diff --git a/api/openapi.yaml b/api/openapi.yaml index cd80d70..043c205 100644 --- a/api/openapi.yaml +++ b/api/openapi.yaml @@ -823,98 +823,6 @@ paths: "200": content: application/json: - example: - accessTokenDuration: 3600 - accessTokenType: Bearer - allowableClockSkew: 0 - apiKey: 21653835348762 - apiSecret: uE4NgqeIpuSV_XejQ7Ds3jsgA1yXhjR1MXJ1LbPuyls - attributes: - - key: attribute1-key - value: attribute1-value - - key: attribute2-key - value: attribute2-value - authorizationEndpoint: https://my-service.example.com/authz - authorizationResponseDuration: 0 - backchannelAuthReqIdDuration: 0 - backchannelBindingMessageRequiredInFapi: false - backchannelPollingInterval: 0 - backchannelUserCodeParameterSupported: false - claimShortcutRestrictive: false - clientIdAliasEnabled: true - clientsPerDeveloper: 0 - createdAt: 1639373421000 - dcrScopeUsedAsRequestable: false - deviceFlowCodeDuration: 0 - deviceFlowPollingInterval: 0 - directAuthorizationEndpointEnabled: false - directIntrospectionEndpointEnabled: false - directJwksEndpointEnabled: false - directRevocationEndpointEnabled: false - directTokenEndpointEnabled: false - directUserInfoEndpointEnabled: false - dynamicRegistrationSupported: false - errorDescriptionOmitted: false - errorUriOmitted: false - frontChannelRequestObjectEncryptionRequired: false - grantManagementActionRequired: false - hsmEnabled: false - idTokenDuration: 0 - introspectionEndpoint: https://my-service.example.com/introspection - issSuppressed: false - issuer: https://my-service.example.com - metadata: - - key: clientCount - value: "1" - missingClientIdAllowed: false - modifiedAt: 1639373420725 - mutualTlsValidatePkiCertChain: false - nbfOptional: false - number: 5041 - parRequired: false - pkceRequired: true - pkceS256Required: false - pushedAuthReqDuration: 0 - refreshTokenDuration: 3600 - refreshTokenDurationKept: false - refreshTokenDurationReset: false - refreshTokenKept: false - requestObjectEncryptionAlgMatchRequired: false - requestObjectEncryptionEncMatchRequired: false - requestObjectRequired: false - revocationEndpoint: https://my-service.example.com/revocation - scopeRequired: false - serviceName: My updated service - serviceOwnerNumber: 2 - singleAccessTokenPerSubject: false - supportedClaimTypes: - - NORMAL - supportedDisplays: - - PAGE - supportedGrantTypes: - - AUTHORIZATION_CODE - - REFRESH_TOKEN - supportedIntrospectionAuthMethods: - - CLIENT_SECRET_BASIC - supportedResponseTypes: - - CODE - supportedRevocationAuthMethods: - - CLIENT_SECRET_BASIC - supportedScopes: - - defaultEntry: false - description: A permission to read your history. - name: history.read - - defaultEntry: false - description: A permission to read your timeline. - name: timeline.read - supportedTokenAuthMethods: - - CLIENT_SECRET_BASIC - tlsClientCertificateBoundAccessTokens: false - tokenEndpoint: https://my-service.example.com/token - tokenExpirationLinked: false - traditionalRequestObjectProcessingApplied: false - unauthorizedOnClientConfigSupported: false - userCodeLength: 0 schema: $ref: '#/components/schemas/Service' description: "" @@ -2749,7 +2657,22 @@ paths: schema: type: string responses: - "200": {} + "200": + content: + application/json: + example: + type: GrantedScopesGetResponse + serviceApiKey: 21653835348762 + clientId: 26478243745571 + subject: john + latestGrantedScopes: + - history.read + mergedGrantedScopes: + - history.read + - timeline.read + schema: + $ref: '#/components/schemas/client_authorization_delete_response' + description: "" "400": content: application/json: @@ -9238,7 +9161,8 @@ paths: type: string responses: "204": - description: The access token was successfully deleted. + description: | + The access token was successfully deleted. "400": content: application/json: @@ -9484,104 +9408,6 @@ paths: // This API is not supported yet. components: responses: - service_get_response: - content: - application/json: - example: - accessTokenDuration: 3600 - accessTokenType: Bearer - allowableClockSkew: 0 - apiKey: 21653835348762 - apiSecret: uE4NgqeIpuSV_XejQ7Ds3jsgA1yXhjR1MXJ1LbPuyls - attributes: - - key: attribute1-key - value: attribute1-value - - key: attribute2-key - value: attribute2-value - authorizationEndpoint: https://my-service.example.com/authz - authorizationResponseDuration: 0 - backchannelAuthReqIdDuration: 0 - backchannelBindingMessageRequiredInFapi: false - backchannelPollingInterval: 0 - backchannelUserCodeParameterSupported: false - claimShortcutRestrictive: false - clientIdAliasEnabled: true - clientsPerDeveloper: 0 - createdAt: 1639373421000 - dcrScopeUsedAsRequestable: false - deviceFlowCodeDuration: 0 - deviceFlowPollingInterval: 0 - directAuthorizationEndpointEnabled: false - directIntrospectionEndpointEnabled: false - directJwksEndpointEnabled: false - directRevocationEndpointEnabled: false - directTokenEndpointEnabled: false - directUserInfoEndpointEnabled: false - dynamicRegistrationSupported: false - errorDescriptionOmitted: false - errorUriOmitted: false - frontChannelRequestObjectEncryptionRequired: false - grantManagementActionRequired: false - hsmEnabled: false - idTokenDuration: 0 - introspectionEndpoint: https://my-service.example.com/introspection - issSuppressed: false - issuer: https://my-service.example.com - metadata: - - key: clientCount - value: "1" - missingClientIdAllowed: false - modifiedAt: 1639373421000 - mutualTlsValidatePkiCertChain: false - nbfOptional: false - number: 5041 - parRequired: false - pkceRequired: true - pkceS256Required: false - pushedAuthReqDuration: 0 - refreshTokenDuration: 3600 - refreshTokenDurationKept: false - refreshTokenDurationReset: false - refreshTokenKept: false - requestObjectEncryptionAlgMatchRequired: false - requestObjectEncryptionEncMatchRequired: false - requestObjectRequired: false - revocationEndpoint: https://my-service.example.com/revocation - scopeRequired: false - serviceName: My service - serviceOwnerNumber: 2 - singleAccessTokenPerSubject: false - supportedClaimTypes: - - NORMAL - supportedDisplays: - - PAGE - supportedGrantTypes: - - AUTHORIZATION_CODE - - REFRESH_TOKEN - supportedIntrospectionAuthMethods: - - CLIENT_SECRET_BASIC - supportedResponseTypes: - - CODE - supportedRevocationAuthMethods: - - CLIENT_SECRET_BASIC - supportedScopes: - - defaultEntry: false - description: A permission to read your history. - name: history.read - - defaultEntry: false - description: A permission to read your timeline. - name: timeline.read - supportedTokenAuthMethods: - - CLIENT_SECRET_BASIC - tlsClientCertificateBoundAccessTokens: false - tokenEndpoint: https://my-service.example.com/token - tokenExpirationLinked: false - traditionalRequestObjectProcessingApplied: false - unauthorizedOnClientConfigSupported: false - userCodeLength: 0 - schema: - $ref: '#/components/schemas/Service' - description: "" "400": content: application/json: @@ -9620,635 +9446,6 @@ components: schema: $ref: '#/components/schemas/result' description: "" - service_create_response: - content: - application/json: - example: - accessTokenDuration: 3600 - accessTokenType: Bearer - allowableClockSkew: 0 - apiKey: 21653835348762 - apiSecret: uE4NgqeIpuSV_XejQ7Ds3jsgA1yXhjR1MXJ1LbPuyls - attributes: - - key: attribute1-key - value: attribute1-value - - key: attribute2-key - value: attribute2-value - authorizationEndpoint: https://my-service.example.com/authz - authorizationResponseDuration: 0 - backchannelAuthReqIdDuration: 0 - backchannelBindingMessageRequiredInFapi: false - backchannelPollingInterval: 0 - backchannelUserCodeParameterSupported: false - claimShortcutRestrictive: false - clientIdAliasEnabled: true - clientsPerDeveloper: 0 - createdAt: 1639373421000 - dcrScopeUsedAsRequestable: false - deviceFlowCodeDuration: 0 - deviceFlowPollingInterval: 0 - directAuthorizationEndpointEnabled: false - directIntrospectionEndpointEnabled: false - directJwksEndpointEnabled: false - directRevocationEndpointEnabled: false - directTokenEndpointEnabled: false - directUserInfoEndpointEnabled: false - dynamicRegistrationSupported: false - errorDescriptionOmitted: false - errorUriOmitted: false - frontChannelRequestObjectEncryptionRequired: false - grantManagementActionRequired: false - hsmEnabled: false - idTokenDuration: 0 - introspectionEndpoint: https://my-service.example.com/introspection - issSuppressed: false - issuer: https://my-service.example.com - metadata: - - key: clientCount - value: "0" - missingClientIdAllowed: false - modifiedAt: 1639373421000 - mutualTlsValidatePkiCertChain: false - nbfOptional: false - number: 5041 - parRequired: false - pkceRequired: true - pkceS256Required: false - pushedAuthReqDuration: 0 - refreshTokenDuration: 3600 - refreshTokenDurationKept: false - refreshTokenDurationReset: false - refreshTokenKept: false - requestObjectEncryptionAlgMatchRequired: false - requestObjectEncryptionEncMatchRequired: false - requestObjectRequired: false - revocationEndpoint: https://my-service.example.com/revocation - scopeRequired: false - serviceName: My service - serviceOwnerNumber: 2 - singleAccessTokenPerSubject: false - supportedClaimTypes: - - NORMAL - supportedDisplays: - - PAGE - supportedGrantTypes: - - AUTHORIZATION_CODE - - REFRESH_TOKEN - supportedIntrospectionAuthMethods: - - CLIENT_SECRET_BASIC - supportedResponseTypes: - - CODE - supportedRevocationAuthMethods: - - CLIENT_SECRET_BASIC - supportedScopes: - - defaultEntry: false - description: A permission to read your history. - name: history.read - - defaultEntry: false - description: A permission to read your timeline. - name: timeline.read - supportedTokenAuthMethods: - - CLIENT_SECRET_BASIC - tlsClientCertificateBoundAccessTokens: false - tokenEndpoint: https://my-service.example.com/token - tokenExpirationLinked: false - traditionalRequestObjectProcessingApplied: false - unauthorizedOnClientConfigSupported: false - userCodeLength: 0 - schema: - $ref: '#/components/schemas/Service' - description: "" - service_update_response: - content: - application/json: - example: - accessTokenDuration: 3600 - accessTokenType: Bearer - allowableClockSkew: 0 - apiKey: 21653835348762 - apiSecret: uE4NgqeIpuSV_XejQ7Ds3jsgA1yXhjR1MXJ1LbPuyls - attributes: - - key: attribute1-key - value: attribute1-value - - key: attribute2-key - value: attribute2-value - authorizationEndpoint: https://my-service.example.com/authz - authorizationResponseDuration: 0 - backchannelAuthReqIdDuration: 0 - backchannelBindingMessageRequiredInFapi: false - backchannelPollingInterval: 0 - backchannelUserCodeParameterSupported: false - claimShortcutRestrictive: false - clientIdAliasEnabled: true - clientsPerDeveloper: 0 - createdAt: 1639373421000 - dcrScopeUsedAsRequestable: false - deviceFlowCodeDuration: 0 - deviceFlowPollingInterval: 0 - directAuthorizationEndpointEnabled: false - directIntrospectionEndpointEnabled: false - directJwksEndpointEnabled: false - directRevocationEndpointEnabled: false - directTokenEndpointEnabled: false - directUserInfoEndpointEnabled: false - dynamicRegistrationSupported: false - errorDescriptionOmitted: false - errorUriOmitted: false - frontChannelRequestObjectEncryptionRequired: false - grantManagementActionRequired: false - hsmEnabled: false - idTokenDuration: 0 - introspectionEndpoint: https://my-service.example.com/introspection - issSuppressed: false - issuer: https://my-service.example.com - metadata: - - key: clientCount - value: "1" - missingClientIdAllowed: false - modifiedAt: 1639373420725 - mutualTlsValidatePkiCertChain: false - nbfOptional: false - number: 5041 - parRequired: false - pkceRequired: true - pkceS256Required: false - pushedAuthReqDuration: 0 - refreshTokenDuration: 3600 - refreshTokenDurationKept: false - refreshTokenDurationReset: false - refreshTokenKept: false - requestObjectEncryptionAlgMatchRequired: false - requestObjectEncryptionEncMatchRequired: false - requestObjectRequired: false - revocationEndpoint: https://my-service.example.com/revocation - scopeRequired: false - serviceName: My updated service - serviceOwnerNumber: 2 - singleAccessTokenPerSubject: false - supportedClaimTypes: - - NORMAL - supportedDisplays: - - PAGE - supportedGrantTypes: - - AUTHORIZATION_CODE - - REFRESH_TOKEN - supportedIntrospectionAuthMethods: - - CLIENT_SECRET_BASIC - supportedResponseTypes: - - CODE - supportedRevocationAuthMethods: - - CLIENT_SECRET_BASIC - supportedScopes: - - defaultEntry: false - description: A permission to read your history. - name: history.read - - defaultEntry: false - description: A permission to read your timeline. - name: timeline.read - supportedTokenAuthMethods: - - CLIENT_SECRET_BASIC - tlsClientCertificateBoundAccessTokens: false - tokenEndpoint: https://my-service.example.com/token - tokenExpirationLinked: false - traditionalRequestObjectProcessingApplied: false - unauthorizedOnClientConfigSupported: false - userCodeLength: 0 - schema: - $ref: '#/components/schemas/Service' - description: "" - client_get_response: - content: - application/json: - example: - applicationType: WEB - attributes: - - key: attribute1-key - value: attribute1-value - - key: attribute2-key - value: attribute2-value - authTimeRequired: false - bcUserCodeRequired: false - clientId: 26478243745571 - clientIdAlias: my-client - clientIdAliasEnabled: true - clientName: My client - clientSecret: gXz97ISgLs4HuXwOZWch8GEmgL4YMvUJwu3er_kDVVGcA0UOhA9avLPbEmoeZdagi9yC_-tEiT2BdRyH9dbrQQ - clientType: CONFIDENTIAL - createdAt: 1639468356000 - defaultMaxAge: 0 - derivedSectorIdentifier: my-client.example.com - developer: john - dynamicallyRegistered: false - frontChannelRequestObjectEncryptionRequired: false - grantTypes: - - AUTHORIZATION_CODE - - REFRESH_TOKEN - idTokenSignAlg: RS256 - modifiedAt: 1639468356000 - number: 6164 - parRequired: false - redirectUris: - - https://my-client.example.com/cb1 - - https://my-client.example.com/cb2 - requestObjectEncryptionAlgMatchRequired: false - requestObjectEncryptionEncMatchRequired: false - requestObjectRequired: false - responseTypes: - - CODE - - TOKEN - serviceNumber: 5041 - subjectType: PUBLIC - tlsClientCertificateBoundAccessTokens: false - tokenAuthMethod: CLIENT_SECRET_BASIC - schema: - $ref: '#/components/schemas/Client' - description: "" - client_create_response: - content: - application/json: - example: - applicationType: WEB - attributes: - - key: attribute1-key - value: attribute1-value - - key: attribute2-key - value: attribute2-value - authTimeRequired: false - bcUserCodeRequired: false - clientId: 26478243745571 - clientIdAlias: my-client - clientIdAliasEnabled: true - clientName: My client - clientSecret: gXz97ISgLs4HuXwOZWch8GEmgL4YMvUJwu3er_kDVVGcA0UOhA9avLPbEmoeZdagi9yC_-tEiT2BdRyH9dbrQQ - clientType: CONFIDENTIAL - createdAt: 1639468356000 - defaultMaxAge: 0 - derivedSectorIdentifier: my-client.example.com - developer: john - dynamicallyRegistered: false - frontChannelRequestObjectEncryptionRequired: false - grantTypes: - - AUTHORIZATION_CODE - - REFRESH_TOKEN - idTokenSignAlg: RS256 - modifiedAt: 1639468356000 - number: 6164 - parRequired: false - redirectUris: - - https://my-client.example.com/cb1 - - https://my-client.example.com/cb2 - requestObjectEncryptionAlgMatchRequired: false - requestObjectEncryptionEncMatchRequired: false - requestObjectRequired: false - responseTypes: - - CODE - - TOKEN - serviceNumber: 5041 - subjectType: PUBLIC - tlsClientCertificateBoundAccessTokens: false - tokenAuthMethod: CLIENT_SECRET_BASIC - schema: - $ref: '#/components/schemas/Client' - description: "" - client_update_response: - content: - application/json: - example: - applicationType: WEB - attributes: - - key: attribute1-key - value: attribute1-value - - key: attribute2-key - value: attribute2-value - authTimeRequired: false - bcUserCodeRequired: false - clientId: 26478243745571 - clientIdAlias: my-client - clientIdAliasEnabled: true - clientName: My updated client - clientSecret: gXz97ISgLs4HuXwOZWch8GEmgL4YMvUJwu3er_kDVVGcA0UOhA9avLPbEmoeZdagi9yC_-tEiT2BdRyH9dbrQQ - clientType: CONFIDENTIAL - createdAt: 1639468356000 - defaultMaxAge: 0 - derivedSectorIdentifier: my-client.example.com - developer: john - dynamicallyRegistered: false - frontChannelRequestObjectEncryptionRequired: false - grantTypes: - - AUTHORIZATION_CODE - - REFRESH_TOKEN - idTokenSignAlg: RS256 - modifiedAt: 1639557082764 - number: 6164 - parRequired: false - redirectUris: - - https://my-client.example.com/cb1 - - https://my-client.example.com/cb2 - requestObjectEncryptionAlgMatchRequired: false - requestObjectEncryptionEncMatchRequired: false - requestObjectRequired: false - responseTypes: - - CODE - - TOKEN - serviceNumber: 5041 - subjectType: PUBLIC - tlsClientCertificateBoundAccessTokens: false - tokenAuthMethod: CLIENT_SECRET_BASIC - schema: - $ref: '#/components/schemas/Client' - description: "" - client_authorization_delete_response: {} - service_configuration_response: - content: - application/json: - example: - issuer: https://my-service.example.com - authorization_endpoint: https://my-service.example.com/authz - token_endpoint: https://my-service.example.com/token - scopes_supported: - - history.read - - timeline.read - response_types_supported: - - code - response_modes_supported: - - query - - fragment - - form_post - - query.jwt - - fragment.jwt - - form_post.jwt - - jwt - grant_types_supported: - - authorization_code - - password - - refresh_token - subject_types_supported: - - public - - pairwise - id_token_signing_alg_values_supported: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - id_token_encryption_alg_values_supported: - - RSA1_5 - - RSA-OAEP - - RSA-OEAP-256 - - ECDH-ES - - ECDH-ES+A128KW - - ECDH-ES+A192KW - - ECDH-ES+A256KW - - A128KW - - A192KW - - A256KW - - dir - - A128GCMKW - - A192GCMKW - - A256GCMKW - - PBES2-HS256+A128KW - - PBES2-HS384+A192KW - - PBES2-HS512+A256KW - id_token_encryption_enc_values_supported: - - A128CBC-HS256 - - A192CBC-HS384 - - A256CBC-HS512 - - A128GCM - - A192GCM - - A256GCM - userinfo_signing_alg_values_supported: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - - none - userinfo_encryption_alg_values_supported: - - RSA1_5 - - RSA-OAEP - - RSA-OEAP-256 - - ECDH-ES - - ECDH-ES+A128KW - - ECDH-ES+A192KW - - ECDH-ES+A256KW - - A128KW - - A192KW - - A256KW - - dir - - A128GCMKW - - A192GCMKW - - A256GCMKW - - PBES2-HS256+A128KW - - PBES2-HS384+A192KW - - PBES2-HS512+A256KW - userinfo_encryption_enc_values_supported: - - A128CBC-HS256 - - A192CBC-HS384 - - A256CBC-HS512 - - A128GCM - - A192GCM - - A256GCM - request_object_signing_alg_values_supported: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - request_object_encryption_alg_values_supported: - - RSA1_5 - - RSA-OAEP - - RSA-OEAP-256 - - ECDH-ES - - ECDH-ES+A128KW - - ECDH-ES+A192KW - - ECDH-ES+A256KW - - A128KW - - A192KW - - A256KW - - dir - - A128GCMKW - - A192GCMKW - - A256GCMKW - - PBES2-HS256+A128KW - - PBES2-HS384+A192KW - - PBES2-HS512+A256KW - request_object_encryption_enc_values_supported: - - A128CBC-HS256 - - A192CBC-HS384 - - A256CBC-HS512 - - A128GCM - - A192GCM - - A256GCM - authorization_signing_alg_values_supported: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - authorization_encryption_alg_values_supported: - - RSA1_5 - - RSA-OAEP - - RSA-OEAP-256 - - ECDH-ES - - ECDH-ES+A128KW - - ECDH-ES+A192KW - - ECDH-ES+A256KW - - A128KW - - A192KW - - A256KW - - dir - - A128GCMKW - - A192GCMKW - - A256GCMKW - - PBES2-HS256+A128KW - - PBES2-HS384+A192KW - - PBES2-HS512+A256KW - authorization_encryption_enc_values_supported: - - A128CBC-HS256 - - A192CBC-HS384 - - A256CBC-HS512 - - A128GCM - - A192GCM - - A256GCM - token_endpoint_auth_methods_supported: - - client_secret_basic - token_endpoint_auth_signing_alg_values_supported: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - display_values_supported: - - page - claim_types_supported: - - normal - claims_parameter_supported: true - request_parameter_supported: true - request_uri_parameter_supported: true - require_request_uri_registration: true - revocation_endpoint: https://my-service.example.com/revocation - revocation_endpoint_auth_methods_supported: [] - revocation_endpoint_auth_signing_alg_values_supported: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - introspection_endpoint: https://my-service.example.com/introspection - introspection_endpoint_auth_methods_supported: [] - introspection_endpoint_auth_signing_alg_values_supported: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - code_challenge_methods_supported: - - plain - - S256 - tls_client_certificate_bound_access_tokens: false - backchannel_token_delivery_modes_supported: [] - backchannel_authentication_request_signing_alg_values_supported: - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - backchannel_user_code_parameter_supported: false - require_pushed_authorization_requests: false - authorization_details_supported: true - verified_claims_supported: false - dpop_signing_alg_values_supported: - - RS256 - - RS384 - - RS512 - - PS256 - - PS384 - - PS512 - - ES256 - - ES384 - - ES512 - - ES256K - - EdDSA - require_signed_request_object: false - authorization_response_iss_parameter_supported: true - schema: - description: "An object representing OpenID Provider configuration information.\ - \ See [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata)\ - \ and [OpenID Provider Configuration Response](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse)\ - \ for more details.\n" - type: object - description: "" - token_delete_response: - description: The access token was successfully deleted. schemas: AccessToken: example: @@ -10348,6 +9545,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -10362,6 +9560,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -10374,7 +9573,6 @@ components: type: array type: object AuthorizationDetailsElement: - additionalProperties: true example: dataTypes: - dataTypes @@ -10387,6 +9585,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -10433,6 +9632,11 @@ components: items: type: string type: array + otherFields: + description: | + The RAR request in the JSON format excluding the pre-defined attributes such as `type` and `locations`. + The content and semantics are specific to the deployment and the use case implemented. + type: string required: - type type: object @@ -10608,7 +9812,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -10622,9 +9825,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -10823,15 +10023,6 @@ components: items: type: string type: array - authorizationDataTypes: - description: | - The data types that this client may use as values of the type field in `authorization_details`. - - This property corresponds to the `authorization_data_types` metadata. See "OAuth 2.0 Rich - Authorization Requests" (RAR) for details. - items: - type: string - type: array authorizationSignAlg: $ref: '#/components/schemas/jws_alg' authorizationEncryptionAlg: @@ -10939,13 +10130,6 @@ components: type: boolean subjectType: $ref: '#/components/schemas/subject_type' - sectorIdentifier: - description: "The sector identifier which is a URL starting with `https`.\ - \ This URL is used by the service to calculate pairwise subject values.\n\ - See [OpenID Connect Core 1.0, 8.1. Pairwise Identifier Algorithm](https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg).\n\ - \nThis property corresponds to `sector_identifier_uri` in\n[OpenID Connect\ - \ Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata).\n" - type: string sectorIdentifierUri: description: "The value of the sector identifier URI.\nThis represents the\ \ `sector_identifier_uri` client metadata which is defined in\n[OpenID\ @@ -11465,6 +10649,7 @@ components: apiSecret: apiSecret directRevocationEndpointEnabled: true grantManagementActionRequired: true + requestObjectAudienceChecked: true jwks: jwks tokenExpirationLinked: true supportedCustomClientMetadata: @@ -11486,7 +10671,6 @@ components: userInfoEndpoint: https://openapi-generator.tech dcrScopeUsedAsRequestable: true registrationEndpoint: https://openapi-generator.tech - isRequestObjectAudienceChecked: true deviceVerificationUri: https://openapi-generator.tech authenticationCallbackApiSecret: authenticationCallbackApiSecret requestObjectRequired: true @@ -11509,6 +10693,11 @@ components: pkceRequired: true claimShortcutRestrictive: true directIntrospectionEndpointEnabled: true + hsks: + - value: value + key: key + - value: value + key: key modifiedAt: 2 introspectionEndpoint: https://openapi-generator.tech supportedBackchannelTokenDeliveryModes: @@ -11589,11 +10778,6 @@ components: idTokenDuration: 4 authenticationCallbackApiKey: authenticationCallbackApiKey frontChannelRequestObjectEncryptionRequired: true - Hsks: - - value: value - key: key - - value: value - key: key refreshTokenDuration: 2 supportedRevocationAuthMethods: - null @@ -12574,7 +11758,7 @@ components: \ features do not work if the configuration of the Authlete\nserver you\ \ are using does not support HSM.\n" type: boolean - Hsks: + hsks: description: "The information about keys managed on HSMs (Hardware Security\ \ Modules).\n\nThis `hsks` property is output only, meaning that `hsks`\ \ in requests to `/api/service/create`\nAPI and `/api/service/update`\ @@ -12674,7 +11858,7 @@ components: \ Authlete allows the port number\ncomponent to be variable in other cases\ \ (e.g. in the case of the `\"https\"` scheme), too.\n" type: boolean - isRequestObjectAudienceChecked: + requestObjectAudienceChecked: description: "The flag indicating whether Authlete checks whether the `aud`\ \ claim of request objects matches\nthe issuer identifier of this service.\n\ \n[Section 6.1. Passing a Request Object by Value](https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests)\n\ @@ -12688,7 +11872,7 @@ components: \nAs excerpted above, validation on the `aud` claim of request objects\ \ is optional. However, if\nthis flag is turned on, Authlete checks whether\ \ the `aud` claim of request objects matches the issuer\nidentifier of\ - \ this service and raises an error if they are different." + \ this service and raises an error if they are different.\n" type: boolean type: object SnsCredentials: @@ -12830,6 +12014,7 @@ components: apiSecret: apiSecret directRevocationEndpointEnabled: true grantManagementActionRequired: true + requestObjectAudienceChecked: true jwks: jwks tokenExpirationLinked: true supportedCustomClientMetadata: @@ -12851,7 +12036,6 @@ components: userInfoEndpoint: https://openapi-generator.tech dcrScopeUsedAsRequestable: true registrationEndpoint: https://openapi-generator.tech - isRequestObjectAudienceChecked: true deviceVerificationUri: https://openapi-generator.tech authenticationCallbackApiSecret: authenticationCallbackApiSecret requestObjectRequired: true @@ -12874,6 +12058,11 @@ components: pkceRequired: true claimShortcutRestrictive: true directIntrospectionEndpointEnabled: true + hsks: + - value: value + key: key + - value: value + key: key modifiedAt: 2 introspectionEndpoint: https://openapi-generator.tech supportedBackchannelTokenDeliveryModes: @@ -12954,11 +12143,6 @@ components: idTokenDuration: 4 authenticationCallbackApiKey: authenticationCallbackApiKey frontChannelRequestObjectEncryptionRequired: true - Hsks: - - value: value - key: key - - value: value - key: key refreshTokenDuration: 2 supportedRevocationAuthMethods: - null @@ -13045,6 +12229,7 @@ components: apiSecret: apiSecret directRevocationEndpointEnabled: true grantManagementActionRequired: true + requestObjectAudienceChecked: true jwks: jwks tokenExpirationLinked: true supportedCustomClientMetadata: @@ -13066,7 +12251,6 @@ components: userInfoEndpoint: https://openapi-generator.tech dcrScopeUsedAsRequestable: true registrationEndpoint: https://openapi-generator.tech - isRequestObjectAudienceChecked: true deviceVerificationUri: https://openapi-generator.tech authenticationCallbackApiSecret: authenticationCallbackApiSecret requestObjectRequired: true @@ -13089,6 +12273,11 @@ components: pkceRequired: true claimShortcutRestrictive: true directIntrospectionEndpointEnabled: true + hsks: + - value: value + key: key + - value: value + key: key modifiedAt: 2 introspectionEndpoint: https://openapi-generator.tech supportedBackchannelTokenDeliveryModes: @@ -13169,11 +12358,6 @@ components: idTokenDuration: 4 authenticationCallbackApiKey: authenticationCallbackApiKey frontChannelRequestObjectEncryptionRequired: true - Hsks: - - value: value - key: key - - value: value - key: key refreshTokenDuration: 2 supportedRevocationAuthMethods: - null @@ -13311,7 +12495,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -13325,9 +12508,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -13438,7 +12618,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -13452,9 +12631,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -13655,7 +12831,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -13669,9 +12844,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -13782,7 +12954,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -13796,9 +12967,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -14028,7 +13196,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -14042,9 +13209,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -14083,6 +13247,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -14097,6 +13262,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -14186,6 +13352,7 @@ components: apiSecret: apiSecret directRevocationEndpointEnabled: true grantManagementActionRequired: true + requestObjectAudienceChecked: true jwks: jwks tokenExpirationLinked: true supportedCustomClientMetadata: @@ -14207,7 +13374,6 @@ components: userInfoEndpoint: https://openapi-generator.tech dcrScopeUsedAsRequestable: true registrationEndpoint: https://openapi-generator.tech - isRequestObjectAudienceChecked: true deviceVerificationUri: https://openapi-generator.tech authenticationCallbackApiSecret: authenticationCallbackApiSecret requestObjectRequired: true @@ -14230,6 +13396,11 @@ components: pkceRequired: true claimShortcutRestrictive: true directIntrospectionEndpointEnabled: true + hsks: + - value: value + key: key + - value: value + key: key modifiedAt: 2 introspectionEndpoint: https://openapi-generator.tech supportedBackchannelTokenDeliveryModes: @@ -14310,11 +13481,6 @@ components: idTokenDuration: 4 authenticationCallbackApiKey: authenticationCallbackApiKey frontChannelRequestObjectEncryptionRequired: true - Hsks: - - value: value - key: key - - value: value - key: key refreshTokenDuration: 2 supportedRevocationAuthMethods: - null @@ -14721,8 +13887,8 @@ components: \ request parameter is `null` or empty,\nthe value of the `subject` request\ \ parameter is used as the value of the `sub` claim.