mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
4dce8f9496
* adjust session refresh to always occur (for disabled users) * feat: adds filtering option for Request Method in ACL's * simplify flow of internal/authorization/authorizer.go's methods * implement query string checking * utilize authorizer.Object fully * make matchers uniform * add tests * add missing request methods * add frontend enhancements to handle request method * add request method to 1FA Handler Suite * add internal ACL representations (preparsing) * expand on access_control next * add docs * remove unnecessary slice for network names and instead just use a plain string * add warning for ineffectual bypass policy (due to subjects) * add user/group wildcard support * fix(authorization): allow subject rules to match anonymous users * feat(api): add new params * docs(api): wording adjustments * test: add request method into testing and proxy docs * test: add several checks and refactor schema validation for ACL * test: add integration test for methods acl * refactor: apply suggestions from code review * docs(authorization): update description
773 lines
24 KiB
YAML
773 lines
24 KiB
YAML
---
|
|
openapi: 3.0.0
|
|
info:
|
|
title: Authelia API
|
|
description: Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal.
|
|
contact:
|
|
name: Authelia Support
|
|
url: https://github.com/authelia/authelia#contact-options
|
|
email: team@authelia.com
|
|
license:
|
|
name: Apache 2.0
|
|
url: https://www.apache.org/licenses/LICENSE-2.0
|
|
version: 1.0.0
|
|
tags:
|
|
- name: State
|
|
description: Configuration, health and state endpoints
|
|
- name: Authentication
|
|
description: Authentication and verification endpoints
|
|
- name: Password Reset
|
|
description: Password reset endpoints
|
|
- name: User Information
|
|
description: User configuration endpoints
|
|
- name: Second Factor
|
|
description: TOTP, U2F and Duo endpoints
|
|
paths:
|
|
/api/configuration:
|
|
get:
|
|
tags:
|
|
- State
|
|
summary: Application Configuration
|
|
description: The configuration endpoint provides detailed information including available second factor methods, if any second factor policies exist and the TOTP period configuration.
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.configuration.ConfigurationBody'
|
|
"403":
|
|
description: Forbidden
|
|
security:
|
|
- authelia_auth: [ ]
|
|
/api/health:
|
|
get:
|
|
tags:
|
|
- State
|
|
summary: Application Health
|
|
description: The health check endpoint provides information about the health of Authelia.
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
/api/state:
|
|
get:
|
|
tags:
|
|
- State
|
|
summary: User Application State
|
|
description: The state endpoint provides detailed information including the user, current authenticate level and Authelia's configured default redirection URL.
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.StateResponse'
|
|
/api/verify:
|
|
get:
|
|
tags:
|
|
- Authentication
|
|
summary: Verification
|
|
description: The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified domain.
|
|
parameters:
|
|
- $ref: '#/components/parameters/originalURLParam'
|
|
- $ref: '#/components/parameters/forwardedMethodParam'
|
|
- $ref: '#/components/parameters/authParam'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
headers:
|
|
remote-user:
|
|
description: Username
|
|
schema:
|
|
type: string
|
|
example: john
|
|
remote-name:
|
|
description: Name
|
|
schema:
|
|
type: string
|
|
example: John Doe
|
|
remote-email:
|
|
description: Email
|
|
schema:
|
|
type: string
|
|
example: john.doe@authelia.com
|
|
remote-groups:
|
|
description: Comma separated list of Groups
|
|
schema:
|
|
type: string
|
|
example: admin,devs
|
|
"401":
|
|
description: Unauthorized
|
|
security:
|
|
- authelia_auth: []
|
|
head:
|
|
tags:
|
|
- Authentication
|
|
summary: Verification
|
|
description: The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified domain.
|
|
parameters:
|
|
- $ref: '#/components/parameters/originalURLParam'
|
|
- $ref: '#/components/parameters/forwardedMethodParam'
|
|
- $ref: '#/components/parameters/authParam'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
headers:
|
|
remote-user:
|
|
description: Username
|
|
schema:
|
|
type: string
|
|
example: john
|
|
remote-name:
|
|
description: Name
|
|
schema:
|
|
type: string
|
|
example: John Doe
|
|
remote-email:
|
|
description: Email
|
|
schema:
|
|
type: string
|
|
example: john.doe@authelia.com
|
|
remote-groups:
|
|
description: Comma separated list of Groups
|
|
schema:
|
|
type: string
|
|
example: admin,devs
|
|
"401":
|
|
description: Unauthorized
|
|
security:
|
|
- authelia_auth: []
|
|
/api/firstfactor:
|
|
post:
|
|
tags:
|
|
- Authentication
|
|
summary: Login
|
|
description: The firstfactor endpoint allows a user to login and generates an authentication cookie for authorization.
