{
"swagger":"2.0",
"info":{
"version":"2025.05.01",
"title":"REST API for OAuth in Oracle Access Manager",
"description":"The Oracle Access Manager OAuth REST APIs are broadly classified into Admin APIs and Runtime APIs. Admin APIs help in creating the required artifacts on the server. Runtime APIs use the created artifacts to create and validate OAuth Access Tokens.",
"x-summary":"The Oracle Access Manager OAuth REST APIs are broadly classified into Admin APIs and Runtime APIs."
},
"consumes":[
"application/json",
"application/x-www-form-urlencoded"
],
"produces":[
"application/json",
"application/json,image/png"
],
"tags":[
{
"name":"Admin/Application",
"description":"An Application is the Resource Server that hosts the protected resources. The REST endpoint is used to Create, Read, Update and Delete an Application."
},
{
"name":"Admin/Client",
"description":"A Client is an application making protected resource requests on behalf of the resource owner and with the resource owner's authorization. The REST endpoint is used to Create, Read, Update and Delete a Client."
},
{
"name":"Admin/Client Artifact",
"description":"The REST endpoint is used to import and delete a Client Certificate."
},
{
"name":"Admin/Client Trust Certificates",
"description":"The operations from the Admin/Client Trust Certificates category."
},
{
"name":"Admin/Consent Management",
"description":"The REST Endpoint enables an Administrator to manage consents on User behalf. The Administrator can either view or delete user consents."
},
{
"name":"Admin/Identity Domain",
"description":"An Identity Domain corresponds to the notion of a tenant. All clients and resource servers are created under an Identity Domain. The REST endpoint is used to Create, Read, Update and Delete and Identity Domain."
},
{
"name":"Admin/KeyPair Admin",
"description":"The REST endpoint is used to create, read and delete a KeyPair Artifact that can be used to sign tokens."
},
{
"name":"Admin/Revoke Tokens",
"description":"This Rest endpoint enables Administrators to revoke all OAuth Tokens for a particular User or all tokens for a User and Client+ResourceServer combination. Admin can also revoke all tokens issued before a specific timestamp."
},
{
"name":"Admin/Template",
"description":"Admin Template related REST API Support"
},
{
"name":"Admin/Trust Artifact",
"description":"The REST endpoint is used to import and delete a certificate from the trust store under an Identity Domain."
},
{
"name":"Admin/mTLS Endpoint Configuration",
"description":"The operations from the Admin/mTLS Endpoint Configuration category."
},
{
"name":"Runtime/Consent Management",
"description":"The REST Endpoint enables an End User to manage OAuth consents. End User can either view or delete their consents. The REST Endpoint on Runtime Server are protected with OAM SSO. Thus once the user has successfully Signed In, then only the REST API will be accessible."
},
{
"name":"Runtime/Create Token",
"description":"The REST end point is used to create an Access Token.The same end point is used for ClientCredentials Flow, Resource Owner Password Credential Flow, JWT Bearer Flow and Authorization Code Flow."
},
{
"name":"Runtime/Dynamic Client Registration",
"description":"REST endpoints for Dyanamic Client Registration/Management"
},
{
"name":"Runtime/Introspect Token",
"description":"The REST endpoint used introspect Oauth tokens."
},
{
"name":"Runtime/Revoke Token",
"description":"This REST end point can be used to revoke an access or a refresh token generated via three legged OAuth flow (Authorization Code Flow). It can also revoke the associated consent or grant by giving additional optional parameters."
},
{
"name":"Runtime/Security",
"description":"The REST endpoint used to fetch public certificate of a given Identity domain."
},
{
"name":"Runtime/UserInfo",
"description":"The REST end point to retrieve User Details for OIDC flows."
},
{
"name":"Runtime/Validate Token",
"description":"The REST end point is used to validate an Access Token."
}
],
"paths":{
"/oam/services/rest/ssa/api/v1/hostalias/mtls":{
"post":{
"tags":[
"Admin/mTLS Endpoint Configuration"
],
"summary":"Create mTLS end point alias",
"operationId":"createMTLSEndpointAlias",
"description":"",
"consumes":[
"application/json"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"mTLSEndpoint",
"in":"body",
"description":"mTLS end point alias configuration",
"required":true,
"schema":{
"$ref":"#/definitions/mTLSEndpoint"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - mTLS Configuration, detail -",
"schema":{
"$ref":"#/definitions/mTLSEndpointResponse"
}
},
"422":{
"description":"Failed to create mTLS end point."
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-post"
},
"put":{
"tags":[
"Admin/mTLS Endpoint Configuration"
],
"summary":"Update mTLS end point alias",
"description":"",
"operationId":"updateMTLSEndpointAlias",
"consumes":[
"application/json"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"MTLSEndPoint",
"in":"body",
"description":"MTLS end point alias configuration",
"required":true,
"schema":{
"$ref":"#/definitions/mTLSEndpoint"
}
}
],
"responses":{
"200":{
"description":"Sucessfully modified entity - mTLS Configuration, detail -",
"schema":{
"$ref":"#/definitions/mTLSEndpointResponse"
}
},
"422":{
"description":"Failed to create entity - mTLS Configuration. Invalid Input."
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-put",
"x-filename-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-put"
},
"delete":{
"tags":[
"Admin/mTLS Endpoint Configuration"
],
"summary":"delete mTLS end point alias",
"description":"Delete mTLS end point alias.",
"operationId":"deleteMTLSEndpointAlias",
"produces":[
"application/json"
],
"responses":{
"200":{
"description":"Sucessfully deleted entity - mTLS Configuration, detail",
"schema":{
"$ref":"#/definitions/mTLSEndpointResponse"
}
},
"404":{
"description":"Sucessfully deleted entity - mTLS Configuration, detail",
"schema":{
"$ref":"#/definitions/mTLSEndpointResponse"
}
},
"422":{
"description":"Failed to deleted entity - mTLS Configuration. Invalid input."
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-delete"
},
"get":{
"tags":[
"Admin/mTLS Endpoint Configuration"
],
"summary":"Read mTLS end point alias",
"description":"Read the mTLS configuration",
"operationId":"readMTLSEndpointAlias",
"produces":[
"application/json"
],
"responses":{
"200":{
"description":"Sucessfully retrieved entity - mTLSConfiguration, detail -",
"schema":{
"$ref":"#/definitions/mTLSEndpointResponse"
}
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-get",
"x-filename-id":"oam-services-rest-ssa-api-v1-hostalias-mtls-get"
}
},
"/oauth2/rest/security":{
"get":{
"tags":[
"Runtime/Security"
],
"summary":"Fetch the public certificate of a given Identity Domain",
"parameters":[
{
"name":"identityDomainName",
"in":"query",
"required":true,
"type":"string",
"description":"Name of the domain whoese artifacts have to be retrieved."
},
{
"name":"identityDomain",
"in":"query",
"required":false,
"type":"string",
"description":"Alternate Name for the 'identityDomainName'."
}
],
"responses":{
"200":{
"description":"Public Certificate of the given domain.",
"schema":{
"$ref":"#/definitions/SecurityDetails"
},
"examples":{
"application/json":{
"keys":[
{
"kty":"RSA",
"x5t#S256":"string",
"e":"string",
"x5t":"####3",
"kid":"SampleDomain",
"x5c":[
"Value1",
"Value2"
],
"key_ops":[
"sign"
],
"alg":"RS256",
"n":"#####"
}
]
}
}
},
"400":{
"description":"Bad Request",
"schema":{
"$ref":"#/definitions/ErrorCode"
}
}
},
"x-internal-id":"oauth2-rest-security-get",
"x-filename-id":"oauth2-rest-security-get"
}
},
"/oam/services/rest/ssa/api/v1/oauthpolicyadmin/clientartifacts":{
"post":{
"tags":[
"Admin/Client Artifact"
],
"summary":"Add a client certificate under a Client",
"description":"",
"consumes":[
"application/json",
"application/xml"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"ClientArtifactBody",
"in":"body",
"description":"Public Certificate that needs to be imported under a Client",
"required":true,
"schema":{
"$ref":"#/definitions/ClientArtifact"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - OAuthClientTrustArtifact, detail",
"schema":{
"$ref":"#/definitions/ClientResponse"
}
},
"422":{
"description":"Failed to modify OAuth entity \"Client\" - name \"NameofClient\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-clientartifacts-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-clientartifacts-post"
},
"delete":{
"tags":[
"Admin/Client Artifact"
],
"summary":"Delete the certificate under a Client",
"operationId":"deleteClientArtifact",
"produces":[
"application/json"
],
"parameters":[
{
"name":"identityDomainName",
"in":"query",
"description":"Name of the Identity Domain under which the Trust Artifact exists",
"required":true,
"type":"string"
},
{
"name":"clientName",
"in":"query",
"description":"Name of the client under which the certificate exists",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully deleted entity - \"OAuthClientTrustArtifact\", detail",
"schema":{
"$ref":"#/definitions/ClientResponse"
}
},
"422":{
"description":"Failed to modify OAuth entity \"Client\" - name \"NameofClient\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-clientartifacts-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-clientartifacts-delete"
}
},
"/oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate":{
"post":{
"tags":[
"Admin/Client Trust Certificates"
],
"summary":"Add a new trust certificate for client authentication",
"description":"",
"consumes":[
"application/json"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"clientTrustCertificate",
"in":"body",
"description":"Trust certificate needed for client authentication",
"required":true,
"schema":{
"$ref":"#/definitions/ClientTrustCertificateRequest"
}
}
],
"responses":{
"200":{
"description":"Success",
"schema":{
"$ref":"#/definitions/ClientTrustCertificateResponse"
}
},
"422":{
"description":"Failed to create the certificate entry. Invalid input/Certificate store operation failed."