\n" type: string - idHeaderParams: - description: |- + idtHeaderParams: + description: | JSON that represents additional JWS header parameters for ID tokens that may be issued based on the authorization request. type: string @@ -14933,6 +14099,7 @@ components: clientIdAlias: clientIdAlias jwtAccessToken: jwtAccessToken password: password + clientAuthMethod: clientAuthMethod action: INTERNAL_SERVER_ERROR serviceAttributes: - value: value @@ -14969,6 +14136,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -14983,6 +14151,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -15152,6 +14321,10 @@ components: items: $ref: '#/components/schemas/Pair' type: array + clientAuthMethod: + description: | + The client authentication method that was performed at the token endpoint. + type: string type: object token_fail_request: properties: @@ -15224,9 +14397,6 @@ components: accessTokenExpiresAt: 0 subject: subject resultCode: resultCode - resources: - - resources - - resources accessTokenResources: - accessTokenResources - accessTokenResources @@ -15247,6 +14417,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -15261,6 +14432,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -15391,12 +14563,6 @@ components: \ `accessTokenSignAlg` value is a non-null value), a JWT-based access\ \ token is issued along with the\noriginal random-string one.\n" type: string - resources: - description: | - The resources specified by the `resource` request parameters in the token request. See "Resource Indicators for OAuth 2.0" for details. - items: - type: string - type: array accessTokenResources: description: | The target resources of the access token being issued. See "Resource Indicators for OAuth 2.0" for details. @@ -15467,6 +14633,12 @@ components: \ at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)\n\ for details.\n" type: string + resources: + description: | + The resources specified by the `resource` request parameters in the token request. See "Resource Indicators for OAuth 2.0" for details. + items: + type: string + type: array required: - token type: object @@ -15526,6 +14698,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -15540,6 +14713,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -16059,7 +15233,15 @@ components: properties: json: description: "Client metadata in JSON format that complies with [RFC 7591](https://datatracker.ietf.org/doc/html/rfc7591)\n\ - (OAuth 2.0 Dynamic Client Registration Protocol)." + (OAuth 2.0 Dynamic Client Registration Protocol).\n" + type: string + token: + description: "The client registration access token. Used only for GET, UPDATE,\ + \ and DELETE requests.\n" + type: string + clientId: + description: "The client's identifier. Used for GET, UPDATE, and DELETE\ + \ requests\n" type: string required: - json @@ -16166,7 +15348,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -16180,9 +15361,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -16336,7 +15514,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -16350,9 +15527,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -16513,7 +15687,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -16527,9 +15700,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -16668,6 +15838,7 @@ components: claimNames: - claimNames - claimNames + clientAuthMethod: clientAuthMethod deliveryMode: null action: INTERNAL_SERVER_ERROR serviceAttributes: @@ -16702,6 +15873,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -16716,6 +15888,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -16916,6 +16089,10 @@ components: type: array deliveryMode: $ref: '#/components/schemas/delivery_mode' + clientAuthMethod: + description: | + The client authentication method that was performed. + type: string type: object backchannel_authentication_issue_request: properties: @@ -17086,7 +16263,7 @@ components: items: type: string type: array - idHeaderParams: + idtHeaderParams: description: | JSON that represents additional JWS header parameters for ID tokens. type: string @@ -17134,6 +16311,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -17148,6 +16326,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -17356,6 +16535,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -17370,6 +16550,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -17578,6 +16759,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -17592,6 +16774,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -17804,7 +16987,7 @@ components: The URI of a document which describes the error in detail. This corresponds to the `error_uri` property in the response to the client. type: string - idHeaderParams: + idtHeaderParams: description: JSON that represents additional JWS header parameters for ID tokens. type: string @@ -17938,7 +17121,6 @@ components: tokenAuthSignAlg: null authTimeRequired: true idTokenEncryptionAlg: null - sectorIdentifier: sectorIdentifier clientIdAliasEnabled: true bcUserCodeRequired: true tokenAuthMethod: null @@ -17952,9 +17134,6 @@ components: requestObjectRequired: true requestEncryptionEnc: null tlsClientAuthSanUri: tlsClientAuthSanUri - authorizationDataTypes: - - authorizationDataTypes - - authorizationDataTypes frontChannelRequestObjectEncryptionRequired: true softwareId: softwareId userInfoEncryptionAlg: null @@ -18186,6 +17365,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -18200,6 +17380,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -18382,6 +17563,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -18396,6 +17578,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -18634,6 +17817,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -18648,6 +17832,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -18660,7 +17845,6 @@ components: type: array type: object authorization_details_element: - additionalProperties: true example: dataTypes: - dataTypes @@ -18673,6 +17857,7 @@ components: - locations - locations type: type + otherFields: otherFields actions: - actions - actions @@ -18719,6 +17904,11 @@ components: items: type: string type: array + otherFields: + description: | + The RAR request in the JSON format excluding the pre-defined attributes such as `type` and `locations`. + The content and semantics are specific to the deployment and the use case implemented. + type: string required: - type type: object diff --git a/api_client_management.go b/api_client_management.go index 118c9d8..7d7dccd 100644 --- a/api_client_management.go +++ b/api_client_management.go @@ -194,7 +194,8 @@ Example: `[ "profile", "email" ]` ClientGrantedScopesGetApi(ctx context.Context, clientId string, subject string) ApiClientGrantedScopesGetApiRequest // ClientGrantedScopesGetApiExecute executes the request - ClientGrantedScopesGetApiExecute(r ApiClientGrantedScopesGetApiRequest) (*http.Response, error) + // @return ClientAuthorizationDeleteResponse + ClientGrantedScopesGetApiExecute(r ApiClientGrantedScopesGetApiRequest) (*ClientAuthorizationDeleteResponse, *http.Response, error) /* ClientSecretRefreshApi /api/client/secret/refresh API @@ -1478,7 +1479,7 @@ type ApiClientGrantedScopesGetApiRequest struct { subject string } -func (r ApiClientGrantedScopesGetApiRequest) Execute() (*http.Response, error) { +func (r ApiClientGrantedScopesGetApiRequest) Execute() (*ClientAuthorizationDeleteResponse, *http.Response, error) { return r.ApiService.ClientGrantedScopesGetApiExecute(r) } @@ -1526,16 +1527,18 @@ func (a *ClientManagementApiService) ClientGrantedScopesGetApi(ctx context.Conte } // Execute executes the request -func (a *ClientManagementApiService) ClientGrantedScopesGetApiExecute(r ApiClientGrantedScopesGetApiRequest) (*http.Response, error) { +// @return ClientAuthorizationDeleteResponse +func (a *ClientManagementApiService) ClientGrantedScopesGetApiExecute(r ApiClientGrantedScopesGetApiRequest) (*ClientAuthorizationDeleteResponse, *http.Response, error) { var ( localVarHTTPMethod = http.MethodGet localVarPostBody interface{} formFiles []formFile + localVarReturnValue *ClientAuthorizationDeleteResponse ) localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ClientManagementApiService.ClientGrantedScopesGetApi") if err != nil { - return nil, &GenericOpenAPIError{error: err.Error()} + return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()} } localVarPath := localBasePath + "/api/client/granted_scopes/get/{clientId}/{subject}" @@ -1565,19 +1568,19 @@ func (a *ClientManagementApiService) ClientGrantedScopesGetApiExecute(r ApiClien } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) if err != nil { - return nil, err + return localVarReturnValue, nil, err } localVarHTTPResponse, err := a.client.callAPI(req) if err != nil || localVarHTTPResponse == nil { - return localVarHTTPResponse, err + return localVarReturnValue, localVarHTTPResponse, err } localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) localVarHTTPResponse.Body.Close() localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) if err != nil { - return localVarHTTPResponse, err + return localVarReturnValue, localVarHTTPResponse, err } if localVarHTTPResponse.StatusCode >= 300 { @@ -1590,44 +1593,53 @@ func (a *ClientManagementApiService) ClientGrantedScopesGetApiExecute(r ApiClien err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) if err != nil { newErr.error = err.Error() - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } newErr.model = v - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } if localVarHTTPResponse.StatusCode == 401 { var v Result err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) if err != nil { newErr.error = err.Error() - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } newErr.model = v - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } if localVarHTTPResponse.StatusCode == 403 { var v Result err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) if err != nil { newErr.error = err.Error() - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } newErr.model = v - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } if localVarHTTPResponse.StatusCode == 500 { var v Result err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) if err != nil { newErr.error = err.Error() - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } newErr.model = v } - return localVarHTTPResponse, newErr + return localVarReturnValue, localVarHTTPResponse, newErr } - return localVarHTTPResponse, nil + err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil } type ApiClientSecretRefreshApiRequest struct { diff --git a/docs/AuthorizationDetailsElement.md b/docs/AuthorizationDetailsElement.md index 0a7dfbc..ffb2dae 100644 --- a/docs/AuthorizationDetailsElement.md +++ b/docs/AuthorizationDetailsElement.md @@ -10,6 +10,7 @@ Name | Type | Description | Notes **DataTypes** | Pointer to **[]string** | From _\"OAuth 2.0 Rich Authorization Requests\"_: _\"An array of strings representing the kinds of data being requested from the resource.\"_ This property may be `null`. | [optional] **Identifier** | Pointer to **string** | The identifier of a specific resource. From _\"OAuth 2.0 Rich Authorization Requests\"_: _\"A string identifier indicating a specific resource available at the API.\"_ This property may be `null`. | [optional] **Privileges** | Pointer to **[]string** | The types or levels of privilege. From \"OAuth 2.0 Rich Authorization Requests\": _\"An array of strings representing the types or levels of privilege being requested at the resource.\"_ This property may be `null`. | [optional] +**OtherFields** | Pointer to **string** | The RAR request in the JSON format excluding the pre-defined attributes such as `type` and `locations`. The content and semantics are specific to the deployment and the use case implemented. | [optional] ## Methods @@ -175,6 +176,31 @@ SetPrivileges sets Privileges field to given value. HasPrivileges returns a boolean if a field has been set. +### GetOtherFields + +`func (o *AuthorizationDetailsElement) GetOtherFields() string` + +GetOtherFields returns the OtherFields field if non-nil, zero value otherwise. + +### GetOtherFieldsOk + +`func (o *AuthorizationDetailsElement) GetOtherFieldsOk() (*string, bool)` + +GetOtherFieldsOk returns a tuple with the OtherFields field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetOtherFields + +`func (o *AuthorizationDetailsElement) SetOtherFields(v string)` + +SetOtherFields sets OtherFields field to given value. + +### HasOtherFields + +`func (o *AuthorizationDetailsElement) HasOtherFields() bool` + +HasOtherFields returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/AuthorizationIssueRequest.md b/docs/AuthorizationIssueRequest.md index 61c3f96..74915d9 100644 --- a/docs/AuthorizationIssueRequest.md +++ b/docs/AuthorizationIssueRequest.md @@ -12,7 +12,7 @@ Name | Type | Description | Notes **Properties** | Pointer to [**[]Property**](Property.md) | Extra properties to associate with an access token and/or an authorization code. | [optional] **Scopes** | Pointer to **[]string** | Scopes to associate with an access token and/or an authorization code. If a non-empty string array is given, it replaces the scopes specified by the original authorization request. | [optional] **Sub** | Pointer to **string** | The value of the `sub` claim to embed in an ID token. If this request parameter is `null` or empty, the value of the `subject` request parameter is used as the value of the `sub` claim. | [optional] -**IdHeaderParams** | Pointer to **string** | JSON that represents additional JWS header parameters for ID tokens that may be issued based on the authorization request. | [optional] +**IdtHeaderParams** | Pointer to **string** | JSON that represents additional JWS header parameters for ID tokens that may be issued based on the authorization request. | [optional] ## Methods @@ -223,30 +223,30 @@ SetSub sets Sub field to given value. HasSub returns a boolean if a field has been set. -### GetIdHeaderParams +### GetIdtHeaderParams -`func (o *AuthorizationIssueRequest) GetIdHeaderParams() string` +`func (o *AuthorizationIssueRequest) GetIdtHeaderParams() string` -GetIdHeaderParams returns the IdHeaderParams field if non-nil, zero value otherwise. +GetIdtHeaderParams returns the IdtHeaderParams field if non-nil, zero value otherwise. -### GetIdHeaderParamsOk +### GetIdtHeaderParamsOk -`func (o *AuthorizationIssueRequest) GetIdHeaderParamsOk() (*string, bool)` +`func (o *AuthorizationIssueRequest) GetIdtHeaderParamsOk() (*string, bool)` -GetIdHeaderParamsOk returns a tuple with the IdHeaderParams field if it's non-nil, zero value otherwise +GetIdtHeaderParamsOk returns a tuple with the IdtHeaderParams field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. -### SetIdHeaderParams +### SetIdtHeaderParams -`func (o *AuthorizationIssueRequest) SetIdHeaderParams(v string)` +`func (o *AuthorizationIssueRequest) SetIdtHeaderParams(v string)` -SetIdHeaderParams