|
|
|
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
openapi: 3.1.0
|
|
|
|
info:
|
|
|
|
title: Matrix Identity Service Authentication API
|
|
|
|
version: 2.0.0
|
|
|
|
paths:
|
|
|
|
/account/register:
|
|
|
|
post:
|
|
|
|
summary: Exchanges an OpenID token for an access token.
|
|
|
|
description: |-
|
|
|
|
Exchanges an OpenID token from the homeserver for an access token to
|
|
|
|
access the identity server. The request body is the same as the values
|
|
|
|
returned by `/openid/request_token` in the Client-Server API.
|
|
|
|
operationId: registerAccount
|
|
|
|
requestBody:
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/openid_token.yaml
|
|
|
|
responses:
|
|
|
|
"200":
|
|
|
|
description: |-
|
|
|
|
A token which can be used to authenticate future requests to the
|
|
|
|
identity server.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
token:
|
|
|
|
type: string
|
|
|
|
description: |-
|
|
|
|
An opaque string representing the token to authenticate future
|
|
|
|
requests to the identity server with.
|
|
|
|
required:
|
|
|
|
- token
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"token": "abc123_OpaqueString"
|
|
|
|
}
|
|
|
|
/account:
|
|
|
|
get:
|
|
|
|
summary: Gets account holder information for a given token.
|
|
|
|
description: Gets information about what user owns the access token used in the
|
|
|
|
request.
|
|
|
|
operationId: getAccount
|
|
|
|
security:
|
|
|
|
- accessTokenQuery: []
|
|
|
|
- accessTokenBearer: []
|
|
|
|
responses:
|
|
|
|
"200":
|
|
|
|
description: The token holder's information.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
user_id:
|
|
|
|
type: string
|
|
|
|
description: The user ID which registered the token.
|
|
|
|
required:
|
|
|
|
- user_id
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"user_id": "@alice:example.org"
|
|
|
|
}
|
|
|
|
"403":
|
|
|
|
description: |
|
|
|
|
The user must do something in order to use this endpoint. One example
|
|
|
|
is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_TERMS_NOT_SIGNED",
|
|
|
|
"error": "Please accept our updated terms of service before continuing"
|
|
|
|
}
|
|
|
|
/account/logout:
|
|
|
|
post:
|
|
|
|
summary: Logs out an access token, rendering it unusable.
|
|
|
|
description: |-
|
|
|
|
Logs out the access token, preventing it from being used to authenticate
|
|
|
|
future requests to the server.
|
|
|
|
operationId: logout
|
|
|
|
security:
|
|
|
|
- accessTokenQuery: []
|
|
|
|
- accessTokenBearer: []
|
|
|
|
responses:
|
|
|
|
"200":
|
|
|
|
description: The token was successfully logged out.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
type: object
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {}
|
|
|
|
"401":
|
|
|
|
description: The token is not registered or is otherwise unknown to the server.
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_UNKNOWN_TOKEN",
|
|
|
|
"error": "Unrecognised access token"
|
|
|
|
}
|
|
|
|
"403":
|
|
|
|
description: |
|
|
|
|
The user must do something in order to use this endpoint. One example
|
|
|
|
is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
|
|
|
|
content:
|
|
|
|
application/json:
|
|
|
|
schema:
|
|
|
|
$ref: ../client-server/definitions/errors/error.yaml
|
|
|
|
examples:
|
|
|
|
response:
|
|
|
|
value: {
|
|
|
|
"errcode": "M_TERMS_NOT_SIGNED",
|
|
|
|
"error": "Please accept our updated terms of service before continuing"
|
|
|
|
}
|
|
|
|
servers:
|
|
|
|
- url: "{protocol}://{hostname}{basePath}"
|
|
|
|
variables:
|
|
|
|
protocol:
|
|
|
|
enum:
|
|
|
|
- http
|
|
|
|
- https
|
|
|
|
default: https
|
|
|
|
hostname:
|
|
|
|
default: localhost:8090
|
|
|
|
basePath:
|
|
|
|
default: /_matrix/identity/v2
|
|
|
|
components:
|
|
|
|
securitySchemes:
|
|
|
|
accessTokenQuery:
|
|
|
|
$ref: definitions/security.yaml#/accessTokenQuery
|
|
|
|
accessTokenBearer:
|
|
|
|
$ref: definitions/security.yaml#/accessTokenBearer
|