From 446e31997796f017173c156ca1b6213fd4f0b90e Mon Sep 17 00:00:00 2001
From: gem-cp <christian.plagens@gematik.de>
Date: Mon, 23 Sep 2024 15:23:09 +0200
Subject: [PATCH] update

---
 src/schemas/user-info.yaml    | 33 +++++++++++++++++++
 src/schemas/user-session.yaml | 62 +++++++++++++++++++++++++++++++++++
 2 files changed, 95 insertions(+)
 create mode 100644 src/schemas/user-info.yaml
 create mode 100644 src/schemas/user-session.yaml

diff --git a/src/schemas/user-info.yaml b/src/schemas/user-info.yaml
new file mode 100644
index 0000000..aa2b8cf
--- /dev/null
+++ b/src/schemas/user-info.yaml
@@ -0,0 +1,33 @@
+# Schema for the user-info json object.
+# The PDP authorization server stores user-info records for all authenticated
+# user. The PEP can request user-info records for a user by sending a request.
+$schema: "http://json-schema.org/draft-07/schema#"
+UserInfo:
+  type: object
+  properties:
+    sub:
+      type: string
+      description: "User id. Assigned by the Authorization Server and used in the access token."
+    given_name:
+      type: string
+      description: "Given name of the user"
+    family_name:
+      type: string
+      description: "Family name of the user"
+    organizationName:
+      type: string
+      description: "Organization name"
+    professionOID:
+      type: string
+      description: "Profession identifier (OID)"
+    idNumber:
+      type: string
+      description: "Telematik-ID, KVNR or alternative identifier"
+    organizationIK:
+      type: string
+      description: "Organizations number (Institutionskennzeichen)"
+  required:
+    - sub
+    - organizationName
+    - professionOID
+    - idNumber
diff --git a/src/schemas/user-session.yaml b/src/schemas/user-session.yaml
new file mode 100644
index 0000000..a136297
--- /dev/null
+++ b/src/schemas/user-session.yaml
@@ -0,0 +1,62 @@
+# Schema for the user-session json object.
+# The PDP authorization server stores the state of the user-session for
+# authenticated user.
+UserSession:
+  type: object
+  properties:
+    sub:
+      type: string
+      description: "Unique ID of the user."
+    cid:
+      type: string
+      description: "Unique ID of the client."
+    access_token:
+      type: object
+      properties:
+        token:
+          type: string
+          description: "The encrypted access token."
+        iat:
+          type: integer
+          description: "Timestamp of the token issuance."
+        exp:
+          type: integer
+          description: "Timestamp of the token expiration."
+        aud:
+          type: array
+          items:
+            type: string
+          description: "List of allowed resources."
+        scope:
+          type: string
+          description: "Access rights of the token."
+    refresh_token:
+      type: object
+      properties:
+        token:
+          type: string
+          description: "The encrypted refresh token."
+        exp:
+          type: integer
+          description: "Timestamp of the refresh token expiration."
+    session_expiry:
+      type: integer
+      description: "Timestamp of the session expiration."
+    last_activity:
+      type: integer
+      description: "Timestamp of the user's last activity."
+    ip_address:
+      type: string
+      description: "User's IP address (optional)."
+    revoked_tokens:
+      type: array
+      items:
+        type: string
+      description: "List of revoked refresh tokens (optional)."
+  required:
+    - sub
+    - cid
+    - access_token
+    - refresh_token
+    - session_expiry
+    - last_activity