Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Hydra Swagger
{
"consumes": [
"application/json",
"application/x-www-form-urlencoded"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"swagger": "2.0",
"info": {
"description": "Welcome to the ORY Hydra HTTP API documentation. You will find documentation for all HTTP APIs here. Keep in mind that this document reflects the latest branch, always. Support for versioned documentation is coming in the future.",
"title": "ORY Hydra - Cloud Native OAuth 2.0 and OpenID Connect Server",
"contact": {
"name": "ORY",
"url": "https://www.ory.sh",
"email": "hi@ory.am"
},
"license": {
"name": "Apache 2.0",
"url": "https://github.com/ory/hydra/blob/master/LICENSE"
},
"version": "Latest"
},
"basePath": "/",
"paths": {
"/.well-known/jwks.json": {
"get": {
"security": [
{
"oauth2": [
"hydra.keys.get"
]
}
],
"description": "Returns metadata for discovering important JSON Web Keys. Currently, this endpoint returns the public key for verifying OpenID Connect ID Tokens.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:hydra.openid.id-token:public\"],\n\"actions\": [\"GET\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Get Well-Known JSON Web Keys",
"operationId": "wellKnown",
"responses": {
"200": {
"description": "jsonWebKeySet",
"schema": {
"$ref": "#/definitions/jsonWebKeySet"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/.well-known/openid-configuration": {
"get": {
"description": "The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll\nyour own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this\nflow at https://openid.net/specs/openid-connect-discovery-1_0.html",
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Server well known configuration",
"operationId": "getWellKnown",
"responses": {
"200": {
"description": "wellKnown",
"schema": {
"$ref": "#/definitions/wellKnown"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/clients": {
"get": {
"security": [
{
"oauth2": [
"hydra.clients"
]
}
],
"description": "This endpoint lists all clients in the database, and never returns client secrets.\n\nOAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:clients\"],\n\"actions\": [\"get\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "List OAuth 2.0 Clients",
"operationId": "listOAuth2Clients",
"parameters": [
{
"type": "integer",
"format": "int64",
"x-go-name": "Limit",
"description": "The maximum amount of policies returned.",
"name": "limit",
"in": "query"
},
{
"type": "integer",
"format": "int64",
"x-go-name": "Offset",
"description": "The offset from where to start looking.",
"name": "offset",
"in": "query"
}
],
"responses": {
"200": {
"$ref": "#/responses/oAuth2ClientList"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"post": {
"security": [
{
"oauth2": [
"hydra.clients"
]
}
],
"description": "Create a new OAuth 2.0 client If you pass `client_secret` the secret will be used, otherwise a random secret will be generated. The secret will be returned in the response and you will not be able to retrieve it later on. Write the secret down and keep it somwhere safe.\n\nOAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:clients\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```\n\nAdditionally, the context key \"owner\" is set to the owner of the client, allowing policies such as:\n\n```\n{\n\"resources\": [\"rn:hydra:clients\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\",\n\"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } }\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Create an OAuth 2.0 client",
"operationId": "createOAuth2Client",
"parameters": [
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/oAuth2Client"
}
}
],
"responses": {
"200": {
"description": "oAuth2Client",
"schema": {
"$ref": "#/definitions/oAuth2Client"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/clients/{id}": {
"get": {
"security": [
{
"oauth2": [
"hydra.clients"
]
}
],
"description": "Get an OAUth 2.0 client by its ID. This endpoint never returns passwords.\n\nOAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:clients:\u003csome-id\u003e\"],\n\"actions\": [\"get\"],\n\"effect\": \"allow\"\n}\n```\n\nAdditionally, the context key \"owner\" is set to the owner of the client, allowing policies such as:\n\n```\n{\n\"resources\": [\"rn:hydra:clients:\u003csome-id\u003e\"],\n\"actions\": [\"get\"],\n\"effect\": \"allow\",\n\"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } }\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Get an OAuth 2.0 Client.",
"operationId": "getOAuth2Client",
"parameters": [
{
"uniqueItems": true,
"type": "string",
"x-go-name": "ID",
"description": "The id of the OAuth 2.0 Client.",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "oAuth2Client",
"schema": {
"$ref": "#/definitions/oAuth2Client"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"put": {
"security": [
{
"oauth2": [
"hydra.clients"
]
}
],
"description": "Update an existing OAuth 2.0 Client. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe.\n\nOAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:clients\"],\n\"actions\": [\"update\"],\n\"effect\": \"allow\"\n}\n```\n\nAdditionally, the context key \"owner\" is set to the owner of the client, allowing policies such as:\n\n```\n{\n\"resources\": [\"rn:hydra:clients\"],\n\"actions\": [\"update\"],\n\"effect\": \"allow\",\n\"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } }\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Update an OAuth 2.0 Client",
"operationId": "updateOAuth2Client",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"name": "id",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/oAuth2Client"
}
}
],
"responses": {
"200": {
"description": "oAuth2Client",
"schema": {
"$ref": "#/definitions/oAuth2Client"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"delete": {
"security": [
{
"oauth2": [
"hydra.clients"
]
}
],
"description": "Delete an existing OAuth 2.0 Client by its ID.\n\nOAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:clients:\u003csome-id\u003e\"],\n\"actions\": [\"delete\"],\n\"effect\": \"allow\"\n}\n```\n\nAdditionally, the context key \"owner\" is set to the owner of the client, allowing policies such as:\n\n```\n{\n\"resources\": [\"rn:hydra:clients:\u003csome-id\u003e\"],\n\"actions\": [\"delete\"],\n\"effect\": \"allow\",\n\"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } }\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Deletes an OAuth 2.0 Client",
