From 1335968aacfd76383547ba8056ad5b708d29b93c Mon Sep 17 00:00:00 2001 From: Toan Nguyen Date: Sun, 9 Jun 2024 11:10:11 +0700 Subject: [PATCH] introduce ndc-hydra --- .dockerignore | 4 + .env.example | 4 + .github/workflows/release.yaml | 69 + .github/workflows/test.yaml | 20 + .gitignore | 2 + Dockerfile | 5 + LICENSE | 201 + Makefile | 18 + README.md | 50 + SECURITY.md | 28 + config/config.yaml | 5 + config/schema-admin.json | 3447 +++++++++++++++++ config/schema-public.json | 1571 ++++++++ .../.hasura-connector/connector-metadata.yaml | 20 + docker-compose.yaml | 55 + schema/admin/config.yaml | 9 + schema/admin/patch-after.yaml | 116 + schema/admin/patch-before.yaml | 20 + schema/public/config.yaml | 9 + schema/public/patch-after.yaml | 131 + schema/public/patch-before.yaml | 76 + scripts/build-manifest.sh | 18 + scripts/test.sh | 45 + scripts/update-deps.sh | 14 + .../01-createOAuth2Client/expected.json | 53 + .../01-createOAuth2Client/request.json | 241 ++ .../02-patchOAuth2Client/expected.json | 56 + .../02-patchOAuth2Client/request.json | 214 + .../03-updateOAuth2Client/expected.json | 56 + .../03-updateOAuth2Client/request.json | 247 ++ .../expected.json | 50 + .../request.json | 227 ++ .../expected.json | 8 + .../05-flushInactiveOAuth2Tokens/request.json | 14 + .../06-createJsonWebKeySet/expected.json | 41 + .../06-createJsonWebKeySet/request.json | 86 + .../07-updateJsonWebKeySet/expected.json | 30 + .../07-updateJsonWebKeySet/request.json | 120 + .../08-updateJsonWebKey/expected.json | 26 + .../mutation/08-updateJsonWebKey/request.json | 105 + .../mutation/09-oauth2Token/expected.json | 14 + .../mutation/09-oauth2Token/request.json | 41 + .../10-trustJwtGrantIssuer/expected.json | 15 + .../10-trustJwtGrantIssuer/request.json | 79 + .../11-introspectOAuth2Token/expected.json | 23 + .../11-introspectOAuth2Token/request.json | 76 + .../discoverOpenIDConfiguration/expected.json | 54 + .../discoverOpenIDConfiguration/request.json | 126 + .../01-setup/query/getVersion/expected.json | 1 + .../01-setup/query/getVersion/request.json | 22 + .../query/isInstanceAlive/expected.json | 1 + .../query/isInstanceAlive/request.json | 22 + .../query/isInstanceReady/expected.json | 1 + .../query/isInstanceReady/request.json | 22 + .../listSubjectConsentSessions/expected.json | 1 + .../listSubjectConsentSessions/request.json | 342 ++ .../01-setup/query/wellKnown/expected.json | 30 + .../01-setup/query/wellKnown/request.json | 94 + .../mutation/revokeOAuth2Token/expected.json | 1 + .../mutation/revokeOAuth2Token/request.json | 16 + .../query/getJsonWebKey/expected.json | 31 + .../query/getJsonWebKey/request.json | 107 + .../query/getJsonWebKeySet/expected.json | 31 + .../query/getJsonWebKeySet/request.json | 103 + .../query/getOAuth2Client/expected.json | 53 + .../query/getOAuth2Client/request.json | 195 + .../query/listOAuth2Clients/expected.json | 55 + .../query/listOAuth2Clients/request.json | 210 + .../listTrustedJwtGrantIssuers/expected.json | 18 + .../listTrustedJwtGrantIssuers/request.json | 71 + .../01-rejectLogoutRequest/expected.json | 8 + .../01-rejectLogoutRequest/request.json | 19 + .../expected.json | 1 + .../request.json | 12 + .../03-revokeConsentSessions/expected.json | 1 + .../03-revokeConsentSessions/request.json | 14 + .../04-deleteJsonWebKey/expected.json | 1 + .../mutation/04-deleteJsonWebKey/request.json | 13 + .../05-deleteJsonWebKeySet/expected.json | 1 + .../05-deleteJsonWebKeySet/request.json | 12 + .../06-deleteOAuth2Token/expected.json | 1 + .../06-deleteOAuth2Token/request.json | 12 + .../mutation/deleteOAuth2Client/expected.json | 1 + .../mutation/deleteOAuth2Client/request.json | 12 + 84 files changed, 9474 insertions(+) create mode 100644 .dockerignore create mode 100644 .env.example create mode 100644 .github/workflows/release.yaml create mode 100644 .github/workflows/test.yaml create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.md create mode 100644 SECURITY.md create mode 100755 config/config.yaml create mode 100644 config/schema-admin.json create mode 100644 config/schema-public.json create mode 100644 connector-definition/.hasura-connector/connector-metadata.yaml create mode 100644 docker-compose.yaml create mode 100644 schema/admin/config.yaml create mode 100644 schema/admin/patch-after.yaml create mode 100644 schema/admin/patch-before.yaml create mode 100644 schema/public/config.yaml create mode 100644 schema/public/patch-after.yaml create mode 100644 schema/public/patch-before.yaml create mode 100755 scripts/build-manifest.sh create mode 100755 scripts/test.sh create mode 100755 scripts/update-deps.sh create mode 100644 testdata/01-setup/mutation/01-createOAuth2Client/expected.json create mode 100644 testdata/01-setup/mutation/01-createOAuth2Client/request.json create mode 100644 testdata/01-setup/mutation/02-patchOAuth2Client/expected.json create mode 100644 testdata/01-setup/mutation/02-patchOAuth2Client/request.json create mode 100644 testdata/01-setup/mutation/03-updateOAuth2Client/expected.json create mode 100644 testdata/01-setup/mutation/03-updateOAuth2Client/request.json create mode 100644 testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/expected.json create mode 100644 testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/request.json create mode 100644 testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/expected.json create mode 100644 testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/request.json create mode 100644 testdata/01-setup/mutation/06-createJsonWebKeySet/expected.json create mode 100644 testdata/01-setup/mutation/06-createJsonWebKeySet/request.json create mode 100644 testdata/01-setup/mutation/07-updateJsonWebKeySet/expected.json create mode 100644 testdata/01-setup/mutation/07-updateJsonWebKeySet/request.json create mode 100644 testdata/01-setup/mutation/08-updateJsonWebKey/expected.json create mode 100644 testdata/01-setup/mutation/08-updateJsonWebKey/request.json create mode 100644 testdata/01-setup/mutation/09-oauth2Token/expected.json create mode 100644 testdata/01-setup/mutation/09-oauth2Token/request.json create mode 100644 testdata/01-setup/mutation/10-trustJwtGrantIssuer/expected.json create mode 100644 testdata/01-setup/mutation/10-trustJwtGrantIssuer/request.json create mode 100644 testdata/01-setup/mutation/11-introspectOAuth2Token/expected.json create mode 100644 testdata/01-setup/mutation/11-introspectOAuth2Token/request.json create mode 100644 testdata/01-setup/query/discoverOpenIDConfiguration/expected.json create mode 100644 testdata/01-setup/query/discoverOpenIDConfiguration/request.json create mode 100644 testdata/01-setup/query/getVersion/expected.json create mode 100644 testdata/01-setup/query/getVersion/request.json create mode 100644 testdata/01-setup/query/isInstanceAlive/expected.json create mode 100644 testdata/01-setup/query/isInstanceAlive/request.json create mode 100644 testdata/01-setup/query/isInstanceReady/expected.json create mode 100644 testdata/01-setup/query/isInstanceReady/request.json create mode 100644 testdata/01-setup/query/listSubjectConsentSessions/expected.json create mode 100644 testdata/01-setup/query/listSubjectConsentSessions/request.json create mode 100644 testdata/01-setup/query/wellKnown/expected.json create mode 100644 testdata/01-setup/query/wellKnown/request.json create mode 100644 testdata/02-getData/mutation/revokeOAuth2Token/expected.json create mode 100644 testdata/02-getData/mutation/revokeOAuth2Token/request.json create mode 100644 testdata/02-getData/query/getJsonWebKey/expected.json create mode 100644 testdata/02-getData/query/getJsonWebKey/request.json create mode 100644 testdata/02-getData/query/getJsonWebKeySet/expected.json create mode 100644 testdata/02-getData/query/getJsonWebKeySet/request.json create mode 100644 testdata/02-getData/query/getOAuth2Client/expected.json create mode 100644 testdata/02-getData/query/getOAuth2Client/request.json create mode 100644 testdata/02-getData/query/listOAuth2Clients/expected.json create mode 100644 testdata/02-getData/query/listOAuth2Clients/request.json create mode 100644 testdata/02-getData/query/listTrustedJwtGrantIssuers/expected.json create mode 100644 testdata/02-getData/query/listTrustedJwtGrantIssuers/request.json create mode 100644 testdata/03-cleanup/mutation/01-rejectLogoutRequest/expected.json create mode 100644 testdata/03-cleanup/mutation/01-rejectLogoutRequest/request.json create mode 100644 testdata/03-cleanup/mutation/02-revokeAuthenticationSession/expected.json create mode 100644 testdata/03-cleanup/mutation/02-revokeAuthenticationSession/request.json create mode 100644 testdata/03-cleanup/mutation/03-revokeConsentSessions/expected.json create mode 100644 testdata/03-cleanup/mutation/03-revokeConsentSessions/request.json create mode 100644 testdata/03-cleanup/mutation/04-deleteJsonWebKey/expected.json create mode 100644 testdata/03-cleanup/mutation/04-deleteJsonWebKey/request.json create mode 100644 testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/expected.json create mode 100644 testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/request.json create mode 100644 testdata/03-cleanup/mutation/06-deleteOAuth2Token/expected.json create mode 100644 testdata/03-cleanup/mutation/06-deleteOAuth2Token/request.json create mode 100644 testdata/03-cleanup/mutation/deleteOAuth2Client/expected.json create mode 100644 testdata/03-cleanup/mutation/deleteOAuth2Client/request.json diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..4672f19 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +.hasura-connector/ +*.hml +.github/ +assets/ \ No newline at end of file diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..2778610 --- /dev/null +++ b/.env.example @@ -0,0 +1,4 @@ +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgrespassword +POSTGRES_DB=postgres +SECRETS_SYSTEM=hydrarandomsecret \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..8e98ace --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,69 @@ +name: Release container definition +on: + push: + tags: + - "*" + +env: + DOCKER_REGISTRY: ghcr.io + DOCKER_IMAGE_NAME: hasura/ndc-hydra + +jobs: + tests: + uses: ./.github/workflows/test.yaml + + release-image: + name: Release ndc-hydra image + runs-on: ubuntu-latest + needs: [tests] + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Get version from tag + id: get-version + run: | + if [[ "$GITHUB_REF_TYPE" == 'tag' ]]; then + echo "tagged_version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + else + echo "tagged_version=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT + fi + shell: bash + + - name: Extract metadata (tags, labels) for Docker + id: docker-metadata + uses: docker/metadata-action@v5 + with: + images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + tags: ${{ steps.docker-metadata.outputs.tags }} + labels: ${{ steps.docker-metadata.outputs.labels }} + + - name: Build connector definition + run: | + ./scripts/build-manifest.sh + env: + VERSION: ${{ steps.get-version.outputs.tagged_version }} + + - name: create a draft release + uses: ncipollo/release-action@v1 + with: + draft: true + tag: ${{ steps.get-version.outputs.tagged_version }} + artifacts: release/* diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..f933928 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,20 @@ +name: Unit tests + +on: + workflow_call: + push: + +jobs: + test: + name: Run tests + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run Test + run: scripts/test.sh + + - name: Dump docker logs on failure + if: failure() + uses: jwalton/gh-docker-logs@v2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..69d3dd8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.env +tmp/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2774a09 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM ghcr.io/hasura/ndc-rest:v0.2.0 + +ENV HASURA_CONFIGURATION_DIRECTORY /etc/connector + +COPY ./config /etc/connector diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f49a4e1 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..82fa29b --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +NDC_REST_VERSION ?= v0.2.0 +ORY_HYDRA_VERSION ?= v1.11.10 +UID ?= $(shell id -u) +GID ?= $(shell id -g) + +.PHONY: build-schema +build-schema: + go install github.com/hasura/ndc-rest-schema@$(NDC_REST_VERSION) + ndc-rest-schema convert \ + -c schema/public/config.yaml \ + -o config/schema-public.json + ndc-rest-schema convert \ + -c schema/admin/config.yaml \ + -o config/schema-admin.json + +.PHONY: update-deps +update-deps: + VERSION=$(NDC_REST_VERSION) ORY_HYDRA_VERSION=$(ORY_HYDRA_VERSION) scripts/update-deps.sh \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..2c3014a --- /dev/null +++ b/README.md @@ -0,0 +1,50 @@ +# Ory Hydra Connector + +Ory Hydra connector provides instant queries and mutations to request Ory Hydra API resources. + +This connector is built upon the [NDC Rest](https://github.com/hasura/ndc-rest) with [Ory Hydra's REST API Specification](https://raw.githubusercontent.com/ory/hydra/v1.11.10/spec/swagger.json). + +> [!NOTE] +> THe connector `v0.x` supports Hydra v1 API spec. Use `v1.x` or above if you want to use Hydra v2. + +## Environment Variables + +| Name | Description | Default Value | +| ------------------------------ | ------------------------------------------------------------- | --------------------- | +| HYDRA_PUBLIC_SERVER_URL | Public Hydra server URL | http://localhost:4444 | +| HYDRA_ADMIN_SERVER_URL | Admin Hydra server URL | http://localhost:4445 | +| HYDRA_PUBLIC_BASIC_TOKEN | Basic token for public Hydra server | | +| HYDRA_PUBLIC_TIMEOUT | Default request timeout for public APIs in seconds | 30 | +| HYDRA_PUBLIC_RETRY_TIMES | Number of retry times for public APIs | 0 | +| HYDRA_PUBLIC_RETRY_DELAY | Delay time between each retry in milliseconds for public APIs | 1000 | +| HYDRA_PUBLIC_RETRY_HTTP_STATUS | Retry on HTTP status for public APIs | 429, 500, 502, 503 | +| HYDRA_ADMIN_TIMEOUT | Default request timeout in seconds for admin APIs | 30 | +| HYDRA_ADMIN_RETRY_TIMES | Number of retry times for admin APIs | 0 | +| HYDRA_ADMIN_RETRY_DELAY | Delay time between each retry in milliseconds for admin APIs | 1000 | +| HYDRA_ADMIN_RETRY_HTTP_STATUS | Retry on HTTP status for admin APIs | 429, 500, 502, 503 | + +## Development + +### Local Development + +Copy `.env.example` to `.env` and start Docker Compose: + +```sh +docker-compose up -d --build +``` + +The connector serves the HTTP service at `http://localhost:8080`. + +### Update dependencies + +```sh +NDC_REST_VERSION=\ make update-deps +``` + +### Update schema + +Update `VERSION` in [Makefile](./Makefile) and run: + +```sh +make build-schema +``` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..cfba2b6 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,28 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| -------- | ------------------ | +| >= 0.1.0 | :white_check_mark: | + +## Reporting a Vulnerability + +We’re extremely grateful for security researchers and users who report vulnerabilities to the community. +All reports are thoroughly investigated by a set of community volunteers. + +### When Should I Report a Vulnerability? + +- You think you have discovered a potential security vulnerability in the NDC Hydra or related components. +- You are unsure how a vulnerability affects the SDK. +- You think you discovered a vulnerability in another project that connector depends on (e.g. Docker, etc). +- You want to report any other security risk that could potentially harm connector users. + +### When Should I NOT Report a Vulnerability? + +- You need help applying security-related updates. +- Your issue is not security-related. + +### Security Vulnerability Response + +Each report is acknowledged and analyzed by the project's maintainers. New pull requests are welcome too. diff --git a/config/config.yaml b/config/config.yaml new file mode 100755 index 0000000..32f4c09 --- /dev/null +++ b/config/config.yaml @@ -0,0 +1,5 @@ +files: + - file: schema-admin.json + spec: ndc + - file: schema-public.json + spec: ndc diff --git a/config/schema-admin.json b/config/schema-admin.json new file mode 100644 index 0000000..5321e1e --- /dev/null +++ b/config/schema-admin.json @@ -0,0 +1,3447 @@ +{ + "settings": { + "servers": [ + { + "url": "{{HYDRA_ADMIN_SERVER_URL:-http://localhost:4445}}" + } + ], + "timeout": "{{HYDRA_ADMIN_TIMEOUT}}", + "retry": { + "times": "{{HYDRA_ADMIN_RETRY_TIMES}}", + "delay": "{{HYDRA_ADMIN_RETRY_DELAY}}", + "httpStatus": "{{HYDRA_ADMIN_RETRY_HTTP_STATUS}}" + }, + "version": "latest" + }, + "collections": [], + "functions": [ + { + "request": { + "url": "/clients", + "method": "get", + "parameters": [ + { + "name": "limit", + "in": "query", + "schema": { + "type": "Int64", + "nullable": true + } + }, + { + "name": "offset", + "in": "query", + "schema": { + "type": "Int64", + "nullable": true + } + }, + { + "name": "client_name", + "in": "query", + "schema": { + "type": "String", + "nullable": true + } + }, + { + "name": "owner", + "in": "query", + "schema": { + "type": "String", + "nullable": true + } + } + ] + }, + "arguments": { + "client_name": { + "description": "The name of the clients to filter by.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "limit": { + "description": "The maximum amount of clients to returned, upper bound is 500 clients.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "offset": { + "description": "The offset from where to start looking.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "owner": { + "description": "The owner of the clients to filter by.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + }, + "description": "List OAuth 2.0 Clients", + "name": "listOAuth2Clients", + "result_type": { + "element_type": { + "name": "OAuth2Client", + "type": "named" + }, + "type": "array" + } + }, + { + "request": { + "url": "/clients/{id}", + "method": "get", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Get an OAuth 2.0 Client", + "name": "getOAuth2Client", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/health/alive", + "method": "get" + }, + "arguments": {}, + "description": "Check Alive Status", + "name": "isInstanceAlive", + "result_type": { + "name": "HealthStatus", + "type": "named" + } + }, + { + "request": { + "url": "/keys/{set}", + "method": "get", + "parameters": [ + { + "name": "set", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "set": { + "description": "The set", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Retrieve a JSON Web Key Set", + "name": "getJsonWebKeySet", + "result_type": { + "name": "JSONWebKeySet", + "type": "named" + } + }, + { + "request": { + "url": "/keys/{set}/{kid}", + "method": "get", + "parameters": [ + { + "name": "kid", + "in": "path", + "schema": { + "type": "String" + } + }, + { + "name": "set", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "kid": { + "description": "The kid of the desired key", + "type": { + "name": "String", + "type": "named" + } + }, + "set": { + "description": "The set", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Fetch a JSON Web Key", + "name": "getJsonWebKey", + "result_type": { + "name": "JSONWebKeySet", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/consent", + "method": "get", + "parameters": [ + { + "name": "consent_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "consent_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Get Consent Request Information", + "name": "getConsentRequest", + "result_type": { + "name": "ConsentRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/login", + "method": "get", + "parameters": [ + { + "name": "login_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "login_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Get a Login Request", + "name": "getLoginRequest", + "result_type": { + "name": "LoginRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/logout", + "method": "get", + "parameters": [ + { + "name": "logout_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "logout_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Get a Logout Request", + "name": "getLogoutRequest", + "result_type": { + "name": "LogoutRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/sessions/consent", + "method": "get", + "parameters": [ + { + "name": "subject", + "in": "query", + "schema": { + "type": "String" + } + }, + { + "name": "limit", + "in": "query", + "schema": { + "type": "Int64", + "nullable": true + } + }, + { + "name": "offset", + "in": "query", + "schema": { + "type": "Int64", + "nullable": true + } + } + ] + }, + "arguments": { + "limit": { + "description": "The maximum amount of consent sessions to be returned, upper bound is 500 sessions.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "offset": { + "description": "The offset from where to start looking.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "subject": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Lists All Consent Sessions of a Subject", + "name": "listSubjectConsentSessions", + "result_type": { + "element_type": { + "name": "PreviousConsentSession", + "type": "named" + }, + "type": "array" + } + }, + { + "request": { + "url": "/trust/grants/jwt-bearer/issuers", + "method": "get", + "parameters": [ + { + "name": "issuer", + "in": "query", + "schema": { + "type": "String", + "nullable": true + } + }, + { + "name": "limit", + "in": "query", + "schema": { + "type": "Int64", + "nullable": true + } + }, + { + "name": "offset", + "in": "query", + "schema": { + "type": "Int64", + "nullable": true + } + } + ] + }, + "arguments": { + "issuer": { + "description": "If optional \"issuer\" is supplied, only jwt-bearer grants with this issuer will be returned.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "limit": { + "description": "The maximum amount of policies returned, upper bound is 500 policies", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "offset": { + "description": "The offset from where to start looking.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + } + }, + "description": "List Trusted OAuth2 JWT Bearer Grant Type Issuers", + "name": "listTrustedJwtGrantIssuers", + "result_type": { + "element_type": { + "name": "TrustedJwtGrantIssuer", + "type": "named" + }, + "type": "array" + } + }, + { + "request": { + "url": "/trust/grants/jwt-bearer/issuers/{id}", + "method": "get", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "id": { + "description": "The id of the desired grant", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Get a Trusted OAuth2 JWT Bearer Grant Type Issuer", + "name": "getTrustedJwtGrantIssuer", + "result_type": { + "name": "TrustedJwtGrantIssuer", + "type": "named" + } + }, + { + "request": { + "url": "/version", + "method": "get" + }, + "arguments": {}, + "description": "Get Service Version", + "name": "getVersion", + "result_type": { + "name": "Version", + "type": "named" + } + } + ], + "object_types": { + "AcceptConsentRequest": { + "fields": { + "grant_access_token_audience": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "grant_scope": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "handled_at": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "remember": { + "description": "Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same\nclient asks the same user for the same, or a subset of, scope.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "remember_for": { + "description": "RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the\nauthorization will be remembered indefinitely.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "session": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "ConsentRequestSession", + "type": "named" + } + } + } + } + }, + "AcceptLoginRequest": { + "fields": { + "acr": { + "description": "ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it\nto express that, for example, a user authenticated using two factor authentication.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "amr": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "context": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSONRawMessage", + "type": "named" + } + } + }, + "force_subject_identifier": { + "description": "ForceSubjectIdentifier forces the \"pairwise\" user ID of the end-user that authenticated. The \"pairwise\" user ID refers to the\n(Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID\nConnect specification. It allows you to set an obfuscated subject (\"user\") identifier that is unique to the client.\n\nPlease note that this changes the user ID on endpoint /userinfo and sub claim of the ID Token. It does not change the\nsub claim in the OAuth 2.0 Introspection.\n\nPer default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself\nyou can use this field. Please note that setting this field has no effect if `pairwise` is not configured in\nORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client's\nconfiguration).\n\nPlease also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies\nthat you have to compute this value on every authentication process (probably depending on the client ID or some\nother unique value).\n\nIf you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "remember": { + "description": "Remember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store\na cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she\nwill not be asked to log in again.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "remember_for": { + "description": "RememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the\nauthorization will be remembered for the duration of the browser session (using a session cookie).", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "subject": { + "description": "Subject is the user ID of the end-user that authenticated.", + "type": { + "name": "String", + "type": "named" + } + } + } + }, + "CompletedRequest": { + "fields": { + "redirect_to": { + "description": "RedirectURL is the URL which you should redirect the user to once the authentication process is completed.", + "type": { + "name": "String", + "type": "named" + } + } + } + }, + "ConsentRequest": { + "fields": { + "acr": { + "description": "ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it\nto express that, for example, a user authenticated using two factor authentication.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "amr": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "challenge": { + "description": "ID is the identifier (\"authorization challenge\") of the consent authorization request. It is used to\nidentify the session.", + "type": { + "name": "String", + "type": "named" + } + }, + "client": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2Client", + "type": "named" + } + } + }, + "context": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSONRawMessage", + "type": "named" + } + } + }, + "login_challenge": { + "description": "LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate\na login and consent request in the login \u0026 consent app.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "login_session_id": { + "description": "LoginSessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag)\nthis ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false)\nthis will be a new random value. This value is used as the \"sid\" parameter in the ID Token and in OIDC Front-/Back-\nchannel logout. It's value can generally be used to associate consecutive login requests by a certain user.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "oidc_context": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "OpenIDConnectContext", + "type": "named" + } + } + }, + "request_url": { + "description": "RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which\ninitiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but\nmight come in handy if you want to deal with additional request parameters.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "requested_access_token_audience": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "requested_scope": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "skip": { + "description": "Skip, if true, implies that the client has requested the same scopes from the same user previously.\nIf true, you must not ask the user to grant the requested scopes. You must however either allow or deny the\nconsent request using the usual API call.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "subject": { + "description": "Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope\nrequested by the OAuth 2.0 client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "ConsentRequestSession": { + "fields": { + "access_token": { + "description": "AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the\nrefresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.\nIf only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties\ncan access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!", + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSON", + "type": "named" + } + } + }, + "id_token": { + "description": "IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable\nby anyone that has access to the ID Challenge. Use with care!", + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSON", + "type": "named" + } + } + } + } + }, + "FlushInactiveOAuth2TokensRequest": { + "fields": { + "notAfter": { + "description": "NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history\nof recently issued tokens for auditing.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + } + } + }, + "HealthStatus": { + "fields": { + "status": { + "description": "Status always contains \"ok\".", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "IntrospectOAuth2TokenBody": { + "fields": { + "scope": { + "description": "An optional, space separated list of required scopes. If the access token was not granted one of the\nscopes, the result of active will be false.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "token": { + "description": "The string value of the token. For access tokens, this\nis the \"access_token\" value returned from the token endpoint\ndefined in OAuth 2.0. For refresh tokens, this is the \"refresh_token\"\nvalue returned.", + "type": { + "name": "String", + "type": "named" + } + } + } + }, + "JSONWebKey": { + "description": "It is important that this model object is named JSONWebKey for\n\"swagger generate spec\" to generate only on definition of a\nJSONWebKey.", + "fields": { + "alg": { + "description": "The \"alg\" (algorithm) parameter identifies the algorithm intended for\nuse with the key. The values used should either be registered in the\nIANA \"JSON Web Signature and Encryption Algorithms\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name.", + "type": { + "name": "JsonWebKeyAlgorithm", + "type": "named" + } + }, + "crv": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "d": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "dp": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "dq": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "e": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "k": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "kid": { + "description": "The \"kid\" (key ID) parameter is used to match a specific key. This\nis used, for instance, to choose among a set of keys within a JWK Set\nduring key rollover. The structure of the \"kid\" value is\nunspecified. When \"kid\" values are used within a JWK Set, different\nkeys within the JWK Set SHOULD use distinct \"kid\" values. (One\nexample in which different keys might use the same \"kid\" value is if\nthey have different \"kty\" (key type) values but are considered to be\nequivalent alternatives by the application using them.) The \"kid\"\nvalue is a case-sensitive string.", + "type": { + "name": "String", + "type": "named" + } + }, + "kty": { + "description": "The \"kty\" (key type) parameter identifies the cryptographic algorithm\nfamily used with the key, such as \"RSA\" or \"EC\". \"kty\" values should\neither be registered in the IANA \"JSON Web Key Types\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name. The \"kty\" value is a case-sensitive string.", + "type": { + "name": "String", + "type": "named" + } + }, + "n": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "p": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "q": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "qi": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "use": { + "description": "Use (\"public key use\") identifies the intended use of\nthe public key. The \"use\" parameter is employed to indicate whether\na public key is used for encrypting data or verifying the signature\non data. Values are commonly \"sig\" (signature) or \"enc\" (encryption).", + "type": { + "name": "String", + "type": "named" + } + }, + "x": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "x5c": { + "description": "The \"x5c\" (X.509 certificate chain) parameter contains a chain of one\nor more PKIX certificates [RFC5280]. The certificate chain is\nrepresented as a JSON array of certificate value strings. Each\nstring in the array is a base64-encoded (Section 4 of [RFC4648] --\nnot base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.\nThe PKIX certificate containing the key value MUST be the first\ncertificate.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "y": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "JSONWebKeySet": { + "description": "It is important that this model object is named JSONWebKeySet for\n\"swagger generate spec\" to generate only on definition of a\nJSONWebKeySet. Since one with the same name is previously defined as\nclient.Client.JSONWebKeys and this one is last, this one will be\neffectively written in the swagger spec.", + "fields": { + "keys": { + "description": "The value of the \"keys\" parameter is an array of JWK values. By\ndefault, the order of the JWK values within the array does not imply\nan order of preference among them, although applications of JWK Sets\ncan choose to assign a meaning to the order for their purposes, if\ndesired.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "JSONWebKey", + "type": "named" + }, + "type": "array" + } + } + } + } + }, + "JsonWebKeySetGeneratorRequest": { + "fields": { + "alg": { + "description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES256\", \"ES512\", \"HS512\", and \"HS256\"", + "type": { + "name": "JsonWebKeyAlgorithm", + "type": "named" + } + }, + "kid": { + "description": "The kid of the key to be created", + "type": { + "name": "String", + "type": "named" + } + }, + "use": { + "description": "The \"use\" (public key use) parameter identifies the intended use of\nthe public key. The \"use\" parameter is employed to indicate whether\na public key is used for encrypting data or verifying the signature\non data. Valid values are \"enc\" and \"sig\".", + "type": { + "name": "String", + "type": "named" + } + } + } + }, + "LoginRequest": { + "fields": { + "challenge": { + "description": "ID is the identifier (\"login challenge\") of the login request. It is used to\nidentify the session.", + "type": { + "name": "String", + "type": "named" + } + }, + "client": { + "type": { + "name": "OAuth2Client", + "type": "named" + } + }, + "oidc_context": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "OpenIDConnectContext", + "type": "named" + } + } + }, + "request_url": { + "description": "RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which\ninitiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but\nmight come in handy if you want to deal with additional request parameters.", + "type": { + "name": "String", + "type": "named" + } + }, + "requested_access_token_audience": { + "type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + }, + "requested_scope": { + "type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + }, + "session_id": { + "description": "SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag)\nthis ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false)\nthis will be a new random value. This value is used as the \"sid\" parameter in the ID Token and in OIDC Front-/Back-\nchannel logout. It's value can generally be used to associate consecutive login requests by a certain user.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "skip": { + "description": "Skip, if true, implies that the client has requested the same scopes from the same user previously.\nIf true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.\n\nThis feature allows you to update / set session information.", + "type": { + "name": "Boolean", + "type": "named" + } + }, + "subject": { + "description": "Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope\nrequested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type\nwhen accepting the login request, or the request will fail.", + "type": { + "name": "String", + "type": "named" + } + } + } + }, + "LogoutRequest": { + "fields": { + "challenge": { + "description": "Challenge is the identifier (\"logout challenge\") of the logout authentication request. It is used to\nidentify the session.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2Client", + "type": "named" + } + } + }, + "request_url": { + "description": "RequestURL is the original Logout URL requested.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "rp_initiated": { + "description": "RPInitiated is set to true if the request was initiated by a Relying Party (RP), also known as an OAuth 2.0 Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "sid": { + "description": "SessionID is the login session ID that was requested to log out.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "subject": { + "description": "Subject is the user for whom the logout was request.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "OAuth2Client": { + "fields": { + "allowed_cors_origins": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "audience": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "authorization_code_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "authorization_code_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "authorization_code_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "backchannel_logout_session_required": { + "description": "Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout\nToken to identify the RP session with the OP when the backchannel_logout_uri is used.\nIf omitted, the default value is false.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "backchannel_logout_uri": { + "description": "RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_credentials_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_id": { + "description": "ID is the id for this client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_name": { + "description": "Name is the human-readable string name of the client to be presented to the\nend-user during authorization.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_secret": { + "description": "Secret is the client's secret. The secret will be included in the create request as cleartext, and then\nnever again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users\nthat they need to write the secret down as it will not be made available again.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_secret_expires_at": { + "description": "SecretExpiresAt is an integer holding the time at which the client\nsecret will expire or 0 if it will not expire. The time is\nrepresented as the number of seconds from 1970-01-01T00:00:00Z as\nmeasured in UTC until the date/time of expiration.\n\nThis feature is currently not supported and it's value will always\nbe set to 0.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "client_uri": { + "description": "ClientURI is an URL string of a web page providing information about the client.\nIf present, the server SHOULD display this URL to the end-user in\na clickable fashion.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "contacts": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "created_at": { + "description": "CreatedAt returns the timestamp of the client's creation.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "frontchannel_logout_session_required": { + "description": "Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be\nincluded to identify the RP session with the OP when the frontchannel_logout_uri is used.\nIf omitted, the default value is false.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "frontchannel_logout_uri": { + "description": "RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query\nparameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the\nrequest and to determine which of the potentially multiple sessions is to be logged out; if either is\nincluded, both MUST be.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "grant_types": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2GrantType", + "type": "named" + }, + "type": "array" + } + } + }, + "implicit_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "implicit_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "jwks": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JoseJSONWebKeySet", + "type": "named" + } + } + }, + "jwks_uri": { + "description": "URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains\nthe signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the\nClient's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing\nand encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced\nJWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both\nsignatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used\nto provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST\nmatch those in the certificate.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "jwt_bearer_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "logo_uri": { + "description": "LogoURI is an URL string that references a logo for the client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "metadata": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSONRawMessage", + "type": "named" + } + } + }, + "owner": { + "description": "Owner is a string identifying the owner of the OAuth 2.0 Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "password_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "password_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "policy_uri": { + "description": "PolicyURI is a URL string that points to a human-readable privacy policy document\nthat describes how the deployment organization collects, uses,\nretains, and discloses personal data.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "post_logout_redirect_uris": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "redirect_uris": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "refresh_token_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "registration_access_token": { + "description": "RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "registration_client_uri": { + "description": "RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "request_object_signing_alg": { + "description": "JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects\nfrom this Client MUST be rejected, if not signed with this algorithm.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + } + } + }, + "request_uris": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "response_types": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2ResponseType", + "type": "named" + }, + "type": "array" + } + } + }, + "scope": { + "description": "Scope is a string containing a space-separated list of scope values (as\ndescribed in Section 3.3 of OAuth 2.0 [RFC6749]) that the client\ncan use when requesting access tokens.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2Scope", + "type": "named" + } + } + }, + "sector_identifier_uri": { + "description": "URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a\nfile with a single JSON array of redirect_uri values.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "subject_type": { + "description": "SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a\nlist of the supported subject_type values for this server. Valid types include `pairwise` and `public`.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OpenIDConnectSubjectType", + "type": "named" + } + } + }, + "token_endpoint_auth_method": { + "description": "Requested Client Authentication method for the Token Endpoint. The options are client_secret_post,\nclient_secret_basic, private_key_jwt, and none.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TokenEndpointAuthMethod", + "type": "named" + } + } + }, + "token_endpoint_auth_signing_alg": { + "description": "Requested Client Authentication signing algorithm for the Token Endpoint.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + } + } + }, + "tos_uri": { + "description": "TermsOfServiceURI is a URL string that points to a human-readable terms of service\ndocument for the client that describes a contractual relationship\nbetween the end-user and the client that the end-user accepts when\nauthorizing the client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "updated_at": { + "description": "UpdatedAt returns the timestamp of the last update.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "userinfo_signed_response_alg": { + "description": "JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT\n[JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims\nas a UTF-8 encoded JSON object using the application/json content-type.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + } + } + } + } + }, + "OAuth2TokenIntrospection": { + "description": "https://tools.ietf.org/html/rfc7662", + "fields": { + "active": { + "description": "Active is a boolean indicator of whether or not the presented token\nis currently active. The specifics of a token's \"active\" state\nwill vary depending on the implementation of the authorization\nserver and the information it keeps about its tokens, but a \"true\"\nvalue return for the \"active\" property will generally indicate\nthat a given token has been issued by this authorization server,\nhas not been revoked by the resource owner, and is within its\ngiven time window of validity (e.g., after its issuance time and\nbefore its expiration time).", + "type": { + "name": "Boolean", + "type": "named" + } + }, + "aud": { + "description": "Audience contains a list of the token's intended audiences.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "client_id": { + "description": "ID is aclient identifier for the OAuth 2.0 client that\nrequested this token.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "exp": { + "description": "Expires at is an integer timestamp, measured in the number of seconds\nsince January 1 1970 UTC, indicating when this token will expire.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "ext": { + "description": "Extra is arbitrary data set by the session.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSON", + "type": "named" + } + } + }, + "iat": { + "description": "Issued at is an integer timestamp, measured in the number of seconds\nsince January 1 1970 UTC, indicating when this token was\noriginally issued.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "iss": { + "description": "IssuerURL is a string representing the issuer of this token", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "nbf": { + "description": "NotBefore is an integer timestamp, measured in the number of seconds\nsince January 1 1970 UTC, indicating when this token is not to be\nused before.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "obfuscated_subject": { + "description": "ObfuscatedSubject is set when the subject identifier algorithm was set to \"pairwise\" during authorization.\nIt is the `sub` value of the ID Token that was issued.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "scope": { + "description": "Scope is a JSON string containing a space-separated list of\nscopes associated with this token.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "sub": { + "description": "Subject of the token, as defined in JWT [RFC7519].\nUsually a machine-readable identifier of the resource owner who\nauthorized this token.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "token_type": { + "description": "TokenType is the introspected token's type, typically `Bearer`.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "token_use": { + "description": "TokenUse is the introspected token's use, for example `access_token` or `refresh_token`.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "username": { + "description": "Username is a human-readable identifier for the resource owner who\nauthorized this token.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "OpenIDConnectContext": { + "fields": { + "acr_values": { + "description": "ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request.\nIt is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.\n\nOpenID Connect defines it as follows:\n\u003e Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values\nthat the Authorization Server is being requested to use for processing this Authentication Request, with the\nvalues appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication\nperformed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a\nVoluntary Claim by this parameter.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "display": { + "description": "Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User.\nThe defined values are:\npage: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode.\npopup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over.\ntouch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface.\nwap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \"feature phone\" type display.\n\nThe Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "id_token_hint_claims": { + "description": "IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the\nEnd-User's current or past authenticated session with the Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSON", + "type": "named" + } + } + }, + "login_hint": { + "description": "LoginHint hints about the login identifier the End-User might use to log in (if necessary).\nThis hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier)\nand then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a\nphone number in the format specified for the phone_number Claim. The use of this parameter is optional.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "ui_locales": { + "description": "UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a\nspace-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value\n\"fr-CA fr en\" represents a preference for French as spoken in Canada, then French (without a region designation),\nfollowed by English (without a region designation). An error SHOULD NOT result if some or all of the requested\nlocales are not supported by the OpenID Provider.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + } + } + }, + "PatchDocument": { + "description": "A JSONPatch document as defined by RFC 6902", + "fields": { + "from": { + "description": "A JSON-pointer", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "op": { + "description": "The operation to be performed", + "type": { + "name": "String", + "type": "named" + } + }, + "path": { + "description": "A JSON-pointer", + "type": { + "name": "String", + "type": "named" + } + }, + "value": { + "description": "The value to be used within the operations", + "type": { + "type": "nullable", + "underlying_type": { + "name": "PatchDocumentValue", + "type": "named" + } + } + } + } + }, + "PreviousConsentSession": { + "description": "The response used to return used consent requests\nsame as HandledLoginRequest, just with consent_request exposed as json", + "fields": { + "consent_request": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "ConsentRequest", + "type": "named" + } + } + }, + "grant_access_token_audience": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "grant_scope": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "handled_at": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "remember": { + "description": "Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same\nclient asks the same user for the same, or a subset of, scope.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "remember_for": { + "description": "RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the\nauthorization will be remembered indefinitely.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "session": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "ConsentRequestSession", + "type": "named" + } + } + } + } + }, + "RejectRequest": { + "fields": { + "error": { + "description": "The error should follow the OAuth2 error format (e.g. `invalid_request`, `login_required`).\n\nDefaults to `request_denied`.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "error_debug": { + "description": "Debug contains information to help resolve the problem as a developer. Usually not exposed\nto the public but only in the server logs.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "error_description": { + "description": "Description of the error in a human readable format.