- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
由于 OpenID Connect 使用 HTTP、 header 、查询字符串等,我希望获得 Swagger/OpenAPI 规范作为文档。我试图找到它但没有成功。
你知道在哪里可以找到它吗?
/乔阿西姆
最佳答案
来源
如果您向下滚动,他们也会向上滚动 Swagger UI
https://docs.gravitee.io/am/2.x/oidc/index.html#tag/OpenID-Connect
swagger: '2.0'
info:
description: >-
Gravitee.io - Access Management - OpenID Connect API.
Defines The OpenID Connect Endpoints exposed by AM server.
version: 2.8.0
title: Gravitee.io - Access Management - OpenID Connect API
contact:
email: contact@graviteesource.com
license:
name: Apache 2.0
url: 'http://www.apache.org/licenses/LICENSE-2.0.html'
host: auth.gravitee.io
basePath: /{domain}/oidc
schemes:
- https
paths:
/.well-known/openid-configuration:
get:
tags:
- OpenID Connect
summary: Get OpenID Provider configuration information
description: Discovery endpoint used by OpenID Connect Relying Party to discover the End-User's OpenID Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations.
produces:
- application/json
responses:
'200':
description: The OpenID Provider Metadata values
schema:
$ref: '#/definitions/OpenIDProviderMetadataResponse'
/.well-known/jwks.json:
get:
tags:
- OpenID Connect
summary: Get JSON Web Key Set
description: JWKS endpoint containing the public keys used by OpenID Connect Relying Party to verify any JWT issued by the authorization server.
produces:
- application/json
responses:
'200':
description: A JSON object that represents a set of JWKs
schema:
$ref: '#/definitions/JWKSetResponse'
/userinfo:
get:
tags:
- OpenID Connect
summary: Get claims about the authenticated End-User
description: The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User.
produces:
- application/json
parameters:
- in: header
name: Authorization
description: To obtain the requested Claims about the End-User, the Client makes a request to the UserInfo Endpoint using an Access Token obtained through OpenID Connect Authentication
type: string
required: true
responses:
'400':
description: Invalid Request
'401':
description: Invalid Token
'200':
description: Claims about the authenticated End-User
schema:
$ref: '#/definitions/UserInfoResponse'
post:
tags:
- OpenID Connect
summary: Get claims about the authenticated End-User
description: The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User.
consumes:
- application/x-www-form-urlencoded
produces:
- application/json
parameters:
- in: formData
name: access_token
description: To obtain the requested Claims about the End-User, the Client makes a request to the UserInfo Endpoint using an Access Token obtained through OpenID Connect Authentication
type: string
required: true
responses:
'400':
description: Invalid Request
'401':
description: Invalid Token
'200':
description: Claims about the authenticated End-User
schema:
$ref: '#/definitions/UserInfoResponse'
/register:
post:
tags:
- OpenID Connect
summary: Register (create) a new client.
description: The Dynamic Client Registration (dcr) Endpoint is an OAuth 2.0 Protected Resource through which a new Client registration can be requested.
consumes:
- application/json
produces:
- application/json
parameters:
- in: header
name: Authorization
description: Bearer token obtained through client crendentials flow with as mandatory scope "dcr_admin". Token required unless open dynamic client registration is enabled.
type: string
required: false
- in: body
name: request
schema:
$ref: '#/definitions/ClientRegistrationRequest'
required: true
responses:
'400':
description: Invalid Request
'401':
description: Invalid Token
'403':
description: Registration forbidden
'201':
description: Claims about the registred client
schema:
$ref: '#/definitions/ClientRegistrationResponse'
/register/{client_id}:
get:
tags:
- OpenID Connect
summary: Get a registred client.
description: See information about a registred client.
produces:
- application/json
parameters:
- in: header
name: Authorization
description: Bearer token obtained on the register process through the registration_access_token property giving access only to one client matching the client_id path parameter. An admin token can be also obtained through the client crendentials flow with as mandatory scope "dcr_admin".
type: string
required: true
- in: path
name: client_id
type: string
required: true
description: ID of the client
responses:
'400':
description: Invalid Request
'401':
description: Invalid Token
'403':
description: Access forbidden
'200':
description: Claims about the registred client.
schema:
$ref: '#/definitions/ClientRegistrationResponse'
patch:
tags:
- OpenID Connect
summary: Patch a registred client.
description: Update information about a registred client.
consumes:
- application/json
produces:
- application/json
parameters:
- in: header
name: Authorization
description: Bearer token obtained on the register process through the registration_access_token property giving access only to one client matching the client_id path parameter. An admin token can be also obtained through the client crendentials flow with as mandatory scope "dcr_admin".
