matrix-spec/api/client-server/cas_login_ticket.yaml

# Copyright 2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
swagger: '2.0'
info:
  title: "Matrix Client-Server CAS Login API"
  version: "1.0.0"
host: localhost:8008
schemes:
  - https
  - http
basePath: /_matrix/client/%CLIENT_MAJOR_VERSION%
paths:
  "/login/cas/ticket":
    get:
      summary: Receive and validate a CAS login ticket.
      description: |-
        Once the CAS server has authenticated the user, it will redirect the
        browser to this endpoint (assuming |/login/cas/redirect|_ gave it the
        correct ``service`` parameter).

        The server MUST call ``/proxyValidate`` on the CAS server, to validate
        the ticket supplied by the browser.

        If validation is successful, the server must generate a Matrix login
        token. It must then respond with an HTTP redirect to the URI given in
        the ``redirectUrl`` parameter, adding a ``loginToken`` query parameter
        giving the generated token.

        If validation is unsuccessful, the server should respond with a ``401
        Unauthorized`` error, the body of which will be displayed to the user.
      parameters:
        - in: query
          type: string
          name: redirectUrl
          description: |-
            The ``redirectUrl`` originally provided by the client to
            |/login/cas/redirect|_.
          required: true
        - in: query
          type: string
          name: ticket
          description: |-
            CAS authentication ticket.
          required: true
      responses:
        302:
          description: A redirect to the Matrix client.
          headers:
            Location:
              type: "string"
              x-example: |-
                 https://client.example.com/?q=p&loginToken=secrettoken
        401:
          description: The server was unable to validate the CAS ticket.
document CAS login Following the spirit of "document how it is, not how we wish it was", document the CAS login bits. 8 years ago			`# Copyright 2016 OpenMarket Ltd`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`swagger: '2.0'`
			`info:`
			`title: "Matrix Client-Server CAS Login API"`
			`version: "1.0.0"`
			`host: localhost:8008`
			`schemes:`
			`- https`
			`- http`
			`basePath: /_matrix/client/%CLIENT_MAJOR_VERSION%`
			`paths:`
			`"/login/cas/ticket":`
			`get:`
			`summary: Receive and validate a CAS login ticket.`
			`description: \|-`
			`Once the CAS server has authenticated the user, it will redirect the`
			`browser to this endpoint (assuming \|/login/cas/redirect\|_ gave it the`
			correct ``service`` parameter).

			The server MUST call ``/proxyValidate`` on the CAS server, to validate
			`the ticket supplied by the browser.`

			`If validation is successful, the server must generate a Matrix login`
			`token. It must then respond with an HTTP redirect to the URI given in`
			the ``redirectUrl`` parameter, adding a ``loginToken`` query parameter
			`giving the generated token.`

			If validation is unsuccessful, the server should respond with a ``401
			Unauthorized`` error, the body of which will be displayed to the user.
			`parameters:`
			`- in: query`
			`type: string`
			`name: redirectUrl`
			`description: \|-`
			The ``redirectUrl`` originally provided by the client to
			`\|/login/cas/redirect\|_.`
			`required: true`
			`- in: query`
			`type: string`
			`name: ticket`
			`description: \|-`
			`CAS authentication ticket.`
			`required: true`
			`responses:`
			`302:`
			`description: A redirect to the Matrix client.`
			`headers:`
			`Location:`
			`type: "string"`
			`x-example: \|-`
PR feedback Fix some typos, and clarify several aspects of server behaviour. 8 years ago			`https://client.example.com/?q=p&loginToken=secrettoken`
document CAS login Following the spirit of "document how it is, not how we wish it was", document the CAS login bits. 8 years ago			`401:`
			`description: The server was unable to validate the CAS ticket.`