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "error_hint": { + "description": "Hint to help resolve the error.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "status_code": { + "description": "Represents the HTTP status code of the error (e.g. 401 or 403)\n\nDefaults to 400", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + } + } + }, + "TrustJwtGrantIssuerBody": { + "fields": { + "allow_any_subject": { + "description": "The \"allow_any_subject\" indicates that the issuer is allowed to have any principal as the subject of the JWT.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "expires_at": { + "description": "The \"expires_at\" indicates, when grant will expire, so we will reject assertion from \"issuer\" targeting \"subject\".", + "type": { + "name": "TimestampTZ", + "type": "named" + } + }, + "issuer": { + "description": "The \"issuer\" identifies the principal that issued the JWT assertion (same as \"iss\" claim in JWT).", + "type": { + "name": "String", + "type": "named" + } + }, + "jwk": { + "type": { + "name": "JSONWebKey", + "type": "named" + } + }, + "scope": { + "description": "The \"scope\" contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])", + "type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + }, + "subject": { + "description": "The \"subject\" identifies the principal that is the subject of the JWT.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "TrustedJsonWebKey": { + "fields": { + "kid": { + "description": "The \"key_id\" is key unique identifier (same as kid header in jws/jwt).", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "set": { + "description": "The \"set\" is basically a name for a group(set) of keys. Will be the same as \"issuer\" in grant.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "TrustedJwtGrantIssuer": { + "fields": { + "allow_any_subject": { + "description": "The \"allow_any_subject\" indicates that the issuer is allowed to have any principal as the subject of the JWT.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "created_at": { + "description": "The \"created_at\" indicates, when grant was created.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "expires_at": { + "description": "The \"expires_at\" indicates, when grant will expire, so we will reject assertion from \"issuer\" targeting \"subject\".", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "id": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "issuer": { + "description": "The \"issuer\" identifies the principal that issued the JWT assertion (same as \"iss\" claim in JWT).", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "public_key": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "TrustedJsonWebKey", + "type": "named" + } + } + }, + "scope": { + "description": "The \"scope\" contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "subject": { + "description": "The \"subject\" identifies the principal that is the subject of the JWT.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "UpdateOAuth2ClientLifespans": { + "description": "The OIDC Hybrid grant type inherits token lifespan configuration from the implicit grant.", + "fields": { + "authorization_code_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "authorization_code_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "authorization_code_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_credentials_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "implicit_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "implicit_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "jwt_bearer_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "password_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "password_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "Version": { + "fields": { + "version": { + "description": "Version is the service's version.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + } + }, + "procedures": [ + { + "request": { + "url": "/clients", + "method": "post", + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "OAuth2Client" + } + } + }, + "arguments": { + "body": { + "type": { + "name": "OAuth2Client", + "type": "named" + } + } + }, + "description": "Create an OAuth 2.0 Client", + "name": "createOAuth2Client", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/clients/{id}", + "method": "put", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "OAuth2Client" + } + } + }, + "arguments": { + "body": { + "type": { + "name": "OAuth2Client", + "type": "named" + } + }, + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Update an OAuth 2.0 Client", + "name": "updateOAuth2Client", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/clients/{id}", + "method": "patch", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "array" + } + } + }, + "arguments": { + "body": { + "type": { + "element_type": { + "name": "PatchDocument", + "type": "named" + }, + "type": "array" + } + }, + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Patch an OAuth 2.0 Client", + "name": "patchOAuth2Client", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/clients/{id}", + "method": "delete", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Deletes an OAuth 2.0 Client", + "name": "deleteOAuth2Client", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/clients/{id}/lifespans", + "method": "put", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "UpdateOAuth2ClientLifespans", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "UpdateOAuth2ClientLifespans", + "type": "named" + } + } + }, + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "name": "UpdateOAuth2ClientLifespans", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/keys/{set}", + "method": "post", + "parameters": [ + { + "name": "set", + "in": "path", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "JsonWebKeySetGeneratorRequest", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JsonWebKeySetGeneratorRequest", + "type": "named" + } + } + }, + "set": { + "description": "The set", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Generate a New JSON Web Key", + "name": "createJsonWebKeySet", + "result_type": { + "name": "JSONWebKeySet", + "type": "named" + } + }, + { + "request": { + "url": "/keys/{set}", + "method": "put", + "parameters": [ + { + "name": "set", + "in": "path", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "JSONWebKeySet", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSONWebKeySet", + "type": "named" + } + } + }, + "set": { + "description": "The set", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Update a JSON Web Key Set", + "name": "updateJsonWebKeySet", + "result_type": { + "name": "JSONWebKeySet", + "type": "named" + } + }, + { + "request": { + "url": "/keys/{set}", + "method": "delete", + "parameters": [ + { + "name": "set", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "set": { + "description": "The set", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Delete a JSON Web Key Set", + "name": "deleteJsonWebKeySet", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/keys/{set}/{kid}", + "method": "put", + "parameters": [ + { + "name": "kid", + "in": "path", + "schema": { + "type": "String" + } + }, + { + "name": "set", + "in": "path", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "JSONWebKey", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSONWebKey", + "type": "named" + } + } + }, + "kid": { + "description": "The kid of the desired key", + "type": { + "name": "String", + "type": "named" + } + }, + "set": { + "description": "The set", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Update a JSON Web Key", + "name": "updateJsonWebKey", + "result_type": { + "name": "JSONWebKey", + "type": "named" + } + }, + { + "request": { + "url": "/keys/{set}/{kid}", + "method": "delete", + "parameters": [ + { + "name": "kid", + "in": "path", + "schema": { + "type": "String" + } + }, + { + "name": "set", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "kid": { + "description": "The kid of the desired key", + "type": { + "name": "String", + "type": "named" + } + }, + "set": { + "description": "The set", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Delete a JSON Web Key", + "name": "deleteJsonWebKey", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/auth/requests/consent/accept", + "method": "put", + "parameters": [ + { + "name": "consent_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "AcceptConsentRequest", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "AcceptConsentRequest", + "type": "named" + } + } + }, + "consent_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Accept a Consent Request", + "name": "acceptConsentRequest", + "result_type": { + "name": "CompletedRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/consent/reject", + "method": "put", + "parameters": [ + { + "name": "consent_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "RejectRequest", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "RejectRequest", + "type": "named" + } + } + }, + "consent_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Reject a Consent Request", + "name": "rejectConsentRequest", + "result_type": { + "name": "CompletedRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/login/accept", + "method": "put", + "parameters": [ + { + "name": "login_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "AcceptLoginRequest", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "AcceptLoginRequest", + "type": "named" + } + } + }, + "login_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Accept a Login Request", + "name": "acceptLoginRequest", + "result_type": { + "name": "CompletedRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/login/reject", + "method": "put", + "parameters": [ + { + "name": "login_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "RejectRequest", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "RejectRequest", + "type": "named" + } + } + }, + "login_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Reject a Login Request", + "name": "rejectLoginRequest", + "result_type": { + "name": "CompletedRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/logout/accept", + "method": "put", + "parameters": [ + { + "name": "logout_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "logout_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Accept a Logout Request", + "name": "acceptLogoutRequest", + "result_type": { + "name": "CompletedRequest", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth/requests/logout/reject", + "method": "put", + "parameters": [ + { + "name": "logout_challenge", + "in": "query", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "RejectRequest", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "RejectRequest", + "type": "named" + } + } + }, + "logout_challenge": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Reject a Logout Request", + "name": "rejectLogoutRequest", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/auth/sessions/consent", + "method": "delete", + "parameters": [ + { + "name": "subject", + "in": "query", + "schema": { + "type": "String" + } + }, + { + "name": "client", + "in": "query", + "schema": { + "type": "String", + "nullable": true + } + }, + { + "name": "all", + "in": "query", + "schema": { + "type": "Boolean", + "nullable": true + } + } + ] + }, + "arguments": { + "all": { + "description": "If set to `?all=true`, deletes all consent sessions by the Subject that have been granted.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "client": { + "description": "If set, deletes only those consent sessions by the Subject that have been granted to the specified OAuth 2.0 Client ID", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "subject": { + "description": "The subject (Subject) who's consent sessions should be deleted.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Revokes Consent Sessions of a Subject for a Specific OAuth 2.0 Client", + "name": "revokeConsentSessions", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/auth/sessions/login", + "method": "delete", + "parameters": [ + { + "name": "subject", + "in": "query", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "subject": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Invalidates All Login Sessions of a Certain User\nInvalidates a Subject's Authentication Session", + "name": "revokeAuthenticationSession", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/flush", + "method": "post", + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "FlushInactiveOAuth2TokensRequest", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "FlushInactiveOAuth2TokensRequest", + "type": "named" + } + } + } + }, + "description": "Flush Expired OAuth2 Access Tokens", + "name": "flushInactiveOAuth2Tokens", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/introspect", + "method": "post", + "requestBody": { + "contentType": "application/x-www-form-urlencoded", + "schema": { + "type": "object", + "properties": { + "scope": { + "type": "String", + "nullable": true + }, + "token": { + "type": "String" + } + } + } + } + }, + "arguments": { + "body": { + "description": "Form data of /oauth2/introspect", + "type": { + "name": "IntrospectOAuth2TokenBody", + "type": "named" + } + } + }, + "description": "Introspect OAuth2 Tokens", + "name": "introspectOAuth2Token", + "result_type": { + "name": "OAuth2TokenIntrospection", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/tokens", + "method": "delete", + "parameters": [ + { + "name": "client_id", + "in": "query", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "client_id": { + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Delete OAuth2 Access Tokens from a Client", + "name": "deleteOAuth2Token", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/trust/grants/jwt-bearer/issuers", + "method": "post", + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "TrustJwtGrantIssuerBody", + "nullable": true + } + } + }, + "arguments": { + "body": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "TrustJwtGrantIssuerBody", + "type": "named" + } + } + } + }, + "description": "Trust an OAuth2 JWT Bearer Grant Type Issuer", + "name": "trustJwtGrantIssuer", + "result_type": { + "name": "TrustedJwtGrantIssuer", + "type": "named" + } + }, + { + "request": { + "url": "/trust/grants/jwt-bearer/issuers/{id}", + "method": "delete", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "id": { + "description": "The id of the desired grant", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Delete a Trusted OAuth2 JWT Bearer Grant Type Issuer", + "name": "deleteTrustedJwtGrantIssuer", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + } + ], + "scalar_types": { + "Boolean": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "boolean" + } + }, + "Int64": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "int64" + } + }, + "JSON": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "json" + } + }, + "JSONRawMessage": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "json" + } + }, + "JoseJSONWebKeySet": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "json" + } + }, + "JsonWebKeyAlgorithm": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "RS256", + "RS512", + "ES256", + "ES512", + "EdDSA" + ], + "type": "enum" + } + }, + "OAuth2GrantType": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "authorization_code", + "implicit", + "client_credentials", + "refresh_token" + ], + "type": "enum" + } + }, + "OAuth2ResponseType": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "code", + "token", + "id_token" + ], + "type": "enum" + } + }, + "OAuth2Scope": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "offline_access", + "offline", + "openid" + ], + "type": "enum" + } + }, + "OAuth2SigningAlgorithm": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "none", + "RS256" + ], + "type": "enum" + } + }, + "OpenIDConnectSubjectType": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "public", + "pairwise" + ], + "type": "enum" + } + }, + "PatchDocumentValue": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "json" + } + }, + "String": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "string" + } + }, + "TimestampTZ": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "timestamptz" + } + }, + "TokenEndpointAuthMethod": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "client_secret_post", + "client_secret_basic", + "client_secret_jwt", + "private_key_jwt", + "none" + ], + "type": "enum" + } + } + } +} diff --git a/config/schema-public.json b/config/schema-public.json new file mode 100644 index 0000000..831c7ce --- /dev/null +++ b/config/schema-public.json @@ -0,0 +1,1571 @@ +{ + "settings": { + "servers": [ + { + "url": "{{HYDRA_PUBLIC_SERVER_URL:-http://localhost:4444}}" + } + ], + "timeout": "{{HYDRA_PUBLIC_TIMEOUT}}", + "retry": { + "times": "{{HYDRA_PUBLIC_RETRY_TIMES}}", + "delay": "{{HYDRA_PUBLIC_RETRY_DELAY}}", + "httpStatus": "{{HYDRA_PUBLIC_RETRY_HTTP_STATUS}}" + }, + "version": "latest" + }, + "collections": [], + "functions": [ + { + "request": { + "url": "/.well-known/jwks.json", + "method": "get" + }, + "arguments": {}, + "description": "JSON Web Keys Discovery", + "name": "wellKnown", + "result_type": { + "name": "JSONWebKeySet", + "type": "named" + } + }, + { + "request": { + "url": "/.well-known/openid-configuration", + "method": "get" + }, + "arguments": {}, + "description": "OpenID Connect Discovery", + "name": "discoverOpenIDConfiguration", + "result_type": { + "name": "WellKnown", + "type": "named" + } + }, + { + "request": { + "url": "/health/ready", + "method": "get" + }, + "arguments": {}, + "description": "Check Readiness Status", + "name": "isInstanceReady", + "result_type": { + "name": "HealthStatus", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/auth", + "method": "get" + }, + "arguments": {}, + "description": "The OAuth 2.0 Authorize Endpoint", + "name": "oauthAuth", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/register/{id}", + "method": "get", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Get an OAuth 2.0 Client using the OpenID / OAuth2 Dynamic Client Registration Management Protocol", + "name": "dynamicClientRegistrationGetOAuth2Client", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/sessions/logout", + "method": "get" + }, + "arguments": {}, + "description": "OpenID Connect Front-Backchannel Enabled Logout", + "name": "disconnectUser", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + } + ], + "object_types": { + "HealthStatus": { + "fields": { + "status": { + "description": "Status always contains \"ok\".", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "JSONWebKey": { + "description": "It is important that this model object is named JSONWebKey for\n\"swagger generate spec\" to generate only on definition of a\nJSONWebKey.", + "fields": { + "alg": { + "description": "The \"alg\" (algorithm) parameter identifies the algorithm intended for\nuse with the key. The values used should either be registered in the\nIANA \"JSON Web Signature and Encryption Algorithms\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name.", + "type": { + "name": "String", + "type": "named" + } + }, + "crv": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "d": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "dp": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "dq": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "e": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "k": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "kid": { + "description": "The \"kid\" (key ID) parameter is used to match a specific key. This\nis used, for instance, to choose among a set of keys within a JWK Set\nduring key rollover. The structure of the \"kid\" value is\nunspecified. When \"kid\" values are used within a JWK Set, different\nkeys within the JWK Set SHOULD use distinct \"kid\" values. (One\nexample in which different keys might use the same \"kid\" value is if\nthey have different \"kty\" (key type) values but are considered to be\nequivalent alternatives by the application using them.) The \"kid\"\nvalue is a case-sensitive string.", + "type": { + "name": "String", + "type": "named" + } + }, + "kty": { + "description": "The \"kty\" (key type) parameter identifies the cryptographic algorithm\nfamily used with the key, such as \"RSA\" or \"EC\". \"kty\" values should\neither be registered in the IANA \"JSON Web Key Types\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name. The \"kty\" value is a case-sensitive string.", + "type": { + "name": "String", + "type": "named" + } + }, + "n": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "p": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "q": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "qi": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "use": { + "description": "Use (\"public key use\") identifies the intended use of\nthe public key. The \"use\" parameter is employed to indicate whether\na public key is used for encrypting data or verifying the signature\non data. Values are commonly \"sig\" (signature) or \"enc\" (encryption).", + "type": { + "name": "String", + "type": "named" + } + }, + "x": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "x5c": { + "description": "The \"x5c\" (X.509 certificate chain) parameter contains a chain of one\nor more PKIX certificates [RFC5280]. The certificate chain is\nrepresented as a JSON array of certificate value strings. Each\nstring in the array is a base64-encoded (Section 4 of [RFC4648] --\nnot base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.\nThe PKIX certificate containing the key value MUST be the first\ncertificate.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "y": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "JSONWebKeySet": { + "description": "It is important that this model object is named JSONWebKeySet for\n\"swagger generate spec\" to generate only on definition of a\nJSONWebKeySet. Since one with the same name is previously defined as\nclient.Client.JSONWebKeys and this one is last, this one will be\neffectively written in the swagger spec.", + "fields": { + "keys": { + "description": "The value of the \"keys\" parameter is an array of JWK values. By\ndefault, the order of the JWK values within the array does not imply\nan order of preference among them, although applications of JWK Sets\ncan choose to assign a meaning to the order for their purposes, if\ndesired.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "JSONWebKey", + "type": "named" + }, + "type": "array" + } + } + } + } + }, + "OAuth2Client": { + "fields": { + "allowed_cors_origins": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "audience": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "authorization_code_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "authorization_code_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "authorization_code_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "backchannel_logout_session_required": { + "description": "Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout\nToken to identify the RP session with the OP when the backchannel_logout_uri is used.\nIf omitted, the default value is false.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "backchannel_logout_uri": { + "description": "RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_credentials_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_id": { + "description": "ID is the id for this client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_name": { + "description": "Name is the human-readable string name of the client to be presented to the\nend-user during authorization.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_secret": { + "description": "Secret is the client's secret. The secret will be included in the create request as cleartext, and then\nnever again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users\nthat they need to write the secret down as it will not be made available again.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_secret_expires_at": { + "description": "SecretExpiresAt is an integer holding the time at which the client\nsecret will expire or 0 if it will not expire. The time is\nrepresented as the number of seconds from 1970-01-01T00:00:00Z as\nmeasured in UTC until the date/time of expiration.\n\nThis feature is currently not supported and it's value will always\nbe set to 0.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "client_uri": { + "description": "ClientURI is an URL string of a web page providing information about the client.\nIf present, the server SHOULD display this URL to the end-user in\na clickable fashion.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "contacts": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "created_at": { + "description": "CreatedAt returns the timestamp of the client's creation.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "frontchannel_logout_session_required": { + "description": "Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be\nincluded to identify the RP session with the OP when the frontchannel_logout_uri is used.\nIf omitted, the default value is false.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "frontchannel_logout_uri": { + "description": "RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query\nparameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the\nrequest and to determine which of the potentially multiple sessions is to be logged out; if either is\nincluded, both MUST be.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "grant_types": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2GrantType", + "type": "named" + }, + "type": "array" + } + } + }, + "implicit_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "implicit_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "jwks": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JoseJSONWebKeySet", + "type": "named" + } + } + }, + "jwks_uri": { + "description": "URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains\nthe signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the\nClient's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing\nand encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced\nJWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both\nsignatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used\nto provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST\nmatch those in the certificate.