openapi: 3.0.1 info: title: Asterisms Auth API version: "1.0" tags: - name: Authentication description: User Authentication Related Routes - name: Authentication Session description: User Session Related Routes - name: Authorization Policy description: Manage Authorization Policies - name: Authorization Service Tokens description: Create and manage service authorization tokens. - name: Authorization Management description: Authorization management and recovery - name: System Initialization description: Initialize the system. - name: Authorization Tokens Scopes description: Manage token scopes. - name: Authorization User Tokens description: Create and manage user authorization tokens. - name: Authorization System Tokens description: Create and manage system authorization tokens. paths: /api: get: tags: - API operationId: info responses: "200": description: info 200 response content: application/json: schema: $ref: "#/components/schemas/GenericDatedSuccessResponse" /api/account/authentication/oauth/{provider}/callback: get: tags: - Authentication operationId: handleOauthCallback parameters: - name: provider in: path required: true schema: $ref: "#/components/schemas/OAuthProviderTypes" - name: error in: query schema: type: string nullable: true responses: "200": description: handleOauthCallback 200 response content: application/json: schema: type: object security: - asterisms-account: [] /api/account/authentication/{type}/authenticate: post: tags: - Authentication operationId: authenticate parameters: - name: type in: path required: true schema: $ref: "#/components/schemas/AuthenticationCredentialType" requestBody: content: application/json: schema: $ref: "#/components/schemas/AuthenticationRequest" application/x-www-form-urlencoded: schema: $ref: "#/components/schemas/AuthenticationRequest" required: true responses: "200": description: authenticate 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationToken" security: - asterisms-account: [] /api/account/authentication/{type}/challenge: post: tags: - Authentication operationId: challenge parameters: - name: type in: path required: true schema: $ref: "#/components/schemas/AuthenticationCredentialType" requestBody: content: application/json: schema: $ref: "#/components/schemas/ChallengeRequest" application/x-www-form-urlencoded: schema: $ref: "#/components/schemas/ChallengeRequest" required: true responses: "200": description: challenge 200 response content: application/json: schema: type: object security: - asterisms-account: [] /api/account/authentication/{type}/update: post: tags: - Authentication summary: Update your current credentials description: Update your current credentials operationId: updateCredentials parameters: - name: type in: path description: the type of credential to update. required: true schema: $ref: "#/components/schemas/AuthenticationCredentialType" requestBody: description: the identity / encoded verifier content: application/json: schema: $ref: "#/components/schemas/SecretsRequest" required: true responses: "200": description: SuccessResponse with true / false. content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" /api/account/authentication/{type}/{provider}/authenticate: get: tags: - Authentication operationId: oauthAuthentication parameters: - name: type in: path required: true schema: $ref: "#/components/schemas/AuthenticationCredentialType" - name: provider in: path required: true schema: $ref: "#/components/schemas/OAuthProviderTypes" - name: workspaceName in: query required: true schema: type: string - name: emailAddress in: query required: true schema: type: string - name: source in: query required: true schema: $ref: "#/components/schemas/AccessorSource" - name: redirect in: query schema: type: string nullable: true responses: "200": description: oauthAuthentication 200 response content: application/json: schema: type: object security: - asterisms-account: [] /api/account/current/authentication/redirect: get: tags: - Authentication operationId: toRedirect responses: "200": description: toRedirect 200 response content: application/json: schema: type: object /api/account/current/authentication/switch: post: tags: - Authentication operationId: switchWorkspaces responses: "200": description: (Alpha) Switch User and redirect content: application/json: schema: type: string /api/authentication/secrets/{type}/encode: post: tags: - Authentication summary: Apply encoding to a password description: Convert a user secret (password) to an authentication secret (verifier/hash) for use in a follow up authenticate call. operationId: encode parameters: - name: type in: path required: true schema: $ref: "#/components/schemas/AuthenticationCredentialType" requestBody: content: application/json: schema: $ref: "#/components/schemas/ChallengeEncodingRequest" required: true responses: "200": description: encode 200 response content: application/json: schema: $ref: "#/components/schemas/ChallengeEncodingResponse" /api/authentication/secrets/{type}/generate: post: tags: - Authentication summary: Generate secrets description: "Convert secret request into composite local credentials (salt,verifier)\ \ suitable for secured storage." operationId: generate parameters: - name: type in: path required: true schema: $ref: "#/components/schemas/AuthenticationCredentialType" requestBody: content: application/json: schema: $ref: "#/components/schemas/SecretsRequest" required: true responses: "200": description: generate 200 response content: application/json: schema: $ref: "#/components/schemas/LocalCredentialsSecrets" /api/authorization/authorize: post: tags: - Authorization Management operationId: authorize requestBody: content: application/json: schema: $ref: "#/components/schemas/AuthenticationRequest" required: true responses: "200": description: authorize 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationToken" /api/authorization/challenge: post: tags: - Authorization Management operationId: challenge_1 requestBody: content: application/json: schema: $ref: "#/components/schemas/ChallengeRequest" required: true responses: "200": description: challenge_1 200 response content: application/json: schema: type: object /api/authorization/policy: get: tags: - Authorization Policy operationId: listAuthPolicies responses: "200": description: listAuthPolicies 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/AuthorizationPolicy" deprecated: true security: - asterisms-account: [] /api/authorization/policy/register: post: tags: - Authorization Policy operationId: register requestBody: content: application/json: schema: type: array items: $ref: "#/components/schemas/AuthorizationPolicy" required: true responses: "200": description: register 200 response content: application/json: schema: $ref: "#/components/schemas/SuccessResponseWithEntity_AuthorizationPolicyRegistrationCompletedData_" security: - ipc-authorization: [] /api/authorization/policy/revoke/{bundleId}: post: operationId: revoke parameters: - name: bundleId in: path required: true schema: type: string responses: "200": description: revoke 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] /api/authorization/reset: post: tags: - Authorization Management operationId: requestResetCode requestBody: content: application/json: schema: $ref: "#/components/schemas/AuthorizationResetRequestConfig" required: true responses: "200": description: requestResetCode 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" /api/invite/authorize: post: tags: - Authorization Management operationId: authorizeInvite requestBody: content: application/json: schema: $ref: "#/components/schemas/AuthenticationRequest" required: true responses: "200": description: authorizeInvite 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationToken" /api/invite/challenge: post: tags: - Authorization Management operationId: challengeInvite requestBody: content: application/json: schema: $ref: "#/components/schemas/ChallengeRequest" required: true responses: "200": description: challengeInvite 200 response content: application/json: schema: type: object /api/invite/create: post: tags: - Authorization Management operationId: generateInvite requestBody: content: application/json: schema: $ref: "#/components/schemas/AccountInviteCreateConfig" required: true responses: "200": description: generateInvite 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - ipc-authorization: [] - asterisms-account: [] /api/invite/resend: post: tags: - Authorization Management operationId: resendInvite requestBody: content: application/json: schema: $ref: "#/components/schemas/AccountInviteResendConfig" required: true responses: "200": description: resendInvite 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" /api/jwk/generate: get: tags: - JWK Generator operationId: generate_1 parameters: - name: kid in: query schema: type: string nullable: true - name: format in: query schema: nullable: true allOf: - $ref: "#/components/schemas/JwkConfiguration.Format" responses: "200": description: generate_1 200 response content: application/json: schema: type: string /api/jwk/generator: get: tags: - JWK Generator operationId: legacyGenerator parameters: - name: kid in: query schema: type: string nullable: true - name: format in: query schema: nullable: true allOf: - $ref: "#/components/schemas/JwkConfiguration.Format" responses: "200": description: legacyGenerator 200 response content: application/json: schema: type: string deprecated: true /api/oauth/credentials: get: tags: - OAuth Tokens description: Get OAuth Credentials for the authenticated user operationId: userCredentials responses: "200": description: userCredentials 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/OAuthCredentialReference" post: tags: - OAuth Tokens description: Create new OAuth client credentials. operationId: generate_2 requestBody: content: application/json: schema: $ref: "#/components/schemas/ClientCredentialConfig" required: true responses: "200": description: generate_2 200 response content: application/json: schema: $ref: "#/components/schemas/OAuthCredential" /api/oauth/credentials/{credentialId}: delete: tags: - OAuth Tokens description: Revoke a client credential for a user. operationId: revokeCredentials parameters: - name: credentialId in: path required: true schema: type: string format: uuid responses: "200": description: revokeCredentials 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" /api/oauth/token: post: tags: - OAuth Tokens description: Exchange Client Credentials for an Access Token. operationId: obtainAccessToken requestBody: content: application/json: schema: $ref: "#/components/schemas/OAuthAccessTokenRequest" required: true responses: "200": description: obtainAccessToken 200 response content: application/json: schema: $ref: "#/components/schemas/OAuthAccessTokenResponse" /api/platform/oauth/credentials: get: tags: - OAuth Tokens description: List all client credentials that exist for the platform. This list will have entries for all members across all workspaces. operationId: allCredentials parameters: - name: query in: query schema: type: string responses: "200": description: allCredentials 200 response content: application/json: schema: $ref: "#/components/schemas/PagedResponse_2" security: - asterisms-account: [] /api/public/configuration/io.asterisms.auth: get: tags: - Public Configuration summary: Retrieves public configuration properties for the auth service. description: Get public configuration properties for the auth service operationId: publicConfiguration responses: "200": description: HTTP response containing public configuration properties. content: application/json: schema: type: object additionalProperties: true /api/service/token: get: tags: - Authorization Service Tokens operationId: listAccountTokens responses: "200": description: listAccountTokens 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/ServiceTokenEntity" /api/service/token/exchange: post: tags: - Authorization Service Tokens operationId: exchange responses: "200": description: exchange 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationToken" security: - ipc-authorization: [] /api/service/token/generate: post: tags: - Authorization Service Tokens operationId: generate_3 requestBody: content: application/json: schema: $ref: "#/components/schemas/TokenConfig" required: true responses: "200": description: generate_3 200 response content: application/json: schema: $ref: "#/components/schemas/ServiceTokenEntity" /api/service/token/platform: get: tags: - Authorization Service Tokens operationId: listAllTokens responses: "200": description: listAllTokens 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/ServiceTokenEntity" security: - asterisms-account: [] /api/service/token/revoke/{tokenId}: post: tags: - Authorization Service Tokens operationId: revoke_1 parameters: - name: tokenId in: path required: true schema: type: string responses: "200": description: revoke_1 200 response content: application/json: schema: $ref: "#/components/schemas/ServiceTokenEntity" /api/service/token/{workspaceId}: get: tags: - Authorization Service Tokens operationId: listWorkspaceTokens parameters: - name: workspaceId in: path required: true schema: type: string format: uuid responses: "200": description: listWorkspaceTokens 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/ServiceTokenEntity" security: - asterisms-account: [] /api/synchronize/hand-off/{otc}: get: tags: - Authentication Session operationId: sessionTokenTransfer parameters: - name: otc in: path required: true schema: type: string - name: redirectUrl in: query schema: type: string nullable: true responses: "200": description: sessionTokenTransfer 200 response content: application/json: schema: type: object security: - asterisms-account: [] /api/synchronize/token: post: tags: - Authentication Session summary: Pull the AuthorizationToken from the session store and return it to the browser. description: Pull the AuthorizationToken from the session store and return it to the browser. operationId: restoreAuthorizationTokenFromSession responses: "200": description: Authorization token content: application/json: schema: $ref: "#/components/schemas/AuthorizationToken" security: - ipc-authorization: [] /api/synchronize/token/remove: post: tags: - Authentication Session summary: Destroy Session and Remove Existing Session Cookie description: Destroy Session and Remove Existing Session Cookie operationId: removeAuthorizationTokenFromSession responses: "200": description: Success Response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] /api/system/register/authentication: post: tags: - System Initialization operationId: register_1 requestBody: content: application/json: schema: $ref: "#/components/schemas/SystemAccountCredentials" required: true responses: "200": description: register_1 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - ipc-authorization: [] /api/system/token/generate: post: tags: - Authorization System Tokens operationId: generate_4 requestBody: content: application/json: schema: $ref: "#/components/schemas/TokenConfig" required: true responses: "200": description: generate_4 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationToken" /api/system/token/lookup: get: tags: - Authorization System Tokens operationId: lookup responses: "200": description: lookup 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationTokenSpec" /api/system/token/lookup-self: get: tags: - Authorization System Tokens operationId: lookupSelf responses: "200": description: lookupSelf 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationTokenSpec" /api/token/interpreter/system-token: get: tags: - Authorization User Tokens operationId: get responses: "200": description: get 200 response content: application/json: schema: type: object additionalProperties: true /api/token/interpreter/user-token: get: tags: - Authorization User Tokens operationId: get_1 responses: "200": description: get_1 200 response content: application/json: schema: type: object additionalProperties: true /api/token/renew: get: tags: - Authorization User Tokens operationId: renew responses: "200": description: renew 200 response content: application/json: schema: $ref: "#/components/schemas/AuthorizationToken" /api/token/scope: get: tags: - Authorization Tokens Scopes operationId: list parameters: - name: workspaceId in: query schema: type: string format: uuid nullable: true responses: "200": description: list 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/CustomScopeEntity" /api/token/scope/register: post: tags: - Authorization Tokens Scopes operationId: register_2 parameters: - name: workspaceId in: query schema: type: string format: uuid nullable: true requestBody: content: application/json: schema: type: array items: $ref: "#/components/schemas/CustomScope" required: true responses: "200": description: register_2 200 response content: application/json: schema: $ref: "#/components/schemas/SuccessResponseWithEntity_CustomScopeRegistrationCompletedData_" security: - ipc-authorization: [] /api/token/touch: get: tags: - Authorization User Tokens operationId: touch responses: "200": description: touch 200 response content: application/json: schema: type: object additionalProperties: type: boolean /api/workspace/{workspaceId}/authorization/policy: get: tags: - Authorization Policy operationId: listWorkspaceAuthPolicies parameters: - name: workspaceId in: path required: true schema: type: string format: uuid responses: "200": description: listWorkspaceAuthPolicies 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/AuthorizationPolicy" security: - asterisms-account: [] /api/workspace/{workspaceId}/oauth/credentials: get: tags: - OAuth Tokens description: List all client credentials that exist on the workspace. This list includes non-alreadyRevoked tokens from all members. operationId: workspaceCredentials parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: query in: query schema: type: string responses: "200": description: workspaceCredentials 200 response content: application/json: schema: $ref: "#/components/schemas/PagedResponse_1" security: - asterisms-account: [] /api/workspace/{workspaceId}/oauth/credentials/{credentialId}: delete: tags: - OAuth Tokens description: "As a workspace or platform administrator, revoke a member's client\ \ credential." operationId: revokeWorkspaceCredentials parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: credentialId in: path required: true schema: type: string format: uuid responses: "200": description: revokeWorkspaceCredentials 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] /api/workspace/{workspaceId}/permission/group: get: tags: - Permission