# Copyright 2019 The Matrix.org Foundation C.I.C. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. openapi: 3.1.0 info: title: Matrix Identity Service Authentication API version: 2.0.0 paths: /account/register: post: summary: Exchanges an OpenID token for an access token. description: |- Exchanges an OpenID token from the homeserver for an access token to access the identity server. The request body is the same as the values returned by `/openid/request_token` in the Client-Server API. operationId: registerAccount requestBody: content: application/json: schema: $ref: ../client-server/definitions/openid_token.yaml responses: "200": description: |- A token which can be used to authenticate future requests to the identity server. content: application/json: schema: type: object properties: token: type: string description: |- An opaque string representing the token to authenticate future requests to the identity server with. required: - token examples: response: value: { "token": "abc123_OpaqueString" } /account: get: summary: Gets account holder information for a given token. description: Gets information about what user owns the access token used in the request. operationId: getAccount security: - accessToken: [] responses: "200": description: The token holder's information. content: application/json: schema: type: object properties: user_id: type: string description: The user ID which registered the token. required: - user_id examples: response: value: { "user_id": "@alice:example.org" } "403": description: | The user must do something in order to use this endpoint. One example is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service). content: application/json: schema: $ref: ../client-server/definitions/errors/error.yaml examples: response: value: { "errcode": "M_TERMS_NOT_SIGNED", "error": "Please accept our updated terms of service before continuing" } /account/logout: post: summary: Logs out an access token, rendering it unusable. description: |- Logs out the access token, preventing it from being used to authenticate future requests to the server. operationId: logout security: - accessToken: [] responses: "200": description: The token was successfully logged out. content: application/json: schema: type: object examples: response: value: {} "401": description: The token is not registered or is otherwise unknown to the server. content: application/json: schema: $ref: ../client-server/definitions/errors/error.yaml examples: response: value: { "errcode": "M_UNKNOWN_TOKEN", "error": "Unrecognised access token" } "403": description: | The user must do something in order to use this endpoint. One example is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service). content: application/json: schema: $ref: ../client-server/definitions/errors/error.yaml examples: response: value: { "errcode": "M_TERMS_NOT_SIGNED", "error": "Please accept our updated terms of service before continuing" } servers: - url: "{protocol}://{hostname}{basePath}" variables: protocol: enum: - http - https default: https hostname: default: localhost:8090 basePath: default: /_matrix/identity/v2 components: securitySchemes: $ref: definitions/security.yaml