openapi: 3.1.0
info:
  title: DTZ Identity
  version: 2.0.4
  description: a generated client for the DTZ Identity API
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  contact:
    name: Jens Walter
    email: jens@apimeister.com
servers:
- url: https://identity.dtz.rocks/api/2021-02-21
paths:
  /auth/apikey:
    post:
      summary: authenticate with apikey
      operationId: authenticateApikey
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApikeyRequest'
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
  /signup:
    post:
      summary: create a new identity with the given email as account email, also create an authentication with the given credentials to allow a login, creates a default context
      operationId: userSignup
      security: []
      requestBody:
        description: signup
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignupRequest'
        required: true
      responses:
        "200":
          description: user created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
        "500":
          description: server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
  /authentication:
    get:
      summary: list user authentications
      operationId: listAuthentication
      responses:
        "200":
          description: list of authentication
          content:
            application/json:
              schema:
                type: object
                properties:
                  identityId:
                    type: string
                    format: IdentityId
                  userAuth:
                    type: array
                    items:
                      type: object
                      properties:
                        userName:
                          type: string
                        defaultContextId:
                          type: string
                          format: ContextId
                      required:
                        - userName
                  apiKeyAuth:
                    type: array
                    items:
                      type: object
                      properties:
                        apiKey:
                          type: string
                        defaultContextId:
                          type: string
                          format: ContextId
                        alias:
                          type: string
                        createdAt:
                          type: string
                          format: date-time
                        lastUsedAt:
                          type: string
                          format: date-time
                  oauthAuth:
                    type: array

    post:
      summary: update the user authentication, aka change you password or default context
      operationId: changeAuthentication
      requestBody:
        description: update an existing authentication
        content:
          application/json:
            schema:
              type: object
              properties:
                email:
                  type: string
                oldPassword:
                  type: string
                newPassword:
                  type: string
                defaultContextId:
                  type: string
                  format: ContextId
              required:
                - email
      responses:
        "200":
          description: success
  /context:
    get:
      summary: get a list of contexts that the user has access to
      operationId: listAvailableContexts
      responses:
        "200":
          description: all context ids
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
                  properties:
                    contextId:
                      type: string
                      format: ContextId
  /context/{context_id}:
    delete:
      summary: delete all roles attached to this context
      operationId: deleteContextRoles
      parameters:
        - in: path
          name: context_id
          schema:
            type: string
            pattern: 'context-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'
            examples:
              - sample_id:
                value: context-01909cb6-225b-7f11-8779-c401fbee19ff
          required: true
          description: context_id
      responses:
        "200":
          description: status
  /context/{context_id}/new:
    post:
      summary: create identity requirements for a new context
      operationId: newContext
      parameters:
        - in: path
          name: context_id
          schema:
            type: string
            format: ContextId
          required: true
          description: context_id
      requestBody:
        description: context creation request
        content:
          application/json:
            schema:
              type: object
              properties:
                identity_id:
                  type: string
                  format: IdentityId
                service_principal_id:
                  type: string
                  format: IdentityId
      responses:
        "200":
          description: status
  /identity:
    get:
      summary: get a list of all available identities
      operationId: listIdentity
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: object
                properties:
                  currentIdentity:
                    type: string
                  identities:
                    type: array
                    items:
                      type: object
                      properties:
                        identityId:
                          type: string
                        email:
                          type: string
                        description:
                          type: string
    post:
      summary: creates a new identity
      operationId: newIdentity
      requestBody:
        description: create identity request
        content:
          application/json:
            schema:
              type: object
              properties:
                email:
                  type: string
                description:
                  type: string
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: object
                properties:
                  identityId:
                    type: string
                  email:
                    type: string
                  description:
                    type: string
  /identity/assume:
    post: 
      summary: assume identity
      operationId: assumeIdentity
      requestBody:
        description: assume different identity
        content:
          application/json:
            schema:
              type: object
              properties:
                email:
                  type: string
                identityId:
                  type: string
                  format: IdentityId
                contextId:
                  type: string
                  format: ContextId
                  description: target context the token is issued for, if not present, a random context will be chosen.
