diff --git a/backend/json_schema/hanko.user_import.json b/backend/json_schema/hanko.user_import.json index 3178bfbd8..1ab95dd19 100644 --- a/backend/json_schema/hanko.user_import.json +++ b/backend/json_schema/hanko.user_import.json @@ -10,10 +10,34 @@ "type": "array", "description": "Emails Array of email addresses" }, + "ImportOTPSecret": { + "properties": { + "secret": { + "type": "string", + "description": "Secret of the TOTP credential. TOTP credential must be generated for a period of 30 seconds and SHA1 hash algorithm." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "CreatedAt optional timestamp when the otp secret was created. Will be set to the import date if not provided." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "description": "UpdatedAt optional timestamp of the last update to the otp secret. Will be set to the import date if not provided." + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "secret" + ] + }, "ImportOrExportEmail": { "properties": { "address": { "type": "string", + "format": "email", "description": "Address Valid email address" }, "is_primary": { @@ -32,6 +56,7 @@ "is_primary", "is_verified" ], + "title": "ImportEmail", "description": "ImportOrExportEmail The import/export format for a user's email" }, "ImportOrExportEntry": { @@ -44,7 +69,23 @@ "$ref": "#/$defs/Emails", "type": "array", "minItems": 1, - "description": "Emails List of emails" + "description": "Emails optional list of emails" + }, + "username": { + "type": "string", + "description": "Username optional username of the user" + }, + "webauthn_credentials": { + "$ref": "#/$defs/ImportWebauthnCredentials", + "description": "WebauthnCredentials optional list of WebAuthn credentials of a user. Includes passkeys and MFA credentials." + }, + "password": { + "$ref": "#/$defs/ImportPasswordCredential", + "description": "Password optional password." + }, + "otp_secret": { + "$ref": "#/$defs/ImportOTPSecret", + "description": "OTPSecret optional TOTP secret for MFA." }, "created_at": { "type": "string", @@ -60,8 +101,11 @@ "additionalProperties": false, "type": "object", "required": [ - "emails" + "emails", + "password", + "otp_secret" ], + "title": "ImportEntry", "description": "ImportOrExportEntry represents a user to be imported/export to the Hanko database" }, "ImportOrExportList": { @@ -69,7 +113,183 @@ "$ref": "#/$defs/ImportOrExportEntry" }, "type": "array", - "description": "ImportOrExportList a list of ImportEntries" + "description": "ImportOrExportList a list of ImportEntries", + "examples": [ + [ + { + "user_id": "a9ae6bc8-d829-43de-b672-f50230833877", + "emails": [ + { + "address": "test@example.com", + "is_primary": true, + "is_verified": true + }, + { + "address": "test+1@example.com", + "is_primary": false, + "is_verified": false + } + ], + "password": null, + "otp_secret": null, + "created_at": "2024-08-17T12:05:15.651387237Z", + "updated_at": "2024-08-17T12:05:15.651387237Z" + }, + { + "user_id": "2f0649cf-c71e-48a5-92c3-210addb80281", + "emails": [ + { + "address": "test2@example.com", + "is_primary": true, + "is_verified": true + }, + { + "address": "test2+1@example.com", + "is_primary": false, + "is_verified": false + } + ], + "password": null, + "otp_secret": null, + "created_at": "2024-08-17T12:05:15.651387237Z", + "updated_at": "2024-08-17T12:05:15.651387237Z" + } + ], + [ + { + "emails": null, + "username": "example", + "password": { + "password": "$2a$12$mFbud0mLsD/q.WG7/9pNQemlAHs3H4o8zAv44gsUF1v1awsdqTh7.", + "created_at": "2024-08-17T12:05:15.651387237Z", + "updated_at": "2024-08-17T12:05:15.651387237Z" + }, + "otp_secret": null + } + ] + ] + }, + "ImportPasswordCredential": { + "properties": { + "password": { + "type": "string", + "description": "Password hash of the password in bcrypt format." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "CreatedAt optional timestamp when the password was created. Will be set to the import date if not provided." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "description": "UpdatedAt optional timestamp of the last update to the password. Will be set to the import date if not provided." + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "password" + ] + }, + "ImportWebauthnCredential": { + "properties": { + "id": { + "type": "string", + "description": "ID of the WebAuthn credential." + }, + "name": { + "type": "string", + "description": "Optional Name of the WebAuthn credential." + }, + "public_key": { + "type": "string", + "description": "The PublicKey of the credential." + }, + "attestation_type": { + "type": "string", + "description": "The AttestationType the credential was created with." + }, + "aaguid": { + "$ref": "#/$defs/UUID", + "description": "Optional AAGUID of the authenticator on which the credential was created on." + }, + "sign_count": { + "type": "integer", + "description": "Optional SignCount of the WebAuthn credential." + }, + "last_used_at": { + "type": "string", + "format": "date-time", + "description": "LastUsedAt optional timestamp when the WebAuthn credential was last used." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "CreatedAt optional timestamp of the WebAuthn credentials' creation. Will be set to the import date if not provided." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "description": "UpdatedAt optional timestamp of the last update to the WebAuthn credential. Will be set to the import date if not provided." + }, + "transports": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Optional list of supported Transports by the authenticator." + }, + "backup_eligible": { + "type": "boolean", + "description": "BackupEligible flag indicates if the WebAuthn credential can be backed up (e.g. in Apple KeyChain, ...). If the information is not available set it to false." + }, + "backup_state": { + "type": "boolean", + "description": "BackupState flag indicates if the WebAuthn credential is backed up (e.g. in Apple KeyChain, ...). If the information is not available set it to false." + }, + "mfa_only": { + "type": "boolean", + "description": "MFAOnly flag indicates if the WebAuthn credential can only be used in combination with another login factor (e.g. password, ...)." + }, + "user_handle": { + "type": "string", + "description": "UserHandle optional user id which was used to create the credential with.\nPopulate only when user id was not an uuid v4 and the WebAuthn credential is not an MFAOnly credential." + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "id", + "name", + "public_key", + "attestation_type", + "aaguid", + "sign_count", + "last_used_at", + "created_at", + "updated_at", + "transports", + "backup_eligible", + "backup_state", + "mfa_only", + "user_handle" + ] + }, + "ImportWebauthnCredentials": { + "items": { + "$ref": "#/$defs/ImportWebauthnCredential" + }, + "type": "array" + }, + "UUID": { + "items": { + "type": "integer" + }, + "type": "array", + "maxItems": 16, + "minItems": 16 } - } + }, + "title": "User import" } \ No newline at end of file