Document OpenID in the client-server API

Part of https://github.com/matrix-org/matrix-doc/issues/857 Reference: d69decd5c7/synapse/rest/client/v2_alpha/openid.py (L31-L58)
6 years ago · 8ffac01efe
parent 35f15ba3d8
commit 8ffac01efe
3 changed files with 128 additions and 0 deletions
--- a/api/client-server/openid.yaml
+++ b/api/client-server/openid.yaml
@ -0,0 +1,103 @@
 # Copyright 2018 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 swagger: '2.0'
 info:
  title: "Matrix Client-Server OpenID API"
  version: "1.0.0"
 host: localhost:8008
 schemes:
  - https
  - http
 basePath: /_matrix/client/%CLIENT_MAJOR_VERSION%
 consumes:
  - application/json
 produces:
  - application/json
 securityDefinitions:
  $ref: definitions/security.yaml
 paths:
  "/user/{userId}/openid/request_token":
    post:
      summary: Get an OpenID token object to verify the requester's identity.
      description: |-
        Gets an OpenID token object that the requester may supply to another
        service to verify their identity in Matrix. The generated token is only
        valid for exchanging for user information from the federation API for
        OpenID.
        The access token generated is only valid for the OpenID API. It cannot
        be used to request another OpenID access token or call ``/sync``, for
        example.
      operationId: requestOpenIdToken
      security:
        - accessToken: []
      parameters:
        - in: path
          type: string
          name: userId
          description: |-
            The user to request and OpenID token for. Should be the user who
            is authenticated for the request.
          required: true
          x-example: "@alice:example.com"
        - in: body
          name: body
          description: An empty object. Reserved for future expansion.
          required: true
          schema:
            type: object
            example: {}
      responses:
        200:
          description: |-
            OpenID token information. This response is nearly compatible with the
            response documented in the `OpenID 1.0 Specification <http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse>`_
            with the only difference being the lack of an ``id_token``. Instead,
            the Matrix homeserver's name is provided.
          examples:
            application/json: {
              "access_token": "SomeT0kenHere",
              "token_type": "Bearer",
              "matrix_server_name": "example.com",
              "expires_in": 3600,
            }
          schema:
            type: object
            properties:
              access_token:
                type: string
                description: |-
                  An access token the consumer may use to verify the identity of
                  the person who generated the token. This is given to the federation
                  API ``GET /openid/userinfo``.
              token_type:
                type: string
                description: The string ``Bearer``.
              matrix_server_name:
                type: string
                description: |-
                  The homeserver domain the consumer should use when attempting to
                  verify the user's identity.
              expires_in:
                type: int
                description: |-
                  The number of seconds before this token expires and a new one must
                  be generated.
            required: ['access_token', 'token_type', 'matrix_server_name', 'expires_in']
        429:
          description: This request was rate-limited.
          schema:
            "$ref": "definitions/errors/rate_limited.yaml"
      tags:
        - OpenID
--- a/specification/modules/openid.rst
+++ b/specification/modules/openid.rst
@ -0,0 +1,24 @@
 .. Copyright 2018 New Vector Ltd.
 ..
 .. Licensed under the Apache License, Version 2.0 (the "License");
 .. you may not use this file except in compliance with the License.
 .. You may obtain a copy of the License at
 ..
 ..     http://www.apache.org/licenses/LICENSE-2.0
 ..
 .. Unless required by applicable law or agreed to in writing, software
 .. distributed under the License is distributed on an "AS IS" BASIS,
 .. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 .. See the License for the specific language governing permissions and
 .. limitations under the License.
 OpenID
 ======
 .. _module:openid:
 This module allows users to verify their identity with a third party service. The
 third party service does need to be matrix-aware in that it will need to know to
 resolve matrix homeservers to exchange the user's token for identity information.
 {{openid_cs_http_api}}
--- a/specification/targets.yaml
+++ b/specification/targets.yaml
@ -66,6 +66,7 @@ groups:  # reusable blobs of files when prefixed with 'group:'
    - modules/stickers.rst
    - modules/report_content.rst
    - modules/third_party_networks.rst
    - modules/openid.rst
 title_styles: ["=", "-", "~", "+", "^", "`", "@", ":"]