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "jwt_bearer_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "logo_uri": { + "description": "LogoURI is an URL string that references a logo for the client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "metadata": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "JSONRawMessage", + "type": "named" + } + } + }, + "owner": { + "description": "Owner is a string identifying the owner of the OAuth 2.0 Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "password_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "password_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "policy_uri": { + "description": "PolicyURI is a URL string that points to a human-readable privacy policy document\nthat describes how the deployment organization collects, uses,\nretains, and discloses personal data.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "post_logout_redirect_uris": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "redirect_uris": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "refresh_token_grant_access_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token_grant_id_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token_grant_refresh_token_lifespan": { + "description": "TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "registration_access_token": { + "description": "RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "registration_client_uri": { + "description": "RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "request_object_signing_alg": { + "description": "JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects\nfrom this Client MUST be rejected, if not signed with this algorithm.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + } + } + }, + "request_uris": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "response_types": { + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2ResponseType", + "type": "named" + }, + "type": "array" + } + } + }, + "scope": { + "description": "Scope is a string containing a space-separated list of scope values (as\ndescribed in Section 3.3 of OAuth 2.0 [RFC6749]) that the client\ncan use when requesting access tokens.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2Scope", + "type": "named" + } + } + }, + "sector_identifier_uri": { + "description": "URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a\nfile with a single JSON array of redirect_uri values.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "subject_type": { + "description": "SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a\nlist of the supported subject_type values for this server. Valid types include `pairwise` and `public`.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OpenIDConnectSubjectType", + "type": "named" + } + } + }, + "token_endpoint_auth_method": { + "description": "Requested Client Authentication method for the Token Endpoint. The options are client_secret_post,\nclient_secret_basic, private_key_jwt, and none.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TokenEndpointAuthMethod", + "type": "named" + } + } + }, + "token_endpoint_auth_signing_alg": { + "description": "Requested Client Authentication signing algorithm for the Token Endpoint.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + } + } + }, + "tos_uri": { + "description": "TermsOfServiceURI is a URL string that points to a human-readable terms of service\ndocument for the client that describes a contractual relationship\nbetween the end-user and the client that the end-user accepts when\nauthorizing the client.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "updated_at": { + "description": "UpdatedAt returns the timestamp of the last update.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "TimestampTZ", + "type": "named" + } + } + }, + "userinfo_signed_response_alg": { + "description": "JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT\n[JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims\nas a UTF-8 encoded JSON object using the application/json content-type.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + } + } + } + } + }, + "Oauth2TokenBody": { + "fields": { + "client_id": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_secret": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "code": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "grant_type": { + "type": { + "name": "String", + "type": "named" + } + }, + "redirect_uri": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "scope": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "Oauth2TokenResponse": { + "description": "The Access Token Response", + "fields": { + "access_token": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "expires_in": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "Int64", + "type": "named" + } + } + }, + "id_token": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "refresh_token": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "scope": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "token_type": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + } + } + }, + "RevokeOAuth2TokenBody": { + "fields": { + "client_id": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "client_secret": { + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "token": { + "type": { + "name": "String", + "type": "named" + } + } + } + }, + "WellKnown": { + "description": "It includes links to several endpoints (e.g. /oauth2/token) and exposes information on supported signature algorithms\namong others.", + "fields": { + "authorization_endpoint": { + "description": "URL of the OP's OAuth 2.0 Authorization Endpoint.", + "type": { + "name": "String", + "type": "named" + } + }, + "backchannel_logout_session_supported": { + "description": "Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP\nsession with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "backchannel_logout_supported": { + "description": "Boolean value specifying whether the OP supports back-channel logout, with true indicating support.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "claims_parameter_supported": { + "description": "Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "claims_supported": { + "description": "JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply\nvalues for. Note that for privacy or other reasons, this might not be an exhaustive list.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "code_challenge_methods_supported": { + "description": "JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported\nby this authorization server.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2CodeChallenge", + "type": "named" + }, + "type": "array" + } + } + }, + "end_session_endpoint": { + "description": "URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "frontchannel_logout_session_supported": { + "description": "Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify\nthe RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also\nincluded in ID Tokens issued by the OP.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "frontchannel_logout_supported": { + "description": "Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "grant_types_supported": { + "description": "JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2GrantType", + "type": "named" + }, + "type": "array" + } + } + }, + "id_token_signing_alg_values_supported": { + "description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token\nto encode the Claims in a JWT.", + "type": { + "element_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + }, + "type": "array" + } + }, + "issuer": { + "description": "URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.\nIf IssuerURL discovery is supported , this value MUST be identical to the issuer value returned\nby WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.", + "type": { + "name": "String", + "type": "named" + } + }, + "jwks_uri": { + "description": "URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate\nsignatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs\nto encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)\nparameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.\nAlthough some algorithms allow the same key to be used for both signatures and encryption, doing so is\nNOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of\nkeys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.", + "type": { + "name": "String", + "type": "named" + } + }, + "registration_endpoint": { + "description": "URL of the OP's Dynamic Client Registration Endpoint.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "request_object_signing_alg_values_supported": { + "description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,\nwhich are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when\nthe Request Object is passed by value (using the request parameter) and when it is passed by reference\n(using the request_uri parameter).", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + }, + "type": "array" + } + } + }, + "request_parameter_supported": { + "description": "Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "request_uri_parameter_supported": { + "description": "Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "require_request_uri_registration": { + "description": "Boolean value specifying whether the OP requires any request_uri values used to be pre-registered\nusing the request_uris registration parameter.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + "response_modes_supported": { + "description": "JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + } + }, + "response_types_supported": { + "description": "JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID\nProviders MUST support the code, id_token, and the token id_token Response Type values.", + "type": { + "element_type": { + "name": "String", + "type": "named" + }, + "type": "array" + } + }, + "revocation_endpoint": { + "description": "URL of the authorization server's OAuth 2.0 revocation endpoint.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "scopes_supported": { + "description": "SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST\nsupport the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2Scope", + "type": "named" + }, + "type": "array" + } + } + }, + "subject_types_supported": { + "description": "JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include\npairwise and public.", + "type": { + "element_type": { + "name": "OpenIDConnectSubjectType", + "type": "named" + }, + "type": "array" + } + }, + "token_endpoint": { + "description": "URL of the OP's OAuth 2.0 Token Endpoint", + "type": { + "name": "String", + "type": "named" + } + }, + "token_endpoint_auth_methods_supported": { + "description": "JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are\nclient_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "TokenEndpointAuthMethod", + "type": "named" + }, + "type": "array" + } + } + }, + "userinfo_endpoint": { + "description": "URL of the OP's UserInfo Endpoint.", + "type": { + "type": "nullable", + "underlying_type": { + "name": "String", + "type": "named" + } + } + }, + "userinfo_signing_alg_values_supported": { + "description": "JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].", + "type": { + "type": "nullable", + "underlying_type": { + "element_type": { + "name": "OAuth2SigningAlgorithm", + "type": "named" + }, + "type": "array" + } + } + } + } + } + }, + "procedures": [ + { + "request": { + "url": "/oauth2/register", + "method": "post", + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "OAuth2Client" + } + } + }, + "arguments": { + "body": { + "type": { + "name": "OAuth2Client", + "type": "named" + } + } + }, + "description": "Register an OAuth 2.0 Client using the OpenID / OAuth2 Dynamic Client Registration Management Protocol", + "name": "dynamicClientRegistrationCreateOAuth2Client", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/register/{id}", + "method": "put", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ], + "requestBody": { + "contentType": "application/json", + "schema": { + "type": "OAuth2Client" + } + } + }, + "arguments": { + "body": { + "type": { + "name": "OAuth2Client", + "type": "named" + } + }, + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Update an OAuth 2.0 Client using the OpenID / OAuth2 Dynamic Client Registration Management Protocol", + "name": "dynamicClientRegistrationUpdateOAuth2Client", + "result_type": { + "name": "OAuth2Client", + "type": "named" + } + }, + { + "request": { + "url": "/oauth2/register/{id}", + "method": "delete", + "parameters": [ + { + "name": "id", + "in": "path", + "schema": { + "type": "String" + } + } + ] + }, + "arguments": { + "id": { + "description": "The id of the OAuth 2.0 Client.", + "type": { + "name": "String", + "type": "named" + } + } + }, + "description": "Deletes an OAuth 2.0 Client using the OpenID / OAuth2 Dynamic Client Registration Management Protocol", + "name": "dynamicClientRegistrationDeleteOAuth2Client", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/revoke", + "method": "post", + "requestBody": { + "contentType": "application/x-www-form-urlencoded", + "schema": { + "type": "object", + "properties": { + "client_id": { + "type": "String", + "nullable": true + }, + "client_secret": { + "type": "String", + "nullable": true + }, + "token": { + "type": "String" + } + } + } + } + }, + "arguments": { + "body": { + "description": "Form data of /oauth2/revoke", + "type": { + "name": "RevokeOAuth2TokenBody", + "type": "named" + } + } + }, + "description": "Revoke OAuth2 Tokens", + "name": "revokeOAuth2Token", + "result_type": { + "type": "nullable", + "underlying_type": { + "name": "Boolean", + "type": "named" + } + } + }, + { + "request": { + "url": "/oauth2/token", + "method": "post", + "requestBody": { + "contentType": "application/x-www-form-urlencoded", + "schema": { + "type": "object", + "properties": { + "client_id": { + "type": "String", + "nullable": true + }, + "client_secret": { + "type": "String", + "nullable": true + }, + "code": { + "type": "String", + "nullable": true + }, + "grant_type": { + "type": "String" + }, + "redirect_uri": { + "type": "String", + "nullable": true + }, + "refresh_token": { + "type": "String", + "nullable": true + }, + "scope": { + "type": "String", + "nullable": true + } + } + } + } + }, + "arguments": { + "body": { + "description": "Form data of /oauth2/token", + "type": { + "name": "Oauth2TokenBody", + "type": "named" + } + } + }, + "description": "The OAuth 2.0 Token Endpoint", + "name": "oauth2Token", + "result_type": { + "name": "Oauth2TokenResponse", + "type": "named" + } + } + ], + "scalar_types": { + "Boolean": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "boolean" + } + }, + "Int64": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "int64" + } + }, + "JSON": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "json" + } + }, + "JSONRawMessage": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "json" + } + }, + "JoseJSONWebKeySet": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "json" + } + }, + "OAuth2CodeChallenge": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "plain", + "S256" + ], + "type": "enum" + } + }, + "OAuth2GrantType": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "authorization_code", + "implicit", + "client_credentials", + "refresh_token" + ], + "type": "enum" + } + }, + "OAuth2ResponseType": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "code", + "token", + "id_token" + ], + "type": "enum" + } + }, + "OAuth2Scope": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "offline_access", + "offline", + "openid" + ], + "type": "enum" + } + }, + "OAuth2SigningAlgorithm": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "none", + "RS256" + ], + "type": "enum" + } + }, + "OpenIDConnectSubjectType": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "public", + "pairwise" + ], + "type": "enum" + } + }, + "String": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "string" + } + }, + "TimestampTZ": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "type": "timestamptz" + } + }, + "TokenEndpointAuthMethod": { + "aggregate_functions": {}, + "comparison_operators": {}, + "representation": { + "one_of": [ + "client_secret_post", + "client_secret_basic", + "client_secret_jwt", + "private_key_jwt", + "none" + ], + "type": "enum" + } + } + } +} diff --git a/connector-definition/.hasura-connector/connector-metadata.yaml b/connector-definition/.hasura-connector/connector-metadata.yaml new file mode 100644 index 0000000..fcc3f06 --- /dev/null +++ b/connector-definition/.hasura-connector/connector-metadata.yaml @@ -0,0 +1,20 @@ +packagingDefinition: + type: PrebuiltDockerImage + dockerImage: ghcr.io/hasura/ndc-hydra:{{VERSION}} +supportedEnvironmentVariables: + - HYDRA_ADMIN_SERVER_URL + - HYDRA_ADMIN_TIMEOUT + - HYDRA_ADMIN_RETRY_TIMES + - HYDRA_ADMIN_RETRY_DELAY + - HYDRA_ADMIN_RETRY_HTTP_STATUS + - HYDRA_PUBLIC_SERVER_URL + - HYDRA_PUBLIC_TIMEOUT + - HYDRA_PUBLIC_RETRY_TIMES + - HYDRA_PUBLIC_RETRY_DELAY + - HYDRA_PUBLIC_RETRY_HTTP_STATUS +commands: {} +dockerComposeWatch: + # copy config files into the existing container and restart it + - path: ./config + target: /etc/connector + action: sync+restart diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..25b5d8e --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,55 @@ +services: + ndc-hydra: + build: + context: . + ports: + - 8080:8080 + # volumes: + # - ./config:/etc/connector:ro + environment: + HYDRA_PUBLIC_SERVER_URL: http://hydra:4444 + HYDRA_ADMIN_SERVER_URL: http://hydra:4445 + HASURA_LOG_LEVEL: debug + + hydra: + restart: always + image: oryd/hydra:v1.11.10 + command: + - serve + - all + - --dangerous-force-http + depends_on: + - hydra-migrate + - postgres + ports: + - "4444:4444" + - "4445:4445" + environment: + DSN: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable + SECRETS_SYSTEM: ${SECRETS_SYSTEM} + OIDC_DYNAMIC_CLIENT_REGISTRATION_ENABLED: "true" + LOG_LEAK_SENSITIVE_VALUES: "true" + + hydra-migrate: + restart: on-failure + image: oryd/hydra:v1.11.10 + depends_on: + - postgres + command: migrate sql -e --yes + environment: + DSN: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable + + postgres: + image: postgres:16-alpine3.18 + restart: always + volumes: + - postgres_data:/var/lib/postgresql/data + ports: + - "10432:5432" + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${POSTGRES_DB} + +volumes: + postgres_data: diff --git a/schema/admin/config.yaml b/schema/admin/config.yaml new file mode 100644 index 0000000..877cf14 --- /dev/null +++ b/schema/admin/config.yaml @@ -0,0 +1,9 @@ +file: https://raw.githubusercontent.com/ory/hydra/v1.11.10/spec/swagger.json +spec: oas2 +envPrefix: HYDRA_ADMIN +patchBefore: + - path: patch-before.yaml + strategy: json6902 +patchAfter: + - path: patch-after.yaml + strategy: json6902 diff --git a/schema/admin/patch-after.yaml b/schema/admin/patch-after.yaml new file mode 100644 index 0000000..fc6144b --- /dev/null +++ b/schema/admin/patch-after.yaml @@ -0,0 +1,116 @@ +- op: remove + path: /settings/securitySchemes +- op: replace + path: /settings/servers + value: + - url: "{{HYDRA_ADMIN_SERVER_URL:-http://localhost:4445}}" +- op: add + path: /scalar_types/TokenEndpointAuthMethod + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - client_secret_post + - client_secret_basic + - client_secret_jwt + - private_key_jwt + - none + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/token_endpoint_auth_method/type/underlying_type/name + value: TokenEndpointAuthMethod +- op: add + path: /scalar_types/OpenIDConnectSubjectType + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - public + - pairwise + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/subject_type/type/underlying_type/name + value: OpenIDConnectSubjectType +- op: add + path: /scalar_types/OAuth2GrantType + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - authorization_code + - implicit + - client_credentials + - refresh_token + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/grant_types/type/underlying_type/element_type/name + value: OAuth2GrantType +- op: add + path: /scalar_types/OAuth2ResponseType + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - code + - token + - id_token + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/response_types/type/underlying_type/element_type/name + value: OAuth2ResponseType +- op: add + path: /scalar_types/OAuth2Scope + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - offline_access + - offline + - openid + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/scope/type/underlying_type/name + value: OAuth2Scope +- op: add + path: /scalar_types/OAuth2SigningAlgorithm + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - none + - RS256 + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/token_endpoint_auth_signing_alg/type/underlying_type/name + value: OAuth2SigningAlgorithm +- op: replace + path: /object_types/OAuth2Client/fields/userinfo_signed_response_alg/type/underlying_type/name + value: OAuth2SigningAlgorithm +- op: replace + path: /object_types/OAuth2Client/fields/request_object_signing_alg/type/underlying_type/name + value: OAuth2SigningAlgorithm +- op: add + path: /scalar_types/JsonWebKeyAlgorithm + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - RS256 + - RS512 + - ES256 + - ES512 + - EdDSA + type: enum +- op: replace + path: /object_types/JsonWebKeySetGeneratorRequest/fields/alg/type/name + value: JsonWebKeyAlgorithm +- op: replace + path: /object_types/JSONWebKey/fields/alg/type/name + value: JsonWebKeyAlgorithm diff --git a/schema/admin/patch-before.yaml b/schema/admin/patch-before.yaml new file mode 100644 index 0000000..5eb03c7 --- /dev/null +++ b/schema/admin/patch-before.yaml @@ -0,0 +1,20 @@ +- op: remove + path: /paths/~1.well-known~1jwks.json +- op: remove + path: /paths/~1.well-known~1openid-configuration +- op: remove + path: /paths/~1health~1ready +- op: remove + path: /paths/~1oauth2~1auth +- op: remove + path: /paths/~1oauth2~1register +- op: remove + path: /paths/~1oauth2~1register~1{id} +- op: remove + path: /paths/~1oauth2~1revoke +- op: remove + path: /paths/~1oauth2~1sessions~1logout +- op: remove + path: /paths/~1oauth2~1token +- op: remove + path: /paths/~1userinfo diff --git a/schema/public/config.yaml b/schema/public/config.yaml new file mode 100644 index 0000000..e1eef4e --- /dev/null +++ b/schema/public/config.yaml @@ -0,0 +1,9 @@ +file: https://raw.githubusercontent.com/ory/hydra/v1.11.10/spec/swagger.json +spec: oas2 +envPrefix: HYDRA_PUBLIC +patchBefore: + - path: patch-before.yaml + strategy: json6902 +patchAfter: + - path: patch-after.yaml + strategy: json6902 diff --git a/schema/public/patch-after.yaml b/schema/public/patch-after.yaml new file mode 100644 index 0000000..6b2b464 --- /dev/null +++ b/schema/public/patch-after.yaml @@ -0,0 +1,131 @@ +- op: remove + path: /settings/securitySchemes +- op: replace + path: /settings/servers + value: + - url: "{{HYDRA_PUBLIC_SERVER_URL:-http://localhost:4444}}" +- op: add + path: /scalar_types/TokenEndpointAuthMethod + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - client_secret_post + - client_secret_basic + - client_secret_jwt + - private_key_jwt + - none + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/token_endpoint_auth_method/type/underlying_type/name + value: TokenEndpointAuthMethod +- op: replace + path: /object_types/WellKnown/fields/token_endpoint_auth_methods_supported/type/underlying_type/element_type/name + value: TokenEndpointAuthMethod +- op: add + path: /scalar_types/OpenIDConnectSubjectType + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - public + - pairwise + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/subject_type/type/underlying_type/name + value: OpenIDConnectSubjectType +- op: replace + path: /object_types/WellKnown/fields/subject_types_supported/type/element_type/name + value: OpenIDConnectSubjectType +- op: add + path: /scalar_types/OAuth2GrantType + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - authorization_code + - implicit + - client_credentials + - refresh_token + type: enum +- op: replace + path: /object_types/WellKnown/fields/grant_types_supported/type/underlying_type/element_type/name + value: OAuth2GrantType +- op: replace + path: /object_types/OAuth2Client/fields/grant_types/type/underlying_type/element_type/name + value: OAuth2GrantType +- op: add + path: /scalar_types/OAuth2ResponseType + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - code + - token + - id_token + type: enum +- op: replace + path: /object_types/OAuth2Client/fields/response_types/type/underlying_type/element_type/name + value: OAuth2ResponseType +- op: add + path: /scalar_types/OAuth2Scope + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - offline_access + - offline + - openid + type: enum +- op: replace + path: /object_types/WellKnown/fields/scopes_supported/type/underlying_type/element_type/name + value: OAuth2Scope +- op: replace + path: /object_types/OAuth2Client/fields/scope/type/underlying_type/name + value: OAuth2Scope +- op: add + path: /scalar_types/OAuth2CodeChallenge + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - plain + - S256 + type: enum +- op: replace + path: /object_types/WellKnown/fields/code_challenge_methods_supported/type/underlying_type/element_type/name + value: OAuth2CodeChallenge +- op: add + path: /scalar_types/OAuth2SigningAlgorithm + value: + aggregate_functions: {} + comparison_operators: {} + representation: + one_of: + - none + - RS256 + type: enum +- op: replace + path: /object_types/WellKnown/fields/id_token_signing_alg_values_supported/type/element_type/name + value: OAuth2SigningAlgorithm +- op: replace + path: /object_types/WellKnown/fields/request_object_signing_alg_values_supported/type/underlying_type/element_type/name + value: OAuth2SigningAlgorithm +- op: replace + path: /object_types/WellKnown/fields/userinfo_signing_alg_values_supported/type/underlying_type/element_type/name + value: OAuth2SigningAlgorithm +- op: replace + path: /object_types/OAuth2Client/fields/token_endpoint_auth_signing_alg/type/underlying_type/name + value: OAuth2SigningAlgorithm +- op: replace + path: /object_types/OAuth2Client/fields/userinfo_signed_response_alg/type/underlying_type/name + value: OAuth2SigningAlgorithm +- op: replace + path: /object_types/OAuth2Client/fields/request_object_signing_alg/type/underlying_type/name + value: OAuth2SigningAlgorithm diff --git a/schema/public/patch-before.yaml b/schema/public/patch-before.yaml new file mode 100644 index 0000000..212b7ab --- /dev/null +++ b/schema/public/patch-before.yaml @@ -0,0 +1,76 @@ +- op: remove + path: /paths/~1clients +- op: remove + path: /paths/~1clients~1{id} +- op: remove + path: /paths/~1clients~1{id}~1lifespans +- op: remove + path: /paths/~1health~1alive +- op: remove + path: /paths/~1keys~1{set} +- op: remove + path: /paths/~1keys~1{set}~1{kid} +- op: remove + path: /paths/~1oauth2~1auth~1requests~1consent +- op: remove + path: /paths/~1oauth2~1auth~1requests~1consent~1accept +- op: remove + path: /paths/~1oauth2~1auth~1requests~1consent~1reject +- op: remove + path: /paths/~1oauth2~1auth~1requests~1login +- op: remove + path: /paths/~1oauth2~1auth~1requests~1login~1accept +- op: remove + path: /paths/~1oauth2~1auth~1requests~1login~1reject +- op: remove + path: /paths/~1oauth2~1auth~1requests~1logout +- op: remove + path: /paths/~1oauth2~1auth~1requests~1logout~1accept +- op: remove + path: /paths/~1oauth2~1auth~1requests~1logout~1reject +- op: remove + path: /paths/~1oauth2~1auth~1sessions~1consent +- op: remove + path: /paths/~1oauth2~1auth~1sessions~1login +- op: remove + path: /paths/~1oauth2~1flush +- op: remove + path: /paths/~1oauth2~1introspect +- op: remove + path: /paths/~1oauth2~1tokens +- op: remove + path: /paths/~1trust~1grants~1jwt-bearer~1issuers +- op: remove + path: /paths/~1trust~1grants~1jwt-bearer~1issuers~1{id} +- op: remove + path: /paths/~1version +- op: remove + path: /paths/~1oauth2~1token/post/security +- op: add + path: /paths/~1oauth2~1token/post/parameters/5 + value: + type: string + name: client_secret + in: formData +- op: add + path: /paths/~1oauth2~1token/post/parameters/6 + value: + type: string + name: scope + in: formData +- op: remove + path: /paths/~1userinfo +- op: remove + path: /paths/~1oauth2~1revoke/post/security +- op: add + path: /paths/~1oauth2~1revoke/post/parameters/1 + value: + type: string + name: client_id + in: formData +- op: add + path: /paths/~1oauth2~1revoke/post/parameters/2 + value: + type: string + name: client_secret + in: formData diff --git a/scripts/build-manifest.sh b/scripts/build-manifest.sh new file mode 100755 index 0000000..19e5626 --- /dev/null +++ b/scripts/build-manifest.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -evo pipefail + +REF="$(git rev-parse --short HEAD)" +VERSION=${VERSION:-$REF} +BUILD_DIR=/tmp/ndc-hydra +ROOT="$(pwd)" + +rm -rf $BUILD_DIR +mkdir -p $BUILD_DIR + +cp -r connector-definition $BUILD_DIR +sed -i "s/{{VERSION}}/$VERSION/g" $BUILD_DIR/connector-definition/.hasura-connector/connector-metadata.yaml + +mkdir -p "${ROOT}/release" +tar -czvf "${ROOT}/release/connector-definition.tgz" --directory $BUILD_DIR/connector-definition . +echo "checksum of connector-definition.tgz:" +sha256sum "${ROOT}/release/connector-definition.tgz" \ No newline at end of file diff --git a/scripts/test.sh b/scripts/test.sh new file mode 100755 index 0000000..0b947d8 --- /dev/null +++ b/scripts/test.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +ROOT="$(pwd)" +NDC_TEST_VERSION=v0.1.3 + +http_wait() { + printf "$1:\t " + for i in {1..60}; + do + local code="$(curl -s -o /dev/null -m 2 -w '%{http_code}' $1)" + if [[ $code != "200" ]]; then + printf "." + sleep 1 + else + printf "\r\033[K$1:\t ${GREEN}OK${NC}\n" + return 0 + fi + done + printf "\n${RED}ERROR${NC}: cannot connect to $1. Please check service logs with command:\n" + echo " docker-compose logs -f $2" + exit 1 +} + +# download ndc-test +if [ ! -f "$ROOT/tmp/ndc-test" ]; then + mkdir -p tmp + curl -L "https://github.com/hasura/ndc-spec/releases/download/$NDC_TEST_VERSION/ndc-test-x86_64-unknown-linux-gnu" -o "$ROOT/tmp/ndc-test" + chmod +x "$ROOT/tmp/ndc-test" +fi + +cp .env.example .env +DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker compose up -d +http_wait http://localhost:8080/health +http_wait http://localhost:4444/health/alive +http_wait http://localhost:4445/health/ready + +sleep 5 +$ROOT/tmp/ndc-test test --endpoint http://localhost:8080 +# $ROOT/tmp/ndc-test replay --endpoint http://localhost:8080 --snapshots-dir $ROOT/testdata/01-setup +# $ROOT/tmp/ndc-test replay --endpoint http://localhost:8080 --snapshots-dir $ROOT/testdata/02-getData +# $ROOT/tmp/ndc-test replay --endpoint http://localhost:8080 --snapshots-dir $ROOT/testdata/03-cleanup + +exit_code=$? +docker compose down --remove-orphans -v +exit $exit_code \ No newline at end of file diff --git a/scripts/update-deps.sh b/scripts/update-deps.sh new file mode 100755 index 0000000..7391cea --- /dev/null +++ b/scripts/update-deps.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [ -z "$VERSION" ]; then + echo "VERSION env variable is required" + exit 1 +fi + +sed -i -r "s/v[0-9.]+$/$VERSION/" Dockerfile +sed -i -r "s/NDC_REST_VERSION\s+\?\=\s+[a-z0-9.]+$/NDC_REST_VERSION ?= $VERSION/" Makefile + +if [ -n "$ORY_HYDRA_VERSION" ]; then + sed -i -r "s/oryd\/hydra:v[0-9.]+$/oryd\/hydra:$ORY_HYDRA_VERSION/" docker-compose.yaml + sed -i -r "s/ORY_HYDRA_VERSION\s+\?\=\s+[a-z0-9.]+$/ORY_HYDRA_VERSION ?= $ORY_HYDRA_VERSION/" Makefile +fi \ No newline at end of file diff --git a/testdata/01-setup/mutation/01-createOAuth2Client/expected.json b/testdata/01-setup/mutation/01-createOAuth2Client/expected.json new file mode 100644 index 0000000..8fdf4a4 --- /dev/null +++ b/testdata/01-setup/mutation/01-createOAuth2Client/expected.json @@ -0,0 +1,53 @@ +{ + "operation_results": [ + { + "result": { + "allowed_cors_origins": ["http://localhost:8080"], + "audience": ["user"], + "authorization_code_grant_access_token_lifespan": "1h0m0s", + "authorization_code_grant_id_token_lifespan": "3h0m0s", + "authorization_code_grant_refresh_token_lifespan": "2h0m0s", + "backchannel_logout_session_required": true, + "backchannel_logout_uri": "http://backchannel/logout", + "client_credentials_grant_access_token_lifespan": "4h0m0s", + "client_id": "test-client", + "client_name": "Test client", + "client_secret": "randomsecret", + "client_secret_expires_at": 0, + "client_uri": "http://localhost:8080", + "contacts": ["bouUoMs41s"], + "frontchannel_logout_session_required": true, + "frontchannel_logout_uri": "http://frontchannel/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h0m0s", + "implicit_grant_id_token_lifespan": "2h0m0s", + "jwks": {}, + "jwks_uri": "http://localhost:8080/jwks", + "jwt_bearer_grant_access_token_lifespan": "3h0m0s", + "logo_uri": "http://localhost:8080/logo", + "metadata": { "foo": "bar" }, + "owner": "FiZD1435Ve", + "password_grant_access_token_lifespan": "4h0m0s", + "password_grant_refresh_token_lifespan": "3h0m0s", + "policy_uri": "http://localhost:8080/policy_uri", + "post_logout_redirect_uris": ["http://localhost:8080/post-logout"], + "redirect_uris": ["http://localhost:8080/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "2h0m0s", + "refresh_token_grant_id_token_lifespan": "1h0m0s", + "refresh_token_grant_refresh_token_lifespan": "2h0m0s", + "registration_client_uri": "http://localhost:4444/oauth2/register/test-client", + "request_object_signing_alg": "HS256", + "request_uris": ["http://localhost:8080/request_uris"], + "response_types": ["code"], + "scope": "read offline", + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_post", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "eE5F7kI9Uz", + "userinfo_signed_response_alg": "none" + }, + "type": "procedure" + } + ] +} diff --git a/testdata/01-setup/mutation/01-createOAuth2Client/request.json b/testdata/01-setup/mutation/01-createOAuth2Client/request.json new file mode 100644 index 0000000..5947670 --- /dev/null +++ b/testdata/01-setup/mutation/01-createOAuth2Client/request.json @@ -0,0 +1,241 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "createOAuth2Client", + "arguments": { + "body": { + "allowed_cors_origins": ["http://localhost:8080"], + "audience": ["user"], + "authorization_code_grant_access_token_lifespan": "1h", + "authorization_code_grant_id_token_lifespan": "3h", + "authorization_code_grant_refresh_token_lifespan": "2h", + "backchannel_logout_session_required": true, + "backchannel_logout_uri": "http://backchannel/logout", + "client_credentials_grant_access_token_lifespan": "4h", + "client_id": "test-client", + "client_name": "Test client", + "client_secret": "randomsecret", + "client_uri": "http://localhost:8080", + "contacts": ["bouUoMs41s"], + "created_at": "2019-08-24T14:15:22Z", + "frontchannel_logout_session_required": true, + "frontchannel_logout_uri": "http://frontchannel/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h", + "implicit_grant_id_token_lifespan": "2h", + "jwks": null, + "jwks_uri": "http://localhost:8080/jwks", + "jwt_bearer_grant_access_token_lifespan": "3h", + "logo_uri": "http://localhost:8080/logo", + "metadata": { + "foo": "bar" + }, + "owner": "FiZD1435Ve", + "password_grant_access_token_lifespan": "4h", + "password_grant_refresh_token_lifespan": "3h", + "policy_uri": "http://localhost:8080/policy_uri", + "post_logout_redirect_uris": ["http://localhost:8080/post-logout"], + "redirect_uris": ["http://localhost:8080/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "2h", + "refresh_token_grant_id_token_lifespan": "1h", + "refresh_token_grant_refresh_token_lifespan": "2h", + "registration_client_uri": "http://localhost:8080", + "request_object_signing_alg": "HS256", + "request_uris": ["http://localhost:8080/request_uris"], + "response_types": ["code"], + "scope": "read offline", + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_post", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "eE5F7kI9Uz", + "updated_at": "1970-01-01T00:00:01Z", + "userinfo_signed_response_alg": "none" + } + }, + "fields": { + "fields": { + "allowed_cors_origins": { + "column": "allowed_cors_origins", + "type": "column" + }, + "audience": { + "column": "audience", + "type": "column" + }, + "authorization_code_grant_access_token_lifespan": { + "column": "authorization_code_grant_access_token_lifespan", + "type": "column" + }, + "authorization_code_grant_id_token_lifespan": { + "column": "authorization_code_grant_id_token_lifespan", + "type": "column" + }, + "authorization_code_grant_refresh_token_lifespan": { + "column": "authorization_code_grant_refresh_token_lifespan", + "type": "column" + }, + "backchannel_logout_session_required": { + "column": "backchannel_logout_session_required", + "type": "column" + }, + "backchannel_logout_uri": { + "column": "backchannel_logout_uri", + "type": "column" + }, + "client_credentials_grant_access_token_lifespan": { + "column": "client_credentials_grant_access_token_lifespan", + "type": "column" + }, + "client_id": { + "column": "client_id", + "type": "column" + }, + "client_name": { + "column": "client_name", + "type": "column" + }, + "client_secret": { + "column": "client_secret", + "type": "column" + }, + "client_secret_expires_at": { + "column": "client_secret_expires_at", + "type": "column" + }, + "client_uri": { + "column": "client_uri", + "type": "column" + }, + "contacts": { + "column": "contacts", + "type": "column" + }, + "frontchannel_logout_session_required": { + "column": "frontchannel_logout_session_required", + "type": "column" + }, + "frontchannel_logout_uri": { + "column": "frontchannel_logout_uri", + "type": "column" + }, + "grant_types": { + "column": "grant_types", + "type": "column" + }, + "implicit_grant_access_token_lifespan": { + "column": "implicit_grant_access_token_lifespan", + "type": "column" + }, + "implicit_grant_id_token_lifespan": { + "column": "implicit_grant_id_token_lifespan", + "type": "column" + }, + "jwks": { + "column": "jwks", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "jwt_bearer_grant_access_token_lifespan": { + "column": "jwt_bearer_grant_access_token_lifespan", + "type": "column" + }, + "logo_uri": { + "column": "logo_uri", + "type": "column" + }, + "metadata": { + "column": "metadata", + "type": "column" + }, + "owner": { + "column": "owner", + "type": "column" + }, + "password_grant_access_token_lifespan": { + "column": "password_grant_access_token_lifespan", + "type": "column" + }, + "password_grant_refresh_token_lifespan": { + "column": "password_grant_refresh_token_lifespan", + "type": "column" + }, + "policy_uri": { + "column": "policy_uri", + "type": "column" + }, + "post_logout_redirect_uris": { + "column": "post_logout_redirect_uris", + "type": "column" + }, + "redirect_uris": { + "column": "redirect_uris", + "type": "column" + }, + "refresh_token_grant_access_token_lifespan": { + "column": "refresh_token_grant_access_token_lifespan", + "type": "column" + }, + "refresh_token_grant_id_token_lifespan": { + "column": "refresh_token_grant_id_token_lifespan", + "type": "column" + }, + "refresh_token_grant_refresh_token_lifespan": { + "column": "refresh_token_grant_refresh_token_lifespan", + "type": "column" + }, + "registration_client_uri": { + "column": "registration_client_uri", + "type": "column" + }, + "request_object_signing_alg": { + "column": "request_object_signing_alg", + "type": "column" + }, + "request_uris": { + "column": "request_uris", + "type": "column" + }, + "response_types": { + "column": "response_types", + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "sector_identifier_uri": { + "column": "sector_identifier_uri", + "type": "column" + }, + "subject_type": { + "column": "subject_type", + "type": "column" + }, + "token_endpoint_auth_method": { + "column": "token_endpoint_auth_method", + "type": "column" + }, + "token_endpoint_auth_signing_alg": { + "column": "token_endpoint_auth_signing_alg", + "type": "column" + }, + "tos_uri": { + "column": "tos_uri", + "type": "column" + }, + "userinfo_signed_response_alg": { + "column": "userinfo_signed_response_alg", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/02-patchOAuth2Client/expected.json b/testdata/01-setup/mutation/02-patchOAuth2Client/expected.json new file mode 100644 index 0000000..ea29092 --- /dev/null +++ b/testdata/01-setup/mutation/02-patchOAuth2Client/expected.json @@ -0,0 +1,56 @@ +{ + "operation_results": [ + { + "type": "procedure", + "result": { + "allowed_cors_origins": ["http://localhost:8080"], + "audience": ["user", "admin"], + "authorization_code_grant_access_token_lifespan": "1h0m0s", + "authorization_code_grant_id_token_lifespan": "3h0m0s", + "authorization_code_grant_refresh_token_lifespan": "2h0m0s", + "backchannel_logout_session_required": true, + "backchannel_logout_uri": "http://backchannel/logout", + "client_credentials_grant_access_token_lifespan": "4h0m0s", + "client_id": "test-client", + "client_name": "Test client", + "client_secret": null, + "client_secret_expires_at": 0, + "client_uri": "http://localhost:8080", + "contacts": ["bouUoMs41s"], + "frontchannel_logout_session_required": true, + "frontchannel_logout_uri": "http://frontchannel/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h0m0s", + "implicit_grant_id_token_lifespan": "2h0m0s", + "jwks": {}, + "jwks_uri": "http://localhost:8080/jwks", + "jwt_bearer_grant_access_token_lifespan": "3h0m0s", + "logo_uri": "http://localhost:8080/logo", + "metadata": { + "foo": "bar" + }, + "owner": "FiZD1435Ve", + "password_grant_access_token_lifespan": "4h0m0s", + "password_grant_refresh_token_lifespan": "3h0m0s", + "policy_uri": "http://localhost:8080/policy_uri", + "post_logout_redirect_uris": ["http://localhost:8080/post-logout"], + "redirect_uris": ["http://localhost:8080/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "2h0m0s", + "refresh_token_grant_id_token_lifespan": "1h0m0s", + "refresh_token_grant_refresh_token_lifespan": "2h0m0s", + "registration_access_token": null, + "registration_client_uri": null, + "request_object_signing_alg": "HS256", + "request_uris": ["http://localhost:8080/request_uris"], + "response_types": ["code"], + "scope": "read offline", + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_post", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "eE5F7kI9Uz", + "userinfo_signed_response_alg": "none" + } + } + ] +} diff --git a/testdata/01-setup/mutation/02-patchOAuth2Client/request.json b/testdata/01-setup/mutation/02-patchOAuth2Client/request.json new file mode 100644 index 0000000..3dcbc49 --- /dev/null +++ b/testdata/01-setup/mutation/02-patchOAuth2Client/request.json @@ -0,0 +1,214 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "patchOAuth2Client", + "arguments": { + "body": [ + { + "op": "replace", + "path": "/audience", + "value": ["user", "admin"] + }, + { + "op": "replace", + "path": "/jwks", + "value": null + }, + { + "op": "replace", + "path": "/jwks_uri", + "value": null + } + ], + "id": "test-client" + }, + "fields": { + "fields": { + "allowed_cors_origins": { + "column": "allowed_cors_origins", + "type": "column" + }, + "audience": { + "column": "audience", + "type": "column" + }, + "authorization_code_grant_access_token_lifespan": { + "column": "authorization_code_grant_access_token_lifespan", + "type": "column" + }, + "authorization_code_grant_id_token_lifespan": { + "column": "authorization_code_grant_id_token_lifespan", + "type": "column" + }, + "authorization_code_grant_refresh_token_lifespan": { + "column": "authorization_code_grant_refresh_token_lifespan", + "type": "column" + }, + "backchannel_logout_session_required": { + "column": "backchannel_logout_session_required", + "type": "column" + }, + "backchannel_logout_uri": { + "column": "backchannel_logout_uri", + "type": "column" + }, + "client_credentials_grant_access_token_lifespan": { + "column": "client_credentials_grant_access_token_lifespan", + "type": "column" + }, + "client_id": { + "column": "client_id", + "type": "column" + }, + "client_name": { + "column": "client_name", + "type": "column" + }, + "client_secret": { + "column": "client_secret", + "type": "column" + }, + "client_secret_expires_at": { + "column": "client_secret_expires_at", + "type": "column" + }, + "client_uri": { + "column": "client_uri", + "type": "column" + }, + "contacts": { + "column": "contacts", + "type": "column" + }, + "frontchannel_logout_session_required": { + "column": "frontchannel_logout_session_required", + "type": "column" + }, + "frontchannel_logout_uri": { + "column": "frontchannel_logout_uri", + "type": "column" + }, + "grant_types": { + "column": "grant_types", + "type": "column" + }, + "implicit_grant_access_token_lifespan": { + "column": "implicit_grant_access_token_lifespan", + "type": "column" + }, + "implicit_grant_id_token_lifespan": { + "column": "implicit_grant_id_token_lifespan", + "type": "column" + }, + "jwks": { + "column": "jwks", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "jwt_bearer_grant_access_token_lifespan": { + "column": "jwt_bearer_grant_access_token_lifespan", + "type": "column" + }, + "logo_uri": { + "column": "logo_uri", + "type": "column" + }, + "metadata": { + "column": "metadata", + "type": "column" + }, + "owner": { + "column": "owner", + "type": "column" + }, + "password_grant_access_token_lifespan": { + "column": "password_grant_access_token_lifespan", + "type": "column" + }, + "password_grant_refresh_token_lifespan": { + "column": "password_grant_refresh_token_lifespan", + "type": "column" + }, + "policy_uri": { + "column": "policy_uri", + "type": "column" + }, + "post_logout_redirect_uris": { + "column": "post_logout_redirect_uris", + "type": "column" + }, + "redirect_uris": { + "column": "redirect_uris", + "type": "column" + }, + "refresh_token_grant_access_token_lifespan": { + "column": "refresh_token_grant_access_token_lifespan", + "type": "column" + }, + "refresh_token_grant_id_token_lifespan": { + "column": "refresh_token_grant_id_token_lifespan", + "type": "column" + }, + "refresh_token_grant_refresh_token_lifespan": { + "column": "refresh_token_grant_refresh_token_lifespan", + "type": "column" + }, + "registration_access_token": { + "column": "registration_access_token", + "type": "column" + }, + "registration_client_uri": { + "column": "registration_client_uri", + "type": "column" + }, + "request_object_signing_alg": { + "column": "request_object_signing_alg", + "type": "column" + }, + "request_uris": { + "column": "request_uris", + "type": "column" + }, + "response_types": { + "column": "response_types", + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "sector_identifier_uri": { + "column": "sector_identifier_uri", + "type": "column" + }, + "subject_type": { + "column": "subject_type", + "type": "column" + }, + "token_endpoint_auth_method": { + "column": "token_endpoint_auth_method", + "type": "column" + }, + "token_endpoint_auth_signing_alg": { + "column": "token_endpoint_auth_signing_alg", + "type": "column" + }, + "tos_uri": { + "column": "tos_uri", + "type": "column" + }, + "userinfo_signed_response_alg": { + "column": "userinfo_signed_response_alg", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/03-updateOAuth2Client/expected.json b/testdata/01-setup/mutation/03-updateOAuth2Client/expected.json new file mode 100644 index 0000000..172c7ab --- /dev/null +++ b/testdata/01-setup/mutation/03-updateOAuth2Client/expected.json @@ -0,0 +1,56 @@ +{ + "operation_results": [ + { + "type": "procedure", + "result": { + "allowed_cors_origins": ["http://localhost:3000"], + "audience": ["customer"], + "authorization_code_grant_access_token_lifespan": "1h30m0s", + "authorization_code_grant_id_token_lifespan": "3h30m0s", + "authorization_code_grant_refresh_token_lifespan": "2h30m0s", + "backchannel_logout_session_required": null, + "backchannel_logout_uri": "http://backchannel-update/logout", + "client_credentials_grant_access_token_lifespan": "4h30m0s", + "client_id": "test-client", + "client_name": "Test client updated", + "client_secret": "randomsecret", + "client_secret_expires_at": 0, + "client_uri": "http://localhost:3000", + "contacts": ["test"], + "frontchannel_logout_session_required": null, + "frontchannel_logout_uri": "http://frontchannel-update/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h30m0s", + "implicit_grant_id_token_lifespan": "2h30m0s", + "jwks": {}, + "jwks_uri": "http://localhost:3000/jwks", + "jwt_bearer_grant_access_token_lifespan": "1h0m0s", + "logo_uri": "http://localhost:3000/logo", + "metadata": { + "foo": "baz" + }, + "owner": "test", + "password_grant_access_token_lifespan": "1h0m0s", + "password_grant_refresh_token_lifespan": "2h0m0s", + "policy_uri": "http://localhost:3000/policy_uri", + "post_logout_redirect_uris": ["http://localhost:3000/post-logout"], + "redirect_uris": ["http://localhost:3000/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "24h0m0s", + "refresh_token_grant_id_token_lifespan": "23h0m0s", + "refresh_token_grant_refresh_token_lifespan": "22h0m0s", + "registration_access_token": "registration_access_token", + "registration_client_uri": "http://localhost:3000", + "request_object_signing_alg": "none", + "request_uris": ["http://localhost:3000/request_uris"], + "response_types": ["token"], + "scope": "read offline", + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_post", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "none", + "userinfo_signed_response_alg": "none" + } + } + ] +} diff --git a/testdata/01-setup/mutation/03-updateOAuth2Client/request.json b/testdata/01-setup/mutation/03-updateOAuth2Client/request.json new file mode 100644 index 0000000..4641c34 --- /dev/null +++ b/testdata/01-setup/mutation/03-updateOAuth2Client/request.json @@ -0,0 +1,247 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "updateOAuth2Client", + "arguments": { + "body": { + "allowed_cors_origins": ["http://localhost:3000"], + "audience": ["customer"], + "authorization_code_grant_access_token_lifespan": "1h30m", + "authorization_code_grant_id_token_lifespan": "3h30m", + "authorization_code_grant_refresh_token_lifespan": "2h30m", + "backchannel_logout_session_required": false, + "backchannel_logout_uri": "http://backchannel-update/logout", + "client_credentials_grant_access_token_lifespan": "4h30m", + "client_id": "test-client", + "client_name": "Test client updated", + "client_secret": "randomsecret", + "client_uri": "http://localhost:3000", + "contacts": ["test"], + "created_at": "1970-01-01T00:00:00Z", + "frontchannel_logout_session_required": false, + "frontchannel_logout_uri": "http://frontchannel-update/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h30m", + "implicit_grant_id_token_lifespan": "2h30m", + "jwks": null, + "jwks_uri": "http://localhost:3000/jwks", + "jwt_bearer_grant_access_token_lifespan": "1h", + "logo_uri": "http://localhost:3000/logo", + "metadata": { + "foo": "baz" + }, + "owner": "test", + "password_grant_access_token_lifespan": "1h", + "password_grant_refresh_token_lifespan": "2h", + "policy_uri": "http://localhost:3000/policy_uri", + "post_logout_redirect_uris": ["http://localhost:3000/post-logout"], + "redirect_uris": ["http://localhost:3000/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "24h", + "refresh_token_grant_id_token_lifespan": "23h", + "refresh_token_grant_refresh_token_lifespan": "22h", + "registration_access_token": "registration_access_token", + "registration_client_uri": "http://localhost:3000", + "request_object_signing_alg": "none", + "request_uris": ["http://localhost:3000/request_uris"], + "response_types": ["token"], + "scope": "read