sets IdHeaderParams field to given value. +SetIdtHeaderParams sets IdtHeaderParams field to given value. -### HasIdHeaderParams +### HasIdtHeaderParams -`func (o *AuthorizationIssueRequest) HasIdHeaderParams() bool` +`func (o *AuthorizationIssueRequest) HasIdtHeaderParams() bool` -HasIdHeaderParams returns a boolean if a field has been set. +HasIdtHeaderParams returns a boolean if a field has been set. [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/BackchannelAuthenticationCompleteRequest.md b/docs/BackchannelAuthenticationCompleteRequest.md index f3a0f21..e06f7f1 100644 --- a/docs/BackchannelAuthenticationCompleteRequest.md +++ b/docs/BackchannelAuthenticationCompleteRequest.md @@ -13,7 +13,7 @@ Name | Type | Description | Notes **Claims** | Pointer to **string** | Additional claims which will be embedded in the ID token. | [optional] **Properties** | Pointer to [**[]Property**](Property.md) | The extra properties associated with the access token. | [optional] **Scopes** | Pointer to **[]string** | Scopes to replace the scopes specified in the original backchannel authentication request with. When nothing is specified for this parameter, replacement is not performed. | [optional] -**IdHeaderParams** | Pointer to **string** | JSON that represents additional JWS header parameters for ID tokens. | [optional] +**IdtHeaderParams** | Pointer to **string** | JSON that represents additional JWS header parameters for ID tokens. | [optional] **ErrorDescription** | Pointer to **string** | The description of the error. If this optional request parameter is given, its value is used as the value of the `error_description` property, but it is used only when the result is not `AUTHORIZED`. To comply with the specification strictly, the description must not include characters outside the set `%x20-21 / %x23-5B / %x5D-7E`. | [optional] **ErrorUri** | Pointer to **string** | The URI of a document which describes the error in detail. This corresponds to the `error_uri` property in the response to the client. | [optional] @@ -246,30 +246,30 @@ SetScopes sets Scopes field to given value. HasScopes returns a boolean if a field has been set. -### GetIdHeaderParams +### GetIdtHeaderParams -`func (o *BackchannelAuthenticationCompleteRequest) GetIdHeaderParams() string` +`func (o *BackchannelAuthenticationCompleteRequest) GetIdtHeaderParams() string` -GetIdHeaderParams returns the IdHeaderParams field if non-nil, zero value otherwise. +GetIdtHeaderParams returns the IdtHeaderParams field if non-nil, zero value otherwise. -### GetIdHeaderParamsOk +### GetIdtHeaderParamsOk -`func (o *BackchannelAuthenticationCompleteRequest) GetIdHeaderParamsOk() (*string, bool)` +`func (o *BackchannelAuthenticationCompleteRequest) GetIdtHeaderParamsOk() (*string, bool)` -GetIdHeaderParamsOk returns a tuple with the IdHeaderParams field if it's non-nil, zero value otherwise +GetIdtHeaderParamsOk returns a tuple with the IdtHeaderParams field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. -### SetIdHeaderParams +### SetIdtHeaderParams -`func (o *BackchannelAuthenticationCompleteRequest) SetIdHeaderParams(v string)` +`func (o *BackchannelAuthenticationCompleteRequest) SetIdtHeaderParams(v string)` -SetIdHeaderParams sets IdHeaderParams field to given value. +SetIdtHeaderParams sets IdtHeaderParams field to given value. -### HasIdHeaderParams +### HasIdtHeaderParams -`func (o *BackchannelAuthenticationCompleteRequest) HasIdHeaderParams() bool` +`func (o *BackchannelAuthenticationCompleteRequest) HasIdtHeaderParams() bool` -HasIdHeaderParams returns a boolean if a field has been set. +HasIdtHeaderParams returns a boolean if a field has been set. ### GetErrorDescription diff --git a/docs/BackchannelAuthenticationResponse.md b/docs/BackchannelAuthenticationResponse.md index 4c55e64..c2736d6 100644 --- a/docs/BackchannelAuthenticationResponse.md +++ b/docs/BackchannelAuthenticationResponse.md @@ -32,6 +32,7 @@ Name | Type | Description | Notes **ClientAttributes** | Pointer to [**[]Pair**](Pair.md) | The attributes of the client. | [optional] **DynamicScopes** | Pointer to [**[]DynamicScope**](DynamicScope.md) | The dynamic scopes which the client application requested by the scope request parameter. | [optional] **DeliveryMode** | Pointer to [**DeliveryMode**](DeliveryMode.md) | | [optional] +**ClientAuthMethod** | Pointer to **string** | The client authentication method that was performed. | [optional] ## Methods @@ -752,6 +753,31 @@ SetDeliveryMode sets DeliveryMode field to given value. HasDeliveryMode returns a boolean if a field has been set. +### GetClientAuthMethod + +`func (o *BackchannelAuthenticationResponse) GetClientAuthMethod() string` + +GetClientAuthMethod returns the ClientAuthMethod field if non-nil, zero value otherwise. + +### GetClientAuthMethodOk + +`func (o *BackchannelAuthenticationResponse) GetClientAuthMethodOk() (*string, bool)` + +GetClientAuthMethodOk returns a tuple with the ClientAuthMethod field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetClientAuthMethod + +`func (o *BackchannelAuthenticationResponse) SetClientAuthMethod(v string)` + +SetClientAuthMethod sets ClientAuthMethod field to given value. + +### HasClientAuthMethod + +`func (o *BackchannelAuthenticationResponse) HasClientAuthMethod() bool` + +HasClientAuthMethod returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/Client.md b/docs/Client.md index 0ae23b5..fe7548d 100644 --- a/docs/Client.md +++ b/docs/Client.md @@ -30,7 +30,6 @@ Name | Type | Description | Notes **GrantTypes** | Pointer to [**[]GrantType**](GrantType.md) | A string array of grant types which the client application declares that it will restrict itself to using. This property corresponds to `grant_types` in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata). | [optional] **ResponseTypes** | Pointer to [**[]ResponseType**](ResponseType.md) | A string array of response types which the client application declares that it will restrict itself to using. This property corresponds to `response_types` in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata). | [optional] **RedirectUris** | Pointer to **[]string** | Redirect URIs that the client application uses to receive a response from the authorization endpoint. Requirements for a redirect URI are as follows. **Requirements by RFC 6749** (From [RFC 6749, 3.1.2. Redirection Endpoint](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2)) - Must be an absolute URI. - Must not have a fragment component. **Requirements by OpenID Connect** (From \"[OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata), application_type\") - The scheme of the redirect URI used for Implicit Grant by a client application whose application is `web` must be `https`. This is checked at runtime by Authlete. - The hostname of the redirect URI used for Implicit Grant by a client application whose application type is `web` must not be `localhost`. This is checked at runtime by Authlete. - The scheme of the redirect URI used by a client application whose application type is `native` must be either (1) a custom scheme or (2) `http`, which is allowed only when the hostname part is `localhost`. This is checked at runtime by Authlete. **Requirements by Authlete** - Must consist of printable ASCII letters only. - Must not exceed 200 letters. Note that Authlete allows the application type to be `null`. In other words, a client application does not have to choose `web` or `native` as its application type. If the application type is `null`, the requirements by OpenID Connect are not checked at runtime. An authorization request from a client application which has not registered any redirect URI fails unless at least all the following conditions are satisfied. - The client type of the client application is `confidential`. - The value of `response_type` request parameter is `code`. - The authorization request has the `redirect_uri` request parameter. - The value of `scope` request parameter does not contain `openid`. RFC 6749 allows partial match of redirect URI under some conditions (see [RFC 6749, 3.1.2.2. Registration Requirements](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2.2) for details), but OpenID Connect requires exact match. | [optional] -**AuthorizationDataTypes** | Pointer to **[]string** | The data types that this client may use as values of the type field in `authorization_details`. This property corresponds to the `authorization_data_types` metadata. See \"OAuth 2.0 Rich Authorization Requests\" (RAR) for details. | [optional] **AuthorizationSignAlg** | Pointer to [**JwsAlg**](JwsAlg.md) | | [optional] **AuthorizationEncryptionAlg** | Pointer to [**JweAlg**](JweAlg.md) | | [optional] **AuthorizationEncryptionEnc** | Pointer to [**JweEnc**](JweEnc.md) | | [optional] @@ -55,7 +54,6 @@ Name | Type | Description | Notes **IdTokenEncryptionEnc** | Pointer to [**JweEnc**](JweEnc.md) | | [optional] **AuthTimeRequired** | Pointer to **bool** | The flag to indicate whether this client requires `auth_time` claim to be embedded in the ID token. This property corresponds to `require_auth_time` in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata). | [optional] **SubjectType** | Pointer to [**SubjectType**](SubjectType.md) | | [optional] -**SectorIdentifier** | Pointer to **string** | The sector identifier which is a URL starting with `https`. This URL is used by the service to calculate pairwise subject values. See [OpenID Connect Core 1.0, 8.1. Pairwise Identifier Algorithm](https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg). This property corresponds to `sector_identifier_uri` in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata). | [optional] **SectorIdentifierUri** | Pointer to **string** | The value of the sector identifier URI. This represents the `sector_identifier_uri` client metadata which is defined in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata) | [optional] **DerivedSectorIdentifier** | Pointer to **string** | The sector identifier host component as derived from either the `sector_identifier_uri` or the registered redirect URI. If no `sector_identifier_uri` is registered and multiple redirect URIs are also registered, the value of this property is `null`. | [optional] [readonly] **JwksUri** | Pointer to **string** | The URL pointing to the JWK Set of the client application. The content pointed to by the URL is JSON which complies with the format described in [JSON Web Key (JWK), 5. JWK Set Format](https://datatracker.ietf.org/doc/html/rfc7517#section-5). The JWK Set must not include private keys of the client application. If the client application requests encryption for ID tokens (from the authorization/token/userinfo endpoints) and/or signs request objects, it must make available its JWK Set containing public keys for the encryption and/or the signature at the URL of `jwksUri`. The service (Authlete) fetches the JWK Set from the URL as necessary. [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) says that `jwks` must not be used when the client can use `jwks_uri`, but Authlete allows both properties to be registered at the same time. However, Authlete does not use the content of `jwks` when `jwksUri` is registered. This property corresponds to `jwks_uri` in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata). | [optional] @@ -761,31 +759,6 @@ SetRedirectUris sets RedirectUris field to given value. HasRedirectUris returns a boolean if a field has been set. -### GetAuthorizationDataTypes - -`func (o *Client) GetAuthorizationDataTypes() []string` - -GetAuthorizationDataTypes returns the AuthorizationDataTypes field if non-nil, zero value otherwise. - -### GetAuthorizationDataTypesOk - -`func (o *Client) GetAuthorizationDataTypesOk() (*[]string, bool)` - -GetAuthorizationDataTypesOk returns a tuple with the AuthorizationDataTypes field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetAuthorizationDataTypes - -`func (o *Client) SetAuthorizationDataTypes(v []string)` - -SetAuthorizationDataTypes sets AuthorizationDataTypes field to given value. - -### HasAuthorizationDataTypes - -`func (o *Client) HasAuthorizationDataTypes() bool` - -HasAuthorizationDataTypes returns a boolean if a field has been set. - ### GetAuthorizationSignAlg `func (o *Client) GetAuthorizationSignAlg() JwsAlg` @@ -1386,31 +1359,6 @@ SetSubjectType sets SubjectType field to given value. HasSubjectType returns a boolean if a field has been set. -### GetSectorIdentifier - -`func (o *Client) GetSectorIdentifier() string` - -GetSectorIdentifier returns the SectorIdentifier field if non-nil, zero value otherwise. - -### GetSectorIdentifierOk - -`func (o *Client) GetSectorIdentifierOk() (*string, bool)` - -GetSectorIdentifierOk returns a tuple with the SectorIdentifier field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetSectorIdentifier - -`func (o *Client) SetSectorIdentifier(v string)` - -SetSectorIdentifier sets SectorIdentifier field to given value. - -### HasSectorIdentifier - -`func (o *Client) HasSectorIdentifier() bool` - -HasSectorIdentifier returns a boolean if a field has been set. - ### GetSectorIdentifierUri `func (o *Client) GetSectorIdentifierUri() string` diff --git a/docs/ClientManagementApi.md b/docs/ClientManagementApi.md index 76099d1..8784a5d 100644 --- a/docs/ClientManagementApi.md +++ b/docs/ClientManagementApi.md @@ -589,7 +589,7 @@ Name | Type | Description | Notes ## ClientGrantedScopesGetApi -> ClientGrantedScopesGetApi(ctx, clientId, subject).Execute() +> ClientAuthorizationDeleteResponse ClientGrantedScopesGetApi(ctx, clientId, subject).Execute() /api/client/granted_scopes/get/{clientId}/{subject} API @@ -618,6 +618,8 @@ func main() { fmt.Fprintf(os.Stderr, "Error when calling `ClientManagementApi.ClientGrantedScopesGetApi``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } + // response from `ClientGrantedScopesGetApi`: ClientAuthorizationDeleteResponse + fmt.Fprintf(os.Stdout, "Response from `ClientManagementApi.ClientGrantedScopesGetApi`: %v\n", resp) } ``` @@ -642,7 +644,7 @@ Name | Type | Description | Notes ### Return type - (empty response body) +[**ClientAuthorizationDeleteResponse**](ClientAuthorizationDeleteResponse.md) ### Authorization diff --git a/docs/ClientRegistrationRequest.md b/docs/ClientRegistrationRequest.md index ed9c41f..5607786 100644 --- a/docs/ClientRegistrationRequest.md +++ b/docs/ClientRegistrationRequest.md @@ -4,7 +4,9 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Json** | **string** | Client metadata in JSON format that complies with [RFC 7591](https://datatracker.ietf.org/doc/html/rfc7591) (OAuth 2.0 Dynamic Client Registration Protocol). | +**Json** | **string** | Client metadata in JSON format that complies with [RFC 7591](https://datatracker.ietf.org/doc/html/rfc7591) (OAuth 2.0 Dynamic Client Registration Protocol). | +**Token** | Pointer to **string** | The client registration access token. Used only for GET, UPDATE, and DELETE requests. | [optional] +**ClientId** | Pointer to **string** | The client's identifier. Used for GET, UPDATE, and DELETE requests | [optional] ## Methods @@ -45,6 +47,56 @@ and a boolean to