authelia/doc/api_data.json
Clement Michaud 6586402114 Support 'redirect' in /api/verify endpoint to support Traefik
Traefik handles auth forwarding but does not manage redirections like Nginx.
Therefore, Authelia must redirect the user and Traefik will forward this
request.

To support both Nginx and Traefik, /api/verify is now configurable with the
'redirect' get parameter. If the verification fails and 'redirect' is not
provided the response will be a 401 error as before.
If the parameter is provided and set to any URL, the response will be a
redirection (302) to this URL.
2017-12-04 22:52:33 +01:00

997 lines
26 KiB
JSON

[
{
"type": "get",
"url": "/",
"title": "First factor page",
"name": "Login",
"group": "Authentication",
"version": "1.0.0",
"success": {
"fields": {
"Success 200": [
{
"group": "Success 200",
"type": "String",
"optional": false,
"field": "Content",
"description": "<p>The content of the first factor page.</p>"
}
]
}
},
"description": "<p>Serves the login page and create a create a cookie for the client.</p>",
"filename": "shared/api.ts",
"groupTitle": "Authentication"
},
{
"type": "get",
"url": "/logout",
"title": "Serves logout page",
"name": "Logout",
"group": "Authentication",
"version": "1.0.0",
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "redirect",
"description": "<p>Redirect to this URL when user is deauthenticated.</p>"
}
]
}
},
"success": {
"fields": {
"Success 302": [
{
"group": "Success 302",
"optional": false,
"field": "redirect",
"description": "<p>Redirect to the URL.</p>"
}
]
}
},
"description": "<p>Log out the user and redirect to the URL.</p>",
"filename": "shared/api.ts",
"groupTitle": "Authentication"
},
{
"type": "get",
"url": "/secondfactor",
"title": "Second factor page",
"name": "SecondFactor",
"group": "Authentication",
"version": "1.0.0",
"success": {
"fields": {
"Success 200": [
{
"group": "Success 200",
"type": "String",
"optional": false,
"field": "Content",
"description": "<p>The content of second factor page.</p>"
}
]
}
},
"description": "<p>Serves the second factor page</p>",
"filename": "shared/api.ts",
"groupTitle": "Authentication"
},
{
"type": "post",
"url": "/1stfactor",
"title": "Bind user against LDAP",
"name": "ValidateFirstFactor",
"group": "Authentication",
"version": "1.0.0",
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "username",
"description": "<p>User username.</p>"
},
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "password",
"description": "<p>User password.</p>"
}
]
}
},
"success": {
"fields": {
"Success 204": [
{
"group": "Success 204",
"optional": false,
"field": "status",
"description": "<p>1st factor is validated.</p>"
}
]
}
},
"error": {
"fields": {
"Error 401": [
{
"group": "Error 401",
"type": "none",
"optional": false,
"field": "error",
"description": "<p>1st factor is not validated.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
},
"description": "<p>Verify credentials against the LDAP.</p>",
"filename": "shared/api.ts",
"groupTitle": "Authentication",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
},
{
"type": "post",
"url": "/reset-password/request",
"title": "Finish password reset request",
"name": "FinishPasswordResetRequest",
"group": "PasswordReset",
"version": "1.0.0",
"description": "<p>Start password reset request.</p>",
"filename": "shared/api.ts",
"groupTitle": "PasswordReset",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
},
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "identity_token",
"description": "<p>The one-time identity validation token provided in the email.</p>"
}
]
}
},
"success": {
"fields": {
"Success 200": [
{
"group": "Success 200",
"type": "String",
"optional": false,
"field": "content",
"description": "<p>The content of the page.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"optional": false,
"field": "AccessDenied",
"description": "<p>Access is denied.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/password-reset/request",
"title": "Request username",
"name": "ServePasswordResetPage",
"group": "PasswordReset",
"version": "1.0.0",
"description": "<p>Serve a page that requires the username.</p>",
"filename": "shared/api.ts",
"groupTitle": "PasswordReset",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
},
{
"type": "post",
"url": "/api/password-reset",
"title": "Set new password",
"name": "SetNewLDAPPassword",
"group": "PasswordReset",
"version": "1.0.0",
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "password",
"description": "<p>New password</p>"
}
]
}
},
"description": "<p>Set a new password for the user.</p>",
"filename": "shared/api.ts",
"groupTitle": "PasswordReset",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/password-reset/identity/start",
"title": "Start password reset request",
"name": "StartPasswordResetRequest",