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-security-trust-oauthClient-certificate-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-security-trust-oauthclient-certificate-post"
},
"put":{
"tags":[
"Admin/Client Trust Certificates"
],
"summary":"Update a trust certificate for client authentication",
"description":"",
"consumes":[
"application/json"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"clientTrustCertificate",
"in":"body",
"description":"Trust certificate needed for client authentication",
"required":true,
"schema":{
"$ref":"#/definitions/ClientTrustCertificateRequest"
}
}
],
"responses":{
"200":{
"description":"Success",
"schema":{
"$ref":"#/definitions/ClientTrustCertificateResponse"
}
},
"422":{
"description":"Failed to create the certificate entry. Invalid input/Certificate store operation failed."
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-security-trust-oauthClient-certificate-put",
"x-filename-id":"oam-services-rest-ssa-api-v1-security-trust-oauthclient-certificate-put"
},
"delete":{
"tags":[
"Admin/Client Trust Certificates"
],
"summary":"Delete an oauth client trust certificate",
"description":"based on the ID.",
"operationId":"deleteOauthClientTrustCertificate",
"produces":[
"application/json"
],
"parameters":[
{
"name":"certID",
"in":"query",
"description":"ID of the certificate",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Success",
"schema":{
"$ref":"#/definitions/ClientTrustCertificateResponse"
}
},
"404":{
"description":"Certificate entry not found."
},
"422":{
"description":"Failed to delete the certificate. Invalid input."
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-security-trust-oauthClient-certificate-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-security-trust-oauthclient-certificate-delete"
},
"get":{
"tags":[
"Admin/Client Trust Certificates"
],
"summary":"Retrieve an oauth client trust certificate",
"description":"Read an oauth client trust certificate based on the ID.If ID is missing read all oAuth client trust certificates",
"operationId":"readOauthClientTrustCertificate",
"produces":[
"application/json"
],
"parameters":[
{
"name":"certID",
"in":"query",
"description":"ID of the certificate",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Success",
"schema":{
"$ref":"#/definitions/ClientTrustCertificate"
}
},
"404":{
"description":"Certificate entry not found."
},
"422":{
"description":"Failed to delete the certificate. Invalid input."
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-security-trust-oauthClient-certificate-get",
"x-filename-id":"oam-services-rest-ssa-api-v1-security-trust-oauthclient-certificate-get"
}
},
"/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client":{
"post":{
"tags":[
"Admin/Client"
],
"summary":"Add a new OAuth Client",
"description":"",
"consumes":[
"application/json"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"ClientBody",
"in":"body",
"description":"OAuth Client that needs to be created",
"required":true,
"schema":{
"$ref":"#/definitions/Client"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - OAuthClient, detail",
"schema":{
"$ref":"#/definitions/Client"
}
},
"422":{
"description":"Failed to create OAuth entity \"Client\" - name \"NameofClient\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-post"
},
"put":{
"tags":[
"Admin/Client"
],
"summary":"Update an existing OAuth Client based on the name of the client.",
"consumes":[
"application/json",
"application/xml"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"query",
"description":"Name of the Client",
"required":true,
"type":"string"
},
{
"name":"ClientBody",
"in":"body",
"description":"Client that needs to be modified",
"required":true,
"schema":{
"$ref":"#/definitions/Client"
}
}
],
"responses":{
"200":{
"description":"Sucessfully modified entity - OAuthClient, detail",
"schema":{
"$ref":"#/definitions/Client"
}
},
"422":{
"description":"Failed to update OAuth entity \"Client\" - name \"NameofClient\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-put",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-put"
},
"get":{
"tags":[
"Admin/Client"
],
"summary":"Find OAuth Client by name or ID",
"description":"Returns an OAuth Client. The search can be done either with the name or the ID of the Client. Only one of the query parameters needs to be specified.",
"operationId":"getClientByNameorID",
"produces":[
"application/json"
],
"parameters":[
{
"name":"identityDomainName",
"in":"query",
"description":"Name of the Identity Domain under which the Client exits",
"required":true,
"type":"string"
},
{
"name":"name",
"in":"query",
"description":"Name of the Client",
"required":true,
"type":"string"
},
{
"name":"id",
"in":"query",
"description":"ClientID of the client",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully retrieved entity - OAuthClient, detail",
"schema":{
"$ref":"#/definitions/Client"
}
},
"422":{
"description":"Failed to retrive OAuth entity \"Client\" - name \"NameofClient\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-get",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-get"
},
"delete":{
"tags":[
"Admin/Client"
],
"summary":"Delete a Client by name or Client Id",
"description":"Deletes a Client, either based on the name or the Client ID. Only one query parameter needs to be specified.",
"operationId":"deleteClient",
"produces":[
"application/json"
],
"parameters":[
{
"name":"identityDomainName",
"in":"query",
"description":"Name of the Identity Domain under which the Client exists",
"required":true,
"type":"string"
},
{
"name":"name",
"in":"query",
"description":"Name of the Client",
"required":true,
"type":"string"
},
{
"name":"id",
"in":"query",
"description":"Client ID of the Client",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully deleted entity - \"OAuthClient\", detail - \"NameOfClient\""
},
"422":{
"description":"Failed to delete OAuth entity \"Client\" - name \"NameofClient\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-client-delete"
}
},
"/oauth2/rest/token/revoke":{
"post":{
"tags":[
"Runtime/Revoke Token"
],
"summary":"Revokes given access/refresh token.",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"required":true,
"type":"string",
"description":"Identity Domain under which the token revoke is being requested."
},
{
"name":"authorization",
"in":"header",
"required":true,
"type":"string",
"description":"Base64 encoded header of clientID:clientSecret."
},
{
"name":"token",
"in":"formData",
"type":"string",
"required":true,
"description":"The token that the client wants to get revoked."
},
{
"name":"token_type",
"in":"formData",
"required":false,
"type":"string",
"description":"The type of the token submitted for revocation.",
"enum":[
"REFRESH_TOKEN",
"ACCESS_TOKEN",
"NONE"
],
"default":"NONE"
},
{
"name":"chaining_level",
"in":"formData",
"required":false,
"type":"string",
"description":"This decides the level of revocation required. It can have following possible values\n\n
NONE --> Just revokes the given token.\n
RELATED_CONSENT --> Revokes the token along with the associated consent.\n
RELATED_TOKENS --> Revokes the token along with the associated refresh/access Token.\n
NOTE :\n
for an ACCESS_TOKEN the associated token refers to its parent refresh token.\n
for a REFRESH_TOKEN the associated token refres to all access tokens created using this refresh token.",
"enum":[
"RELATED_CONSENT",
"RELATED_TOKENS",
"NONE"
],
"default":"NONE"
},
{
"name":"identityDomain",
"in":"query",
"required":false,
"type":"string",
"description":"Alternative name for Identity Domain under which the token revoke is being requested. Header parameter 'x-oauth-identity-domain-name' is not required if this is provided but header will take precedence of this one."
}
],
"responses":{
"200":{
"description":"Revocation successful",
"schema":{
"$ref":"#/definitions/ResponseObj"
}
},
"400":{
"description":"Bad Request",
"schema":{
"$ref":"#/definitions/ErrorCode"
}
}
},
"x-internal-id":"oauth2-rest-token-revoke-post",
"x-filename-id":"oauth2-rest-token-revoke-post"
}
},
"/oam/services/rest/ssa/api/v1/keypairadmin/keypair":{
"post":{
"tags":[
"Admin/KeyPair Admin"
],
"summary":"Add a new KeyPair",
"description":"A KeyPair can be uploaded in 2 ways: By specifying the public and private KeyPairs as a message body or by uploading a p12 file (binary) that contain the public and private key info",
"consumes":[
"application/json",
"application/x-pkcs12"
],
"produces":[
"application/json",
"text/plain"
],
"parameters":[
{
"name":"password",
"in":"query",
"description":"Password of the p12 file. Required in case of uploading the KeyPair as a p12 file.",
"required":true,
"type":"string"
},
{
"name":"aliasName",
"in":"query",
"description":"Alias Name of the KeyPair being uploaded as a p12 file. Required in case of uploading the KeyPair as a p12 file.",
"required":true,
"type":"string"
},
{
"name":"forceUpload",
"in":"query",
"description":"It is not recommended to use a certificate that is expired or that is bound to expire within 10 days. However, setting this value to 'Y' will bypass this check and forcefully upload the KeyPair.",
"required":false,
"type":"string"
},
{
"name":"KeyPairBody",
"in":"body",
"description":"The aliasName, public key and private key of the KeyPair provided as a list. Required when the KeyPair is uploaded by specifying the aliasName, public key and private key as message body.",
"required":true,
"schema":{
"$ref":"#/definitions/KeyPairArtifact"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - KeyPair, detail - [NameOfKeyPair1 successfully created, NameOfKeyPair2 successfully created]"
},
"400":{
"description":"NameOfKeyPair1 creation failed. A public key that corresponds to NameOfKeyPair1 already exists, NameOfKeyPair2 creation failed. A public key that corresponds to NameOfKeyPair2 already exists"
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-keypairadmin-keypair-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-keypairadmin-keypair-post"
},
"get":{
"tags":[
"Admin/KeyPair Admin"
],
"summary":"Get a KeyPair or list of KeyPairs",
"description":"Returns a KeyPair by aliasName or KeyPairs by days to expire or all the KeyPair",
"produces":[
"text/plain",
"application/json"
],
"parameters":[
{
"name":"aliasName",
"in":"query",
"description":"Alias Name of the KeyPair to be retrieved.",
"required":false,
"type":"string"
},
{
"name":"expiryDays",
"in":"query",
"description":"Retrieves a KeyPair or list of KeyPairs that will expire within the given number of days.",
"required":false,
"type":"string"
}
],
"responses":{
"200":{
"description":"",
"schema":{
"$ref":"#/definitions/KeyPair"
}
},
"400":{
"description":"Retrieval failed for NameOfKeyPair. Exception encountered during KeyPair fetch NameOfKeyPair Exception: NameOfKeyPair not found"
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-keypairadmin-keypair-get",
"x-filename-id":"oam-services-rest-ssa-api-v1-keypairadmin-keypair-get"
},
"delete":{
"tags":[
"Admin/KeyPair Admin"
],
"summary":"Delete a KeyPair based on the Alias Name",
"description":"A KeyPair that is currently being made use by an Oauth Identity Domain can never be deleted and a KeyPair under rollover duration cannot be deleted.",
"produces":[
"text/plain"
],
"parameters":[
{
"name":"aliasName",
"in":"query",
"description":"Alias Name of the KeyPair to be deleted.",
"required":true,
"type":"string"
},
{
"name":"forceDelete",
"in":"query",
"description":"Setting this value to 'Y' will forcefully delete a KeyPair that is under rollover duration.",
"required":false,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully deleted entity - KeyPair, detail - Successfully deleted NameOfKeyPair"
},
"400":{
"description":"Delete failed for KeyPair NameOfKeyPair. NameOfKeyPair not found"
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-keypairadmin-keypair-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-keypairadmin-keypair-delete"
}
},
"/oam/services/rest/consent/revoke":{
"post":{
"tags":[
"Admin/Revoke Tokens"
],
"summary":"Revoke tokens for a user",
"description":"The REST API enables Administrator to invalidate Access or Refresh Tokens issued for a user or a user+client+resource server combination via Authorization code flow (three legged OAuth flow). The API returns all the updated consents for the provided combination. Tokens can also be revoked by giving a specific timestamp.",
"operationId":"revokeTokens",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"authorization",
"in":"header",
"required":true,
"type":"string",
"description":"Base64 encoded header of Administrator:Secret. This is an authentication mechanism for weblogic Administrator to access resource."
