From 80ec49845da9c901b687f17a349abc42d7a3e3e7 Mon Sep 17 00:00:00 2001 From: CI Date: Tue, 16 Jun 2026 14:19:46 +0000 Subject: [PATCH] chore: sync spec_next.yaml from new-api-doc [7aa9158f95bdf2dab26ccc36cd9d0c0c7de4c21b] --- spec_next.yaml | 406 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 406 insertions(+) diff --git a/spec_next.yaml b/spec_next.yaml index 65a8fa7..e989c14 100644 --- a/spec_next.yaml +++ b/spec_next.yaml @@ -299,6 +299,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: service_get_api @@ -480,6 +482,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: service_get_list_api @@ -673,6 +677,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: service_create_api @@ -918,6 +924,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: service_update_api @@ -979,6 +987,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: service_delete_api @@ -1079,6 +1089,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_get_api @@ -1220,6 +1232,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_get_list_api @@ -1355,6 +1369,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_create_api @@ -1509,6 +1525,8 @@ paths: $ref: '#/components/responses/403' '404': description: The client was not found. + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_update_api @@ -1578,6 +1596,8 @@ paths: $ref: '#/components/responses/403' '404': description: The client was not found. + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_delete_api @@ -1648,6 +1668,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_flag_update_api @@ -1693,6 +1715,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_secret_refresh_api @@ -1772,6 +1796,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_secret_update_api @@ -1872,6 +1898,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_authorization_get_list_api @@ -1912,6 +1940,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_authorization_get_list_api_post @@ -2001,6 +2031,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_authorization_get_list_by_subject_api @@ -2056,6 +2088,8 @@ paths: $ref: '#/components/responses/403' '404': description: The client was not found. + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_authorization_update_api @@ -2138,6 +2172,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_authorization_delete_api @@ -2191,6 +2227,8 @@ paths: application/json: schema: $ref: '#/components/schemas/client_authorization_delete_response' + '429': + $ref: '#/components/responses/429' operationId: client_authorization_delete_api_post tags: - Client Management @@ -2259,6 +2297,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_authorization_delete_by_subject_api @@ -2340,6 +2380,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_granted_scopes_get_api @@ -2393,6 +2435,8 @@ paths: application/json: schema: $ref: '#/components/schemas/client_authorization_delete_response' + '429': + $ref: '#/components/responses/429' operationId: client_granted_scopes_get_api_post tags: - Client Management @@ -2461,6 +2505,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_granted_scopes_get_by_subject_api @@ -2509,6 +2555,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_granted_scopes_delete_api @@ -2579,6 +2627,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_granted_scopes_delete_by_subject_api @@ -3133,6 +3183,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_authorization_api @@ -3311,6 +3363,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_authorization_fail_api @@ -3498,6 +3552,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_authorization_issue_api @@ -3580,6 +3636,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: pushed_auth_req_api @@ -4077,6 +4135,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_api @@ -4216,6 +4276,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_fail_api @@ -4373,6 +4435,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_issue_api @@ -4611,6 +4675,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_introspection_api @@ -4768,6 +4834,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_introspection_standard_api @@ -4966,6 +5034,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_revocation_api @@ -5166,6 +5236,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_userinfo_api @@ -5366,6 +5438,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_userinfo_issue_api @@ -5432,6 +5506,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: idtoken_reissue_api @@ -5474,6 +5550,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: grant_m_api @@ -5549,6 +5627,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: service_jwks_get_api @@ -5904,6 +5984,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: service_configuration_api @@ -6070,6 +6152,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_registration_api @@ -6270,6 +6354,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_registration_get_api @@ -6474,6 +6560,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_registration_update_api @@ -6650,6 +6738,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_registration_delete_api @@ -7015,6 +7105,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: backchannel_authentication_api @@ -7173,6 +7265,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: backchannel_authentication_issue_api @@ -7278,6 +7372,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: backchannel_authentication_fail_api @@ -7460,6 +7556,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: backchannel_authentication_complete_api @@ -7496,6 +7594,87 @@ paths: api.backchannelAuthenticationComplete(req) tags: - CIBA + /api/{serviceId}/backchannel/logout/token: + post: + summary: Backchannel Logout Token Issuing + description: | + The `/backchannel/logout/token` API issues a logout token for a client application + in the context of [OpenID Connect Back-Channel Logout 