"operationId": "deleteOAuth2Client",
"parameters": [
{
"uniqueItems": true,
"type": "string",
"x-go-name": "ID",
"description": "The id of the OAuth 2.0 Client.",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/health/status": {
"get": {
"description": "This endpoint returns a 200 status code when the HTTP server is up running. `{ \"status\": \"ok\" }`. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set.\n\nBe aware that if you are running multiple nodes of ORY Hydra, the health status will never refer to the cluster state, only to a single instance.",
"tags": [
"health"
],
"summary": "Check the Health Status",
"operationId": "getInstanceStatus",
"responses": {
"200": {
"$ref": "#/responses/healthStatus"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/keys/{set}": {
"get": {
"security": [
{
"oauth2": [
"hydra.keys.get"
]
}
],
"description": "This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"get\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"jsonWebKey"
],
"summary": "Retrieve a JSON Web Key Set",
"operationId": "getJsonWebKeySet",
"parameters": [
{
"type": "string",
"x-go-name": "Set",
"description": "The set",
"name": "set",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "jsonWebKeySet",
"schema": {
"$ref": "#/definitions/jsonWebKeySet"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"put": {
"security": [
{
"oauth2": [
"hydra.keys.update"
]
}
],
"description": "Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e\"],\n\"actions\": [\"update\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"jsonWebKey"
],
"summary": "Update a JSON Web Key Set",
"operationId": "updateJsonWebKeySet",
"parameters": [
{
"type": "string",
"x-go-name": "Set",
"description": "The set",
"name": "set",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/jsonWebKeySet"
}
}
],
"responses": {
"200": {
"description": "jsonWebKeySet",
"schema": {
"$ref": "#/definitions/jsonWebKeySet"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"post": {
"security": [
{
"oauth2": [
"hydra.keys.create"
]
}
],
"description": "This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"jsonWebKey"
],
"summary": "Generate a new JSON Web Key",
"operationId": "createJsonWebKeySet",
"parameters": [
{
"type": "string",
"x-go-name": "Set",
"description": "The set",
"name": "set",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/jsonWebKeySetGeneratorRequest"
}
}
],
"responses": {
"200": {
"description": "jsonWebKeySet",
"schema": {
"$ref": "#/definitions/jsonWebKeySet"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"delete": {
"security": [
{
"oauth2": [
"hydra.keys.delete"
]
}
],
"description": "Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e\"],\n\"actions\": [\"delete\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"jsonWebKey"
],
"summary": "Delete a JSON Web Key Set",
"operationId": "deleteJsonWebKeySet",
"parameters": [
{
"type": "string",
"x-go-name": "Set",
"description": "The set",
"name": "set",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/keys/{set}/{kid}": {
"get": {
"security": [
{
"oauth2": [
"hydra.keys.get"
]
}
],
"description": "This endpoint can be used to retrieve JWKs stored in ORY Hydra.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"get\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"jsonWebKey"
],
"summary": "Retrieve a JSON Web Key",
"operationId": "getJsonWebKey",
"parameters": [
{
"type": "string",
"x-go-name": "KID",
"description": "The kid of the desired key",
"name": "kid",
"in": "path",
"required": true
},
{
"type": "string",
"x-go-name": "Set",
"description": "The set",
"name": "set",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "jsonWebKeySet",
"schema": {
"$ref": "#/definitions/jsonWebKeySet"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"put": {
"security": [
{
"oauth2": [
"hydra.keys.update"
]
}
],
"description": "Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"update\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"jsonWebKey"
],
"summary": "Update a JSON Web Key",
"operationId": "updateJsonWebKey",
"parameters": [
{
"type": "string",
"x-go-name": "KID",
"description": "The kid of the desired key",
"name": "kid",
"in": "path",
"required": true
},
{
"type": "string",
"x-go-name": "Set",
"description": "The set",
"name": "set",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/jsonWebKey"
}
}
],
"responses": {
"200": {
"description": "jsonWebKey",
"schema": {
"$ref": "#/definitions/jsonWebKey"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"delete": {
"security": [
{
"oauth2": [
"hydra.keys.delete"
]
}
],
"description": "Use this endpoint to delete a single JSON Web Key.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"delete\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"jsonWebKey"
],
"summary": "Delete a JSON Web Key",
"operationId": "deleteJsonWebKey",
"parameters": [
{
"type": "string",
"x-go-name": "KID",
"description": "The kid of the desired key",
"name": "kid",
"in": "path",
"required": true
},
{
"type": "string",
"x-go-name": "Set",
"description": "The set",
"name": "set",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/auth": {
"get": {
"description": "This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.\nOAuth2 is a very popular protocol and a library for your programming language will exists.\n\nTo learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749",
"consumes": [
"application/x-www-form-urlencoded"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "The OAuth 2.0 authorize endpoint",
"operationId": "oauthAuth",
"responses": {
"302": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/consent/requests/{id}": {
"get": {
"security": [
{
"oauth2": [
"hydra.consent"
]
}
],
"description": "Call this endpoint to receive information on consent requests. The consent request id is usually transmitted via the URL query `consent`.\nFor example: `http://consent-app.mydomain.com/?consent=1234abcd`\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:oauth2:consent:requests:\u003crequest-id\u003e\"],\n\"actions\": [\"get\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Receive consent request information",
"operationId": "getOAuth2ConsentRequest",
"parameters": [
{
"uniqueItems": true,
"type": "string",
"x-go-name": "ID",
"description": "The id of the OAuth 2.0 Consent Request.",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"$ref": "#/responses/oAuth2ConsentRequest"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/consent/requests/{id}/accept": {
"patch": {
"security": [
{
"oauth2": [
"hydra.consent"
]
}
],
"description": "Call this endpoint to accept a consent request. This usually happens when a user agrees to give access rights to\nan application.\n\n\nThe consent request id is usually transmitted via the URL query `consent`.\nFor example: `http://consent-app.mydomain.com/?consent=1234abcd`\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:oauth2:consent:requests:\u003crequest-id\u003e\"],\n\"actions\": [\"accept\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Accept a consent request",
"operationId": "acceptOAuth2ConsentRequest",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"name": "id",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/consentRequestAcceptance"
}
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/consent/requests/{id}/reject": {
"patch": {
"security": [
{
"oauth2": [
"hydra.consent"
]
}
],
"description": "Call this endpoint to reject a consent request. This usually happens when a user denies access rights to an\napplication.\n\n\nThe consent request id is usually transmitted via the URL query `consent`.\nFor example: `http://consent-app.mydomain.com/?consent=1234abcd`\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:oauth2:consent:requests:\u003crequest-id\u003e\"],\n\"actions\": [\"reject\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Reject a consent request",
"operationId": "rejectOAuth2ConsentRequest",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"name": "id",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/consentRequestRejection"
}
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/flush": {
"post": {
"security": [
{
"basic": []
},
{
"oauth2": [
"hydra.oauth2.flush"
]
}
],
"description": "This endpoint flushes expired OAuth2 access tokens from the database. You can set a time after which no tokens will be\nnot be touched, in case you want to keep recent tokens for auditing. Refresh tokens can not be flushed as they are deleted\nautomatically when performing the refresh flow.\n\n\n```\n{\n\"resources\": [\"rn:hydra:oauth2:tokens\"],\n\"actions\": [\"flush\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Flush Expired OAuth2 Access Tokens",
"operationId": "flushInactiveOAuth2Tokens",
"parameters": [
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/flushInactiveOAuth2TokensRequest"
}
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/introspect": {
"post": {
"security": [
{
"basic": []
},
{
"oauth2": [
"hydra.introspect"
]
}
],
"description": "The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token\nis neither expired nor revoked. If a token is active, additional information on the token will be included. You can\nset additional data for a token by setting `accessTokenExtra` during the consent flow.\n\n```\n{\n\"resources\": [\"rn:hydra:oauth2:tokens\"],\n\"actions\": [\"introspect\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/x-www-form-urlencoded"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Introspect OAuth2 tokens",
"operationId": "introspectOAuth2Token",
"parameters": [
{
"type": "string",
"x-go-name": "Token",
"description": "The string value of the token. For access tokens, this\nis the \"access_token\" value returned from the token endpoint\ndefined in OAuth 2.0 [RFC6749], Section 5.1.\nThis endpoint DOES NOT accept refresh tokens for validation.",
"name": "token",
"in": "formData",
"required": true
},
{
"type": "string",
"x-go-name": "Scope",
"description": "An optional, space separated list of required scopes. If the access token was not granted one of the\nscopes, the result of active will be false.",
"name": "scope",
"in": "formData"
}
],
"responses": {
"200": {
"$ref": "#/responses/introspectOAuth2TokenResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/revoke": {
"post": {
"security": [
{
"basic": []
}
],
"description": "Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no\nlonger be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token.\nRevoking a refresh token also invalidates the access token that was created with it.",
"consumes": [
"application/x-www-form-urlencoded"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "Revoke OAuth2 tokens",
"operationId": "revokeOAuth2Token",
"parameters": [
{
"type": "string",
"x-go-name": "Token",
"name": "token",
"in": "formData",
"required": true
}
],
"responses": {
"200": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/oauth2/token": {
"post": {
"security": [
{
"basic": []
},
{
"oauth2": []
}
],
"description": "This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.\nOAuth2 is a very popular protocol and a library for your programming language will exists.\n\nTo learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749",
"consumes": [
"application/x-www-form-urlencoded"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "The OAuth 2.0 token endpoint",
"operationId": "oauthToken",
"responses": {
"200": {
"$ref": "#/responses/oauthTokenResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/policies": {
"get": {
"security": [
{
"oauth2": [
"hydra.policies"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:policies\"],\n\"actions\": [\"list\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"policy"
],
"summary": "List Access Control Policies",
"operationId": "listPolicies",
"parameters": [
{
"type": "integer",
"format": "int64",
"x-go-name": "Offset",
"description": "The offset from where to start looking.",
"name": "offset",
"in": "query"
},
{
"type": "integer",
"format": "int64",
"x-go-name": "Limit",
"description": "The maximum amount of policies returned.",
"name": "limit",
"in": "query"
}
],
"responses": {
"200": {
"$ref": "#/responses/policyList"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"post": {
"security": [
{
"oauth2": [
"hydra.policies"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:policies\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"policy"
],
"summary": "Create an Access Control Policy",
"operationId": "createPolicy",
"parameters": [
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/policy"
}
}
],
"responses": {
"201": {
"description": "policy",
"schema": {
"$ref": "#/definitions/policy"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/policies/{id}": {
"get": {
"security": [
{
"oauth2": [
"hydra.policies"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:policies:\u003cid\u003e\"],\n\"actions\": [\"get\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"policy"
],
"summary": "Get an Access Control Policy",
"operationId": "getPolicy",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"description": "The id of the policy.",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "policy",
"schema": {
"$ref": "#/definitions/policy"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"put": {
"security": [
{
"oauth2": [
"hydra.policies"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:policies\"],\n\"actions\": [\"update\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"policy"
],
"summary": "Update an Access Control Polic",
"operationId": "updatePolicy",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"description": "The id of the policy.",
"name": "id",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/policy"
}
}
],
"responses": {
"200": {
"description": "policy",
"schema": {
"$ref": "#/definitions/policy"
}
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"delete": {
"security": [
{
"oauth2": [
"hydra.policies"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:policies:\u003cid\u003e\"],\n\"actions\": [\"delete\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"policy"
],
"summary": "Delete an Access Control Policy",
"operationId": "deletePolicy",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"description": "The id of the policy.",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/userinfo": {
"post": {
"security": [
{
"oauth2": []
}
],
"description": "This endpoint returns the payload of the ID Token, including the idTokenExtra values, of the provided OAuth 2.0 access token.\nThe endpoint implements http://openid.net/specs/openid-connect-core-1_0.html#UserInfo .",
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"oAuth2"
],
"summary": "OpenID Connect Userinfo",
"operationId": "userinfo",
"responses": {
"200": {
"$ref": "#/responses/userinfoResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/warden/allowed": {
"post": {
"security": [
{
"oauth2": [
"hydra.warden"
]
}
],
"description": "Checks if a subject (typically a user or a service) is allowed to perform an action on a resource. This endpoint requires a subject,\na resource name, an action name and a context. If the subject is not allowed to perform the action on the resource,\nthis endpoint returns a 200 response with `{ \"allowed\": false}`, otherwise `{ \"allowed\": true }` is returned.\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:allowed\"],\n\"actions\": [\"decide\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "Check if an access request is valid (without providing an access token)",
"operationId": "doesWardenAllowAccessRequest",
"parameters": [
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/wardenAccessRequest"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/wardenAccessRequestResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/warden/groups": {
"get": {
"security": [
{
"oauth2": [
"hydra.warden.groups"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:groups\"],\n\"actions\": [\"list\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "List groups",
"operationId": "listGroups",
"parameters": [
{
"type": "string",
"x-go-name": "Member",
"description": "The id of the member to look up.",
"name": "member",
"in": "query"
},
{
"type": "integer",
"format": "int64",
"x-go-name": "Limit",
"description": "The maximum amount of policies returned.",
"name": "limit",
"in": "query"
},
{
"type": "integer",
"format": "int64",
"x-go-name": "Offset",
"description": "The offset from where to start looking.",
"name": "offset",
"in": "query"
}
],
"responses": {
"200": {
"$ref": "#/responses/listGroupsResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"post": {
"security": [
{
"oauth2": [
"hydra.warden.groups"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:groups\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "Create a group",
"operationId": "createGroup",
"parameters": [
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/group"
}
}
],
"responses": {
"201": {
"$ref": "#/responses/groupResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/warden/groups/{id}": {
"get": {
"security": [
{
"oauth2": [
"hydra.warden.groups"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:groups:\u003cid\u003e\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "Get a group by id",
"operationId": "getGroup",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"description": "The id of the group to look up.",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"201": {
"$ref": "#/responses/groupResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"delete": {
"security": [
{
"oauth2": [
"hydra.warden.groups"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:groups:\u003cid\u003e\"],\n\"actions\": [\"delete\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "Delete a group by id",
"operationId": "deleteGroup",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"description": "The id of the group to look up.",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/warden/groups/{id}/members": {
"post": {
"security": [
{
"oauth2": [
"hydra.warden.groups"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:groups:\u003cid\u003e\"],\n\"actions\": [\"members.add\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "Add members to a group",
"operationId": "addMembersToGroup",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"description": "The id of the group to modify.",
"name": "id",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/groupMembers"
}
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
},
"delete": {
"security": [
{
"oauth2": [
"hydra.warden.groups"
]
}
],
"description": "The subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:groups:\u003cid\u003e\"],\n\"actions\": [\"members.remove\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "Remove members from a group",
"operationId": "removeMembersFromGroup",
"parameters": [
{
"type": "string",
"x-go-name": "ID",
"description": "The id of the group to modify.",
"name": "id",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/groupMembers"
}
}
],
"responses": {
"204": {
"$ref": "#/responses/emptyResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
},
"/warden/token/allowed": {
"post": {
"security": [
{
"oauth2": [
"hydra.warden"
]
}
],
"description": "Checks if a token is valid and if the token subject is allowed to perform an action on a resource.\nThis endpoint requires a token, a scope, a resource name, an action name and a context.\n\n\nIf a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to\nperform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false}`.\n\n\nExtra data set through the `accessTokenExtra` field in the consent flow will be included in the response.\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:warden:token:allowed\"],\n\"actions\": [\"decide\"],\n\"effect\": \"allow\"\n}\n```",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"schemes": [
"http",
"https"
],
"tags": [
"warden"
],
"summary": "Check if an access request is valid (providing an access token)",
"operationId": "doesWardenAllowTokenAccessRequest",
"parameters": [
{
"name": "Body",
"in": "body",
"schema": {
"$ref": "#/definitions/wardenTokenAccessRequest"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/wardenTokenAccessRequestResponse"
},
"401": {
"$ref": "#/responses/genericError"
},
"403": {
"$ref": "#/responses/genericError"
},
"500": {
"$ref": "#/responses/genericError"
}
}
}
}
},
"definitions": {
"ConsentRequest": {
"type": "object",
"title": "ConsentRequest represents a consent request.",
"properties": {
"clientId": {
"description": "ClientID is the client id that initiated the OAuth2 request.",
"type": "string",
"x-go-name": "ClientID"
},
"expiresAt": {
"description": "ExpiresAt is the time where the access request will expire.",
"type": "string",
"format": "date-time",
"x-go-name": "ExpiresAt"
},
"id": {
"description": "ID is the id of this consent request.",
"type": "string",
"x-go-name": "ID"
},
"redirectUrl": {
"description": "Redirect URL is the URL where the user agent should be redirected to after the consent has been\naccepted or rejected.",
"type": "string",
"x-go-name": "RedirectURL"
},
"requestedScopes": {
"description": "RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "RequestedScopes"
}
},
"x-go-package": "github.com/ory/hydra/oauth2"
},
"ConsentRequestManager": {
"type": "object",
"x-go-package": "github.com/ory/hydra/oauth2"
},
"Context": {
"description": "Context contains an access token's session data",
"type": "object",
"properties": {
"accessTokenExtra": {
"description": "Extra represents arbitrary session data.",
"type": "object",
"additionalProperties": {
"type": "object"
},
"x-go-name": "Extra"
},
"clientId": {
"description": "ClientID is id of the client the token was issued for..",
"type": "string",
"x-go-name": "ClientID"
},
"expiresAt": {
"description": "ExpiresAt is the expiry timestamp.",
"type": "string",
"format": "date-time",
"x-go-name": "ExpiresAt"
},
"grantedScopes": {
"description": "GrantedScopes is a list of scopes that the subject authorized when asked for consent.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "GrantedScopes"
},
"issuedAt": {
"description": "IssuedAt is the token creation time stamp.",
"type": "string",
"format": "date-time",
"x-go-name": "IssuedAt"
},
"issuer": {
"description": "Issuer is the id of the issuer, typically an hydra instance.",
"type": "string",
"x-go-name": "Issuer"
},
"subject": {
"description": "Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.\nThis is usually a uuid but you can choose a urn or some other id too.",
"type": "string",
"x-go-name": "Subject"
}
},
"x-go-package": "github.com/ory/hydra/firewall"
},
"Firewall": {
"type": "object",
"title": "Firewall offers various validation strategies for access tokens.",
"x-go-package": "github.com/ory/hydra/firewall"
},
"Handler": {
"type": "object",
"properties": {
"Generators": {
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/KeyGenerator"
}
},
"H": {
"$ref": "#/definitions/Writer"
},
"Manager": {
"$ref": "#/definitions/Manager"
},
"ResourcePrefix": {
"type": "string"
},
"W": {
"$ref": "#/definitions/Firewall"
}
},
"x-go-package": "github.com/ory/hydra/jwk"
},
"KeyGenerator": {
"type": "object",
"x-go-package": "github.com/ory/hydra/jwk"
},
"Manager": {
"type": "object",
"x-go-package": "github.com/ory/hydra/warden/group"
},
"RawMessage": {
"description": "It implements Marshaler and Unmarshaler and can\nbe used to delay JSON decoding or precompute a JSON encoding.",
"type": "array",
"title": "RawMessage is a raw encoded JSON value.",
"items": {
"type": "integer",
"format": "uint8"
},
"x-go-package": "encoding/json"
},
"Writer": {
"description": "Writer is a helper to write arbitrary data to a ResponseWriter",
"type": "object",
"x-go-package": "github.com/ory/hydra/vendor/github.com/ory/herodot"
},
"consentRequestAcceptance": {
"type": "object",
"title": "AcceptConsentRequestPayload represents data that will be used to accept a consent request.",
"properties": {
"accessTokenExtra": {
"description": "AccessTokenExtra represents arbitrary data that will be added to the access token and that will be returned\non introspection and warden requests.",
"type": "object",
"additionalProperties": {
"type": "object"
},
"x-go-name": "AccessTokenExtra"
},
"grantScopes": {
"description": "A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "GrantScopes"
},
"idTokenExtra": {
"description": "IDTokenExtra represents arbitrary data that will be added to the ID token. The ID token will only be issued\nif the user agrees to it and if the client requested an ID token.",
"type": "object",
"additionalProperties": {
"type": "object"
},
"x-go-name": "IDTokenExtra"
},
"subject": {
"description": "Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the\nOAuth2 request.",
"type": "string",
"x-go-name": "Subject"
}
},
"x-go-name": "AcceptConsentRequestPayload",
"x-go-package": "github.com/ory/hydra/oauth2"
},
"consentRequestRejection": {
"type": "object",
"title": "RejectConsentRequestPayload represents data that will be used to reject a consent request.",
"properties": {
"reason": {
"description": "Reason represents the reason why the user rejected the consent request.",
"type": "string",
"x-go-name": "Reason"
}
},
"x-go-name": "RejectConsentRequestPayload",
"x-go-package": "github.com/ory/hydra/oauth2"
