RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: adjust openapi (#5192) 

Misc fixes to OpenAPI Specification that were missed.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
pull/5141/head
James Elliott 2023-04-08 15:25:19 +10:00 committed by GitHub
parent 2dcfc0b04c
commit 0424652940
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 106 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
api/openapi.yml
View File

@ -111,12 +111,8 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/handlers.StateResponse'
{{- $redir := "https://auth.example.com/?rd=https%3A%2F%2Fexample.com&rm=GET" }}
{{- if .Domain }}
{{- $redir = printf "%s?rd=%s&rm=GET" .BaseURL (urlquery (printf "https://%s" .Domain)) }}
{{- else if .BaseURL }}
{{- $redir = printf "%s?rd=%s&rm=GET" .BaseURL (urlquery .BaseURL) }}
{{- end }}
{{- $app := "" }}{{ if .Domain }}{{ $app = printf "https://%s/" .Domain }}{{ else if .BaseURL }}{{ $app = .BaseURL }}{{ else }}{{ $app = "https://app.example.com" }}{{ end }}
{{- $redir := printf "%s?rd=%s&rm=GET" (.BaseURL | default "https://auth.example.com/") (urlquery $app) }}
{{- range $name, $config := .EndpointsAuthz }}
{{- $uri := printf "/api/authz/%s" $name }}
{{- if (eq $name "legacy") }}{{ $uri = "/api/verify" }}{{ end }}
@ -147,7 +143,7 @@ paths:
required: false
style: simple
explode: true
example: "https"
example: 'https'
schema:
type: string
- name: X-Forwarded-Host
@ -156,7 +152,7 @@ paths:
required: false
style: simple
explode: true
example: "example.com"
example: '{{ $.Domain | default "example.com" }}'
schema:
type: string
- name: X-Forwarded-Uri
@ -165,7 +161,7 @@ paths:
required: false
style: simple
explode: true
example: "/path/example"
example: '/path/example'
schema:
type: string
- $ref: '#/components/parameters/forwardedForParam'
@ -203,7 +199,7 @@ paths:
headers:
location:
description: Redirect Location for user authorization
example: {{ $redir }}
example: '{{ $redir }}'
set-cookie:
description: Sets a new cookie value
schema:
@ -213,7 +209,7 @@ paths:
headers:
location:
description: Redirect Location for user authorization
example: {{ $redir }}
example: '{{ $redir }}'
set-cookie:
description: Sets a new cookie value
schema:
@ -276,7 +272,7 @@ paths:
headers:
location:
description: Redirect Location for user authorization
example: {{ $redir }}
example: '{{ $redir }}'
set-cookie:
description: Sets a new cookie value
schema:
@ -286,7 +282,7 @@ paths:
headers:
location:
description: Redirect Location for user authorization
example: {{ $redir }}
example: '{{ $redir }}'
set-cookie:
description: Sets a new cookie value
schema:
@ -345,7 +341,7 @@ paths:
headers:
location:
description: Redirect Location for user authorization
example: {{ $redir }}
example: '{{ $redir }}'
set-cookie:
description: Sets a new cookie value
schema:
@ -355,7 +351,7 @@ paths:
headers:
location:
description: Redirect Location for user authorization
example: {{ $redir }}
example: '{{ $redir }}'
set-cookie:
description: Sets a new cookie value
schema:
@ -414,7 +410,7 @@ paths:
headers:
location:
description: Redirect Location for user authorization
example: {{ $redir }}
example: '{{ $redir }}'
set-cookie:
description: Sets a new cookie value
schema:
@ -968,14 +964,14 @@ paths:
type: string
format: uuid
pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$'
example: "713ef767-81bc-4a27-9b83-5fe2e101b2b4"
example: '713ef767-81bc-4a27-9b83-5fe2e101b2b4'
- in: query
name: scope
description: The requested scope.
required: true
schema:
type: string
example: "openid profile groups"
example: 'openid profile groups'
- in: query
name: response_type
description: The OAuth 2.0 response type.
@ -988,7 +984,7 @@ paths:
required: true
schema:
type: string
example: "app"
example: 'app'
- in: query
name: redirect_uri
description: >
@ -1002,7 +998,7 @@ paths:
required: true
schema:
type: string
example: "https://app.example.com"
example: 'https://app.{{ .Domain | default "example.com" }}'
- in: query
name: state
description: >
@ -1012,7 +1008,7 @@ paths:
required: false
schema:
type: string
example: "oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f"
example: 'oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f'
- in: query
name: response_mode
description: >
@ -1032,7 +1028,7 @@ paths:
required: false
schema:
type: string
example: "TRMLqchoKGQNcooXvBvUy9PtmLdJGf"
example: 'TRMLqchoKGQNcooXvBvUy9PtmLdJGf'
- in: query
name: display
description: >
@ -1072,7 +1068,7 @@ paths:
required: false
schema:
type: string
example: "en-US"
example: 'en-US'
- in: query
name: claims_locales
description: >
@ -1082,7 +1078,7 @@ paths:
required: false
schema:
type: string
example: "en-US"
example: 'en-US'
- in: query
name: id_token_hint
required: false
@ -1320,7 +1316,7 @@ paths:
description: The OAuth 2.0 Access Token issued by this OpenID Connect 1.0 Provider.
schema:
type: string
example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn"
example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn'
responses:
"200":
description: OK
@ -1349,7 +1345,7 @@ paths:
description: The OAuth 2.0 Access Token issued by this OpenID Connect 1.0 Provider.
schema:
type: string
example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn"
example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn'
requestBody:
content:
application/x-www-form-urlencoded:
@ -1359,7 +1355,7 @@ paths:
access_token:
description: The OAuth 2.0 Access Token issued by this OpenID Connect 1.0 Provider.
type: string
example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn"
example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn'
responses:
"200":
description: OK
@ -1484,7 +1480,7 @@ components:
required: true
style: simple
explode: true
example: "https"
example: 'https'
schema:
type: string
forwardedHostParam:
@ -1494,7 +1490,7 @@ components:
required: true
style: simple
explode: true
example: "example.com"
example: '{{ .Domain | default "example.com" }}'
schema:
type: string
forwardedURIParam:
@ -1504,7 +1500,7 @@ components:
required: true
style: simple
explode: true
example: "/path/example"
example: '/path/example'
schema:
type: string
forwardedForParam:
@ -1514,7 +1510,7 @@ components:
required: false
style: simple
explode: true
example: "192.168.0.55,192.168.0.20"
example: '192.168.0.55,192.168.0.20'
schema:
type: string
autheliaURLParam:
@ -1524,7 +1520,7 @@ components:
required: false
style: simple
explode: true
example: "https://auth.example.com"
example: '{{ .BaseURL | default "https://auth.example.com" }}'
schema:
type: string
authParam:
@ -1548,7 +1544,7 @@ components:
properties:
uri:
type: string
example: https://secure.example.com
example: 'https://secure.{{ .Domain | default "example.com" }}'
handlers.checkURIWithinDomainResponseBody:
type: object
properties:
@ -1665,7 +1661,7 @@ components:
example: password
targetURL:
type: string
example: https://home.example.com
example: 'https://home.{{ .Domain | default "example.com" }}'
workflow:
type: string
example: openid_connect
@ -1673,7 +1669,7 @@ components:
type: string
format: uuid
pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$'
example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c"
example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c'
requestMethod:
type: string
example: GET
@ -1685,7 +1681,7 @@ components:
properties:
targetURL:
type: string
example: https://redirect.example.com
example: 'https://redirect.{{ .Domain | default "example.com" }}'
handlers.logoutResponseBody:
type: object
properties:
@ -1709,7 +1705,7 @@ components:
properties:
redirect:
type: string
example: https://home.example.com
example: 'https://home.{{ .Domain | default "example.com" }}'
{{- if .PasswordReset }}
handlers.PasswordResetStep1RequestBody:
required:
@ -1734,7 +1730,7 @@ components:
properties:
targetURL:
type: string
example: https://secure.example.com
example: 'https://secure.{{ .Domain | default "example.com" }}'
passcode:
type: string
workflow:
@ -1744,7 +1740,7 @@ components:
type: string
format: uuid
pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$'
example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c"
example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c'
{{- end }}
handlers.StateResponse:
type: object
@ -1763,7 +1759,7 @@ components:
example: 1
default_redirection_url:
type: string
example: https://home.example.com
example: 'https://home.{{ .Domain | default "example.com" }}'
middlewares.ErrorResponse:
type: object
properties:
@ -1854,10 +1850,10 @@ components:
properties:
token:
type: string
example: "123456"
example: '123456'
targetURL:
type: string
example: https://secure.example.com
example: 'https://secure.{{ .Domain | default "example.com" }}'
workflow:
type: string
example: openid_connect
@ -1865,7 +1861,7 @@ components:
type: string
format: uuid
pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$'
example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c"
example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c'
handlers.TOTPKeyResponse:
type: object
properties:
@ -1880,7 +1876,7 @@ components:
example: 5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
otpauth_url:
type: string
example: otpauth://totp/auth.example.com:john?algorithm=SHA1&digits=6&issuer=auth.example.com&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
example: 'otpauth://totp/{{ .Domain | default "example.com" }}:john?algorithm=SHA1&digits=6&issuer=auth.{{ .Domain | default "example.com" }}&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q'
{{- end }}
{{- if .Webauthn }}
webauthn.PublicKeyCredential:
@ -1953,7 +1949,7 @@ components:
type: string
format: uuid
pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$'
example: "3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c"
example: '3ebcfbc5-b0fd-4ee0-9d3c-080ae1e7298c'
webauthn.PublicKeyCredentialCreationOptions:
type: object
properties:
@ -2005,7 +2001,7 @@ components:
properties:
appidExclude:
type: string
example: {{ .BaseURL }}
example: '{{ .BaseURL }}'
webauthn.PublicKeyCredentialRequestOptions:
type: object
properties:
@ -2029,7 +2025,7 @@ components:
example: 60000
rpId:
type: string
example: auth.example.com
example: 'auth.{{ .Domain | default "example.com" }}'
allowCredentials:
type: array
items:
@ -2040,7 +2036,7 @@ components:
properties:
appid:
type: string
example: {{ .BaseURL }}
example: '{{ .BaseURL }}'
webauthn.Transports:
type: object
properties:
@ -2195,11 +2191,11 @@ components:
client_id:
type: string
description: The identifier of the client for the user to provide consent for.
example: "app"
example: 'app'
client_description:
description: The descriptive name of the client for the user to provide consent for.
type: string
example: "App Platform"
example: 'App Platform'
scopes:
description: The list of the requested scopes for the user to provide consent for.
type: array
@ -2234,11 +2230,11 @@ components:
type: string
format: uuid
pattern: '^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$'
example: "713ef767-81bc-4a27-9b83-5fe2e101b2b4"
example: '713ef767-81bc-4a27-9b83-5fe2e101b2b4'
client_id:
description: The identifier of the client for the user to provide consent for.
type: string
example: "app"
example: 'app'
consent:
description: Indicates if the user consented to the consent request.
type: boolean
@ -2261,7 +2257,7 @@ components:
URL of the OP''s OAuth 2.0 Authorization Endpoint [OpenID.Core].
See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html
type: string
example: "{{ .BaseURL }}api/oidc/authorization"
example: '{{ .BaseURL }}api/oidc/authorization'
claims_supported:
description: >
JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply
@ -2313,7 +2309,7 @@ components:
URL of the authorization server''s OAuth 2.0 introspection endpoint [RFC7662]. See Also: OAuth 2.0 Token
Introspection: https://datatracker.ietf.org/doc/html/rfc7662
type: string
example: "{{ .BaseURL }}api/oidc/introspection"
example: '{{ .BaseURL }}api/oidc/introspection'
introspection_endpoint_auth_methods_supported:
description: >
JSON array containing a list of client authentication methods supported by this introspection endpoint. The
@ -2346,7 +2342,7 @@ components:
If Issuer discovery is supported (see Section 2), this value MUST be identical to the issuer value returned
by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this Issuer.
type: string
example: "{{ .BaseURL }}"
example: '{{ .BaseURL }}'
jwks_uri:
description: >
URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate
@ -2357,7 +2353,7 @@ components:
RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of
keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
type: string
example: "{{ .BaseURL }}jwks.json"
example: '{{ .BaseURL }}jwks.json'
op_policy_uri:
description:
URL that the OpenID Provider provides to the person registering the Client to read about the OP's
@ -2375,13 +2371,13 @@ components:
The URL of the pushed authorization request endpoint at which a client can post an authorization request to
exchange for a "request_uri" value usable at the authorization server.
type: string
example: "{{ .BaseURL }}api/oidc/par"
example: '{{ .BaseURL }}api/oidc/par'
registration_endpoint:
description: >
URL of the authorization server''s OAuth 2.0 Dynamic Client Registration endpoint [RFC7591]. See Also:
OAuth 2.0 Dynamic Client Registration Protocol: https://datatracker.ietf.org/doc/html/rfc7591
type: string
example: "{{ .BaseURL }}api/oidc/registration"
example: '{{ .BaseURL }}api/oidc/registration'
require_pushed_authorization_requests:
description: >
Boolean parameter indicating whether the authorization server accepts authorization request data only via
@ -2410,7 +2406,7 @@ components:
URL of the authorization server''s OAuth 2.0 revocation endpoint [RFC7009].
See Also: OAuth 2.0 Token Revocation: https://datatracker.ietf.org/doc/html/rfc7009
type: string
example: "{{ .BaseURL }}api/oidc/revocation"
example: '{{ .BaseURL }}api/oidc/revocation'
revocation_endpoint_auth_methods_supported:
description: >
JSON array containing a list of client authentication methods supported by this revocation endpoint. The
@ -2456,7 +2452,7 @@ components:
the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic Client Registration,
then information on how to register Clients needs to be provided in this documentation.
type: string
example: "https://authelia.com"
example: 'https://authelia.com'
subject_types_supported:
description: >
JSON array containing a list of the Subject Identifier types that this OP supports.
@ -2470,7 +2466,7 @@ components:
URL of the OP''s OAuth 2.0 Token Endpoint [OpenID.Core]. This is REQUIRED unless only the Implicit Flow is
used. See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html
type: string
example: "{{ .BaseURL }}api/oidc/token"
example: '{{ .BaseURL }}api/oidc/token'
token_endpoint_auth_methods_supported:
description: >
JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options
@ -2528,7 +2524,7 @@ components:
URL of the OP''s OAuth 2.0 Authorization Endpoint [OpenID.Core].
See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html
type: string
example: "{{ .BaseURL }}api/oidc/authorization"
example: '{{ .BaseURL }}api/oidc/authorization'
backchannel_logout_session_supported:
description: >
Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify
@ -2670,7 +2666,7 @@ components:
URL of the authorization server''s OAuth 2.0 introspection endpoint [RFC7662]. See Also: OAuth 2.0
Token Introspection: https://datatracker.ietf.org/doc/html/rfc7662'
type: string
example: "{{ .BaseURL }}api/oidc/introspection"
example: '{{ .BaseURL }}api/oidc/introspection'
introspection_endpoint_auth_methods_supported:
description: >
JSON array containing a list of client authentication methods supported by this introspection endpoint. The
@ -2703,7 +2699,7 @@ components:
If Issuer discovery is supported (see Section 2), this value MUST be identical to the issuer value returned
by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this Issuer.
type: string
example: "{{ .BaseURL }}"
example: '{{ .BaseURL }}'
jwks_uri:
description: >
URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate
@ -2714,7 +2710,7 @@ components:
RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of
keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
type: string
example: "{{ .BaseURL }}jwks.json"
example: '{{ .BaseURL }}jwks.json'
op_policy_uri:
description: >
URL that the OpenID Provider provides to the person registering the Client to read about the OP's
@ -2732,13 +2728,13 @@ components:
The URL of the pushed authorization request endpoint at which a client can post an authorization request to
exchange for a "request_uri" value usable at the authorization server.
type: string
example: "{{ .BaseURL }}api/oidc/par"
example: '{{ .BaseURL }}api/oidc/par'
registration_endpoint:
description: >
URL of the authorization server''s OAuth 2.0 Dynamic Client Registration endpoint [RFC7591]. See Also:
OAuth 2.0 Dynamic Client Registration Protocol: https://datatracker.ietf.org/doc/html/rfc7591
type: string
example: "{{ .BaseURL }}api/oidc/registration"
example: '{{ .BaseURL }}api/oidc/registration'
request_object_encryption_alg_values_supported:
description: >
JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for Request
@ -2809,7 +2805,7 @@ components:
URL of the authorization server''s OAuth 2.0 revocation endpoint [RFC7009]. See Also:
OAuth 2.0 Token Revocation: https://datatracker.ietf.org/doc/html/rfc7009
type: string
example: "{{ .BaseURL }}api/oidc/revocation"
example: '{{ .BaseURL }}api/oidc/revocation'
revocation_endpoint_auth_methods_supported:
description: >
JSON array containing a list of client authentication methods supported by this revocation endpoint. The
@ -2856,7 +2852,7 @@ components:
the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic Client Registration,
then information on how to register Clients needs to be provided in this documentation.
type: string
example: "https://www.authelia.com"
example: 'https://www.authelia.com'
subject_types_supported:
description: >
JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include
@ -2870,7 +2866,7 @@ components:
URL of the OP''s OAuth 2.0 Token Endpoint [OpenID.Core]. This is REQUIRED unless only the Implicit Flow is
used. See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html
type: string
example: "{{ .BaseURL }}api/oidc/token"
example: '{{ .BaseURL }}api/oidc/token'
token_endpoint_auth_methods_supported:
description: >
JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options
@ -2926,7 +2922,7 @@ components:
path, and query parameter components.
See Also: OpenID.Core: https://openid.net/specs/openid-connect-core-1_0.html
type: string
example: "{{ .BaseURL }}api/oidc/userinfo"
example: '{{ .BaseURL }}api/oidc/userinfo'
userinfo_signing_alg_values_supported:
description: >
JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the
@ -3053,7 +3049,7 @@ components:
this is the "refresh_token" value returned from the token endpoint
as defined in OAuth 2.0 [RFC6749], Section 5.1. Other token types
are outside the scope of this specification.
example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn"
example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn'
type: string
token_type_hint:
description: >
@ -3069,7 +3065,7 @@ components:
enum:
- "access_token"
- "refresh_token"
example: "access_token"
example: 'access_token'
type: string
openid.spec.AccessRequest.ClientAuth:
oneOf:
@ -3085,7 +3081,7 @@ components:
description: >
REQUIRED if the client is not authenticating with the authorization server as described in
Section 3.2.1. of [RFC6749]. The client identifier as described in Section 2.2 of [RFC6749].
example: "my_client"
example: 'my_client'
type: string
openid.spec.AccessRequest.ClientAuth.Secret:
required:
@ -3112,7 +3108,7 @@ components:
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
enum:
- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
example: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
example: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
type: string
client_assertion_type:
description: >
@ -3136,15 +3132,15 @@ components:
type: string
code:
description: The Authorization Code.
example: "authelia_ac_1j2kn3knj12n3kj12n"
example: 'authelia_ac_1j2kn3knj12n3kj12n'
type: string
code_verifier:
description: The Authorization Code Verifier (PKCE).
example: "88a25754f7c0b3b3b88cf6cd4e29e8356b160524fdc1cb329a94471825628fd3"
example: '88a25754f7c0b3b3b88cf6cd4e29e8356b160524fdc1cb329a94471825628fd3'
type: string
redirect_uri:
description: The original Redirect URI used in the Authorization Request.
