a4d9f572bc
This patch ensures Koha doesn't throw an error if the IdP hands back a session_state parameter. To test: 1) Set up an identity provider 2) On the IdP's configuration, make it hand back a session_state 3) Confirm authentication using OIDC works with and without the session_state Sponsored-by: Plant & Food Research Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
128 lines
3.4 KiB
YAML
128 lines
3.4 KiB
YAML
---
|
|
/oauth/token:
|
|
post:
|
|
x-mojo-to: OAuth#token
|
|
operationId: tokenOAuth
|
|
tags:
|
|
- oauth
|
|
summary: Get access token
|
|
produces:
|
|
- application/json
|
|
parameters:
|
|
- name: grant_type
|
|
in: formData
|
|
description: grant type (client_credentials)
|
|
required: true
|
|
type: string
|
|
- name: client_id
|
|
in: formData
|
|
description: client id
|
|
type: string
|
|
- name: client_secret
|
|
in: formData
|
|
description: client secret
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: OK
|
|
schema:
|
|
type: object
|
|
properties:
|
|
access_token:
|
|
type: string
|
|
token_type:
|
|
type: string
|
|
expires_in:
|
|
type: integer
|
|
additionalProperties: false
|
|
"400":
|
|
description: Bad Request
|
|
schema:
|
|
$ref: "../swagger.yaml#/definitions/error"
|
|
"403":
|
|
description: Access forbidden
|
|
schema:
|
|
$ref: "../swagger.yaml#/definitions/error"
|
|
"/oauth/login/{provider_code}/{interface}":
|
|
get:
|
|
x-mojo-to: OAuth::Client#login
|
|
operationId: loginOAuthClient
|
|
tags:
|
|
- oauth
|
|
summary: Login to OAuth provider
|
|
produces:
|
|
- application/json
|
|
parameters:
|
|
- name: provider_code
|
|
in: path
|
|
description: Code for OAuth provider
|
|
required: true
|
|
type: string
|
|
- name: interface
|
|
in: path
|
|
description: Name of the interface this login is for
|
|
required: true
|
|
type: string
|
|
- name: code
|
|
in: query
|
|
description: Code returned from OAuth server for Authorization Code grant
|
|
required: false
|
|
type: string
|
|
- name: state
|
|
in: query
|
|
description: An opaque value used by the client to maintain state between the
|
|
request and callback. This is the callback part.
|
|
required: false
|
|
type: string
|
|
- name: scope
|
|
in: query
|
|
description: Scope returned by OAuth server
|
|
type: string
|
|
- name: prompt
|
|
in: query
|
|
description: Prompt returned by OAuth server
|
|
type: string
|
|
- name: authuser
|
|
in: query
|
|
description: Auth user returned by OAuth server
|
|
type: string
|
|
- name: error
|
|
in: query
|
|
description: OAuth error code
|
|
type: string
|
|
- name: error_description
|
|
in: query
|
|
description: OAuth error description
|
|
type: string
|
|
- name: error_uri
|
|
in: query
|
|
description: Web page with user friendly description of the error
|
|
type: string
|
|
- name: session_state
|
|
in: query
|
|
description: Session state returned by OAuth server
|
|
type: string
|
|
responses:
|
|
"302":
|
|
description: User authorized
|
|
schema:
|
|
type: string
|
|
"400":
|
|
description: Bad Request
|
|
schema:
|
|
$ref: ../swagger.yaml#/definitions/error
|
|
"403":
|
|
description: Access forbidden
|
|
schema:
|
|
$ref: ../swagger.yaml#/definitions/error
|
|
"500":
|
|
description: |
|
|
Internal server error. Possible `error_code` attribute values:
|
|
|
|
* `internal_server_error`
|
|
schema:
|
|
$ref: ../swagger.yaml#/definitions/error
|
|
"503":
|
|
description: Under maintenance
|
|
schema:
|
|
$ref: ../swagger.yaml#/definitions/error
|