From b59690baefc1dec8a950d30762f306d1e82a9ccf Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 9 Jul 2024 15:44:46 +0200 Subject: [PATCH 1/9] feat: Created OpenAPI specs project of the EntityStatement class --- modules/openapi/build.gradle.kts | 59 + modules/openapi/gradle.properties | 2 + modules/openapi/settings.gradle.kts | 4 + .../com/sphereon/oid/fed/openapi/openapi.yaml | 1534 +++++++++++++++++ settings.gradle.kts | 1 + 5 files changed, 1600 insertions(+) create mode 100644 modules/openapi/build.gradle.kts create mode 100644 modules/openapi/gradle.properties create mode 100644 modules/openapi/settings.gradle.kts create mode 100644 modules/openapi/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml diff --git a/modules/openapi/build.gradle.kts b/modules/openapi/build.gradle.kts new file mode 100644 index 00000000..fe28c62d --- /dev/null +++ b/modules/openapi/build.gradle.kts @@ -0,0 +1,59 @@ +plugins { + kotlin("jvm") version "2.0.0" + id("org.openapi.generator") version "6.2.1" +} + +group = "com.sphereon.oid.fed" +version = "1.0-SNAPSHOT" + +project.extra.set("openApiPackage", "com.sphereon.oid.fed.openapi") + +val profiles = project.properties["profiles"]?.toString()?.split(",") ?: emptyList() +val isModelsOnlyProfile = profiles.contains("models-only") + +repositories { + mavenCentral() +} + +dependencies { + testImplementation(kotlin("test")) +} + +openApiGenerate { + val openApiPackage: String by project + generatorName.set("kotlin") + packageName.set("com.sphereon.oid.fed.openapi") + apiPackage.set("$openApiPackage.api") + modelPackage.set("$openApiPackage.models") + inputSpec.set("$rootDir/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml") + library.set("jvm-okhttp4") + configOptions.set( + mapOf( + "dateLibrary" to "java8", + "serializationLibrary" to "jackson" + ) + ) + + if (isModelsOnlyProfile) { + globalProperties.set( + configOptions.get().plus( + mapOf( + "models" to "" + ) + ) + ) + } +} + +sourceSets { + main { + java.srcDirs("build/generated/sources/openapi/src/main/kotlin") + } +} + +tasks.test { + useJUnitPlatform() +} +kotlin { + jvmToolchain(21) +} diff --git a/modules/openapi/gradle.properties b/modules/openapi/gradle.properties new file mode 100644 index 00000000..33cf166a --- /dev/null +++ b/modules/openapi/gradle.properties @@ -0,0 +1,2 @@ +kotlin.code.style=official +profiles=models-only diff --git a/modules/openapi/settings.gradle.kts b/modules/openapi/settings.gradle.kts new file mode 100644 index 00000000..05898591 --- /dev/null +++ b/modules/openapi/settings.gradle.kts @@ -0,0 +1,4 @@ +plugins { + id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" +} +rootProject.name = "openapi" diff --git a/modules/openapi/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml b/modules/openapi/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml new file mode 100644 index 00000000..ff3e156b --- /dev/null +++ b/modules/openapi/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml @@ -0,0 +1,1534 @@ +openapi: 3.0.3 + +info: + title: OpenID Federation API + description: This API allows the interaction with federation endpoints to manage and verify entities within a federation. + contact: + name: Sphereon + email: info@sphereon.com + license: + name: Apache 2.0 + url: http://www.apache.org/licenses/LICENSE-2.0.html + version: 1.0.0-d36 + +tags: + - name: federation + description: Federation endpoints to verify entities. + - name: api + description: Unprotected API endpoints. + - name: Superadmin + description: Endpoints accessible by superadmin users. + - name: Account Admin + description: Endpoints accessible by account admins. + - name: Account User + description: Endpoints accessible by account users. + +servers: + - description: SwaggerHub API Auto Mocking + url: https://virtserver.swaggerhub.com/SphereonInt/OpenIDFederationAPI/1.0.0-d36 + +paths: + /entity-statement: + get: + tags: + - federation + summary: Fetch Entity Statement + description: Fetch an Entity Statement for a specified issuer and optional subject. + parameters: + - name: iss + in: query + description: The Entity Identifier of the issuer from which the Entity Statement is issued. Because of the normalization of the URL, multiple issuers MAY resolve to a shared fetch endpoint. This parameter makes it explicit exactly which issuer the Entity Statement must come from. + required: true + schema: + type: string + - name: sub + in: query + description: The Entity Identifier of the subject for which the Entity Statement is being requested. If this parameter is omitted, it is considered to be the same as the issuer and indicates a request for a self-signed Entity Configuration. + required: false + schema: + type: string + responses: + '200': + description: Successful fetch of Entity Statement + content: + application/entity-statement+jwt: + schema: + $ref: '#/components/schemas/EntityStatement' + '400': + description: Invalid request + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + invalidRequest: + summary: Invalid request example + value: + error: invalid_request + error_description: The request is incomplete or does not comply with current specifications. + '404': + description: Entity Statement not found + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + notFound: + summary: Entity Statement not found example + value: + error: not_found + error_description: The requested Entity Statement could not be found for the provided issuer and subject. + '500': + description: Server error + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + serverError: + summary: Server error example + value: + error: server_error + error_description: The server encountered an unexpected condition that prevented it from fulfilling the request. +components: + schemas: + JWK: + type: object + x-tags: + - federation + properties: + kty: + type: string + description: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". + example: RSA + use: + type: string + description: The "use" (public key use) parameter identifies the intended use of the public key. + example: sig + key_ops: + type: string + description: The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used. + example: encrypt + alg: + type: string + description: The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. + example: RS256 + kid: + type: string + description: The "kid" (key ID) parameter is used to match a specific key. + example: 1 + x5u: + type: string + description: The "x5u" (X.509 URL) parameter is a URI that refers to a resource for an X.509 public key certificate or certificate chain. + example: https://example.com/cert.pem + x5c: + type: array + description: The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates. + items: + type: string + example: + - MIIDQzCCA...