example: "https://app.example.com/oidc/callback"
example: 'https://app.{{ .Domain | default "example.com" }}/oidc/callback'
type: string
openid.spec.AccessRequest.DeviceCodeFlow:
allOf:
@ -3161,7 +3157,7 @@ components:
type: string
device_code:
description: The Device Authorization Code.
example: "authelia_dc_mn123kjn12kj3123njk"
example: 'authelia_dc_mn123kjn12kj3123njk'
type: string
openid.spec.AccessRequest.RefreshTokenFlow:
allOf:
@ -3178,7 +3174,7 @@ components:
type: string
refresh_token:
description: The Refresh Token.
example: "authelia_rt_1n2j3kihn12kj3n12k"
example: 'authelia_rt_1n2j3kihn12kj3n12k'
type: string
scope:
description: >
@ -3187,7 +3183,7 @@ components:
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
resource owner.
example: "openid profile groups"
example: 'openid profile groups'
type: string
openid.spec.AccessResponse:
type: object
@ -3198,17 +3194,17 @@ components:
properties:
access_token:
description: The access token issued by the authorization server.
example: "authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn"
example: 'authelia_at_cr4i4EtTn2F4k6mX4XzxbsBewkxCGn'
type: string
id_token:
description: The id token issued by the authorization server.
example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
type: string
refresh_token:
description: >
The refresh token, which can be used to obtain new access tokens using the
same authorization grant as described in Section 6.
example: "authelia_rt_kGBoSMbfVGP2RR6Kvujv3Xg7uXV2i"
example: 'authelia_rt_kGBoSMbfVGP2RR6Kvujv3Xg7uXV2i'
type: string
token_type:
description: >
@ -3219,7 +3215,7 @@ components:
type.
enum:
- "bearer"
example: "bearer"
example: 'bearer'
type: string
expires_in:
description: >
@ -3232,12 +3228,12 @@ components:
type: integer
state:
description: Exactly the state value passed in the authorization request if present.
example: "5dVZhNfri5XZS6wadskuzUk4MHYCvEcUgidjMeBjsktAhY7EKB"
example: '5dVZhNfri5XZS6wadskuzUk4MHYCvEcUgidjMeBjsktAhY7EKB'
type: string
scope:
description: >
The scope of the access token as described by Section 3.3 if it differs from the requested scope.
example: "openid profile groups"
example: 'openid profile groups'
type: string
openid.spec.AuthorizeRequest:
type: object
@ -3249,13 +3245,13 @@ components:
properties:
scope:
description: The requested scope.
example: "openid profile groups"
example: 'openid profile groups'
type: string
response_type:
$ref: '#/components/schemas/openid.spec.ResponseType'
client_id:
description: The OAuth 2.0 client identifier.
example: "app"
example: 'app'
type: string
redirect_uri:
description: >
@ -3266,14 +3262,14 @@ components:
that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0, and provided the OP
allows the use of http Redirection URIs in this case. The Redirection URI MAY use an alternate
scheme, such as one that is intended to identify a callback into a native application.
example: "https://app.example.com"
example: 'https://app.{{ .Domain | default "example.com" }}'
type: string
state:
description: >
Opaque value used to maintain state between the request and the callback. Typically, Cross-Site
Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this
parameter with a browser cookie.
example: "oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f"
example: 'oV84Vsy7wyCgRk2h4aZBmXZq4q3g2f'
type: string
response_mode:
$ref: '#/components/schemas/openid.spec.ResponseMode'
@ -3283,7 +3279,7 @@ components:
The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient
entropy MUST be present in the nonce values used to prevent attackers from guessing values. For
implementation notes, see Section 15.5.2.
example: "TRMLqchoKGQNcooXvBvUy9PtmLdJGf"
example: 'TRMLqchoKGQNcooXvBvUy9PtmLdJGf'
type: string
display:
$ref: '#/components/schemas/openid.spec.DisplayType'
@ -3299,7 +3295,7 @@ components:
- "login consent"
- "login select_account"
- "consent select_account"
example: "consent"
example: 'consent'
type: string
max_age:
description: >
@ -3399,7 +3395,7 @@ components:
- "popup"
- "touch"
- "wap"
example: "page"
example: 'page'
type: string
openid.spec.ResponseType:
description: The OAuth 2.0 / OpenID Connect 1.0 Response Type.
