Skip to content

Commit

Permalink
fix: update openapi for challenge
Browse files Browse the repository at this point in the history
  • Loading branch information
@J0
J0 committed Sep 30, 2024
1 parent 27e3470 commit 9d3d412
Showing 1 changed file with 176 additions and 15 deletions.
191 changes: 176 additions & 15 deletions openapi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -694,6 +694,7 @@ paths:
enum:
- totp
- phone
- webauthn
friendly_name:
type: string
issuer:
Expand All @@ -718,6 +719,7 @@ paths:
enum:
- totp
- phone
- webauthn
totp:
type: object
properties:
Expand All @@ -730,6 +732,7 @@ paths:
phone:
type: string
format: phone

400:
$ref: "#/components/responses/BadRequestResponse"

Expand Down Expand Up @@ -768,17 +771,9 @@ paths:
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: uuid
example: 14c1560e-2749-4522-bb62-d1458451830a
description: ID of the challenge.
expires_at:
type: integer
example: 1674840917
description: UNIX seconds of the timestamp past which the challenge should not be verified.
oneOf:
- $ref: '#/components/schemas/TOTPPhoneChallengeResponse'
- $ref: '#/components/schemas/WebAuthnChallengeResponse'
400:
$ref: "#/components/responses/BadRequestResponse"
429:
Expand Down Expand Up @@ -1705,10 +1700,6 @@ paths:
optional: true
example: twilio
description: Which SMS provider is being used to send messages to phone numbers.
mfa_enabled:
type: boolean
example: true
description: Whether MFA is enabled on this API server. Defaults to false.
saml_enabled:
type: boolean
example: true
Expand Down Expand Up @@ -1980,9 +1971,23 @@ components:
Usually one of:
- totp
- phone
- webauthn
web_authn_credential:
type: jsonb
phone:
type: string
format: phone
nullable: true
created_at:
type: string
format: date-time
updated_at:
type: string
format: date-time
last_challenged_at:
type: string
format: date-time
nullable: true


IdentitySchema:
Expand Down Expand Up @@ -2013,6 +2018,162 @@ components:
email:
type: string
format: email
TOTPPhoneChallengeResponse:
type: object
required:
- id
- type
- expires_at
properties:
id:
type: string
format: uuid
example: 14c1560e-2749-4522-bb62-d1458451830a
description: ID of the challenge.
type:
type: string
enum: [totp, phone]
description: Type of the challenge.
expires_at:
type: integer
example: 1674840917
description: UNIX seconds of the timestamp past which the challenge should not be verified.

WebAuthnChallengeResponse:
type: object
required:
- id
- type
- expires_at
- credential_options
properties:
id:
type: string
format: uuid
example: 14c1560e-2749-4522-bb62-d1458451830a
description: ID of the challenge.
type:
type: string
enum: [webauthn]
description: Type of the challenge.
expires_at:
type: integer
example: 1674840917
description: UNIX seconds of the timestamp past which the challenge should not be verified.
credential_request_options:
$ref: '#/components/schemas/CredentialRequestOptions'
credential_creation_options:
$ref: '#/components/schemas/CredentialCreationOptions'

CredentialAssertion:
type: object
description: WebAuthn credential assertion options
required:
- challenge
- rpId
- allowCredentials
- timeout
properties:
challenge:
type: string
description: A random challenge generated by the server, base64url encoded
example: "Y2hhbGxlbmdlAyv-5P0kw1SG-OxhLbSHpRLdWaVR1w"
rpId:
type: string
description: The relying party's identifier (usually the domain name)
example: "example.com"
allowCredentials:
type: array
description: List of credentials acceptable for this authentication
items:
type: object
required:
- id
- type
properties:
id:
type: string
description: Credential ID, base64url encoded
example: "AXwyVxYT7BgNKwNq0YqUXaHHIdRK6OdFGCYgZF9K6zNu"
type:
type: string
enum: [public-key]
description: Type of the credential
timeout:
type: integer
description: Time (in milliseconds) that the user has to respond to the authentication prompt
example: 60000
userVerification:
type: string
enum: [required, preferred, discouraged]
description: The relying party's requirements for user verification
default: preferred
extensions:
type: object
description: Additional parameters requesting additional processing by the client
status:
type: string
enum: [ok, failed]
description: Status of the credential assertion
errorMessage:
type: string
description: Error message if the assertion failed
userHandle:
type: string
description: User handle, base64url encoded
authenticatorAttachment:
type: string
enum: [platform, cross-platform]
description: Type of authenticator to use

CredentialRequest:
type: object
description: WebAuthn credential request (for the response from the client)
required:
- id
- rawId
- type
- response
properties:
id:
type: string
description: Base64url encoding of the credential ID
example: "AXwyVxYT7BgNKwNq0YqUXaHHIdRK6OdFGCYgZF9K6zNu"
rawId:
type: string
description: Base64url encoding of the credential ID (same as id)
example: "AXwyVxYT7BgNKwNq0YqUXaHHIdRK6OdFGCYgZF9K6zNu"
type:
type: string
enum: [public-key]
description: Type of the credential
response:
type: object
required:
- clientDataJSON
- authenticatorData
- signature
- userHandle
properties:
clientDataJSON:
type: string
description: Base64url encoding of the client data
example: "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiY2hhbGxlbmdlIiwib3JpZ2luIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSJ9"
authenticatorData:
type: string
description: Base64url encoding of the authenticator data
example: "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAXwyVxYT7BgNKwNq0YqUXaHHIdRK6OdFGCYgZF9K6zNu"
signature:
type: string
description: Base64url encoding of the signature
example: "MEUCIQCx5cJVAB3kGP6bqCIoAV6CkBpVAf8rcx0WSZ22fIxXvQIgCKFt9pEu1vK8U4JKYTfn6tGjvGNfx2F4uXrHSXlefvM"
userHandle:
type: string
description: Base64url encoding of the user handle
example: "MQ"
clientExtensionResults:
type: object
description: Client extension results

responses:
OAuthCallbackRedirectResponse:
Expand Down

0 comments on commit 9d3d412

Please sign in to comment.