},
"flushInactiveOAuth2TokensRequest": {
"type": "object",
"properties": {
"notAfter": {
"description": "NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history\nof recently issued tokens for auditing.",
"type": "string",
"format": "date-time",
"x-go-name": "NotAfter"
}
},
"x-go-name": "FlushInactiveOAuth2TokensRequest",
"x-go-package": "github.com/ory/hydra/oauth2"
},
"group": {
"description": "Group represents a warden group",
"type": "object",
"properties": {
"id": {
"description": "ID is the groups id.",
"type": "string",
"x-go-name": "ID"
},
"members": {
"description": "Members is who belongs to the group.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "Members"
}
},
"x-go-name": "Group",
"x-go-package": "github.com/ory/hydra/warden/group"
},
"groupMembers": {
"type": "object",
"properties": {
"members": {
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "Members"
}
},
"x-go-name": "membersRequest",
"x-go-package": "github.com/ory/hydra/warden/group"
},
"joseWebKeySetRequest": {
"type": "object",
"properties": {
"keys": {
"type": "array",
"items": {
"$ref": "#/definitions/RawMessage"
},
"x-go-name": "Keys"
}
},
"x-go-package": "github.com/ory/hydra/jwk"
},
"jsonWebKey": {
"type": "object",
"properties": {
"alg": {
"description": "The \"alg\" (algorithm) parameter identifies the algorithm intended for\nuse with the key. The values used should either be registered in the\nIANA \"JSON Web Signature and Encryption Algorithms\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name.",
"type": "string",
"x-go-name": "Alg"
},
"crv": {
"type": "string",
"x-go-name": "Crv"
},
"d": {
"type": "string",
"x-go-name": "D"
},
"dp": {
"type": "string",
"x-go-name": "Dp"
},
"dq": {
"type": "string",
"x-go-name": "Dq"
},
"e": {
"type": "string",
"x-go-name": "E"
},
"k": {
"type": "string",
"x-go-name": "K"
},
"kid": {
"description": "The \"kid\" (key ID) parameter is used to match a specific key. This\nis used, for instance, to choose among a set of keys within a JWK Set\nduring key rollover. The structure of the \"kid\" value is\nunspecified. When \"kid\" values are used within a JWK Set, different\nkeys within the JWK Set SHOULD use distinct \"kid\" values. (One\nexample in which different keys might use the same \"kid\" value is if\nthey have different \"kty\" (key type) values but are considered to be\nequivalent alternatives by the application using them.) The \"kid\"\nvalue is a case-sensitive string.",
"type": "string",
"x-go-name": "Kid"
},
"kty": {
"description": "The \"kty\" (key type) parameter identifies the cryptographic algorithm\nfamily used with the key, such as \"RSA\" or \"EC\". \"kty\" values should\neither be registered in the IANA \"JSON Web Key Types\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name. The \"kty\" value is a case-sensitive string.",
"type": "string",
"x-go-name": "Kty"
},
"n": {
"type": "string",
"x-go-name": "N"
},
"p": {
"type": "string",
"x-go-name": "P"
},
"q": {
"type": "string",
"x-go-name": "Q"
},
"qi": {
"type": "string",
"x-go-name": "Qi"
},
"use": {
"description": "The \"use\" (public key use) parameter identifies the intended use of\nthe public key. The \"use\" parameter is employed to indicate whether\na public key is used for encrypting data or verifying the signature\non data. Values are commonly \"sig\" (signature) or \"enc\" (encryption).",
"type": "string",
"x-go-name": "Use"
},
"x": {
"type": "string",
"x-go-name": "X"
},
"x5c": {
"description": "The \"x5c\" (X.509 certificate chain) parameter contains a chain of one\nor more PKIX certificates [RFC5280]. The certificate chain is\nrepresented as a JSON array of certificate value strings. Each\nstring in the array is a base64-encoded (Section 4 of [RFC4648] --\nnot base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.\nThe PKIX certificate containing the key value MUST be the first\ncertificate.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "X5c"
},
"y": {
"type": "string",
"x-go-name": "Y"
}
},
"x-go-name": "swaggerJSONWebKey",
"x-go-package": "github.com/ory/hydra/jwk"
},
"jsonWebKeySet": {
"type": "object",
"properties": {
"keys": {
"description": "The value of the \"keys\" parameter is an array of JWK values. By\ndefault, the order of the JWK values within the array does not imply\nan order of preference among them, although applications of JWK Sets\ncan choose to assign a meaning to the order for their purposes, if\ndesired.",
"type": "array",
"items": {
"$ref": "#/definitions/jsonWebKey"
},
"x-go-name": "Keys"
}
},
"x-go-name": "swaggerJSONWebKeySet",
"x-go-package": "github.com/ory/hydra/jwk"
},
"jsonWebKeySetGeneratorRequest": {
"type": "object",
"required": [
"alg",
"kid"
],
"properties": {
"alg": {
"description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", and \"HS256\"",
"type": "string",
"x-go-name": "Algorithm"
},
"kid": {
"description": "The kid of the key to be created",
"type": "string",
"x-go-name": "KeyID"
}
},
"x-go-name": "createRequest",
"x-go-package": "github.com/ory/hydra/jwk"
},
"oAuth2Client": {
"type": "object",
"title": "Client represents an OAuth 2.0 Client.",
"properties": {
"client_name": {
"description": "Name is the human-readable string name of the client to be presented to the\nend-user during authorization.",
"type": "string",
"x-go-name": "Name"
},
"client_secret": {
"description": "Secret is the client's secret. The secret will be included in the create request as cleartext, and then\nnever again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users\nthat they need to write the secret down as it will not be made available again.",
"type": "string",
"x-go-name": "Secret"
},
"client_uri": {
"description": "ClientURI is an URL string of a web page providing information about the client.\nIf present, the server SHOULD display this URL to the end-user in\na clickable fashion.",
"type": "string",
"x-go-name": "ClientURI"
},
"contacts": {
"description": "Contacts is a array of strings representing ways to contact people responsible\nfor this client, typically email addresses.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "Contacts"
},
"grant_types": {
"description": "GrantTypes is an array of grant types the client is allowed to use.",
"type": "array",
"pattern": "client_credentials|authorize_code|implicit|refresh_token",
"items": {
"type": "string"
},
"x-go-name": "GrantTypes"
},