check if the value has been set. SetJson sets Json field to given value. +### GetToken + +`func (o *ClientRegistrationRequest) GetToken() string` + +GetToken returns the Token field if non-nil, zero value otherwise. + +### GetTokenOk + +`func (o *ClientRegistrationRequest) GetTokenOk() (*string, bool)` + +GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetToken + +`func (o *ClientRegistrationRequest) SetToken(v string)` + +SetToken sets Token field to given value. + +### HasToken + +`func (o *ClientRegistrationRequest) HasToken() bool` + +HasToken returns a boolean if a field has been set. + +### GetClientId + +`func (o *ClientRegistrationRequest) GetClientId() string` + +GetClientId returns the ClientId field if non-nil, zero value otherwise. + +### GetClientIdOk + +`func (o *ClientRegistrationRequest) GetClientIdOk() (*string, bool)` + +GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetClientId + +`func (o *ClientRegistrationRequest) SetClientId(v string)` + +SetClientId sets ClientId field to given value. + +### HasClientId + +`func (o *ClientRegistrationRequest) HasClientId() bool` + +HasClientId returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/DeviceCompleteRequest.md b/docs/DeviceCompleteRequest.md index d654551..8ea0f8c 100644 --- a/docs/DeviceCompleteRequest.md +++ b/docs/DeviceCompleteRequest.md @@ -15,7 +15,7 @@ Name | Type | Description | Notes **Scopes** | Pointer to **[]string** | Scopes to replace the scopes specified in the original device authorization request with. When nothing is specified for this parameter, replacement is not performed. | [optional] **ErrorDescription** | Pointer to **string** | The description of the error. If this optional request parameter is given, its value is used as the value of the `error_description` property, but it is used only when the result is not `AUTHORIZED`. To comply with the specification strictly, the description must not include characters outside the set `%x20-21 / %x23-5B / %x5D-7E`. | [optional] **ErrorUri** | Pointer to **string** | The URI of a document which describes the error in detail. This corresponds to the `error_uri` property in the response to the client. | [optional] -**IdHeaderParams** | Pointer to **string** | JSON that represents additional JWS header parameters for ID tokens. | [optional] +**IdtHeaderParams** | Pointer to **string** | JSON that represents additional JWS header parameters for ID tokens. | [optional] ## Methods @@ -296,30 +296,30 @@ SetErrorUri sets ErrorUri field to given value. HasErrorUri returns a boolean if a field has been set. -### GetIdHeaderParams +### GetIdtHeaderParams -`func (o *DeviceCompleteRequest) GetIdHeaderParams() string` +`func (o *DeviceCompleteRequest) GetIdtHeaderParams() string` -GetIdHeaderParams returns the IdHeaderParams field if non-nil, zero value otherwise. +GetIdtHeaderParams returns the IdtHeaderParams field if non-nil, zero value otherwise. -### GetIdHeaderParamsOk +### GetIdtHeaderParamsOk -`func (o *DeviceCompleteRequest) GetIdHeaderParamsOk() (*string, bool)` +`func (o *DeviceCompleteRequest) GetIdtHeaderParamsOk() (*string, bool)` -GetIdHeaderParamsOk returns a tuple with the IdHeaderParams field if it's non-nil, zero value otherwise +GetIdtHeaderParamsOk returns a tuple with the IdtHeaderParams field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. -### SetIdHeaderParams +### SetIdtHeaderParams -`func (o *DeviceCompleteRequest) SetIdHeaderParams(v string)` +`func (o *DeviceCompleteRequest) SetIdtHeaderParams(v string)` -SetIdHeaderParams sets IdHeaderParams field to given value. +SetIdtHeaderParams sets IdtHeaderParams field to given value. -### HasIdHeaderParams +### HasIdtHeaderParams -`func (o *DeviceCompleteRequest) HasIdHeaderParams() bool` +`func (o *DeviceCompleteRequest) HasIdtHeaderParams() bool` -HasIdHeaderParams returns a boolean if a field has been set. +HasIdtHeaderParams returns a boolean if a field has been set. [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/IntrospectionRequest.md b/docs/IntrospectionRequest.md index 0bda527..8d25757 100644 --- a/docs/IntrospectionRequest.md +++ b/docs/IntrospectionRequest.md @@ -11,6 +11,7 @@ Name | Type | Description | Notes **Dpop** | Pointer to **string** | `DPoP` header presented by the client during the request to the resource server. The header contains a signed JWT which includes the public key that is paired with the private key used to sign the JWT. See [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop) for details. | [optional] **Htm** | Pointer to **string** | HTTP method of the request from the client to the protected resource endpoint. This field is used to validate the `DPoP` header. See [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop) for details. | [optional] **Htu** | Pointer to **string** | URL of the protected resource endpoint. This field is used to validate the `DPoP` header. See [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop) for details. | [optional] +**Resources** | Pointer to **[]string** | The resources specified by the `resource` request parameters in the token request. See \"Resource Indicators for OAuth 2.0\" for details. | [optional] ## Methods @@ -201,6 +202,31 @@ SetHtu sets Htu field to given value. HasHtu returns a boolean if a field has been set. +### GetResources + +`func (o *IntrospectionRequest) GetResources() []string` + +GetResources returns the Resources field if non-nil, zero value otherwise. + +### GetResourcesOk + +`func (o *IntrospectionRequest) GetResourcesOk() (*[]string, bool)` + +GetResourcesOk returns a tuple with the Resources field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetResources + +`func (o *IntrospectionRequest) SetResources(v []string)` + +SetResources sets Resources field to given value. + +### HasResources + +`func (o *IntrospectionRequest) HasResources() bool` + +HasResources returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/Service.md b/docs/Service.md index b2d9404..c154be1 100644 --- a/docs/Service.md +++ b/docs/Service.md @@ -124,7 +124,7 @@ Name | Type | Description | Notes **DcrScopeUsedAsRequestable** | Pointer to **bool** | The flag indicating whether the `scope` request parameter in dynamic client registration and update requests (RFC 7591 and RFC 7592) is used as scopes that the client can request. Limiting the range of scopes that a client can request is achieved by listing scopes in the `client.extension.requestableScopes` property and setting the `client.extension.requestableScopesEnabled` property to `true`. This feature is called \"requestable scopes\". This property affects behaviors of `/api/client/registration` and other family APIs. | [optional] **EndSessionEndpoint** | Pointer to **string** | The endpoint for clients ending the sessions. A URL that starts with `https://` and has no fragment component. For example, `https://example.com/auth/endSession`. The value of this property is used as `end_session_endpoint` property in the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | [optional] **LoopbackRedirectionUriVariable** | Pointer to **bool** | The flag indicating whether the port number component of redirection URIs can be variable when the host component indicates loopback. When this flag is `true`, if the host component of a redirection URI specified in an authorization request indicates loopback (to be precise, when the host component is localhost, `127.0.0.1` or `::1`), the port number component is ignored when the specified redirection URI is compared to pre-registered ones. This behavior is described in [7.3. Loopback Interface Redirection]( https://www.rfc-editor.org/rfc/rfc8252.html#section-7.3) of [RFC 8252 OAuth 2.0](https://www.rfc-editor.org/rfc/rfc8252.html) for Native Apps. [3.1.2.3. Dynamic Configuration](https://www.rfc-editor.org/rfc/rfc6749.html#section-3.1.2.3) of [RFC 6749](https://www.rfc-editor.org/rfc/rfc6749.html) states _\"If the client registration included the full redirection URI, the authorization server MUST compare the two URIs using simple string comparison as defined in [RFC3986] Section 6.2.1.\"_ Also, the description of `redirect_uri` in [3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) of [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) states _\"This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider, with the matching performed as described in Section 6.2.1 of [RFC3986] (**Simple String Comparison**).\"_ These \"Simple String Comparison\" requirements are preceded by this flag. That is, even when the conditions described in RFC 6749 and OpenID Connect Core 1.0 are satisfied, the port number component of loopback redirection URIs can be variable when this flag is `true`. [8.3. Loopback Redirect Considerations](https://www.rfc-editor.org/rfc/rfc8252.html#section-8.3) of [RFC 8252](https://www.rfc-editor.org/rfc/rfc8252.html) states as follows. > While redirect URIs using localhost (i.e., `\"http://localhost:{port}/{path}\"`) function similarly to loopback IP redirects described in Section 7.3, the use of localhost is NOT RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather than localhost avoids inadvertently listening on network interfaces other than the loopback interface. It is also less susceptible to client-side firewalls and misconfigured host name resolution on the user's device. However, Authlete allows the port number component to be variable in the case of `localhost`, too. It is left to client applications whether they use `localhost` or a literal loopback IP address (`127.0.0.1` for IPv4 or `::1` for IPv6). Section 7.3 and Section 8.3 of [RFC 8252](https://www.rfc-editor.org/rfc/rfc8252.html) state that loopback redirection URIs use the `\"http\"` scheme, but Authlete allows the port number component to be variable in other cases (e.g. in the case of the `\"https\"` scheme), too. | [optional] -**IsRequestObjectAudienceChecked** | Pointer to **bool** | The flag indicating whether Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service. [Section 6.1. Passing a Request Object by Value](https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests) of [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) has the following statement. > The `aud` value SHOULD be or include the OP's Issuer Identifier URL. Likewise, [Section 4. Request Object](https://www.rfc-editor.org/rfc/rfc9101.html#section-4) of [RFC 9101](https://www.rfc-editor.org/rfc/rfc9101.html) (The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)) has the following statement. > The value of aud should be the value of the authorization server (AS) issuer, as defined in [RFC 8414](https://www.rfc-editor.org/rfc/rfc8414.html). As excerpted above, validation on the `aud` claim of request objects is optional. However, if this flag is turned on, Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service and raises an error if they are different. | [optional] +**RequestObjectAudienceChecked** | Pointer to **bool** | The flag indicating whether Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service. [Section 6.1. Passing a Request Object by Value](https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests) of [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) has the following statement. > The `aud` value SHOULD be or include the OP's Issuer Identifier URL. Likewise, [Section 4. Request Object](https://www.rfc-editor.org/rfc/rfc9101.html#section-4) of [RFC 9101](https://www.rfc-editor.org/rfc/rfc9101.html) (The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)) has the following statement. > The value of aud should be the value of the authorization server (AS) issuer, as defined in [RFC 8414](https://www.rfc-editor.org/rfc/rfc8414.html). As excerpted above, validation on the `aud` claim of request objects is optional. However, if this flag is turned on, Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service and raises an error if they are different. | [optional] ## Methods @@ -3145,30 +3145,30 @@ SetLoopbackRedirectionUriVariable sets LoopbackRedirectionUriVariable field to g HasLoopbackRedirectionUriVariable returns a boolean if a field has been set. -### GetIsRequestObjectAudienceChecked +### GetRequestObjectAudienceChecked -`func (o *Service) GetIsRequestObjectAudienceChecked() bool` +`func (o *Service) GetRequestObjectAudienceChecked() bool` -GetIsRequestObjectAudienceChecked returns the IsRequestObjectAudienceChecked field if non-nil, zero value otherwise. +GetRequestObjectAudienceChecked returns the RequestObjectAudienceChecked field if non-nil, zero value otherwise. -### GetIsRequestObjectAudienceCheckedOk +### GetRequestObjectAudienceCheckedOk -`func (o *Service) GetIsRequestObjectAudienceCheckedOk() (*bool, bool)` +`func (o *Service) GetRequestObjectAudienceCheckedOk() (*bool, bool)` -GetIsRequestObjectAudienceCheckedOk returns a tuple with the IsRequestObjectAudienceChecked field if it's non-nil, zero value otherwise +GetRequestObjectAudienceCheckedOk returns a tuple with the RequestObjectAudienceChecked field if it's non-nil, zero value otherwise and a boolean to check if the value has been set. -### SetIsRequestObjectAudienceChecked +### SetRequestObjectAudienceChecked -`func (o *Service) SetIsRequestObjectAudienceChecked(v bool)` +`func (o *Service) SetRequestObjectAudienceChecked(v bool)` -SetIsRequestObjectAudienceChecked sets IsRequestObjectAudienceChecked field to given value. +SetRequestObjectAudienceChecked sets RequestObjectAudienceChecked field to given value. -### HasIsRequestObjectAudienceChecked +### HasRequestObjectAudienceChecked -`func (o *Service) HasIsRequestObjectAudienceChecked() bool` +`func (o *Service) HasRequestObjectAudienceChecked() bool` -HasIsRequestObjectAudienceChecked returns a boolean if a field has been set. +HasRequestObjectAudienceChecked returns a boolean if a field has been set. [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/TokenIssueResponse.md b/docs/TokenIssueResponse.md index 048dfb2..ed9ca41 100644 --- a/docs/TokenIssueResponse.md +++ b/docs/TokenIssueResponse.md @@ -22,7 +22,6 @@ Name | Type | Description | Notes **Scopes** | Pointer to **[]string** | The scopes covered by the access token. | [optional] **Properties** | Pointer to [**[]Property**](Property.md) | The extra properties associated with the access token. This parameter is `null` when no extra property is associated with the issued access token. | [optional] **JwtAccessToken** | Pointer to **string** | The newly issued access token in JWT format. If the authorization server is configured to issue JWT-based access tokens (= if the service's `accessTokenSignAlg` value is a non-null value), a JWT-based access token is issued along with the original random-string one. | [optional] -**Resources** | Pointer to **[]string** | The resources specified by the `resource` request parameters in the token request. See \"Resource Indicators for OAuth 2.0\" for details. | [optional] **AccessTokenResources** | Pointer to **[]string** | The target resources of the access token being issued. See \"Resource Indicators for OAuth 2.0\" for details. | [optional] **AuthorizationDetails** | Pointer to [**AuthorizationDetails**](AuthorizationDetails.md) | | [optional] **ServiceAttributes** | Pointer to [**[]Pair**](Pair.md) | The attributes of this service that the client application belongs to. | [optional] @@ -497,31 +496,6 @@ SetJwtAccessToken sets JwtAccessToken field to given value. HasJwtAccessToken returns a boolean if a field has been set. -### GetResources - -`func (o *TokenIssueResponse) GetResources() []string` - -GetResources returns the Resources field if non-nil, zero value otherwise. - -### GetResourcesOk - -`func (o *TokenIssueResponse) GetResourcesOk() (*[]string, bool)` - -GetResourcesOk returns a tuple with the Resources field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetResources - -`func (o *TokenIssueResponse) SetResources(v []string)` - -SetResources sets Resources field to given value. - -### HasResources - -`func (o *TokenIssueResponse) HasResources() bool` - -HasResources returns a boolean if a field has been set. - ### GetAccessTokenResources `func (o *TokenIssueResponse) GetAccessTokenResources() []string` diff --git a/docs/TokenResponse.md b/docs/TokenResponse.md index ae69308..7beb9c7 100644 --- a/docs/TokenResponse.md +++ b/docs/TokenResponse.md @@ -31,6 +31,7 @@ Name | Type | Description | Notes **AuthorizationDetails** | Pointer to [**AuthorizationDetails**](AuthorizationDetails.md) | | [optional] **ServiceAttributes** | Pointer to [**[]Pair**](Pair.md) | The attributes of this service that the client application belongs to. | [optional] **ClientAttributes** | Pointer to [**[]Pair**](Pair.md) | The attributes of the client. | [optional] +**ClientAuthMethod** | Pointer to **string** | The client authentication method that was performed at the token endpoint. | [optional] ## Methods @@ -726,6 +727,31 @@ SetClientAttributes sets ClientAttributes field to given value. HasClientAttributes returns a boolean if a field has been set. +### GetClientAuthMethod + +`func (o *TokenResponse) GetClientAuthMethod() string` + +GetClientAuthMethod returns the ClientAuthMethod field if non-nil, zero value otherwise. + +### GetClientAuthMethodOk + +`func (o *TokenResponse) GetClientAuthMethodOk() (*string, bool)` + +GetClientAuthMethodOk returns a tuple with the ClientAuthMethod field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetClientAuthMethod + +`func (o *TokenResponse) SetClientAuthMethod(v string)` + +SetClientAuthMethod sets ClientAuthMethod field to given value. + +### HasClientAuthMethod + +`func (o *TokenResponse) HasClientAuthMethod() bool` + +HasClientAuthMethod returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/model_authorization_details_element.go b/model_authorization_details_element.go index 80361c3..aa8a2f8 100644 --- a/model_authorization_details_element.go +++ b/model_authorization_details_element.go @@ -28,11 +28,10 @@ type AuthorizationDetailsElement struct { Identifier *string `json:"identifier,omitempty"` // The types or levels of privilege. From \"OAuth 2.0 Rich Authorization Requests\": _\"An array of strings representing the types or levels of privilege being requested at the resource.\"_ This property may be `null`. Privileges []string `json:"privileges,omitempty"` - AdditionalProperties map[string]interface{} + // The RAR request in the JSON format excluding the pre-defined attributes such as `type` and `locations`. The content and semantics are specific to the deployment and the use case implemented. + OtherFields *string `json:"otherFields,omitempty"` } -type _AuthorizationDetailsElement AuthorizationDetailsElement - // NewAuthorizationDetailsElement instantiates a new AuthorizationDetailsElement object // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments @@ -235,6 +234,38 @@ func (o *AuthorizationDetailsElement) SetPrivileges(v []string) { o.Privileges = v } +// GetOtherFields returns the OtherFields field value if set, zero value otherwise. +func (o *AuthorizationDetailsElement) GetOtherFields() string { + if o == nil || o.OtherFields == nil { + var ret string + return ret + } + return *o.OtherFields +} + +// GetOtherFieldsOk returns a tuple with the OtherFields field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *AuthorizationDetailsElement) GetOtherFieldsOk() (*string, bool) { + if o == nil || o.OtherFields == nil { + return nil, false + } + return o.OtherFields, true +} + +// HasOtherFields returns a boolean if a field has been set. +func (o *AuthorizationDetailsElement) HasOtherFields() bool { + if o != nil && o.OtherFields != nil { + return true + } + + return false +} + +// SetOtherFields gets a reference to the given string and assigns it to the OtherFields field. +func (o *AuthorizationDetailsElement) SetOtherFields(v string) { + o.OtherFields = &v +} + func (o AuthorizationDetailsElement) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if true { @@ -255,36 +286,12 @@ func (o AuthorizationDetailsElement) MarshalJSON() ([]byte, error) { if o.Privileges != nil { toSerialize["privileges"] = o.Privileges } - - for key, value := range o.AdditionalProperties { - toSerialize[key] = value + if o.OtherFields != nil { + toSerialize["otherFields"] = o.OtherFields } - return json.Marshal(toSerialize) } -func (o *AuthorizationDetailsElement) UnmarshalJSON(bytes []byte) (err error) { - varAuthorizationDetailsElement := _AuthorizationDetailsElement{} - - if err = json.Unmarshal(bytes, &varAuthorizationDetailsElement); err == nil { - *o = AuthorizationDetailsElement(varAuthorizationDetailsElement) - } - - additionalProperties := make(map[string]interface{}) - - if err = json.Unmarshal(bytes, &additionalProperties); err == nil { - delete(additionalProperties, "type") - delete(additionalProperties, "locations") - delete(additionalProperties, "actions") - delete(additionalProperties, "dataTypes") - delete(additionalProperties, "identifier") - delete(additionalProperties, "privileges") - o.AdditionalProperties = additionalProperties - } - - return err -} - type NullableAuthorizationDetailsElement struct { value *AuthorizationDetailsElement isSet bool diff --git a/model_authorization_issue_request.go b/model_authorization_issue_request.go index e056d4a..a4425a3 100644 --- a/model_authorization_issue_request.go +++ b/model_authorization_issue_request.go @@ -32,8 +32,8 @@ type AuthorizationIssueRequest struct { Scopes []string `json:"scopes,omitempty"` // The value of the `sub` claim to embed in an ID token. If this request parameter is `null` or empty, the value of the `subject` request parameter is used as the value of the `sub` claim. Sub *string `json:"sub,omitempty"` - // JSON that represents additional JWS header parameters for ID tokens that may be issued based on the authorization request. - IdHeaderParams *string `json:"idHeaderParams,omitempty"` + // JSON that represents additional JWS header parameters for ID tokens that may be issued based on the authorization request. + IdtHeaderParams *string `json:"idtHeaderParams,omitempty"` } // NewAuthorizationIssueRequest instantiates a new AuthorizationIssueRequest object @@ -295,36 +295,36 @@ func (o *AuthorizationIssueRequest) SetSub(v string) { o.Sub = &v } -// GetIdHeaderParams returns the IdHeaderParams field value if set, zero value otherwise. -func (o *AuthorizationIssueRequest) GetIdHeaderParams() string { - if o == nil || o.IdHeaderParams == nil { +// GetIdtHeaderParams returns the IdtHeaderParams field value if set, zero value otherwise. +func (o *AuthorizationIssueRequest) GetIdtHeaderParams() string { + if o == nil || o.IdtHeaderParams == nil { var ret string return ret } - return *o.IdHeaderParams + return *o.IdtHeaderParams } -// GetIdHeaderParamsOk returns a tuple with the IdHeaderParams field value if set, nil otherwise +// GetIdtHeaderParamsOk returns a tuple with the IdtHeaderParams field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *AuthorizationIssueRequest) GetIdHeaderParamsOk() (*string, bool) { - if o == nil || o.IdHeaderParams == nil { +func (o *AuthorizationIssueRequest) GetIdtHeaderParamsOk() (*string, bool) { + if o == nil || o.IdtHeaderParams == nil { return nil, false } - return o.IdHeaderParams, true + return o.IdtHeaderParams, true } -// HasIdHeaderParams returns a boolean if a field has been set. -func (o *AuthorizationIssueRequest) HasIdHeaderParams() bool { - if o != nil && o.IdHeaderParams != nil { +// HasIdtHeaderParams returns a boolean if a field has been set. +func (o *AuthorizationIssueRequest) HasIdtHeaderParams() bool { + if o != nil && o.IdtHeaderParams != nil { return true } return false } -// SetIdHeaderParams gets a reference to the given string and assigns it to the IdHeaderParams field. -func (o *AuthorizationIssueRequest) SetIdHeaderParams(v string) { - o.IdHeaderParams = &v +// SetIdtHeaderParams gets a reference to the given string and assigns it to the IdtHeaderParams field. +func (o *AuthorizationIssueRequest) SetIdtHeaderParams(v string) { + o.IdtHeaderParams = &v } func (o AuthorizationIssueRequest) MarshalJSON() ([]byte, error) { @@ -353,8 +353,8 @@ func (o AuthorizationIssueRequest) MarshalJSON() ([]byte, error) { if o.Sub != nil { toSerialize["sub"] = o.Sub } - if o.IdHeaderParams != nil { - toSerialize["idHeaderParams"] = o.IdHeaderParams + if o.IdtHeaderParams != nil { + toSerialize["idtHeaderParams"] = o.IdtHeaderParams } return json.Marshal(toSerialize) } diff --git a/model_backchannel_authentication_complete_request.go b/model_backchannel_authentication_complete_request.go index e9c48fa..f17d5c5 100644 --- a/model_backchannel_authentication_complete_request.go +++ b/model_backchannel_authentication_complete_request.go @@ -35,7 +35,7 @@ type BackchannelAuthenticationCompleteRequest struct { // Scopes to replace the scopes specified in the original backchannel authentication request with. When nothing is specified for this parameter, replacement is not performed. Scopes []string `json:"scopes,omitempty"` // JSON that represents additional JWS header parameters for ID tokens. - IdHeaderParams *string `json:"idHeaderParams,omitempty"` + IdtHeaderParams *string `json:"idtHeaderParams,omitempty"` // The description of the error. If this optional request parameter is given, its value is used as the value of the `error_description` property, but it is used only when the result is not `AUTHORIZED`. To comply with the specification strictly, the description must not include characters outside the set `%x20-21 / %x23-5B / %x5D-7E`. ErrorDescription *string `json:"errorDescription,omitempty"` // The URI of a document which describes the error in detail. This corresponds to the `error_uri` property in the response to the client. @@ -326,36 +326,36 @@ func (o *BackchannelAuthenticationCompleteRequest) SetScopes(v []string) { o.Scopes = v } -// GetIdHeaderParams returns the IdHeaderParams field value if set, zero value otherwise. -func (o *BackchannelAuthenticationCompleteRequest) GetIdHeaderParams() string { - if o == nil || o.IdHeaderParams == nil { +// GetIdtHeaderParams returns the IdtHeaderParams field value if set, zero value otherwise. +func (o *BackchannelAuthenticationCompleteRequest) GetIdtHeaderParams() string { + if o == nil || o.IdtHeaderParams == nil { var ret string return ret } - return *o.IdHeaderParams + return *o.IdtHeaderParams } -// GetIdHeaderParamsOk returns a tuple with the IdHeaderParams field value if set, nil otherwise +// GetIdtHeaderParamsOk returns a tuple with the IdtHeaderParams field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *BackchannelAuthenticationCompleteRequest) GetIdHeaderParamsOk() (*string, bool) { - if o == nil || o.IdHeaderParams == nil { +func (o *BackchannelAuthenticationCompleteRequest) GetIdtHeaderParamsOk() (*string, bool) { + if o == nil || o.IdtHeaderParams == nil { return nil, false } - return o.IdHeaderParams, true + return o.IdtHeaderParams, true } -// HasIdHeaderParams returns a boolean if a field has been set. -func (o *BackchannelAuthenticationCompleteRequest) HasIdHeaderParams() bool { - if o != nil && o.IdHeaderParams != nil { +// HasIdtHeaderParams returns a boolean if a field has been set. +func (o *BackchannelAuthenticationCompleteRequest) HasIdtHeaderParams() bool { + if o != nil && o.IdtHeaderParams != nil { return true } return false } -// SetIdHeaderParams gets a reference to the given string and assigns it to the IdHeaderParams field. -func (o *BackchannelAuthenticationCompleteRequest) SetIdHeaderParams(v string) { - o.IdHeaderParams = &v +// SetIdtHeaderParams gets a reference to the given string and assigns it to the IdtHeaderParams field. +func (o *BackchannelAuthenticationCompleteRequest) SetIdtHeaderParams(v string) { + o.IdtHeaderParams = &v } // GetErrorDescription returns the ErrorDescription field value if set, zero value otherwise. @@ -451,8 +451,8 @@ func (o BackchannelAuthenticationCompleteRequest) MarshalJSON() ([]byte, error) if o.Scopes != nil { toSerialize["scopes"] = o.Scopes } - if o.IdHeaderParams != nil { - toSerialize["idHeaderParams"] = o.IdHeaderParams + if o.IdtHeaderParams != nil { + toSerialize["idtHeaderParams"] = o.IdtHeaderParams } if o.ErrorDescription != nil { toSerialize["errorDescription"] = o.ErrorDescription diff --git a/model_backchannel_authentication_response.go b/model_backchannel_authentication_response.go index 2f6c006..d2b5022 100644 --- a/model_backchannel_authentication_response.go +++ b/model_backchannel_authentication_response.go @@ -70,6 +70,8 @@ type BackchannelAuthenticationResponse struct { // The dynamic scopes which the client application requested by the scope request parameter. DynamicScopes []DynamicScope `json:"dynamicScopes,omitempty"` DeliveryMode *DeliveryMode `json:"deliveryMode,omitempty"` + // The client authentication method that was performed. + ClientAuthMethod *string `json:"clientAuthMethod,omitempty"` } // NewBackchannelAuthenticationResponse instantiates a new BackchannelAuthenticationResponse object @@ -985,6 +987,38 @@ func (o *BackchannelAuthenticationResponse) SetDeliveryMode(v DeliveryMode) { o.DeliveryMode = &v } +// GetClientAuthMethod returns the ClientAuthMethod field value if set, zero value otherwise. +func (o *BackchannelAuthenticationResponse) GetClientAuthMethod() string { + if o == nil || o.ClientAuthMethod == nil { + var ret string + return ret + } + return *o.ClientAuthMethod +} + +// GetClientAuthMethodOk returns a tuple with the ClientAuthMethod field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *BackchannelAuthenticationResponse) GetClientAuthMethodOk() (*string, bool) { + if o == nil || o.ClientAuthMethod == nil { + return nil, false + } + return o.ClientAuthMethod, true +} + +// HasClientAuthMethod returns a boolean if a field has been set. +func (o *BackchannelAuthenticationResponse) HasClientAuthMethod() bool { + if o != nil && o.ClientAuthMethod != nil { + return true + } + + return false +} + +// SetClientAuthMethod gets a reference to the given string and assigns it to the ClientAuthMethod field. +func (o *BackchannelAuthenticationResponse) SetClientAuthMethod(v string) { + o.ClientAuthMethod = &v +} + func (o BackchannelAuthenticationResponse) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if o.ResultCode != nil { @@ -1071,6 +1105,9 @@ func (o