1.0](https://openid.net/specs/openid-connect-backchannel-1_0.html). + x-mint: + metadata: + description: "The `/backchannel/logout/token` API issues a logout token for a client application in the context of [OpenID Connect Back-Channel Logout 1.0](https://openid.net/specs/openid-connect-backchannel-1_0.html)." + content: | + + The caller provides a client identifier and either a subject, a session ID, or both. + Authlete generates a logout token that the caller should then POST to the client's + registered `backchannelLogoutUri`. + + A response from the `/backchannel/logout/token` API contains an `action` response + parameter. The possible values are: + + ## OK + + When the action is `OK`, it indicates that the API call completed successfully and + a logout token has been issued. The caller should deliver `logoutToken` to + `backchannelLogoutUri`. + + ## SERVER_ERROR + + When the action is `SERVER_ERROR`, it indicates that something has gone wrong on + the Authlete side. + + ## CALLER_ERROR + + When the action is `CALLER_ERROR`, it indicates that the API call contained a + problem. For example, the call may have been missing required request parameters. + + + parameters: + - in: path + name: serviceId + description: A service ID. + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/backchannel_logout_token_request' + example: + clientIdentifier: '1140735077' + subject: user123 + sessionId: my-sid + responses: + '200': + description: '' + content: + application/json: + schema: + $ref: '#/components/schemas/backchannel_logout_token_response' + example: + action: OK + logoutToken: eyJhbGciOiJSUzI1NiJ9... + backchannelLogoutUri: https://client.example.com/logout + resultCode: A504001 + resultMessage: '[A504001] The backchannel logout token was successfully issued.' + links: + authz_process: + $ref: '#/components/links/authz_process' + '400': + $ref: '#/components/responses/400' + '401': + $ref: '#/components/responses/401' + '403': + $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' + '500': + $ref: '#/components/responses/500' + operationId: backchannel_logout_token_api + tags: + - Back-Channel Logout /api/{serviceId}/device/authorization: post: summary: Process Device Authorization Request @@ -7651,6 +7830,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: device_authorization_api @@ -7779,6 +7960,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: device_verification_api @@ -7917,6 +8100,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: device_complete_api @@ -8054,6 +8239,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_get_list_api @@ -8144,6 +8331,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_create_api @@ -8232,6 +8421,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_update_api @@ -8296,6 +8487,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_delete_api @@ -8367,6 +8560,8 @@ paths: $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: auth_token_revoke_api @@ -8448,6 +8643,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: jose_verify_api @@ -8588,6 +8785,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: federation_configuration_api @@ -8666,6 +8865,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: federation_registration_api @@ -8702,6 +8903,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: info_api @@ -8739,6 +8942,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_extension_requestables_scopes_get_api @@ -8782,6 +8987,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_extension_requestables_scopes_update_api_post @@ -8824,6 +9031,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_extension_requestables_scopes_update_api @@ -8857,6 +9066,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: client_extension_requestables_scopes_delete_api @@ -8897,6 +9108,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: hsk_create_api @@ -8933,6 +9146,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: hsk_delete_api @@ -8969,6 +9184,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: hsk_get_api @@ -9000,6 +9217,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: hsk_get_list_api @@ -9055,6 +9274,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_metadata_api @@ -9093,6 +9314,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_jwtissuer_api @@ -9131,6 +9354,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_jwks_api @@ -9169,6 +9394,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_offer_create_api @@ -9207,6 +9434,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_offer_info_api @@ -9245,6 +9474,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_single_parse_api @@ -9280,6 +9511,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_single_issue_api @@ -9318,6 +9551,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_batch_parse_api @@ -9353,6 +9588,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_batch_issue_api @@ -9421,6 +9658,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_deferred_parse_api @@ -9456,6 +9695,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: vci_deferred_issue_api @@ -9494,6 +9735,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' tags: @@ -9531,6 +9774,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' tags: @@ -9638,6 +9883,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: native_sso_api @@ -9731,6 +9978,8 @@ paths: $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' + '429': + $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' operationId: native_sso_logout_api @@ -9935,6 +10184,7 @@ components: - TLS_CLIENT_AUTH - SELF_SIGNED_TLS_CLIENT_AUTH - ATTEST_JWT_CLIENT_AUTH + - SPIFFE_JWT client_extension: type: object properties: @@ -10494,6 +10744,17 @@ components: authentication request. This property corresponds to the `backchannel_user_code_parameter` metadata. + backchannelLogoutUri: + type: string + description: | + The backchannel logout URI for this client. Used by the service to + deliver