Merge pull request #1056 from uhoreg/refresh_token_spec
Add spec for refresh tokens
This commit is contained in:
Hubert Chathi
GitHub
commit
8d82366cf2
5 changed files with 239 additions and 21 deletions
|
|
@ -1,5 +1,6 @@
|
|||
# Copyright 2016 OpenMarket Ltd
|
||||
# Copyright 2018 New Vector Ltd
|
||||
# Copyright 2022 The Matrix.org Foundation C.I.C.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
|
@ -133,6 +134,11 @@ paths:
|
|||
description: |-
|
||||
A display name to assign to the newly-created device. Ignored
|
||||
if `device_id` corresponds to a known device.
|
||||
refresh_token:
|
||||
type: boolean
|
||||
description: |-
|
||||
If true, the client supports refresh tokens.
|
||||
x-addedInMatrixVersion: "1.3"
|
||||
required: ["type"]
|
||||
|
||||
responses:
|
||||
|
|
@ -142,6 +148,8 @@ paths:
|
|||
application/json: {
|
||||
"user_id": "@cheeky_monkey:matrix.org",
|
||||
"access_token": "abc123",
|
||||
"refresh_token": "def456",
|
||||
"expires_in_ms": 60000,
|
||||
"device_id": "GHTYAJCE",
|
||||
"well_known": {
|
||||
"m.homeserver": {
|
||||
|
|
@ -163,6 +171,23 @@ paths:
|
|||
description: |-
|
||||
An access token for the account.
|
||||
This access token can then be used to authorize other requests.
|
||||
refresh_token:
|
||||
type: string
|
||||
description: |-
|
||||
A refresh token for the account. This token can be used to
|
||||
obtain a new access token when it expires by calling the
|
||||
`/refresh` endpoint.
|
||||
x-addedInMatrixVersion: "1.3"
|
||||
expires_in_ms:
|
||||
type: integer
|
||||
description: |-
|
||||
The lifetime of the access token, in milliseconds. Once
|
||||
the access token has expired a new access token can be
|
||||
obtained by using the provided refresh token. If no
|
||||
refresh token is provided, the client will need to re-log in
|
||||
to obtain a new access token. If not given, the client can
|
||||
assume that the access token will not expire.
|
||||
x-addedInMatrixVersion: "1.3"
|
||||
home_server:
|
||||
type: string
|
||||
description: |-
|
||||
|
|
|
|||
108
data/api/client-server/refresh.yaml
Normal file
108
data/api/client-server/refresh.yaml
Normal file
|
|
@ -0,0 +1,108 @@
|
|||
# Copyright 2022 The Matrix.org Foundation C.I.C.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
swagger: '2.0'
|
||||
info:
|
||||
title: "Matrix Client-Server Registration and Login API"
|
||||
version: "1.0.0"
|
||||
host: localhost:8008
|
||||
schemes:
|
||||
- https
|
||||
- http
|
||||
basePath: /_matrix/client/v3
|
||||
consumes:
|
||||
- application/json
|
||||
produces:
|
||||
- application/json
|
||||
paths:
|
||||
"/refresh":
|
||||
post:
|
||||
x-addedInMatrixVersion: "1.3"
|
||||
summary: Refresh an access token
|
||||
description: |-
|
||||
Refresh an access token. Clients should use the returned access token
|
||||
when making subsequent API calls, and store the returned refresh token
|
||||
(if given) in order to refresh the new access token when necessary.
|
||||
|
||||
After an access token has been refreshed, a server can choose to
|
||||
invalidate the old access token immediately, or can choose not to, for
|
||||
example if the access token would expire soon anyways. Clients should
|
||||
not make any assumptions about the old access token still being valid,
|
||||
and should use the newly provided access token instead.
|
||||
|
||||
The old refresh token remains valid until the new access token or refresh token
|
||||
is used, at which point the old refresh token is revoked.
|
||||
|
||||
Note that this endpoint does not require authentication via an
|
||||
access token. Authentication is provided via the refresh token.
|
||||
|
||||
Application Service identity assertion is disabled for this endpoint.
|
||||
operationId: refresh
|
||||
parameters:
|
||||
- in: body
|
||||
name: body
|
||||
required: true
|
||||
schema:
|
||||
type: object
|
||||
example: {
|
||||
"refresh_token": "some_token"
|
||||
}
|
||||
properties:
|
||||
refresh_token:
|
||||
type: string
|
||||
description: The refresh token
|
||||
responses:
|
||||
200:
|
||||
description: A new access token and refresh token were generated.
|
||||
examples:
|
||||
application/json: {
|
||||
"access_token": "a_new_token",
|
||||
"expires_in_ms": 60000,
|
||||
"refresh_token": "another_new_token"
|
||||
}
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
access_token:
|
||||
type: string
|
||||
description: |-
|
||||
The new access token to use.
|
||||
refresh_token:
|
||||
type: string
|
||||
description: |-
|
||||
The new refresh token to use when the access token needs to
|
||||
be refreshed again. If not given, the old refresh token can
|
||||
be re-used.
|
||||
expires_in_ms:
|
||||
type: integer
|
||||
description: |-
|
||||
The lifetime of the access token, in milliseconds. If not
|
||||
given, the client can assume that the access token will not
|
||||
expire.
|
||||
required:
|
||||
- access_token
|
||||
401:
|
||||
description: |-
|
||||
The provided token was unknown, or has already been used.
|
||||
examples:
|
||||
application/json: {
|
||||
"errcode": "M_UNKNOWN_TOKEN",
|
||||
"error": "Soft logged out",
|
||||
"soft_logout": true
|
||||
}
|
||||
schema:
|
||||
"$ref": "definitions/errors/error.yaml"
|
||||
429:
|
||||
description: This request was rate-limited.
|
||||
schema:
|
||||
"$ref": "definitions/errors/rate_limited.yaml"
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
# Copyright 2016 OpenMarket Ltd
|
||||
# Copyright 2022 The Matrix.org Foundation C.I.C.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
|
@ -127,6 +128,11 @@ paths:
|
|||
returned from this call, therefore preventing an automatic
|
||||
login. Defaults to false.
|
||||
example: false
|
||||
refresh_token:
|
||||
type: boolean
|
||||
description: |-
|
||||
If true, the client supports refresh tokens.
|
||||
x-addedInMatrixVersion: "1.3"
|
||||
responses:
|
||||
200:
|
||||
description: The account has been registered.
|
||||
|
|
@ -152,6 +158,27 @@ paths:
|
|||
An access token for the account.
|
||||
This access token can then be used to authorize other requests.
|
||||
Required if the `inhibit_login` option is false.
|
||||
refresh_token:
|
||||
type: string
|
||||
description: |-
|
||||
A refresh token for the account. This token can be used to
|
||||
obtain a new access token when it expires by calling the
|
||||
`/refresh` endpoint.
|
||||
|
||||
Omitted if the `inhibit_login` option is false.
|
||||
x-addedInMatrixVersion: "1.3"
|
||||
expires_in_ms:
|
||||
type: integer
|
||||
description: |-
|
||||
The lifetime of the access token, in milliseconds. Once
|
||||
the access token has expired a new access token can be
|
||||
obtained by using the provided refresh token. If no
|
||||
refresh token is provided, the client will need to re-log in
|
||||
to obtain a new access token. If not given, the client can
|
||||
assume that the access token will not expire.
|
||||
|
||||
Omitted if the `inhibit_login` option is false.
|
||||
x-addedInMatrixVersion: "1.3"
|
||||
home_server:
|
||||
type: string
|
||||
description: |-
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue