Added new routes for OIDC functionality

Author: telday

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Added
+- Added two new routes which provide information on enabled OIDC providers and updated the OIDC authenticate route.
+  [cyberark/conjur-openapi-spec#220](https://github.com/cyberark/conjur-openapi-spec/pull/220)
+
 ## [5.3.0] - 2021-12-22
 
 ### Added

spec/authentication.yml

@@ -16,6 +16,19 @@ components:
           "signature": "NrknEA762z0x-FVdQjFGeTT.....AFjHc0"
         }
 
+    OIDCAuthResponse:
+      type: object
+      properties:
+        authentication_token:
+          type: string
+        bearer_token:
+          type: string
+      example:
+        {
+          "authentication_token": "kashdbgjkahbfglian..kajshfbkjashbfg",
+          "bearer_token": "hbgLKGrkjbKGbkhbk...gKSkgkhksjdbBG"
+        }
+
     JWTToken:
       type: object
       properties:
@@ -92,6 +105,16 @@ components:
           "id_token": "eyJhbGciOiJSUzI1NiIs......uTonCA"
         }
 
+    OIDCInfo:
+      type: object
+      properties:
+        service_id:
+          type: string
+        redirect_uri:
+          type: string
+      required:
+        - service_id
+
     UserId:
       type: string
       minLength: 1
@@ -124,6 +147,28 @@ components:
           schema:
             type: string
 
+    OIDCInfo:
+      description: "Description of a specific OIDC provider"
+      content:
+        text/plain:
+          schema:
+            $ref: '#/components/schemas/OIDCInfo'
+
+    OIDCInfoList:
+      description: "List of all OIDC provider information"
+      content:
+        text/plain:
+          schema:
+            type: array
+            items:
+              $ref: '#/components/schemas/OIDCInfo'
+
+    OIDCAuthResponse:
+      description: "Response contains tokens allowing for authentication with Conjur"
+      content:
+        text/plain:
+          schema:
+            $ref: "#/components/schemas/OIDCAuthResponse"
   paths:
     DefaultLogin:
       parameters:
@@ -181,7 +226,6 @@ components:
         security:
           - basicAuth: []
 
-
     K8sInjectClientCert:
       parameters:
         - $ref: 'openapi.yml#/components/parameters/RequestID'
@@ -750,8 +794,73 @@ components:
             $ref: 'openapi.yml#/components/responses/BadRequest'
           "401":
             $ref: 'openapi.yml#/components/responses/UnauthorizedError'
-          "404":
-            $ref: 'openapi.yml#/components/responses/ResourceNotFound'
+      get:
+        tags:
+        - "authentication"
+        summary: |
+          Gets a short-lived access token for applications using OpenID
+          Connect (OIDC) to access the Conjur API.
+        description: |
+          Use the OIDC Authenticator to leverage the identity layer
+          provided by OIDC to authenticate with Conjur.
+
+          For more information see [the documentation](https://docs.conjur.org/Latest/en/Content/OIDC/OIDC.htm).
+        operationId: "getAccessTokenViaOIDCV2"
+        parameters:
+        - $ref: openapi.yml#/components/parameters/ServiceID
+
+        - name: "account"
+          in: "path"
+          required: true
+          description: "Organization account name"
+          schema:
+            $ref: 'openapi.yml#/components/schemas/AccountName'
+
+        - name: "code"
+          in: "query"
+          required: true
+          description: "The code retrieved from the OIDC server"
+          schema:
+            type: string
+
+        - name: "state"
+          in: "query"
+          required: true
+          description: "The state passed to the OIDC server on code retrieval"
+          schema:
+            type: string
+
+        responses:
+          "200":
+            $ref: '#/components/responses/AccessToken'
+          "400":
+            $ref: 'openapi.yml#/components/responses/BadRequest'
+          "401":
+            $ref: 'openapi.yml#/components/responses/UnauthorizedError'
+
+    ListOIDCAuthenticators:
+      parameters:
+        - $ref: 'openapi.yml#/components/parameters/RequestID'
+      get:
+        tags:
+        - "authentication"
+        summary: |
+          Gets basic information about the requested OIDC provider
+        description: |
+          Gets basic information about the requested OIDC provider. This includes
+          the redirect uri for authenticating using OIDC.
+        operationId: "listOIDCProviders"
+        parameters:
+        - name: "account"
+          in: "path"
+          required: true
+          description: "Organization account name"
+          schema:
+            $ref: 'openapi.yml#/components/schemas/AccountName'
+
+        responses:
+          "200":
+            $ref: '#/components/responses/OIDCInfoList'
 
         security: []
 

spec/openapi.yml

@@ -203,6 +203,9 @@ paths:
   '/authn-oidc/{service_id}/{account}/authenticate':
     $ref: 'authentication.yml#/components/paths/OIDCAuthenticate'
 
+  '/authn-oidc/{account}/providers':
+    $ref: 'authentication.yml#/components/paths/ListOIDCAuthenticators'
+
   '/authn-jwt/{service_id}/{account}/authenticate':
     $ref: 'authentication.yml#/components/paths/JWTAuthenticate'