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.firstFactorRequestBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
headers:
|
|
Set-Cookie:
|
|
style: simple
|
|
explode: false
|
|
schema:
|
|
type: string
|
|
example: authelia_session=kTTCSLupEUirZVfLeZTijezewFQnNOgs; Path=/
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.redirectResponse'
|
|
"401":
|
|
description: Unauthorized
|
|
security:
|
|
- authelia_auth: []
|
|
/api/logout:
|
|
post:
|
|
tags:
|
|
- Authentication
|
|
summary: Logout
|
|
description: The logout endpoint allows a user to logout and destroy a sesssion.
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
security:
|
|
- authelia_auth: [ ]
|
|
/api/reset-password/identity/start:
|
|
post:
|
|
tags:
|
|
- Password Reset
|
|
summary: Identity Verification Token Creation
|
|
description: "This endpoint is step 1 of 3 in the password reset process.\n\nIt validates the user session and sends the user an email with a token and a link to reset their password. This step also generates a session cookie for the rest of the process.\n\nThe same session cookie must be used for all steps in this process."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.resetPasswordStep1RequestBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/reset-password/identity/finish:
|
|
post:
|
|
tags:
|
|
- Password Reset
|
|
summary: Identity Verification Token Validation
|
|
description: "This endpoint is step 2 of 3 in the password reset process.\n\nIt validates the user session and reset token.\n\nThe same session cookie must be used for all steps in this process."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.IdentityVerificationFinishBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/reset-password:
|
|
post:
|
|
tags:
|
|
- Password Reset
|
|
summary: Password Reset
|
|
description: "This endpoint is step 3 of 3 in the password reset process.\n\nIt validates the user session and changes the password.\n\nThe same session cookie must be used for all steps in this process."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.resetPasswordStep2RequestBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/user/info:
|
|
get:
|
|
tags:
|
|
- User Information
|
|
summary: User Configuration
|
|
description: The user info endpoint provides detailed information including a users display name, preferred and registered second factor method(s).
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.UserInfo'
|
|
"403":
|
|
description: Forbidden
|
|
security:
|
|
- authelia_auth: [ ]
|
|
/api/user/info/2fa_method:
|
|
post:
|
|
tags:
|
|
- User Information
|
|
summary: User Configuration
|
|
description: The user info 2fa_method endpoint sets the users preferred second factor method.
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.UserInfo.MethodBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
"403":
|
|
description: Forbidden
|
|
security:
|
|
- authelia_auth: [ ]
|
|
/api/secondfactor/totp/identity/start:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Identity Verification TOTP Token Creation
|
|
description: "This endpoint performs identity verification to begin the TOTP device registration process.\n\nThe session generated from this endpoint must be utilised for the subsequent step in the `/api/secondfactor/totp/identity/finish` endpoint."
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/totp/identity/finish:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Identity Verification TOTP Token Validation and Device Creation
|
|
description: "This endpoint performs identity and token verification, upon success also generates TOTP device secret and registers said device.\n\nThe session cookie generated from the `/api/secondfactor/totp/identity/start` endpoint must be utilised for the step here"
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.IdentityVerificationFinishBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.TOTPKeyResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/totp:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Second Factor Authentication - TOTP
|
|
description: "This endpoint performs second factor authentication with a TOTP key."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.signTOTPRequestBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.redirectResponse'
|
|
"401":
|
|
description: Unauthorized
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.ErrorResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/u2f/sign_request:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Second Factor Authentication - U2F (Request)
|
|
description: "This endpoint starts the second factor authentication process with the U2F key."
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/u2f.WebSignRequest'
|
|
"401":
|
|
description: Unauthorized
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/u2f/sign:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Second Factor Authentication - U2F
|
|
description: "This endpoint completes second factor authentication with a U2F key."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/handlers.signU2FRequestBody"
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.redirectResponse'
|
|
"401":
|
|
description: Unauthorized
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/u2f/identity/start:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Identity Verification U2F Token Creation
|
|
description: "This endpoint performs identity verification to begin the U2F device registration process.\n\nThe session generated from this endpoint must be utilised for the subsequent steps in the `/api/secondfactor/u2f/identity/finish` and `/api/secondfactor/u2f/register` endpoints."