+3whvMF1XEt0K2bA8wpPmSTPgQ== + x5t: + type: string + description: The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509 certificate. + example: 0fVuYF8jJ3onI+9Zk2/Iy+Oh5ZpE + x5t#S256: + type: string + description: The "x5t#S256" (X.509 certificate SHA-256 thumbprint) parameter is a base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate. + example: 1MvI4/VhnEzTz7Jo/0Q/d/jI3rE7IMoMT34wvAjyLvs + revoked: + $ref: '#/components/schemas/JWTRevoked' + + JWTRevoked: + type: object + x-tags: + - federation + required: + - revoked_at + properties: + revoked_at: + type: string + reason: + type: string + + JWKS: + type: object + x-tags: + - federation + properties: + keys: + type: array + items: + $ref: '#/components/schemas/JWK' + + EntityStatement: + type: object + x-tags: + - federation + properties: + iss: + type: string + description: The Entity Identifier of the issuer of the Entity Statement. + sub: + type: string + description: The Entity Identifier of the subject. + exp: + type: integer + description: Expiration time after which the statement MUST NOT be accepted for processing. + iat: + type: integer + description: The time the statement was issued. + jwks: + $ref: '#/components/schemas/JWKS' + authority_hints: + type: array + items: + type: string + description: An array of strings representing the Entity Identifiers of Intermediate Entities or Trust Anchors + metadata: + $ref: '#/components/schemas/Metadata' + constraints: + $ref: '#/components/schemas/Constraint' + crit: + type: array + description: Extension of the JOSE header parameters that MUST be understood and processed. + items: + type: string + description: Claim names present in the JWT that use those extensions + source_endpoint: + type: string + format: uri + description: String containing the fetch endpoint URL from which the Entity Statement was issued. + additionalProperties: + type: object + additionalProperties: true + example: + "jti": "7l2lncFdY6SlhNia" + + Metadata: + type: object + x-tags: + - federation + properties: + federation_entity: + $ref: '#/components/schemas/FederationEntityMetadata' + openid_relying_party: + $ref: '#/components/schemas/OpenIDConnectRelyingPartyMetadata' + openid_provider: + $ref: '#/components/schemas/OpenIDProviderMetadata' + oauth_authorization_server: + $ref: '#/components/schemas/OAuthAuthorizationServerMetadata' + oauth_client: + $ref: '#/components/schemas/OAuthClientMetadata' + oauth_resource: + $ref: '#/components/schemas/OAuthProtectedResourceMetadata' + + NamingConstraints: + type: object + x-tags: + - federation + description: "Optional. Restrictions on the URIs of the Entity Identifiers of Subordinate Entities." + properties: + permitted: + type: array + items: + type: string + description: "Array of permitted URI name subtrees." + excluded: + type: array + items: + type: string + description: "Array of excluded URI name subtrees." + + Constraint: + type: object + x-tags: + - federation + properties: + max_path_length: + type: integer + description: "Optional. Maximum number of Intermediate Entities between the Entity setting the constraint and the Trust Chain subject." + naming_constraints: + $ref: '#/components/schemas/NamingConstraints' + allowed_entity_types: + type: array + items: + type: string + description: "Optional. Array of string Entity Type Identifiers. Specifies the Entity Types that Subordinate Entities are allowed to have." + additionalProperties: + type: string + + FederationEntityMetadata: + type: object + x-tags: + - federation + properties: + federation_fetch_endpoint: + type: string + format: uri + description: URL for the federation fetch endpoint. + federation_list_endpoint: + type: string + format: uri + description: URL for the federation list endpoint. + federation_resolve_endpoint: + type: string + format: uri + description: URL for the federation resolve endpoint. + federation_trust_mark_status_endpoint: + type: string + format: uri + description: URL for the federation trust mark status endpoint. + federation_trust_mark_list_endpoint: + type: string + format: uri + description: URL for the federation trust mark list endpoint. + federation_trust_mark_endpoint: + type: string + format: uri + description: URL for the federation trust mark endpoint. + federation_historical_keys_endpoint: + type: string + format: uri + description: URL for the federation historical keys endpoint. + organization_name: + type: string + description: Organization name. + homepage_uri: + type: string + format: uri + description: URL for the homepage of the organization. + + OpenIDConnectRelyingPartyClientRegistrationTypes: + type: string + x-tags: + - federation + description: Client registration types. + example: automatic + enum: + - automatic + - explicit + + OpenIDConnectRelyingPartyMetadata: + allOf: + - $ref: '#/components/schemas/CommonMetadata' + - $ref: '#/components/schemas/OpenIDConnectDynamicClientRegistrationMetadata' + - $ref: '#/components/schemas/IANAOAuthDynamicClientRegistrationMetadata' + type: object + x-tags: + - federation + properties: + client_registration_types: + type: array + items: + $ref: '#/components/schemas/OpenIDConnectRelyingPartyClientRegistrationTypes' + required: + - client_registration_types + + OpenIDProviderRequestAuthenticationMethodsSupported: + type: object + x-tags: + - federation + description: JSON object where member names are endpoints for request authentication. Values are arrays of methods used at those endpoints. + properties: + authorization_endpoint: + type: array + items: + type: string + description: Array of authentication methods used at the authorization endpoint. + pushed_authorization_request_endpoint: + type: array + items: + type: string + description: Array of authentication methods used at the PAR endpoint. + + OpenIDProviderMetadata: + allOf: + - $ref: '#/components/schemas/CommonMetadata' + - $ref: '#/components/schemas/OpenIDConnectDiscoveryProviderMetadata' + - $ref: '#/components/schemas/IANAOAuthAuthorizationServerMetadata' + type: object + x-tags: + - federation + required: + - client_registration_types_supported + properties: + client_registration_types_supported: + type: array + items: + type: string + description: Array specifying the federation types supported. Values are automatic and explicit. + federation_registration_endpoint: + type: string + format: uri + description: URL of the OP's federation-specific Dynamic Client Registration Endpoint. Must use the https scheme. + request_authentication_methods_supported: + $ref: '#/components/schemas/OpenIDProviderRequestAuthenticationMethodsSupported' + request_authentication_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array containing supported JWS algorithms for signing the JWT used in the request parameter or private_key_jwt of a pushed authorization request. Must include if specified in request_authentication_methods_supported. + + OAuthAuthorizationServerMetadata: + allOf: + - $ref: '#/components/schemas/CommonMetadata' + - $ref: '#/components/schemas/IANAOAuthAuthorizationServerMetadata' + type: object + x-tags: + - federation + properties: + issuer: + type: string + description: > + The authorization server's issuer identifier, which is + a URL that uses the "https" scheme and has no query or fragment + components. Authorization server metadata is published at a + location that is ".well-known" according to RFC 5785 derived from + this issuer identifier. The issuer identifier is used to prevent + authorization server mix-up attacks. + example: "https://example.com" + authorization_endpoint: + type: string + description: URL of the authorization server's authorization endpoint. + example: "https://example.com/oauth2/authorize" + token_endpoint: + type: string + description: URL of the authorization server's token endpoint. + example: "https://example.com/oauth2/token" + jwks_uri: + type: string + description: URL of the authorization server's JWK Set document. + example: "https://example.com/oauth2/jwks" + registration_endpoint: + type: string + description: URL of the authorization server's OAuth 2.0 Dynamic Client Registration endpoint. + example: "https://example.com/oauth2/register" + scopes_supported: + type: array + items: + type: string + description: JSON array containing a list of the OAuth 2.0 "scope" values that this authorization server supports. + example: ["openid", "profile", "email"] + response_types_supported: + type: array + items: + type: string + description: JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports. + example: ["code", "token", "id_token"] + response_modes_supported: + type: array + items: + type: string + description: JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports. + example: ["query", "fragment", "form_post"] + grant_types_supported: + type: array + items: + type: string + description: JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports. + example: ["authorization_code", "implicit", "client_credentials", "refresh_token"] + token_endpoint_auth_methods_supported: + type: array + items: + type: string + description: JSON array containing a list of client authentication methods supported by this token endpoint. + example: ["client_secret_basic", "private_key_jwt"] + token_endpoint_auth_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client. + example: ["RS256", "ES256"] + service_documentation: + type: string + description: URL of a page containing human-readable information that developers might want or need to know when using the authorization server. + example: "https://example.com/service_documentation" + ui_locales_supported: + type: array + items: + type: string + description: Languages and scripts supported for the user interface, represented as a JSON array of language tag values from BCP 47. + example: ["en-US", "fr-FR"] + op_policy_uri: + type: string + description: URL that the authorization server provides to the person registering the client to read about the authorization server's requirements on how the client can use the data provided by the authorization server. + example: "https://example.com/op_policy" + op_tos_uri: + type: string + description: URL that the authorization server provides to the person registering the client to read about the authorization server's terms of service. + example: "https://example.com/op_tos" + revocation_endpoint: + type: string + description: URL of the authorization server's OAuth 2.0 revocation endpoint. + example: "https://example.com/oauth2/revoke" + revocation_endpoint_auth_methods_supported: + type: array + items: + type: string + description: JSON array containing a list of client authentication methods supported by this revocation endpoint. + example: ["client_secret_basic", "private_key_jwt"] + revocation_endpoint_auth_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client. + example: ["RS256", "ES256"] + introspection_endpoint: + type: string + description: URL of the authorization server's OAuth 2.0 introspection endpoint. + example: "https://example.com/oauth2/introspect" + introspection_endpoint_auth_methods_supported: + type: array + items: + type: string + description: JSON array containing a list of client authentication methods supported by this introspection endpoint. + example: ["client_secret_basic", "private_key_jwt"] + introspection_endpoint_auth_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client. + example: ["RS256", "ES256"] + code_challenge_methods_supported: + type: array + items: + type: string + description: JSON array containing a list of Proof Key for Code Exchange (PKCE) code challenge methods supported by this authorization server. + example: ["plain", "S256"] + + OAuthClientMetadata: + allOf: + - $ref: '#/components/schemas/CommonMetadata' + - $ref: '#/components/schemas/OAuthDynamicClientMetadata' + - $ref: '#/components/schemas/IANAOAuthDynamicClientRegistrationMetadata' + type: object + x-tags: + - federation + + OAuthDynamicClientMetadata: + type: + object + x-tags: + - federation + properties: + redirect_uris: + type: array + items: + type: string + format: uri + description: Array of redirection URI strings for redirect-based flows. + token_endpoint_auth_method: + $ref: '#/components/schemas/OAuthDynamicClientTokenEndpointAuthMethod' + grant_types: + type: array + items: + $ref: '#/components/schemas/OAuthDynamicClientGrantTypes' + response_types: + type: array + items: + $ref: '#/components/schemas/OAuthDynamicClientResponseTypes' + client_name: + type: string + description: Human-readable string name of the client to be presented to the end-user during authorization. + client_uri: + type: string + format: uri + description: URL string of a web page providing information about the client. + logo_uri: + type: string + format: uri + description: URL string that references a logo for the client. + scope: + type: string + description: Space-separated list of scope values the client can use when requesting access tokens. + contacts: + type: array + items: + type: string + description: Array of strings representing ways to contact people responsible for this client, typically email addresses. + tos_uri: + type: string + format: uri + description: URL string that points to a human-readable terms of service document for the client. + policy_uri: + type: string + format: uri + description: URL string that points to a human-readable privacy policy document. + jwks_uri: + type: string + format: uri + description: URL string referencing the client’s JSON Web Key (JWK) Set document, which contains the client’s public keys. + jwks: + $ref: '#/components/schemas/JWKS' + software_id: + type: string + description: Unique identifier string for the client software to be dynamically registered. + software_version: + type: string + description: Version identifier string for the client software identified by software_id. + + OAuthDynamicClientTokenEndpointAuthMethod: + type: string + x-tags: + - federation + description: Requested authentication method for the token endpoint. + enum: + - none + - client_secret_post + - client_secret_basic + + OAuthDynamicClientGrantTypes: + type: string + x-tags: + - federation + description: Array of OAuth 2.0 grant type strings the client can use at the token endpoint. + enum: + - authorization_code + - implicit + - password + - client_credentials + - refresh_token + - urn:ietf:params:oauth:grant-type:jwt-bearer + - urn:ietf:params:oauth:grant-type:saml2-bearer + + OAuthDynamicClientResponseTypes: + type: string + x-tags: + - federation + description: Array of OAuth 2.0 response type strings the client can use at the authorization endpoint. + enum: + - code + - token + + OAuthProtectedResourceMetadata: + allOf: + - $ref: '#/components/schemas/CommonMetadata' + - $ref: '#/components/schemas/ProtectedResourceMetadata' + type: object + x-tags: + - federation + + ProtectedResourceMetadata: + type: object + x-tags: + - federation + properties: + resource: + type: string + format: uri + description: URL identifier of the protected resource using the https scheme. + authorization_servers: + type: array + items: + type: string + description: JSON array of OAuth authorization server issuer identifiers for servers that can be used with this protected resource. + jwks_uri: + type: string + format: uri + description: URL of the protected resource's JWK Set document, containing its public keys. + scopes_supported: + type: array + items: + type: string + description: JSON array of OAuth 2.0 scope values used in authorization requests to access this protected resource. + bearer_methods_supported: + type: array + items: + type: string + description: JSON array of supported methods for sending an OAuth 2.0 Bearer Token to the protected resource. Values are ["header", "body", "query"]. + resource_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the protected resource for signing responses. + resource_documentation: + type: string + format: uri + description: URL of a page with human-readable information for developers using the protected resource. + resource_policy_uri: + type: string + format: uri + description: URL to the protected resource's policy document. + resource_tos_uri: + type: string + format: uri + description: URL to the protected resource's terms of service. + + CommonMetadata: + type: object + x-tags: + - federation + properties: + organization_name: + type: string + description: A human-readable name representing the organization owning this Entity. If the owner is a physical person, this MAY be, for example, the person's name. Note that this information will be publicly available. + contacts: + type: array + items: + type: string + description: JSON array with one or more strings representing contact persons at the Entity. These MAY contain names, e-mail addresses, descriptions, phone numbers, etc. + logo_uri: + type: string + format: uri + description: A URL that points to the logo of this Entity. The file containing the logo SHOULD be published in a format that can be viewed via the web. + policy_uri: + type: string + format: uri + description: URL of the documentation of conditions and policies relevant to this Entity. + homepage_uri: + type: string + format: uri + description: URL of a Web page for the organization owning this Entity. + + OpenIDConnectDynamicClientRegistrationMetadata: + type: object + x-tags: + - federation + properties: + redirect_uris: + type: array + items: + type: string + format: uri + description: Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] (Simple String Comparison). + response_types: + type: array + items: + type: string + description: JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using. If omitted, the default is that the Client will use only the code Response Type. + grant_types: + type: array + items: + $ref: '#/components/schemas/OpenIDConnectDynamicClientRegistrationGrantTypes' + application_type: + $ref: '#/components/schemas/OpenIDConnectDynamicClientRegistrationApplicationType' + contacts: + type: array + items: + type: string + description: Array of e-mail addresses of people responsible for this Client. + client_name: + type: string + description: Name of the Client to be presented to the End-User. + logo_uri: + type: string + format: uri + description: URL that references a logo for the Client application. + client_uri: + type: string + format: uri + description: URL of the home page of the Client. + policy_uri: + type: string + format: uri + description: URL for the Client's policy document. + tos_uri: + type: string + format: uri + description: URL for the Client's terms of service. + jwks_uri: + type: string + format: uri + description: URL for the Client's JWK Set document. + jwks: + $ref: '#/components/schemas/JWKS' + sector_identifier_uri: + type: string + format: uri + description: URL for calculating Pseudonymous Identifiers. + subject_type: + type: string + description: Requested subject type for responses to this Client. + id_token_signed_response_alg: + type: string + description: Algorithm for signing the ID Token issued to this Client. + id_token_encrypted_response_alg: + type: string + description: Algorithm for encrypting the ID Token issued to this Client. + id_token_encrypted_response_enc: + type: string + description: Encryption algorithm for the ID Token issued to this Client. + userinfo_signed_response_alg: + type: string + description: Algorithm for signing UserInfo Responses. + userinfo_encrypted_response_alg: + type: string + description: Algorithm for encrypting UserInfo Responses. + userinfo_encrypted_response_enc: + type: string + description: Encryption algorithm for UserInfo Responses. + request_object_signing_alg: + type: string + description: Algorithm for signing Request Objects sent to the OP. + request_object_encryption_alg: + type: string + description: JWE algorithm for encrypting Request Objects sent to the OP. + request_object_encryption_enc: + type: string + description: JWE encryption algorithm for Request Objects sent to the OP. + token_endpoint_auth_method: + type: string + description: Requested Client Authentication method for the Token Endpoint. + token_endpoint_auth_signing_alg: + type: string + description: JWS algorithm for signing the JWT used to authenticate the Client at the Token Endpoint. + default_max_age: + type: integer + description: Default Maximum Authentication Age in seconds. + require_auth_time: + type: boolean + description: Specifies whether the auth_time Claim in the ID Token is required. + default_acr_values: + type: array + items: + type: string + description: Default requested Authentication Context Class Reference values. + initiate_login_uri: + type: string + format: uri + description: URI for third parties to initiate a login by the RP. + request_uris: + type: array + items: + type: string + format: uri + description: Array of pre-registered request_uri values for use at the OP. + required: + - redirect_uris + + OpenIDConnectDynamicClientRegistrationGrantTypes: + type: string + x-tags: + - federation + description: JSON array containing a list of the OAuth 2.0 Grant Types that the Client is declaring that it will restrict itself to using. + enum: + - authorization_code + - implicit + - refresh_token + example: [ "authorization_code", "implicit" ] + + OpenIDConnectDynamicClientRegistrationApplicationType: + type: string + x-tags: + - federation + description: Kind of the application. The default, if omitted, is web. + enum: + - native + - web + example: native + default: web + + OpenIDConnectDiscoveryProviderMetadata: + type: object + x-tags: + - federation + required: + - issuer + - authorization_endpoint + - token_endpoint + - jwks_uri + - response_types_supported + - subject_types_supported + - id_token_signing_alg_values_supported + properties: + issuer: + type: string + format: uri + description: URL using the https scheme with no query or fragment components that the OP asserts as its Issuer Identifier. + authorization_endpoint: + type: string + format: uri + description: URL of the OP's OAuth 2.0 Authorization Endpoint. + token_endpoint: + type: string + format: uri + description: URL of the OP's OAuth 2.0 Token Endpoint. + userinfo_endpoint: + type: string + format: uri + description: URL of the OP's UserInfo Endpoint. + jwks_uri: + type: string + format: uri + description: URL of the OP's JWK Set document. + registration_endpoint: + type: string + format: uri + description: URL of the OP's Dynamic Client Registration Endpoint. + scopes_supported: + type: array + items: + type: string + description: List of the OAuth 2.0 scope values that this server supports. + response_types_supported: + type: array + items: + type: string + description: List of the OAuth 2.0 response_type values that this OP supports. + response_modes_supported: + type: array + items: + type: string + description: List of the OAuth 2.0 response_mode values that this OP supports. + grant_types_supported: + type: array + items: + type: string + description: List of the OAuth 2.0 Grant Type values that this OP supports. + acr_values_supported: + type: array + items: + type: string + description: List of the Authentication Context Class References that this OP supports. + subject_types_supported: + type: array + items: + type: string + description: List of the Subject Identifier types that this OP supports. + id_token_signing_alg_values_supported: + type: array + items: + type: string + description: List of the JWS signing algorithms supported by the OP for the ID Token. + id_token_encryption_alg_values_supported: + type: array + items: + type: string + description: List of the JWE encryption algorithms supported by the OP for the ID Token. + id_token_encryption_enc_values_supported: + type: array + items: + type: string + description: List of the JWE encryption algorithms supported by the OP for the ID Token. + userinfo_signing_alg_values_supported: + type: array + items: + type: string + description: List of the JWS signing algorithms supported by the UserInfo Endpoint. + userinfo_encryption_alg_values_supported: + type: array + items: + type: string + description: List of the JWE encryption algorithms supported by the UserInfo Endpoint. + userinfo_encryption_enc_values_supported: + type: array + items: + type: string + description: List of the JWE encryption algorithms supported by the UserInfo Endpoint. + request_object_signing_alg_values_supported: + type: array + items: + type: string + description: List of the JWS signing algorithms supported by the OP for Request Objects. + request_object_encryption_alg_values_supported: + type: array + items: + type: string + description: List of the JWE encryption algorithms supported by the OP for Request Objects. + request_object_encryption_enc_values_supported: + type: array + items: + type: string + description: List of the JWE encryption algorithms supported by the OP for Request Objects. + token_endpoint_auth_methods_supported: + type: array + items: + type: string + description: List of Client Authentication methods supported by this Token Endpoint. + token_endpoint_auth_signing_alg_values_supported: + type: array + items: + type: string + description: List of the JWS signing algorithms supported by the Token Endpoint. + display_values_supported: + type: array + items: + type: string + description: List of the display parameter values that the OpenID Provider supports. + claim_types_supported: + type: array + items: + type: string + description: List of the Claim Types that the OpenID Provider supports. + claims_supported: + type: array + items: + type: string + description: List of the Claim Names of the Claims that the OpenID Provider may supply values for. + service_documentation: + type: string + format: uri + description: URL of a page containing human-readable information for developers. + claims_locales_supported: + type: array + items: + type: string + description: Languages and scripts supported for values in Claims being returned. + ui_locales_supported: + type: array + items: + type: string + description: Languages and scripts supported for the user interface. + claims_parameter_supported: + type: boolean + description: Boolean value specifying whether the OP supports use of the claims parameter. + request_parameter_supported: + type: boolean + description: Boolean value specifying whether the OP supports use of the request parameter. + request_uri_parameter_supported: + type: boolean + description: Boolean value specifying whether the OP supports use of the request_uri parameter. + require_request_uri_registration: + type: boolean + description: Boolean value specifying whether the OP requires any request_uri values used to be pre-registered. + op_policy_uri: + type: string + format: uri + description: URL to the OP's policy document. + op_tos_uri: + type: string + format: uri + description: URL to the OP's terms of service document. + + IANAOAuthAuthorizationServerMtlsEndpointAliases: + type: object + x-tags: + - federation + additionalProperties: + type: string + format: uri + example: + token_endpoint: "https://mtls.example.com/token" + revocation_endpoint: "https://mtls.example.com/revo" + introspection_endpoint: "https://mtls.example.com/introspect" + + IANAOAuthAuthorizationServerMetadata: + type: object + x-tags: + - federation + properties: + issuer: + type: string + format: uri + description: URL of the authorization server's issuer identifier. + authorization_endpoint: + type: string + format: uri + description: URL of the authorization server's authorization endpoint. + token_endpoint: + type: string + format: uri + description: URL of the authorization server's token endpoint. + jwks_uri: + type: string + format: uri + description: URL of the authorization server's JWK Set document. + registration_endpoint: + type: string + format: uri + description: URL of the authorization server's OAuth 2.0 Dynamic Client Registration Endpoint. + scopes_supported: + type: array + items: + type: string + description: JSON array of OAuth 2.0 scope values supported by the authorization server. + response_types_supported: + type: array + items: + type: string + description: JSON array of OAuth 2.0 response_type values supported by the authorization server. + response_modes_supported: + type: array + items: + type: string + description: JSON array of OAuth 2.0 response_mode values supported by the authorization server. + grant_types_supported: + type: array + items: + type: string + description: JSON array of OAuth 2.0 grant type values supported by the authorization server. + token_endpoint_auth_methods_supported: + type: array + items: + type: string + description: JSON array of client authentication methods supported by the token endpoint. + token_endpoint_auth_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the token endpoint for the JWT signature used to authenticate the client. + service_documentation: + type: string + format: uri + description: URL of a page with human-readable information for developers using the authorization server. + ui_locales_supported: + type: array + items: + type: string + description: JSON array of BCP 47 language tag values for supported UI languages and scripts. + op_policy_uri: + type: string + format: uri + description: URL of the authorization server's policy documentation. + op_tos_uri: + type: string + format: uri + description: URL of the authorization server's terms of service. + revocation_endpoint: + type: string + format: uri + description: URL of the authorization server's OAuth 2.0 revocation endpoint. + revocation_endpoint_auth_methods_supported: + type: array + items: + type: string + description: JSON array of client authentication methods supported by the revocation endpoint. + revocation_endpoint_auth_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the revocation endpoint for the JWT signature used to authenticate the client. + introspection_endpoint: + type: string + format: uri + description: URL of the authorization server's OAuth 2.0 introspection endpoint. + introspection_endpoint_auth_methods_supported: + type: array + items: + type: string + description: JSON array of client authentication methods supported by the introspection endpoint. + introspection_endpoint_auth_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the introspection endpoint for the JWT signature used to authenticate the client. + code_challenge_methods_supported: + type: array + items: + type: string + description: JSON array of PKCE code challenge methods supported by the authorization server. + signed_metadata: + type: string + format: jwt + description: Signed JWT containing metadata values about the authorization server as claims. + device_authorization_endpoint: + type: string + format: uri + description: URL of the authorization server's device authorization endpoint. + tls_client_certificate_bound_access_tokens: + type: boolean + description: Indicates authorization server support for mutual-TLS client certificate-bound access tokens. + mtls_endpoint_aliases: + $ref: '#/components/schemas/IANAOAuthAuthorizationServerMtlsEndpointAliases' + nfv_token_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the server for signing the NFV Token JWT. + nfv_token_encryption_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (alg values) supported by the server to encode the NFV Token JWT. + nfv_token_encryption_enc_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (enc values) supported by the server to encode the NFV Token JWT. + userinfo_endpoint: + type: string + format: uri + description: URL of the OP's UserInfo Endpoint. + acr_values_supported: + type: array + items: + type: string + description: JSON array of Authentication Context Class References supported by the OP. + subject_types_supported: + type: array + items: + type: string + description: JSON array of Subject Identifier types supported by the OP. + id_token_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the OP for the ID Token. + id_token_encryption_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (alg values) supported by the OP for the ID Token. + id_token_encryption_enc_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (enc values) supported by the OP for the ID Token. + userinfo_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the UserInfo Endpoint. + userinfo_encryption_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (alg values) supported by the UserInfo Endpoint. + userinfo_encryption_enc_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (enc values) supported by the UserInfo Endpoint. + request_object_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWS signing algorithms supported by the OP for Request Objects. + request_object_encryption_alg_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (alg values) supported by the OP for Request Objects. + request_object_encryption_enc_values_supported: + type: array + items: + type: string + description: JSON array of JWE encryption algorithms (enc values) supported by the OP for Request Objects. + display_values_supported: + type: array + items: + type: string + description: JSON array of display parameter values supported by the OpenID Provider. + claim_types_supported: + type: array + items: + type: string + description: JSON array of Claim Types supported by the OpenID Provider. + claims_supported: + type: array + items: + type: string + description: JSON array of Claim Names that the OpenID Provider may supply values for. + claims_locales_supported: + type: array + items: + type: string + description: JSON array of BCP 47 language tag values for supported languages and scripts in Claims. + claims_parameter_supported: + type: boolean + description: Boolean value specifying whether the OP supports use of the claims parameter. + request_parameter_supported: + type: boolean + description: Boolean value specifying whether the OP supports use of the request parameter. + request_uri_parameter_supported: + type: boolean + description: Boolean value specifying whether the OP supports use of the request_uri parameter. + require_request_uri_registration: + type: boolean + description: Boolean value specifying whether the OP requires any request_uri values to be pre-registered. + require_signed_request_object: + type: boolean + description: Indicates whether authorization requests need to be protected as a Request Object. + pushed_authorization_request_endpoint: + type: string + format: uri + description: URL of the authorization server's pushed authorization request endpoint. + require_pushed_authorization_requests: + type: boolean + description: Indicates whether the authorization server accepts authorization requests only via PAR. + introspection_signing_alg_values_supported: + type: array + items: + type: string + description: JSON array of algorithms supported by the authorization server for introspection response signing. + introspection_encryption_alg_values_supported: + type: array + items: + type: string + description: JSON array of algorithms supported by the authorization server for introspection response content key encryption. + introspection_encryption_enc_values_supported: + type: array + items: + type: string + description: JSON array of algorithms supported by the authorization server for introspection response content encryption. + authorization_response_iss_parameter_supported: + type: boolean + description: Boolean value indicating whether the authorization server provides the iss parameter in the authorization response. + check_session_iframe: + type: string + format: uri + description: URL of an OP iframe for cross-origin session state communication + + IANAOAuthDynamicClientRegistrationMetadata: + type: object + x-tags: + - federation + properties: + redirect_uris: + type: array + items: + type: string + format: uri + description: Array of redirection URIs for redirect-based flows. + token_endpoint_auth_method: + type: string + description: Requested authentication method for the token endpoint. + grant_types: + type: array + items: + type: string + description: Array of OAuth 2.0 grant types the client may use. + response_types: + type: array + items: + type: string + description: Array of OAuth 2.0 response types the client may use. + client_name: + type: string + description: Human-readable name of the client presented to the user. + client_uri: + type: string + format: uri + description: URL of a web page providing information about the client. + logo_uri: + type: string + format: uri + description: URL that references a logo for the client. + scope: + type: string + description: Space-separated list of OAuth 2.0 scope values. + contacts: + type: array + items: + type: string + description: Array of strings representing ways to contact people responsible for this client. + tos_uri: + type: string + format: uri + description: URL that points to a human-readable terms of service document for the client. + policy_uri: + type: string + format: uri + description: URL that points to a human-readable policy document for the client. + jwks_uri: + type: string + format: uri + description: URL referencing the client's JSON Web Key Set document representing the client's public keys. + jwks: + $ref: '#/components/schemas/JWKS' + software_id: + type: string + description: Identifier for the software that comprises a client. + software_version: + type: string + description: Version identifier for the software that comprises a client. + client_id: + type: string + description: Client identifier. + client_secret: + type: string + description: Client secret. + client_id_issued_at: + type: integer + description: Time at which the client identifier was issued. + client_secret_expires_at: + type: integer + description: Time at which the client secret will expire. + registration_access_token: + type: string + description: OAuth 2.0 Bearer Token used to access the client configuration endpoint. + registration_client_uri: + type: string + format: uri + description: Fully qualified URI of the client registration endpoint. + application_type: + type: string + description: Kind of the application, either "native" or "web". + sector_identifier_uri: + type: string + format: uri + description: URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. + subject_type: + type: string + description: Subject type requested for responses to this client, either "pairwise" or "public". + id_token_signed_response_alg: + type: string + description: JWS algorithm required for signing the ID Token issued to this client. + id_token_encrypted_response_alg: + type: string + description: JWE algorithm required for encrypting the ID Token issued to this client. + id_token_encrypted_response_enc: + type: string + description: JWE encryption algorithm required for encrypting the ID Token issued to this client. + userinfo_signed_response_alg: + type: string + description: JWS algorithm required for signing UserInfo Responses. + userinfo_encrypted_response_alg: + type: string + description: JWE algorithm required for encrypting UserInfo Responses. + userinfo_encrypted_response_enc: + type: string + description: JWE encryption algorithm required for encrypting UserInfo