"id": {
"description": "ID is the id for this client.",
"type": "string",
"x-go-name": "ID"
},
"logo_uri": {
"description": "LogoURI is an URL string that references a logo for the client.",
"type": "string",
"x-go-name": "LogoURI"
},
"owner": {
"description": "Owner is a string identifying the owner of the OAuth 2.0 Client.",
"type": "string",
"x-go-name": "Owner"
},
"policy_uri": {
"description": "PolicyURI is a URL string that points to a human-readable privacy policy document\nthat describes how the deployment organization collects, uses,\nretains, and discloses personal data.",
"type": "string",
"x-go-name": "PolicyURI"
},
"public": {
"description": "Public is a boolean that identifies this client as public, meaning that it\ndoes not have a secret. It will disable the client_credentials grant type for this client if set.",
"type": "boolean",
"x-go-name": "Public"
},
"redirect_uris": {
"description": "RedirectURIs is an array of allowed redirect urls for the client, for example http://mydomain/oauth/callback .",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "RedirectURIs"
},
"response_types": {
"description": "ResponseTypes is an array of the OAuth 2.0 response type strings that the client can\nuse at the authorization endpoint.",
"type": "array",
"pattern": "id_token|code|token",
"items": {
"type": "string"
},
"x-go-name": "ResponseTypes"
},
"scope": {
"description": "Scope is a string containing a space-separated list of scope values (as\ndescribed in Section 3.3 of OAuth 2.0 [RFC6749]) that the client\ncan use when requesting access tokens.",
"type": "string",
"pattern": "([a-zA-Z0-9\\.\\*]+\\s?)+",
"x-go-name": "Scope"
},
"tos_uri": {
"description": "TermsOfServiceURI is a URL string that points to a human-readable terms of service\ndocument for the client that describes a contractual relationship\nbetween the end-user and the client that the end-user accepts when\nauthorizing the client.",
"type": "string",
"x-go-name": "TermsOfServiceURI"
}
},
"x-go-name": "Client",
"x-go-package": "github.com/ory/hydra/client"
},
"oAuth2ConsentRequest": {
"type": "object",
"title": "ConsentRequest represents a consent request.",
"properties": {
"clientId": {
"description": "ClientID is the client id that initiated the OAuth2 request.",
"type": "string",
"x-go-name": "ClientID"
},
"expiresAt": {
"description": "ExpiresAt is the time where the access request will expire.",
"type": "string",
"x-go-name": "ExpiresAt"
},
"id": {
"description": "ID is the id of this consent request.",
"type": "string",
"x-go-name": "ID"
},
"redirectUrl": {
"description": "Redirect URL is the URL where the user agent should be redirected to after the consent has been\naccepted or rejected.",
"type": "string",
"x-go-name": "RedirectURL"
},
"requestedScopes": {
"description": "RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "RequestedScopes"
}
},
"x-go-name": "swaggerConsentRequest",
"x-go-package": "github.com/ory/hydra/oauth2"
},
"oAuth2TokenIntrospection": {
"type": "object",
"properties": {
"active": {
"description": "Active is a boolean indicator of whether or not the presented token\nis currently active. The specifics of a token's \"active\" state\nwill vary depending on the implementation of the authorization\nserver and the information it keeps about its tokens, but a \"true\"\nvalue return for the \"active\" property will generally indicate\nthat a given token has been issued by this authorization server,\nhas not been revoked by the resource owner, and is within its\ngiven time window of validity (e.g., after its issuance time and\nbefore its expiration time).",
"type": "boolean",
"x-go-name": "Active"
},
"aud": {
"description": "ClientID is a service-specific string identifier or list of string\nidentifiers representing the intended audience for this token.",
"type": "string",
"x-go-name": "Audience"
},
"client_id": {
"description": "ClientID is aclient identifier for the OAuth 2.0 client that\nrequested this token.",
"type": "string",
"x-go-name": "ClientID"
},
"exp": {
"description": "Expires at is an integer timestamp, measured in the number of seconds\nsince January 1 1970 UTC, indicating when this token will expire.",
"type": "integer",
"format": "int64",
"x-go-name": "ExpiresAt"
},
"ext": {
"description": "Extra is arbitrary data set by the session.",
"type": "object",
"additionalProperties": {
"type": "object"
},
"x-go-name": "Extra"
},
"iat": {
"description": "Issued at is an integer timestamp, measured in the number of seconds\nsince January 1 1970 UTC, indicating when this token was\noriginally issued.",
"type": "integer",
"format": "int64",
"x-go-name": "IssuedAt"
},
"iss": {
"description": "Issuer is a string representing the issuer of this token",
"type": "string",
"x-go-name": "Issuer"
},
"nbf": {
"description": "NotBefore is an integer timestamp, measured in the number of seconds\nsince January 1 1970 UTC, indicating when this token is not to be\nused before.",
"type": "integer",
"format": "int64",
"x-go-name": "NotBefore"
},
"scope": {
"description": "Scope is a JSON string containing a space-separated list of\nscopes associated with this token.",
"type": "string",
"x-go-name": "Scope"
},
"sub": {
"description": "Subject of the token, as defined in JWT [RFC7519].\nUsually a machine-readable identifier of the resource owner who\nauthorized this token.",
"type": "string",
"x-go-name": "Subject"
},
"username": {
"description": "Username is a human-readable identifier for the resource owner who\nauthorized this token.",
"type": "string",
"x-go-name": "Username"
}
},
"x-go-name": "swaggerOAuthIntrospectionResponsePayload",
"x-go-package": "github.com/ory/hydra/oauth2"
},
"policy": {
"type": "object",
"properties": {
"actions": {
"description": "Actions impacted by the policy.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "Actions"
},
"conditions": {
"description": "Conditions under which the policy is active.",
"type": "object",
"additionalProperties": {
"type": "object",
"properties": {
"options": {
"type": "object",
"additionalProperties": {
"type": "object"
},
"x-go-name": "Options"
},
"type": {
"type": "string",
"x-go-name": "Type"
}
}
},
"x-go-name": "Conditions"
},
"description": {
"description": "Description of the policy.",
"type": "string",
"x-go-name": "Description"
},
"effect": {
"description": "Effect of the policy",
"type": "string",