},
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"description":"OAuth Identity Domain name under which token revoke is being requested.",
"required":true,
"type":"string"
},
{
"name":"userId",
"in":"formData",
"description":"User name/identifier. Name of the user whos grant/consent was used to create tokens.",
"required":true,
"type":"string"
},
{
"name":"clientIdentifier",
"in":"formData",
"description":"OAuth Client ID/Identifier. If provided, you must specify the resServerId to uniquely identify the client.",
"required":false,
"type":"string"
},
{
"name":"resServerId",
"in":"formData",
"description":"OAuth Application ID/Identifier. Required to uniquiely identify client entity, resServerId is mandatory if clientIdentifier is provided.",
"required":false,
"type":"string"
},
{
"name":"revoke_type",
"in":"formData",
"description":"entity to be revoked. Possible values are - ACCESS_TOKENS, REFRESH_TOKENS, TOKENS",
"default":"TOKENS",
"required":false,
"type":"string"
},
{
"name":"timestamp",
"in":"formData",
"description":"all tokens issued before this timestamp will be invalidated. timestamp needs to be in the following format yyyy-MM-dd'T'HH:mm:ssZ format. 'Z' is Time offsets from UTC.\n
For example \n
Feb 20 09:45:51 UTC 2021 --> 2021-02-20T09:45:51Z\n
Mar 04 00:39:12 PST 2021 --> 2021-03-04T00:39:12-0800",
"required":false,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully updated user consent with revoke details",
"schema":{
"$ref":"#/definitions/consentsAfterRevoke"
}
},
"400":{
"description":"Failed to retrieve user consent - detail",
"schema":{
"type":"object",
"properties":{
"error":{
"type":"string",
"description":"Error code"
},
"error_description":{
"type":"string",
"description":"Error description"
}
},
"example":{
"error":"400",
"error_description":"Required parameter 'X-OAUTH-IDENTITY-DOMAIN-NAME' is not present."
}
}
}
},
"x-internal-id":"oam-services-rest-consent-revoke-post",
"x-filename-id":"oam-services-rest-consent-revoke-post"
}
},
"/oauth2/rest/token":{
"post":{
"tags":[
"Runtime/Create Token"
],
"summary":"Create Access Token Flow",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"grant_type",
"in":"formData",
"required":true,
"type":"string",
"description":"Grant Type for the Access Token Request",
"enum":[
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"PASSWORD",
"JWT_BEARER",
"REFRESH_TOKEN"
]
},
{
"name":"scope",
"in":"formData",
"type":"string",
"description":"Scope requested in the Access Token. In case of REFRESH_TOKEN flows, defaulted to the values in the RefreshToken if not specified. In case JWT_BEARER flow access token requests UserInfo related scopes, supported scopes are UserInfo.me, UserInfo.email, UserInfo.profile, UserInfo.address or UserInfo.phone.",
"default":"DefaultScope defined for Client"
},
{
"name":"username",
"in":"formData",
"type":"string",
"description":"Username of resource owner. Mandatory parameter in case GrantType is PASSWORD."
},
{
"name":"password",
"in":"formData",
"type":"string",
"description":"Password of resource owner.Mandatory parameter in case GrantType is PASSWORD."
},
{
"name":"code",
"in":"formData",
"type":"string",
"description":"Authorization Code obtained.Mandatory parameter in case GrantType is AUTHORIZATION_CODE."
},
{
"name":"redirect_uri",
"in":"formData",
"type":"string",
"description":"Redirect URI.Mandatory parameter in case GrantType is AUTHORIZATION_CODE."
},
{
"name":"assertion",
"in":"formData",
"type":"string",
"description":"User Assertion token.Mandatory parameter in case GrantType is JWT_BEARER."
},
{
"name":"refresh_token",
"in":"formData",
"type":"string",
"description":"Refresh Token played to generate the new Access Token.Mandatory parameter in case GrantType is REFRESH_TOKEN."
},
{
"name":"client_assertion_type",
"in":"formData",
"type":"string",
"description":"Type of client assertion. This is mandatory if the Client Authentication mechanism is via the ClientAssertionToken. If this is passed, then the authorization header is not required.",
"enum":[
"JWT_BEARER",
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
]
},
{
"name":"client_assertion",
"in":"formData",
"type":"string",
"description":"Client Assertion token. This is mandatory if the Client Authentication mechanism is via the ClientAssertionToken. If this is passed, then the authorization header is not required."
},
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"required":true,
"type":"string",
"description":"Identity Domain under which the token is being requested."
},
{
"name":"authorization",
"in":"header",
"required":true,
"type":"string",
"description":"Base64 encoded header of clientID:secret. This is an authentication mechanism for the Confidential Clients. Client Authentication can be specified through this header or ClientAssertionTokens. Either one of these mechanisms should be used."
},
{
"name":"identityDomain",
"in":"query",
"required":false,
"type":"string",
"description":"Identity Domain under which the token is being requested. This is an optional parameter if 'x-oauth-identity-domain-name' header parameter is provided."
}
],
"responses":{
"200":{
"description":"Access Token was generated successfully",
"schema":{
"$ref":"#/definitions/AccessToken"
}
},
"400":{
"description":"Bad Request",
"schema":{
"$ref":"#/definitions/ErrorCode"
}
}
},
"x-internal-id":"oauth2-rest-token-post",
"x-filename-id":"oauth2-rest-token-post"
}
},
"/oauth2/rest/token/info":{
"get":{
"tags":[
"Runtime/Validate Token"
],
"summary":"Validate Access Token Flow",
"parameters":[
{
"name":"access_token",
"in":"query",
"required":true,
"type":"string",
"description":"Access Token to be validated"
},
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"required":true,
"type":"string"
},
{
"name":"identityDomain",
"in":"query",
"required":false,
"type":"string",
"description":"Alternate query parameter name for 'x-oauth-identity-domain-name' header parameter. This can be used if header parameter can not be passed in some scenarios."
}
],
"responses":{
"200":{
"description":"Access Token Details",
"schema":{
"$ref":"#/definitions/AccessTokenDetails"
}
},
"400":{
"description":"Bad Request",
"schema":{
"$ref":"#/definitions/ErrorCode"
}
}
},
"x-internal-id":"oauth2-rest-token-info-get",
"x-filename-id":"oauth2-rest-token-info-get"
}
},
"/oam/services/rest/ssa/api/v1/oauthpolicyadmin/trustartifacts":{
"post":{
"tags":[
"Admin/Trust Artifact"
],
"summary":"Add a new trust artifact under an Identity Domain",
"description":"",
"consumes":[
"application/json",
"application/xml"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"TrustArtifactBody",
"in":"body",
"description":"Trust Artifacts that needs to be created under an Identity Domain",
"required":true,
"schema":{
"$ref":"#/definitions/IDDomainTrustArtifact"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - OAuthIdentityDomainTrustArtifact, detail",
"schema":{
"$ref":"#/definitions/IdentityDomainResponse"
}
},
"422":{
"description":"Failed to modify OAuth entity \"IdentityDomain\" - name \"NameofIdentityDomain\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-trustartifacts-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-trustartifacts-post"
},
"delete":{
"tags":[
"Admin/Trust Artifact"
],
"summary":"Delete a Trust Artifact under an IdentityDomain based on the Artifact Identifier",
"operationId":"deleteTrustArtifact",
"produces":[
"application/json"
],
"parameters":[
{
"name":"identityDomainName",
"in":"query",
"description":"Name of the Identity Domain under which the Trust Artifact exists",
"required":true,
"type":"string"
},
{
"name":"artifactIdentfier",
"in":"query",
"description":"ArtifactIdentifier",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully deleted entity - \"OAuthIdentityDomainTrustArtifact\", detail",
"schema":{
"$ref":"#/definitions/IdentityDomainResponse"
}
},
"422":{
"description":"Failed to modify OAuth entity \"IdentityDomain\" - name \"NameofIdentityDomain\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-trustartifacts-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-trustartifacts-delete"
}
},
"/oauth2/rest/token/introspect":{
"post":{
"tags":[
"Runtime/Introspect Token"
],
"summary":"Introspect OAuth tokens",
"description":"",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"X-OAUTH-IDENTITY-DOMAIN-NAME",
"in":"header",
"type":"string",
"description":"Identity Domain Name.",
"required":true
},
{
"name":"token",
"in":"formData",
"type":"string",
"description":"Token to be introspected",
"required":true
},
{
"name":"identityDomain",
"in":"query",
"type":"string",
"description":"This is an alternate to 'X-OAUTH-IDENTITY-DOMAIN-NAME' header parameter. If this is provided 'X-OAUTH-IDENTITY-DOMAIN-NAME' is not required. 'X-OAUTH-IDENTITY-DOMAIN-NAME' will take precedance over 'identityDomain' query parameter.",
"required":true
}
],
"responses":{
"200":{
"description":"sucess",
"schema":{
"$ref":"#/definitions/TokenIntrospectionResponse"
}
},
"404":{
"description":"Not Found"
},
"422":{
"description":"failed to validate token"
}
},
"x-internal-id":"oauth2-rest-token-introspect-post",
"x-filename-id":"oauth2-rest-token-introspect-post"
}
},
"/oauth2/rest/dcr/token":{
"get":{
"description":"Token can be acquired in either JSON response format or QR Code depending on the",
"produces":[
"application/json"
],
"parameters":[
{
"in":"query",
"description":"Domain name under which you want to register the client",
"name":"domain",
"type":"string",
"required":true
},
{
"in":"query",
"name":"identityDomain",
"type":"string",
"required":false,
"description":"This is an alternate to 'domain' query parameter. If this is provided domain is not required."