logout tokens when OpenID Connect Back-Channel Logout 1.0 is + triggered. + backchannelLogoutSessionRequired: + type: boolean + description: | + The flag indicating whether the client requires that a `sid` (session ID) + claim be included in the logout token sent to `backchannelLogoutUri`. attributes: type: array items: @@ -10817,6 +11078,17 @@ components: - EXPLICIT_REGISTRATION - METADATA_DOCUMENT - STATIC_REGISTRATION + spiffeId: + type: string + description: | + The SPIFFE ID of the client. Used for SPIFFE-based client authentication + (`SPIFFE_JWT`). Corresponds to the `spiffe_id` client metadata parameter. + spiffeBundleEndpoint: + type: string + description: | + The endpoint URL of the SPIFFE bundle for this client. Used to fetch + the SPIFFE trust bundle for validating JWT-SVIDs. Corresponds to the + `spiffe_bundle_endpoint` client metadata parameter. delivery_mode: type: string enum: @@ -12731,6 +13003,50 @@ components: description: | The time window of attestation challenges in seconds. This is used for OAuth 2.0 Attestation-Based Client Authentication. + clientAttesterRootsEnabled: + type: boolean + description: | + The flag indicating whether the attester roots for Client Attestation JWT + x5c chain validation are enabled. + clientAttesterRootsOnly: + type: boolean + description: | + The flag indicating whether only client authentication validated via + attester roots is accepted. + keyAttesterRootsEnabled: + type: boolean + description: | + The flag indicating whether the attester roots for Key Attestation JWT + x5c chain validation are enabled. + keyAttesterRootsOnly: + type: boolean + description: | + The flag indicating whether only key attestation validated via + attester roots is accepted. + clientAttesterRoots: + type: array + items: + type: string + description: | + The trusted root certificates (PEM-encoded X.509) for validating the + x5c chain in Client Attestation JWTs. + keyAttesterRoots: + type: array + items: + type: string + description: | + The trusted root certificates (PEM-encoded X.509) for validating the + x5c chain in Key Attestation JWTs. + backchannelLogoutSupported: + type: boolean + description: | + The flag indicating whether this service supports OpenID Connect + Back-Channel Logout 1.0. + backchannelLogoutSessionSupported: + type: boolean + description: | + The flag indicating whether this service includes a `sid` (session ID) + claim in ID tokens, supporting per-session backchannel logout. sns_credentials: type: object properties: @@ -13568,6 +13884,11 @@ components: authentication request. This property corresponds to the `backchannel_user_code_parameter` metadata. + backchannelLogoutSessionRequired: + type: boolean + description: | + The flag indicating whether the client requires that a `sid` (session ID) + claim be included in the logout token sent to `backchannelLogoutUri`. dynamicallyRegistered: type: boolean readOnly: true @@ -14652,6 +14973,7 @@ components: - TLS_CLIENT_AUTH - SELF_SIGNED_TLS_CLIENT_AUTH - ATTEST_JWT_CLIENT_AUTH + - SPIFFE_JWT dpopNonce: type: string description: | @@ -17256,6 +17578,53 @@ components: Flag indicating whether a metadata document was used to resolve client metadata for this request. When `true`, the client metadata was retrieved via the CIMD mechanism rather than from the Authlete database. + backchannel_logout_token_request: + type: object + required: + - clientIdentifier + properties: + clientIdentifier: + type: string + description: | + The identifier of the client application. Either a client ID or a client + alias. + subject: + type: string + description: | + The subject (end-user) identifier. The logout token will be issued for + this subject. At least one of `subject` or `sessionId` must be provided. + sessionId: + type: string + description: | + The session ID (`sid`) identifying the user session to log out. At least + one of `subject` or `sessionId` must be provided. + backchannel_logout_token_response: + type: object + properties: + resultCode: + type: string + description: The code which represents the result of the API call. + resultMessage: + type: string + description: A short message which explains the result of the API call. + action: + type: string + enum: + - OK + - SERVER_ERROR + - CALLER_ERROR + description: | + The next action that the API caller should take. + logoutToken: + type: string + description: | + The logout token issued for the client. The caller should deliver this + token to the client's `backchannelLogoutUri`. + backchannelLogoutUri: + type: string + description: | + The backchannel logout URI of the client. The caller should POST the + `logoutToken` to this URI. device_authorization_request: type: object required: @@ -19523,6 +19892,31 @@ components: example: resultCode: 404 resultMessage: '' + '429': + description: The request exceeded the request rate permitted for the endpoint. + headers: + Retry-After: + description: The number of seconds to wait before retrying the request. + schema: + type: integer + example: 1 + RateLimit-Remaining: + description: The number of requests remaining in the next second. + schema: + type: integer + example: 10 + RateLimit-Reset: + description: The number of seconds to wait before the request rate is fully replenished. + schema: + type: integer + example: 1 + content: + application/json: + schema: + $ref: '#/components/schemas/result' + example: + resultCode: A001311 + resultMessage: '[A001311] /auth/authorization, Too many requests, retry after 1 seconds. (Entity: 23769878923/87122303)' '500': description: '' content: @@ -19532,3 +19926,15 @@ components: example: resultCode: A001101 resultMessage: '[A001101] /auth/authorization, Authlete Server error.' +x-speakeasy-retries: + strategy: backoff + backoff: + initialInterval: 500 + maxInterval: 16000 + maxElapsedTime: 60000 + exponent: 2 + statusCodes: + - 5XX + - 429 + retryConnectionErrors: true +x-speakeasy-timeout: 5000