Groups description: List permission groups for a workspace operationId: list_1 parameters: - name: workspaceId in: path required: true schema: type: string format: uuid responses: "200": description: list_1 200 response content: application/json: schema: type: array items: $ref: "#/components/schemas/PermissionGroup" security: - asterisms-account: [] post: tags: - Permission Groups description: Create a permission group. operationId: create parameters: - name: workspaceId in: path required: true schema: type: string format: uuid requestBody: content: application/json: schema: $ref: "#/components/schemas/PermissionGroupCreate" required: true responses: "200": description: create 200 response content: application/json: schema: $ref: "#/components/schemas/PermissionGroup" security: - asterisms-account: [] /api/workspace/{workspaceId}/permission/group/accessors/add: post: tags: - Permission Groups description: Add accounts to a permission group. operationId: addUserToGroup parameters: - name: workspaceId in: path required: true schema: type: string format: uuid requestBody: content: application/json: schema: $ref: "#/components/schemas/PermissionGroupAccessorModifyRequest" required: true responses: "200": description: addUserToGroup 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] /api/workspace/{workspaceId}/permission/group/accessors/remove: delete: tags: - Permission Groups description: Remove accounts from a permission group. operationId: removeUserFromGroup parameters: - name: workspaceId in: path required: true schema: type: string format: uuid requestBody: content: application/json: schema: $ref: "#/components/schemas/PermissionGroupAccessorModifyRequest" required: true responses: "200": description: removeUserFromGroup 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] /api/workspace/{workspaceId}/permission/group/policies/add: post: tags: - Permission Groups description: Add policies to a permission group. operationId: addPolicyToGroup parameters: - name: workspaceId in: path required: true schema: type: string format: uuid requestBody: content: application/json: schema: $ref: "#/components/schemas/PermissionGroupAuthPolicyModifyRequest" required: true responses: "200": description: addPolicyToGroup 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] /api/workspace/{workspaceId}/permission/group/policies/remove: delete: tags: - Permission Groups description: Remove policies from a permission group. operationId: removePolicyFromGroup parameters: - name: workspaceId in: path required: true schema: type: string format: uuid requestBody: content: application/json: schema: $ref: "#/components/schemas/PermissionGroupAuthPolicyModifyRequest" required: true responses: "200": description: removePolicyFromGroup 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] /api/workspace/{workspaceId}/permission/group/search: get: tags: - Permission Groups description: Search permission groups for a workspace operationId: search parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: query in: query schema: type: string responses: "200": description: search 200 response content: application/json: schema: $ref: "#/components/schemas/PagedResponse" security: - asterisms-account: [] /api/workspace/{workspaceId}/permission/group/{permissionGroupId}: get: tags: - Permission Groups description: Get a permission group for a resource. operationId: get_2 parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: permissionGroupId in: path required: true schema: type: string format: uuid responses: "200": description: get_2 200 response content: application/json: schema: $ref: "#/components/schemas/PermissionGroup" security: - asterisms-account: [] put: tags: - Permission Groups description: Update a permission group. operationId: update parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: permissionGroupId in: path required: true schema: type: string format: uuid requestBody: content: application/json: schema: $ref: "#/components/schemas/PermissionGroup" required: true responses: "200": description: update 200 response content: application/json: schema: $ref: "#/components/schemas/PermissionGroup" security: - asterisms-account: [] delete: tags: - Permission Groups description: Remove a permission group. operationId: remove parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: permissionGroupId in: path required: true schema: type: string format: uuid responses: "200": description: remove 200 response content: application/json: schema: $ref: "#/components/schemas/GenericSuccessResponse" security: - asterisms-account: [] components: schemas: AccessorSource: type: string enum: - Service - System - User - Workspace x-enum-varnames: - Service - System - User - Workspace AccountInviteCreateConfig: required: - account type: object properties: account: $ref: "#/components/schemas/UserAccount" workspace: $ref: "#/components/schemas/Workspace" AccountInviteResendConfig: required: - identity type: object properties: identity: minLength: 1 type: string format: email workspaceName: type: string accessorSource: $ref: "#/components/schemas/AccessorSource" AccountRole: type: string enum: - PlatformSuperAdministrator - PlatformAdministrator - PlatformAccount - WorkspaceOwner - WorkspaceAdministrator - WorkspaceMember - Unknown x-enum-varnames: - PlatformSuperAdministrator - PlatformAdministrator - PlatformAccount - WorkspaceOwner - WorkspaceAdministrator - WorkspaceMember - Unknown AccountState: type: string enum: - Active - Inactive - Suspended - Pending x-enum-varnames: - Active - Inactive - Suspended - Pending AuthenticationCredentialType: type: string enum: - SRP6 - OAUTH AuthenticationNextStep: type: object properties: message: type: string link: $ref: "#/components/schemas/AuthenticationNextStep.Link" type: $ref: "#/components/schemas/AuthenticationNextStep.Type" length: type: integer format: int32 AuthenticationNextStep.Link: required: - href type: object properties: href: type: string AuthenticationNextStep.Type: type: string enum: - CODE AuthenticationRequest: type: object allOf: - $ref: "#/components/schemas/SecretsRequest" - properties: workspaceName: type: string AuthorizationPolicy: required: - bundleId type: object properties: permitted: type: array nullable: true items: $ref: "#/components/schemas/AccountRole" appliesTo: type: array nullable: true items: $ref: "#/components/schemas/AccessorSource" id: type: string format: uuid bundleId: minLength: 1 type: string description: type: string description: The description key: type: string description: The key to uniquely identify the record. AuthorizationPolicyRegistrationCompletedData: type: object properties: authorizationPolicies: type: array description: The finalized value of the registered authorization policy items: $ref: "#/components/schemas/AuthorizationPolicy" description: Response data provided after registering authorization policy AuthorizationResetRequestConfig: required: - identity type: object properties: identity: minLength: 1 type: string format: email workspaceName: type: string accessorSource: $ref: "#/components/schemas/AccessorSource" AuthorizationToken: type: object properties: pending: type: boolean token: type: string nullable: true createdTime: type: integer format: int64 issuedTime: type: integer format: int64 lease: type: integer format: int64 expirationTime: type: string format: date-time renewable: type: boolean policies: type: array items: type: string __meta: type: object additionalProperties: true next: nullable: true allOf: - $ref: "#/components/schemas/AuthenticationNextStep" AuthorizationTokenSpec: required: - token - tokenSource type: object properties: token: $ref: "#/components/schemas/TokenRoot" tokenSource: type: string ChallengeEncodingRequest: required: - b - identity - salt - secret type: object properties: identity: minLength: 1 type: string x-size-message: identity must not be empty. secret: minLength: 1 type: string x-size-message: secret (the account password) must not be empty salt: minLength: 1 type: string x-size-message: salt must not be empty b: minLength: 1 type: string x-size-message: b must not be empty ChallengeEncodingResponse: type: object properties: success: type: boolean secret: type: string timestamp: type: string format: date-time ChallengeRequest: required: - identity - source - workspaceName type: object properties: identity: minLength: 1 type: string workspaceName: type: string scope: type: string source: $ref: "#/components/schemas/AccessorSource" ClientCredentialConfig: required: - name - ttl type: object properties: ttl: type: integer description: "The TTL for the client credentials to live, (two years in\ \ seconds default)" format: int64 default: 63072000 name: maxLength: 50 minLength: 7 type: string description: A unique name for the credentials. Used to identify it in a list. CustomScope: required: - description - key type: object properties: key: minLength: 1 type: string description: The key to uniquely identify the record. description: minLength: 1 type: string description: The description CustomScopeEntity: type: object properties: id: type: string format: uuid workspaceId: type: string format: uuid nullable: true createdAt: type: string format: date-time updatedAt: type: string format: date-time key: type: string description: The key to uniquely identify the record. description: type: string description: The description token: type: array items: $ref: "#/components/schemas/TokenScopeEntity" CustomScopeRegistrationCompletedData: type: object properties: tokenScope: type: array description: The finalized value of the registered Token Scope items: $ref: "#/components/schemas/CustomScope" description: Response data provided after registering Token Scope GenericDatedSuccessResponse: required: - _date - code - message type: object allOf: - $ref: "#/components/schemas/GenericSuccessResponse" - properties: message: type: string code: type: string _date: type: string format: date-time GenericSuccessResponse: type: object properties: success: type: boolean message: type: string code: type: string JwkConfiguration.Format: type: string enum: - json - b64 x-enum-varnames: - json - b64 LocalCredentialsSecrets: type: object properties: timestamp: type: string format: date-time salt: type: string verifier: type: string OAuthAccessTokenRequest: required: - client_id - client_secret - grant_type type: object properties: client_id: minLength: 1 type: string description: The client id. x-size-message: client_id is required. client_secret: minLength: 1 type: string description: The client secret. grant_type: minLength: 1 type: string description: This must be "client_credentials" x-size-message: grant_type is required. audience: type: string description: The intended audience for the access token. OAuthAccessTokenResponse: required: - access_token - expires_in - token_type type: object properties: access_token: minLength: 1 type: string token_type: minLength: 1 type: string expires_in: type: integer format: int64 OAuthCredential: type: object allOf: - $ref: "#/components/schemas/OAuthCredentialReference" - properties: authUri: type: string clientId: type: string clientSecret: type: string domain: type: string workspaceId: type: string format: uuid OAuthCredentialReference: required: - accessorId - createdAt - expiresAt - id - name type: object properties: id: type: string format: uuid accessorId: type: string format: uuid name: maxLength: 50 minLength: 7 type: string expiresAt: type: string format: date-time createdAt: type: string format: date-time credentialType: $ref: "#/components/schemas/OAuthCredentialType" OAuthCredentialType: type: string enum: - CLIENT_CREDENTIALS x-type: String OAuthProviderTypes: type: string enum: - AZURE - GOOGLE - AWS PagedResponse: required: - data - meta type: object properties: data: type: array items: $ref: "#/components/schemas/PermissionGroup" meta: $ref: "#/components/schemas/Pagination" description: Paginated Response PagedResponse_1: required: - data - meta type: object properties: data: type: array items: $ref: "#/components/schemas/OAuthCredentialReference" meta: $ref: "#/components/schemas/Pagination" description: Paginated Response PagedResponse_2: required: - data - meta type: object properties: data: type: array items: $ref: "#/components/schemas/OAuthCredentialReference" meta: $ref: "#/components/schemas/Pagination" description: Paginated Response Pagination: type: object properties: {} description: Pagination PermissionGroup: required: - accessors - createdAt - createdBy - description - id - name - policies - updatedAt - updatedBy - workspaceId type: object properties: id: type: string format: uuid workspaceId: type: string format: uuid name: type: string description: type: string policies: type: array items: $ref: "#/components/schemas/AuthorizationPolicy" accessors: type: array items: $ref: "#/components/schemas/PermissionGroupAccessor" createdBy: type: string format: uuid updatedBy: type: string format: uuid createdAt: type: string format: date-time updatedAt: type: string format: date-time PermissionGroupAccessor: type: object properties: id: type: string format: uuid accessorId: type: string format: uuid permissionGroupId: type: string format: uuid createdAt: type: string format: date-time PermissionGroupAccessorModifyRequest: required: - accessorIds - permissionGroupId type: object properties: permissionGroupId: type: string format: uuid accessorIds: minItems: 1 type: array items: type: string format: uuid PermissionGroupAuthPolicyModifyRequest: type: object properties: permissionGroupId: type: string format: uuid authPolicyIds: type: array items: type: string format: uuid PermissionGroupCreate: required: - description - name type: object properties: name: minLength: 1 type: string description: minLength: 1 type: string SecretsRequest: required: - identity - secret type: object properties: identity: minLength: 1 type: string format: email secret: minLength: 1 type: string ServiceTokenEntity: required: - accessorId - name - workspaceId type: object