},
{
"in":"query",
"description":"Template id of OAuth client template registered by Admin for auto configration generation of actual client",
"name":"template_id",
"type":"string",
"required":true
},
{
"name":"output_type",
"in":"query",
"description":"Output format of access token which will be generated, two formats are supported currently, 'image/png' and 'application/json'. Default is application/json",
"type":"string",
"required":false
}
],
"responses":{
"200":{
"description":"Initial access token",
"schema":{
"$ref":"#/definitions/accesstoken"
}
},
"403":{
"description":"If either OAuth Service is not enabled or DCR is not enabled for current domain",
"schema":{
"$ref":"#/definitions/errorresponse"
}
},
"404":{
"description":"Error",
"schema":{
"$ref":"#/definitions/errorresponse"
}
},
"500":{
"description":"Internal Server Error",
"schema":{
"$ref":"#/definitions/errorresponse"
}
}
},
"tags":[
"Runtime/Dynamic Client Registration"
],
"summary":"Get the Initial access token which can be used for registration of OAuth client using DCR flow",
"x-internal-id":"oauth2-rest-dcr-token-get",
"x-filename-id":"oauth2-rest-dcr-token-get"
}
},
"/oauth2/rest/dcr/client":{
"post":{
"produces":[
"application/json"
],
"parameters":[
{
"in":"header",
"description":"Domain name with which you want to register the client, It MUST be same as domain for which token is acquired",
"name":"X-OAUTH-IDENTITY-DOMAIN-NAME",
"type":"string",
"required":true
},
{
"in":"header",
"description":"Initial access token",
"name":"Autherization",
"type":"string",
"required":true
},
{
"in":"query",
"name":"identityDomain",
"type":"string",
"required":false,
"description":"This is an alternate to 'X-OAUTH-IDENTITY-DOMAIN-NAME' header parameter. If this is provided 'X-OAUTH-IDENTITY-DOMAIN-NAME' is not required. 'X-OAUTH-IDENTITY-DOMAIN-NAME' will take precedance over 'identityDomain' query parameter."
}
],
"responses":{
"200":{
"description":"Initial access token",
"schema":{
"$ref":"#/definitions/clientinfo"
}
},
"403":{
"description":"If either OAuth Service is not enabled or DCR is not enabled for current domain",
"schema":{
"$ref":"#/definitions/errorresponse"
}
},
"404":{
"description":"Error",
"schema":{
"$ref":"#/definitions/errorresponse"
}
},
"500":{
"description":"One of scenario in which you will get this error is when you use the same initian access token multiple times",
"schema":{
"$ref":"#/definitions/errorresponse"
}
}
},
"tags":[
"Runtime/Dynamic Client Registration"
],
"summary":"Register the client using registration token acquired for given domain",
"x-internal-id":"oauth2-rest-dcr-client-post",
"x-filename-id":"oauth2-rest-dcr-client-post"
},
"get":{
"produces":[
"application/json"
],
"parameters":[
{
"in":"header",
"description":"Domain name with which you want to register the client",
"name":"X-OAUTH-IDENTITY-DOMAIN-NAME",
"type":"string",
"required":true
},
{
"in":"header",
"description":"access token aquired using the authz code flow",
"name":"access_token",
"type":"string",
"required":true
},
{
"in":"query",
"name":"identityDomain",
"type":"string",
"required":false,
"description":"This is an alternate to 'X-OAUTH-IDENTITY-DOMAIN-NAME' header parameter. If this is provided 'X-OAUTH-IDENTITY-DOMAIN-NAME' is not required. 'X-OAUTH-IDENTITY-DOMAIN-NAME' will take precedance over 'identityDomain' query parameter."
}
],
"responses":{
"200":{
"description":"Initial access token"
},
"403":{
"description":"If either OAuth Service is not enabled or DCR is not enabled for current domain",
"schema":{
"$ref":"#/definitions/errorresponse"
}
},
"404":{
"description":"Error",
"schema":{
"$ref":"#/definitions/errorresponse"
}
},
"500":{
"description":"Internal Server Error",
"schema":{
"$ref":"#/definitions/errorresponse"
}
}
},
"tags":[
"Runtime/Dynamic Client Registration"
],
"summary":"Client can retrieve it's details using access token acquired through authorization flow",
"x-internal-id":"oauth2-rest-dcr-client-get",
"x-filename-id":"oauth2-rest-dcr-client-get"
}
},
"/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain":{
"post":{
"tags":[
"Admin/Identity Domain"
],
"summary":"Add a new OAuth Identity Domain",
"description":"",
"consumes":[
"application/json",
"application/xml"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"IdentityDomainBody",
"in":"body",
"description":"Identity Domain that needs to be created",
"required":true,
"schema":{
"$ref":"#/definitions/IdentityDomain"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - OAuthIdentityDomain, detail",
"schema":{
"$ref":"#/definitions/IdentityDomain"
}
},
"422":{
"description":"Failed to create OAuth entity \"IdentityDomain\" - name \"NameofIdentityDomain\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-post"
},
"put":{
"tags":[
"Admin/Identity Domain"
],
"summary":"Update an existing OAuth Identity Domain",
"description":"",
"consumes":[
"application/json",
"application/xml"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"query",
"description":"Name of the Identity Domain",
"required":true,
"type":"string"
},
{
"name":"IdentityDomainBody",
"in":"body",
"description":"Identity Domain that needs to be modified",
"required":true,
"schema":{
"$ref":"#/definitions/IdentityDomain"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - OAuthIdentityDomain, detail",
"schema":{
"$ref":"#/definitions/IdentityDomain"
}
},
"422":{
"description":"Failed to update OAuth entity \"IdentityDomain\" - name \"NameofIdentityDomain\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-put",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-put"
},
"get":{
"tags":[
"Admin/Identity Domain"
],
"summary":"Find OAuth Identity Domain by name or ID",
"description":"Returns an Identity Domain. The search can be done either with the name or the ID of the Identity Domain. Only one of the query parameters needs to be specified.",
"operationId":"getDomainByNameorID",
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"query",
"description":"Name of the Identity Domain.",
"required":true,
"type":"string"
},
{
"name":"id",
"in":"query",
"description":"Unique ID of the Identity Domain",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully retrieved entity - OAuthIdentityDomain, detail",
"schema":{
"$ref":"#/definitions/IdentityDomain"
}
},
"422":{
"description":"Failed to retrive OAuth entity \"IdentityDomain\" - name \"NameofIdentityDomain\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-get",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-get"
},
"delete":{
"tags":[
"Admin/Identity Domain"
],
"summary":"Delete an Identity Domain by name or ID",
"description":"Deletes an Identity Domain, either based on the name or the ID. Only one query parameter needs to be specified.",
"operationId":"deleteDomain",
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"query",
"description":"Name of the Identity Domain.",
"required":true,
"type":"string"
},
{
"name":"id",
"in":"query",
"description":"Unique ID of the Identity Domain",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully deleted entity - \"OAuthIdentityDomain\", detail - \"NameofIdentityDomain\""
},
"422":{
"description":"Failed to delete OAuth entity \"IdentityDomain\" - name \"NameofIdentityDomain\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-delete"
}
},
"/oam/services/rest/consent":{
"get":{
"tags":[
"Admin/Consent Management"
],
"summary":"Find User Consent's",
"description":"The REST API enables Administrator to fetch consents related to a User. The API return's all the consents for a given User or specific consents for a given User, OAuth Client and OAuth Application combination.",
"operationId":"getConsents",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"userId",
"in":"query",
"description":"User name/identifier who's consents needs to be retrieved.",
"required":true,
"type":"string"
},
{
"name":"clientIdentifier",
"in":"query",
"description":"OAuth Client ID/Identifier",
"required":false,
"type":"string"
},
{
"name":"resServerId",
"in":"query",
"description":"OAuth Application ID/Identifier",
"required":false,
"type":"string"
},
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"description":"OAuth Identity Domain name under which user consents are expected.",
"required":true,
"type":"string"
},
{
"name":"authorization",
"in":"header",
"required":true,
"type":"string",
"description":"Base64 encoded header of Administrator:Secret. This is an authentication mechanism for weblogic Administrator to access resource."
