swagger: "2.0"
info:
title: oc-auth
description: |
OpenCloud authentication services
version: 1.0.0
termsOfService: http://cloud.o-forge.io/
contact:
email: admin@o-cloud.io
license:
name: AGPL
url: https://www.gnu.org/licenses/agpl-3.0.html
basePath: /oc/
paths:
/consent:
get:
tags:
- oc-auth/controllersOAuthController
description: |-
Hydra redirects here with a consent_challenge. Auto-accepts consent with user permissions.
operationId: OAuthController.Consent
parameters:
- in: query
name: consent_challenge
description: The consent challenge from Hydra
required: true
type: string
responses:
"200":
description: ""
schema:
$ref: '#/definitions/auth_connectors.Redirect'
"400":
description: missing consent_challenge
"500":
description: internal error
/forward:
get:
tags:
- oc-auth/controllersOAuthController
description: |-
Forward auth for Traefik — validates JWT via Hydra introspection.
operationId: OAuthController.AuthForward
parameters:
- in: header
name: Authorization
description: Bearer token
type: string
responses:
"200":
description: '{string}'
/group/:
get:
tags:
- group
description: |-
find groups
operationId: GroupController.GetAll
responses:
"200":
description: '{group} string'
/group/{id}:
get:
tags:
- group
description: |-
find group by id
operationId: GroupController.Get
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{group} string'
post:
tags:
- group
description: |-
create group
operationId: GroupController.Create
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} create success!'
delete:
tags:
- group
description: |-
delete the group
operationId: GroupController.Delete
parameters:
- in: path
name: id
description: The id you want to delete
required: true
type: string
responses:
"200":
description: '{string} delete success!'
/group/{user_id}/{group_id}:
post:
tags:
- group
description: |-
bind the group to user
operationId: GroupController.Bind
parameters:
- in: path
name: user_id
description: The user_id you want to bind
required: true
type: string
- in: path
name: group_id
description: The group_id you want to bind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
delete:
tags:
- group
description: |-
unbind the group to user
operationId: GroupController.UnBind
parameters:
- in: path
name: user_id
description: The group_id you want to unbind
required: true
type: string
- in: path
name: group_id
description: The user_id you want to unbind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
/group/clear:
delete:
tags:
- group
description: |-
clear the group
operationId: GroupController.Clear
responses:
"200":
description: '{string} delete success!'
/group/user/{id}:
get:
tags:
- group
description: |-
find group by user id
operationId: GroupController.GetByUser
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/introspect:
get:
tags:
- oc-auth/controllersOAuthController
description: |-
Introspect a token — respects Hydra's response
operationId: OAuthController.Introspect
parameters:
- in: header
name: Authorization
description: Bearer token
type: string
responses:
"200":
description: ""
schema:
$ref: '#/definitions/auth_connectors.IntrospectResult'
/login:
get:
tags:
- oc-auth/controllersOAuthController
description: |-
Hydra redirects here with a login_challenge. Returns challenge info or auto-accepts if session exists.
operationId: OAuthController.GetLogin
parameters:
- in: query
name: login_challenge
description: The login challenge from Hydra
required: true
type: string
responses:
"200":
description: ""
schema:
$ref: '#/definitions/auth_connectors.LoginChallenge'
"400":
description: missing login_challenge
"500":
description: internal error
post:
tags:
- oc-auth/controllersOAuthController
description: |-
Authenticate user via LDAP and accept Hydra login challenge
operationId: OAuthController.PostLogin
parameters:
- in: body
name: body
description: Login credentials and challenge
required: true
schema:
$ref: '#/definitions/auth_connectors.LoginRequest'
responses:
"200":
description: ""
schema:
$ref: '#/definitions/auth_connectors.Redirect'
"401":
description: invalid credentials
"500":
description: internal error
/logout:
get:
tags:
- oc-auth/controllersOAuthController
description: |-
Hydra redirects here with a logout_challenge. Accepts the challenge and returns a redirect URL.
operationId: OAuthController.GetLogout
parameters:
- in: query
name: logout_challenge
description: The logout challenge from Hydra
required: true
type: string
responses:
"200":
description: ""
schema:
$ref: '#/definitions/auth_connectors.Redirect'
"400":
description: missing logout_challenge
"500":
description: internal error
delete:
tags:
- oc-auth/controllersOAuthController
description: |-
Revoke an OAuth2 token
operationId: OAuthController.Logout
parameters:
- in: header
name: Authorization
description: Bearer token
type: string
- in: query
name: client_id
description: The client_id
required: true
type: string
responses:
"200":
description: ""
schema:
$ref: '#/definitions/auth_connectors.Token'
/permission/:
get:
tags:
- permission
description: |-
find permissions
operationId: PermissionController.GetAll
responses:
"200":
description: '{permission} string'
/permission/{id}/{relation}:
get:
tags:
- permission
description: |-
find auth by permission
operationId: PermissionController.Get
parameters:
- in: path
name: id
description: the permission you want to get
required: true
type: string
responses:
"200":
description: '{auth} models.auth'
/permission/{permission_id}/{role_id}/{relation}:
post:
tags:
- permission
description: |-
bind the permission to role
operationId: PermissionController.Bind
parameters:
- in: path
name: role_id
description: The role_id you want to bind
required: true
type: string
- in: path
name: method
description: The method you want to relate role & permission
required: true
type: string
- in: path
name: permission_id
description: The permission_id you want to bind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
delete:
tags:
- permission
description: |-
unbind the permission to role
operationId: PermissionController.UnBind
parameters:
- in: path
name: role_id
description: The role_id you want to unbind
required: true
type: string
- in: path
name: relation
description: The method you want to unrelate role & permission
required: true
type: string
- in: path
name: permission_id
description: The permission_id you want to unbind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
/permission/clear:
delete:
tags:
- permission
description: |-
clear the permission
operationId: PermissionController.Clear
responses:
"200":
description: '{string} delete success!'