"group": "PasswordReset",
"version": "1.0.0",
"description": "<p>Start password reset request.</p>",
"filename": "shared/api.ts",
"groupTitle": "PasswordReset",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
},
"success": {
"fields": {
"Success 204": [
{
"group": "Success 204",
"optional": false,
"field": "status",
"description": "<p>Identity validation has been initiated.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"optional": false,
"field": "AccessDenied",
"description": "<p>Access is denied.</p>"
}
],
"Error 400": [
{
"group": "Error 400",
"optional": false,
"field": "InvalidIdentity",
"description": "<p>User identity is invalid.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/secondfactor/totp/identity/finish",
"title": "Finish TOTP registration identity validation",
"name": "FinishTOTPRegistration",
"group": "TOTP",
"version": "1.0.0",
"description": "<p>Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.</p>",
"filename": "shared/api.ts",
"groupTitle": "TOTP",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
},
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "identity_token",
"description": "<p>The one-time identity validation token provided in the email.</p>"
}
]
}
},
"success": {
"fields": {
"Success 200": [
{
"group": "Success 200",
"type": "String",
"optional": false,
"field": "content",
"description": "<p>The content of the page.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"optional": false,
"field": "AccessDenied",
"description": "<p>Access is denied.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/secondfactor/totp/identity/start",
"title": "Start TOTP registration identity validation",
"name": "StartTOTPRegistration",
"group": "TOTP",
"version": "1.0.0",
"description": "<p>Initiates the identity validation</p>",
"filename": "shared/api.ts",
"groupTitle": "TOTP",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
},
"success": {
"fields": {
"Success 204": [
{
"group": "Success 204",
"optional": false,
"field": "status",
"description": "<p>Identity validation has been initiated.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"optional": false,
"field": "AccessDenied",
"description": "<p>Access is denied.</p>"
}
],
"Error 400": [
{
"group": "Error 400",
"optional": false,
"field": "InvalidIdentity",
"description": "<p>User identity is invalid.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
}
},
{
"type": "post",
"url": "/api/totp",
"title": "Complete TOTP authentication",
"name": "ValidateTOTPSecondFactor",
"group": "TOTP",
"version": "1.0.0",
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "token",
"description": "<p>TOTP token.</p>"
}
]
}
},
"success": {
"fields": {
"Success 302": [
{
"group": "Success 302",
"optional": false,
"field": "Redirect",
"description": "<p>to the URL that has been stored during last call to /api/verify.</p>"
}
]
}
},
"error": {
"fields": {
"Error 401": [
{
"group": "Error 401",
"type": "none",
"optional": false,
"field": "error",
"description": "<p>TOTP token is invalid.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
},
"description": "<p>Verify TOTP token. The user is authenticated upon success.</p>",
"filename": "shared/api.ts",
"groupTitle": "TOTP",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
},
{
"type": "post",
"url": "/api/u2f/sign",
"title": "Complete U2F authentication",
"name": "CompleteU2FAuthentication",
"group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
"Success 302": [
{
"group": "Success 302",
"optional": false,
"field": "Redirect",
"description": "<p>to the URL that has been stored during last call to /api/verify.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"type": "none",
"optional": false,
"field": "error",
"description": "<p>No authentication request has been provided.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
},
"description": "<p>Complete authentication request of the U2F device.</p>",
"filename": "shared/api.ts",
"groupTitle": "U2F",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
},
{
"type": "post",
"url": "/api/secondfactor/u2f/register",
"title": "Complete U2F registration",
"name": "FinishU2FRegistration",
"group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
"Success 302": [
{
"group": "Success 302",
"optional": false,
"field": "Redirect",
"description": "<p>to the URL that has been stored during last call to /api/verify.</p>"
}
]
}
},
"description": "<p>Complete U2F registration request.</p>",
"filename": "shared/api.ts",
"groupTitle": "U2F",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
},
"error": {
"fields": {
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/secondfactor/u2f/identity/start",
"title": "Start U2F registration identity validation",
"name": "RequestU2FRegistration",
