From 912570a3d036d935dd4f4b6c3ef23857802a534d Mon Sep 17 00:00:00 2001 From: Mihaly Lengyel Date: Thu, 23 May 2024 13:17:57 +0200 Subject: [PATCH] feat: remove combo recipes --- CHANGELOG.md | 15 + api_spec.yaml | 1432 +++++++++++-------------------------------------- 2 files changed, 317 insertions(+), 1130 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32c204a..3a7d426 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) +## [3.0.0] - 2024-05-24 + +### Changes + +- Removed all ThirdPartyEmailPassword and ThirdPartyPasswordless APIs + - This doesn't result in any removed paths as the same paths exists in the individual recipes, only the rid param is different +- Marked as deprecated: + - `GET /{apiBasePath}//signup/phoneNumber/exists` + - `GET /{apiBasePath}//signup/email/exists` +- Added: + - `GET /{apiBasePath}//passwordless/phoneNumber/exists` + - `GET /{apiBasePath}//passwordless/email/exists` + - `GET /{apiBasePath}//emailpassword/email/exists` + - All of the above are moved/renamed version of the APIs marked as deprecated above + ## [1.19.0] - 2023-10-XX ### Added diff --git a/api_spec.yaml b/api_spec.yaml index 3884eb6..4f3c4a1 100644 --- a/api_spec.yaml +++ b/api_spec.yaml @@ -4,7 +4,7 @@ info: description: | These are the APIs exposed by our backend SDK. To be consumed by the frontend only. `` in all the APIs are optional. Its default value is `public` - version: "1.19.0" + version: "3.0.0" title: Frontend Driver Interface contact: email: team@supertokens.io @@ -12,9 +12,7 @@ tags: - name: Session Recipe - name: EmailPassword Recipe - name: ThirdParty Recipe - - name: ThirdPartyEmailPassword Recipe - name: Passwordless Recipe - - name: ThirdPartyPasswordless Recipe - name: EmailVerification Recipe - name: MultiFactorAuth Recipe - name: TOTP Recipe @@ -457,18 +455,16 @@ paths: '500': $ref: '#/components/responses/500' - /{apiBasePath}//signinup/code⠀: + /{apiBasePath}//signinup/code: post: tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessSignInUpStart + - Passwordless Recipe + operationId: passwordlessSignInUpStart description: | - Start sign in/up process with passwordless. - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. + Start sign in/up process with passwordless parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyPasswordlessRid' + - $ref: '#/components/parameters/passwordlessRid' requestBody: content: application/json: @@ -486,6 +482,7 @@ paths: $ref: '#/components/schemas/phoneNumber' required: - phoneNumber + responses: '200': description: Started the passwordless sign in/up process. @@ -516,25 +513,23 @@ paths: '403': $ref: '#/components/responses/403-factor-setup' - + '404': $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signinup/code/resend⠀: + $ref: '#/components/responses/500' + + /{apiBasePath}//signinup/code/resend: post: tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessSignInUpResend + - Passwordless Recipe + operationId: passwordlessSignInUpResend description: | Resend passwordless code - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyPasswordlessRid' + - $ref: '#/components/parameters/passwordlessRid' requestBody: content: application/json: @@ -569,18 +564,16 @@ paths: '500': $ref: '#/components/responses/500' - /{apiBasePath}//signinup/code/consume⠀: + /{apiBasePath}//signinup/code/consume: post: tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessSignInUpConsume + - Passwordless Recipe + operationId: passwordlessSignInUpConsume description: | Finish sign in/up process with passwordless - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyPasswordlessRid' + - $ref: '#/components/parameters/passwordlessRid' requestBody: content: application/json: @@ -679,28 +672,28 @@ paths: example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' '403': $ref: '#/components/responses/403-factor-setup' + '404': + $ref: '#/components/responses/404' + '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signup/email/exists⠀⠀⠀: + $ref: '#/components/responses/500' + + /{apiBasePath}//signup/email/exists⠀⠀: get: + deprecated: true tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessEmailExists + - Passwordless Recipe + operationId: passwordlessEmailExistsDepr description: | Check if an email exists - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. + Note that there is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyPasswordlessRid' + - $ref: '#/components/parameters/passwordlessRid' - $ref: '#/components/parameters/email' responses: '200': @@ -721,21 +714,19 @@ paths: $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signup/phonenumber/exists⠀: + $ref: '#/components/responses/500' + + /{apiBasePath}//passwordless/email/exists: get: tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessPhoneNumberExists + - Passwordless Recipe + operationId: passwordlessEmailExists description: | - Check if a phone number exists - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. + Check if an email exists parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyPasswordlessRid' - - $ref: '#/components/parameters/phoneNumber' + - $ref: '#/components/parameters/passwordlessRid' + - $ref: '#/components/parameters/email' responses: '200': description: Checks if an email exists @@ -755,1111 +746,193 @@ paths: $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signinup⠀⠀: - post: + $ref: '#/components/responses/500' + + /{apiBasePath}//signup/phoneNumber/exists: + get: + deprecated: true tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessSignInUp + - Passwordless Recipe + operationId: passwordlessPhoneNumberExistsDepr description: | - Signin/up a user using a Social Provider - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. + Check if a phone number exists parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyPasswordlessRid' - requestBody: - content: - application/json: - schema: - oneOf: - - type: object - required: - - thirdPartyId - - redirectURIInfo - properties: - thirdPartyId: - $ref: '#/components/schemas/thirdPartyId' - clientType: - $ref: '#/components/schemas/clientType' - redirectURIInfo: - type: object - required: - - redirectURIOnProviderDashboard - - redirectURIQueryParams - properties: - redirectURIOnProviderDashboard: - $ref: '#/components/schemas/redirectURI' - redirectURIQueryParams: - type: object - example: - code: "neqmpdsfuqe141m5lk437867masdf" - state: "ljayfgqewertbh13245njw0" - pkceCodeVerifier: - type: string - example: abcd1234 - - type: object - required: - - thirdPartyId - - oAuthTokens - properties: - thirdPartyId: - $ref: '#/components/schemas/thirdPartyId' - clientType: - $ref: '#/components/schemas/clientType' - oAuthTokens: - $ref: '#/components/schemas/oAuthTokens' - + - $ref: '#/components/parameters/passwordlessRid' + - $ref: '#/components/parameters/phoneNumber' responses: '200': - description: Signin/up a user - headers: - Set-Cookie: - description: In cookie-based sessions - schema: - type: string - example: 'sAccessToken=eyJhb...%3D%3D; Path=/; Expires=Tue, 22 Jun 2021 07:43:07 GMT; HttpOnly; SameSite=Lax; sRefreshToken=K91cQ7ezMbu...cb61c3.V2; Path=/auth/session/refresh; Expires=Thu, 30 Sep 2021 06:43:07 GMT; HttpOnly; SameSite=Lax' - st-access-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - st-refresh-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - anti-csrf: - description: If enabled by the user - schema: - $ref: '#/components/schemas/token' - front-token: - schema: - $ref: '#/components/schemas/token' - Access-Control-Expose-Headers: - schema: - type: string - example: 'anti-csrf, front-token, st-access-token, st-refresh-token' + description: Checks if a phone number exists content: application/json: schema: oneOf: - - $ref: '#/components/schemas/signinupResponse' - - $ref: '#/components/schemas/signinupErrorResponse' + - type: object + properties: + status: + $ref: '#/components/schemas/statusOK' + exists: + $ref: '#/components/schemas/exists' - $ref: '#/components/schemas/generalErrorResponse' - '403': - $ref: '#/components/responses/403-factor-setup' - '404': $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//authorisationurl⠀⠀: + $ref: '#/components/responses/500' + + /{apiBasePath}//passwordless/phoneNumber/exists: get: tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessAuthorisationUrl + - Passwordless Recipe + operationId: passwordlessPhoneNumberExists description: | - Get the thirdparty provider's authorisation URL to which the user should be redirected to. - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. + Check if a phone number exists parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyPasswordlessRid' - - in: query - name: thirdPartyId - required: true - schema: - $ref: '#/components/schemas/thirdPartyId' - - in: query - name: redirectURIOnProviderDashboard - required: true - schema: - $ref: '#/components/schemas/redirectURI' - - in: query - name: clientType - required: false - schema: - $ref: '#/components/schemas/clientType' + - $ref: '#/components/parameters/passwordlessRid' + - $ref: '#/components/parameters/phoneNumber' responses: '200': - description: Get the OAuth authorisation URL + description: Checks if a phone number exists content: application/json: schema: oneOf: - type: object - required: - - status - - url properties: status: $ref: '#/components/schemas/statusOK' - urlWithQueryParams: - type: string - example: https://providerdomain.com/authorize?client_id=..&scope=..&access_type=.. - pkceCodeVerifier: - type: string - example: abcd1234 + exists: + $ref: '#/components/schemas/exists' - $ref: '#/components/schemas/generalErrorResponse' '404': $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' - - /{apiBasePath}/callback/apple⠀⠀: + $ref: '#/components/responses/500' + + /{apiBasePath}/signout: post: tags: - - ThirdPartyPasswordless Recipe - operationId: thirdPartyPasswordlessCallbackApple + - Session Recipe + operationId: signout description: | - Handles sign in with the apple. - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. + Logout user + security: + - AccessTokenBearer: [] + - AccessTokenCookie: [] parameters: - $ref: '#/components/parameters/apiBasePath' - requestBody: - content: - application/x-www-form-urlencoded: - schema: - type: object - properties: - code: - type: string - description: "The Authorization code which will be exchanged for an access token" - state: - type: string - description: "A unique string used to mitigate CSRF attacks" - responses: - '303': - description: Redirects the user to the client's app. - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signinup/code: - post: - tags: - - Passwordless Recipe - operationId: passwordlessSignInUpStart - description: | - Start sign in/up process with passwordless - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/passwordlessRid' + - $ref: '#/components/parameters/rid' + - $ref: '#/components/parameters/anti-csrf' requestBody: content: application/json: schema: - oneOf: - - type: object - properties: - email: - $ref: '#/components/schemas/email' - required: - - email - - type: object - properties: - phoneNumber: - $ref: '#/components/schemas/phoneNumber' - required: - - phoneNumber - + type: object responses: '200': - description: Started the passwordless sign in/up process. - content: - application/json: - schema: - oneOf: - - type: object - properties: - status: - $ref: '#/components/schemas/statusOK' - deviceId: - $ref: '#/components/schemas/deviceId' - preAuthSessionId: - $ref: '#/components/schemas/preAuthSessionId' - flowType: - type: string - enum: ['MAGIC_LINK', 'USER_INPUT_CODE_AND_MAGIC_LINK', 'USER_INPUT_CODE'] - - type: object - properties: - status: - type: string - enum: ['SIGN_IN_UP_NOT_ALLOWED'] - reason: - type: string - example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" - - $ref: '#/components/schemas/generalErrorResponse' - - '403': - $ref: '#/components/responses/403-factor-setup' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signinup/code/resend: - post: - tags: - - Passwordless Recipe - operationId: passwordlessSignInUpResend - description: | - Resend passwordless code - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/passwordlessRid' - requestBody: - content: - application/json: - schema: - type: object - properties: - deviceId: - $ref: '#/components/schemas/deviceId' - preAuthSessionId: - $ref: '#/components/schemas/preAuthSessionId' - required: - - deviceId - - preAuthSessionId - - responses: - '200': - description: Started the passwordless sign in/up process. - content: - application/json: - schema: - oneOf: - - type: object - properties: - status: - type: string - enum: ['OK', 'RESTART_FLOW_ERROR'] - - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signinup/code/consume: - post: - tags: - - Passwordless Recipe - operationId: passwordlessSignInUpConsume - description: | - Finish sign in/up process with passwordless - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/passwordlessRid' - requestBody: - content: - application/json: - schema: - oneOf: - - type: object - properties: - preAuthSessionId: - $ref: '#/components/schemas/preAuthSessionId' - linkCode: - type: string - example: b10lbT_SnDC4flA6Fn7pE5TtG5k5NfigLef4QMBeGA8 - required: - - preAuthSessionId - - linkCode - - - type: object - properties: - preAuthSessionId: - $ref: '#/components/schemas/preAuthSessionId' - deviceId: - $ref: '#/components/schemas/deviceId' - userInputCode: - type: string - example: 432123 - required: - - preAuthSessionId - - deviceId - - userInputCode - responses: - '200': - description: Signin/up a user - headers: - Set-Cookie: - description: In cookie-based sessions - schema: - type: string - example: 'sAccessToken=eyJhb...%3D%3D; Path=/; Expires=Tue, 22 Jun 2021 07:43:07 GMT; HttpOnly; SameSite=Lax; sRefreshToken=K91cQ7ezMbu...cb61c3.V2; Path=/auth/session/refresh; Expires=Thu, 30 Sep 2021 06:43:07 GMT; HttpOnly; SameSite=Lax' - st-access-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - st-refresh-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - anti-csrf: - description: If enabled by the user - schema: - $ref: '#/components/schemas/token' - front-token: - schema: - $ref: '#/components/schemas/token' - Access-Control-Expose-Headers: - schema: - type: string - example: 'anti-csrf, front-token, st-access-token, st-refresh-token' - content: - application/json: - schema: - oneOf: - - type: object - properties: - status: - $ref: '#/components/schemas/statusOK' - createdNewRecipeUser: - type: boolean - example: true - user: - $ref: '#/components/schemas/user' - - - type: object - properties: - status: - type: string - enum: ['INCORRECT_USER_INPUT_CODE_ERROR', 'EXPIRED_USER_INPUT_CODE_ERROR'] - - failedCodeInputAttemptCount: - type: number - example: 2 - maximumCodeInputAttempts: - type: number - example: 5 - - type: object - properties: - status: - type: string - enum: ['RESTART_FLOW_ERROR'] - - type: object - properties: - status: - type: string - enum: ['SIGN_IN_UP_NOT_ALLOWED'] - reason: - type: string - example: "Cannot sign in / up due to security reasons. Please contact support. (IS_SIGN_IN_ALLOWED_FALSE)" - - - $ref: '#/components/schemas/generalErrorResponse' - - '403': - $ref: '#/components/responses/403-factor-setup' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signup/email/exists⠀⠀: - get: - tags: - - Passwordless Recipe - operationId: passwordlessEmailExists - description: | - Check if an email exists - Note that there is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/passwordlessRid' - - $ref: '#/components/parameters/email' - responses: - '200': - description: Checks if an email exists - content: - application/json: - schema: - oneOf: - - type: object - properties: - status: - $ref: '#/components/schemas/statusOK' - exists: - $ref: '#/components/schemas/exists' - - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signup/phonenumber/exists: - get: - tags: - - Passwordless Recipe - operationId: passwordlessPhoneNumberExists - description: | - Check if an email exists - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/passwordlessRid' - - $ref: '#/components/parameters/phoneNumber' - responses: - '200': - description: Checks if an email exists - content: - application/json: - schema: - oneOf: - - type: object - properties: - status: - $ref: '#/components/schemas/statusOK' - exists: - $ref: '#/components/schemas/exists' - - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}/signout: - post: - tags: - - Session Recipe - operationId: signout - description: | - Logout user - security: - - AccessTokenBearer: [] - - AccessTokenCookie: [] - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/rid' - - $ref: '#/components/parameters/anti-csrf' - requestBody: - content: - application/json: - schema: - type: object - responses: - '200': - description: Logout user - headers: - Set-Cookie: - schema: - type: string - example: 'sAccessToken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax sRefreshToken=; Path=/auth/session/refresh; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax' - st-access-token: - description: Set to an empty string to trigger token clearing in the client SDK - schema: - type: string - example: "" - st-refresh-token: - description: Set to an empty string to trigger token clearing in the client SDK - schema: - type: string - example: "" - front-token: - schema: - type: string - example: remove - Access-Control-Expose-Headers: - schema: - type: string - example: front-token, st-access-token, st-refresh-token - content: - application/json: - schema: - oneOf: - - type: object - properties: - status: - $ref: '#/components/schemas/statusOK' - - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}/session/refresh: - post: - tags: - - Session Recipe - operationId: refresh - security: - - RefreshTokenBearer: [] - - RefreshTokenCookie: [] - description: | - Refresh the user session - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/rid' - - $ref: '#/components/parameters/anti-csrf' - responses: - '200': - description: Refresh users - headers: - Set-Cookie: - description: In cookie-based sessions - schema: - type: string - example: 'sAccessToken=eyJhb...%3D%3D; Path=/; Expires=Tue, 22 Jun 2021 07:43:07 GMT; HttpOnly; SameSite=Lax; sRefreshToken=K91cQ7ezMbu...cb61c3.V2; Path=/auth/session/refresh; Expires=Thu, 30 Sep 2021 06:43:07 GMT; HttpOnly; SameSite=Lax' - st-access-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - st-refresh-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - anti-csrf: - description: If enabled by the user - schema: - $ref: '#/components/schemas/token' - front-token: - schema: - $ref: '#/components/schemas/token' - Access-Control-Expose-Headers: - schema: - type: string - example: 'anti-csrf, front-token, st-access-token, st-refresh-token' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signin: - post: - tags: - - EmailPassword Recipe - operationId: signIn - description: | - Signin a user with email ID and password - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/rid' - requestBody: - content: - application/json: - schema: - type: object - properties: - formFields: - $ref: '#/components/schemas/formFields' - responses: - '200': - description: Sign in Response - headers: - Set-Cookie: - description: In cookie-based sessions - schema: - type: string - example: 'sAccessToken=eyJhb...