authorize:
get:
tags:
- OAuth
summary: Start the authorization-code flow
description: The current authorize handler requires an authenticated end-user bearer token before it will issue an authorization code.
operationId: authorize
security:
- bearerAuth: []
parameters:
- name: response_type
in: query
required: true
schema:
type: string
enum:
- code
example: "code"
- name: client_id
in: query
required: true
schema:
type: string
example: "client_123"
- name: redirect_uri
in: query
required: true
schema:
type: string
format: uri
example: "https://client.example.com/callback"
- name: scope
in: query
schema:
type: string
example: "openid profile email"
- name: state
in: query
schema:
type: string
example: "xyz123"
- name: code_challenge
in: query
schema:
type: string
example: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"
- name: code_challenge_method
in: query
schema:
type: string
enum:
- S256
- plain
example: "S256"
- name: resource
in: query
schema:
type: array
items:
type: string
format: uri
style: form
explode: true
responses:
"302":
description: Redirect to the registered redirect_uri with a code or OAuth error.
"400":
$ref: "../components/responses.yaml#/BadRequest"
"401":
$ref: "../components/responses.yaml#/Unauthorized"
token:
post:
tags:
- OAuth
summary: Exchange an authorization code or refresh token
description: The current REST token handler accepts JSON and supports only authorization_code and refresh_token grants.
operationId: token
requestBody:
required: true
content:
application/json:
schema:
$ref: "../schemas/oauth.yaml#/OAuthTokenRequest"
responses:
"200":
description: Token issued successfully
content:
application/json:
schema:
allOf:
- $ref: "../schemas/common.yaml#/ApiResponse"
- type: object
properties:
data:
$ref: "../schemas/oauth.yaml#/OAuthTokenResponse"
"400":
$ref: "../components/responses.yaml#/BadRequest"
revoke:
post:
tags:
- OAuth
summary: Revoke an access token or refresh token
operationId: revokeToken
requestBody:
required: true
content:
application/json:
schema:
$ref: "../schemas/oauth.yaml#/RevokeTokenRequest"
responses:
"200":
description: Token revoked successfully
content:
application/json:
schema:
$ref: "../schemas/common.yaml#/ApiResponse"
"400":
$ref: "../components/responses.yaml#/BadRequest"
wellKnownOpenidConfiguration:
get:
tags:
- OpenID Connect
summary: Return OIDC discovery metadata
operationId: openidConfiguration
responses:
"200":
description: Discovery document returned successfully
content:
application/json:
schema:
$ref: "../schemas/oauth.yaml#/OidcDiscoveryDocument"
jwks:
get:
tags:
- OpenID Connect
summary: Return the JWKS document
description: The current HS256 implementation returns an empty key set.
operationId: jwks
responses:
"200":
description: JWKS document returned successfully
content:
application/json:
schema:
$ref: "../schemas/oauth.yaml#/JwkSet"
userinfo:
get:
tags:
- OpenID Connect
summary: Return claims for the authenticated user
operationId: userinfo
security:
- bearerAuth: []
responses:
"200":
description: User information returned successfully
content:
application/json:
schema:
allOf:
- $ref: "../schemas/common.yaml#/ApiResponse"
- type: object
properties:
data:
$ref: "../schemas/oauth.yaml#/UserInfoResponse"
"401":
$ref: "../components/responses.yaml#/Unauthorized"