Responses. + request_object_signing_alg: + type: string + description: JWS algorithm that must be used for signing Request Objects sent to the OP. + request_object_encryption_alg: + type: string + description: JWE algorithm the RP may use for encrypting Request Objects sent to the OP. + request_object_encryption_enc: + type: string + description: JWE encryption algorithm the RP may use for encrypting Request Objects sent to the OP. + token_endpoint_auth_signing_alg: + type: string + description: JWS algorithm that must be used for signing the JWT used to authenticate the client at the token endpoint. + default_max_age: + type: integer + description: Default Maximum Authentication Age. + require_auth_time: + type: boolean + description: Boolean value specifying whether the auth_time Claim in the ID Token is required. + default_acr_values: + type: array + items: + type: string + description: Default requested Authentication Context Class Reference values. + initiate_login_uri: + type: string + format: uri + description: URI using the https scheme that a third party can use to initiate a login by the RP. + request_uris: + type: array + items: + type: string + description: Array of request_uri values that are pre-registered by the RP for use at the OP. + claims_redirect_uris: + type: array + items: + type: string + description: Claims redirection endpoints. + nfv_token_signed_response_alg: + type: string + description: JWS algorithm required for signing the nfv Token issued to this client. + nfv_token_encrypted_response_alg: + type: string + description: JWE algorithm required for encrypting the nfv Token issued to this client. + nfv_token_encrypted_response_enc: + type: string + description: JWE encryption algorithm required for encrypting the nfv Token issued to this client. + tls_client_certificate_bound_access_tokens: + type: boolean + description: Indicates the client's intention to use mutual-TLS client certificate-bound access tokens. + tls_client_auth_subject_dn: + type: string + description: Expected subject DN of the client certificate. + tls_client_auth_san_dns: + type: string + description: Expected dNSName SAN entry in the client certificate. + tls_client_auth_san_uri: + type: string + description: Expected uniformResourceIdentifier SAN entry in the client certificate. + tls_client_auth_san_ip: + type: string + description: Expected iPAddress SAN entry in the client certificate. + tls_client_auth_san_email: + type: string + description: Expected rfc822Name SAN entry in the client certificate. + require_signed_request_object: + type: boolean + description: Indicates where authorization request needs to be protected as Request Object. + require_pushed_authorization_requests: + type: boolean + description: Indicates whether the client is required to use PAR to initiate authorization requests. + introspection_signed_response_alg: + type: string + description: Client's desired introspection response signing algorithm. + introspection_encrypted_response_alg: + type: string + description: Desired introspection response content key encryption algorithm. + introspection_encrypted_response_enc: + type: string + description: Desired introspection response content encryption algorithm. + frontchannel_logout_uri: + type: string + format: uri + description: RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. + frontchannel_logout_session_required: + type: boolean + description: Specifies whether the RP requires a sid query parameter to identify the RP session with the OP. + backchannel_logout_uri: + type: string + format: uri + description: RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. + backchannel_logout_session_required: + type: boolean + description: Specifies whether the RP requires a sid Claim to identify the RP session with the OP. + post_logout_redirect_uris: + type: array + items: + type: string + format: uri + description: URLs to which the End-User's User Agent may be redirected after logout. + authorization_details_types: + type: array + items: + type: string + description: Indicates what authorization details types the client uses. + dpop_bound_access_tokens: + type: boolean + description: Specifies whether the client always uses DPoP for token requests. + + ErrorResponse: + type: object + x-tags: + - federation + required: + - error + - error_description + properties: + error: + $ref: '#/components/schemas/ErrorType' + error_description: + type: string + description: A human-readable short text describing the error. + + ErrorType: + type: string + x-tags: + - federation + description: One of the predefined error codes. + example: invalid_request + enum: + - invalid_request + - invalid_client + - invalid_issuer + - not_found + - server_error + - temporary_unavailable + - unsupported_parameter + - invalid_token + - insufficient_scope + - unsupported_token_type + - interaction_required + - login_required + - account_selection_required + - consent_required + - invalid_request_uri + - invalid_request_object + - request_not_supported + - request_uri_not_supported + - registration_not_supported + - need_info + - request_denied + - request_submitted + - authorization_pending + - access_denied + - slow_down + - expired_token + - invalid_target + - unsupported_pop_key + - incompatible_ace_profiles + - invalid_authorization_details + - invalid_dpop_proof + - use_dpop_nonce + - insufficient_user_authentication diff --git a/settings.gradle.kts b/settings.gradle.kts index 5bece6b0..3a09b2cc 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -30,3 +30,4 @@ dependencyResolutionManagement { include(":modules:openid-federation-common") include(":modules:admin-server") +include(":modules:openapi") From 27ab32606e70055ce0bd71e030b42b0012e98f19 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 9 Jul 2024 16:16:56 +0200 Subject: [PATCH 2/9] chore: Created README.md and disabled model-only profile --- modules/openapi/README.md | 28 ++++++++++++++++++++++++++++ modules/openapi/gradle.properties | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 modules/openapi/README.md diff --git a/modules/openapi/README.md b/modules/openapi/README.md new file mode 100644 index 00000000..cfb86922 --- /dev/null +++ b/modules/openapi/README.md @@ -0,0 +1,28 @@ +# Open API specs + +The Open API specs of OpenID Federation. + +## Entity Statement + +An Entity Statement contains the information needed for the Entity that is the subject of the Entity Statement to +participate in federation(s). An Entity Statement is a signed JWT. The subject of the JWT is the Entity itself. The +issuer of the JWT is the party that issued the Entity Statement. All Entities in a federation publish an Entity Statement +about themselves called an Entity Configuration. Superior Entities in a federation publish Entity Statements about their +Immediate Subordinate Entities called Subordinate Statements. + +### Profiles + +The Open API generator will generate only models, infrastructures and apis by default. To make it generate apis. To make +it generate models only uncomment `profiles=models-only` from gradle.properties or pass the profile in the comment line. + +### Run Open API generator + +Generate models, infrastructures and apis: +```shell +gradle clean openApiGenerate +``` + +Generate only models: +```shell +gradle clean openApiGenerate -Pprofile=model-only +``` diff --git a/modules/openapi/gradle.properties b/modules/openapi/gradle.properties index 33cf166a..08d60d78 100644 --- a/modules/openapi/gradle.properties +++ b/modules/openapi/gradle.properties @@ -1,2 +1,2 @@ kotlin.code.style=official -profiles=models-only +#profiles=models-only From 