-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathcdoc2-auth-server-openapi.yaml
More file actions
224 lines (213 loc) · 6.2 KB
/
cdoc2-auth-server-openapi.yaml
File metadata and controls
224 lines (213 loc) · 6.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
openapi: 3.1.0
info:
contact:
url: http://ria.ee
title: cdoc2-auth-server
version: 0.9.0-draft
description: |
API for the session creation process for MID/SID CDOC
servers:
- url: 'https://localhost:8443'
description: Regular TLS (no mutual TLS required).
paths:
'/auth/start':
post:
summary: Start auth
description: Start auth process
tags:
- cdoc2-auth
operationId: startAuth
responses:
'201':
description: Created
headers:
Location:
schema:
type: string
description: 'URI of created resource. Auth process UUID can be extracted from URI as
it follows pattern /auth/status/{authProcessUuid}'
example: '/auth/status/9a7c3717d21f5cf19d18fa4fa5adee21'
content:
application/json:
schema:
$ref: '#/components/schemas/StartAuthProcessResponse'
'400':
description: 'Bad request. Client error.'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AuthIdentity'
'/auth/status/{authProcessUuid}':
get:
summary: Get auth process status
description: Get auth process status. When status is COMPLETE will also return the session
token and signing certificate.
tags:
- cdoc2-auth
operationId: getAuthProcessStatus
parameters:
- name: authProcessUuid
in: path
schema:
type: string
minLength: 18
maxLength: 34
required: true
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/AuthProcessStatusResponse'
'400':
description: 'Bad request. Client error.'
'401':
description: 'Unauthorized. No correct auth headers'
'404':
description: 'Not Found. 404 is also returned, when recipient id in record does not match user id in auth-ticket'
'/.well-known/jwks.jws':
get:
summary: Returns information about signing keys
description: Returns information about signing keys
tags:
- cdoc2-auth
operationId: getWellKnown
responses:
'200':
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/WellKnownResponse'
'400':
description: 'Bad request. Client error.'
'403':
description: 'Authentication failed'
components:
schemas:
AuthIdentity:
title: Auth identity
type: object
properties:
identifier:
type: string
minLength: 12
maxLength: 32
description: |
ETSI319412-1. Example "etsi/PNOEE-48010010101".
[etsi/:semantics-identifier](https://github.com/SK-EID/smart-id-documentation/blob/v2/README.md#2322-etsisemantics-identifier)
mobileNr:
type: string
minLength: 6
maxLength: 32
description: |
Mobile phone nr
required:
- identifier
StartAuthProcessResponse:
title: Start auth process response
type: object
properties:
vc:
type: string
minLength: 4
maxLength: 4
description: 'SmartId verification code'
example: '5702'
required:
- vc
AuthProcessStatusResponse:
title: Auth process status response
type: object
properties:
status:
type: string
minLength: 1
maxLength: 16
description: 'auth process status'
example: "COMPLETE"
endResult:
type: string
maxLength: 60
description: 'End result of SID/MID auth session'
nullable: true
example: "OK"
sessionToken:
type: string
description: 'base64url encoded SD-JWT with all disclosures'
nullable: true
signingCertificate:
type: string
description: 'base64url encoded X509 certificate'
nullable: true
required:
- status
WellKnownResponse:
title: well-known response
type: object
required:
- keys
properties:
keys:
type: array
items:
type: object
required:
- kid
- kty
properties:
kid:
description: 'key identifier'
example: '1'
type: string
kty:
type: string
description: 'identifies the cryptographic algorithm family used with the key'
example: 'EC'
use:
type: string
description: 'identifies the intended use of the public key'
example: 'enc'
nullable: true
crv:
type: string
description: 'curve'
example: 'P-256'
nullable: true
x:
type: string
description: 'base64 encoded x curve coordinate'
example: ''
nullable: true
y:
type: string
description: 'base64 encoded y curve coordinate'
example: ''
nullable: true
n:
type: string
description: 'base64 encoded public modulus'
example: ''
nullable: true
e:
type: string
description: 'base64 encoded public exponent'
example: ''
nullable: true
alg:
type: string
description: 'identifies the algorithm intended for use with the key'
example: 'RS256'
nullable: true
securitySchemes:
bearerAuth: # long-term token
type: http
scheme: bearer
basicAuth: # temporary solution
type: http
scheme: basic
tags:
- name: cdoc2-auth