@ -3412,7 +3408,7 @@ components:
- "token id_token"
- "code id_token token"
- "none"
example: "code"
example: 'code'
type: string
openid.spec.ResponseMode:
description: >
@ -3423,7 +3419,7 @@ components:
- "query"
- "fragment"
- "form_post"
example: "query"
example: 'query'
type: string
openid.spec.GrantType:
description: The OAuth 2.0 / OpenID Connect 1.0 Grant Type.
@ -3434,14 +3430,14 @@ components:
- "password"
- "client_credentials"
- "urn:ietf:params:oauth:grant-type:device_code"
example: "authorization_code"
example: 'authorization_code'
type: string
openid.spec.CodeChallengeMethod:
description: The RFC7636 Code Challenge Verifier Method.
enum:
- "plain"
- "S256"
example: "S256"
example: 'S256'
type: string
openid.spec.ClaimType:
description: The representation of claims.
@ -3449,7 +3445,7 @@ components:
- "normal"
- "aggregated"
- "distributed"
example: "normal"
example: 'normal'
type: string
jose.spec.None:
description: The JSON Web Signature Algorithm
@ -3522,7 +3518,7 @@ components:
enum:
- "sig"
- "enc"
example: "sig"
example: 'sig'
type: string
key_ops:
description: >
@ -3624,13 +3620,13 @@ components:
The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key.
type: string
example: "RSA"
example: 'RSA'
enum:
- "RSA"
alg:
description: The JSON Web Signature Algorithm
type: string
example: "RS256"
example: 'RS256'
enum:
- "RS256"
- "RS384"
@ -3741,13 +3737,13 @@ components:
The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key.
type: string
example: "EC"
example: 'EC'
enum:
- "EC"
alg:
description: The JSON Web Signature Algorithm
type: string
example: "ES256"
example: 'ES256'
enum:
- "ES256"
- "ES384"
@ -3771,7 +3767,7 @@ components:
The curve parameter identifies the cryptographic curve used with the key. Curve
values from [DSS] used by this specification.
type: string
example: "P-521"
example: 'P-521'
enum:
- "P-256"
- "P-384"
@ -3811,7 +3807,7 @@ components:
The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key.
type: string
example: "oct"
example: 'oct'
enum:
- "oct"
k:

7
internal/server/server_test.go
View File

@ -9,7 +9,6 @@ import (
"io"
"net/http"
"os"
"path"
"strconv"
"strings"
"testing"
@ -26,12 +25,6 @@ import (
"github.com/authelia/authelia/v4/internal/utils"
)
func Test(t *testing.T) {
fmt.Println(path.Join("/api/authz/", "abc"))
fmt.Println(path.Join("/api/authz/", "abc/123/", "{path:*}"))
fmt.Println(path.Join("/api/authz/", "abc/123/"))
}
// TemporaryCertificate contains the FD of 2 temporary files containing the PEM format of the certificate and private key.
type TemporaryCertificate struct {
CertFile *os.File

6
internal/server/template_test.go
View File

@ -76,7 +76,9 @@ func TestShouldTemplateOpenAPI(t *testing.T) {
handler(mock.Ctx)
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
assert.NotEqual(t, "", string(mock.Ctx.Response.Body()))
assert.Contains(t, string(mock.Ctx.Response.Body()), "example: https://auth.example.com/?rd=https%3A%2F%2Fexample.com&rm=GET")
body := string(mock.Ctx.Response.Body())
assert.NotEqual(t, "", body)
assert.Contains(t, body, "example: 'https://auth.example.com/?rd=https%3A%2F%2Fexample.com%2F&rm=GET'")
}