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/u2f/identity/finish:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Identity Verification U2F Token Validation
|
|
description: "This endpoint performs identity and token verification, upon success generates a U2F device registration challenge.\n\nThe session cookie generated from the `/api/secondfactor/u2f/identity/start` endpoint must be utilised for the subsequent steps here and in the `/api/secondfactor/u2f/register` endpoint."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.IdentityVerificationFinishBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/u2f.WebRegisterRequest'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/u2f/register:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: U2F Device Registration
|
|
description: "This endpoint performs U2F device registration."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/u2f.RegisterResponse'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/middlewares.OkResponse'
|
|
security:
|
|
- authelia_auth: []
|
|
/api/secondfactor/duo:
|
|
post:
|
|
tags:
|
|
- Second Factor
|
|
summary: Second Factor Authentication - Duo Mobile Push
|
|
description: "This endpoint performs second factor authentication with a Duo Mobile Push."
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.signDuoRequestBody'
|
|
responses:
|
|
"200":
|
|
description: Successful Operation
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/handlers.redirectResponse'
|
|
"401":
|
|
description: Unauthorized
|
|
security:
|
|
- authelia_auth: []
|
|
components:
|
|
parameters:
|
|
originalURLParam:
|
|
name: X-Original-URL
|
|
in: header
|
|
description: Redirection URL
|
|
required: true
|
|
style: simple
|
|
explode: true
|
|
schema:
|
|
type: string
|
|
forwardedMethodParam:
|
|
name: X-Forwarded-Method
|
|
in: header
|
|
description: Request Method
|
|
required: false
|
|
style: simple
|
|
explode: true
|
|
schema:
|
|
type: string
|
|
enum: ["GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "TRACE", "CONNECT", "OPTIONS"]
|
|
authParam:
|
|
name: auth
|
|
in: query
|
|
description: Switch authorization header and prompt for basic auth
|
|
required: false
|
|
schema:
|
|
type: string
|
|
enum: ["basic"]
|
|
schemas:
|
|
handlers.configuration.ConfigurationBody:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
properties:
|
|
available_methods:
|
|
type: array
|
|
items:
|
|
type: string
|
|
example: [totp, u2f, mobile_push]
|
|
second_factor_enabled:
|
|
type: boolean
|
|
description: If second factor is enabled.
|
|
totp_period:
|
|
type: integer
|
|
example: 30
|
|
handlers.firstFactorRequestBody:
|
|
required:
|
|
- username
|
|
- password
|
|
type: object
|
|
properties:
|
|
username:
|
|
type: string
|
|
example: john
|
|
password:
|
|
type: string
|
|
example: password
|
|
targetURL:
|
|
type: string
|
|
example: https://home.example.com
|
|
requestMethod:
|
|
type: string
|
|
example: GET
|
|
keepMeLoggedIn:
|
|
type: boolean
|
|
example: true
|
|
handlers.redirectResponse:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
properties:
|
|
redirect:
|
|
type: string
|
|
example: https://home.example.com
|
|
handlers.resetPasswordStep1RequestBody:
|
|
required:
|
|
- username
|
|
type: object
|
|
properties:
|
|
username:
|
|
type: string
|
|
example: john
|
|
handlers.resetPasswordStep2RequestBody:
|
|
required:
|
|
- password
|
|
type: object
|
|
properties:
|
|
password:
|
|
type: string
|
|
example: password
|
|
handlers.signDuoRequestBody:
|
|
type: object
|
|
properties:
|
|
targetURL:
|
|
type: string
|
|
example: https://secure.example.com
|
|
handlers.signTOTPRequestBody:
|
|
type: object
|
|
properties:
|
|
token:
|
|
type: string
|
|
example: "123456"
|
|
targetURL:
|
|
type: string
|
|
example: https://secure.example.com
|
|
handlers.signU2FRequestBody:
|
