Skip to content

Latest commit

 

History

History
164 lines (122 loc) · 7.93 KB

Org.OData.Authorization.V1.md

File metadata and controls

164 lines (122 loc) · 7.93 KB

Authorization Vocabulary

Namespace: Org.OData.Authorization.V1

The Authorization Vocabulary provides terms for describing authorization requirements of the service

Terms

Term Type Description
SecuritySchemes [SecurityScheme] At least one of the specified security schemes are required to make a request against the service
Authorizations [Authorization] Lists the methods supported by the service to authorize access

Property Type Description
Authorization SchemeName The name of a required authorization scheme
RequiredScopes [String] The names of scopes required from this authorization scheme

Base type for all Authorization types

Derived Types:

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
IssuerUrl URL Issuer location for the OpenID Provider. Configuration information can be obtained by appending /.well-known/openid-configuration to this Url.

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scheme String HTTP Authorization scheme to be used in the Authorization header, as per RFC7235
BearerFormat String? Format of the bearer token

Derived Types:

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
TokenUrl URL Token Url

Security note: OAuth2 implicit grant is considered to be not secure and should not be used by clients, see OAuth 2.0 Security Best Current Practice.

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
AuthorizationUrl URL Authorization URL

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
TokenUrl URL Token Url

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
AuthorizationUrl URL Authorization URL
TokenUrl URL Token Url

Property Type Description
Scope String Scope name
Grant String? Identity that has access to the scope or can grant access to the scope.
Description String Description of the scope

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
KeyName String The name of the header or query parameter
Location KeyLocation Whether the API Key is passed in the header or as a query option

Member Value Description
Header 0 API Key is passed in the header
QueryOption 1 API Key is passed as a query option
Cookie 2 API Key is passed as a cookie

Type: String

The name of the authorization scheme.