266ecf07ce571843d4add31579bb084b25127bc9 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 9 Jul 2024 22:00:24 +0200 Subject: [PATCH 3/9] chore: Added the build jar task --- modules/openapi/README.md | 5 +++++ modules/openapi/build.gradle.kts | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/modules/openapi/README.md b/modules/openapi/README.md index cfb86922..339b4ea6 100644 --- a/modules/openapi/README.md +++ b/modules/openapi/README.md @@ -26,3 +26,8 @@ Generate only models: ```shell gradle clean openApiGenerate -Pprofile=model-only ``` + +Generate the jar file: +```shell +gradle clean build +``` diff --git a/modules/openapi/build.gradle.kts b/modules/openapi/build.gradle.kts index fe28c62d..37f06fa7 100644 --- a/modules/openapi/build.gradle.kts +++ b/modules/openapi/build.gradle.kts @@ -45,6 +45,12 @@ openApiGenerate { } } +tasks.jar { + dependsOn(tasks.openApiGenerate) + archiveBaseName.set(project.name) + from(configurations.runtimeClasspath.get().map { if (it.isDirectory) it else zipTree(it) }) +} + sourceSets { main { java.srcDirs("build/generated/sources/openapi/src/main/kotlin") From 90d7466e7ef7732edf7c4f62047b81d218d315f6 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Wed, 10 Jul 2024 09:44:05 +0200 Subject: [PATCH 4/9] chore: Fixed versioning --- modules/openapi/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/openapi/build.gradle.kts b/modules/openapi/build.gradle.kts index 37f06fa7..832d0d63 100644 --- a/modules/openapi/build.gradle.kts +++ b/modules/openapi/build.gradle.kts @@ -4,7 +4,7 @@ plugins { } group = "com.sphereon.oid.fed" -version = "1.0-SNAPSHOT" +version = "0.1.0-SNAPSHOT" project.extra.set("openApiPackage", "com.sphereon.oid.fed.openapi") From 353a7d66717993c0339d41569e889034023b8012 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Wed, 10 Jul 2024 10:03:37 +0200 Subject: [PATCH 5/9] bugfix: Fixed Open Api specs file path --- modules/openapi/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/openapi/build.gradle.kts b/modules/openapi/build.gradle.kts index 832d0d63..13adedba 100644 --- a/modules/openapi/build.gradle.kts +++ b/modules/openapi/build.gradle.kts @@ -25,7 +25,7 @@ openApiGenerate { packageName.set("com.sphereon.oid.fed.openapi") apiPackage.set("$openApiPackage.api") modelPackage.set("$openApiPackage.models") - inputSpec.set("$rootDir/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml") + inputSpec.set("$projectDir/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml") library.set("jvm-okhttp4") configOptions.set( mapOf( From 593a8a4fb780dc57142239d51d892625cec1c9dc Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 16 Jul 2024 11:15:10 +0200 Subject: [PATCH 6/9] refactor: Fixed the profiles section of the documentation --- modules/openapi/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/openapi/README.md b/modules/openapi/README.md index 339b4ea6..efe2a4eb 100644 --- a/modules/openapi/README.md +++ b/modules/openapi/README.md @@ -12,7 +12,7 @@ Immediate Subordinate Entities called Subordinate Statements. ### Profiles -The Open API generator will generate only models, infrastructures and apis by default. To make it generate apis. To make +The Open API generator will generate models, infrastructures and apis by default. To make it generate models only uncomment `profiles=models-only` from gradle.properties or pass the profile in the comment line. ### Run Open API generator From 057e7dc6aced5462481b9457849831f3c6a16223 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Tue, 16 Jul 2024 23:27:49 +0200 Subject: [PATCH 7/9] refactor: Added fat jat and maven publication to local repository --- modules/openapi/build.gradle.kts | 46 ++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/modules/openapi/build.gradle.kts b/modules/openapi/build.gradle.kts index 13adedba..583ab1d6 100644 --- a/modules/openapi/build.gradle.kts +++ b/modules/openapi/build.gradle.kts @@ -1,6 +1,7 @@ plugins { kotlin("jvm") version "2.0.0" - id("org.openapi.generator") version "6.2.1" + id("org.openapi.generator") version "6.6.0" + id("maven-publish") } group = "com.sphereon.oid.fed" @@ -10,13 +11,18 @@ project.extra.set("openApiPackage", "com.sphereon.oid.fed.openapi") val profiles = project.properties["profiles"]?.toString()?.split(",") ?: emptyList() val isModelsOnlyProfile = profiles.contains("models-only") +val ktorVersion = "2.3.11" repositories { mavenCentral() } dependencies { - testImplementation(kotlin("test")) + implementation("io.ktor:ktor-client-core:$ktorVersion") + implementation("io.ktor:ktor-client-content-negotiation:$ktorVersion") + implementation("io.ktor:ktor-serialization-kotlinx-json:$ktorVersion") + implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.7.0") + implementation("org.jetbrains.kotlinx:kotlinx-serialization-core:1.7.0") } openApiGenerate { @@ -26,8 +32,9 @@ openApiGenerate { apiPackage.set("$openApiPackage.api") modelPackage.set("$openApiPackage.models") inputSpec.set("$projectDir/src/main/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml") - library.set("jvm-okhttp4") - configOptions.set( + library.set("multiplatform") + outputDir.set("$projectDir/build/generated") +configOptions.set( mapOf( "dateLibrary" to "java8", "serializationLibrary" to "jackson" @@ -45,21 +52,32 @@ openApiGenerate { } } -tasks.jar { - dependsOn(tasks.openApiGenerate) - archiveBaseName.set(project.name) - from(configurations.runtimeClasspath.get().map { if (it.isDirectory) it else zipTree(it) }) -} -sourceSets { - main { - java.srcDirs("build/generated/sources/openapi/src/main/kotlin") +publishing { + publications { + create("mavenKotlin") { + from(components["kotlin"]) + } } } -tasks.test { - useJUnitPlatform() +tasks.compileKotlin { + dependsOn(tasks.openApiGenerate) +} + +tasks.jar { + dependsOn(tasks.compileKotlin) + duplicatesStrategy = DuplicatesStrategy.EXCLUDE + archiveBaseName.set(project.name) + from(configurations.runtimeClasspath.get().map { if (it.isDirectory) it else zipTree(it) }) + from("$projectDir/build/classes/kotlin/main") } + kotlin { + sourceSets.main { + kotlin.srcDirs( + "$projectDir/build/generated/src/commonMain/kotlin" + ) + } jvmToolchain(21) } From 7258a024d03cb9e45c5b291c1510d2be8b4cf432 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Thu, 18 Jul 2024 17:31:18 +0200 Subject: [PATCH 8/9] refactor: changed to string the value of the dateTimeLibrary property --- modules/openapi/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/openapi/build.gradle.kts b/modules/openapi/build.gradle.kts index 583ab1d6..053ee59d 100644 --- a/modules/openapi/build.gradle.kts +++ b/modules/openapi/build.gradle.kts @@ -36,7 +36,7 @@ openApiGenerate { outputDir.set("$projectDir/build/generated") configOptions.set( mapOf( - "dateLibrary" to "java8", + "dateLibrary" to "string", "serializationLibrary" to "jackson" ) ) From 88db3a12c14f961e492ee4d520d7d4b5abc0c693 Mon Sep 17 00:00:00 2001 From: Zoe Maas Date: Fri, 19 Jul 2024 13:25:39 +0200 Subject: [PATCH 9/9] refactor: Upgraded OpenAPI generator and removed unneeded serialization configuration --- modules/openapi/build.gradle.kts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/openapi/build.gradle.kts b/modules/openapi/build.gradle.kts index 053ee59d..d8e95628 100644 --- a/modules/openapi/build.gradle.kts +++ b/modules/openapi/build.gradle.kts @@ -1,6 +1,6 @@ plugins { kotlin("jvm") version "2.0.0" - id("org.openapi.generator") version "6.6.0" + id("org.openapi.generator") version "7.7.0" id("maven-publish") } @@ -36,8 +36,7 @@ openApiGenerate { outputDir.set("$projectDir/build/generated") configOptions.set( mapOf( - "dateLibrary" to "string", - "serializationLibrary" to "jackson" + "dateLibrary" to "string" ) )