"group": "U2F",
"version": "1.0.0",
"filename": "shared/api.ts",
"groupTitle": "U2F",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
},
"success": {
"fields": {
"Success 204": [
{
"group": "Success 204",
"optional": false,
"field": "status",
"description": "<p>Identity validation has been initiated.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"optional": false,
"field": "AccessDenied",
"description": "<p>Access is denied.</p>"
}
],
"Error 400": [
{
"group": "Error 400",
"optional": false,
"field": "InvalidIdentity",
"description": "<p>User identity is invalid.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
},
"description": "<p>This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.</p>"
},
{
"type": "get",
"url": "/secondfactor/u2f/identity/finish",
"title": "Finish U2F registration identity validation",
"name": "ServeU2FRegistrationPage",
"group": "U2F",
"version": "1.0.0",
"description": "<p>Serves the U2F registration page that asks the user to touch the token of the U2F device.</p>",
"filename": "shared/api.ts",
"groupTitle": "U2F",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
},
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "identity_token",
"description": "<p>The one-time identity validation token provided in the email.</p>"
}
]
}
},
"success": {
"fields": {
"Success 200": [
{
"group": "Success 200",
"type": "String",
"optional": false,
"field": "content",
"description": "<p>The content of the page.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"optional": false,
"field": "AccessDenied",
"description": "<p>Access is denied.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/api/u2f/sign_request",
"title": "Start U2F authentication",
"name": "StartU2FAuthentication",
"group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
"Success 200": [
{
"group": "Success 200",
"optional": false,
"field": "authentication_request",
"description": "<p>The U2F authentication request.</p>"
}
]
}
},
"error": {
"fields": {
"Error 401": [
{
"group": "Error 401",
"type": "none",
"optional": false,
"field": "error",
"description": "<p>There is no key registered for user in session.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
},
"description": "<p>Initiate an authentication request using a U2F device.</p>",
"filename": "shared/api.ts",
"groupTitle": "U2F",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/api/u2f/register_request",
"title": "Start U2F registration",
"name": "StartU2FRegistration",
"group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
"Success 200": [
{
"group": "Success 200",
"optional": false,
"field": "authentication_request",
"description": "<p>The U2F registration request.</p>"
}
]
}
},
"error": {
"fields": {
"Error 403": [
{
"group": "Error 403",
"type": "none",
"optional": false,
"field": "error",
"description": "<p>Unexpected identity validation challenge.</p>"
}
],
"Error 500": [
{
"group": "Error 500",
"type": "String",
"optional": false,
"field": "error",
"description": "<p>Internal error message.</p>"
}
]
}
},
"description": "<p>Initiate a U2F device registration request.</p>",
"filename": "shared/api.ts",
"groupTitle": "U2F",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
},
{
"type": "get",
"url": "/api/verify",
"title": "Verify user authentication",
"name": "VerifyAuthentication",
"group": "Verification",
"version": "1.0.0",
"parameter": {
"fields": {
"Parameter": [
{
"group": "Parameter",
"type": "String",
"optional": false,
"field": "redirect",
"description": "<p>Optional parameter set to the url where the user is redirected if access is refused. It is mainly used by Traefik that does not control the redirection itself.</p>"
}
]
}
},
"success": {
"fields": {
"Success 204": [
{
"group": "Success 204",
"optional": false,
"field": "status",
"description": "<p>The user is authenticated.</p>"
}
]
}
},
"error": {
"fields": {
"Error 302": [
{
"group": "Error 302",
"optional": false,
"field": "redirect",
"description": "<p>The user is redirected if redirect parameter is provided.</p>"
}
],
"Error 401": [
{
"group": "Error 401",
"optional": false,
"field": "status",
"description": "<p>The user get an error if access failed</p>"
}
]
}
},
"description": "<p>Verify that the user is authenticated, i.e., the two factors have been validated. If the user is authenticated the response headers Remote-User and Remote-Groups are set. Remote-User contains the user id of the currently logged in user and Remote-Groups a comma separated list of assigned groups.</p>",
"filename": "shared/api.ts",
"groupTitle": "Verification",
"header": {
"fields": {
"Header": [
{
"group": "Header",
"type": "String",
"optional": false,
"field": "Cookie",
"description": "<p>Cookie containing &quot;connect.sid&quot;, the user session token.</p>"
}
]
}
}
}
]