662]. See Also: OAuth 2.0 Token Introspection: https://datatracker.ietf.org/doc/html/rfc7662' type: string - example: "{{ .BaseURL }}api/oidc/introspection" + example: '{{ .BaseURL }}api/oidc/introspection' introspection_endpoint_auth_methods_supported: description: > JSON array containing a list of client authentication methods supported by this introspection endpoint. The @@ -2703,7 +2699,7 @@ components: If Issuer discovery is supported (see Section 2), this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this Issuer. type: string - example: "{{ .BaseURL }}" + example: '{{ .BaseURL }}' jwks_uri: description: > URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate @@ -2714,7 +2710,7 @@ components: RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. type: string - example: "{{ .BaseURL }}jwks.json" + example: '{{ .BaseURL }}jwks.json' op_policy_uri: description: > URL that the OpenID Provider provides to the person registering the Client to read about the OP's @@ -2732,13 +2728,13 @@ components: The URL of the pushed authorization request endpoint at which a client can post an authorization request to exchange for a "request_uri" value usable at the authorization server. type: string - example: "{{ .BaseURL }}api/oidc/par" + example: '{{ .BaseURL }}api/oidc/par' registration_endpoint: description: > URL of the authorization server''s OAuth 2.0 Dynamic Client Registration endpoint [RFC7591]. See Also: OAuth 2.0 Dynamic Client Registration Protocol: https://datatracker.ietf.org/doc/html/rfc7591 type: string - example: "{{ .BaseURL }}api/oidc/registration" + example: '{{ .BaseURL }}api/oidc/registration' request_object_encryption_alg_values_supported: description: > JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for Request @@ -2809,7 +2805,7 @@ components: URL of the authorization server''s OAuth 2.0 revocation endpoint [RFC7009]. See Also: OAuth 2.0 Token Revocation: https://datatracker.ietf.org/doc/html/rfc7009 type: string - example: "{{ .BaseURL }}api/oidc/revocation" + example: '{{ .BaseURL }}api/oidc/revocation' revocation_endpoint_auth_methods_supported: description: > JSON array containing a list of client authentication methods supported by this revocation endpoint. The @@ -2856,7 +2852,7 @@ components: the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic Client Registration, then information on how to register Clients needs to be provided in this documentation. type: string - example: "https://www.authelia.com" + example: 'https://www.authelia.com' subject_types_supported: description: > JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include @@ -2870,7 +2866,7 @@ components: URL of the OP''s OAuth 2.0 Token Endpoint [OpenID.Core]. This is REQUIRED unless only the Implicit Flow is used. See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html type: string - example: "{{ .BaseURL }}api/oidc/token" + example: '{{ .BaseURL }}api/oidc/token' token_endpoint_auth_methods_supported: description: > JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options @@ -2926,7 +2922,7 @@ components: path, and query parameter components. See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html type: string - example: "{{ .BaseURL }}api/oidc/userinfo" + example: '{{ .BaseURL }}api/oidc/userinfo' userinfo_signing_alg_values_supported: description: > JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the @@ -3053,7 +3049,7 @@ components: this is the "refresh_token" value returned from the token endpoint as defined in OAuth 2.0 [RFC6749], Section 5.1. Other token types are outside the scope of this specification. - example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn" + example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn' type: string token_type_hint: description: > @@ -3069,7 +3065,7 @@ components: enum: - "access_token" - "refresh_token" - example: "access_token" + example: 'access_token' type: string openid.spec.AccessRequest.ClientAuth: oneOf: @@ -3085,7 +3081,7 @@ components: description: > REQUIRED if the client is not authenticating with the authorization server as described in Section 3.2.1. of [RFC6749]. The client identifier as described in Section 2.2 of [RFC6749]. - example: "my_client" + example: 'my_client' type: string openid.spec.AccessRequest.ClientAuth.Secret: required: @@ -3112,7 +3108,7 @@ components: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" enum: - "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" - example: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" + example: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' type: string client_assertion_type: description: > @@ -3136,15 +3132,15 @@ components: type: string code: description: The Authorization Code. - example: "authelia_ac_1j2kn3knj12n3kj12n" + example: 'authelia_ac_1j2kn3knj12n3kj12n' type: string code_verifier: description: The Authorization Code Verifier (PKCE). - example: "88a25754f7c0b3b3b88cf6cd4e29e8356b160524fdc1cb329a94471825628fd3" + example: '88a25754f7c0b3b3b88cf6cd4e29e8356b160524fdc1cb329a94471825628fd3' type: string redirect_uri: description: The original Redirect URI used in the Authorization Request. - example: "https://app.example.com/oidc/callback" + example: 'https://app.{{ .Domain | default "example.com" }}/oidc/callback' type: string openid.spec.AccessRequest.DeviceCodeFlow: allOf: @@ -3161,7 +3157,7 @@ components: type: string device_code: description: The Device Authorization Code. - example: "authelia_dc_mn123kjn12kj3123njk" + example: 'authelia_dc_mn123kjn12kj3123njk' type: string openid.spec.AccessRequest.RefreshTokenFlow: allOf: @@ -3178,7 +3174,7 @@ components: type: string refresh_token: description: The Refresh Token. - example: "authelia_rt_1n2j3kihn12kj3n12k" + example: 'authelia_rt_1n2j3kihn12kj3n12k' type: string scope: description: > @@ -3187,7 +3183,7 @@ components: not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the resource owner. - example: "openid profile groups" + example: 'openid profile groups' type: string openid.spec.AccessResponse: type: object @@ -3198,17 +3194,17 @@ components: properties: access_token: description: The access token issued by the authorization server. - example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn" + example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn' type: string id_token: description: The id token issued by the authorization server. - example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" + example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' type: string refresh_token: description: > The refresh token, which can be used to obtain new access tokens using the same authorization grant as described in Section 6. - example: "authelia_rt_kGBoSMbfVGP2RR6Kvujv3Xg7uXV2i" + example: 'authelia_rt_kGBoSMbfVGP2RR6Kvujv3Xg7uXV2i' type: string token_type: description: > @@ -3219,7 +3215,7 @@ components: type. enum: - "bearer" - example: "bearer" + example: 'bearer' type: string expires_in: description: > @@ -3232,12 +3228,12 @@ components: type: integer state: description: Exactly the state value passed in the authorization request if present. - example: "5dVZhNfri5XZS6wadskuzUk4MHYCvEcUgidjMeBjsktAhY7EKB" + example: '5dVZhNfri5XZS6wadskuzUk4MHYCvEcUgidjMeBjsktAhY7EKB' type: string scope: description: > The scope of the access token as described by Section 3.3 if it differs from the requested scope. - example: "openid profile groups" + example: 'openid profile groups' type: string openid.spec.AuthorizeRequest: type: object @@ -3249,13 +3245,13 @@ components: properties: scope: description: The requested scope. - example: "openid profile groups" + example: 'openid profile groups' type: string response_type: $ref: '#/components/schemas/openid.spec.ResponseType' client_id: description: The OAuth 2.0 client identifier. - example: "app" + example: 'app' type: string redirect_uri: description: > @@ -3266,14 +3262,14 @@ components: that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0, and provided the OP allows the use of http Redirection URIs in this case. The Redirection URI MAY use an alternate scheme, such as one that is intended to identify a callback into a native application. - example: "https://app.example.com" + example: 'https://app.