{ "swagger": "2.0", "info": { "title": "oc-auth", "description": "OpenCloud authentication services\n", "version": "1.0.0", "termsOfService": "http://cloud.o-forge.io/", "contact": { "email": "admin@o-cloud.io" }, "license": { "name": "AGPL", "url": "https://www.gnu.org/licenses/agpl-3.0.html" } }, "basePath": "/oc/", "paths": { "/consent": { "get": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Hydra redirects here with a consent_challenge. Auto-accepts consent with user permissions.\n\u003cbr\u003e", "operationId": "OAuthController.Consent", "parameters": [ { "in": "query", "name": "consent_challenge", "description": "The consent challenge from Hydra", "required": true, "type": "string" } ], "responses": { "200": { "description": "", "schema": { "$ref": "#/definitions/auth_connectors.Redirect" } }, "400": { "description": "missing consent_challenge" }, "500": { "description": "internal error" } } } }, "/forward": { "get": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Forward auth for Traefik — validates JWT via Hydra introspection\n\u003cbr\u003e", "operationId": "OAuthController.AuthForward", "parameters": [ { "in": "header", "name": "Authorization", "description": "Bearer token", "type": "string" } ], "responses": { "200": { "description": "{string}" } } } }, "/group/": { "get": { "tags": [ "group" ], "description": "find groups\n\u003cbr\u003e", "operationId": "GroupController.GetAll", "responses": { "200": { "description": "{group} string" } } } }, "/group/clear": { "delete": { "tags": [ "group" ], "description": "clear the group\n\u003cbr\u003e", "operationId": "GroupController.Clear", "responses": { "200": { "description": "{string} delete success!" } } } }, "/group/user/{id}": { "get": { "tags": [ "group" ], "description": "find group by user id\n\u003cbr\u003e", "operationId": "GroupController.GetByUser", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{auth} string" } } } }, "/group/{id}": { "get": { "tags": [ "group" ], "description": "find group by id\n\u003cbr\u003e", "operationId": "GroupController.Get", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{group} string" } } }, "post": { "tags": [ "group" ], "description": "create group\n\u003cbr\u003e", "operationId": "GroupController.Create", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{auth} create success!" } } }, "delete": { "tags": [ "group" ], "description": "delete the group\n\u003cbr\u003e", "operationId": "GroupController.Delete", "parameters": [ { "in": "path", "name": "id", "description": "The id you want to delete", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} delete success!" } } } }, "/group/{user_id}/{group_id}": { "post": { "tags": [ "group" ], "description": "bind the group to user\n\u003cbr\u003e", "operationId": "GroupController.Bind", "parameters": [ { "in": "path", "name": "user_id", "description": "The user_id you want to bind", "required": true, "type": "string" }, { "in": "path", "name": "group_id", "description": "The group_id you want to bind", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} bind success!" } } }, "delete": { "tags": [ "group" ], "description": "unbind the group to user\n\u003cbr\u003e", "operationId": "GroupController.UnBind", "parameters": [ { "in": "path", "name": "user_id", "description": "The group_id you want to unbind", "required": true, "type": "string" }, { "in": "path", "name": "group_id", "description": "The user_id you want to unbind", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} bind success!" } } } }, "/introspect": { "get": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Introspect a token — respects Hydra's response\n\u003cbr\u003e", "operationId": "OAuthController.Introspect", "parameters": [ { "in": "header", "name": "Authorization", "description": "Bearer token", "type": "string" } ], "responses": { "200": { "description": "", "schema": { "$ref": "#/definitions/auth_connectors.IntrospectResult" } } } } }, "/login": { "get": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Hydra redirects here with a login_challenge. Returns challenge info or auto-accepts if session exists.\n\u003cbr\u003e", "operationId": "OAuthController.GetLogin", "parameters": [ { "in": "query", "name": "login_challenge", "description": "The login challenge from Hydra", "required": true, "type": "string" } ], "responses": { "200": { "description": "", "schema": { "$ref": "#/definitions/auth_connectors.LoginChallenge" } }, "400": { "description": "missing login_challenge" }, "500": { "description": "internal error" } } }, "post": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Authenticate user via LDAP and accept Hydra login challenge\n\u003cbr\u003e", "operationId": "OAuthController.PostLogin", "parameters": [ { "in": "body", "name": "body", "description": "Login credentials and challenge", "required": true, "schema": { "$ref": "#/definitions/auth_connectors.LoginRequest" } } ], "responses": { "200": { "description": "", "schema": { "$ref": "#/definitions/auth_connectors.Redirect" } }, "401": { "description": "invalid credentials" }, "500": { "description": "internal error" } } } }, "/logout": { "get": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Hydra redirects here with a logout_challenge. Accepts the challenge and returns a redirect URL.\n\u003cbr\u003e", "operationId": "OAuthController.GetLogout", "parameters": [ { "in": "query", "name": "logout_challenge", "description": "The logout challenge from Hydra", "required": true, "type": "string" } ], "responses": { "200": { "description": "", "schema": { "$ref": "#/definitions/auth_connectors.Redirect" } }, "400": { "description": "missing logout_challenge" }, "500": { "description": "internal error" } } }, "delete": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Revoke an OAuth2 token\n\u003cbr\u003e", "operationId": "OAuthController.Logout", "parameters": [ { "in": "header", "name": "Authorization", "description": "Bearer token", "type": "string" }, { "in": "query", "name": "client_id", "description": "The client_id", "required": true, "type": "string" } ], "responses": { "200": { "description": "", "schema": { "$ref": "#/definitions/auth_connectors.Token" } } } } }, "/permission/": { "get": { "tags": [ "permission" ], "description": "find permissions\n\u003cbr\u003e", "operationId": "PermissionController.GetAll", "responses": { "200": { "description": "{permission} string" } } } }, "/permission/clear": { "delete": { "tags": [ "permission" ], "description": "clear the permission\n\u003cbr\u003e", "operationId": "PermissionController.Clear", "responses": { "200": { "description": "{string} delete success!" } } } }, "/permission/role/{id}": { "get": { "tags": [ "permission" ], "description": "find permission by role id\n\u003cbr\u003e", "operationId": "PermissionController.GetByRole", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{auth} string" } } } }, "/permission/user/{id}": { "get": { "tags": [ "permission" ], "description": "find permission by user id\n\u003cbr\u003e", "operationId": "PermissionController.GetByUser", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{auth} string" } } } }, "/permission/{id}/{relation}": { "get": { "tags": [ "permission" ], "description": "find auth by permission\n\u003cbr\u003e", "operationId": "PermissionController.Get", "parameters": [ { "in": "path", "name": "id", "description": "the permission you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{auth} models.auth" } } } }, "/permission/{permission_id}/{role_id}/{relation}": { "post": { "tags": [ "permission" ], "description": "bind the permission to role\n\u003cbr\u003e", "operationId": "PermissionController.Bind", "parameters": [ { "in": "path", "name": "role_id", "description": "The role_id you want to bind", "required": true, "type": "string" }, { "in": "path", "name": "method", "description": "The method you want to relate role \u0026 permission", "required": true, "type": "string" }, { "in": "path", "name": "permission_id", "description": "The permission_id you want to bind", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} bind success!" } } }, "delete": { "tags": [ "permission" ], "description": "unbind the permission to role\n\u003cbr\u003e", "operationId": "PermissionController.UnBind", "parameters": [ { "in": "path", "name": "role_id", "description": "The role_id you want to unbind", "required": true, "type": "string" }, { "in": "path", "name": "relation", "description": "The method you want to unrelate role \u0026 permission", "required": true, "type": "string" }, { "in": "path", "name": "permission_id", "description": "The permission_id you want to unbind", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} bind success!" } } } }, "/refresh": { "post": { "tags": [ "oc-auth/controllersOAuthController" ], "description": "Exchange a refresh_token for a new token set\n\u003cbr\u003e", "operationId": "OAuthController.Refresh", "parameters": [ { "in": "body", "name": "body", "description": "refresh_token and client_id", "required": true, "schema": { "$ref": "#/definitions/object" } } ], "responses": { "200": { "description": "", "schema": { "$ref": "#/definitions/auth_connectors.TokenResponse" } }, "401": { "description": "invalid refresh token" } } } }, "/role/": { "get": { "tags": [ "role" ], "description": "find roles\n\u003cbr\u003e", "operationId": "RoleController.GetAll", "responses": { "200": { "description": "{role} string" } } } }, "/role/clear": { "delete": { "tags": [ "role" ], "description": "clear the