-
Notifications
You must be signed in to change notification settings - Fork 4
/
api.yaml
534 lines (526 loc) · 16.8 KB
/
api.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
openapi: 3.0.3
info:
title: vcverifier
description: Backend component to verify credentials
version: 0.0.1
tags:
- name: frontend
description: All endpoints that belong to the frontend-application part
- name: api
description: All api-endpoints, e.g. the once that can be reused by other applications
paths:
/api/v1/loginQR:
get:
tags:
- frontend
parameters:
- $ref: '#/components/parameters/QueryState'
- $ref: '#/components/parameters/ClientCallback'
- $ref: '#/components/parameters/ClientId'
operationId: VerifierPageDisplayQRSIOP
summary: Presents a qr as starting point for the auth process
description: Returns a rendered html with a QR encoding the login-starting point for the siop flow - e.g. 'openid://?scope=somethign&response_type=rt&response_mode=rm&client_id=ci&redirect_uri=uri&state=state&nonce=nonce'
responses:
'200':
description: A rendered page, containing the qr
content:
text/html:
schema:
type: object
'400':
description: In case of broken requests.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
/api/v1/samedevice:
get:
tags:
- api
parameters:
- $ref: '#/components/parameters/QueryState'
- $ref: '#/components/parameters/ClientId'
operationId: StartSIOPSameDevice
summary: Starts the siop flow for credentials hold by the same device
description: When the credential is already present in the requesting browser, the same-device flow can be used. It creates the login information and then redirects to the /authenticationresponse path.
responses:
'302':
description: A redirect to the authenticationresponse path, containing scope, response_type, client_id, redirect_uri, state and nonce to be used for the request
/api/v1/startsiop:
get:
tags:
- api
parameters:
- $ref: '#/components/parameters/QueryState'
- $ref: '#/components/parameters/ClientCallback'
operationId: VerifierAPIStartSIOP
summary: Initiates the siop flow and returns the 'openid://...' connection string
responses:
'200':
description: The connection string
content:
text/plain:
schema:
type: string
example: openid://?scope=dsba.credentials.presentation.PacketDeliveryService&response_type=vp_token&response_mode=post&client_id=did:key:z6MktZy7CErCqdLvknH6g9YNVpWupuBNBNovsBrj4DFGn4R1&redirect_uri=http://localhost:3000/verifier/api/v1/authenticationresponse&state=&nonce=BfEte4DFdlmdO7a_fBiXTw
/api/v1/authentication_response:
post:
tags:
- api
parameters:
- $ref: '#/components/parameters/QueryState'
- $ref: '#/components/parameters/ClientId'
operationId: VerifierAPIAuthenticationResponse
summary: Stores the credential for the given session
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/AuthenticationResponse'
responses:
'204':
description: Ok when it worked
get:
tags:
- api
parameters:
- $ref: '#/components/parameters/QueryState'
- $ref: '#/components/parameters/VpToken'
- $ref: '#/components/parameters/PresentationSubmission'
operationId: GetVerifierAPIAuthenticationResponse
summary: Stores the credential for the given session
responses:
'204':
description: Ok when it worked
/token:
post:
tags:
- api
operationId: GetToken
summary: Token endpoint to exchange the authorization code with the actual JWT.
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/TokenRequest'
responses:
'200':
description: The pre-generated token
content:
application/json:
schema:
$ref: '#/components/schemas/TokenResponse'
'403':
description: Whenever something is requested that is not allowed or existent
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
/.well-known/jwks:
get:
tags:
- api
operationId: VerifierAPIJWKS
summary: Provides the public keys for the given verifier, to be used for verifing the JWTs
responses:
'200':
description: The list of public keys, belonging to the issuer
content:
application/json:
schema:
$ref: '#/components/schemas/JWKSet'
/services/{service_id}/.well-known/openid-configuration:
get:
parameters:
- $ref: '#/components/parameters/ServiceId'
tags:
- api
operationId: VerifierAPIOpenIDConfiguration
summary: Returns the configuration of the OpenID Provider
responses:
'200':
description: OpenID Provider Metadata
content:
application/json:
schema:
$ref: '#/components/schemas/OpenIDProviderMetadata'
/services/{service_id}/token:
post:
parameters:
- $ref: '#/components/parameters/ServiceId'
tags:
- api
operationId: GetTokenForService
summary: Token endpoint to exchange the authorization code with the actual JWT.
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/TokenRequest'
responses:
'200':
description: The pre-generated token
content:
application/json:
schema:
$ref: '#/components/schemas/TokenResponse'
'403':
description: Whenever something is requested that is not allowed or existent
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
components:
parameters:
Id:
name: id
in: path
required: true
schema:
type: string
example: urn:uuid:274e7465-cc9d-4cad-b75f-190db927e56a
State:
name: state
in: path
required: true
schema:
type: string
example: 274e7465-cc9d-4cad-b75f-190db927e56a
QueryState:
name: state
in: query
required: true
schema:
type: string
example: 274e7465-cc9d-4cad-b75f-190db927e56a
ClientCallback:
name: client_callback
description: Endpoint of the client to receive the jwt.
in: query
required: true
schema:
type: string
format: url
example: "https://my-portal.com/auth_callback"
QueryId:
name: id
in: query
required: true
schema:
type: string
example: urn:uuid:274e7465-cc9d-4cad-b75f-190db927e56a
RedirectUri:
name: redirect_uri
in: query
required: true
schema:
type: string
example: https://my-verifier.com/verifier/api/v1/authenticationresponse
VpToken:
name: vp_token
description: base64URLEncoded VerifiablePresentation
in: query
required: true
schema:
type: string
PresentationSubmission:
name: presentation_submission
description: base64URLEncoded PresentationSubmission as specified by https://identity.foundation/presentation-exchange/#presentation-submission
in: query
required: true
schema:
type: string
ClientId:
name: client_id
description: The id of the client/service that intents to start the authentication flow. Will be used to retrieve the scope and trust services to be used for verification.
in: query
required: false
schema:
type: string
example: packet-delivery-portal
ServiceId:
name: service_id
description: The id of the client/service that intents to start the authentication flow. Will be used to retrieve the scope and trust services to be used for verification.
in: path
required: true
schema:
type: string
example: packet-delivery-portal
schemas:
CredentialsType:
type: array
items:
type: string
example:
- PacketDeliveryService
- VerifiableCredential
Did:
type: object
properties:
id:
type: string
format: did
example: did:key:z6Mks9m9ifLwy3JWqH4c57EbBQVS2SpRCjfa79wHb5vWM6vh
Date:
type: string
format: date-time
example: 2023-01-06T07:51:36Z
Proof:
type: object
properties:
type:
type: string
example: JsonWebSignature2020
creator:
type: string
format: did
example: did:key:z6Mks9m9ifLwy3JWqH4c57EbBQVS2SpRCjfa79wHb5vWM6vh
created:
$ref: '#/components/schemas/Date'
verificationMethod:
type: string
example: did:key:z6Mks9m9ifLwy3JWqH4c57EbBQVS2SpRCjfa79wHb5vWM6vh#z6Mks9m9ifLwy3JWqH4c57EbBQVS2SpRCjfa79wHb5vWM6vh
jws:
type: string
example: eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..6xSqoZja0NwjF0af9Zknqx3Cbh9GENunBf9C8uL2ulGfwus3UFM_ZnhPjWtHPl-72E9p3BT5f2ptZoYktMKpDA
BackendInfo:
type: object
properties:
issuerDid:
$ref: '#/components/schemas/Did'
verifierDid:
$ref: '#/components/schemas/Did'
Descriptor:
type: object
properties:
id:
type: string
description: The value of this property MUST be a string that matches the id property of the Input Descriptor in the Presentation Definition that this Presentation Submission is related to.
example: id_credential
format:
type: string
description: The value of this property MUST be a string that matches one of the Claim Format Designation. This denotes the data format of the Claim.
example: ldp_vc
path:
type: string
description: The value of this property MUST be a JSONPath string expression. The path property indicates the Claim submitted in relation to the identified Input Descriptor, when executed against the top-level of the object the Presentation Submission is embedded within.
example: $
path_nested:
$ref: '#/components/schemas/Descriptor'
required:
- id
- format
- path
PresentationSubmission:
type: object
description: PresentationSubmission as specified by https://identity.foundation/presentation-exchange/#presentation-submission
properties:
id:
type: string
description: Must be a string that matches the id property of the Input Descriptor in the Presentation Definition that this Presentation Submission is related to.