type: string
required: true
- in: path
name: client_id
type: string
required: true
description: ID of the client
- in: body
name: request
schema:
$ref: '#/definitions/ClientRegistrationRequest'
required: true
responses:
'400':
description: Invalid Request
'401':
description: Invalid Token
'403':
description: Access forbidden
'200':
description: Claims about the updated client.
schema:
$ref: '#/definitions/ClientRegistrationResponse'
delete:
tags:
- OpenID Connect
summary: Delete a registred client.
description: Delete a registred client.
parameters:
- in: header
name: Authorization
description: Bearer token obtained on the register process through the registration_access_token property giving access only to one client matching the client_id path parameter. An admin token can be also obtained through the client crendentials flow with as mandatory scope "dcr_admin".
type: string
required: true
- in: path
name: client_id
type: string
required: true
description: ID of the client
responses:
'400':
description: Invalid Request
'401':
description: Invalid Token
'403':
description: Access forbidden
'204':
description: Client deleted
schema:
$ref: '#/definitions/ClientRegistrationResponse'
/register/{client_id}/renew_secret:
post:
tags:
- OpenID Connect
summary: Renew the client secret of a registred client.
description: Renew the client secret of a registred client.
produces:
- application/json
parameters:
- in: header
name: Authorization
description: Bearer token obtained on the register process through the registration_access_token property giving access only to one client matching the client_id path parameter. An admin token can be also obtained through the client crendentials flow with as mandatory scope "dcr_admin".
type: string
required: true
- in: path
name: client_id
type: string
required: true
description: ID of the client
responses:
'400':
description: Invalid Request
'401':
description: Invalid Token
'403':
description: Access forbidden
'200':
description: Claims about the updated client.
schema:
$ref: '#/definitions/ClientRegistrationResponse'
securityDefinitions:
client_auth:
type: basic
description: Base64(clientId:clientSecret)
definitions:
OpenIDProviderMetadataResponse:
type: object
properties:
issuer:
type: string
description: REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier
authorization_endpoint:
type: string
description: REQUIRED. URL of the OP's OAuth 2.0 Authorization Endpoint
token_endpoint:
type: string
description: URL of the OP's OAuth 2.0 Token Endpoint
userinfo_endpoint:
type: string
description: RECOMMENDED. URL of the OP's UserInfo Endpoint
jwks_uri:
type: string
description: REQUIRED. URL of the OP's JSON Web Key Set [JWK] document.
registration_endpoint:
type: string
description: RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint
scopes_supported:
type: string
description: RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports
response_types_supported:
type: string
description: REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this OP supports
response_modes_supported:
type: string
description: OPTIONAL. JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports
grant_types_supported:
type: string
description: OPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports
acr_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the Authentication Context Class References that this OP supports
subject_types_supported:
type: string
description: REQUIRED. JSON array containing a list of the Subject Identifier types that this OP supports
id_token_signing_alg_values_supported:
type: string
description: REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT
id_token_encryption_alg_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT
id_token_encryption_enc_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT
userinfo_signing_alg_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT
userinfo_encryption_alg_values_supported:
type: string
description: ROPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT
userinfo_encryption_enc_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT
request_object_signing_alg_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects
request_object_encryption_alg_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects
request_object_encryption_enc_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects
token_endpoint_auth_methods_supported:
type: string
description: OPTIONAL. JSON array containing a list of Client Authentication methods supported by this Token Endpoint
token_endpoint_auth_signing_alg_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT
display_values_supported:
type: string
description: OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports
claim_types_supported:
type: string
description: OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports
claims_supported:
type: string
description: RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for
service_documentation:
type: string
description: OPTIONAL. URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider
claims_locales_supported:
type: string
description: OPTIONAL. Languages and scripts supported for values in Claims being returned, represented as a JSON array of BCP47 [RFC5646] language tag values
ui_locales_supported:
type: string
description: OPTIONAL. Languages and scripts supported for the user interface, represented as a JSON array of BCP47 [RFC5646] language tag values
claims_parameter_supported:
type: boolean
description: OPTIONAL. Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. If omitted, the default value is false
request_parameter_supported:
type: boolean
description: OPTIONAL. Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. If omitted, the default value is false
request_uri_parameter_supported:
type: boolean
description: OPTIONAL. Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. If omitted, the default value is true
require_request_uri_registration:
type: boolean
description: OPTIONAL. Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter
op_policy_uri:
type: string
description: OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about the OP's requirements on how the Relying Party can use the data provided by the OP
op_tos_uri:
type: boolean
description: OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service
UserInfoResponse:
type: object
properties:
sub:
type: string
description: Subject - Identifier for the End-User at the Issuer
name:
type: string
description: End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences
given_name:
type: string
description: Given name(s) or first name(s) of the End-User
family_name:
type: string
description: Surname(s) or last name(s) of the End-User
middle_name:
type: string
description: Middle name(s) of the End-User
nickname:
type: string
description: Casual name of the End-User that may or may not be the same as the given_name
preferred_username:
type: string
description: Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe
profile:
type: string
description: URL of the End-User's profile page
picture:
type: string
description: URL of the End-User's profile picture
website:
type: string
description: URL of the End-User's Web page or blog
email:
type: string
description: End-User's preferred e-mail address
email_verified:
type: boolean
description: User at the time the verification was performed
gender:
type: string
description: End-User's gender
birthdate:
type: string
description: End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format
zoneinfo:
type: string
description: String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone
locale:
type: string
description: End-User's locale, represented as a BCP47 [RFC5646] language tag
phone_number:
type: string
description: End-User's preferred telephone number
phone_number_verified:
type: boolean
description: User at the time the verification was performed
address:
type: string
description: End-User's preferred postal address
updated_at:
type: integer
description: Time the End-User's information was last updated
JWKSetResponse:
type: object
properties:
keys:
type: array
description: The value of the "keys" parameter is an array of JWK values
items:
$ref: '#/definitions/JWKResponse'
JWKResponse:
type: object
properties:
kty:
type: string
description: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC"
use:
type: string
description: The "use" (public key use) parameter identifies the intended use of the public key
key_ops:
type: string
description: The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used
alg:
type: string
description: The "alg" (algorithm) parameter identifies the algorithm intended for use with the key
kid:
type: string
description: The "kid" (key ID) parameter is used to match a specific key
x5u:
type: string
description: The "x5u" (X.509 URL) parameter is a URI [RFC3986] that refers to a resource for an X.509 public key certificate or certificate chain [RFC5280]
x5c:
type: string
description: The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]
x5t:
type: string
description: The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280]
x5t#S256:
type: string
description: The "x5t#S256" (X.509 certificate SHA-256 thumbprint) parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280]
ClientRegistrationRequest:
type: object
required:
- redirect_uris
properties:
redirect_uris:
type: array
description: REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request
items:
type: string
response_types:
type: array
description: JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using. If omitted, the default is that the Client will use only the code Response Type.
items:
type: string
grant_types:
type: array
description: JSON array containing a list of the OAuth 2.0 Grant Types that the Client is declaring that it will restrict itself to using. Values used by OpenID Connect are authorization_code, implicit and refresh_token
items:
type: string
application_type:
type: string
description: Kind of the application. The default, if omitted, is web. The defined values are native or web.
contacts:
type: array
description: Array of e-mail addresses of people responsible for this Client. This might be used by some providers to enable a Web user interface to modify the Client information.
items:
type: string
client_name:
type: string
description: Name of the Client to be presented to the End-User.
logo_uri:
type: string
description: URL that references a logo for the Client application.
client_uri:
type: string
description: URL of the home page of the Client. The value of this field MUST point to a valid Web page.
policy_uri:
type: string
description: URL that the Relying Party Client provides to the End-User to read about the how the profile data will be used.
tos_uri:
type: string
description: URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service.
jwks_uri:
type: string
description: URL for the Client's JSON Web Key Set [JWK] document.
jwks:
$ref: '#/definitions/JWKSetResponse'
description: Client's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as the jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference.
sector_identifier_uri:
type: string
description: URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values.
subject_type:
type: string
description: subject_type requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include pairwise and public.
id_token_signed_response_alg:
type: string
description: JWS alg algorithm [JWA] REQUIRED for signing the ID Token issued to this Client. The default, if omitted, is RS256. The public key for validating the signature is provided by retrieving the JWK Set referenced by the jwks_uri element from OpenID Connect Discovery 1.0 [OpenID.Discovery].
id_token_encrypted_response_alg:
type: string
description: JWE alg algorithm [JWA] REQUIRED for encrypting the ID Token issued to this Client. If this is requested, the response will be signed then encrypted, with the result being a Nested JWT, as defined in [JWT]. The default, if omitted, is that no encryption is performed.
id_token_encrypted_response_enc:
type: string
description: JWE enc algorithm [JWA] REQUIRED for encrypting the ID Token issued to this Client. If id_token_encrypted_response_alg is specified, the default for this value is A128CBC-HS256. When id_token_encrypted_response_enc is included, id_token_encrypted_response_alg MUST also be provided.
