Skip to content

Lyle/eng 3375/introspect and libs #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lyleschemmerling merged 11 commits into from
Dec 18, 2025
Merged

Lyle/eng 3375/introspect and libs #83

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
1886668
new optional tenant id param added (breaking)
lyleschemmerling Sep 17, 2025
c52926c
validate and libs
lyleschemmerling Sep 23, 2025
4406b67
fix imports and user info
lyleschemmerling Sep 23, 2025
17c2a56
Merge branch 'develop' of github.com:FusionAuth/fusionauth-openapi in…
lyleschemmerling Nov 26, 2025
e17b81d
Merge branch 'develop' of github.com:FusionAuth/fusionauth-openapi in…
lyleschemmerling Dec 12, 2025
6839c8c
PR Feedback, additional validation on oauth routes affected by the te…
lyleschemmerling Dec 17, 2025
2538f9a
Merge branch 'develop' of github.com:FusionAuth/fusionauth-openapi in…
lyleschemmerling Dec 17, 2025
4d8442d
quotes
lyleschemmerling Dec 17, 2025
e6eb365
Merge branch 'develop' of github.com:FusionAuth/fusionauth-openapi in…
lyleschemmerling Dec 18, 2025
51b0050
handle GET on validateDeviceWithRequest with tenantId
lyleschemmerling Dec 18, 2025
0846909
Merge branch 'develop' of github.com:FusionAuth/fusionauth-openapi in…
lyleschemmerling Dec 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
243 changes: 235 additions & 8 deletions openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,16 @@ components:
userId:
type: string
format: uuid
AccessTokenIntrospectRequest:
description: The request object for introspecting an access token.
type: object
properties:
client_id:
type: string
tenantId:
type: string
token:
type: string
ActionData:
type: object
properties:
Expand Down Expand Up @@ -1161,6 +1171,30 @@ components:
- Required
- NotRequired
- NotRequiredWhenUsingPKCE
ClientCredentialsAccessTokenIntrospectRequest:
description: Contains the parameters used to introspect an access token that
was obtained via the client credentials grant.
type: object
properties:
tenantId:
type: string
token:
type: string
ClientCredentialsGrantRequest:
description: The request object to make a Client Credentials grant request to
obtain an access token.
type: object
properties:
client_id:
type: string
client_secret:
type: string
grant_type:
type: string
scope:
type: string
tenantId:
type: string
ConnectorLambdaConfiguration:
type: object
properties:
Expand Down Expand Up @@ -1389,6 +1423,21 @@ components:
type: integer
enabled:
type: boolean
DeviceApprovalRequest:
description: The request object to approve a device grant.
type: object
properties:
client_id:
type: string
client_secret:
type: string
tenantId:
type: string
format: uuid
token:
type: string
user_code:
type: string
DeviceApprovalResponse:
description: ''
type: object
Expand All @@ -1405,6 +1454,19 @@ components:
userId:
type: string
format: uuid
DeviceAuthorizationRequest:
description: ''
type: object
properties:
client_id:
type: string
client_secret:
type: string
scope:
type: string
tenantId:
type: string
format: uuid
DeviceInfo:
description: ''
type: object
Expand Down Expand Up @@ -5103,6 +5165,44 @@ components:
enum:
- FirstParty
- ThirdParty
OAuthCodeAccessTokenRequest:
description: The request object for exchanging an OAuth authorization code for
an access token.
type: object
properties:
client_id:
type: string
client_secret:
type: string
code:
type: string
grant_type:
type: string
redirect_uri:
type: string
tenantId:
type: string
OAuthCodePKCEAccessTokenRequest:
description: The request object to make a request to the Token endpoint to exchange
the authorization code returned from the Authorize endpoint and a code_verifier
for an access token.
type: object
properties:
client_id:
type: string
client_secret:
type: string
code:
type: string
code_verifier:
type: string
grant_type:
type: string
redirect_uri:
type: string
tenantId:
type: string
format: uuid
OAuthConfigurationResponse:
description: ''
type: object
Expand Down Expand Up @@ -5912,6 +6012,25 @@ components:
userId:
type: string
format: uuid
RefreshTokenAccessTokenRequest:
description: The request object to exchange a Refresh Token for an Access Token.
type: object
properties:
client_id:
type: string
client_secret:
type: string
grant_type:
type: string
refresh_token:
type: string
scope:
type: string
tenantId:
type: string
format: uuid
user_code:
type: string
RefreshTokenExpirationPolicy:
description: ''
type: string
Expand Down Expand Up @@ -6145,6 +6264,30 @@ components:
- discouraged
- preferred
- required
RetrieveUserCodeRequest:
description: The request object for retrieving a user code that is part of an
in-progress Device Authorization Grant.
type: object
properties:
client_id:
type: string
client_secret:
type: string
tenantId:
type: string
format: uuid
user_code:
type: string
RetrieveUserCodeUsingAPIKeyRequest:
description: The request object for retrieving a user code that is part of an
in-progress Device Authorization Grant using an API key
type: object
properties:
tenantId:
type: string
format: uuid
user_code:
type: string
SAMLLogoutBehavior:
type: string
enum:
Expand Down Expand Up @@ -8463,6 +8606,27 @@ components:
properties:
user:
"$ref": "#/components/schemas/User"
UserCredentialsAccessTokenRequest:
description: The request object for exchanging user credentials (username and
password) for an access token.
type: object
properties:
client_id:
type: string
client_secret:
type: string
grant_type:
type: string
password:
type: string
scope:
type: string
tenantId:
type: string
user_code:
type: string
username:
type: string
UserDeactivateEvent:
description: Models the User Deactivate Event.
type: object
Expand Down Expand Up @@ -9053,6 +9217,18 @@ components:
format: uuid
enabled:
type: boolean
ValidateDeviceRequest:
description: The request object for validating an end-user provided user_code
from the user-interaction of the Device Authorization Grant
type: object
properties:
client_id:
type: string
tenantId:
type: string
format: uuid
user_code:
type: string
ValidateResponse:
description: ''
type: object
Expand Down Expand Up @@ -18417,8 +18593,8 @@ paths:
"$ref": "#/components/schemas/Errors"
"/oauth2/device/approve":
post:
description: Approve a device grant.
operationId: approveDeviceWithId
description: Approve a device grant. OR Approve a device grant.
operationId: createDeviceApprove
parameters: []
responses:
'200':
Expand Down Expand Up @@ -18448,13 +18624,30 @@ paths:
description: Success
default:
description: Error
post:
description: Retrieve a user_code that is part of an in-progress Device Authorization
Grant. This API is useful if you want to build your own login workflow to
complete a device grant. OR Retrieve a user_code that is part of an in-progress
Device Authorization Grant. This API is useful if you want to build your
own login workflow to complete a device grant. This request will require
an API key.
operationId: createDeviceUserCode
parameters: []
responses:
'200':
description: Success
default:
description: Error
"/oauth2/device/validate":
get:
description: Validates the end-user provided user_code from the user-interaction
of the Device Authorization Grant. If you build your own activation form you
should validate the user provided code prior to beginning the Authorization
grant. OR Validates the end-user provided user_code from the user-interaction
of the Device Authorization Grant. If you build your own activation form you
should validate the user provided code prior to beginning the Authorization
grant.
operationId: validateDeviceWithId
operationId: retrieveDeviceValidate
parameters:
- name: user_code
in: query
Expand All @@ -18471,12 +18664,34 @@ paths:
description: Success
default:
description: Error
"/oauth2/device_authorize":
post:
description: Start the Device Authorization flow using a request body OR Start
the Device Authorization flow using form-encoded parameters
operationId: createDevice_authorize
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/DeviceResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/OAuthError"
"/oauth2/introspect":
post:
description: Inspect an access token issued as the result of the Client Credentials
Grant. OR Inspect an access token issued as the result of the Client Credentials
Grant. OR Inspect an access token issued as the result of the User based grant
such as the Authorization Code Grant, Implicit Grant, the User Credentials
Grant or the Refresh Grant.
Grant or the Refresh Grant. OR Inspect an access token issued as the result
of the User based grant such as the Authorization Code Grant, Implicit Grant,
the User Credentials Grant or the Refresh Grant.
operationId: createIntrospect
parameters: []
responses:
Expand All @@ -18497,15 +18712,27 @@ paths:
description: Exchange User Credentials for a Token. If you will be using the
Resource Owner Password Credential Grant, you will make a request to the Token
endpoint to exchange the user’s email and password for an access token. OR
Exchange a Refresh Token for an Access Token. If you will be using the Refresh
Token Grant, you will make a request to the Token endpoint to exchange the
user’s refresh token for an access token. OR Exchanges an OAuth authorization
Exchange User Credentials for a Token. If you will be using the Resource Owner
Password Credential Grant, you will make a request to the Token endpoint to
exchange the user’s email and password for an access token. OR Exchange a
Refresh Token for an Access Token. If you will be using the Refresh Token
Grant, you will make a request to the Token endpoint to exchange the user’s
refresh token for an access token. OR Exchange a Refresh Token for an Access
Token. If you will be using the Refresh Token Grant, you will make a request
to the Token endpoint to exchange the user’s refresh token for an access token.
OR Exchanges an OAuth authorization code for an access token. Makes a request
to the Token endpoint to exchange the authorization code returned from the
Authorize endpoint for an access token. OR Exchanges an OAuth authorization
code and code_verifier for an access token. Makes a request to the Token endpoint
to exchange the authorization code returned from the Authorize endpoint and
a code_verifier for an access token. OR Exchanges an OAuth authorization code
and code_verifier for an access token. Makes a request to the Token endpoint
to exchange the authorization code returned from the Authorize endpoint and
a code_verifier for an access token. OR Exchanges an OAuth authorization code
for an access token. Makes a request to the Token endpoint to exchange the
authorization code returned from the Authorize endpoint for an access token.
OR Make a Client Credentials grant request to obtain an access token.
OR Make a Client Credentials grant request to obtain an access token. OR Make
a Client Credentials grant request to obtain an access token.
operationId: createToken
parameters: []
responses:
Expand Down