}
],
"responses":{
"200":{
"description":"Sucessfully retrieved user consent - detail",
"schema":{
"$ref":"#/definitions/consents"
}
},
"400":{
"description":"Failed to retrieve user consent - detail",
"schema":{
"type":"object",
"properties":{
"error":{
"type":"string",
"description":"Error code"
},
"error_description":{
"type":"string",
"description":"Error description"
}
},
"example":{
"error":"400",
"error_description":"Required parameter 'X-OAUTH-IDENTITY-DOMAIN-NAME' is not present."
}
}
}
},
"x-internal-id":"oam-services-rest-consent-get",
"x-filename-id":"oam-services-rest-consent-get"
},
"delete":{
"tags":[
"Admin/Consent Management"
],
"summary":"Delete User Consent's",
"description":"The REST API enables Administrator to delete consents related to a User. Multiple consents can be deleted simultaneously by specifing multiple consent identifier.",
"operationId":"deleteConsent",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"description":"OAuth Identity Domain name under which user consents are expected.",
"required":true,
"type":"string"
},
{
"name":"authorization",
"in":"header",
"required":true,
"type":"string",
"description":"Base64 encoded header of Administrator:Secret. This is an authentication mechanism for weblogic Administrator to access resource."
},
{
"name":"userId",
"in":"query",
"description":"User name/identifier who's consents needs to be retrieved.",
"required":true,
"type":"string"
},
{
"name":"cid",
"in":"query",
"description":"Unique Consent Identifier that needs to be revoked. The value of this parameter can be fetched from GET Consent response.",
"required":false,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully deleted user consents - detail",
"schema":{
"$ref":"#/definitions/consents"
}
},
"400":{
"description":"Failed to delete user consent - detail",
"schema":{
"type":"object",
"properties":{
"error":{
"type":"string",
"description":"Error code"
},
"error_description":{
"type":"string",
"description":"Error description"
}
},
"example":{
"error":"400",
"error_description":"Required parameter 'userId' is not present."
}
}
}
},
"x-internal-id":"oam-services-rest-consent-delete",
"x-filename-id":"oam-services-rest-consent-delete"
}
},
"/oauth2/rest/consent":{
"get":{
"tags":[
"Runtime/Consent Management"
],
"summary":"Find User Consent's",
"description":"The REST API enables End User to fetch consents. The API return's all the consents for a given User or specific consents for a given User, OAuth Client and OAuth Application combination.",
"operationId":"getConsents",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"oam_remote_user",
"in":"header",
"description":"Specify User name/identifier (either via oam_remote_user (header) or oam_id (cookie)) who's consents needs to be retrieved.",
"required":true,
"type":"string"
},
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"description":"OAuth Identity Domain name under which user consents are expected.",
"required":true,
"type":"string"
},
{
"name":"clientIdentifier",
"in":"query",
"description":"OAuth Client ID/Identifier",
"required":false,
"type":"string"
},
{
"name":"resServerId",
"in":"query",
"description":"OAuth Application ID/Identifier",
"required":false,
"type":"string"
},
{
"name":"identityDomain",
"in":"query",
"required":false,
"type":"string",
"description":"Identity Domain under which the token is being requested. This is an optional parameter if 'x-oauth-identity-domain-name' header parameter is provided."
}
],
"responses":{
"200":{
"description":"Sucessfully retrieved user consent - detail",
"schema":{
"$ref":"#/definitions/consents"
}
},
"400":{
"description":"Failed to retrieve user consent - detail",
"schema":{
"type":"object",
"properties":{
"error":{
"type":"string",
"description":"Error code"
},
"error_description":{
"type":"string",
"description":"Error description"
}
},
"example":{
"error":"400",
"error_description":"Required parameter 'X-OAUTH-IDENTITY-DOMAIN-NAME' is not present."
}
}
}
},
"x-internal-id":"oauth2-rest-consent-get",
"x-filename-id":"oauth2-rest-consent-get"
},
"delete":{
"tags":[
"Runtime/Consent Management"
],
"summary":"Delete User Consent's",
"description":"The REST API enables End User to delete consents related to a User. Multiple consents can be deleted simultaneously by specifing multiple consent identifier.",
"operationId":"deleteConsent",
"consumes":[
"application/x-www-form-urlencoded"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"oam_remote_user",
"in":"header",
"description":"User name/identifier who's consents needs to be retrieved.",
"required":true,
"type":"string"
},
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"description":"OAuth Identity Domain name under which user consents are expected.",
"required":true,
"type":"string"
},
{
"name":"cid",
"in":"query",
"description":"Unique Consent Identifier that needs to be revoked. The value of this parameter can be fetched from GET Consent response.",
"required":true,
"type":"string"
},
{
"name":"identityDomain",
"in":"query",
"required":false,
"type":"string",
"description":"Identity Domain under which the token is being requested. This is an optional parameter if 'x-oauth-identity-domain-name' header parameter is provided."
}
],
"responses":{
"200":{
"description":"Sucessfully deleted user consents - detail",
"schema":{
"$ref":"#/definitions/consents"
}
},
"400":{
"description":"Failed to delete user consent - detail",
"schema":{
"type":"object",
"properties":{
"error":{
"type":"string",
"description":"Error code"
},
"error_description":{
"type":"string",
"description":"Error description"
}
},
"example":{
"error":"400",
"error_description":"Required parameter 'userId' is not present."
}
}
}
},
"x-internal-id":"oauth2-rest-consent-delete",
"x-filename-id":"oauth2-rest-consent-delete"
}
},
"/oam/services/rest/ssa/api/v1/oauthpolicyadmin/application":{
"post":{
"tags":[
"Admin/Application"
],
"summary":"Add a new Resource Server",
"description":"",
"consumes":[
"application/json",
"application/xml"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"ResourceServerBody",
"in":"body",
"description":"Resource Server that needs to be created",
"required":true,
"schema":{
"$ref":"#/definitions/ResourceServer"
}
}
],
"responses":{
"200":{
"description":"Sucessfully created entity - OAuthResourceServer, detail",
"schema":{
"$ref":"#/definitions/ResourceServer"
}
},
"422":{
"description":"Failed to create OAuth entity \"ResourceServer\" - name \"NameofResourceServer\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-post"
},
"put":{
"tags":[
"Admin/Application"
],
"summary":"Update an existing OAuth Resource Server either based on the name of the resource server or the ID of the resource server.",
"description":"Either \"name\" or \"id\" query parameters need to be passed to modify the existing resource server",
"consumes":[
"application/json",
"application/xml"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"query",
"description":"Name of the Resource Server",
"required":true,
"type":"string"
},
{
"name":"id",
"in":"query",
"description":"ID of the Resource Server",
"required":true,
"type":"string"
},
{
"name":"ResourceServerBody",
"in":"body",
"description":"Resource Server that needs to be modified",
"required":true,
"schema":{
"$ref":"#/definitions/ResourceServer"
}
}
],
"responses":{
"200":{
"description":"Sucessfully modified entity - OAuthResourceServer, detail",
"schema":{
"$ref":"#/definitions/ResourceServer"
}
},
"422":{
"description":"Failed to update OAuth entity \"ResourceServer\" - name \"NameofResourceServer\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-put",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-put"
},
"get":{
"tags":[
"Admin/Application"
],
"summary":"Find OAuth Resource Server by name or ID",
"description":"Returns a Resource Server. The search can be done either with the name or the ID of the Resource Server. Only one of the query parameters needs to be specified.",
"operationId":"getResServerByNameorID",
"produces":[
"application/json"
],
"parameters":[
{
"name":"identityDomainName",
"in":"query",
"description":"Name of the Identity Domain under which the Resource Server exits",
"required":true,
"type":"string"
},
{
"name":"name",
"in":"query",
"description":"Name of the Resouce Server",
"required":true,
"type":"string"
},
{
"name":"id",
"in":"query",
"description":"Unique ID of the Resource Server",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully retrieved entity - OAuthResourceServer, detail",
"schema":{
"$ref":"#/definitions/ResourceServer"
}
},
"422":{
"description":"Failed to retrive OAuth entity \"ResourceServer\" - name \"NameofResourceServer\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-get",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-get"
},
"delete":{
"tags":[
"Admin/Application"
],
"summary":"Delete a Resource Server by name or ID",
"description":"Deletes a Resource Server, either based on the name or the ID. Only one query parameter needs to be specified.",
"operationId":"deleteResServer",
"produces":[
"application/json"
],
"parameters":[
{
"name":"identityDomainName",
"in":"query",
"description":"Name of the Identity Domain under which the Resource Server exists",
"required":true,
"type":"string"
},
{
"name":"name",
"in":"query",
"description":"Name of the Resource Server",
"required":true,
"type":"string"
},
{
"name":"id",
"in":"query",
"description":"Unique ID of the Resource Server",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"Sucessfully deleted entity - \"OAuthResourceServer\", detail - \"NameofResourceServer\""
},
"422":{
"description":"Failed to delete OAuth entity \"ResourceServer\" - name \"NameofResourceServer\""
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-oauthpolicyadmin-application-delete"
}
},
"/oam/services/rest/ssa/api/v1/template/{name}":{
"get":{
"tags":[
"Admin/Template"
],
"summary":"Displays template with specified template name.",
"description":"Displays template content.",
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"path",
"description":"Unique Name of the Template",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"OK.",
"schema":{
"$ref":"#/definitions/Template"
}
},
"404":{
"description":"Template not found.",
"schema":{
"$ref":"#/definitions/Error"
}
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-template-{name}-get",
"x-filename-id":"oam-services-rest-ssa-api-v1-template-name-get"
},
"post":{
"tags":[
"Admin/Template"
],
"summary":"Creates new template with given details for the entire system.",
"description":"Creates a new template.",
"consumes":[
"application/json"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"path",
"description":"Unique Name of the Template",
"required":true,
"type":"string"
},
{
"name":"TemplateBody",
"in":"body",
"description":"Template that needs to be created",
"required":true,
"schema":{
"$ref":"#/definitions/Template"
}
}
],
"responses":{
"200":{
"description":"OK.",
"schema":{
"$ref":"#/definitions/Template"
}
},
"422":{
"description":"Template : already exists.",
"schema":{
"$ref":"#/definitions/Error"
}
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-template-{name}-post",
"x-filename-id":"oam-services-rest-ssa-api-v1-template-name-post"
},
"put":{
"tags":[
"Admin/Template"
],
"summary":"Update an existing Template based on the name of the template.",
"consumes":[
"application/json"
],
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"path",
"description":"Template that needs to be updated.",
"required":true,
"type":"string"
},
{
"name":"TemplateBody",
"in":"body",
"description":"Template with the corresponding name will be replaced with this content.",
"required":true,
"schema":{
"$ref":"#/definitions/Template"
}
}
],
"responses":{
"200":{
"description":"OK.",
"schema":{
"$ref":"#/definitions/Template"
}
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-template-{name}-put",
"x-filename-id":"oam-services-rest-ssa-api-v1-template-name-put"
},
"delete":{
"tags":[
"Admin/Template"
],
"summary":"Deletes template with specified template name.",
"description":"Deletes template.",
"produces":[
"application/json"
],
"parameters":[
{
"name":"name",
"in":"path",
"description":"Unique Name of the Template",
"required":true,
"type":"string"
}
],
"responses":{
"200":{
"description":"OK.",
"schema":{
"$ref":"#/definitions/Template"
}
},
"404":{
"description":"Template not found.",
"schema":{
"$ref":"#/definitions/Error"
}
}
},
"x-internal-id":"oam-services-rest-ssa-api-v1-template-{name}-delete",
"x-filename-id":"oam-services-rest-ssa-api-v1-template-name-delete"
}
},
"/oauth2/rest/userinfo":{
"get":{
"tags":[
"Runtime/UserInfo"
],
"summary":"UserInfo details for OIDC flows",
"parameters":[
{
"name":"Authorization",
"in":"header",
"required":true,
"type":"string",
"description":"Clients must present a valid access token (of type bearer) to retrieve the UserInfo claims. Only the claims that are scoped by the token will be returned."