role\n\u003cbr\u003e", "operationId": "RoleController.Clear", "responses": { "200": { "description": "{string} delete success!" } } } }, "/role/user/{id}": { "get": { "tags": [ "role" ], "description": "find role by user id\n\u003cbr\u003e", "operationId": "RoleController.GetByUser", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{auth} string" } } } }, "/role/{id}": { "get": { "tags": [ "role" ], "description": "find role by id\n\u003cbr\u003e", "operationId": "RoleController.Get", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{role} string" } } }, "post": { "tags": [ "role" ], "description": "create role\n\u003cbr\u003e", "operationId": "RoleController.Create", "parameters": [ { "in": "path", "name": "id", "description": "the id you want to get", "required": true, "type": "string" } ], "responses": { "200": { "description": "{auth} create success!" } } }, "delete": { "tags": [ "role" ], "description": "delete the role\n\u003cbr\u003e", "operationId": "RoleController.Delete", "parameters": [ { "in": "path", "name": "id", "description": "The id you want to delete", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} delete success!" } } } }, "/role/{user_id}/{role_id}": { "post": { "tags": [ "role" ], "description": "bind the role to user\n\u003cbr\u003e", "operationId": "RoleController.Bind", "parameters": [ { "in": "path", "name": "user_id", "description": "The user_id you want to bind", "required": true, "type": "string" }, { "in": "path", "name": "role_id", "description": "The role_id you want to bind", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} bind success!" } } }, "delete": { "tags": [ "role" ], "description": "unbind the role to user\n\u003cbr\u003e", "operationId": "RoleController.UnBind", "parameters": [ { "in": "path", "name": "role_id", "description": "The role_id you want to unbind", "required": true, "type": "string" }, { "in": "path", "name": "user_id", "description": "The user_id you want to unbind", "required": true, "type": "string" } ], "responses": { "200": { "description": "{string} bind success!" } } } }, "/version/": { "get": { "tags": [ "version" ], "description": "get version\n\u003cbr\u003e", "operationId": "VersionController.GetAll", "responses": { "200": { "description": "" } } } }, "/version/discovery": { "get": { "tags": [ "version" ], "description": "get version\n\u003cbr\u003e", "operationId": "VersionController.Get", "responses": { "200": { "description": "" } } } } }, "definitions": { "2111.0xc0004ce750.false": { "title": "false", "type": "object" }, "3850.0xc0004ce930.false": { "title": "false", "type": "object" }, "auth_connectors.IntrospectResult": { "title": "IntrospectResult", "type": "object", "properties": { "active": { "type": "boolean" }, "client_id": { "type": "string" }, "exp": { "type": "integer", "format": "int64" }, "ext": { "$ref": "#/definitions/3850.0xc0004ce930.false" }, "scope": { "type": "string" }, "sub": { "type": "string" }, "token_type": { "type": "string" } } }, "auth_connectors.LoginChallenge": { "title": "LoginChallenge", "type": "object", "properties": { "challenge": { "type": "string" }, "client": { "$ref": "#/definitions/2111.0xc0004ce750.false" }, "request_url": { "type": "string" }, "session_id": { "type": "string" }, "skip": { "type": "boolean" }, "subject": { "type": "string" } } }, "auth_connectors.LoginRequest": { "title": "LoginRequest", "type": "object", "properties": { "login_challenge": { "type": "string" }, "password": { "type": "string" }, "username": { "type": "string" } } }, "auth_connectors.Redirect": { "title": "Redirect", "type": "object", "properties": { "redirect_to": { "type": "string" } } }, "auth_connectors.Token": { "title": "Token", "type": "object", "properties": { "access_token": { "type": "string" }, "active": { "type": "boolean" }, "expires_in": { "type": "integer", "format": "int64" }, "id_token": { "type": "string" }, "refresh_token": { "type": "string" }, "scope": { "type": "string" }, "token_type": { "type": "string" } } }, "auth_connectors.TokenResponse": { "title": "TokenResponse", "type": "object", "properties": { "access_token": { "type": "string" }, "expires_in": { "type": "integer", "format": "int64" }, "id_token": { "type": "string" }, "refresh_token": { "type": "string" }, "scope": { "type": "string" }, "token_type": { "type": "string" } } }, "object": { "title": "object", "type": "object" } }, "tags": [ { "name": "oc-auth/controllersOAuthController", "description": "OAuthController handles OAuth2 login/consent provider endpoints\n" }, { "name": "group", "description": "Operations about auth\n" }, { "name": "role", "description": "Operations about auth\n" }, { "name": "permission", "description": "Operations about auth\n" }, { "name": "version", "description": "VersionController operations for Version\n" } ] }