/permission/role/{id}:
get:
tags:
- permission
description: |-
find permission by role id
operationId: PermissionController.GetByRole
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/permission/user/{id}:
get:
tags:
- permission
description: |-
find permission by user id
operationId: PermissionController.GetByUser
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/refresh:
post:
tags:
- oc-auth/controllersOAuthController
description: |-
Exchange a refresh_token for a new token set
operationId: OAuthController.Refresh
parameters:
- in: body
name: body
description: refresh_token and client_id
required: true
schema:
$ref: '#/definitions/object'
responses:
"200":
description: ""
schema:
$ref: '#/definitions/auth_connectors.TokenResponse'
"401":
description: invalid refresh token
/role/:
get:
tags:
- role
description: |-
find roles
operationId: RoleController.GetAll
responses:
"200":
description: '{role} string'
/role/{id}:
get:
tags:
- role
description: |-
find role by id
operationId: RoleController.Get
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{role} string'
post:
tags:
- role
description: |-
create role
operationId: RoleController.Create
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} create success!'
delete:
tags:
- role
description: |-
delete the role
operationId: RoleController.Delete
parameters:
- in: path
name: id
description: The id you want to delete
required: true
type: string
responses:
"200":
description: '{string} delete success!'
/role/{user_id}/{role_id}:
post:
tags:
- role
description: |-
bind the role to user
operationId: RoleController.Bind
parameters:
- in: path
name: user_id
description: The user_id you want to bind
required: true
type: string
- in: path
name: role_id
description: The role_id you want to bind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
delete:
tags:
- role
description: |-
unbind the role to user
operationId: RoleController.UnBind
parameters:
- in: path
name: role_id
description: The role_id you want to unbind
required: true
type: string
- in: path
name: user_id
description: The user_id you want to unbind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
/role/clear:
delete:
tags:
- role
description: |-
clear the role
operationId: RoleController.Clear
responses:
"200":
description: '{string} delete success!'
/role/user/{id}:
get:
tags:
- role
description: |-
find role by user id
operationId: RoleController.GetByUser
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/version/:
get:
tags:
- version
description: |-
get version
operationId: VersionController.GetAll
responses:
"200":
description: ""
/version/discovery:
get:
tags:
- version
description: |-
get version
operationId: VersionController.Get
responses:
"200":
description: ""
definitions:
2432.0xc000460e70.false:
title: "false"
type: object
4171.0xc000461050.false:
title: "false"
type: object
auth_connectors.IntrospectResult:
title: IntrospectResult
type: object
properties:
active:
type: boolean
client_id:
type: string
exp:
type: integer
format: int64
ext:
$ref: '#/definitions/4171.0xc000461050.false'
scope:
type: string
sub:
type: string
token_type:
type: string
auth_connectors.LoginChallenge:
title: LoginChallenge
type: object
properties:
challenge:
type: string
client:
$ref: '#/definitions/2432.0xc000460e70.false'
request_url:
type: string
session_id:
type: string
skip:
type: boolean
subject:
type: string
auth_connectors.LoginRequest:
title: LoginRequest
type: object
properties:
login_challenge:
type: string
password:
type: string
username:
type: string
auth_connectors.Redirect:
title: Redirect
type: object
properties:
redirect_to:
type: string
auth_connectors.Token:
title: Token
type: object
properties:
access_token:
type: string
active:
type: boolean
expires_in:
type: integer
format: int64
id_token:
type: string
refresh_token:
type: string
scope:
type: string
token_type:
type: string
auth_connectors.TokenResponse:
title: TokenResponse
type: object
properties:
access_token:
type: string
expires_in:
type: integer
format: int64
id_token:
type: string
refresh_token:
type: string
scope:
type: string
token_type:
type: string
object:
title: object
type: object
tags:
- name: oc-auth/controllersOAuthController
description: |
OAuthController handles OAuth2 login/consent provider endpoints
- name: group
description: |
Operations about auth
- name: role
description: |
Operations about auth
- name: permission
description: |
Operations about auth
- name: version
description: |
VersionController operations for Version