---
swagger: "2.0"
info:
description: 'This API is used as a OAUTH2 provider for implicit client credentials.
PCF Deployment Reference(TW): XP-D-IssDvcAdmin-Oauth2-IMPLTOK-DGL-EA-TW.
PCF Deployment Reference(GC): XP-D-IssDvcAdmin-Oauth2-IMPLTOK-DGL-EA
PCF Deployment Reference(EM): XP-D-IssDvcAdmin-Oauth2-IMPLTOK-DGL-EA-EM'
x-ibm-name: IssuedDeviceAdministration_Oauth2_ImplicitToken_Digital_Domain
title: IssuedDeviceAdministration_Oauth2_ImplicitToken_Digital_Domain
version: 1.0.0
schemes:
- https
host: 127.0.0.1
basePath: /confidential/private/v1/implicit
securityDefinitions:
clientID:
description: application's client_id
in: header
name: X-IBM-Client-Id
type: apiKey
security:
- clientID: []
paths:
/oauth2/token:
post:
consumes:
- application/x-www-form-urlencoded
produces:
- application/json
summary: Request Access Tokens
operationId: RequestOauth2AccessTokens
description: |
This endpoint allows requesting an access token following one of the flows below:
- Authorization Code (exchange code for access token)
- Client Credentials (2-legged, there isnt resource owner information)
- Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
- Refresh Token (exchange refresh token for a new access token)
The table below indicates the required parameters for each specific grant_type options.
Empty cells indicate a parameter is ignored for that specific grant type.
Client authentication:
- Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post
their client_id and client_secret information as a formData parameter.
- Public clients should send their client_id as formData parameter.
| grant_type | code | client_credentials | password | refresh_token |
|----------------------|------------|--------------------|-------------|---------------|
| client_id | required | required | required | required |
| client_secret | required | required | required | required |
| code | required | | | |
| redirect_uri | required | | | |
| username | | | required | |
| password | | | required | |
| scope | | optional | optional | |
| refresh_token | | | | required |
The implicit grant requests, see /oauth2/authorize.
parameters:
- name: grant_type
in: formData
description: Type of grant
type: string
required: true
enum:
- authorization_code
- password
- client_credentials
- refresh_token
- name: client_id
in: formData
description: Application client ID, can be provided in formData or using HTTP
Basic Authentication
required: true
type: string
- name: client_secret
in: formData
description: Application secret, must be provided in formData or using HTTP
Basic Authentication
required: false
type: string
- name: code
in: formData
description: Authorization code provided by the /oauth2/authorize endpoint
required: false
type: string
- name: redirect_uri
in: formData
description: required only if the redirect_uri parameter was included in the
authorization request /oauth2/authorize; their values MUST be identical.
required: false
type: string
- name: username
in: formData
type: string
description: Resource owner username
required: true
- name: password
in: formData
type: string
description: Resource owner password
required: true
- name: scope
in: formData
type: string
description: Scope being requested
required: true
- name: refresh_token
in: formData
type: string
description: The refresh token that the client wants to exchange for a new
access token (refresh_token grant_type)
required: false
responses:
200:
description: json document containing token, etc.
schema:
$ref: '#/definitions/RequestOauth2AccessTokensResponse'
400:
description: json document that may contain additional details about the
failure
security:
- []
/oauth2/introspect:
post:
consumes:
- application/x-www-form-urlencoded
produces:
- application/json
summary: Introspect a given access_token supported
operationId: RequestOauth2AccessTokenIntrospect
description: |
This endpoint introspects a given access_token
parameters:
- name: token
in: formData
description: String value of the access_token to be introspected
required: true
type: string
- name: token_type_hint
in: formData
description: This must contain 'access_token' to indicate the token type
required: true
type: string
responses:
200:
description: json document containing access_token information, etc.
schema:
$ref: '#/definitions/RequestOauth2AccessTokenIntrospectResponse'
401:
description: failure
security: []
x-ibm-configuration:
testable: true
enforced: true
phase: realized
type: oauth
definitions:
RequestOauth2AccessTokensResponse:
type: object
additionalProperties: false
required:
- token_type
- access_token
- expires_in
properties:
token_type:
enum:
- bearer
access_token:
type: string
expires_in:
type: integer
scope:
type: string
refresh_token:
type: string
RequestOauth2AccessTokenIntrospectResponse:
type: object
additionalProperties: false
required:
- active
- client_id
- client_name
- username
- sub
- exp
- expstr
- iat
- nbf
- nbfstr
- scope
properties:
active:
type: boolean
client_id:
type: string
client_name:
type: string
username:
type: string
sub:
type: string
exp:
type: string
expstr:
type: string
iat:
type: string
nbf:
type: string
nbfstr:
type: string
scope:
type: string
miscinfo:
type: string
consented_on:
type: string
consented_on_str:
type: string
grant_type:
type: string
x-ibm-endpoints:
- endpointUrl: https://emea.sit.api.citi.com/gcb
description: Custom Gateway API Endpoint
type:
- production
- development
...