userinfo_signed_response_alg:
type: string
在 30K 字符限制处截断
关于oauth-2.0 - OpenID Connect 的 Swagger 规范,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50254037/
OpenID 是否改善了用户体验? 编辑 不是要贬低其他评论,但我在下面得到了一个非常好的回复,它以一种合理的底线方式概述了 OpenID 的 3 个优点。我还在其他评论中听到了一些耳语,你可以通过
我不想疏远我的用户,但是通过多种方式登录网站违背了实现 OpenID 的目的。这不是一个全新的网站,大约有 3000 名用户是顽固的(我们有一个很棒的社区),但并非所有人都是顽固的,我不想因为登录过程
我在 StackOverflow 上使用 OpenID 来验证我的用户身份,这与这里的使用方式非常相似。我真正需要做的是让 OpenID 在我网站的所有子域中工作。 该站点的行为与 Kijiji 大致
OpenID 有没有其他选择,我的意思是一个提供我们详细信息的站点,我们可以使用该 ID 登录到一个站点? 更新 假设认为我正在开发一个具有 openID 集成的网站,我将只有一个用户名,没有那么多细
有人可以帮助我了解 OpenID 的工作原理吗?我对以下答案感兴趣: 如果使用 OpenId,您还需要存储用户 ID 和密码吗? 当用户登录时,我的应用程序如何创建新 session ? 当用户退出应
最重要的问题是我的电子邮件地址是否被传输到消费服务。 例如,如果我使用 Google 在这里登录 SO,那么 SO 知道我的 gmail 地址吗? 他知道我在 gmail 设置中输入的用于外发邮件的名
OpenID 连接的当前状态是什么?我想将它用于新的 SSO 系统。是否有任何库可用于实现? 最佳答案 最终 OpenID Connect 规范于 2014 年 2 月 26 日根据 http://o
作为单点登录实现,我认为 OpenID 很棒。即便如此,它是否一定是电子商务的好选择?我知道它可以使用,但应该使用吗?您是否冒险将所有访问详细信息放在一个篮子中? 那里的普遍意见是什么? 最佳答案 当
我不是问具体的实现,也不是问跨站单点登录机制的全局世界观,我只是想知道社区对 OpenID 底层可用性的看法。您是否认为使用由(非技术观察者)随机提供的各种提供者发布的 URL 来代替实际的用户名是人
已关闭。这个问题是 off-topic 。目前不接受答案。 想要改进这个问题吗? Update the question所以它是on-topic用于堆栈溢出。 已关闭11 年前。 Improve th
我是openID的新手。我花了很多时间思考最好的做法是为用户提供选择,并使用各种启用了OpenID的帐户登录。 (我必须进一步澄清,我的系统不是一个只需要简单的“一次性身份验证”即可进行博客发布的系统
我希望将 OpenID 实现为一组合作伙伴网站的提供商。问题是这个网站是为 child (13 岁以下)准备的,所以我有一些业务限制需要处理 - 主要是帐户不能用于任何非合作伙伴网站(我们与每个获得批
WordPress 的 OpenID 插件似乎不接受任何 Google OpenID 提供商链接: http://google.com/profiles/username 或 https://goog
我在看 DotNetOpenAuth samples并且有两个 OpenID 提供程序示例;和 OpenID 提供程序和一个 OpenID Web Ring SSO 提供程序。 有谁知道两者之间的区别
存在一个行为不当的 OpenID Connect“兼容”iDP(它现在应该保持无名)——它在使用范围 openid 和任何包含 id_token 的 response_type 时抛出错误。这肯定是一
有没有人知道或有任何我可以用来构建使用 OpenID 的站点的文档?例如,当用户访问我的网站时,我接受一个 OpenID,然后我会将他们重定向到 OpenID 提供商,然后当他们通过身份验证时,他们将
现在我使用 3rd 方网站作为我的 openid 提供者(myvidoop 和 myopenid)。我正在考虑让我的网站充当我的提供者。我认为肯定会有一些脚本可以安装并轻松实现。我已经尝试过 janr
我有用户帐户的本地表 用户 ID(nvarchar)、密码、电子邮件、姓氏角色等。 现在每个子表中都使用了 UserID。我想在我的站点中启用 OPENID 注册,稍后将集成本地用户注册功能。我应该将
我遇到了 google openid 标识符的问题。 我在简单的 asp.net mvc 项目中使用 dotnetopenauth 库(dotnetopenid 的继承者)。 在本地主机上的测试期间,
我对 OpenId 很陌生,并且在身份验证完成后理解如何使用 OpenId 时遇到了一些问题。 我正在创建一个新站点,并且在使 openId 身份验证正常工作方面没有问题。但是我不确定一旦用户登录,我
我是一名优秀的程序员,十分优秀!