-
Notifications
You must be signed in to change notification settings - Fork 47
/
Copy pathoauth.arazzo.yaml
185 lines (175 loc) · 5.78 KB
/
oauth.arazzo.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
arazzo: 1.0.0
info:
title: Example OAuth service
version: 1.0.0
description: >-
Example OAuth service
sourceDescriptions:
- name: apim-auth
url: ./oauth.openapi.yaml
type: openapi
# This is how you can reference another workflow file
# - name: sample
# url: ./sample.arazzo.yml
# type: arazzo
workflows:
- workflowId: refresh-token-flow
summary: Refresh an access token
description: >-
This is how you can refresh an access token.
inputs:
type: object
properties:
my_client_id:
type: string
description: The client id
my_client_secret:
type: string
description: The client secret
my_redirect_uri:
type: string
description: The redirect uri
# refresh_token:
# type: string
# description: The refresh token
# # From authorization-code-flow.outputs.refresh_token
# # Or a previous refresh-token-flow.outputs.refresh_token
steps:
- stepId: do-the-auth-flow
description: >-
This is where you do the authorization code flow
workflowId: authorization-code-flow
parameters:
- name: client_id
value: $inputs.my_client_id
- name: redirect_uri
value: $inputs.my_redirect_uri
- name: client_secret
value: $inputs.my_client_secret
outputs:
my_refresh_token: $outputs.refresh_token
- stepId: do-the-refresh
description: >-
This is where you do the refresh
operationId: get-token
requestBody:
contentType: application/x-www-form-urlencoded
payload:
grant_type: refresh_token
refresh_token: $steps.do-the-auth-flow.outputs.my_refresh_token
successCriteria:
- condition: $statusCode == 200
- context: $response.body
condition: $.access_token != null
type: jsonpath
outputs:
access_token: $response.body#/access_token
refresh_token: $response.body#/refresh_token
expires_in: $response.body#/expires_in
outputs:
access_token: $steps.do-the-refresh.outputs.access_token
refresh_token: $steps.do-the-refresh.outputs.refresh_token
expires_in: $steps.do-the-refresh.outputs.expires_in
- workflowId: client-credentials-flow
summary: Get an access token using client credentials
description: >-
This is how you can get an access token using client credentials.
inputs:
type: object
properties:
client_id:
type: string
description: The client id
client_secret:
type: string
description: The client secret
steps:
- stepId: get-client-creds-token
description: >-
This is where you get the token
operationId: get-token
requestBody:
contentType: application/x-www-form-urlencoded
payload:
client_id: $inputs.client_id
client_secret: $inputs.client_secret
grant_type: client_credentials
successCriteria:
- condition: $statusCode == 200
- context: $response.body
condition: $.access_token != null
type: jsonpath
outputs:
access_token: $response.body#/access_token
outputs:
access_token: $steps.get-client-creds-token.outputs.access_token
- workflowId: authorization-code-flow
summary: Get an access token using an authorization code
description: >-
This is how you can get an access token using an authorization code.
inputs:
type: object
properties:
client_id:
type: string
description: The client id
client_secret:
type: string
description: The client secret
redirect_uri:
type: string
description: The redirect uri
steps:
- stepId: browser-authorize
description: >-
This URL is opened in the browser and redirects you back to
the registered redirect URI with an authorization code.
operationId: authorize
parameters:
- name: client_id
in: query
value: $inputs.client_id
- name: redirect_uri
in: query
value: $inputs.redirect_uri
- name: response_type
in: query
value: 'code'
- name: scope
in: query
value: 'read'
- name: state
in: query
value: '12345'
successCriteria:
- condition: $statusCode == 200
- context: $response.body
condition: $.access_token != null
type: jsonpath
outputs:
code: $response.body#/code # Not really, this is a query parameter
- stepId: get-access-token
description: >-
This is where you get the token
operationId: get-token
requestBody:
contentType: application/x-www-form-urlencoded
payload:
grant_type: authorization_code
code: $steps.browser-authorize.outputs.code
redirect_uri: $inputs.redirect_uri
client_id: $inputs.client_id
client_secret: $inputs.client_secret
successCriteria:
- condition: $statusCode == 200
- context: $response.body
condition: $.access_token != null
type: jsonpath
outputs:
access_token: $response.body#/access_token
refresh_token: $response.body#/refresh_token
expires_in: $response.body#/expires_in
outputs:
access_token: $steps.get-access-token.outputs.access_token
refresh_token: $steps.get-access-token.outputs.refresh_token
expires_in: $steps.get-access-token.outputs.expires_in