definition_id:
type: string
description: Must be the ID of a valid PresentationDefinition
example: 32f54163-7166-48f1-93d8-ff217bdb0653
descriptor_map:
type: array
items:
$ref: '#/components/schemas/Descriptor'
required:
- id
- definition_id
- descriptor_map
AuthenticationResponse:
type: object
properties:
presentation_submission:
$ref: '#/components/schemas/PresentationSubmission'
vp_token:
$ref: '#/components/schemas/VerifiablePresentation'
required:
- presentation_submission
- vp_token
VerifiablePresentation:
description: Presentation, containing on or more credentials
type: object
properties:
'@context':
type: array
items:
type: string
format: uri
example:
- https://www.w3.org/2018/credentials/v1
type:
type: array
items:
type: string
enum: ["VerifiablePresentation"]
verifiableCredential:
type: array
items:
$ref: '#/components/schemas/VerifiableCredential'
id:
type: string
example: ebc6f1c2
holder:
$ref: '#/components/schemas/Did'
proof:
$ref: '#/components/schemas/Proof'
VerifiableCredential:
description: Credential in the format ldp_vc
type: object
properties:
types:
$ref: '#/components/schemas/CredentialsType'
'@context':
type: array
items:
type: string
format: uri
example:
- https://www.w3.org/2018/credentials/v1
- https://w3id.org/security/suites/jws-2020/v1
credentialsSubject:
description: A JSON object containing a list of key value pairs, where the key identifies the claim offered in the Credential. The value MAY be a dictionary, which allows to represent the full (potentially deeply nested) structure of the verifiable credential to be issued.
type: object
additionalProperties: true
required:
- '@context'
- types
- format
JWK:
type: object
properties:
kid:
type: string
example: 179d7b56-6598-4045-9a32-4635e8b0f605
kty:
type: string
example: EC
use:
type: string
example: sig
alg:
type: string
example: ES256
crv:
type: string
example: P-256
x:
type: string
example: 3ctHY_0KJW5ezT-oF39t3wPX6XlggWKOSPFW8iooBXk
y:
type: string
example: HXA4mBHgObIE56E92yxN5bYQ27wSxlVPfuNWaY06TTI
n:
type: string
e:
type: string
d:
type: string
JWKSet:
type: object
properties:
keys:
type: array
items:
$ref: '#/components/schemas/JWK'
OpenIDProviderMetadata:
type: object
properties:
issuer:
type: string
example: https://api-test.ebsi.eu/authorisation/v4
authorization_endpoint:
type: string
example: https://api-test.ebsi.eu/authorisation/v4/authorize
token_endpoint:
type: string
example: https://api-test.ebsi.eu/authorisation/v4/token
presentation_definition_endpoint:
type: string
example: https://api-test.ebsi.eu/authorisation/v4/presentation-definitions
jwks_uri:
type: string
example: https://api-test.ebsi.eu/authorisation/v4/jwks
scopes_supported:
type: array
items:
type: string
example: ["openid","didr_invite","didr_write","tir_invite","tir_write"]
response_types_supported:
type: array
items:
type: string
example: ["token"]
response_mode_supported:
type: array
items:
type: string
example: ["query","fragment"]
grant_types_supported:
type: array
items:
type: string
example: ["vp_token"]
subject_types_supported:
type: array
items:
type: string
example: ["public"]
id_token_signing_alg_values_supported:
type: array
items:
type: string
example: ["ES256"]
request_object_signing_alg_values_supported:
type: array
items:
type: string
example: ["ES256"]
request_parameter_supported:
type: boolean
example: true
token_endpoint_auth_methods_supported:
type: array
items:
type: string
example: ["private_key_jwt"]
ErrorMessage:
type: object
properties:
summary:
type: string
example: Missing Input
details:
type: string
example: Expected 'state' as a query parameter.
TokenRequest:
type: object
properties:
grant_type:
type: string
enum: ["authorization_code"]
code:
type: string
example: myRandomString
redirect_uri:
type: string
format: uri
description: Same uri as provided as callback in the original request.
example: https://my-portal.com/auth_callback
TokenResponse:
type: object
properties:
token_type:
type: string
enum: ["Bearer"]
expires_in:
type: number
example: 3600
access_token:
type: string