offline", + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_post", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "none", + "updated_at": "1970-01-01T00:00:00Z", + "userinfo_signed_response_alg": "none" + }, + "id": "test-client" + }, + "fields": { + "fields": { + "allowed_cors_origins": { + "column": "allowed_cors_origins", + "type": "column" + }, + "audience": { + "column": "audience", + "type": "column" + }, + "authorization_code_grant_access_token_lifespan": { + "column": "authorization_code_grant_access_token_lifespan", + "type": "column" + }, + "authorization_code_grant_id_token_lifespan": { + "column": "authorization_code_grant_id_token_lifespan", + "type": "column" + }, + "authorization_code_grant_refresh_token_lifespan": { + "column": "authorization_code_grant_refresh_token_lifespan", + "type": "column" + }, + "backchannel_logout_session_required": { + "column": "backchannel_logout_session_required", + "type": "column" + }, + "backchannel_logout_uri": { + "column": "backchannel_logout_uri", + "type": "column" + }, + "client_credentials_grant_access_token_lifespan": { + "column": "client_credentials_grant_access_token_lifespan", + "type": "column" + }, + "client_id": { + "column": "client_id", + "type": "column" + }, + "client_name": { + "column": "client_name", + "type": "column" + }, + "client_secret": { + "column": "client_secret", + "type": "column" + }, + "client_secret_expires_at": { + "column": "client_secret_expires_at", + "type": "column" + }, + "client_uri": { + "column": "client_uri", + "type": "column" + }, + "contacts": { + "column": "contacts", + "type": "column" + }, + "frontchannel_logout_session_required": { + "column": "frontchannel_logout_session_required", + "type": "column" + }, + "frontchannel_logout_uri": { + "column": "frontchannel_logout_uri", + "type": "column" + }, + "grant_types": { + "column": "grant_types", + "type": "column" + }, + "implicit_grant_access_token_lifespan": { + "column": "implicit_grant_access_token_lifespan", + "type": "column" + }, + "implicit_grant_id_token_lifespan": { + "column": "implicit_grant_id_token_lifespan", + "type": "column" + }, + "jwks": { + "column": "jwks", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "jwt_bearer_grant_access_token_lifespan": { + "column": "jwt_bearer_grant_access_token_lifespan", + "type": "column" + }, + "logo_uri": { + "column": "logo_uri", + "type": "column" + }, + "metadata": { + "column": "metadata", + "type": "column" + }, + "owner": { + "column": "owner", + "type": "column" + }, + "password_grant_access_token_lifespan": { + "column": "password_grant_access_token_lifespan", + "type": "column" + }, + "password_grant_refresh_token_lifespan": { + "column": "password_grant_refresh_token_lifespan", + "type": "column" + }, + "policy_uri": { + "column": "policy_uri", + "type": "column" + }, + "post_logout_redirect_uris": { + "column": "post_logout_redirect_uris", + "type": "column" + }, + "redirect_uris": { + "column": "redirect_uris", + "type": "column" + }, + "refresh_token_grant_access_token_lifespan": { + "column": "refresh_token_grant_access_token_lifespan", + "type": "column" + }, + "refresh_token_grant_id_token_lifespan": { + "column": "refresh_token_grant_id_token_lifespan", + "type": "column" + }, + "refresh_token_grant_refresh_token_lifespan": { + "column": "refresh_token_grant_refresh_token_lifespan", + "type": "column" + }, + "registration_access_token": { + "column": "registration_access_token", + "type": "column" + }, + "registration_client_uri": { + "column": "registration_client_uri", + "type": "column" + }, + "request_object_signing_alg": { + "column": "request_object_signing_alg", + "type": "column" + }, + "request_uris": { + "column": "request_uris", + "type": "column" + }, + "response_types": { + "column": "response_types", + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "sector_identifier_uri": { + "column": "sector_identifier_uri", + "type": "column" + }, + "subject_type": { + "column": "subject_type", + "type": "column" + }, + "token_endpoint_auth_method": { + "column": "token_endpoint_auth_method", + "type": "column" + }, + "token_endpoint_auth_signing_alg": { + "column": "token_endpoint_auth_signing_alg", + "type": "column" + }, + "tos_uri": { + "column": "tos_uri", + "type": "column" + }, + "userinfo_signed_response_alg": { + "column": "userinfo_signed_response_alg", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/expected.json b/testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/expected.json new file mode 100644 index 0000000..63b0b52 --- /dev/null +++ b/testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/expected.json @@ -0,0 +1,50 @@ +{ + "operation_results": [ + { + "result": { + "allowed_cors_origins": ["http://localhost:8080"], + "audience": ["user"], + "authorization_code_grant_access_token_lifespan": "1h0m0s", + "authorization_code_grant_id_token_lifespan": "3h0m0s", + "authorization_code_grant_refresh_token_lifespan": "2h0m0s", + "backchannel_logout_session_required": true, + "backchannel_logout_uri": "http://backchannel/logout", + "client_credentials_grant_access_token_lifespan": "4h0m0s", + "client_name": "Test dynamic client", + "client_secret_expires_at": 0, + "client_uri": "http://localhost:8080", + "contacts": ["bouUoMs41s"], + "frontchannel_logout_session_required": true, + "frontchannel_logout_uri": "http://frontchannel/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h0m0s", + "implicit_grant_id_token_lifespan": "2h0m0s", + "jwks": {}, + "jwks_uri": "http://localhost:8080/jwks", + "jwt_bearer_grant_access_token_lifespan": "3h0m0s", + "logo_uri": "http://localhost:8080/logo", + "metadata": {}, + "owner": "FiZD1435Ve", + "password_grant_access_token_lifespan": "4h0m0s", + "password_grant_refresh_token_lifespan": "3h0m0s", + "policy_uri": "http://localhost:8080/policy_uri", + "post_logout_redirect_uris": ["http://localhost:8080/post-logout"], + "redirect_uris": ["http://localhost:8080/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "2h0m0s", + "refresh_token_grant_id_token_lifespan": "1h0m0s", + "refresh_token_grant_refresh_token_lifespan": "2h0m0s", + "request_object_signing_alg": "HS256", + "request_uris": ["http://localhost:8080/request_uris"], + "response_types": ["code"], + "scope": "email", + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_basic", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "eE5F7kI9Uz", + "userinfo_signed_response_alg": "none" + }, + "type": "procedure" + } + ] +} diff --git a/testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/request.json b/testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/request.json new file mode 100644 index 0000000..4b115fd --- /dev/null +++ b/testdata/01-setup/mutation/04-dynamicClientRegistrationCreateOAuth2Client/request.json @@ -0,0 +1,227 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "dynamicClientRegistrationCreateOAuth2Client", + "arguments": { + "body": { + "allowed_cors_origins": ["http://localhost:8080"], + "audience": ["user"], + "authorization_code_grant_access_token_lifespan": "1h", + "authorization_code_grant_id_token_lifespan": "3h", + "authorization_code_grant_refresh_token_lifespan": "2h", + "backchannel_logout_session_required": true, + "backchannel_logout_uri": "http://backchannel/logout", + "client_credentials_grant_access_token_lifespan": "4h", + "client_id": "test-dynamic-client", + "client_name": "Test dynamic client", + "client_secret_expires_at": 3600, + "client_uri": "http://localhost:8080", + "contacts": ["bouUoMs41s"], + "created_at": "2019-08-24T14:15:22Z", + "frontchannel_logout_session_required": true, + "frontchannel_logout_uri": "http://frontchannel/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h", + "implicit_grant_id_token_lifespan": "2h", + "jwks": null, + "jwks_uri": "http://localhost:8080/jwks", + "jwt_bearer_grant_access_token_lifespan": "3h", + "logo_uri": "http://localhost:8080/logo", + "owner": "FiZD1435Ve", + "password_grant_access_token_lifespan": "4h", + "password_grant_refresh_token_lifespan": "3h", + "policy_uri": "http://localhost:8080/policy_uri", + "post_logout_redirect_uris": ["http://localhost:8080/post-logout"], + "redirect_uris": ["http://localhost:8080/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "2h", + "refresh_token_grant_id_token_lifespan": "1h", + "refresh_token_grant_refresh_token_lifespan": "2h", + "registration_access_token": "randomtoken", + "registration_client_uri": "http://localhost:8080", + "request_object_signing_alg": "HS256", + "request_uris": ["http://localhost:8080/request_uris"], + "response_types": ["code"], + "scope": "email", + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_basic", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "eE5F7kI9Uz", + "updated_at": "1970-01-01T00:00:01Z", + "userinfo_signed_response_alg": "none" + } + }, + "fields": { + "fields": { + "allowed_cors_origins": { + "column": "allowed_cors_origins", + "type": "column" + }, + "audience": { + "column": "audience", + "type": "column" + }, + "authorization_code_grant_access_token_lifespan": { + "column": "authorization_code_grant_access_token_lifespan", + "type": "column" + }, + "authorization_code_grant_id_token_lifespan": { + "column": "authorization_code_grant_id_token_lifespan", + "type": "column" + }, + "authorization_code_grant_refresh_token_lifespan": { + "column": "authorization_code_grant_refresh_token_lifespan", + "type": "column" + }, + "backchannel_logout_session_required": { + "column": "backchannel_logout_session_required", + "type": "column" + }, + "backchannel_logout_uri": { + "column": "backchannel_logout_uri", + "type": "column" + }, + "client_credentials_grant_access_token_lifespan": { + "column": "client_credentials_grant_access_token_lifespan", + "type": "column" + }, + "client_name": { + "column": "client_name", + "type": "column" + }, + "client_secret_expires_at": { + "column": "client_secret_expires_at", + "type": "column" + }, + "client_uri": { + "column": "client_uri", + "type": "column" + }, + "contacts": { + "column": "contacts", + "type": "column" + }, + "frontchannel_logout_session_required": { + "column": "frontchannel_logout_session_required", + "type": "column" + }, + "frontchannel_logout_uri": { + "column": "frontchannel_logout_uri", + "type": "column" + }, + "grant_types": { + "column": "grant_types", + "type": "column" + }, + "implicit_grant_access_token_lifespan": { + "column": "implicit_grant_access_token_lifespan", + "type": "column" + }, + "implicit_grant_id_token_lifespan": { + "column": "implicit_grant_id_token_lifespan", + "type": "column" + }, + "jwks": { + "column": "jwks", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "jwt_bearer_grant_access_token_lifespan": { + "column": "jwt_bearer_grant_access_token_lifespan", + "type": "column" + }, + "logo_uri": { + "column": "logo_uri", + "type": "column" + }, + "metadata": { + "column": "metadata", + "type": "column" + }, + "owner": { + "column": "owner", + "type": "column" + }, + "password_grant_access_token_lifespan": { + "column": "password_grant_access_token_lifespan", + "type": "column" + }, + "password_grant_refresh_token_lifespan": { + "column": "password_grant_refresh_token_lifespan", + "type": "column" + }, + "policy_uri": { + "column": "policy_uri", + "type": "column" + }, + "post_logout_redirect_uris": { + "column": "post_logout_redirect_uris", + "type": "column" + }, + "redirect_uris": { + "column": "redirect_uris", + "type": "column" + }, + "refresh_token_grant_access_token_lifespan": { + "column": "refresh_token_grant_access_token_lifespan", + "type": "column" + }, + "refresh_token_grant_id_token_lifespan": { + "column": "refresh_token_grant_id_token_lifespan", + "type": "column" + }, + "refresh_token_grant_refresh_token_lifespan": { + "column": "refresh_token_grant_refresh_token_lifespan", + "type": "column" + }, + "request_object_signing_alg": { + "column": "request_object_signing_alg", + "type": "column" + }, + "request_uris": { + "column": "request_uris", + "type": "column" + }, + "response_types": { + "column": "response_types", + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "sector_identifier_uri": { + "column": "sector_identifier_uri", + "type": "column" + }, + "subject_type": { + "column": "subject_type", + "type": "column" + }, + "token_endpoint_auth_method": { + "column": "token_endpoint_auth_method", + "type": "column" + }, + "token_endpoint_auth_signing_alg": { + "column": "token_endpoint_auth_signing_alg", + "type": "column" + }, + "tos_uri": { + "column": "tos_uri", + "type": "column" + }, + "userinfo_signed_response_alg": { + "column": "userinfo_signed_response_alg", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/expected.json b/testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/expected.json new file mode 100644 index 0000000..e62ec74 --- /dev/null +++ b/testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/expected.json @@ -0,0 +1,8 @@ +{ + "operation_results": [ + { + "result": true, + "type": "procedure" + } + ] +} diff --git a/testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/request.json b/testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/request.json new file mode 100644 index 0000000..43123a4 --- /dev/null +++ b/testdata/01-setup/mutation/05-flushInactiveOAuth2Tokens/request.json @@ -0,0 +1,14 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "flushInactiveOAuth2Tokens", + "arguments": { + "body": { + "notAfter": "2024-01-01T00:00:00Z" + } + } + } + ] +} diff --git a/testdata/01-setup/mutation/06-createJsonWebKeySet/expected.json b/testdata/01-setup/mutation/06-createJsonWebKeySet/expected.json new file mode 100644 index 0000000..ba7516b --- /dev/null +++ b/testdata/01-setup/mutation/06-createJsonWebKeySet/expected.json @@ -0,0 +1,41 @@ +{ + "operation_results": [ + { + "type": "procedure", + "result": { + "keys": [ + { + "alg": "RS256", + "crv": null, + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + }, + { + "alg": "RS256", + "crv": null, + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "public:eAJi2E8Clh", + "kty": "RSA", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + } + ] + } + } + ] +} diff --git a/testdata/01-setup/mutation/06-createJsonWebKeySet/request.json b/testdata/01-setup/mutation/06-createJsonWebKeySet/request.json new file mode 100644 index 0000000..b3a7e2b --- /dev/null +++ b/testdata/01-setup/mutation/06-createJsonWebKeySet/request.json @@ -0,0 +1,86 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "createJsonWebKeySet", + "arguments": { + "body": { + "alg": "RS256", + "kid": "eAJi2E8Clh", + "use": "sig" + }, + "set": "test-jwk-set" + }, + "fields": { + "fields": { + "keys": { + "column": "keys", + "fields": { + "fields": { + "fields": { + "alg": { + "column": "alg", + "type": "column" + }, + "crv": { + "column": "crv", + "type": "column" + }, + "dp": { + "column": "dp", + "type": "column" + }, + "dq": { + "column": "dq", + "type": "column" + }, + "e": { + "column": "e", + "type": "column" + }, + "k": { + "column": "k", + "type": "column" + }, + "kid": { + "column": "kid", + "type": "column" + }, + "kty": { + "column": "kty", + "type": "column" + }, + "qi": { + "column": "qi", + "type": "column" + }, + "use": { + "column": "use", + "type": "column" + }, + "x": { + "column": "x", + "type": "column" + }, + "x5c": { + "column": "x5c", + "type": "column" + }, + "y": { + "column": "y", + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/07-updateJsonWebKeySet/expected.json b/testdata/01-setup/mutation/07-updateJsonWebKeySet/expected.json new file mode 100644 index 0000000..406d104 --- /dev/null +++ b/testdata/01-setup/mutation/07-updateJsonWebKeySet/expected.json @@ -0,0 +1,30 @@ +{ + "operation_results": [ + { + "result": { + "keys": [ + { + "alg": "RS256", + "crv": null, + "d": "GRSr36MI4AvopL53amId5_yNc2PJU5ingxssc4T09y9NPaVzcKJ4AvJT_1iLWJE2H3kU5OC4_mq_PaLgTs0CIALT7vngRZizXfJNcMBoV7hztkfM-sH7GL8lpfs3V8kJnBrhGsZJjUGdWM6Q9bbQQSuQBJeIXnAGDbp-voI0Gy83uEpukHa5WpB6CzzD6-ivZpD5LF_g4zmWscht1CYENkk9wcmU9A34HH1vxAzRhktE6Rd7s_twMCwzsrNEDpfKpoC0ltOdOr9zCdekM344_hCjkxdXiTZ7qzH3e64OuSBGHLNmdMD1YzEi5WIdK-er8A57j9HQqDIY2DePVEk4veInAPG_b8fFUDFjDMX4yMBzkluJqlFIH33ce8-lcCrLkIOJdiQFEVGZNTX_ZkfgmT_zjIMnHGlgVvL61akP2RhWB-M0DDy7YCImgXT4EqPW53RuN8g6FewuHAIJ3Ka0F-a-1u6Uf34bM9RPY6rcfYGMYDmqf-9chip68Z1qrxPVDkoJXQZh4afdLv0HQntxdMkwnFIadqX0fppiBJXe2Um03D6so9RXD9moab31S5vLmWqq-0i9LVi819JQ_Y8bKSsZprkBywpsU3RudTFh7HWW58RguXXNduyzyILiI2a7cH80E52Mb-jzpWuHslgMdIWzVNrGgAkXrjIJ6hwLtpE", + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "n": "yLKyzaQeWovuRB0jGP3SLfaK6DhpQaPzHUdQ6pntf_ojCcYlEwB1MqXh64MNucARhpIMEG312Ht0-mCVlsPzp2IVr8l2kzD6xNmosvn4YIxkPB_cEjjSYvgiqzGdsd4pC7Sk94qbRg21rro5xdqNaLUU0omQSMewaQr0d08J27hSwT1Kq9UL2wxVoxCqUAnbF7R5MluP0dDsab-Y3iylrMZsvwamV3zZIT5180Pg1vPI33EdbY_6XIjnhbARD-_I7unHWLcr5aPIht3eNvbTT4IFPis3t-ulx8mSBky4BPhJbGLfbzJERXiIPKvfLhmgV9jagBMFAGYOs25zRfjHxxrL3-WObPHLJZNSg2qUIDvS1JmtkUQG1RhxeGgJEC9kSyntDFEVAZFUkCztr2Oo46q7Mnag7SVGMD9deVvE9i7jlapYRNTzEzePUhsCzepc6GO9MO61NTE_Qp3sxHmxURkgp9hkOBng_YsusNf4Af0eBd93md8a3bHd3BR4iSAp1MRzC03Eob0AmvJUNpImQu-f5tqf8nAWzvH6OfgIXtUMKiu9QeM_Jm3BIcW38ZxzZEkAMKeD46gvesWuKjyOzMzs3XMtZ5PCoBIPJjaryP0-8ii3NFIMLRj63j6gohjxHnW6KqS0OWpgq_gKFr_E6_FDCYv7dIYDdWmth_fu4cM", + "p": "-NP2Sc8RXFccjfzMYe0LZc9lptSTPDMMgLL4nWXIlCmIoxJlNvzNypz4wy97cHmSi_t3tJCAJ2G69KO-tJ8rpmDlqQNE7vaL5Rtsaz8thcgtZpftF4Kp9wlALWuaWcz3szj2fSuqO6tbGDYI5UeyBUn77HS6ZiSJ93KaO2TYRmZvL4hHvtvrS_mj-MnZ6mLWwa0jQFYvcK9vZaHLJMDFBjH0McFdkSE4OBYvmIJ2AqmYPmwndUbPFjXs7dWTo975wgfTpmzcTiKb-Z_mu2zdMJYw-cU9e8-jpLA6R2Lc25nEtKwC7m0yN77tke7eJrByzBIunGsnzxbDh1GQXo3k1Q", + "q": "znuZELOen_vxzkhU6li6JnXfoQOx2319AyVo2CohhvukHCQuRrFSo1EqiUtKimG7QPt6yHPWsJmeArb1W6UBOnTNWUsDv_1AcdC-oYZ_sz1LK3rHe93kva34brIXqjcJujcI5VW_HHP23CV67d6_7oRmyHpqIr1D8WXQvx-tpW8PVsmo_0h8H2smas9046eonI6BQG3fPdIhwXbI-c6I-VuudTyEVEbvP_l74tiJQeqkZfaPvOIOMkIN5pMDPrRxIq_35l4Eu3xy2UwASJLSTvX7KE2d3HWHMtDipdN8UdHnlMbMs5ZwfhoC8Pr3lw30K6Jtl9_7NRbaNyBisGPYNw", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + } + ] + }, + "type": "procedure" + } + ] +} diff --git a/testdata/01-setup/mutation/07-updateJsonWebKeySet/request.json b/testdata/01-setup/mutation/07-updateJsonWebKeySet/request.json new file mode 100644 index 0000000..524d51f --- /dev/null +++ b/testdata/01-setup/mutation/07-updateJsonWebKeySet/request.json @@ -0,0 +1,120 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "updateJsonWebKeySet", + "arguments": { + "body": { + "keys": [ + { + "alg": "RS256", + "crv": null, + "d": "GRSr36MI4AvopL53amId5_yNc2PJU5ingxssc4T09y9NPaVzcKJ4AvJT_1iLWJE2H3kU5OC4_mq_PaLgTs0CIALT7vngRZizXfJNcMBoV7hztkfM-sH7GL8lpfs3V8kJnBrhGsZJjUGdWM6Q9bbQQSuQBJeIXnAGDbp-voI0Gy83uEpukHa5WpB6CzzD6-ivZpD5LF_g4zmWscht1CYENkk9wcmU9A34HH1vxAzRhktE6Rd7s_twMCwzsrNEDpfKpoC0ltOdOr9zCdekM344_hCjkxdXiTZ7qzH3e64OuSBGHLNmdMD1YzEi5WIdK-er8A57j9HQqDIY2DePVEk4veInAPG_b8fFUDFjDMX4yMBzkluJqlFIH33ce8-lcCrLkIOJdiQFEVGZNTX_ZkfgmT_zjIMnHGlgVvL61akP2RhWB-M0DDy7YCImgXT4EqPW53RuN8g6FewuHAIJ3Ka0F-a-1u6Uf34bM9RPY6rcfYGMYDmqf-9chip68Z1qrxPVDkoJXQZh4afdLv0HQntxdMkwnFIadqX0fppiBJXe2Um03D6so9RXD9moab31S5vLmWqq-0i9LVi819JQ_Y8bKSsZprkBywpsU3RudTFh7HWW58RguXXNduyzyILiI2a7cH80E52Mb-jzpWuHslgMdIWzVNrGgAkXrjIJ6hwLtpE", + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "n": "yLKyzaQeWovuRB0jGP3SLfaK6DhpQaPzHUdQ6pntf_ojCcYlEwB1MqXh64MNucARhpIMEG312Ht0-mCVlsPzp2IVr8l2kzD6xNmosvn4YIxkPB_cEjjSYvgiqzGdsd4pC7Sk94qbRg21rro5xdqNaLUU0omQSMewaQr0d08J27hSwT1Kq9UL2wxVoxCqUAnbF7R5MluP0dDsab-Y3iylrMZsvwamV3zZIT5180Pg1vPI33EdbY_6XIjnhbARD-_I7unHWLcr5aPIht3eNvbTT4IFPis3t-ulx8mSBky4BPhJbGLfbzJERXiIPKvfLhmgV9jagBMFAGYOs25zRfjHxxrL3-WObPHLJZNSg2qUIDvS1JmtkUQG1RhxeGgJEC9kSyntDFEVAZFUkCztr2Oo46q7Mnag7SVGMD9deVvE9i7jlapYRNTzEzePUhsCzepc6GO9MO61NTE_Qp3sxHmxURkgp9hkOBng_YsusNf4Af0eBd93md8a3bHd3BR4iSAp1MRzC03Eob0AmvJUNpImQu-f5tqf8nAWzvH6OfgIXtUMKiu9QeM_Jm3BIcW38ZxzZEkAMKeD46gvesWuKjyOzMzs3XMtZ5PCoBIPJjaryP0-8ii3NFIMLRj63j6gohjxHnW6KqS0OWpgq_gKFr_E6_FDCYv7dIYDdWmth_fu4cM", + "p": "-NP2Sc8RXFccjfzMYe0LZc9lptSTPDMMgLL4nWXIlCmIoxJlNvzNypz4wy97cHmSi_t3tJCAJ2G69KO-tJ8rpmDlqQNE7vaL5Rtsaz8thcgtZpftF4Kp9wlALWuaWcz3szj2fSuqO6tbGDYI5UeyBUn77HS6ZiSJ93KaO2TYRmZvL4hHvtvrS_mj-MnZ6mLWwa0jQFYvcK9vZaHLJMDFBjH0McFdkSE4OBYvmIJ2AqmYPmwndUbPFjXs7dWTo975wgfTpmzcTiKb-Z_mu2zdMJYw-cU9e8-jpLA6R2Lc25nEtKwC7m0yN77tke7eJrByzBIunGsnzxbDh1GQXo3k1Q", + "q": "znuZELOen_vxzkhU6li6JnXfoQOx2319AyVo2CohhvukHCQuRrFSo1EqiUtKimG7QPt6yHPWsJmeArb1W6UBOnTNWUsDv_1AcdC-oYZ_sz1LK3rHe93kva34brIXqjcJujcI5VW_HHP23CV67d6_7oRmyHpqIr1D8WXQvx-tpW8PVsmo_0h8H2smas9046eonI6BQG3fPdIhwXbI-c6I-VuudTyEVEbvP_l74tiJQeqkZfaPvOIOMkIN5pMDPrRxIq_35l4Eu3xy2UwASJLSTvX7KE2d3HWHMtDipdN8UdHnlMbMs5ZwfhoC8Pr3lw30K6Jtl9_7NRbaNyBisGPYNw", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + } + ] + }, + "set": "test-jwk-set" + }, + "fields": { + "fields": { + "keys": { + "column": "keys", + "fields": { + "fields": { + "fields": { + "alg": { + "column": "alg", + "type": "column" + }, + "crv": { + "column": "crv", + "type": "column" + }, + "d": { + "column": "d", + "type": "column" + }, + "dp": { + "column": "dp", + "type": "column" + }, + "dq": { + "column": "dq", + "type": "column" + }, + "e": { + "column": "e", + "type": "column" + }, + "k": { + "column": "k", + "type": "column" + }, + "kid": { + "column": "kid", + "type": "column" + }, + "kty": { + "column": "kty", + "type": "column" + }, + "n": { + "column": "n", + "type": "column" + }, + "p": { + "column": "p", + "type": "column" + }, + "q": { + "column": "q", + "type": "column" + }, + "qi": { + "column": "qi", + "type": "column" + }, + "use": { + "column": "use", + "type": "column" + }, + "x": { + "column": "x", + "type": "column" + }, + "x5c": { + "column": "x5c", + "type": "column" + }, + "y": { + "column": "y", + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/08-updateJsonWebKey/expected.json b/testdata/01-setup/mutation/08-updateJsonWebKey/expected.json new file mode 100644 index 0000000..b4bb7f9 --- /dev/null +++ b/testdata/01-setup/mutation/08-updateJsonWebKey/expected.json @@ -0,0 +1,26 @@ +{ + "operation_results": [ + { + "result": { + "alg": "RS256", + "crv": null, + "d": "GRSr36MI4AvopL53amId5_yNc2PJU5ingxssc4T09y9NPaVzcKJ4AvJT_1iLWJE2H3kU5OC4_mq_PaLgTs0CIALT7vngRZizXfJNcMBoV7hztkfM-sH7GL8lpfs3V8kJnBrhGsZJjUGdWM6Q9bbQQSuQBJeIXnAGDbp-voI0Gy83uEpukHa5WpB6CzzD6-ivZpD5LF_g4zmWscht1CYENkk9wcmU9A34HH1vxAzRhktE6Rd7s_twMCwzsrNEDpfKpoC0ltOdOr9zCdekM344_hCjkxdXiTZ7qzH3e64OuSBGHLNmdMD1YzEi5WIdK-er8A57j9HQqDIY2DePVEk4veInAPG_b8fFUDFjDMX4yMBzkluJqlFIH33ce8-lcCrLkIOJdiQFEVGZNTX_ZkfgmT_zjIMnHGlgVvL61akP2RhWB-M0DDy7YCImgXT4EqPW53RuN8g6FewuHAIJ3Ka0F-a-1u6Uf34bM9RPY6rcfYGMYDmqf-9chip68Z1qrxPVDkoJXQZh4afdLv0HQntxdMkwnFIadqX0fppiBJXe2Um03D6so9RXD9moab31S5vLmWqq-0i9LVi819JQ_Y8bKSsZprkBywpsU3RudTFh7HWW58RguXXNduyzyILiI2a7cH80E52Mb-jzpWuHslgMdIWzVNrGgAkXrjIJ6hwLtpE", + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "n": "yLKyzaQeWovuRB0jGP3SLfaK6DhpQaPzHUdQ6pntf_ojCcYlEwB1MqXh64MNucARhpIMEG312Ht0-mCVlsPzp2IVr8l2kzD6xNmosvn4YIxkPB_cEjjSYvgiqzGdsd4pC7Sk94qbRg21rro5xdqNaLUU0omQSMewaQr0d08J27hSwT1Kq9UL2wxVoxCqUAnbF7R5MluP0dDsab-Y3iylrMZsvwamV3zZIT5180Pg1vPI33EdbY_6XIjnhbARD-_I7unHWLcr5aPIht3eNvbTT4IFPis3t-ulx8mSBky4BPhJbGLfbzJERXiIPKvfLhmgV9jagBMFAGYOs25zRfjHxxrL3-WObPHLJZNSg2qUIDvS1JmtkUQG1RhxeGgJEC9kSyntDFEVAZFUkCztr2Oo46q7Mnag7SVGMD9deVvE9i7jlapYRNTzEzePUhsCzepc6GO9MO61NTE_Qp3sxHmxURkgp9hkOBng_YsusNf4Af0eBd93md8a3bHd3BR4iSAp1MRzC03Eob0AmvJUNpImQu-f5tqf8nAWzvH6OfgIXtUMKiu9QeM_Jm3BIcW38ZxzZEkAMKeD46gvesWuKjyOzMzs3XMtZ5PCoBIPJjaryP0-8ii3NFIMLRj63j6gohjxHnW6KqS0OWpgq_gKFr_E6_FDCYv7dIYDdWmth_fu4cM", + "p": "-NP2Sc8RXFccjfzMYe0LZc9lptSTPDMMgLL4nWXIlCmIoxJlNvzNypz4wy97cHmSi_t3tJCAJ2G69KO-tJ8rpmDlqQNE7vaL5Rtsaz8thcgtZpftF4Kp9wlALWuaWcz3szj2fSuqO6tbGDYI5UeyBUn77HS6ZiSJ93KaO2TYRmZvL4hHvtvrS_mj-MnZ6mLWwa0jQFYvcK9vZaHLJMDFBjH0McFdkSE4OBYvmIJ2AqmYPmwndUbPFjXs7dWTo975wgfTpmzcTiKb-Z_mu2zdMJYw-cU9e8-jpLA6R2Lc25nEtKwC7m0yN77tke7eJrByzBIunGsnzxbDh1GQXo3k1Q", + "q": "znuZELOen_vxzkhU6li6JnXfoQOx2319AyVo2CohhvukHCQuRrFSo1EqiUtKimG7QPt6yHPWsJmeArb1W6UBOnTNWUsDv_1AcdC-oYZ_sz1LK3rHe93kva34brIXqjcJujcI5VW_HHP23CV67d6_7oRmyHpqIr1D8WXQvx-tpW8PVsmo_0h8H2smas9046eonI6BQG3fPdIhwXbI-c6I-VuudTyEVEbvP_l74tiJQeqkZfaPvOIOMkIN5pMDPrRxIq_35l4Eu3xy2UwASJLSTvX7KE2d3HWHMtDipdN8UdHnlMbMs5ZwfhoC8Pr3lw30K6Jtl9_7NRbaNyBisGPYNw", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + }, + "type": "procedure" + } + ] +} diff --git a/testdata/01-setup/mutation/08-updateJsonWebKey/request.json b/testdata/01-setup/mutation/08-updateJsonWebKey/request.json new file mode 100644 index 0000000..d088b0c --- /dev/null +++ b/testdata/01-setup/mutation/08-updateJsonWebKey/request.json @@ -0,0 +1,105 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "updateJsonWebKey", + "arguments": { + "body": { + "alg": "RS256", + "crv": null, + "d": "GRSr36MI4AvopL53amId5_yNc2PJU5ingxssc4T09y9NPaVzcKJ4AvJT_1iLWJE2H3kU5OC4_mq_PaLgTs0CIALT7vngRZizXfJNcMBoV7hztkfM-sH7GL8lpfs3V8kJnBrhGsZJjUGdWM6Q9bbQQSuQBJeIXnAGDbp-voI0Gy83uEpukHa5WpB6CzzD6-ivZpD5LF_g4zmWscht1CYENkk9wcmU9A34HH1vxAzRhktE6Rd7s_twMCwzsrNEDpfKpoC0ltOdOr9zCdekM344_hCjkxdXiTZ7qzH3e64OuSBGHLNmdMD1YzEi5WIdK-er8A57j9HQqDIY2DePVEk4veInAPG_b8fFUDFjDMX4yMBzkluJqlFIH33ce8-lcCrLkIOJdiQFEVGZNTX_ZkfgmT_zjIMnHGlgVvL61akP2RhWB-M0DDy7YCImgXT4EqPW53RuN8g6FewuHAIJ3Ka0F-a-1u6Uf34bM9RPY6rcfYGMYDmqf-9chip68Z1qrxPVDkoJXQZh4afdLv0HQntxdMkwnFIadqX0fppiBJXe2Um03D6so9RXD9moab31S5vLmWqq-0i9LVi819JQ_Y8bKSsZprkBywpsU3RudTFh7HWW58RguXXNduyzyILiI2a7cH80E52Mb-jzpWuHslgMdIWzVNrGgAkXrjIJ6hwLtpE", + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "n": "yLKyzaQeWovuRB0jGP3SLfaK6DhpQaPzHUdQ6pntf_ojCcYlEwB1MqXh64MNucARhpIMEG312Ht0-mCVlsPzp2IVr8l2kzD6xNmosvn4YIxkPB_cEjjSYvgiqzGdsd4pC7Sk94qbRg21rro5xdqNaLUU0omQSMewaQr0d08J27hSwT1Kq9UL2wxVoxCqUAnbF7R5MluP0dDsab-Y3iylrMZsvwamV3zZIT5180Pg1vPI33EdbY_6XIjnhbARD-_I7unHWLcr5aPIht3eNvbTT4IFPis3t-ulx8mSBky4BPhJbGLfbzJERXiIPKvfLhmgV9jagBMFAGYOs25zRfjHxxrL3-WObPHLJZNSg2qUIDvS1JmtkUQG1RhxeGgJEC9kSyntDFEVAZFUkCztr2Oo46q7Mnag7SVGMD9deVvE9i7jlapYRNTzEzePUhsCzepc6GO9MO61NTE_Qp3sxHmxURkgp9hkOBng_YsusNf4Af0eBd93md8a3bHd3BR4iSAp1MRzC03Eob0AmvJUNpImQu-f5tqf8nAWzvH6OfgIXtUMKiu9QeM_Jm3BIcW38ZxzZEkAMKeD46gvesWuKjyOzMzs3XMtZ5PCoBIPJjaryP0-8ii3NFIMLRj63j6gohjxHnW6KqS0OWpgq_gKFr_E6_FDCYv7dIYDdWmth_fu4cM", + "p": "-NP2Sc8RXFccjfzMYe0LZc9lptSTPDMMgLL4nWXIlCmIoxJlNvzNypz4wy97cHmSi_t3tJCAJ2G69KO-tJ8rpmDlqQNE7vaL5Rtsaz8thcgtZpftF4Kp9wlALWuaWcz3szj2fSuqO6tbGDYI5UeyBUn77HS6ZiSJ93KaO2TYRmZvL4hHvtvrS_mj-MnZ6mLWwa0jQFYvcK9vZaHLJMDFBjH0McFdkSE4OBYvmIJ2AqmYPmwndUbPFjXs7dWTo975wgfTpmzcTiKb-Z_mu2zdMJYw-cU9e8-jpLA6R2Lc25nEtKwC7m0yN77tke7eJrByzBIunGsnzxbDh1GQXo3k1Q", + "q": "znuZELOen_vxzkhU6li6JnXfoQOx2319AyVo2CohhvukHCQuRrFSo1EqiUtKimG7QPt6yHPWsJmeArb1W6UBOnTNWUsDv_1AcdC-oYZ_sz1LK3rHe93kva34brIXqjcJujcI5VW_HHP23CV67d6_7oRmyHpqIr1D8WXQvx-tpW8PVsmo_0h8H2smas9046eonI6BQG3fPdIhwXbI-c6I-VuudTyEVEbvP_l74tiJQeqkZfaPvOIOMkIN5pMDPrRxIq_35l4Eu3xy2UwASJLSTvX7KE2d3HWHMtDipdN8UdHnlMbMs5ZwfhoC8Pr3lw30K6Jtl9_7NRbaNyBisGPYNw", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + }, + "kid": "private:eAJi2E8Clh", + "set": "test-jwk-set" + }, + "fields": { + "fields": { + "alg": { + "column": "alg", + "type": "column" + }, + "crv": { + "column": "crv", + "type": "column" + }, + "d": { + "column": "d", + "type": "column" + }, + "dp": { + "column": "dp", + "type": "column" + }, + "dq": { + "column": "dq", + "type": "column" + }, + "e": { + "column": "e", + "type": "column" + }, + "k": { + "column": "k", + "type": "column" + }, + "kid": { + "column": "kid", + "type": "column" + }, + "kty": { + "column": "kty", + "type": "column" + }, + "n": { + "column": "n", + "type": "column" + }, + "p": { + "column": "p", + "type": "column" + }, + "q": { + "column": "q", + "type": "column" + }, + "qi": { + "column": "qi", + "type": "column" + }, + "use": { + "column": "use", + "type": "column" + }, + "x": { + "column": "x", + "type": "column" + }, + "x5c": { + "column": "x5c", + "type": "column" + }, + "y": { + "column": "y", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/09-oauth2Token/expected.json b/testdata/01-setup/mutation/09-oauth2Token/expected.json new file mode 100644 index 0000000..066a237 --- /dev/null +++ b/testdata/01-setup/mutation/09-oauth2Token/expected.json @@ -0,0 +1,14 @@ +{ + "operation_results": [ + { + "type": "procedure", + "result": { + "expires_in": 16199, + "id_token": null, + "refresh_token": null, + "scope": "", + "token_type": "bearer" + } + } + ] +} diff --git a/testdata/01-setup/mutation/09-oauth2Token/request.json b/testdata/01-setup/mutation/09-oauth2Token/request.json new file mode 100644 index 0000000..6dd8e5b --- /dev/null +++ b/testdata/01-setup/mutation/09-oauth2Token/request.json @@ -0,0 +1,41 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "oauth2Token", + "arguments": { + "body": { + "grant_type": "client_credentials", + "client_id": "test-client", + "client_secret": "randomsecret" + } + }, + "fields": { + "fields": { + "expires_in": { + "column": "expires_in", + "type": "column" + }, + "id_token": { + "column": "id_token", + "type": "column" + }, + "refresh_token": { + "column": "refresh_token", + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "token_type": { + "column": "token_type", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/10-trustJwtGrantIssuer/expected.json b/testdata/01-setup/mutation/10-trustJwtGrantIssuer/expected.json new file mode 100644 index 0000000..b96d528 --- /dev/null +++ b/testdata/01-setup/mutation/10-trustJwtGrantIssuer/expected.json @@ -0,0 +1,15 @@ +{ + "operation_results": [ + { + "result": { + "allow_any_subject": false, + "expires_at": "2040-01-01T00:00:00Z", + "issuer": "etd1aDJlEd", + "public_key": { "kid": "private:eAJi2E8Clh", "set": "etd1aDJlEd" }, + "scope": ["StkNfiEI2M"], + "subject": "TibzF1JqYe" + }, + "type": "procedure" + } + ] +} diff --git a/testdata/01-setup/mutation/10-trustJwtGrantIssuer/request.json b/testdata/01-setup/mutation/10-trustJwtGrantIssuer/request.json new file mode 100644 index 0000000..5a33324 --- /dev/null +++ b/testdata/01-setup/mutation/10-trustJwtGrantIssuer/request.json @@ -0,0 +1,79 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "trustJwtGrantIssuer", + "arguments": { + "body": { + "allow_any_subject": false, + "expires_at": "2040-01-01T00:00:00Z", + "issuer": "etd1aDJlEd", + "jwk": { + "alg": "RS256", + "crv": null, + "d": "GRSr36MI4AvopL53amId5_yNc2PJU5ingxssc4T09y9NPaVzcKJ4AvJT_1iLWJE2H3kU5OC4_mq_PaLgTs0CIALT7vngRZizXfJNcMBoV7hztkfM-sH7GL8lpfs3V8kJnBrhGsZJjUGdWM6Q9bbQQSuQBJeIXnAGDbp-voI0Gy83uEpukHa5WpB6CzzD6-ivZpD5LF_g4zmWscht1CYENkk9wcmU9A34HH1vxAzRhktE6Rd7s_twMCwzsrNEDpfKpoC0ltOdOr9zCdekM344_hCjkxdXiTZ7qzH3e64OuSBGHLNmdMD1YzEi5WIdK-er8A57j9HQqDIY2DePVEk4veInAPG_b8fFUDFjDMX4yMBzkluJqlFIH33ce8-lcCrLkIOJdiQFEVGZNTX_ZkfgmT_zjIMnHGlgVvL61akP2RhWB-M0DDy7YCImgXT4EqPW53RuN8g6FewuHAIJ3Ka0F-a-1u6Uf34bM9RPY6rcfYGMYDmqf-9chip68Z1qrxPVDkoJXQZh4afdLv0HQntxdMkwnFIadqX0fppiBJXe2Um03D6so9RXD9moab31S5vLmWqq-0i9LVi819JQ_Y8bKSsZprkBywpsU3RudTFh7HWW58RguXXNduyzyILiI2a7cH80E52Mb-jzpWuHslgMdIWzVNrGgAkXrjIJ6hwLtpE", + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "n": "yLKyzaQeWovuRB0jGP3SLfaK6DhpQaPzHUdQ6pntf_ojCcYlEwB1MqXh64MNucARhpIMEG312Ht0-mCVlsPzp2IVr8l2kzD6xNmosvn4YIxkPB_cEjjSYvgiqzGdsd4pC7Sk94qbRg21rro5xdqNaLUU0omQSMewaQr0d08J27hSwT1Kq9UL2wxVoxCqUAnbF7R5MluP0dDsab-Y3iylrMZsvwamV3zZIT5180Pg1vPI33EdbY_6XIjnhbARD-_I7unHWLcr5aPIht3eNvbTT4IFPis3t-ulx8mSBky4BPhJbGLfbzJERXiIPKvfLhmgV9jagBMFAGYOs25zRfjHxxrL3-WObPHLJZNSg2qUIDvS1JmtkUQG1RhxeGgJEC9kSyntDFEVAZFUkCztr2Oo46q7Mnag7SVGMD9deVvE9i7jlapYRNTzEzePUhsCzepc6GO9MO61NTE_Qp3sxHmxURkgp9hkOBng_YsusNf4Af0eBd93md8a3bHd3BR4iSAp1MRzC03Eob0AmvJUNpImQu-f5tqf8nAWzvH6OfgIXtUMKiu9QeM_Jm3BIcW38ZxzZEkAMKeD46gvesWuKjyOzMzs3XMtZ5PCoBIPJjaryP0-8ii3NFIMLRj63j6gohjxHnW6KqS0OWpgq_gKFr_E6_FDCYv7dIYDdWmth_fu4cM", + "p": "-NP2Sc8RXFccjfzMYe0LZc9lptSTPDMMgLL4nWXIlCmIoxJlNvzNypz4wy97cHmSi_t3tJCAJ2G69KO-tJ8rpmDlqQNE7vaL5Rtsaz8thcgtZpftF4Kp9wlALWuaWcz3szj2fSuqO6tbGDYI5UeyBUn77HS6ZiSJ93KaO2TYRmZvL4hHvtvrS_mj-MnZ6mLWwa0jQFYvcK9vZaHLJMDFBjH0McFdkSE4OBYvmIJ2AqmYPmwndUbPFjXs7dWTo975wgfTpmzcTiKb-Z_mu2zdMJYw-cU9e8-jpLA6R2Lc25nEtKwC7m0yN77tke7eJrByzBIunGsnzxbDh1GQXo3k1Q", + "q": "znuZELOen_vxzkhU6li6JnXfoQOx2319AyVo2CohhvukHCQuRrFSo1EqiUtKimG7QPt6yHPWsJmeArb1W6UBOnTNWUsDv_1AcdC-oYZ_sz1LK3rHe93kva34brIXqjcJujcI5VW_HHP23CV67d6_7oRmyHpqIr1D8WXQvx-tpW8PVsmo_0h8H2smas9046eonI6BQG3fPdIhwXbI-c6I-VuudTyEVEbvP_l74tiJQeqkZfaPvOIOMkIN5pMDPrRxIq_35l4Eu3xy2UwASJLSTvX7KE2d3HWHMtDipdN8UdHnlMbMs5ZwfhoC8Pr3lw30K6Jtl9_7NRbaNyBisGPYNw", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + }, + "scope": ["StkNfiEI2M"], + "subject": "TibzF1JqYe" + } + }, + "fields": { + "fields": { + "allow_any_subject": { + "column": "allow_any_subject", + "type": "column" + }, + "expires_at": { + "column": "expires_at", + "type": "column" + }, + "issuer": { + "column": "issuer", + "type": "column" + }, + "public_key": { + "column": "public_key", + "fields": { + "fields": { + "kid": { + "column": "kid", + "type": "column" + }, + "set": { + "column": "set", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "subject": { + "column": "subject", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/mutation/11-introspectOAuth2Token/expected.json b/testdata/01-setup/mutation/11-introspectOAuth2Token/expected.json new file mode 100644 index 0000000..90a4cee --- /dev/null +++ b/testdata/01-setup/mutation/11-introspectOAuth2Token/expected.json @@ -0,0 +1,23 @@ +{ + "operation_results": [ + { + "result": { + "active": false, + "aud": null, + "client_id": null, + "exp": null, + "ext": null, + "iat": null, + "iss": null, + "nbf": null, + "obfuscated_subject": null, + "scope": null, + "sub": null, + "token_type": null, + "token_use": null, + "username": null + }, + "type": "procedure" + } + ] +} diff --git a/testdata/01-setup/mutation/11-introspectOAuth2Token/request.json b/testdata/01-setup/mutation/11-introspectOAuth2Token/request.json new file mode 100644 index 0000000..8b0cdcc --- /dev/null +++ b/testdata/01-setup/mutation/11-introspectOAuth2Token/request.json @@ -0,0 +1,76 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "introspectOAuth2Token", + "arguments": { + "body": { + "scope": "LaPNxdOGOl", + "token": "pQFJANQfMG" + } + }, + "fields": { + "fields": { + "active": { + "column": "active", + "type": "column" + }, + "aud": { + "column": "aud", + "type": "column" + }, + "client_id": { + "column": "client_id", + "type": "column" + }, + "exp": { + "column": "exp", + "type": "column" + }, + "ext": { + "column": "ext", + "type": "column" + }, + "iat": { + "column": "iat", + "type": "column" + }, + "iss": { + "column": "iss", + "type": "column" + }, + "nbf": { + "column": "nbf", + "type": "column" + }, + "obfuscated_subject": { + "column": "obfuscated_subject", + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "sub": { + "column": "sub", + "type": "column" + }, + "token_type": { + "column": "token_type", + "type": "column" + }, + "token_use": { + "column": "token_use", + "type": "column" + }, + "username": { + "column": "username", + "type": "column" + } + }, + "type": "object" + } + } + ] +} diff --git a/testdata/01-setup/query/discoverOpenIDConfiguration/expected.json b/testdata/01-setup/query/discoverOpenIDConfiguration/expected.json new file mode 100644 index 0000000..1cbab95 --- /dev/null +++ b/testdata/01-setup/query/discoverOpenIDConfiguration/expected.json @@ -0,0 +1,54 @@ +[ + { + "rows": [ + { + "__value": { + "authorization_endpoint": "http://localhost:4444/oauth2/auth", + "backchannel_logout_session_supported": true, + "backchannel_logout_supported": true, + "claims_parameter_supported": false, + "claims_supported": ["sub"], + "code_challenge_methods_supported": ["plain", "S256"], + "end_session_endpoint": "http://localhost:4444/oauth2/sessions/logout", + "frontchannel_logout_session_supported": true, + "frontchannel_logout_supported": true, + "grant_types_supported": [ + "authorization_code", + "implicit", + "client_credentials", + "refresh_token" + ], + "id_token_signing_alg_values_supported": ["RS256"], + "issuer": "http://localhost:4444/", + "jwks_uri": "http://localhost:4444/.well-known/jwks.json", + "registration_endpoint": null, + "request_object_signing_alg_values_supported": ["RS256", "none"], + "request_parameter_supported": true, + "request_uri_parameter_supported": true, + "require_request_uri_registration": true, + "response_modes_supported": ["query", "fragment"], + "response_types_supported": [ + "code", + "code id_token", + "id_token", + "token id_token", + "token", + "token id_token code" + ], + "revocation_endpoint": "http://localhost:4444/oauth2/revoke", + "scopes_supported": ["offline_access", "offline", "openid"], + "subject_types_supported": ["public"], + "token_endpoint": "http://localhost:4444/oauth2/token", + "token_endpoint_auth_methods_supported": [ + "client_secret_post", + "client_secret_basic", + "private_key_jwt", + "none" + ], + "userinfo_endpoint": "http://localhost:4444/userinfo", + "userinfo_signing_alg_values_supported": ["none", "RS256"] + } + } + ] + } +] diff --git a/testdata/01-setup/query/discoverOpenIDConfiguration/request.json b/testdata/01-setup/query/discoverOpenIDConfiguration/request.json new file mode 100644 index 0000000..f46e43c --- /dev/null +++ b/testdata/01-setup/query/discoverOpenIDConfiguration/request.json @@ -0,0 +1,126 @@ +{ + "arguments": {}, + "collection": "discoverOpenIDConfiguration", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "authorization_endpoint": { + "column": "authorization_endpoint", + "type": "column" + }, + "backchannel_logout_session_supported": { + "column": "backchannel_logout_session_supported", + "type": "column" + }, + "backchannel_logout_supported": { + "column": "backchannel_logout_supported", + "type": "column" + }, + "claims_parameter_supported": { + "column": "claims_parameter_supported", + "type": "column" + }, + "claims_supported": { + "column": "claims_supported", + "type": "column" + }, + "code_challenge_methods_supported": { + "column": "code_challenge_methods_supported", + "type": "column" + }, + "end_session_endpoint": { + "column": "end_session_endpoint", + "type": "column" + }, + "frontchannel_logout_session_supported": { + "column": "frontchannel_logout_session_supported", + "type": "column" + }, + "frontchannel_logout_supported": { + "column": "frontchannel_logout_supported", + "type": "column" + }, + "grant_types_supported": { + "column": "grant_types_supported", + "type": "column" + }, + "id_token_signing_alg_values_supported": { + "column": "id_token_signing_alg_values_supported", + "type": "column" + }, + "issuer": { + "column": "issuer", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "registration_endpoint": { + "column": "registration_endpoint", + "type": "column" + }, + "request_object_signing_alg_values_supported": { + "column": "request_object_signing_alg_values_supported", + "type": "column" + }, + "request_parameter_supported": { + "column": "request_parameter_supported", + "type": "column" + }, + "request_uri_parameter_supported": { + "column": "request_uri_parameter_supported", + "type": "column" + }, + "require_request_uri_registration": { + "column": "require_request_uri_registration", + "type": "column" + }, + "response_modes_supported": { + "column": "response_modes_supported", + "type": "column" + }, + "response_types_supported": { + "column": "response_types_supported", + "type": "column" + }, + "revocation_endpoint": { + "column": "revocation_endpoint", + "type": "column" + }, + "scopes_supported": { + "column": "scopes_supported", + "type": "column" + }, + "subject_types_supported": { + "column": "subject_types_supported", + "type": "column" + }, + "token_endpoint": { + "column": "token_endpoint", + "type": "column" + }, + "token_endpoint_auth_methods_supported": { + "column": "token_endpoint_auth_methods_supported", + "type": "column" + }, + "userinfo_endpoint": { + "column": "userinfo_endpoint", + "type": "column" + }, + "userinfo_signing_alg_values_supported": { + "column": "userinfo_signing_alg_values_supported", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} \ No newline at end of file diff --git a/testdata/01-setup/query/getVersion/expected.json b/testdata/01-setup/query/getVersion/expected.json new file mode 100644 index 0000000..9c4f5c2 --- /dev/null +++ b/testdata/01-setup/query/getVersion/expected.json @@ -0,0 +1 @@ +[{ "rows": [{ "__value": { "version": "v1.11.10" } }] }] diff --git a/testdata/01-setup/query/getVersion/request.json b/testdata/01-setup/query/getVersion/request.json new file mode 100644 index 0000000..eea8138 --- /dev/null +++ b/testdata/01-setup/query/getVersion/request.json @@ -0,0 +1,22 @@ +{ + "arguments": {}, + "collection": "getVersion", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "version": { + "column": "version", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} \ No newline at end of file diff --git a/testdata/01-setup/query/isInstanceAlive/expected.json b/testdata/01-setup/query/isInstanceAlive/expected.json new file mode 100644 index 0000000..87bebed --- /dev/null +++ b/testdata/01-setup/query/isInstanceAlive/expected.json @@ -0,0 +1 @@ +[{ "rows": [{ "__value": { "status": "ok" } }] }] diff --git a/testdata/01-setup/query/isInstanceAlive/request.json b/testdata/01-setup/query/isInstanceAlive/request.json new file mode 100644 index 0000000..70d1cee --- /dev/null +++ b/testdata/01-setup/query/isInstanceAlive/request.json @@ -0,0 +1,22 @@ +{ + "arguments": {}, + "collection": "isInstanceAlive", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "status": { + "column": "status", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} \ No newline at end of file diff --git a/testdata/01-setup/query/isInstanceReady/expected.json b/testdata/01-setup/query/isInstanceReady/expected.json new file mode 100644 index 0000000..87bebed --- /dev/null +++ b/testdata/01-setup/query/isInstanceReady/expected.json @@ -0,0 +1 @@ +[{ "rows": [{ "__value": { "status": "ok" } }] }] diff --git a/testdata/01-setup/query/isInstanceReady/request.json b/testdata/01-setup/query/isInstanceReady/request.json new file mode 100644 index 0000000..453642d --- /dev/null +++ b/testdata/01-setup/query/isInstanceReady/request.json @@ -0,0 +1,22 @@ +{ + "arguments": {}, + "collection": "isInstanceReady", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "status": { + "column": "status", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} \ No newline at end of file diff --git a/testdata/01-setup/query/listSubjectConsentSessions/expected.json b/testdata/01-setup/query/listSubjectConsentSessions/expected.json new file mode 100644 index 0000000..3123905 --- /dev/null +++ b/testdata/01-setup/query/listSubjectConsentSessions/expected.json @@ -0,0 +1 @@ +[{ "rows": [{ "__value": [] }] }] diff --git a/testdata/01-setup/query/listSubjectConsentSessions/request.json b/testdata/01-setup/query/listSubjectConsentSessions/request.json new file mode 100644 index 0000000..1c5dadb --- /dev/null +++ b/testdata/01-setup/query/listSubjectConsentSessions/request.json @@ -0,0 +1,342 @@ +{ + "arguments": { + "limit": { + "type": "literal", + "value": 10 + }, + "offset": { + "type": "literal", + "value": 0 + }, + "subject": { + "type": "literal", + "value": "oh3Y0W34jO" + } + }, + "collection": "listSubjectConsentSessions", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "fields": { + "consent_request": { + "column": "consent_request", + "fields": { + "fields": { + "acr": { + "column": "acr", + "type": "column" + }, + "amr": { + "column": "amr", + "type": "column" + }, + "challenge": { + "column": "challenge", + "type": "column" + }, + "client": { + "column": "client", + "fields": { + "fields": { + "allowed_cors_origins": { + "column": "allowed_cors_origins", + "type": "column" + }, + "audience": { + "column": "audience", + "type": "column" + }, + "authorization_code_grant_access_token_lifespan": { + "column": "authorization_code_grant_access_token_lifespan", + "type": "column" + }, + "authorization_code_grant_id_token_lifespan": { + "column": "authorization_code_grant_id_token_lifespan", + "type": "column" + }, + "authorization_code_grant_refresh_token_lifespan": { + "column": "authorization_code_grant_refresh_token_lifespan", + "type": "column" + }, + "backchannel_logout_session_required": { + "column": "backchannel_logout_session_required", + "type": "column" + }, + "backchannel_logout_uri": { + "column": "backchannel_logout_uri", + "type": "column" + }, + "client_credentials_grant_access_token_lifespan": { + "column": "client_credentials_grant_access_token_lifespan", + "type": "column" + }, + "client_id": { + "column": "client_id", + "type": "column" + }, + "client_name": { + "column": "client_name", + "type": "column" + }, + "client_secret": { + "column": "client_secret", + "type": "column" + }, + "client_secret_expires_at": { + "column": "client_secret_expires_at", + "type": "column" + }, + "client_uri": { + "column": "client_uri", + "type": "column" + }, + "contacts": { + "column": "contacts", + "type": "column" + }, + "frontchannel_logout_session_required": { + "column": "frontchannel_logout_session_required", + "type": "column" + }, + "frontchannel_logout_uri": { + "column": "frontchannel_logout_uri", + "type": "column" + }, + "grant_types": { + "column": "grant_types", + "type": "column" + }, + "implicit_grant_access_token_lifespan": { + "column": "implicit_grant_access_token_lifespan", + "type": "column" + }, + "implicit_grant_id_token_lifespan": { + "column": "implicit_grant_id_token_lifespan", + "type": "column" + }, + "jwks": { + "column": "jwks", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "jwt_bearer_grant_access_token_lifespan": { + "column": "jwt_bearer_grant_access_token_lifespan", + "type": "column" + }, + "logo_uri": { + "column": "logo_uri", + "type": "column" + }, + "metadata": { + "column": "metadata", + "type": "column" + }, + "owner": { + "column": "owner", + "type": "column" + }, + "password_grant_access_token_lifespan": { + "column": "password_grant_access_token_lifespan", + "type": "column" + }, + "password_grant_refresh_token_lifespan": { + "column": "password_grant_refresh_token_lifespan", + "type": "column" + }, + "policy_uri": { + "column": "policy_uri", + "type": "column" + }, + "post_logout_redirect_uris": { + "column": "post_logout_redirect_uris", + "type": "column" + }, + "redirect_uris": { + "column": "redirect_uris", + "type": "column" + }, + "refresh_token_grant_access_token_lifespan": { + "column": "refresh_token_grant_access_token_lifespan", + "type": "column" + }, + "refresh_token_grant_id_token_lifespan": { + "column": "refresh_token_grant_id_token_lifespan", + "type": "column" + }, + "refresh_token_grant_refresh_token_lifespan": { + "column": "refresh_token_grant_refresh_token_lifespan", + "type": "column" + }, + "registration_access_token": { + "column": "registration_access_token", + "type": "column" + }, + "registration_client_uri": { + "column": "registration_client_uri", + "type": "column" + }, + "request_object_signing_alg": { + "column": "request_object_signing_alg", + "type": "column" + }, + "request_uris": { + "column": "request_uris", + "type": "column" + }, + "response_types": { + "column": "response_types", + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "sector_identifier_uri": { + "column": "sector_identifier_uri", + "type": "column" + }, + "subject_type": { + "column": "subject_type", + "type": "column" + }, + "token_endpoint_auth_method": { + "column": "token_endpoint_auth_method", + "type": "column" + }, + "token_endpoint_auth_signing_alg": { + "column": "token_endpoint_auth_signing_alg", + "type": "column" + }, + "tos_uri": { + "column": "tos_uri", + "type": "column" + }, + "userinfo_signed_response_alg": { + "column": "userinfo_signed_response_alg", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + }, + "context": { + "column": "context", + "type": "column" + }, + "login_challenge": { + "column": "login_challenge", + "type": "column" + }, + "login_session_id": { + "column": "login_session_id", + "type": "column" + }, + "oidc_context": { + "column": "oidc_context", + "fields": { + "fields": { + "acr_values": { + "column": "acr_values", + "type": "column" + }, + "display": { + "column": "display", + "type": "column" + }, + "id_token_hint_claims": { + "column": "id_token_hint_claims", + "type": "column" + }, + "login_hint": { + "column": "login_hint", + "type": "column" + }, + "ui_locales": { + "column": "ui_locales", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + }, + "request_url": { + "column": "request_url", + "type": "column" + }, + "requested_access_token_audience": { + "column": "requested_access_token_audience", + "type": "column" + }, + "requested_scope": { + "column": "requested_scope", + "type": "column" + }, + "skip": { + "column": "skip", + "type": "column" + }, + "subject": { + "column": "subject", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + }, + "grant_access_token_audience": { + "column": "grant_access_token_audience", + "type": "column" + }, + "grant_scope": { + "column": "grant_scope", + "type": "column" + }, + "handled_at": { + "column": "handled_at", + "type": "column" + }, + "remember": { + "column": "remember", + "type": "column" + }, + "remember_for": { + "column": "remember_for", + "type": "column" + }, + "session": { + "column": "session", + "fields": { + "fields": { + "access_token": { + "column": "access_token", + "type": "column" + }, + "id_token": { + "column": "id_token", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + } + } +} diff --git a/testdata/01-setup/query/wellKnown/expected.json b/testdata/01-setup/query/wellKnown/expected.json new file mode 100644 index 0000000..66cdb43 --- /dev/null +++ b/testdata/01-setup/query/wellKnown/expected.json @@ -0,0 +1,30 @@ +[ + { + "rows": [ + { + "__value": { + "keys": [ + { + "alg": "RS256", + "crv": null, + "d": null, + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "public:hydra.openid.id-token", + "kty": "RSA", + "p": null, + "q": null, + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + } + ] + } + } + ] + } +] diff --git a/testdata/01-setup/query/wellKnown/request.json b/testdata/01-setup/query/wellKnown/request.json new file mode 100644 index 0000000..b0c903a --- /dev/null +++ b/testdata/01-setup/query/wellKnown/request.json @@ -0,0 +1,94 @@ +{ + "arguments": {}, + "collection": "wellKnown", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "keys": { + "column": "keys", + "fields": { + "fields": { + "fields": { + "alg": { + "column": "alg", + "type": "column" + }, + "crv": { + "column": "crv", + "type": "column" + }, + "d": { + "column": "d", + "type": "column" + }, + "dp": { + "column": "dp", + "type": "column" + }, + "dq": { + "column": "dq", + "type": "column" + }, + "e": { + "column": "e", + "type": "column" + }, + "k": { + "column": "k", + "type": "column" + }, + "kid": { + "column": "kid", + "type": "column" + }, + "kty": { + "column": "kty", + "type": "column" + }, + "p": { + "column": "p", + "type": "column" + }, + "q": { + "column": "q", + "type": "column" + }, + "qi": { + "column": "qi", + "type": "column" + }, + "use": { + "column": "use", + "type": "column" + }, + "x": { + "column": "x", + "type": "column" + }, + "x5c": { + "column": "x5c", + "type": "column" + }, + "y": { + "column": "y", + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} diff --git a/testdata/02-getData/mutation/revokeOAuth2Token/expected.json b/testdata/02-getData/mutation/revokeOAuth2Token/expected.json new file mode 100644 index 0000000..c6a2ec1 --- /dev/null +++ b/testdata/02-getData/mutation/revokeOAuth2Token/expected.json @@ -0,0 +1 @@ +{ "operation_results": [{ "result": null, "type": "procedure" }] } diff --git a/testdata/02-getData/mutation/revokeOAuth2Token/request.json b/testdata/02-getData/mutation/revokeOAuth2Token/request.json new file mode 100644 index 0000000..1e02646 --- /dev/null +++ b/testdata/02-getData/mutation/revokeOAuth2Token/request.json @@ -0,0 +1,16 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "revokeOAuth2Token", + "arguments": { + "body": { + "token": "zax2ZFK9Hn", + "client_id": "test-client", + "client_secret": "randomsecret" + } + } + } + ] +} diff --git a/testdata/02-getData/query/getJsonWebKey/expected.json b/testdata/02-getData/query/getJsonWebKey/expected.json new file mode 100644 index 0000000..e5c7420 --- /dev/null +++ b/testdata/02-getData/query/getJsonWebKey/expected.json @@ -0,0 +1,31 @@ +[ + { + "rows": [ + { + "__value": { + "keys": [ + { + "alg": "RS256", + "crv": null, + "d": "GRSr36MI4AvopL53amId5_yNc2PJU5ingxssc4T09y9NPaVzcKJ4AvJT_1iLWJE2H3kU5OC4_mq_PaLgTs0CIALT7vngRZizXfJNcMBoV7hztkfM-sH7GL8lpfs3V8kJnBrhGsZJjUGdWM6Q9bbQQSuQBJeIXnAGDbp-voI0Gy83uEpukHa5WpB6CzzD6-ivZpD5LF_g4zmWscht1CYENkk9wcmU9A34HH1vxAzRhktE6Rd7s_twMCwzsrNEDpfKpoC0ltOdOr9zCdekM344_hCjkxdXiTZ7qzH3e64OuSBGHLNmdMD1YzEi5WIdK-er8A57j9HQqDIY2DePVEk4veInAPG_b8fFUDFjDMX4yMBzkluJqlFIH33ce8-lcCrLkIOJdiQFEVGZNTX_ZkfgmT_zjIMnHGlgVvL61akP2RhWB-M0DDy7YCImgXT4EqPW53RuN8g6FewuHAIJ3Ka0F-a-1u6Uf34bM9RPY6rcfYGMYDmqf-9chip68Z1qrxPVDkoJXQZh4afdLv0HQntxdMkwnFIadqX0fppiBJXe2Um03D6so9RXD9moab31S5vLmWqq-0i9LVi819JQ_Y8bKSsZprkBywpsU3RudTFh7HWW58RguXXNduyzyILiI2a7cH80E52Mb-jzpWuHslgMdIWzVNrGgAkXrjIJ6hwLtpE", + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "n": "yLKyzaQeWovuRB0jGP3SLfaK6DhpQaPzHUdQ6pntf_ojCcYlEwB1MqXh64MNucARhpIMEG312Ht0-mCVlsPzp2IVr8l2kzD6xNmosvn4YIxkPB_cEjjSYvgiqzGdsd4pC7Sk94qbRg21rro5xdqNaLUU0omQSMewaQr0d08J27hSwT1Kq9UL2wxVoxCqUAnbF7R5MluP0dDsab-Y3iylrMZsvwamV3zZIT5180Pg1vPI33EdbY_6XIjnhbARD-_I7unHWLcr5aPIht3eNvbTT4IFPis3t-ulx8mSBky4BPhJbGLfbzJERXiIPKvfLhmgV9jagBMFAGYOs25zRfjHxxrL3-WObPHLJZNSg2qUIDvS1JmtkUQG1RhxeGgJEC9kSyntDFEVAZFUkCztr2Oo46q7Mnag7SVGMD9deVvE9i7jlapYRNTzEzePUhsCzepc6GO9MO61NTE_Qp3sxHmxURkgp9hkOBng_YsusNf4Af0eBd93md8a3bHd3BR4iSAp1MRzC03Eob0AmvJUNpImQu-f5tqf8nAWzvH6OfgIXtUMKiu9QeM_Jm3BIcW38ZxzZEkAMKeD46gvesWuKjyOzMzs3XMtZ5PCoBIPJjaryP0-8ii3NFIMLRj63j6gohjxHnW6KqS0OWpgq_gKFr_E6_FDCYv7dIYDdWmth_fu4cM", + "p": "-NP2Sc8RXFccjfzMYe0LZc9lptSTPDMMgLL4nWXIlCmIoxJlNvzNypz4wy97cHmSi_t3tJCAJ2G69KO-tJ8rpmDlqQNE7vaL5Rtsaz8thcgtZpftF4Kp9wlALWuaWcz3szj2fSuqO6tbGDYI5UeyBUn77HS6ZiSJ93KaO2TYRmZvL4hHvtvrS_mj-MnZ6mLWwa0jQFYvcK9vZaHLJMDFBjH0McFdkSE4OBYvmIJ2AqmYPmwndUbPFjXs7dWTo975wgfTpmzcTiKb-Z_mu2zdMJYw-cU9e8-jpLA6R2Lc25nEtKwC7m0yN77tke7eJrByzBIunGsnzxbDh1GQXo3k1Q", + "q": "znuZELOen_vxzkhU6li6JnXfoQOx2319AyVo2CohhvukHCQuRrFSo1EqiUtKimG7QPt6yHPWsJmeArb1W6UBOnTNWUsDv_1AcdC-oYZ_sz1LK3rHe93kva34brIXqjcJujcI5VW_HHP23CV67d6_7oRmyHpqIr1D8WXQvx-tpW8PVsmo_0h8H2smas9046eonI6BQG3fPdIhwXbI-c6I-VuudTyEVEbvP_l74tiJQeqkZfaPvOIOMkIN5pMDPrRxIq_35l4Eu3xy2UwASJLSTvX7KE2d3HWHMtDipdN8UdHnlMbMs5ZwfhoC8Pr3lw30K6Jtl9_7NRbaNyBisGPYNw", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + } + ] + } + } + ] + } +] diff --git a/testdata/02-getData/query/getJsonWebKey/request.json b/testdata/02-getData/query/getJsonWebKey/request.json new file mode 100644 index 0000000..118923d --- /dev/null +++ b/testdata/02-getData/query/getJsonWebKey/request.json @@ -0,0 +1,107 @@ +{ + "arguments": { + "kid": { + "type": "literal", + "value": "private:eAJi2E8Clh" + }, + "set": { + "type": "literal", + "value": "test-jwk-set" + } + }, + "collection": "getJsonWebKey", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "keys": { + "column": "keys", + "fields": { + "fields": { + "fields": { + "alg": { + "column": "alg", + "type": "column" + }, + "crv": { + "column": "crv", + "type": "column" + }, + "d": { + "column": "d", + "type": "column" + }, + "dp": { + "column": "dp", + "type": "column" + }, + "dq": { + "column": "dq", + "type": "column" + }, + "e": { + "column": "e", + "type": "column" + }, + "k": { + "column": "k", + "type": "column" + }, + "kid": { + "column": "kid", + "type": "column" + }, + "kty": { + "column": "kty", + "type": "column" + }, + "n": { + "column": "n", + "type": "column" + }, + "p": { + "column": "p", + "type": "column" + }, + "q": { + "column": "q", + "type": "column" + }, + "qi": { + "column": "qi", + "type": "column" + }, + "use": { + "column": "use", + "type": "column" + }, + "x": { + "column": "x", + "type": "column" + }, + "x5c": { + "column": "x5c", + "type": "column" + }, + "y": { + "column": "y", + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} diff --git a/testdata/02-getData/query/getJsonWebKeySet/expected.json b/testdata/02-getData/query/getJsonWebKeySet/expected.json new file mode 100644 index 0000000..e5c7420 --- /dev/null +++ b/testdata/02-getData/query/getJsonWebKeySet/expected.json @@ -0,0 +1,31 @@ +[ + { + "rows": [ + { + "__value": { + "keys": [ + { + "alg": "RS256", + "crv": null, + "d": "GRSr36MI4AvopL53amId5_yNc2PJU5ingxssc4T09y9NPaVzcKJ4AvJT_1iLWJE2H3kU5OC4_mq_PaLgTs0CIALT7vngRZizXfJNcMBoV7hztkfM-sH7GL8lpfs3V8kJnBrhGsZJjUGdWM6Q9bbQQSuQBJeIXnAGDbp-voI0Gy83uEpukHa5WpB6CzzD6-ivZpD5LF_g4zmWscht1CYENkk9wcmU9A34HH1vxAzRhktE6Rd7s_twMCwzsrNEDpfKpoC0ltOdOr9zCdekM344_hCjkxdXiTZ7qzH3e64OuSBGHLNmdMD1YzEi5WIdK-er8A57j9HQqDIY2DePVEk4veInAPG_b8fFUDFjDMX4yMBzkluJqlFIH33ce8-lcCrLkIOJdiQFEVGZNTX_ZkfgmT_zjIMnHGlgVvL61akP2RhWB-M0DDy7YCImgXT4EqPW53RuN8g6FewuHAIJ3Ka0F-a-1u6Uf34bM9RPY6rcfYGMYDmqf-9chip68Z1qrxPVDkoJXQZh4afdLv0HQntxdMkwnFIadqX0fppiBJXe2Um03D6so9RXD9moab31S5vLmWqq-0i9LVi819JQ_Y8bKSsZprkBywpsU3RudTFh7HWW58RguXXNduyzyILiI2a7cH80E52Mb-jzpWuHslgMdIWzVNrGgAkXrjIJ6hwLtpE", + "dp": null, + "dq": null, + "e": "AQAB", + "k": null, + "kid": "private:eAJi2E8Clh", + "kty": "RSA", + "n": "yLKyzaQeWovuRB0jGP3SLfaK6DhpQaPzHUdQ6pntf_ojCcYlEwB1MqXh64MNucARhpIMEG312Ht0-mCVlsPzp2IVr8l2kzD6xNmosvn4YIxkPB_cEjjSYvgiqzGdsd4pC7Sk94qbRg21rro5xdqNaLUU0omQSMewaQr0d08J27hSwT1Kq9UL2wxVoxCqUAnbF7R5MluP0dDsab-Y3iylrMZsvwamV3zZIT5180Pg1vPI33EdbY_6XIjnhbARD-_I7unHWLcr5aPIht3eNvbTT4IFPis3t-ulx8mSBky4BPhJbGLfbzJERXiIPKvfLhmgV9jagBMFAGYOs25zRfjHxxrL3-WObPHLJZNSg2qUIDvS1JmtkUQG1RhxeGgJEC9kSyntDFEVAZFUkCztr2Oo46q7Mnag7SVGMD9deVvE9i7jlapYRNTzEzePUhsCzepc6GO9MO61NTE_Qp3sxHmxURkgp9hkOBng_YsusNf4Af0eBd93md8a3bHd3BR4iSAp1MRzC03Eob0AmvJUNpImQu-f5tqf8nAWzvH6OfgIXtUMKiu9QeM_Jm3BIcW38ZxzZEkAMKeD46gvesWuKjyOzMzs3XMtZ5PCoBIPJjaryP0-8ii3NFIMLRj63j6gohjxHnW6KqS0OWpgq_gKFr_E6_FDCYv7dIYDdWmth_fu4cM", + "p": "-NP2Sc8RXFccjfzMYe0LZc9lptSTPDMMgLL4nWXIlCmIoxJlNvzNypz4wy97cHmSi_t3tJCAJ2G69KO-tJ8rpmDlqQNE7vaL5Rtsaz8thcgtZpftF4Kp9wlALWuaWcz3szj2fSuqO6tbGDYI5UeyBUn77HS6ZiSJ93KaO2TYRmZvL4hHvtvrS_mj-MnZ6mLWwa0jQFYvcK9vZaHLJMDFBjH0McFdkSE4OBYvmIJ2AqmYPmwndUbPFjXs7dWTo975wgfTpmzcTiKb-Z_mu2zdMJYw-cU9e8-jpLA6R2Lc25nEtKwC7m0yN77tke7eJrByzBIunGsnzxbDh1GQXo3k1Q", + "q": "znuZELOen_vxzkhU6li6JnXfoQOx2319AyVo2CohhvukHCQuRrFSo1EqiUtKimG7QPt6yHPWsJmeArb1W6UBOnTNWUsDv_1AcdC-oYZ_sz1LK3rHe93kva34brIXqjcJujcI5VW_HHP23CV67d6_7oRmyHpqIr1D8WXQvx-tpW8PVsmo_0h8H2smas9046eonI6BQG3fPdIhwXbI-c6I-VuudTyEVEbvP_l74tiJQeqkZfaPvOIOMkIN5pMDPrRxIq_35l4Eu3xy2UwASJLSTvX7KE2d3HWHMtDipdN8UdHnlMbMs5ZwfhoC8Pr3lw30K6Jtl9_7NRbaNyBisGPYNw", + "qi": null, + "use": "sig", + "x": null, + "x5c": null, + "y": null + } + ] + } + } + ] + } +] diff --git a/testdata/02-getData/query/getJsonWebKeySet/request.json b/testdata/02-getData/query/getJsonWebKeySet/request.json new file mode 100644 index 0000000..a3e9111 --- /dev/null +++ b/testdata/02-getData/query/getJsonWebKeySet/request.json @@ -0,0 +1,103 @@ +{ + "arguments": { + "set": { + "type": "literal", + "value": "test-jwk-set" + } + }, + "collection": "getJsonWebKeySet", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "keys": { + "column": "keys", + "fields": { + "fields": { + "fields": { + "alg": { + "column": "alg", + "type": "column" + }, + "crv": { + "column": "crv", + "type": "column" + }, + "d": { + "column": "d", + "type": "column" + }, + "dp": { + "column": "dp", + "type": "column" + }, + "dq": { + "column": "dq", + "type": "column" + }, + "e": { + "column": "e", + "type": "column" + }, + "k": { + "column": "k", + "type": "column" + }, + "kid": { + "column": "kid", + "type": "column" + }, + "kty": { + "column": "kty", + "type": "column" + }, + "n": { + "column": "n", + "type": "column" + }, + "p": { + "column": "p", + "type": "column" + }, + "q": { + "column": "q", + "type": "column" + }, + "qi": { + "column": "qi", + "type": "column" + }, + "use": { + "column": "use", + "type": "column" + }, + "x": { + "column": "x", + "type": "column" + }, + "x5c": { + "column": "x5c", + "type": "column" + }, + "y": { + "column": "y", + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} diff --git a/testdata/02-getData/query/getOAuth2Client/expected.json b/testdata/02-getData/query/getOAuth2Client/expected.json new file mode 100644 index 0000000..105097e --- /dev/null +++ b/testdata/02-getData/query/getOAuth2Client/expected.json @@ -0,0 +1,53 @@ +[ + { + "rows": [ + { + "__value": { + "allowed_cors_origins": ["http://localhost:3000"], + "audience": ["customer"], + "authorization_code_grant_access_token_lifespan": "1h30m0s", + "authorization_code_grant_id_token_lifespan": "3h30m0s", + "authorization_code_grant_refresh_token_lifespan": "2h30m0s", + "backchannel_logout_session_required": null, + "backchannel_logout_uri": "http://backchannel-update/logout", + "client_credentials_grant_access_token_lifespan": "4h30m0s", + "client_id": "test-client", + "client_name": "Test client updated", + "client_secret": null, + "client_uri": "http://localhost:3000", + "contacts": ["test"], + "frontchannel_logout_session_required": null, + "frontchannel_logout_uri": "http://frontchannel-update/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h30m0s", + "implicit_grant_id_token_lifespan": "2h30m0s", + "jwks": {}, + "jwks_uri": "http://localhost:3000/jwks", + "jwt_bearer_grant_access_token_lifespan": "1h0m0s", + "logo_uri": "http://localhost:3000/logo", + "metadata": { "foo": "baz" }, + "owner": "test", + "password_grant_access_token_lifespan": "1h0m0s", + "password_grant_refresh_token_lifespan": "2h0m0s", + "policy_uri": "http://localhost:3000/policy_uri", + "post_logout_redirect_uris": ["http://localhost:3000/post-logout"], + "redirect_uris": ["http://localhost:3000/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "24h0m0s", + "refresh_token_grant_id_token_lifespan": "23h0m0s", + "refresh_token_grant_refresh_token_lifespan": "22h0m0s", + "registration_access_token": null, + "registration_client_uri": null, + "request_object_signing_alg": "none", + "request_uris": ["http://localhost:3000/request_uris"], + "response_types": ["token"], + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_post", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "none", + "userinfo_signed_response_alg": "none" + } + } + ] + } +] diff --git a/testdata/02-getData/query/getOAuth2Client/request.json b/testdata/02-getData/query/getOAuth2Client/request.json new file mode 100644 index 0000000..a152d5e --- /dev/null +++ b/testdata/02-getData/query/getOAuth2Client/request.json @@ -0,0 +1,195 @@ +{ + "arguments": { + "id": { + "type": "literal", + "value": "test-client" + } + }, + "collection": "getOAuth2Client", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "allowed_cors_origins": { + "column": "allowed_cors_origins", + "type": "column" + }, + "audience": { + "column": "audience", + "type": "column" + }, + "authorization_code_grant_access_token_lifespan": { + "column": "authorization_code_grant_access_token_lifespan", + "type": "column" + }, + "authorization_code_grant_id_token_lifespan": { + "column": "authorization_code_grant_id_token_lifespan", + "type": "column" + }, + "authorization_code_grant_refresh_token_lifespan": { + "column": "authorization_code_grant_refresh_token_lifespan", + "type": "column" + }, + "backchannel_logout_session_required": { + "column": "backchannel_logout_session_required", + "type": "column" + }, + "backchannel_logout_uri": { + "column": "backchannel_logout_uri", + "type": "column" + }, + "client_credentials_grant_access_token_lifespan": { + "column": "client_credentials_grant_access_token_lifespan", + "type": "column" + }, + "client_id": { + "column": "client_id", + "type": "column" + }, + "client_name": { + "column": "client_name", + "type": "column" + }, + "client_secret": { + "column": "client_secret", + "type": "column" + }, + "client_uri": { + "column": "client_uri", + "type": "column" + }, + "contacts": { + "column": "contacts", + "type": "column" + }, + "frontchannel_logout_session_required": { + "column": "frontchannel_logout_session_required", + "type": "column" + }, + "frontchannel_logout_uri": { + "column": "frontchannel_logout_uri", + "type": "column" + }, + "grant_types": { + "column": "grant_types", + "type": "column" + }, + "implicit_grant_access_token_lifespan": { + "column": "implicit_grant_access_token_lifespan", + "type": "column" + }, + "implicit_grant_id_token_lifespan": { + "column": "implicit_grant_id_token_lifespan", + "type": "column" + }, + "jwks": { + "column": "jwks", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "jwt_bearer_grant_access_token_lifespan": { + "column": "jwt_bearer_grant_access_token_lifespan", + "type": "column" + }, + "logo_uri": { + "column": "logo_uri", + "type": "column" + }, + "metadata": { + "column": "metadata", + "type": "column" + }, + "owner": { + "column": "owner", + "type": "column" + }, + "password_grant_access_token_lifespan": { + "column": "password_grant_access_token_lifespan", + "type": "column" + }, + "password_grant_refresh_token_lifespan": { + "column": "password_grant_refresh_token_lifespan", + "type": "column" + }, + "policy_uri": { + "column": "policy_uri", + "type": "column" + }, + "post_logout_redirect_uris": { + "column": "post_logout_redirect_uris", + "type": "column" + }, + "redirect_uris": { + "column": "redirect_uris", + "type": "column" + }, + "refresh_token_grant_access_token_lifespan": { + "column": "refresh_token_grant_access_token_lifespan", + "type": "column" + }, + "refresh_token_grant_id_token_lifespan": { + "column": "refresh_token_grant_id_token_lifespan", + "type": "column" + }, + "refresh_token_grant_refresh_token_lifespan": { + "column": "refresh_token_grant_refresh_token_lifespan", + "type": "column" + }, + "registration_access_token": { + "column": "registration_access_token", + "type": "column" + }, + "registration_client_uri": { + "column": "registration_client_uri", + "type": "column" + }, + "request_object_signing_alg": { + "column": "request_object_signing_alg", + "type": "column" + }, + "request_uris": { + "column": "request_uris", + "type": "column" + }, + "response_types": { + "column": "response_types", + "type": "column" + }, + "sector_identifier_uri": { + "column": "sector_identifier_uri", + "type": "column" + }, + "subject_type": { + "column": "subject_type", + "type": "column" + }, + "token_endpoint_auth_method": { + "column": "token_endpoint_auth_method", + "type": "column" + }, + "token_endpoint_auth_signing_alg": { + "column": "token_endpoint_auth_signing_alg", + "type": "column" + }, + "tos_uri": { + "column": "tos_uri", + "type": "column" + }, + "userinfo_signed_response_alg": { + "column": "userinfo_signed_response_alg", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + } + } + } +} diff --git a/testdata/02-getData/query/listOAuth2Clients/expected.json b/testdata/02-getData/query/listOAuth2Clients/expected.json new file mode 100644 index 0000000..48a0c87 --- /dev/null +++ b/testdata/02-getData/query/listOAuth2Clients/expected.json @@ -0,0 +1,55 @@ +[ + { + "rows": [ + { + "__value": [ + { + "allowed_cors_origins": ["http://localhost:3000"], + "audience": ["customer"], + "authorization_code_grant_access_token_lifespan": "1h30m0s", + "authorization_code_grant_id_token_lifespan": "3h30m0s", + "authorization_code_grant_refresh_token_lifespan": "2h30m0s", + "backchannel_logout_session_required": null, + "backchannel_logout_uri": "http://backchannel-update/logout", + "client_credentials_grant_access_token_lifespan": "4h30m0s", + "client_id": "test-client", + "client_name": "Test client updated", + "client_secret": null, + "client_uri": "http://localhost:3000", + "contacts": ["test"], + "frontchannel_logout_session_required": null, + "frontchannel_logout_uri": "http://frontchannel-update/logout", + "grant_types": ["client_credentials"], + "implicit_grant_access_token_lifespan": "1h30m0s", + "implicit_grant_id_token_lifespan": "2h30m0s", + "jwks": {}, + "jwks_uri": "http://localhost:3000/jwks", + "jwt_bearer_grant_access_token_lifespan": "1h0m0s", + "logo_uri": "http://localhost:3000/logo", + "metadata": { "foo": "baz" }, + "owner": "test", + "password_grant_access_token_lifespan": "1h0m0s", + "password_grant_refresh_token_lifespan": "2h0m0s", + "policy_uri": "http://localhost:3000/policy_uri", + "post_logout_redirect_uris": ["http://localhost:3000/post-logout"], + "redirect_uris": ["http://localhost:3000/redirect_uris"], + "refresh_token_grant_access_token_lifespan": "24h0m0s", + "refresh_token_grant_id_token_lifespan": "23h0m0s", + "refresh_token_grant_refresh_token_lifespan": "22h0m0s", + "registration_access_token": null, + "registration_client_uri": null, + "request_object_signing_alg": "none", + "request_uris": ["http://localhost:3000/request_uris"], + "response_types": ["token"], + "sector_identifier_uri": null, + "subject_type": "public", + "token_endpoint_auth_method": "client_secret_post", + "token_endpoint_auth_signing_alg": "none", + "tos_uri": "none", + "userinfo_signed_response_alg": "none" + } + ] + } + ] + } +] diff --git a/testdata/02-getData/query/listOAuth2Clients/request.json b/testdata/02-getData/query/listOAuth2Clients/request.json new file mode 100644 index 0000000..64685e8 --- /dev/null +++ b/testdata/02-getData/query/listOAuth2Clients/request.json @@ -0,0 +1,210 @@ +{ + "arguments": { + "client_name": { + "type": "literal", + "value": "Test client updated" + }, + "limit": { + "type": "literal", + "value": 10 + }, + "offset": { + "type": "literal", + "value": 0 + }, + "owner": { + "type": "literal", + "value": "test" + } + }, + "collection": "listOAuth2Clients", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "fields": { + "allowed_cors_origins": { + "column": "allowed_cors_origins", + "type": "column" + }, + "audience": { + "column": "audience", + "type": "column" + }, + "authorization_code_grant_access_token_lifespan": { + "column": "authorization_code_grant_access_token_lifespan", + "type": "column" + }, + "authorization_code_grant_id_token_lifespan": { + "column": "authorization_code_grant_id_token_lifespan", + "type": "column" + }, + "authorization_code_grant_refresh_token_lifespan": { + "column": "authorization_code_grant_refresh_token_lifespan", + "type": "column" + }, + "backchannel_logout_session_required": { + "column": "backchannel_logout_session_required", + "type": "column" + }, + "backchannel_logout_uri": { + "column": "backchannel_logout_uri", + "type": "column" + }, + "client_credentials_grant_access_token_lifespan": { + "column": "client_credentials_grant_access_token_lifespan", + "type": "column" + }, + "client_id": { + "column": "client_id", + "type": "column" + }, + "client_name": { + "column": "client_name", + "type": "column" + }, + "client_secret": { + "column": "client_secret", + "type": "column" + }, + "client_uri": { + "column": "client_uri", + "type": "column" + }, + "contacts": { + "column": "contacts", + "type": "column" + }, + "frontchannel_logout_session_required": { + "column": "frontchannel_logout_session_required", + "type": "column" + }, + "frontchannel_logout_uri": { + "column": "frontchannel_logout_uri", + "type": "column" + }, + "grant_types": { + "column": "grant_types", + "type": "column" + }, + "implicit_grant_access_token_lifespan": { + "column": "implicit_grant_access_token_lifespan", + "type": "column" + }, + "implicit_grant_id_token_lifespan": { + "column": "implicit_grant_id_token_lifespan", + "type": "column" + }, + "jwks": { + "column": "jwks", + "type": "column" + }, + "jwks_uri": { + "column": "jwks_uri", + "type": "column" + }, + "jwt_bearer_grant_access_token_lifespan": { + "column": "jwt_bearer_grant_access_token_lifespan", + "type": "column" + }, + "logo_uri": { + "column": "logo_uri", + "type": "column" + }, + "metadata": { + "column": "metadata", + "type": "column" + }, + "owner": { + "column": "owner", + "type": "column" + }, + "password_grant_access_token_lifespan": { + "column": "password_grant_access_token_lifespan", + "type": "column" + }, + "password_grant_refresh_token_lifespan": { + "column": "password_grant_refresh_token_lifespan", + "type": "column" + }, + "policy_uri": { + "column": "policy_uri", + "type": "column" + }, + "post_logout_redirect_uris": { + "column": "post_logout_redirect_uris", + "type": "column" + }, + "redirect_uris": { + "column": "redirect_uris", + "type": "column" + }, + "refresh_token_grant_access_token_lifespan": { + "column": "refresh_token_grant_access_token_lifespan", + "type": "column" + }, + "refresh_token_grant_id_token_lifespan": { + "column": "refresh_token_grant_id_token_lifespan", + "type": "column" + }, + "refresh_token_grant_refresh_token_lifespan": { + "column": "refresh_token_grant_refresh_token_lifespan", + "type": "column" + }, + "registration_access_token": { + "column": "registration_access_token", + "type": "column" + }, + "registration_client_uri": { + "column": "registration_client_uri", + "type": "column" + }, + "request_object_signing_alg": { + "column": "request_object_signing_alg", + "type": "column" + }, + "request_uris": { + "column": "request_uris", + "type": "column" + }, + "response_types": { + "column": "response_types", + "type": "column" + }, + "sector_identifier_uri": { + "column": "sector_identifier_uri", + "type": "column" + }, + "subject_type": { + "column": "subject_type", + "type": "column" + }, + "token_endpoint_auth_method": { + "column": "token_endpoint_auth_method", + "type": "column" + }, + "token_endpoint_auth_signing_alg": { + "column": "token_endpoint_auth_signing_alg", + "type": "column" + }, + "tos_uri": { + "column": "tos_uri", + "type": "column" + }, + "userinfo_signed_response_alg": { + "column": "userinfo_signed_response_alg", + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + } + } +} diff --git a/testdata/02-getData/query/listTrustedJwtGrantIssuers/expected.json b/testdata/02-getData/query/listTrustedJwtGrantIssuers/expected.json new file mode 100644 index 0000000..55b091a --- /dev/null +++ b/testdata/02-getData/query/listTrustedJwtGrantIssuers/expected.json @@ -0,0 +1,18 @@ +[ + { + "rows": [ + { + "__value": [ + { + "allow_any_subject": false, + "expires_at": "2040-01-01T00:00:00Z", + "issuer": "etd1aDJlEd", + "public_key": { "kid": "private:eAJi2E8Clh", "set": "etd1aDJlEd" }, + "scope": ["StkNfiEI2M"], + "subject": "TibzF1JqYe" + } + ] + } + ] + } +] diff --git a/testdata/02-getData/query/listTrustedJwtGrantIssuers/request.json b/testdata/02-getData/query/listTrustedJwtGrantIssuers/request.json new file mode 100644 index 0000000..2288268 --- /dev/null +++ b/testdata/02-getData/query/listTrustedJwtGrantIssuers/request.json @@ -0,0 +1,71 @@ +{ + "arguments": { + "issuer": { + "type": "literal", + "value": "etd1aDJlEd" + }, + "limit": { + "type": "literal", + "value": 10 + }, + "offset": { + "type": "literal", + "value": 0 + } + }, + "collection": "listTrustedJwtGrantIssuers", + "collection_relationships": {}, + "query": { + "fields": { + "__value": { + "column": "__value", + "fields": { + "fields": { + "fields": { + "allow_any_subject": { + "column": "allow_any_subject", + "type": "column" + }, + "expires_at": { + "column": "expires_at", + "type": "column" + }, + "issuer": { + "column": "issuer", + "type": "column" + }, + "public_key": { + "column": "public_key", + "fields": { + "fields": { + "kid": { + "column": "kid", + "type": "column" + }, + "set": { + "column": "set", + "type": "column" + } + }, + "type": "object" + }, + "type": "column" + }, + "scope": { + "column": "scope", + "type": "column" + }, + "subject": { + "column": "subject", + "type": "column" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "column" + } + } + } +} diff --git a/testdata/03-cleanup/mutation/01-rejectLogoutRequest/expected.json b/testdata/03-cleanup/mutation/01-rejectLogoutRequest/expected.json new file mode 100644 index 0000000..e62ec74 --- /dev/null +++ b/testdata/03-cleanup/mutation/01-rejectLogoutRequest/expected.json @@ -0,0 +1,8 @@ +{ + "operation_results": [ + { + "result": true, + "type": "procedure" + } + ] +} diff --git a/testdata/03-cleanup/mutation/01-rejectLogoutRequest/request.json b/testdata/03-cleanup/mutation/01-rejectLogoutRequest/request.json new file mode 100644 index 0000000..33f3724 --- /dev/null +++ b/testdata/03-cleanup/mutation/01-rejectLogoutRequest/request.json @@ -0,0 +1,19 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "rejectLogoutRequest", + "arguments": { + "body": { + "error": "k4iDrz9ZY9", + "error_debug": "65Utc1tt0r", + "error_description": "poQ76Ab9wa", + "error_hint": "TyGMw0igWO", + "status_code": "6038855996888211756" + }, + "logout_challenge": "0gLczrTMZ6" + } + } + ] +} \ No newline at end of file diff --git a/testdata/03-cleanup/mutation/02-revokeAuthenticationSession/expected.json b/testdata/03-cleanup/mutation/02-revokeAuthenticationSession/expected.json new file mode 100644 index 0000000..777dfc1 --- /dev/null +++ b/testdata/03-cleanup/mutation/02-revokeAuthenticationSession/expected.json @@ -0,0 +1 @@ +{ "operation_results": [{ "result": true, "type": "procedure" }] } diff --git a/testdata/03-cleanup/mutation/02-revokeAuthenticationSession/request.json b/testdata/03-cleanup/mutation/02-revokeAuthenticationSession/request.json new file mode 100644 index 0000000..28b8dfa --- /dev/null +++ b/testdata/03-cleanup/mutation/02-revokeAuthenticationSession/request.json @@ -0,0 +1,12 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "revokeAuthenticationSession", + "arguments": { + "subject": "Aj0GdX5REb" + } + } + ] +} \ No newline at end of file diff --git a/testdata/03-cleanup/mutation/03-revokeConsentSessions/expected.json b/testdata/03-cleanup/mutation/03-revokeConsentSessions/expected.json new file mode 100644 index 0000000..777dfc1 --- /dev/null +++ b/testdata/03-cleanup/mutation/03-revokeConsentSessions/expected.json @@ -0,0 +1 @@ +{ "operation_results": [{ "result": true, "type": "procedure" }] } diff --git a/testdata/03-cleanup/mutation/03-revokeConsentSessions/request.json b/testdata/03-cleanup/mutation/03-revokeConsentSessions/request.json new file mode 100644 index 0000000..fcf28c3 --- /dev/null +++ b/testdata/03-cleanup/mutation/03-revokeConsentSessions/request.json @@ -0,0 +1,14 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "revokeConsentSessions", + "arguments": { + "all": false, + "client": "D1btRXgLLv", + "subject": "mNMMhSMG6n" + } + } + ] +} \ No newline at end of file diff --git a/testdata/03-cleanup/mutation/04-deleteJsonWebKey/expected.json b/testdata/03-cleanup/mutation/04-deleteJsonWebKey/expected.json new file mode 100644 index 0000000..777dfc1 --- /dev/null +++ b/testdata/03-cleanup/mutation/04-deleteJsonWebKey/expected.json @@ -0,0 +1 @@ +{ "operation_results": [{ "result": true, "type": "procedure" }] } diff --git a/testdata/03-cleanup/mutation/04-deleteJsonWebKey/request.json b/testdata/03-cleanup/mutation/04-deleteJsonWebKey/request.json new file mode 100644 index 0000000..5b62064 --- /dev/null +++ b/testdata/03-cleanup/mutation/04-deleteJsonWebKey/request.json @@ -0,0 +1,13 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "deleteJsonWebKey", + "arguments": { + "kid": "private:eAJi2E8Clh", + "set": "test-jwk-set" + } + } + ] +} diff --git a/testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/expected.json b/testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/expected.json new file mode 100644 index 0000000..777dfc1 --- /dev/null +++ b/testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/expected.json @@ -0,0 +1 @@ +{ "operation_results": [{ "result": true, "type": "procedure" }] } diff --git a/testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/request.json b/testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/request.json new file mode 100644 index 0000000..fce29cc --- /dev/null +++ b/testdata/03-cleanup/mutation/05-deleteJsonWebKeySet/request.json @@ -0,0 +1,12 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "deleteJsonWebKeySet", + "arguments": { + "set": "test-jwk-set" + } + } + ] +} diff --git a/testdata/03-cleanup/mutation/06-deleteOAuth2Token/expected.json b/testdata/03-cleanup/mutation/06-deleteOAuth2Token/expected.json new file mode 100644 index 0000000..777dfc1 --- /dev/null +++ b/testdata/03-cleanup/mutation/06-deleteOAuth2Token/expected.json @@ -0,0 +1 @@ +{ "operation_results": [{ "result": true, "type": "procedure" }] } diff --git a/testdata/03-cleanup/mutation/06-deleteOAuth2Token/request.json b/testdata/03-cleanup/mutation/06-deleteOAuth2Token/request.json new file mode 100644 index 0000000..c549a32 --- /dev/null +++ b/testdata/03-cleanup/mutation/06-deleteOAuth2Token/request.json @@ -0,0 +1,12 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "deleteOAuth2Token", + "arguments": { + "client_id": "2tQDnpJogH" + } + } + ] +} \ No newline at end of file diff --git a/testdata/03-cleanup/mutation/deleteOAuth2Client/expected.json b/testdata/03-cleanup/mutation/deleteOAuth2Client/expected.json new file mode 100644 index 0000000..777dfc1 --- /dev/null +++ b/testdata/03-cleanup/mutation/deleteOAuth2Client/expected.json @@ -0,0 +1 @@ +{ "operation_results": [{ "result": true, "type": "procedure" }] } diff --git a/testdata/03-cleanup/mutation/deleteOAuth2Client/request.json b/testdata/03-cleanup/mutation/deleteOAuth2Client/request.json new file mode 100644 index 0000000..1d81ff6 --- /dev/null +++ b/testdata/03-cleanup/mutation/deleteOAuth2Client/request.json @@ -0,0 +1,12 @@ +{ + "collection_relationships": {}, + "operations": [ + { + "type": "procedure", + "name": "deleteOAuth2Client", + "arguments": { + "id": "test-client" + } + } + ] +}