},
{
"name":"x-oauth-identity-domain-name",
"in":"header",
"required":true,
"type":"string"
},
{
"name":"identityDomain",
"in":"query",
"required":false,
"type":"string",
"description":"Alternate query parameter name for 'x-oauth-identity-domain-name' header parameter. This can be used if header parameter can not be passed in some scenarios."
}
],
"responses":{
"200":{
"description":"UserInfo claims are returned according to the scope requested.",
"schema":{
"$ref":"#/definitions/UserInfoDetails"
}
},
"400":{
"description":"Bad Request",
"schema":{
"$ref":"#/definitions/ErrorCode"
}
}
},
"x-internal-id":"oauth2-rest-userinfo-get",
"x-filename-id":"oauth2-rest-userinfo-get"
}
}
},
"definitions":{
"mTLSEndpoint":{
"type":"object",
"required":[
"hostname",
"port"
],
"properties":{
"hostname":{
"type":"string",
"description":"Host name of the mTLS end point"
},
"port":{
"type":"string",
"description":"Port of the mTLS end point"
}
}
},
"mTLSEndpointResponse":{
"type":"object",
"properties":{
"hostname":{
"type":"string",
"description":"Host name of the mTLS end point"
},
"port":{
"type":"string",
"description":"Port of the mTLS end point"
},
"message":{
"type":"string",
"description":"Error messages"
}
}
},
"SecurityDetails":{
"type":"object",
"description":"Public Certificate of the Identity Domain.",
"properties":{
"kty":{
"type":"string"
},
"x5t#S256":{
"type":"string"
},
"e":{
"type":"string"
},
"x5t":{
"type":"string"
},
"kid":{
"type":"string"
},
"x5c":{
"type":"string",
"description":"Array of string values"
},
"key_ops":{
"type":"string",
"description":"Array of string values"
},
"alg":{
"type":"string",
"default":"RS256"
},
"n":{
"type":"string"
}
}
},
"ErrorCode":{
"type":"object",
"properties":{
"errorCode":{
"type":"string",
"description":"Error Code Generated"
},
"errorDesc":{
"type":"string",
"description":"Translated Error Description"
},
"secErrorDesc":{
"type":"string",
"description":"Secondary Error Message"
}
}
},
"ClientArtifact":{
"type":"object",
"required":[
"identityDomainName",
"clientName",
"certificateValue"
],
"properties":{
"identityDomainName":{
"type":"string",
"description":"Name of the Identity Domain under which the Client exists"
},
"clientName":{
"type":"string",
"description":"Name of the Client under which the certificate is being imported"
},
"certificateValue":{
"type":"string",
"description":"Base64 Encoded value of the Public certificate"
}
}
},
"ScopeSettings":{
"type":"object",
"required":[
"scopeName"
],
"properties":{
"scopeName":{
"type":"string",
"description":"Name of the scope"
}
}
},
"RedirectURI":{
"type":"object",
"required":[
"url"
],
"properties":{
"url":{
"type":"string",
"description":"Redirect URL"
},
"isHttps":{
"type":"boolean",
"default":"true"
}
}
},
"TokenAttributeSettings":{
"type":"object",
"description":"Custom attributes that can be added to the Access Token",
"required":[
"attrName",
"attrValue",
"attrType"
],
"properties":{
"attrName":{
"type":"string",
"description":"Name of the custom attribute"
},
"attrValue":{
"type":"string",
"description":"Value of the custom attribute. This could be a static value or a dynamic one that is evaluated and substituted."
},
"attrType":{
"type":"string",
"description":"Type of the Attribute",
"enum":[
"STATIC",
"DYNAMIC"
]
}
}
},
"ClientResponse":{
"type":"object",
"required":[
"name"
],
"properties":{
"name":{
"type":"string",
"description":"Name of the Client"
},
"description":{
"type":"string"
},
"idDomain":{
"type":"string",
"description":"Name of the Identity Domain under which the Client exists"
},
"id":{
"type":"string",
"description":"ClientID for the client. Will be auto generated if not specified"
},
"secret":{
"type":"string",
"description":"Password for the client if confidential"
},
"clientType":{
"type":"string",
"description":"Type of the client",
"enum":[
"CONFIDENTIAL_CLIENT",
"PUBLIC_CLIENT",
"MOBILE_CLIENT"
]
},
"grantTypes":{
"type":"array",
"xml":{
"name":"grantTypes",
"wrapped":true
},
"items":{
"type":"string",
"enum":[
"PASSWORD",
"REFRESH_TOKEN",
"JWT_BEARER",
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE"
]
}
},
"scopes":{
"type":"array",
"xml":{
"name":"scopes",
"wrapped":true
},
"items":{
"$ref":"#/definitions/ScopeSettings"
}
},
"redirectURIs":{
"type":"array",
"xml":{
"name":"redirectURIs",
"wrapped":true
},
"items":{
"$ref":"#/definitions/RedirectURI"
}
},
"attributes":{
"type":"array",
"xml":{
"name":"attributes",
"wrapped":true
},
"items":{
"$ref":"#/definitions/TokenAttributeSettings"
}
}
}
},
"ClientTrustCertificateRequest":{
"type":"object",
"required":[
"publicCert",
"id"
],
"properties":{
"id":{
"type":"string",
"description":"certificate ID"
},
"publicCert":{
"type":"string",
"description":"base64 encoded certificate value excluding --BEGIN CERTIFICATE-- and --- END CERTIFICATE--- tags."
}
}
},
"ClientTrustCertificate":{
"type":"object",
"required":[
"publicCert",
"id"
],
"properties":{
"id":{
"type":"string",
"description":"id of the certificate"
},
"publicCert":{
"type":"string",
"description":"Base64 encoded certificate value"
},
"x5t":{
"type":"string",
"description":"sha256 hash value of the certificate"
},
"issuerDN":{
"type":"string",
"description":"DN of the issuer of the certificate"
},
"subject":{
"type":"string",
"description":"Subject DN value of the certificate"
},
"notBefore":{
"type":"integer",
"description":"not before value of the certificate in milliseconds after 1970"
},
"notAfter":{
"type":"integer",
"description":"not afetr value of the certificate in milliseconds after 1970"
}
}
},
"ClientTrustCertificateResponse":{
"type":"object",
"required":[
"name"
],
"properties":{
"status":{
"type":"string",
"description":"HTTP response code"
},
"message":{
"type":"string",
"description":"sucess or failure message"
},
"response":{
"$ref":"#/definitions/ClientTrustCertificate"
}
}
},
"Client":{
"type":"object",
"required":[
"name"
],
"properties":{
"name":{
"type":"string",
"description":"Name of the Client"
},
"description":{
"type":"string"
},
"idDomain":{
"type":"string",
"description":"Name of the Identity Domain under which the Client exists"
},
"id":{
"type":"string",
"description":"ClientID for the client. Will be auto generated if not specified"
},
"secret":{
"type":"string",
"description":"Password for the client if confidential"
},
"clientType":{
"type":"string",
"description":"Type of the client",
"enum":[
"CONFIDENTIAL_CLIENT",
"PUBLIC_CLIENT",
"MOBILE_CLIENT"
]
},
"grantTypes":{
"type":"array",
"xml":{
"name":"grantTypes",
"wrapped":true
},
"items":{
"type":"string",
"enum":[
"PASSWORD",
"REFRESH_TOKEN",
"JWT_BEARER",
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE"
]
}
},
"scopes":{
"type":"array",
"xml":{
"name":"scopes",
"wrapped":true
},
"items":{
"$ref":"#/definitions/ScopeSettings"
}
},
"usePKCE":{
"type":"string",
"description":"Optional parameter to enable PKCE for this client. If not specified, default will be null.",
"enum":[
"NON_STRICT",
"STRICT"
]
},
"defaultScope":{
"type":"string",
"description":"Mandatory scope which is the default scope returned in the token"
},
"redirectURIs":{
"type":"array",
"xml":{
"name":"redirectURIs",
"wrapped":true
},
"items":{
"$ref":"#/definitions/RedirectURI"
}
},
"attributes":{
"type":"array",
"xml":{
"name":"attributes",
"wrapped":true
},
"items":{
"$ref":"#/definitions/TokenAttributeSettings"
}
},
"tokenEndpointAuthMethod":{
"type":"string",
"description":"Client Authentication method supported by the client. If \"tls_client_auth\" or \"self_signed_tls_client_auth\" is specified then one of the \"tlsClientAuthSubjectDN\",\"tlsClientAuthSANDNS\",\"tlsClientAuthSANURI\",\"tlsClientAuthSANIP\",\"tlsClientAuthSANIP\",\"tlsClientAuthSANEmail\" property is required.",
"enum":[
"tls_client_auth",
"self_signed_tls_client_auth",
"private_key_jwt",
"client_secret_basic"
]
},
"issueTLSClientCertificateBoundAccessTokens":{
"type":"string",
"description":"Tokens should be bound to certificate or not true/false"
},
"tlsClientAuthSubjectDN":{
"type":"string",
"description":"Certificate subject value to be matched for the client."