BackchannelAuthenticationResponse) MarshalJSON() ([]byte, error) { if o.DeliveryMode != nil { toSerialize["deliveryMode"] = o.DeliveryMode } + if o.ClientAuthMethod != nil { + toSerialize["clientAuthMethod"] = o.ClientAuthMethod + } return json.Marshal(toSerialize) } diff --git a/model_client.go b/model_client.go index 0e3e987..c9ea525 100644 --- a/model_client.go +++ b/model_client.go @@ -66,8 +66,6 @@ type Client struct { ResponseTypes []ResponseType `json:"responseTypes,omitempty"` // Redirect URIs that the client application uses to receive a response from the authorization endpoint. Requirements for a redirect URI are as follows. **Requirements by RFC 6749** (From [RFC 6749, 3.1.2. Redirection Endpoint](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2)) - Must be an absolute URI. - Must not have a fragment component. **Requirements by OpenID Connect** (From \"[OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata), application_type\") - The scheme of the redirect URI used for Implicit Grant by a client application whose application is `web` must be `https`. This is checked at runtime by Authlete. - The hostname of the redirect URI used for Implicit Grant by a client application whose application type is `web` must not be `localhost`. This is checked at runtime by Authlete. - The scheme of the redirect URI used by a client application whose application type is `native` must be either (1) a custom scheme or (2) `http`, which is allowed only when the hostname part is `localhost`. This is checked at runtime by Authlete. **Requirements by Authlete** - Must consist of printable ASCII letters only. - Must not exceed 200 letters. Note that Authlete allows the application type to be `null`. In other words, a client application does not have to choose `web` or `native` as its application type. If the application type is `null`, the requirements by OpenID Connect are not checked at runtime. An authorization request from a client application which has not registered any redirect URI fails unless at least all the following conditions are satisfied. - The client type of the client application is `confidential`. - The value of `response_type` request parameter is `code`. - The authorization request has the `redirect_uri` request parameter. - The value of `scope` request parameter does not contain `openid`. RFC 6749 allows partial match of redirect URI under some conditions (see [RFC 6749, 3.1.2.2. Registration Requirements](https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2.2) for details), but OpenID Connect requires exact match. RedirectUris []string `json:"redirectUris,omitempty"` - // The data types that this client may use as values of the type field in `authorization_details`. This property corresponds to the `authorization_data_types` metadata. See \"OAuth 2.0 Rich Authorization Requests\" (RAR) for details. - AuthorizationDataTypes []string `json:"authorizationDataTypes,omitempty"` AuthorizationSignAlg *JwsAlg `json:"authorizationSignAlg,omitempty"` AuthorizationEncryptionAlg *JweAlg `json:"authorizationEncryptionAlg,omitempty"` AuthorizationEncryptionEnc *JweEnc `json:"authorizationEncryptionEnc,omitempty"` @@ -104,8 +102,6 @@ type Client struct { // The flag to indicate whether this client requires `auth_time` claim to be embedded in the ID token. This property corresponds to `require_auth_time` in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata). AuthTimeRequired *bool `json:"authTimeRequired,omitempty"` SubjectType *SubjectType `json:"subjectType,omitempty"` - // The sector identifier which is a URL starting with `https`. This URL is used by the service to calculate pairwise subject values. See [OpenID Connect Core 1.0, 8.1. Pairwise Identifier Algorithm](https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg). This property corresponds to `sector_identifier_uri` in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata). - SectorIdentifier *string `json:"sectorIdentifier,omitempty"` // The value of the sector identifier URI. This represents the `sector_identifier_uri` client metadata which is defined in [OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata) SectorIdentifierUri *string `json:"sectorIdentifierUri,omitempty"` // The sector identifier host component as derived from either the `sector_identifier_uri` or the registered redirect URI. If no `sector_identifier_uri` is registered and multiple redirect URIs are also registered, the value of this property is `null`. @@ -1012,38 +1008,6 @@ func (o *Client) SetRedirectUris(v []string) { o.RedirectUris = v } -// GetAuthorizationDataTypes returns the AuthorizationDataTypes field value if set, zero value otherwise. -func (o *Client) GetAuthorizationDataTypes() []string { - if o == nil || o.AuthorizationDataTypes == nil { - var ret []string - return ret - } - return o.AuthorizationDataTypes -} - -// GetAuthorizationDataTypesOk returns a tuple with the AuthorizationDataTypes field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *Client) GetAuthorizationDataTypesOk() ([]string, bool) { - if o == nil || o.AuthorizationDataTypes == nil { - return nil, false - } - return o.AuthorizationDataTypes, true -} - -// HasAuthorizationDataTypes returns a boolean if a field has been set. -func (o *Client) HasAuthorizationDataTypes() bool { - if o != nil && o.AuthorizationDataTypes != nil { - return true - } - - return false -} - -// SetAuthorizationDataTypes gets a reference to the given []string and assigns it to the AuthorizationDataTypes field. -func (o *Client) SetAuthorizationDataTypes(v []string) { - o.AuthorizationDataTypes = v -} - // GetAuthorizationSignAlg returns the AuthorizationSignAlg field value if set, zero value otherwise. func (o *Client) GetAuthorizationSignAlg() JwsAlg { if o == nil || o.AuthorizationSignAlg == nil { @@ -1812,38 +1776,6 @@ func (o *Client) SetSubjectType(v SubjectType) { o.SubjectType = &v } -// GetSectorIdentifier returns the SectorIdentifier field value if set, zero value otherwise. -func (o *Client) GetSectorIdentifier() string { - if o == nil || o.SectorIdentifier == nil { - var ret string - return ret - } - return *o.SectorIdentifier -} - -// GetSectorIdentifierOk returns a tuple with the SectorIdentifier field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *Client) GetSectorIdentifierOk() (*string, bool) { - if o == nil || o.SectorIdentifier == nil { - return nil, false - } - return o.SectorIdentifier, true -} - -// HasSectorIdentifier returns a boolean if a field has been set. -func (o *Client) HasSectorIdentifier() bool { - if o != nil && o.SectorIdentifier != nil { - return true - } - - return false -} - -// SetSectorIdentifier gets a reference to the given string and assigns it to the SectorIdentifier field. -func (o *Client) SetSectorIdentifier(v string) { - o.SectorIdentifier = &v -} - // GetSectorIdentifierUri returns the SectorIdentifierUri field value if set, zero value otherwise. func (o *Client) GetSectorIdentifierUri() string { if o == nil || o.SectorIdentifierUri == nil { @@ -2724,9 +2656,6 @@ func (o Client) MarshalJSON() ([]byte, error) { if o.RedirectUris != nil { toSerialize["redirectUris"] = o.RedirectUris } - if o.AuthorizationDataTypes != nil { - toSerialize["authorizationDataTypes"] = o.AuthorizationDataTypes - } if o.AuthorizationSignAlg != nil { toSerialize["authorizationSignAlg"] = o.AuthorizationSignAlg } @@ -2799,9 +2728,6 @@ func (o Client) MarshalJSON() ([]byte, error) { if o.SubjectType != nil { toSerialize["subjectType"] = o.SubjectType } - if o.SectorIdentifier != nil { - toSerialize["sectorIdentifier"] = o.SectorIdentifier - } if o.SectorIdentifierUri != nil { toSerialize["sectorIdentifierUri"] = o.SectorIdentifierUri } diff --git a/model_client_registration_request.go b/model_client_registration_request.go index 8f815bf..8cd868c 100644 --- a/model_client_registration_request.go +++ b/model_client_registration_request.go @@ -16,8 +16,12 @@ import ( // ClientRegistrationRequest struct for ClientRegistrationRequest type ClientRegistrationRequest struct { - // Client metadata in JSON format that complies with [RFC 7591](https://datatracker.ietf.org/doc/html/rfc7591) (OAuth 2.0 Dynamic Client Registration Protocol). + // Client metadata in JSON format that complies with [RFC 7591](https://datatracker.ietf.org/doc/html/rfc7591) (OAuth 2.0 Dynamic Client Registration Protocol). Json string `json:"json"` + // The client registration access token. Used only for GET, UPDATE, and DELETE requests. + Token *string `json:"token,omitempty"` + // The client's identifier. Used for GET, UPDATE, and DELETE requests + ClientId *string `json:"clientId,omitempty"` } // NewClientRegistrationRequest instantiates a new ClientRegistrationRequest object @@ -62,11 +66,81 @@ func (o *ClientRegistrationRequest) SetJson(v string) { o.Json = v } +// GetToken returns the Token field value if set, zero value otherwise. +func (o *ClientRegistrationRequest) GetToken() string { + if o == nil || o.Token == nil { + var ret string + return ret + } + return *o.Token +} + +// GetTokenOk returns a tuple with the Token field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ClientRegistrationRequest) GetTokenOk() (*string, bool) { + if o == nil || o.Token == nil { + return nil, false + } + return o.Token, true +} + +// HasToken returns a boolean if a field has been set. +func (o *ClientRegistrationRequest) HasToken() bool { + if o != nil && o.Token != nil { + return true + } + + return false +} + +// SetToken gets a reference to the given string and assigns it to the Token field. +func (o *ClientRegistrationRequest) SetToken(v string) { + o.Token = &v +} + +// GetClientId returns the ClientId field value if set, zero value otherwise. +func (o *ClientRegistrationRequest) GetClientId() string { + if o == nil || o.ClientId == nil { + var ret string + return ret + } + return *o.ClientId +} + +// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *ClientRegistrationRequest) GetClientIdOk() (*string, bool) { + if o == nil || o.ClientId == nil { + return nil, false + } + return o.ClientId, true +} + +// HasClientId returns a boolean if a field has been set. +func (o *ClientRegistrationRequest) HasClientId() bool { + if o != nil && o.ClientId != nil { + return true + } + + return false +} + +// SetClientId gets a reference to the given string and assigns it to the ClientId field. +func (o *ClientRegistrationRequest) SetClientId(v string) { + o.ClientId = &v +} + func (o ClientRegistrationRequest) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if true { toSerialize["json"] = o.Json } + if o.Token != nil { + toSerialize["token"] = o.Token + } + if o.ClientId != nil { + toSerialize["clientId"] = o.ClientId + } return json.Marshal(toSerialize) } diff --git a/model_device_complete_request.go b/model_device_complete_request.go index ab6edd6..505b0be 100644 --- a/model_device_complete_request.go +++ b/model_device_complete_request.go @@ -39,7 +39,7 @@ type DeviceCompleteRequest struct { // The URI of a document which describes the error in detail. This corresponds to the `error_uri` property in the response to the client. ErrorUri *string `json:"errorUri,omitempty"` // JSON that represents additional JWS header parameters for ID tokens. - IdHeaderParams *string `json:"idHeaderParams,omitempty"` + IdtHeaderParams *string `json:"idtHeaderParams,omitempty"` } // NewDeviceCompleteRequest instantiates a new DeviceCompleteRequest object @@ -390,36 +390,36 @@ func (o *DeviceCompleteRequest) SetErrorUri(v string) { o.ErrorUri = &v } -// GetIdHeaderParams returns the IdHeaderParams field value if set, zero value otherwise. -func (o *DeviceCompleteRequest) GetIdHeaderParams() string { - if o == nil || o.IdHeaderParams == nil { +// GetIdtHeaderParams returns the IdtHeaderParams field value if set, zero value otherwise. +func (o *DeviceCompleteRequest) GetIdtHeaderParams() string { + if o == nil || o.IdtHeaderParams == nil { var ret string return ret } - return *o.IdHeaderParams + return *o.IdtHeaderParams } -// GetIdHeaderParamsOk returns a tuple with the IdHeaderParams field value if set, nil otherwise +// GetIdtHeaderParamsOk returns a tuple with the IdtHeaderParams field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *DeviceCompleteRequest) GetIdHeaderParamsOk() (*string, bool) { - if o == nil || o.IdHeaderParams == nil { +func (o *DeviceCompleteRequest) GetIdtHeaderParamsOk() (*string, bool) { + if o == nil || o.IdtHeaderParams == nil { return nil, false } - return o.IdHeaderParams, true + return o.IdtHeaderParams, true } -// HasIdHeaderParams returns a boolean if a field has been set. -func (o *DeviceCompleteRequest) HasIdHeaderParams() bool { - if o != nil && o.IdHeaderParams != nil { +// HasIdtHeaderParams returns a boolean if a field has been set. +func (o *DeviceCompleteRequest) HasIdtHeaderParams() bool { + if o != nil && o.IdtHeaderParams != nil { return true } return false } -// SetIdHeaderParams gets a reference to the given string and assigns it to the IdHeaderParams field. -func (o *DeviceCompleteRequest) SetIdHeaderParams(v string) { - o.IdHeaderParams = &v +// SetIdtHeaderParams gets a reference to the given string and assigns it to the IdtHeaderParams field. +func (o *DeviceCompleteRequest) SetIdtHeaderParams(v string) { + o.IdtHeaderParams = &v } func (o DeviceCompleteRequest) MarshalJSON() ([]byte, error) { @@ -457,8 +457,8 @@ func (o DeviceCompleteRequest) MarshalJSON() ([]byte, error) { if o.ErrorUri != nil { toSerialize["errorUri"] = o.ErrorUri } - if o.IdHeaderParams != nil { - toSerialize["idHeaderParams"] = o.IdHeaderParams + if o.IdtHeaderParams != nil { + toSerialize["idtHeaderParams"] = o.IdtHeaderParams } return json.Marshal(toSerialize) } diff --git a/model_introspection_request.go b/model_introspection_request.go index 029dc91..46f14ce 100644 --- a/model_introspection_request.go +++ b/model_introspection_request.go @@ -30,6 +30,8 @@ type IntrospectionRequest struct { Htm *string `json:"htm,omitempty"` // URL of the protected resource endpoint. This field is used to validate the `DPoP` header. See [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop) for details. Htu *string `json:"htu,omitempty"` + // The resources specified by the `resource` request parameters in the token request. See \"Resource Indicators for OAuth 2.0\" for details. + Resources []string `json:"resources,omitempty"` } // NewIntrospectionRequest instantiates a new IntrospectionRequest object @@ -266,6 +268,38 @@ func (o *IntrospectionRequest) SetHtu(v string) { o.Htu = &v } +// GetResources returns the Resources field value if set, zero value otherwise. +func (o *IntrospectionRequest) GetResources() []string { + if o == nil || o.Resources == nil { + var ret []string + return ret + } + return o.Resources +} + +// GetResourcesOk returns a tuple with the Resources field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IntrospectionRequest) GetResourcesOk() ([]string, bool) { + if o == nil || o.Resources == nil { + return nil, false + } + return o.Resources, true +} + +// HasResources returns a boolean if a field has been set. +func (o *IntrospectionRequest) HasResources() bool { + if o != nil && o.Resources != nil { + return true + } + + return false +} + +// SetResources gets a reference to the given []string and assigns it to the Resources field. +func (o *IntrospectionRequest) SetResources(v []string) { + o.Resources = v +} + func (o IntrospectionRequest) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if true { @@ -289,6 +323,9 @@ func (o IntrospectionRequest) MarshalJSON() ([]byte, error) { if o.Htu != nil { toSerialize["htu"] = o.Htu } + if o.Resources != nil { + toSerialize["resources"] = o.Resources + } return json.Marshal(toSerialize) } diff --git a/model_service.go b/model_service.go index d67f288..714b221 100644 --- a/model_service.go +++ b/model_service.go @@ -241,7 +241,7 @@ type Service struct { // The flag indicating whether HSM (Hardware Security Module) support is enabled for this service. When this flag is `false`, keys managed in HSMs are not used even if they exist. In addition, `/api/hsk/_*` APIs reject all requests. Even if this flag is `true`, HSM-related features do not work if the configuration of the Authlete server you are using does not support HSM. HsmEnabled *bool `json:"hsmEnabled,omitempty"` // The information about keys managed on HSMs (Hardware Security Modules). This `hsks` property is output only, meaning that `hsks` in requests to `/api/service/create` API and `/api/service/update` API do not have any effect. The contents of this property is controlled only by `/api/hsk/_*` APIs. - Hsks []Pair `json:"Hsks,omitempty"` + Hsks []Pair `json:"hsks,omitempty"` // The URL of the grant management endpoint. GrantManagementEndpoint *string `json:"grantManagementEndpoint,omitempty"` // The flag indicating whether every authorization request (and any request serving as an authorization request such as CIBA backchannel authentication request and device authorization request) must include the `grant_management_action` request parameter. This property corresponds to the `grant_management_action_required` server metadata defined in [Grant Management for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html). Note that setting true to this property will result in blocking all public clients because the specification requires that grant management be usable only by confidential clients for security reasons. @@ -254,8 +254,8 @@ type Service struct { EndSessionEndpoint *string `json:"endSessionEndpoint,omitempty"` // The flag indicating whether the port number component of redirection URIs can be variable when the host component indicates loopback. When this flag is `true`, if the host component of a redirection URI specified in an authorization request indicates loopback (to be precise, when the host component is localhost, `127.0.0.1` or `::1`), the port number component is ignored when the specified redirection URI is compared to pre-registered ones. This behavior is described in [7.3. Loopback Interface Redirection]( https://www.rfc-editor.org/rfc/rfc8252.html#section-7.3) of [RFC 8252 OAuth 2.0](https://www.rfc-editor.org/rfc/rfc8252.html) for Native Apps. [3.1.2.3. Dynamic Configuration](https://www.rfc-editor.org/rfc/rfc6749.html#section-3.1.2.3) of [RFC 6749](https://www.rfc-editor.org/rfc/rfc6749.html) states _\"If the client registration included the full redirection URI, the authorization server MUST compare the two URIs using simple string comparison as defined in [RFC3986] Section 6.2.1.\"_ Also, the description of `redirect_uri` in [3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) of [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) states _\"This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider, with the matching performed as described in Section 6.2.1 of [RFC3986] (**Simple String Comparison**).\"_ These \"Simple String Comparison\" requirements are preceded by this flag. That is, even when the conditions described in RFC 6749 and OpenID Connect Core 1.0 are satisfied, the port number component of loopback redirection URIs can be variable when this flag is `true`. [8.3. Loopback Redirect Considerations](https://www.rfc-editor.org/rfc/rfc8252.html#section-8.3) of [RFC 8252](https://www.rfc-editor.org/rfc/rfc8252.html) states as follows. > While redirect URIs using localhost (i.e., `\"http://localhost:{port}/{path}\"`) function similarly to loopback IP redirects described in Section 7.3, the use of localhost is NOT RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather than localhost avoids inadvertently listening on network interfaces other than the loopback interface. It is also less susceptible to client-side firewalls and misconfigured host name resolution on the user's device. However, Authlete allows the port number component to be variable in the case of `localhost`, too. It is left to client applications whether they use `localhost` or a literal loopback IP address (`127.0.0.1` for IPv4 or `::1` for IPv6). Section 7.3 and Section 8.3 of [RFC 8252](https://www.rfc-editor.org/rfc/rfc8252.html) state that loopback redirection URIs use the `\"http\"` scheme, but Authlete allows the port number component to be variable in other cases (e.g. in the case of the `\"https\"` scheme), too. LoopbackRedirectionUriVariable *bool `json:"loopbackRedirectionUriVariable,omitempty"` - // The flag indicating whether Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service. [Section 6.1. Passing a Request Object by Value](https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests) of [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) has the following statement. > The `aud` value SHOULD be or include the OP's Issuer Identifier URL. Likewise, [Section 4. Request Object](https://www.rfc-editor.org/rfc/rfc9101.html#section-4) of [RFC 9101](https://www.rfc-editor.org/rfc/rfc9101.html) (The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)) has the following statement. > The value of aud should be the value of the authorization server (AS) issuer, as defined in [RFC 8414](https://www.rfc-editor.org/rfc/rfc8414.html). As excerpted above, validation on the `aud` claim of request objects is optional. However, if this flag is turned on, Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service and raises an error if they are different. - IsRequestObjectAudienceChecked *bool `json:"isRequestObjectAudienceChecked,omitempty"` + // The flag indicating whether Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service. [Section 6.1. Passing a Request Object by Value](https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests) of [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) has the following statement. > The `aud` value SHOULD be or include the OP's Issuer Identifier URL. Likewise, [Section 4. Request Object](https://www.rfc-editor.org/rfc/rfc9101.html#section-4) of [RFC 9101](https://www.rfc-editor.org/rfc/rfc9101.html) (The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)) has the following statement. > The value of aud should be the value of the authorization server (AS) issuer, as defined in [RFC 8414](https://www.rfc-editor.org/rfc/rfc8414.html). As excerpted above, validation on the `aud` claim of request objects is optional. However, if this flag is turned on, Authlete checks whether the `aud` claim of request objects matches the issuer identifier of this service and raises an error if they are different. + RequestObjectAudienceChecked *bool `json:"requestObjectAudienceChecked,omitempty"` } // NewService instantiates a new Service object @@ -4115,36 +4115,36 @@ func (o *Service) SetLoopbackRedirectionUriVariable(v bool) { o.LoopbackRedirectionUriVariable = &v } -// GetIsRequestObjectAudienceChecked returns the IsRequestObjectAudienceChecked field value if set, zero value otherwise. -func (o *Service) GetIsRequestObjectAudienceChecked() bool { - if o == nil || o.IsRequestObjectAudienceChecked == nil { +// GetRequestObjectAudienceChecked returns the RequestObjectAudienceChecked field value if set, zero value otherwise. +func (o *Service) GetRequestObjectAudienceChecked() bool { + if o == nil || o.RequestObjectAudienceChecked == nil { var ret bool return ret } - return *o.IsRequestObjectAudienceChecked + return *o.RequestObjectAudienceChecked } -// GetIsRequestObjectAudienceCheckedOk returns a tuple with the IsRequestObjectAudienceChecked field value if set, nil otherwise +// GetRequestObjectAudienceCheckedOk returns a tuple with the RequestObjectAudienceChecked field value if set, nil otherwise // and a boolean to check if the value has been set. -func (o *Service) GetIsRequestObjectAudienceCheckedOk() (*bool, bool) { - if o == nil || o.IsRequestObjectAudienceChecked == nil { +func (o *Service) GetRequestObjectAudienceCheckedOk() (*bool, bool) { + if o == nil || o.RequestObjectAudienceChecked == nil { return nil, false } - return o.IsRequestObjectAudienceChecked, true + return o.RequestObjectAudienceChecked, true } -// HasIsRequestObjectAudienceChecked returns a boolean if a field has been set. -func (o *Service) HasIsRequestObjectAudienceChecked() bool { - if o != nil && o.IsRequestObjectAudienceChecked != nil { +// HasRequestObjectAudienceChecked returns a boolean if a field has been set. +func (o *Service) HasRequestObjectAudienceChecked() bool { + if o != nil && o.RequestObjectAudienceChecked != nil { return true } return false } -// SetIsRequestObjectAudienceChecked gets a reference to the given bool and assigns it to the IsRequestObjectAudienceChecked field. -func (o *Service) SetIsRequestObjectAudienceChecked(v bool) { - o.IsRequestObjectAudienceChecked = &v +// SetRequestObjectAudienceChecked gets a reference to the given bool and assigns it to the RequestObjectAudienceChecked field. +func (o *Service) SetRequestObjectAudienceChecked(v bool) { + o.RequestObjectAudienceChecked = &v } func (o Service) MarshalJSON() ([]byte, error) { @@ -4489,7 +4489,7 @@ func (o Service) MarshalJSON() ([]byte, error) { toSerialize["hsmEnabled"] = o.HsmEnabled } if o.Hsks != nil { - toSerialize["Hsks"] = o.Hsks + toSerialize["hsks"] = o.Hsks } if o.GrantManagementEndpoint != nil { toSerialize["grantManagementEndpoint"] = o.GrantManagementEndpoint @@ -4509,8 +4509,8 @@ func (o Service) MarshalJSON() ([]byte, error) { if o.LoopbackRedirectionUriVariable != nil { toSerialize["loopbackRedirectionUriVariable"] = o.LoopbackRedirectionUriVariable } - if o.IsRequestObjectAudienceChecked != nil { - toSerialize["isRequestObjectAudienceChecked"] = o.IsRequestObjectAudienceChecked + if o.RequestObjectAudienceChecked != nil { + toSerialize["requestObjectAudienceChecked"] = o.RequestObjectAudienceChecked } return json.Marshal(toSerialize) } diff --git a/model_token_issue_response.go b/model_token_issue_response.go index e338c93..08b86dd 100644 --- a/model_token_issue_response.go +++ b/model_token_issue_response.go @@ -52,8 +52,6 @@ type TokenIssueResponse struct { Properties []Property `json:"properties,omitempty"` // The newly issued access token in JWT format. If the authorization server is configured to issue JWT-based access tokens (= if the service's `accessTokenSignAlg` value is a non-null value), a JWT-based access token is issued along with the original random-string one. JwtAccessToken *string `json:"jwtAccessToken,omitempty"` - // The resources specified by the `resource` request parameters in the token request. See \"Resource Indicators for OAuth 2.0\" for details. - Resources []string `json:"resources,omitempty"` // The target resources of the access token being issued. See \"Resource Indicators for OAuth 2.0\" for details. AccessTokenResources []string `json:"accessTokenResources,omitempty"` AuthorizationDetails *AuthorizationDetails `json:"authorizationDetails,omitempty"` @@ -656,38 +654,6 @@ func (o *TokenIssueResponse) SetJwtAccessToken(v string) { o.JwtAccessToken = &v } -// GetResources returns the Resources field value if set, zero value otherwise. -func (o *TokenIssueResponse) GetResources() []string { - if o == nil || o.Resources == nil { - var ret []string - return ret - } - return o.Resources -} - -// GetResourcesOk returns a tuple with the Resources field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *TokenIssueResponse) GetResourcesOk() ([]string, bool) { - if o == nil || o.Resources == nil { - return nil, false - } - return o.Resources, true -} - -// HasResources returns a boolean if a field has been set. -func (o *TokenIssueResponse) HasResources() bool { - if o != nil && o.Resources != nil { - return true - } - - return false -} - -// SetResources gets a reference to the given []string and assigns it to the Resources field. -func (o *TokenIssueResponse) SetResources(v []string) { - o.Resources = v -} - // GetAccessTokenResources returns the AccessTokenResources field value if set, zero value otherwise. func (o *TokenIssueResponse) GetAccessTokenResources() []string { if o == nil || o.AccessTokenResources == nil { @@ -872,9 +838,6 @@ func (o TokenIssueResponse) MarshalJSON() ([]byte, error) { if o.JwtAccessToken != nil { toSerialize["jwtAccessToken"] = o.JwtAccessToken } - if o.Resources != nil { - toSerialize["resources"] = o.Resources - } if o.AccessTokenResources != nil { toSerialize["accessTokenResources"] = o.AccessTokenResources } diff --git a/model_token_response.go b/model_token_response.go index b53a816..f10caf3 100644 --- a/model_token_response.go +++ b/model_token_response.go @@ -69,6 +69,8 @@ type TokenResponse struct { ServiceAttributes []Pair `json:"serviceAttributes,omitempty"` // The attributes of the client. ClientAttributes []Pair `json:"clientAttributes,omitempty"` + // The client authentication method that was performed at the token endpoint. + ClientAuthMethod *string `json:"clientAuthMethod,omitempty"` } // NewTokenResponse instantiates a new TokenResponse object @@ -952,6 +954,38 @@ func (o *TokenResponse) SetClientAttributes(v []Pair) { o.ClientAttributes = v } +// GetClientAuthMethod returns the ClientAuthMethod field value if set, zero value otherwise. +func (o *TokenResponse) GetClientAuthMethod() string { + if o == nil || o.ClientAuthMethod == nil { + var ret string + return ret + } + return *o.ClientAuthMethod +} + +// GetClientAuthMethodOk returns a tuple with the ClientAuthMethod field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *TokenResponse) GetClientAuthMethodOk() (*string, bool) { + if o == nil || o.ClientAuthMethod == nil { + return nil, false + } + return o.ClientAuthMethod, true +} + +// HasClientAuthMethod returns a boolean if a field has been set. +func (o *TokenResponse) HasClientAuthMethod() bool { + if o != nil && o.ClientAuthMethod != nil { + return true + } + + return false +} + +// SetClientAuthMethod gets a reference to the given string and assigns it to the ClientAuthMethod field. +func (o *TokenResponse) SetClientAuthMethod(v string) { + o.ClientAuthMethod = &v +} + func (o TokenResponse) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if o.ResultCode != nil { @@ -1035,6 +1069,9 @@ func (o TokenResponse) MarshalJSON() ([]byte, error) { if o.ClientAttributes != nil { toSerialize["clientAttributes"] = o.ClientAttributes } + if o.ClientAuthMethod != nil { + toSerialize["clientAuthMethod"] = o.ClientAuthMethod + } return json.Marshal(toSerialize) }