|
type: object
|
|
properties:
|
|
targetURL:
|
|
type: string
|
|
example: https://secure.example.com
|
|
signResponse:
|
|
type: object
|
|
properties:
|
|
clientData:
|
|
type: string
|
|
example: 6prxyWqSsR6MXFchtQRzwZVTedWq7Zdc6XreLt6xRDXKeqJN7vzKAfYcKwRD3AT57bP4YFL4hbxat4LUysBNss
|
|
keyHandle:
|
|
type: string
|
|
example: pWgBrwr9meS5vArdffPtD4Px6AqZS7MfGEf776Rz438ujwHjeXwQEZuK53sRQ4wjeAgRCW4wX9VRj8dyKjc273
|
|
signatureData:
|
|
type: string
|
|
example: p3Pe26B6T2E7EEEc59P4p869qwxy8cQAU2ttyGtGrQHb4XL2ZxCpWrawsSHNSTRZQd7jEW59Y3Ku9vSNRzj7Ly
|
|
handlers.StateResponse:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
properties:
|
|
username:
|
|
type: string
|
|
example: john
|
|
authentication_level:
|
|
type: integer
|
|
example: 1
|
|
default_redirection_url:
|
|
type: string
|
|
example: https://home.example.com
|
|
handlers.TOTPKeyResponse:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
properties:
|
|
base32_secret:
|
|
type: string
|
|
example: 5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
|
|
otpauth_url:
|
|
type: string
|
|
example: otpauth://totp/auth.example.com:john?algorithm=SHA1&digits=6&issuer=auth.example.com&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
|
|
handlers.UserInfo:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
properties:
|
|
display_name:
|
|
type: string
|
|
example: John Doe
|
|
method:
|
|
type: string
|
|
enum: [totp, u2f, mobile_push]
|
|
example: totp
|
|
has_u2f:
|
|
type: boolean
|
|
example: false
|
|
has_totp:
|
|
type: boolean
|
|
example: true
|
|
handlers.UserInfo.MethodBody:
|
|
required:
|
|
- method
|
|
type: object
|
|
properties:
|
|
method:
|
|
type: string
|
|
enum: [totp, u2f, mobile_push]
|
|
example: totp
|
|
middlewares.ErrorResponse:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: KO
|
|
message:
|
|
type: string
|
|
example: Authentication failed, please retry later.
|
|
middlewares.IdentityVerificationFinishBody:
|
|
required:
|
|
- token
|
|
type: object
|
|
properties:
|
|
token:
|
|
type: string
|
|
example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDc5MjU1OTYsImlzcyI6IkF1dGhlbGlhIiwiYWN0aW9uIjoiUmVzZXRQYXNzd29yZCIsInVzZXJuYW1lIjoiQW1pciJ9.636yqRrUCGCe4jsMCsonleX5CYWHncYqZum-YYb6VaY
|
|
middlewares.OkResponse:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
u2f.RegisterResponse:
|
|
type: object
|
|
properties:
|
|
version:
|
|
type: string
|
|
registrationData:
|
|
type: string
|
|
clientData:
|
|
type: string
|
|
u2f.WebRegisterRequest:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
properties:
|
|
appId:
|
|
type: string
|
|
example: https://auth.example.com
|
|
registerRequests:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
version:
|
|
type: string
|
|
example: U2F_V2
|
|
challenge:
|
|
type: string
|
|
example: XGYKUzSmTpM1KxxpekArviW0w0OU2pwwRAocgn8TkVQ
|
|
registeredKeys:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
appId:
|
|
type: string
|
|
example: https://auth.example.com
|
|
version:
|
|
type: string
|
|
example: U2F_V2
|
|
keyHandle:
|
|
type: string
|
|
example: pWgBrwr9meS5vArdffPtD4Px6AqZS7MfGEf776Rz438ujwHjeXwQEZuK53sRQ4wjeAgRCW4wX9VRj8dyKjc273
|
|
u2f.WebSignRequest:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
example: OK
|
|
data:
|
|
type: object
|
|
properties:
|
|
appId:
|
|
type: string
|
|
example: https://auth.example.com
|
|
challenge:
|
|
type: string
|
|
example: XGYKUzSmTpM1KxxpekArviW0w0OU2pwwRAocgn8TkVQ
|
|
registeredKeys:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
appId:
|
|
type: string
|
|
example: https://auth.example.com
|
|
version:
|
|
type: string
|
|
example: U2F_V2
|
|
keyHandle:
|
|
type: string
|
|
example: pWgBrwr9meS5vArdffPtD4Px6AqZS7MfGEf776Rz438ujwHjeXwQEZuK53sRQ4wjeAgRCW4wX9VRj8dyKjc273
|
|
securitySchemes:
|
|
authelia_auth:
|
|
type: apiKey
|
|
name: "{{.Session}}"
|
|
in: cookie |