--- swagger: "2.0" info: x-ibm-name: psd2-v2-oauth-provider title: Psd2-v2-oauth-provider version: 1.0.0 description: "" schemes: - https securityDefinitions: Client_Secret: type: apiKey description: "" in: header name: X-IBM-Client-Secret Client_Id: description: application's client_id in: header name: X-IBM-Client-Id type: apiKey security: - Client_Secret: [] Client_Id: [] paths: /psd2/v2/oauth2/authorize: get: produces: - text/html summary: endpoint for Authorization Code and Implicit grants description: description parameters: - name: response_type in: query description: request an authorization code or or access token (implicit) required: true type: string enum: - code - token - name: scope in: query description: Scope being requested type: string required: true - name: redirect_uri in: query type: string description: URI where user is redirected to after authorization required: false - name: state in: query type: string description: This string will be echoed back to application when user is redirected required: false responses: 200: description: An HTML form for authentication or authorization of this request. 302: description: | Redirect to the clients redirect_uri containing one of the following - **authorization code** for Authorization code grant - **access token** for Implicity grant - **error** in case of errors, such as the user has denied the request security: - [] consumes: [] post: consumes: - application/x-www-form-urlencoded produces: - text/html summary: submit approval to authorization code or access token description: | Submit resource owners approval (or rejection) for the OAuth2 Server to issue an authorization code or access token to the application. parameters: - name: client_id in: formData description: application requesting the access code or token required: true type: string - name: scope in: formData description: requested scope of this authorization required: true type: string - name: resource-owner in: formData description: resource owners user name required: true type: string - name: redirect_uri in: formData description: URI the application is requesting this code or token to be redirected to required: true type: string - name: original-url in: formData description: URL of the original authorization request required: true type: string - name: dp-state in: formData description: state information provided in the authorization form required: true type: string - name: dp-data in: formData description: state information provided in the authorization form required: true type: string responses: 200: description: A consent form for oauth processing. /v2/oauth2/token: post: consumes: - application/x-www-form-urlencoded produces: - application/json summary: Request Access Tokens description: | This endpoint allows requesting an access token following one of the flows below: - Authorization Code (exchange code for access token) - Client Credentials (2-legged, there isnt resource owner information) - Resource Owner Password Credentials (2-legged, client provides resource owner name and password) - Refresh Token (exchange refresh token for a new access code) The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type. Client authentication: - Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter. - Public clients should send their client_id as formData parameter. | grant_type | code | client_credentials | password | refresh_token | |----------------------|------------|--------------------|-------------|---------------| | client_id | required* | required* | required* | required* | | client_secret | required* | required* | required* | required* | | code | required | | | | | redirect_uri | required | | | | | username | | | required | | | password | | | required | | | scope | | optional | optional | | | refresh_token | | | | required | The implicit grant requests, see /oauth2/authorize. parameters: - name: grant_type in: formData description: Type of grant type: string required: true enum: - authorization_code - password - client_credentials - refresh_token - name: client_id in: formData description: Application client ID, can be provided in formData or using HTTP Basic Authentication required: true type: string - name: client_secret in: formData description: Application secret, must be provided in formData or using HTTP Basic Authentication required: true type: string - name: code in: formData description: Authorization code provided by the /oauth2/authorize endpoint required: false type: string - name: redirect_uri in: formData description: required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical. required: false type: string - name: username in: formData type: string description: Resource owner username required: false - name: password in: formData type: string description: Resource owner password required: false - name: scope in: formData type: string description: Scope being requested required: false - name: refresh_token in: formData type: string description: The refresh token that the client wants to exchange for a new access token (refresh_token grant_type) required: false responses: 200: description: json document containing token, etc. schema: $ref: '#/definitions/access_token_response' 400: description: json document that may contain additional details about the failure /v2/oauth2/introspect: post: consumes: - application/x-www-form-urlencoded produces: - application/json summary: Introspect a given access_token supported description: | This endpoint introspects a given access_token parameters: - name: token in: formData description: String value of the access_token to be introspected required: true type: string - name: token_type_hint in: formData description: This must contain 'access_token' to indicate the token type required: true type: string responses: 200: description: json document containing access_token information, etc. schema: $ref: '#/definitions/introspect_response' 401: description: failure x-ibm-configuration: testable: true enforced: true phase: realized type: oauth definitions: access_token_response: type: object additionalProperties: false required: - token_type - access_token - expires_in properties: token_type: enum: - bearer access_token: type: string expires_in: type: integer scope: type: string refresh_token: type: string introspect_response: type: object additionalProperties: false required: - active - client_id - client_name - username - sub - exp - expstr - iat - nbf - nbfstr - scope properties: active: type: boolean client_id: type: string client_name: type: string username: type: string sub: type: string exp: type: string expstr: type: string iat: type: string nbf: type: string nbfstr: type: string scope: type: string miscinfo: type: string consented_on: type: string consented_on_str: type: string grant_type: type: string basePath: / x-ibm-endpoints: - endpointUrl: https://apis.bankofcyprus.com/df-boc-org-prd/prod description: APIC Gateway Server type: - production ...