%3D%3D; Path=/; Expires=Tue, 22 Jun 2021 07:43:07 GMT; HttpOnly; SameSite=Lax; sRefreshToken=K91cQ7ezMbu...cb61c3.V2; Path=/auth/session/refresh; Expires=Thu, 30 Sep 2021 06:43:07 GMT; HttpOnly; SameSite=Lax' - st-access-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - st-refresh-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - anti-csrf: - description: If enabled by the user - schema: - $ref: '#/components/schemas/token' - front-token: - schema: - $ref: '#/components/schemas/token' - Access-Control-Expose-Headers: - schema: - type: string - example: 'anti-csrf, front-token, st-access-token, st-refresh-token' - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/signInResponse' - - $ref: '#/components/schemas/signInNotAllowedResponse' - - $ref: '#/components/schemas/fieldErrorResponse' - - $ref: '#/components/schemas/wrongCredentialsResponse' - - $ref: '#/components/schemas/generalErrorResponse' - - '403': - $ref: '#/components/responses/403-factor-setup' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signup: - post: - tags: - - EmailPassword Recipe - operationId: signUp - description: | - Signup a user with email ID and password - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/emailPasswordRid' - requestBody: - content: - application/json: - schema: - type: object - properties: - formFields: - $ref: '#/components/schemas/formFields' - responses: - '200': - description: Sign up Response - headers: - Set-Cookie: - description: In cookie-based sessions - schema: - type: string - example: 'sAccessToken=eyJhb...%3D%3D; Path=/; Expires=Tue, 22 Jun 2021 07:43:07 GMT; HttpOnly; SameSite=Lax; sRefreshToken=K91cQ7ezMbu...cb61c3.V2; Path=/auth/session/refresh; Expires=Thu, 30 Sep 2021 06:43:07 GMT; HttpOnly; SameSite=Lax' - st-access-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - st-refresh-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - anti-csrf: - description: If enabled by the user - schema: - $ref: '#/components/schemas/token' - front-token: - schema: - $ref: '#/components/schemas/token' - Access-Control-Expose-Headers: - schema: - type: string - example: 'anti-csrf, front-token, st-access-token, st-refresh-token' - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/signupResponse' - - $ref: '#/components/schemas/signUpNotAllowedResponse' - - $ref: '#/components/schemas/fieldErrorResponse' - - $ref: '#/components/schemas/generalErrorResponse' - - '403': - $ref: '#/components/responses/403-factor-setup' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signup/email/exists: - get: - tags: - - EmailPassword Recipe - operationId: emailExists - description: | - Check if an email exists - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/emailPasswordRid' - - $ref: '#/components/parameters/email' - responses: - '200': - description: Checks if an email exists - content: - application/json: - schema: - oneOf: - - type: object - properties: - status: - $ref: '#/components/schemas/statusOK' - exists: - $ref: '#/components/schemas/exists' - - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//user/password/reset/token: - post: - tags: - - EmailPassword Recipe - operationId: passwordResetToken - description: | - Generate a new reset password token for this user - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/emailPasswordRid' - requestBody: - content: - application/json: - schema: - type: object - properties: - formFields: - $ref: '#/components/schemas/formFields' - example: { formFields: [ {id: 'email', value: 'test@email.com'}]} - responses: - '200': - description: Generate a new reset password token for this user - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/passwordResetTokenResponse' - - $ref: '#/components/schemas/passwordResetNotAllowedResponse' - - $ref: '#/components/schemas/fieldErrorResponse' - - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//user/password/reset: - post: - tags: - - EmailPassword Recipe - operationId: passwordReset - description: | - Reset a password using password reset token - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/emailPasswordRid' - requestBody: - content: - application/json: - schema: - type: object - properties: - method: - $ref: '#/components/schemas/method' - formfields: - $ref: '#/components/schemas/formFields' - token: - $ref: '#/components/schemas/token' - example: { method: "token", formFields: [{id: "password", value: "newPass123"} ], token: "ZTRiOTBjNz...jI5MTZlODkxw"} - responses: - '200': - description: Reset a password using password reset token - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/passwordResetResponse' - - $ref: '#/components/schemas/passwordResetErrorResponse' - - $ref: '#/components/schemas/fieldErrorResponse' - - $ref: '#/components/schemas/generalErrorResponse' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signinup: - post: - tags: - - ThirdParty Recipe - operationId: signInUp - description: | - Signin/up a user - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyRid' - requestBody: - content: - application/json: - schema: - oneOf: - - type: object - required: - - thirdPartyId - - redirectURIInfo - properties: - thirdPartyId: - $ref: '#/components/schemas/thirdPartyId' - clientType: - $ref: '#/components/schemas/clientType' - redirectURIInfo: - type: object - required: - - redirectURIOnProviderDashboard - - redirectURIQueryParams - properties: - redirectURIOnProviderDashboard: - $ref: '#/components/schemas/redirectURI' - redirectURIQueryParams: - type: object - example: - code: "neqmpdsfuqe141m5lk437867masdf" - state: "ljayfgqewertbh13245njw0" - pkceCodeVerifier: - type: string - example: abcd1234 - - type: object - required: - - thirdPartyId - - oAuthTokens - properties: - thirdPartyId: - $ref: '#/components/schemas/thirdPartyId' - clientType: - $ref: '#/components/schemas/clientType' - oAuthTokens: - $ref: '#/components/schemas/oAuthTokens' - responses: - '200': - description: Signin/up a user - headers: - Set-Cookie: - description: In cookie-based sessions + description: Logout user + headers: + Set-Cookie: schema: type: string - example: 'sAccessToken=eyJhb...%3D%3D; Path=/; Expires=Tue, 22 Jun 2021 07:43:07 GMT; HttpOnly; SameSite=Lax; sRefreshToken=K91cQ7ezMbu...cb61c3.V2; Path=/auth/session/refresh; Expires=Thu, 30 Sep 2021 06:43:07 GMT; HttpOnly; SameSite=Lax' + example: 'sAccessToken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax sRefreshToken=; Path=/auth/session/refresh; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax' st-access-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - st-refresh-token: - description: In header-based sessions - schema: - $ref: '#/components/schemas/token' - anti-csrf: - description: If enabled by the user - schema: - $ref: '#/components/schemas/token' - front-token: - schema: - $ref: '#/components/schemas/token' - Access-Control-Expose-Headers: + description: Set to an empty string to trigger token clearing in the client SDK schema: type: string - example: 'anti-csrf, front-token, st-access-token, st-refresh-token' - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/signinupResponse' - - $ref: '#/components/schemas/signinupErrorResponse' - - $ref: '#/components/schemas/generalErrorResponse' - - '403': - $ref: '#/components/responses/403-factor-setup' - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//authorisationurl: - get: - tags: - - ThirdParty Recipe - operationId: authorisationUrl - description: | - Get the thirdparty provider's authorisation URL to which the user should be redirected to. - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyRid' - - in: query - name: thirdPartyId - required: true - schema: - $ref: '#/components/schemas/thirdPartyId' - - in: query - name: redirectURIOnProviderDashboard - required: true - schema: - $ref: '#/components/schemas/redirectURI' - - in: query - name: clientType - required: false - schema: - $ref: '#/components/schemas/clientType' - responses: - '200': - description: Get the OAuth authorisation URL - content: - application/json: - schema: - oneOf: - - type: object - required: - - status - - url - properties: - status: - $ref: '#/components/schemas/statusOK' - urlWithQueryParams: - type: string - example: https://providerdomain.com/authorize?client_id=..&scope=..&access_type=.. - pkceCodeVerifier: - type: string - example: abcd1234 - - $ref: '#/components/schemas/generalErrorResponse' - - - '404': - $ref: '#/components/responses/404' - - '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//loginmethods: - get: - tags: - - Multitenancy Recipe - operationId: loginmethods - description: | - Get enabled login methods: Returns recipes with their enabled setting and recipe specific configuration. - parameters: - - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/multitenancyRid' - - in: query - name: clientType - required: false - schema: - $ref: '#/components/schemas/clientType' - responses: - '200': - description: Get enabled login methods - content: - application/json: - schema: - oneOf: - - type: object - required: - - status - - recipes - properties: - status: - $ref: '#/components/schemas/statusOK' - recipes: - type: object - required: - - emailPassword - - thirdParty - - passwordless - - firstFactors - properties: - emailPassword: - type: object - required: - - enabled - properties: - enabled: - type: boolean - example: true - thirdParty: - type: object - required: - - enabled - - providers - properties: - enabled: - type: boolean - example: true - providers: - type: array - items: - type: object - required: - - id - properties: - id: - $ref: '#/components/schemas/thirdPartyId' - name: - type: string - example: Google - passwordless: - type: object - required: - - enabled - properties: - enabled: - type: boolean - example: true - firstFactors: - type: array - items: - type: string + example: "" + st-refresh-token: + description: Set to an empty string to trigger token clearing in the client SDK + schema: + type: string + example: "" + front-token: + schema: + type: string + example: remove + Access-Control-Expose-Headers: + schema: + type: string + example: front-token, st-access-token, st-refresh-token + content: + application/json: + schema: + oneOf: + - type: object + properties: + status: + $ref: '#/components/schemas/statusOK' - $ref: '#/components/schemas/generalErrorResponse' + '404': - $ref: '#/components/responses/404' + $ref: '#/components/responses/404' + '500': - $ref: '#/components/responses/500' - - /{apiBasePath}/callback/apple: + $ref: '#/components/responses/500' + + /{apiBasePath}/session/refresh: post: tags: - - ThirdParty Recipe - operationId: thirdPartyCallbackApple + - Session Recipe + operationId: refresh + security: + - RefreshTokenBearer: [] + - RefreshTokenCookie: [] description: | - Handles sign in with the apple. + Refresh the user session parameters: - $ref: '#/components/parameters/apiBasePath' - requestBody: - content: - application/x-www-form-urlencoded: - schema: - type: object - properties: - code: - type: string - description: "The Authorization code which will be exchanged for an access token" - state: - type: string - description: "A unique string used to mitigate CSRF attacks" + - $ref: '#/components/parameters/rid' + - $ref: '#/components/parameters/anti-csrf' responses: - '303': - description: Redirects the user to the client's app. + '200': + description: Refresh users + headers: + Set-Cookie: + description: In cookie-based sessions + schema: + type: string + example: 'sAccessToken=eyJhb...%3D%3D; Path=/; Expires=Tue, 22 Jun 2021 07:43:07 GMT; HttpOnly; SameSite=Lax; sRefreshToken=K91cQ7ezMbu...cb61c3.V2; Path=/auth/session/refresh; Expires=Thu, 30 Sep 2021 06:43:07 GMT; HttpOnly; SameSite=Lax' + st-access-token: + description: In header-based sessions + schema: + $ref: '#/components/schemas/token' + st-refresh-token: + description: In header-based sessions + schema: + $ref: '#/components/schemas/token' + anti-csrf: + description: If enabled by the user + schema: + $ref: '#/components/schemas/token' + front-token: + schema: + $ref: '#/components/schemas/token' + Access-Control-Expose-Headers: + schema: + type: string + example: 'anti-csrf, front-token, st-access-token, st-refresh-token' '404': $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' + $ref: '#/components/responses/500' - /{apiBasePath}//signin⠀: + /{apiBasePath}//signin: post: tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordsignIn + - EmailPassword Recipe + operationId: signIn description: | Signin a user with email ID and password parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyEmailPasswordRid' + - $ref: '#/components/parameters/rid' requestBody: content: application/json: @@ -1913,18 +986,18 @@ paths: $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' - - /{apiBasePath}//signup⠀: + $ref: '#/components/responses/500' + + /{apiBasePath}//signup: post: tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordsignUp + - EmailPassword Recipe + operationId: signUp description: | Signup a user with email ID and password parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyEmailPasswordRid' + - $ref: '#/components/parameters/emailPasswordRid' requestBody: content: application/json: @@ -1977,19 +1050,19 @@ paths: $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' - + $ref: '#/components/responses/500' - /{apiBasePath}//signup/email/exists⠀: + /{apiBasePath}//signup/email/exists: get: + deprecated: true tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordEmailExists + - EmailPassword Recipe + operationId: emailExistsDepr description: | Check if an email exists parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyEmailPasswordRid' + - $ref: '#/components/parameters/emailPasswordRid' - $ref: '#/components/parameters/email' responses: '200': @@ -2011,17 +1084,49 @@ paths: '500': $ref: '#/components/responses/500' + + /{apiBasePath}//emailpassword/email/exists: + get: + tags: + - EmailPassword Recipe + operationId: emailExists + description: | + Check if an email exists + parameters: + - $ref: '#/components/parameters/apiBasePath' + - $ref: '#/components/parameters/emailPasswordRid' + - $ref: '#/components/parameters/email' + responses: + '200': + description: Checks if an email exists + content: + application/json: + schema: + oneOf: + - type: object + properties: + status: + $ref: '#/components/schemas/statusOK' + exists: + $ref: '#/components/schemas/exists' + - $ref: '#/components/schemas/generalErrorResponse' - /{apiBasePath}//user/password/reset/token⠀: + '404': + $ref: '#/components/responses/404' + + '500': + $ref: '#/components/responses/500' + + /{apiBasePath}//user/password/reset/token: post: tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordPasswordResetToken + - EmailPassword Recipe + operationId: passwordResetToken description: | Generate a new reset password token for this user parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyEmailPasswordRid' + - $ref: '#/components/parameters/emailPasswordRid' requestBody: content: application/json: @@ -2047,18 +1152,18 @@ paths: $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' + $ref: '#/components/responses/500' - /{apiBasePath}//user/password/reset⠀: + /{apiBasePath}//user/password/reset: post: tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordPasswordReset + - EmailPassword Recipe + operationId: passwordReset description: | Reset a password using password reset token parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyEmailPasswordRid' + - $ref: '#/components/parameters/emailPasswordRid' requestBody: content: application/json: @@ -2090,18 +1195,16 @@ paths: '500': $ref: '#/components/responses/500' - /{apiBasePath}//signinup⠀: + /{apiBasePath}//signinup: post: tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordSignInUp + - ThirdParty Recipe + operationId: signInUp description: | - Signin/up a user using a Social Provider - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. + Signin/up a user parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyEmailPasswordRid' + - $ref: '#/components/parameters/thirdPartyRid' requestBody: content: application/json: @@ -2188,18 +1291,16 @@ paths: '500': $ref: '#/components/responses/500' - /{apiBasePath}//authorisationurl⠀: + /{apiBasePath}//authorisationurl: get: tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordAuthorisationUrl + - ThirdParty Recipe + operationId: authorisationUrl description: | Get the thirdparty provider's authorisation URL to which the user should be redirected to. - - Note: There is an invisible character at the end of the path, this was to avoid a conflict with the OpenAPI spec. parameters: - $ref: '#/components/parameters/apiBasePath' - - $ref: '#/components/parameters/thirdPartyEmailPasswordRid' + - $ref: '#/components/parameters/thirdPartyRid' - in: query name: thirdPartyId required: true @@ -2236,18 +1337,103 @@ paths: type: string example: abcd1234 - $ref: '#/components/schemas/generalErrorResponse' + '404': $ref: '#/components/responses/404' '500': - $ref: '#/components/responses/500' + $ref: '#/components/responses/500' - /{apiBasePath}/callback/apple⠀: + /{apiBasePath}//loginmethods: + get: + tags: + - Multitenancy Recipe + operationId: loginmethods + description: | + Get enabled login methods: Returns recipes with their enabled setting and recipe specific configuration. + parameters: + - $ref: '#/components/parameters/apiBasePath' + - $ref: '#/components/parameters/multitenancyRid' + - in: query + name: clientType + required: false + schema: + $ref: '#/components/schemas/clientType' + responses: + '200': + description: Get enabled login methods + content: + application/json: + schema: + oneOf: + - type: object + required: + - status + - recipes + properties: + status: + $ref: '#/components/schemas/statusOK' + recipes: + type: object + required: + - emailPassword + - thirdParty + - passwordless + - firstFactors + properties: + emailPassword: + type: object + required: + - enabled + properties: + enabled: + type: boolean + example: true + thirdParty: + type: object + required: + - enabled + - providers + properties: + enabled: + type: boolean + example: true + providers: + type: array + items: + type: object + required: + - id + properties: + id: + $ref: '#/components/schemas/thirdPartyId' + name: + type: string + example: Google + passwordless: + type: object + required: + - enabled + properties: + enabled: + type: boolean + example: true + firstFactors: + type: array + items: + type: string + - $ref: '#/components/schemas/generalErrorResponse' + '404': + $ref: '#/components/responses/404' + '500': + $ref: '#/components/responses/500' + + /{apiBasePath}/callback/apple: post: tags: - - ThirdPartyEmailPassword Recipe - operationId: thirdPartyEmailPasswordCallbackApple + - ThirdParty Recipe + operationId: thirdPartyCallbackApple description: | Handles sign in with the apple. parameters: @@ -2273,7 +1459,7 @@ paths: '500': $ref: '#/components/responses/500' - + /{apiBasePath}//user/email/verify/token: post: tags: @@ -2570,13 +1756,6 @@ components: example: thirdparty schema: type: string - - thirdPartyEmailPasswordRid: - name: rid - in: header - example: thirdpartyemailpassword - schema: - type: string passwordlessRid: name: rid @@ -2584,13 +1763,6 @@ components: example: passwordless schema: type: string - - thirdPartyPasswordlessRid: - name: rid - in: header - example: thirdpartypasswordless - schema: - type: string emailVerificationRid: name: rid