"x-go-name": "Effect"
},
"id": {
"description": "ID of the policy.",
"type": "string",
"x-go-name": "ID"
},
"resources": {
"description": "Resources impacted by the policy.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "Resources"
},
"subjects": {
"description": "Subjects impacted by the policy.",
"type": "array",
"items": {
"type": "string"
},
"x-go-name": "Subjects"
}
},
"x-go-name": "swaggerPolicy",
"x-go-package": "github.com/ory/hydra/policy"
},
"swaggerAcceptConsentRequest": {
"type": "object",
"required": [
"id",
"Body"
],
"properties": {
"Body": {
"$ref": "#/definitions/consentRequestAcceptance"
},
"id": {
"description": "in: path",
"type": "string",
"x-go-name": "ID"
}
},
"x-go-package": "github.com/ory/hydra/oauth2"
},
"swaggerCreatePolicyParameters": {
"type": "object",
"properties": {
"Body": {
"$ref": "#/definitions/policy"
}
},
"x-go-package": "github.com/ory/hydra/policy"
},
"swaggerDoesWardenAllowAccessRequestParameters": {
"type": "object",
"properties": {
"Body": {
"$ref": "#/definitions/wardenAccessRequest"
}
},
"x-go-package": "github.com/ory/hydra/warden"
},
"swaggerDoesWardenAllowTokenAccessRequestParameters": {
"type": "object",
"properties": {
"Body": {
"$ref": "#/definitions/wardenTokenAccessRequest"
}
},
"x-go-package": "github.com/ory/hydra/warden"
},
"swaggerFlushInactiveAccessTokens": {
"type": "object",
"properties": {
"Body": {
"$ref": "#/definitions/flushInactiveOAuth2TokensRequest"
}
},
"x-go-package": "github.com/ory/hydra/oauth2"
},
"swaggerGetPolicyParameters": {
"type": "object",
"properties": {
"id": {
"description": "The id of the policy.\nin: path",
"type": "string",
"x-go-name": "ID"
}
},
"x-go-package": "github.com/ory/hydra/policy"
},
"swaggerJsonWebKeyQuery": {
"type": "object",
"required": [
"kid",
"set"
],
"properties": {
"kid": {
"description": "The kid of the desired key\nin: path",
"type": "string",
"x-go-name": "KID"
},
"set": {
"description": "The set\nin: path",
"type": "string",
"x-go-name": "Set"
}
},
"x-go-package": "github.com/ory/hydra/jwk"
},
"swaggerJwkCreateSet": {
"type": "object",
"required": [
"set"
],
"properties": {
"Body": {
"$ref": "#/definitions/jsonWebKeySetGeneratorRequest"
},
"set": {
"description": "The set\nin: path",
"type": "string",
"x-go-name": "Set"
}
},
"x-go-package": "github.com/ory/hydra/jwk"
},
"swaggerJwkSetQuery": {
"type": "object",
"required": [
"set"
],
"properties": {
"set": {
"description": "The set\nin: path",
"type": "string",
"x-go-name": "Set"
}
},
"x-go-package": "github.com/ory/hydra/jwk"
},
"swaggerJwkUpdateSet": {
"type": "object",
"required": [
"set"
],
"properties": {
"Body": {
"$ref": "#/definitions/jsonWebKeySet"
},
"set": {
"description": "The set\nin: path",
"type": "string",
"x-go-name": "Set"
}
},
"x-go-package": "github.com/ory/hydra/jwk"
},
"swaggerJwkUpdateSetKey": {
"type": "object",
"required": [
"kid",
"set"
],
"properties": {
"Body": {
"$ref": "#/definitions/jsonWebKey"
},
"kid": {
"description": "The kid of the desired key\nin: path",
"type": "string",
"x-go-name": "KID"
},
"set": {
"description": "The set\nin: path",
"type": "string",
"x-go-name": "Set"
}
},
"x-go-package": "github.com/ory/hydra/jwk"
},
"swaggerListPolicyParameters": {
"type": "object",
"properties": {
"limit": {
"description": "The maximum amount of policies returned.\nin: query",
"type": "integer",
"format": "int64",
"x-go-name": "Limit"
},
"offset": {
"description": "The offset from where to start looking.\nin: query",
"type": "integer",
"format": "int64",
"x-go-name": "Offset"
}
},
"x-go-package": "github.com/ory/hydra/policy"
},
"swaggerListPolicyResponse": {
"description": "A policy",
"type": "object",
"properties": {
"Body": {
"description": "in: body\ntype: array",
"type": "array",
"items": {
"$ref": "#/definitions/policy"
}
}
},
"x-go-package": "github.com/ory/hydra/policy"
},
"swaggerOAuthConsentRequest": {
"description": "The consent request response",
"type": "object",
"properties": {
"Body": {
"$ref": "#/definitions/oAuth2ConsentRequest"
}
},
"x-go-package": "github.com/ory/hydra/oauth2"
},
"swaggerOAuthConsentRequestPayload": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"description": "The id of the OAuth 2.0 Consent Request.",
"type": "string",
"uniqueItems": true,
"x-go-name": "ID"
}
},
"x-go-package": "github.com/ory/hydra/oauth2"
},
"swaggerOAuthIntrospectionRequest": {
"type": "object",
"required": [
"token"
],
"properties": {
"scope": {
"description": "An optional, space separated list of required scopes. If the access token was not granted one of the\nscopes, the result of active will be false.\n\nin: formData",
"type": "string",
"x-go-name": "Scope"
},
"token": {
"description": "The string value of the token. For access tokens, this\nis the \"access_token\" value returned from the token endpoint\ndefined in OAuth 2.0 [RFC6749], Section 5.1.\nThis endpoint DOES NOT accept refresh tokens for validation.",
"type": "string",
"x-go-name": "Token"
}
},
"x-go-package": "github.com/ory/hydra/oauth2"
},
"swaggerOAuthIntrospectionResponse": {
"description": "The token introspection response",
"type": "object",
"properties": {
"Body": {
"$ref": "#/definitions/oAuth2TokenIntrospection"
}
},
"x-go-package": "github.com/ory/hydra/oauth2"
},
"swaggerOAuthTokenResponse": {
"description": "The token response",
"type": "object",
"properties": {
"Body": {
"description": "in: body",
"type": "object",
"properties": {
"access_token": {
"description": "The access token issued by the authorization server.",
"type": "string",
"x-go-name": "AccessToken"
},
"expires_in": {
"description": "The lifetime in seconds of the access token. For\nexample, the value \"3600\" denotes that the access token will\nexpire in one hour from the time the response was generated.",
"type": "integer",
"format": "int64",
"x-go-name": "ExpiresIn"
},
"id_token": {
"description": "To retrieve a refresh token request the id_token scope.",
"type": "integer",
"format": "int64",
"x-go-name": "IDToken"
},
"refresh_token": {
"description": "The refresh token, which can be used to obtain new\naccess tokens. To retrieve it add the scope \"offline\" to your access token request.",
"type": "string",
"x-go-name": "RefreshToken"
},
"scope": {
"description": "The scope of the access token",
"type": "integer",
"format": "int64",
"x-go-name": "Scope"
},
"token_type": {
"description": "The type of the token issued",