},
"tlsClientAuthSANDNS":{
"type":"string",
"description":"Certificate SAN DNS value to be matched for the client."
},
"tlsClientAuthSANURI":{
"type":"string",
"description":"Certificate SAN URI value to be matched for the client."
},
"tlsClientAuthSANIP":{
"type":"string",
"description":"Certificate SAN IP value to be matched for the client."
},
"tlsClientAuthSANEmail":{
"type":"string",
"description":"Certificate SAN email value to be matched for the client."
},
"accessTokenCustomClaims":{
"type":"array",
"items":{
"type":"string",
"description":"Represents a list of claims that must be included in the Access Token in addition to other claims that are being requested via scope or other configurations"
}
},
"idTokenCustomClaims":{
"type":"array",
"items":{
"type":"string",
"description":"Represents a list of claims that must be included in the Identity Token in addition to other claims that are being requested via scope or other configurations"
}
},
"userInfoCustomClaims":{
"type":"array",
"items":{
"type":"string",
"description":"Represents a list of claims that must be included in the User Info response in addition to other claims that are being requested via scope or other configurations"
}
},
"oldSecretRetentionTimeInDays":{
"type":"integer",
"description":"Specifies the rollover period for previous client secret to continue working. The previous client secret is assigned when a client secret is changed."
}
}
},
"ResponseObj":{
"type":"object",
"properties":{
"status":{
"type":"string",
"description":"status of the operation",
"example":"success"
}
}
},
"KeyPairArtifactSettings":{
"type":"object",
"description":"KeyPair artifact details",
"required":[
"aliasName",
"publicKey",
"privateKey"
],
"properties":{
"aliasName":{
"type":"string",
"description":"Alias Name of the KeyPair"
},
"publicKey":{
"type":"string",
"description":"Base64 encoded public key of the KeyPair"
},
"privateKey":{
"type":"string",
"description":"Base64 encoded private key of the KeyPair"
}
}
},
"KeyPairArtifactObject":{
"type":"object",
"description":"KeyPair artifact details",
"properties":{
"aliasName":{
"type":"string",
"description":"Alias Name of the KeyPair"
},
"subjectDN":{
"type":"string",
"description":"subjectDN of the KeyPair"
},
"issuer":{
"type":"string",
"description":"Name of the issuer of the KeyPair"
},
"expiry":{
"type":"string",
"description":"Expiry date of the KeyPair"
},
"issuedOn":{
"type":"string",
"description":"Date of issuance of the KeyPair"
},
"publicKeyDetails":{
"type":"string",
"description":"Additional details of the KeyPair"
},
"domains":{
"type":"string",
"description":"OAuth Identity Domains that are currently making use of the KeyPair"
}
}
},
"KeyPairArtifact":{
"type":"array",
"xml":{
"name":"KeyPairArtifacts",
"wrapped":true
},
"items":{
"$ref":"#/definitions/KeyPairArtifactSettings"
}
},
"KeyPair":{
"type":"array",
"xml":{
"name":"KeyPairArtifacts",
"wrapped":true
},
"items":{
"$ref":"#/definitions/KeyPairArtifactObject"
}
},
"consentsAfterRevoke":{
"description":"Array of user consent",
"type":"array",
"xml":{
"name":"consentAfterRevoke",
"wrapped":true
},
"items":{
"$ref":"#/definitions/consentAfterRevoke"
}
},
"consentAfterRevoke":{
"type":"object",
"required":[
"clientId",
"consentId",
"createTimeStamp",
"resourceId",
"scopes",
"valid",
"revokeTimestamp"
],
"properties":{
"clientId":{
"type":"string",
"description":"OAuth Client Identifier",
"example":"clientA"
},
"consentId":{
"type":"string",
"description":"OAuth Consent Unique Identifier",
"example":"30650989-8e53-3010-b06a-98b0ef42b65d"
},
"createTimeStamp":{
"type":"string",
"description":"Creation timestamp for OAuth Consent",
"example":"Tue Mar 09 21:12:06 PST 2021"
},
"resourceId":{
"type":"string",
"description":"OAuth Application Identifier",
"example":"66ac1a16-ee37-4525-81f6-9062d69a743c"
},
"scopes":{
"type":"array",
"xml":{
"name":"scope",
"wrapped":true
},
"items":{
"$ref":"#/definitions/scope"
},
"example":[
"DemoResServer.DefaultScope"
]
},
"valid":{
"type":"boolean",
"description":"Flag to identify OAuth Consent validity.\n True - Consent is valid,\n False - Consent is In-valid",
"example":true
},
"revokeTimestamp":{
"type":"string",
"description":"String of key value pairs where value describes the revoke timestamp applicable to the key, key can have following possible values TOKENS, ACCESS_TOKENS, REFRESH_TOKENS depending on the revoke_type. All the token types generated before the specified timestamp will be revoked.",
"example":"TOKENS=2021-03-08T23:30:33-0800, ACCESS_TOKENS=2021-03-08T20:30:33-0800, REFRESH_TOKENS=2021-03-08T21:30:33-0800"
}
}
},
"scope":{
"type":"string",
"description":"OAuth Scope string."
},
"AccessToken":{
"type":"object",
"properties":{
"access_token":{
"type":"string",
"description":"Access Token Generated"
},
"token_type":{
"type":"string",
"description":"Type of token generated. eg:- Bearer"
},
"expires_in":{
"type":"integer",
"description":"Time before the Access Token expires"
},
"refresh_token":{
"type":"string",
"description":"Refresh Token Generated if enabled. This is also generated only for GrantType - AUTHORIZATION_CODE and PASSWORD"
}
}
},
"AccessTokenDetails":{
"type":"object",
"properties":{
"iss":{
"type":"string",
"description":"Issuer"
},
"aud":{
"type":"string",
"description":"Expected Audience"
},
"exp":{
"type":"integer",
"description":"Expires In"
},
"jti":{
"type":"string",
"description":"Identifier"
},
"iat":{
"type":"integer",
"description":"Issued At"
},
"sub":{
"type":"string",
"description":"Subject"
},
"client":{
"type":"string",
"description":"Client ID"
},
"scope":{
"type":"string",
"description":"Allowed Scopes"
},
"domain":{
"type":"string",
"description":"Identity Domain"
}
}
},
"TrustArtifactSettings":{
"type":"object",
"description":"Trust artifacts added under an identity domain",
"required":[
"artifactIdentifer",
"artifactValue"
],
"properties":{
"artifactIdentifer":{
"type":"string",
"description":"Key Identifier of the Trust Artifact that is imported under the Identity Domain"
},
"artifactValue":{
"type":"string",
"description":"Base64 encoded public certificate value"
}
}
},
"IDDomainTrustArtifact":{
"type":"object",
"required":[
"identityDomainName"
],
"properties":{
"identityDomainName":{
"type":"string",
"description":"Name of the Identity Domain under which the trust artifacts are being imported"
},
"trustArtifacts":{
"type":"array",
"xml":{
"name":"trustArtifacts",
"wrapped":true
},
"items":{
"$ref":"#/definitions/TrustArtifactSettings"
}
}
}
},
"TokenSettings":{
"type":"object",
"required":[
"refreshTokenEnabled",
"refreshTokenExpiry",
"tokenType",
"tokenExpiry"
],
"properties":{
"refreshTokenEnabled":{
"type":"boolean",
"default":false
},
"refreshTokenLifeCycleEnabled":{
"type":"boolean",
"default":false
},
"refreshTokenExpiry":{
"type":"integer",
"format":"int64"
},
"lifeCycleEnabled":{
"type":"boolean",
"default":false
},
"tokenType":{
"type":"string",
"description":"Type of the token",
"enum":[
"ACCESS_TOKEN",
"AUTHZ_CODE",
"SSO_LINK_TOKEN"
]
},
"tokenExpiry":{
"type":"integer",
"format":"int64"
}
}
},
"IdentityDomainResponse":{
"type":"object",
"required":[
"name"
],
"properties":{
"name":{
"type":"string",
"description":"Name of the Identity Domain"
},
"consentPageURL":{
"type":"string",
"description":"Fully qualified URL of the customized consent page"
},
"errorPageURL":{
"type":"string",
"description":"Fully qualified URL of the customized error page"
},
"identityProvider":{
"type":"string",
"description":"Name of the identity store against which authentication is completed"
},
"description":{
"type":"string"
},
"trustStoreIdentifier":{
"type":"array",
"xml":{
"name":"trustStoreIdentifier",
"wrapped":true
},
"items":{
"type":"string"
}
},
"tokenSettings":{
"type":"array",
"xml":{
"name":"tokenSetting",
"wrapped":true
},
"items":{
"$ref":"#/definitions/TokenSettings"
}
}
}
},
"TokenIntrospectionResponse":{
"type":"object",
"properties":{
"iss":{
"type":"string",
"description":"Issuer"
},
"aud":{
"type":"array",
"description":"Audiance",
"items":{
"type":"string"
}
},
"exp":{
"type":"string",
"description":"Expiry Time"
},
"jti":{
"type":"string",
"description":"jti value"
},
"sub":{
"type":"string",
"description":"Subject of the token"
},
"client":{
"type":"string",
"description":"Client to which token is issued."
},
"scope":{
"type":"array",
"description":"List of scopes",
"items":{
"type":"string"
}
},
"domain":{
"type":"string",
"description":"Identity domain name"
},
"identityDomain":{
"type":"string",
"description":"Alternate to identity domain name"
},
"groups":{
"type":"string",
"description":"User groups"
},
"sessionId":{
"type":"string",
"description":"User session id"
},
"active":{
"type":"boolean",
"description":"token is active or not"
}
}
},
"accesstoken":{
"type":"object",
"required":[
"access_token",
"token_type",
"expires_in"
],
"properties":{
"access_token":{
"type":"string",
"description":"eyJraWQiOiJkY3JfZG9tYWluIiwieDV0IjoibnFpalFTVkNDMGVrS1"
},
"token_type":{
"type":"string",
"description":"Bearer"
},
"expires_in":{
"type":"integer",
"description":"expiry time of token in sec"
}
}
},
"clientinfo":{
"type":"object",
"required":[
"client_id",
"client_secret",
"client_name",
"redirect_uris",
"client_secrete_expires_at",
"client_get_uri"
],
"properties":{
"client_id":{
"type":"string",
"description":"a7befc996f674ac38720a2b64ff388e4"
},
"client_secret":{
"type":"string",
"description":"oudA8WlqpENkEz"
},
"client_name":{
"type":"string",
"description":"oma4ac38720a2b64ff388e4"
},
"redirect_uris":{
"type":"array",
"items":{
"type":"string",
"description":"android-app://com.example.app/example.com/my/path/to/information, http://localhost:8080/my/path/to/information"
}
},
"client_secret_expires_at":{
"type":"integer",
"description":"time in sec"
},
"client_get_uri":{
"type":"string",
"description":"uri at which you can fetch the client details"
}
}
},
"clientdetails":{
"type":"object",
"required":[
"domain",
"client_name",
"description",
"client_id",
"redirect_uris"
],
"properties":{
"domain":{
"type":"string",
"description":"name of domain with which client has been regestered e.g dcr_domain"
},
"client_name":{
"type":"string",
"description":"name of regested client (8ada7fasda91asd)"
},
"description":{
"type":"string",
"description":"description of client provides during client regestration"
},
"client_id":{
"type":"string",
"description":"client id (bafaf7sadaffg97asdad91)"
},
"redrect_uris":{
"type":"array",
"items":{
"type":"string",
"description":"redirect uris specific to client provided while creating the template android-app://com.example.app/example.com/my/path/to/information, http://localhost:8080/my/path/to/information"
}
},
"identityDomain":{
"type":"string",
"description":"alternate name of domain with which client has been regestered"
}
}
},
"errorresponse":{
"type":"object",
"properties":{
"errorCode":{
"type":"string"
},
"errorDesc":{
"type":"string"
}
}
},
"IdentityDomain":{
"type":"object",
"required":[
"name"
],
"properties":{
"name":{
"type":"string",
"description":"Name of the Identity Domain"
},
"consentPageURL":{
"type":"string",
"description":"Fully qualified URL of the customized consent page"
},
"errorPageURL":{
"type":"string",
"description":"Fully qualified URL of the customized error page"
},
"identityProvider":{
"type":"string",
"description":"Name of the identity store against which authentication is completed"
},
"description":{
"type":"string"
},
"customAttrs":{
"type":"string",
"description":"Attribute of user in IDStore to store the encrypted secretkey for TOTP"
},
"tokenSettings":{
"type":"array",
"xml":{
"name":"tokenSetting",
"wrapped":true
},
"items":{
"$ref":"#/definitions/TokenSettings"
}
},
"oldSecretRetentionTimeInDays":{
"type":"integer",
"description":"Specifies the rollover period for previous client secret to continue working. The previous client secret is assigned when a client secret is changed."
}
}
},
"consents":{
"description":"Array of user consent",
"type":"array",
"xml":{
"name":"consent",
"wrapped":true
},
"items":{
"$ref":"#/definitions/consent"
}
},
"consent":{
"type":"object",
"required":[
"clientId",
"consentId",
"createTimeStamp",
"resourceId",
"scopes",
"valid"
],
"properties":{
"clientId":{
"type":"string",
"description":"OAuth Client Identifier"
},
"consentId":{
"type":"string",
"description":"OAuth Consent Unique Identifier"
},
"createTimeStamp":{
"type":"string",
"description":"Creation timestamp for OAuth Consent"
},
"resourceId":{
"type":"string",
"description":"OAuth Application Identifier"
},
"scopes":{
"type":"array",
"xml":{
"name":"scope",
"wrapped":true
},
"items":{
"$ref":"#/definitions/scope"
}
},
"valid":{
"type":"boolean",
"description":"Flag to identify OAuth Consent validity. \n True - Consent is valid, \n False - Consent is In-valid"
}
}
},
"AttributeSettings":{
"type":"object",
"description":"Custom attributes that can be added to the Access Token",
"required":[
"attrName",
"attrValue",
"attrType"
],
"properties":{
"attrName":{
"type":"string",
"description":"Name of the custom attribute"
},
"attrValue":{
"type":"string",
"description":"Value of the custom attribute. This could be a static value or a dynamic one that is evaluated and substituted."
},
"attrType":{
"type":"string",
"description":"Type of the Attribute",
"enum":[
"STATIC",
"DYNAMIC"
]
}
}
},
"ResourceServer":{
"type":"object",
"required":[
"name",
"idDomain",
"scopes"
],
"properties":{
"name":{
"type":"string",
"description":"Name of the Resource Server"
},
"description":{
"type":"string"
},
"idDomain":{
"type":"string",
"description":"Name of the Identity Domain under which the resource server is created"
},
"scopes":{
"type":"array",
"xml":{
"name":"scopes",
"wrapped":true
},
"items":{
"$ref":"#/definitions/ScopeSettings"
}
},
"tokenAttributes":{
"type":"array",
"xml":{
"name":"tokenAttributes",
"wrapped":true
},
"items":{
"$ref":"#/definitions/AttributeSettings"
}
}
}
},
"ValueFiltering":{
"type":"object",
"properties":{
"populateIf":{
"type":"string",
"description":"Returns claim value only if the result of this filter java method is true."
},
"populateIfNot":{
"type":"string",
"description":"Returns claim value only if the result of this filter java method is false."
},
"params":{
"type":"array",
"items":{
"type":"string"
},
"description":"Parameters for the java method used in populateIf or populateIfNot tag."
},
"type":{
"type":"array",
"items":{
"type":"string"
},
"description":"Type of the parameters."
}
}
},
"ValueTransformation":{
"type":"object",
"required":[
"operation"
],
"properties":{
"operation":{
"type":"string",
"description":"Java method name used as transformation operation."
},
"params":{
"type":"array",
"items":{
"type":"string"
},
"description":"Parameters for the java method used in operation tag."
},
"type":{
"type":"array",
"items":{
"type":"string"
},
"description":"Type of the parameters."
}
}
},
"Template":{
"type":"object",
"required":[
"valueMapping"
],
"properties":{
"description":{
"type":"string",
"description":"Details describing the intent of this template."
},
"defaultValue":{
"type":"string",
"description":"Default value to be used in case the template processing fails."
},
"valueMapping":{
"type":"string",
"description":"We can specify the source for value of a template."
},
"valueFiltering":{
"$ref":"#/definitions/ValueFiltering"
},
"valueTransformation":{
"type":"array",
"items":{
"$ref":"#/definitions/ValueTransformation"
}
},
"transformFirst":{
"type":"boolean",
"description":"If set to true then valueTransformation will be applied before valueFiltering.",
"default":false
},
"dynamicParams":{
"type":"array",
"items":{
"type":"string"
},
"description":"To use dynamic parameters while defining valueTransformation and valueFiltering, they must be added here."
}
}
},
"Error":{
"type":"object",
"properties":{
"error":{
"type":"string",
"description":"Error code"
},
"error_description":{
"type":"string",
"description":"Error description"
}
}
},
"UserInfoDetails":{
"type":"object",
"description":"User details returned based on scope[openid email address profile phone]",
"properties":{
"name":{
"type":"string",
"description":"Subject of the user"
},
"family_name":{
"type":"string",
"description":"Lastname of the user"
},
"preferred_username":{
"type":"integer",
"description":"Username"
},
"locale":{
"type":"string",
"description":"preferredlanguage for the user"
},
"updated_at":{
"type":"integer",
"description":"Last update time"
},
"email":{
"type":"string",
"description":"Email of user, corresponds to the \"mail\" attribute"
},
"email_verified":{
"type":"string",
"description":"Is mail verified",
"default":"N"
},
"phone_number":{
"type":"string",
"description":"Phone number for user"
},
"phone_number_verified":{
"type":"string",
"description":"Is phone number verified",
"default":"N"
},
"formatted":{
"type":"string",
"description":"Indicates the \"postaladdress\" of the user"
},
"country":{
"type":"string",
"description":"Indicates the \"country\" of the user"
},
"region":{
"type":"integer",
"description":"Indicates the \"state\" of the user"
},
"postal_code":{
"type":"string",
"description":"Indicates the \"postalcode\" of the user"
}
}
}
},
"schemes":[
"https"
]
}