Merge branch 'travis/spec/is-auth' into travis/spec/is-terms
commit
b7e84cf4ce
@ -0,0 +1,36 @@
|
||||
# Copyright 2018 New Vector Ltd
|
||||
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
type: object
|
||||
properties:
|
||||
access_token:
|
||||
type: string
|
||||
description: |-
|
||||
An access token the consumer may use to verify the identity of
|
||||
the person who generated the token. This is given to the federation
|
||||
API ``GET /openid/userinfo`` to verify the user's identity.
|
||||
token_type:
|
||||
type: string
|
||||
description: The string ``Bearer``.
|
||||
matrix_server_name:
|
||||
type: string
|
||||
description: |-
|
||||
The homeserver domain the consumer should use when attempting to
|
||||
verify the user's identity.
|
||||
expires_in:
|
||||
type: integer
|
||||
description: |-
|
||||
The number of seconds before this token expires and a new one must
|
||||
be generated.
|
||||
required: ['access_token', 'token_type', 'matrix_server_name', 'expires_in']
|
@ -0,0 +1,109 @@
|
||||
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
swagger: '2.0'
|
||||
info:
|
||||
title: "Matrix Identity Service Authentication API"
|
||||
version: "2.0.0"
|
||||
host: localhost:8090
|
||||
schemes:
|
||||
- https
|
||||
basePath: /_matrix/identity/v2
|
||||
consumes:
|
||||
- application/json
|
||||
produces:
|
||||
- application/json
|
||||
securityDefinitions:
|
||||
$ref: definitions/security.yaml
|
||||
paths:
|
||||
"/account/register":
|
||||
post:
|
||||
summary: Exchanges an OpenID token for an access token.
|
||||
description: |-
|
||||
Exchanges an OpenID token from the homeserver for an access token to
|
||||
access the identity server. The request body is the same as the values
|
||||
returned by ``/openid/request_token`` in the Client-Server API.
|
||||
operationId: registerAccount
|
||||
parameters:
|
||||
- in: body
|
||||
name: body
|
||||
schema:
|
||||
$ref: "../client-server/definitions/openid_token.yaml"
|
||||
responses:
|
||||
200:
|
||||
description: |-
|
||||
A token which can be used to authenticate future requests to the
|
||||
identity server.
|
||||
examples:
|
||||
application/json: {
|
||||
"token": "abc123_OpaqueString"
|
||||
}
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
token:
|
||||
type: string
|
||||
description: |-
|
||||
An opaque string representing the token to authenticate future
|
||||
requests to the identity server with.
|
||||
required: ['token']
|
||||
"/account":
|
||||
get:
|
||||
summary: Gets account holder information for a given token.
|
||||
description: |-
|
||||
Gets information about what user owns the access token used in the request.
|
||||
operationId: getAccount
|
||||
security:
|
||||
- accessToken: []
|
||||
parameters: []
|
||||
responses:
|
||||
200:
|
||||
description: The token holder's information.
|
||||
examples:
|
||||
application/json: {
|
||||
"user_id": "@alice:example.org"
|
||||
}
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
user_id:
|
||||
type: string
|
||||
description: The user ID which registered the token.
|
||||
required: ['user_id']
|
||||
"/account/logout":
|
||||
post:
|
||||
summary: Logs out an access token, rendering it unusable.
|
||||
description: |-
|
||||
Logs out the access token, preventing it from being used to authenticate
|
||||
future requests to the server.
|
||||
operationId: logout
|
||||
security:
|
||||
- accessToken: []
|
||||
parameters: []
|
||||
responses:
|
||||
200:
|
||||
description: The token was successfully logged out.
|
||||
examples:
|
||||
application/json: {}
|
||||
schema:
|
||||
type: object
|
||||
401:
|
||||
description: |-
|
||||
The token is not registered or is otherwise unknown to the server.
|
||||
examples:
|
||||
application/json: {
|
||||
"errcode": "M_UNKNOWN_TOKEN",
|
||||
"error": "Unrecognised access token"
|
||||
}
|
||||
schema:
|
||||
$ref: "../client-server/definitions/errors/error.yaml"
|
@ -0,0 +1 @@
|
||||
Add a required ``id_access_token`` to many places which require an ``id_server`` parameter.
|
@ -0,0 +1 @@
|
||||
Deprecate the v1 API in favour of an authenticated v2 API.
|
@ -0,0 +1 @@
|
||||
Add ``/account``, ``/account/register``, and ``/account/logout`` to authenticate with the identity server.
|
Loading…
Reference in New Issue