{{ .Domain | default "example.com" }}' type: string state: description: > Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. - example: "oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f" + example: 'oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f' type: string response_mode: $ref: '#/components/schemas/openid.spec.ResponseMode' @@ -3283,7 +3279,7 @@ components: The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values. For implementation notes, see Section 15.5.2. - example: "TRMLqchoKGQNcooXvBvUy9PtmLdJGf" + example: 'TRMLqchoKGQNcooXvBvUy9PtmLdJGf' type: string display: $ref: '#/components/schemas/openid.spec.DisplayType' @@ -3299,7 +3295,7 @@ components: - "login consent" - "login select_account" - "consent select_account" - example: "consent" + example: 'consent' type: string max_age: description: > @@ -3399,7 +3395,7 @@ components: - "popup" - "touch" - "wap" - example: "page" + example: 'page' type: string openid.spec.ResponseType: description: The OAuth 2.0 / OpenID Connect 1.0 Response Type. @@ -3412,7 +3408,7 @@ components: - "token id_token" - "code id_token token" - "none" - example: "code" + example: 'code' type: string openid.spec.ResponseMode: description: > @@ -3423,7 +3419,7 @@ components: - "query" - "fragment" - "form_post" - example: "query" + example: 'query' type: string openid.spec.GrantType: description: The OAuth 2.0 / OpenID Connect 1.0 Grant Type. @@ -3434,14 +3430,14 @@ components: - "password" - "client_credentials" - "urn:ietf:params:oauth:grant-type:device_code" - example: "authorization_code" + example: 'authorization_code' type: string openid.spec.CodeChallengeMethod: description: The RFC7636 Code Challenge Verifier Method. enum: - "plain" - "S256" - example: "S256" + example: 'S256' type: string openid.spec.ClaimType: description: The representation of claims. @@ -3449,7 +3445,7 @@ components: - "normal" - "aggregated" - "distributed" - example: "normal" + example: 'normal' type: string jose.spec.None: description: The JSON Web Signature Algorithm @@ -3522,7 +3518,7 @@ components: enum: - "sig" - "enc" - example: "sig" + example: 'sig' type: string key_ops: description: > @@ -3624,13 +3620,13 @@ components: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key. type: string - example: "RSA" + example: 'RSA' enum: - "RSA" alg: description: The JSON Web Signature Algorithm type: string - example: "RS256" + example: 'RS256' enum: - "RS256" - "RS384" @@ -3741,13 +3737,13 @@ components: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key. type: string - example: "EC" + example: 'EC' enum: - "EC" alg: description: The JSON Web Signature Algorithm type: string - example: "ES256" + example: 'ES256' enum: - "ES256" - "ES384" @@ -3771,7 +3767,7 @@ components: The curve parameter identifies the cryptographic curve used with the key. Curve values from [DSS] used by this specification. type: string - example: "P-521" + example: 'P-521' enum: - "P-256" - "P-384" @@ -3811,7 +3807,7 @@ components: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key. type: string - example: "oct" + example: 'oct' enum: - "oct" k: diff --git a/internal/server/server_test.go b/internal/server/server_test.go index 1712ae8c8..4514f5619 100644 --- a/internal/server/server_test.go +++ b/internal/server/server_test.go @@ -9,7 +9,6 @@ import ( "io" "net/http" "os" - "path" "strconv" "strings" "testing" @@ -26,12 +25,6 @@ import ( "github.com/authelia/authelia/v4/internal/utils" ) -func Test(t *testing.T) { - fmt.Println(path.Join("/api/authz/", "abc")) - fmt.Println(path.Join("/api/authz/", "abc/123/", "{path:*}")) - fmt.Println(path.Join("/api/authz/", "abc/123/")) -} - // TemporaryCertificate contains the FD of 2 temporary files containing the PEM format of the certificate and private key. type TemporaryCertificate struct { CertFile *os.File diff --git a/internal/server/template_test.go b/internal/server/template_test.go index e85730c51..330edb851 100644 --- a/internal/server/template_test.go +++ b/internal/server/template_test.go @@ -76,7 +76,9 @@ func TestShouldTemplateOpenAPI(t *testing.T) { handler(mock.Ctx) assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) - assert.NotEqual(t, "", string(mock.Ctx.Response.Body())) - assert.Contains(t, string(mock.Ctx.Response.Body()), "example: https://auth.example.com/?rd=https%3A%2F%2Fexample.com&rm=GET") + body := string(mock.Ctx.Response.Body()) + + assert.NotEqual(t, "", body) + assert.Contains(t, body, "example: 'https://auth.example.com/?rd=https%3A%2F%2Fexample.com%2F&rm=GET'") }