Added new routes for OIDC functionality

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Added
+- Added two new routes which provide information on enabled OIDC providers and updated the OIDC authenticate route.
+  [cyberark/conjur-openapi-spec#220](https://github.com/cyberark/conjur-openapi-spec/pull/220)
+
 ## [5.3.0] - 2021-12-22
 
 ### Added

spec/authentication.yml

@@ -16,6 +16,19 @@ components:
           "signature": "NrknEA762z0x-FVdQjFGeTT.....AFjHc0"
         }
 
+    OIDCAuthResponse:
+      type: object
+      properties:
+        authentication_token:
+          type: string
+        bearer_token:
+          type: string
+      example:
+        {
+          "authentication_token": "kashdbgjkahbfglian..kajshfbkjashbfg",
+          "bearer_token": "hbgLKGrkjbKGbkhbk...gKSkgkhksjdbBG"
+        }
+
     JWTToken:
       type: object
       properties:
@@ -81,7 +94,21 @@ components:
       minLength: 1
       example: "admin"
 
-    OIDCToken:
+    OIDCTokenV2:
+      description: "OpenID Connect ID token format"
+      type: object
+      properties:
+        code:
+          type: string
+        state:
+          type: string
+      example:
+        {
+          "code": "<returned OIDC code>",
+          "state": "<initially defined state>"
+        }
+
+    OIDCTokenV1:
       description: "OpenID Connect ID token"
       type: object
       properties:
@@ -92,6 +119,16 @@ components:
           "id_token": "eyJhbGciOiJSUzI1NiIs......uTonCA"
         }
 
+    OIDCInfo:
+      type: object
+      properties:
+        service_id:
+          type: string
+        redirect_uri:
+          type: string
+      required:
+        - service_id
+
     UserId:
       type: string
       minLength: 1
@@ -124,6 +161,28 @@ components:
           schema:
             type: string
 
+    OIDCInfo:
+      description: "Description of a specific OIDC provider"
+      content:
+        text/plain:
+          schema:
+            $ref: '#/components/schemas/OIDCInfo'
+
+    OIDCInfoList:
+      description: "List of all OIDC provider information"
+      content:
+        text/plain:
+          schema:
+            type: array
+            items:
+              $ref: '#/components/schemas/OIDCInfo'
+
+    OIDCAuthResponse:
+      description: "Response contains tokens allowing for authentication with Conjur"
+      content:
+        text/plain:
+          schema:
+            $ref: "#/components/schemas/OIDCAuthResponse"
   paths:
     DefaultLogin:
       parameters:
@@ -181,7 +240,6 @@ components:
         security:
           - basicAuth: []
 
-
     K8sInjectClientCert:
       parameters:
         - $ref: 'openapi.yml#/components/parameters/RequestID'
@@ -736,22 +794,46 @@ components:
             $ref: 'openapi.yml#/components/schemas/AccountName'
 
         requestBody:
-          description: "ID token"
+          description: "Authentication Details"
           required: true
           content:
             application/x-www-form-urlencoded:
               schema:
-                $ref: '#/components/schemas/OIDCToken'
+                $ref: '#/components/schemas/OIDCTokenV1'
 
         responses:
           "200":
-            $ref: '#/components/responses/AccessToken'
+            $ref: '#/components/responses/OIDCAuthResponse'
           "400":
             $ref: 'openapi.yml#/components/responses/BadRequest'
           "401":
             $ref: 'openapi.yml#/components/responses/UnauthorizedError'
-          "404":
-            $ref: 'openapi.yml#/components/responses/ResourceNotFound'
+
+        security: []
+
+    ListOIDCAuthenticators:
+      parameters:
+        - $ref: 'openapi.yml#/components/parameters/RequestID'
+      get:
+        tags:
+        - "authentication"
+        summary: |
+          Gets basic information about the requested OIDC provider
+        description: |
+          Gets basic information about the requested OIDC provider. This includes
+          the redirect uri for authenticating using OIDC.
+        operationId: "listOIDCProviders"
+        parameters:
+        - name: "account"
+          in: "path"
+          required: true
+          description: "Organization account name"
+          schema:
+            $ref: 'openapi.yml#/components/schemas/AccountName'
+
+        responses:
+          "200":
+            $ref: '#/components/responses/OIDCInfoList'
 
         security: []
 

spec/openapi.yml

@@ -203,6 +203,9 @@ paths:
   '/authn-oidc/{service_id}/{account}/authenticate':
     $ref: 'authentication.yml#/components/paths/OIDCAuthenticate'
 
+  '/authn-oidc/{account}/providers':
+    $ref: 'authentication.yml#/components/paths/ListOIDCAuthenticators'
+
   '/authn-jwt/{service_id}/{account}/authenticate':
     $ref: 'authentication.yml#/components/paths/JWTAuthenticate'