properties: expires: type: integer format: int64 id: type: string format: uuid accessorId: type: string format: uuid workspaceId: type: string format: uuid name: type: string revokedOn: type: string format: date-time tokenAuthorization: $ref: "#/components/schemas/TokenAuthorization" token: type: string SuccessResponseWithEntity_AuthorizationPolicyRegistrationCompletedData_: type: object allOf: - $ref: "#/components/schemas/GenericSuccessResponse" - properties: message: type: string code: type: string entity: $ref: "#/components/schemas/AuthorizationPolicyRegistrationCompletedData" SuccessResponseWithEntity_CustomScopeRegistrationCompletedData_: type: object allOf: - $ref: "#/components/schemas/GenericSuccessResponse" - properties: message: type: string code: type: string entity: $ref: "#/components/schemas/CustomScopeRegistrationCompletedData" SystemAccounRegistrationCredentials: required: - salt - verifier type: object properties: salt: minLength: 1 type: string verifier: minLength: 1 type: string SystemAccountCredentials: required: - accountId type: object allOf: - $ref: "#/components/schemas/SystemAccounRegistrationCredentials" - properties: accountId: type: string format: uuid identity: type: string format: email TimeToLive: required: - time type: object properties: time: type: integer format: int64 TokenAuthorization: type: object properties: available: type: boolean expirationInstant: type: string format: date-time id: type: string format: uuid createdInstant: type: string format: date-time issuedInstant: type: string format: date-time lease: type: integer description: Lease in milliseconds format: int64 notBeforeTime: type: string format: date-time TokenConfig: type: object properties: tokenName: type: string roleName: type: string displayName: type: string policies: type: array items: type: string meta: type: object additionalProperties: type: string renewable: type: boolean timeToLive: type: string type: $ref: "#/components/schemas/TokenType" maxNumberOfUses: type: integer format: int32 maxTimeToLive: type: string scope: type: array items: type: string TokenEntity: type: object properties: available: type: boolean id: type: string format: uuid parentTokenId: type: string format: uuid accessorId: type: string format: uuid accessorSource: $ref: "#/components/schemas/AccessorSource" roleName: type: string displayName: type: string renewable: type: boolean type: $ref: "#/components/schemas/TokenType" createdInstant: type: string format: date-time notBeforeInstant: type: string format: date-time maxNumberOfUses: type: integer format: int32 maxTimeToLive: $ref: "#/components/schemas/TimeToLive" touches: type: integer format: int64 policies: type: array items: $ref: "#/components/schemas/TokenPolicyEntity" meta: type: array items: $ref: "#/components/schemas/TokenMetadataEntity" scopes: type: array items: $ref: "#/components/schemas/TokenScopeEntity" TokenMetadataEntity: type: object properties: id: type: string format: uuid token: $ref: "#/components/schemas/TokenEntity" key: type: string value: type: string TokenPolicyEntity: type: object properties: id: type: string format: uuid token: $ref: "#/components/schemas/TokenEntity" name: type: string TokenRoot: type: object TokenScopeEntity: type: object properties: id: type: string format: uuid token: $ref: "#/components/schemas/TokenEntity" scope: $ref: "#/components/schemas/CustomScopeEntity" TokenType: type: string enum: - Authentication - AuthorizationPolicy - None x-enum-varnames: - Authentication - AuthorizationPolicy - None UserAccount: required: - emailAddress - id - role - state type: object properties: identity: type: string format: email id: type: string format: uuid emailAddress: type: string format: email state: $ref: "#/components/schemas/AccountState" role: $ref: "#/components/schemas/AccountRole" createdAt: type: string format: date-time workspace: $ref: "#/components/schemas/Workspace" Workspace: required: - id - mode - name type: object properties: enabled: type: boolean id: type: string format: uuid name: minLength: 1 type: string mode: $ref: "#/components/schemas/Workspace.RegistrationMode" createdAt: type: string format: date-time primaryContactId: type: string format: uuid disabledAt: type: string format: date-time nullable: true Workspace.RegistrationMode: type: string enum: - OPEN - CLOSED securitySchemes: asterisms-account: type: http description: Asterisms User Authentication scheme: bearer bearerFormat: jwt ipc-authorization: type: apiKey description: "Asterisms Inter Process Communication (IPC) Authorization. These\ \ are short lived tokens, a service would generate for a single request." name: X-IPC-AUTHORIZATION in: header