Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ciba-grant-3.2.0.md #3615

Merged
merged 16 commits into from
Apr 25, 2024
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 41 additions & 1 deletion schemas/v3.1/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1240,6 +1240,9 @@
"authorizationCode": {
"$ref": "#/$defs/oauth-flows/$defs/authorization-code"
}
"ciba": {
"$ref": "#/$defs/oauth-flows/$defs/ciba"
}
},
"$ref": "#/$defs/specification-extensions",
"unevaluatedProperties": false,
Expand Down Expand Up @@ -1327,7 +1330,44 @@
],
"$ref": "#/$defs/specification-extensions",
"unevaluatedProperties": false
}
},
"ciba": {
"type": "object",
"properties": {
"authorizationUrl": {
"type": "string"
},
"tokenUrl": {
"type": "string"
},
"refreshUrl": {
"type": "string"
},
"ciba_delivery_modes": {
"type": "array",
"item": "string"
},
"ciba_signing_algs": {
"type": "array",
"item": "string"
},
"ciba_user_code":{
"type": "boolean"
},
"scopes": {
"$ref": "#/$defs/map-of-strings"
}
},
"required": [
"authorizationUrl",
"tokenUrl",
"ciba_delivery_modes",
"ciba_signing_algs",
"scopes"
],
"$ref": "#/$defs/specification-extensions",
"unevaluatedProperties": false
}
}
},
"security-requirement": {
Expand Down
32 changes: 32 additions & 0 deletions schemas/v3.1/schema.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -837,6 +837,8 @@ $defs:
$ref: '#/$defs/oauth-flows/$defs/client-credentials'
authorizationCode:
$ref: '#/$defs/oauth-flows/$defs/authorization-code'
ciba:
$ref: '#/$defs/oauth-flows/$defs/ciba'
$ref: '#/$defs/specification-extensions'
unevaluatedProperties: false

Expand Down Expand Up @@ -903,6 +905,36 @@ $defs:
- scopes
$ref: '#/$defs/specification-extensions'
unevaluatedProperties: false

ciba:
type: object
properties:
authorizationUrl:
type: string
tokenUrl:
type: string
refreshUrl:
type: string
ciba_delivery_modes:
type: array
items:
type: string
ciba_signing_algs:
* type: array
items:
type: string
ciba_user_code:
type: boolean
scopes:
$ref: '#/$defs/map-of-strings'
required:
- authorizationUrl
- tokenUrl
- ciba_delivery_modes
- ciba_signing_algs
- scopes
$ref: '#/$defs/specification-extensions'
unevaluatedProperties: false

security-requirement:
type: object
Expand Down
17 changes: 15 additions & 2 deletions versions/3.2.0.md
Original file line number Diff line number Diff line change
Expand Up @@ -3290,6 +3290,7 @@ Field Name | Type | Description
<a name="oauthFlowsClientCredentials"></a>clientCredentials| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0.
<a name="oauthFlowsAuthorizationCode"></a>authorizationCode| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0.
<a name="oauthFlowsDeviceAuthorization"></s>deviceAuthorization| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Device Authorization flow.
<a name="oauthFlowsCiba"></a>ciba| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OpenID Connect Client-Initiated Backchannel Authentication Flow.

This object MAY be extended with [Specification Extensions](#specificationExtensions).

Expand All @@ -3300,11 +3301,14 @@ Configuration details for a supported OAuth Flow
##### Fixed Fields
Field Name | Type | Applies To | Description
---|:---:|---|---
<a name="oauthFlowAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
<a name="oauthFlowAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`, `"ciba"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
<a name="oauthFlowDeviceAuthorizationUrl"></s>deviceAuthorizationUrl | `string` | `oauth2` (`"deviceAuthorization"`) | **REQUIRED**. The device authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
<a name="oauthFlowTokenUrl"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
<a name="oauthFlowTokenUrl"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`, `"ciba"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
<a name="oauthFlowRefreshUrl"></a>refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
<a name="oauthFlowScopes"></a>scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty.
<a name="backchannelTokenDeliveryModesSupported"></a>ciba_delivery_modes | Array[`string`] | `oauth2` (`"ciba"`) | **REQUIRED**. JSON array containing one or more of the following values: poll, ping, and push.
shilpa-padgaonkar marked this conversation as resolved.
Show resolved Hide resolved
<a name="backchannel_authentication_request_signing_alg_values"></a>ciba_signing_algs | Array[`string`] | `oauth2` (`"ciba"`) | JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP (OpenIdConnect Provider) for signed authentication requests
shilpa-padgaonkar marked this conversation as resolved.
Show resolved Hide resolved
<a name="backchannel_user_code_parameter_supported"></a>ciba_user_code | `boolean` | `oauth2` (`"ciba"`) | Boolean value specifying whether the OP supports the use of the user_code parameter, with true indicating support. If omitted, the default value is false.
shilpa-padgaonkar marked this conversation as resolved.
Show resolved Hide resolved

This object MAY be extended with [Specification Extensions](#specificationExtensions).

Expand All @@ -3328,6 +3332,15 @@ This object MAY be extended with [Specification Extensions](#specificationExtens
"write:pets": "modify pets in your account",
"read:pets": "read your pets"
}
},
"ciba": {
"authorizationUrl": "https://example.com/api/oauth/dialog",
"tokenUrl": "https://example.com/api/oauth/token",
"scopes": {
"write:pets": "modify pets in your account",
"read:pets": "read your pets"
},
"ciba_delivery_modes": ["poll"]
shilpa-padgaonkar marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
Expand Down