      responses:
        "200":
          description: success
          content: 
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
        "401":
          description: Invalid input
          content: 
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
  /identity/check:
    post: 
      summary: checks whether an identity exists
      operationId: checkIdentity
      requestBody:
        description: checking for existing identity
        content:
          application/json:
            schema:
              type: object
              properties:
                email:
                  type: string
                identityId:
                  type: string
                  format: IdentityId
      responses:
        "200":
          description: success
          content: 
            application/json:
              schema:
                type: object
                properties:
                  exists:
                    type: boolean
        "401":
          description: Invalid input
          content: 
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
  /me:
    get:
      summary: get account stats
      operationId: getAccountStats
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: object
                properties:
                  roles:
                    type: array
                    items:
                      type: object
                      properties:
                        contextId:
                          type: string
                          format: ContextId
                        count:
                          type: number
                  identityCount: 
                    type: number
                  authenticationCount:
                    type: number
  /me/email:
    get:
      summary: Get account email
      operationId: getAccountEmail
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: object
                properties:
                  email:
                    type: string
        "404":
          description: Email not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
  /me/identity:
    delete:
      summary: delete current identity
      operationId: deleteIdentity
      responses:
        "200":
          description: success
  /me/identity/apikey:
    post:
      summary: create api key
      operationId: createApiKey
      requestBody:
        description: api key creation
        content:
          application/json:
            schema:
              type: object
              properties:
                contextId:
                  type: string
                  format: ContextId
                alias:
                  type: string
              required:
              - contextId
        required: true
      responses:
        "200":
          description: success
          content:
            text/plain:
              schema:
                type: string
              examples:
                text:
                  summary: api key
                  value: apikey-00000000-0000-0000-0000-000000000000
  /me/identity/apikey/{apikey}:
    delete:
      summary: delete api key
      operationId: deleteApiKey
      parameters:
        - in: path
          name: apikey
          schema:
            type: string
            format: ApikeyId
          required: true
          description: api key
      responses:
        "200":
          description: success
    patch:
      summary: update the api key alias
      operationId: updateApiKeyAlias
      parameters:
        - in: path
          name: apikey
          schema:
            type: string
            format: ApikeyId
          required: true
          description: api key
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                alias:
                  type: string
      responses:
        "200":
          description: success
  /me/roles/{roleId}:
    post:
      summary: create role assignment
      operationId: assignRole
      parameters:
        - in: path
          name: roleId
          schema:
            type: string
            format: RoleId
          required: true
          description: role id
      responses:
        "200":
          description: success
    delete:
      summary: remove role assignment from identity
      operationId: removeRoleAssignment
      parameters:
        - in: path
          name: roleId
          schema:
            type: string
            format: RoleId
          required: true
          description: role id
      responses:
        "200":
          description: success
  /token/auth:
    post:
      summary: user login
      operationId: userLogin
      security: []
      requestBody:
        description: login
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthRequest'
        required: true
      responses:
        "200":
          description: success
          content: 
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
        "401":
          description: Invalid input
          content: 
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
  /token/refresh:
    post:
      summary: token refresh
      description: token refresh
      operationId: tokenRefresh
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ChangeContextRequest'
        required: true
      responses:
        "200":
          description: success
          content: 
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
  /roles:
    get:
      summary: get roles which are abstract - not assigned to any context or identity
      operationId: getAbstractRoles
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: object
                properties:
                  roles:
                    type: array
                    items:
                      $ref: '#/components/schemas/AbstractRole'
  /roles/context/{contextId}:
    get:
      summary: get roles for a certain context id
      operationId: getRolesForContext
      parameters:
        - in: path
          name: contextId
          schema:
            type: string
            format: ContextId
          required: true
          description: context id
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: object
                properties:
                  roles:
                    type: array
                    items:
                      $ref: '#/components/schemas/ContextRole'
    post:
      summary: create role from abstract role (template)
      operationId: createRoleForContext
      parameters:
        - in: path
          name: contextId
          schema:
            type: string
            format: ContextId
          required: true
          description: context id
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                roleId:
                  type: string
                  format: roleId
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ContextRole'  
  /roles/identity/{identityId}:
    get:
      summary: get roles for a certain identity id
      operationId: getRolesForIdentity
      parameters:
        - in: path
          name: identityId
          schema:
            type: string
            format: IdentityId
          required: true
          description: identity id
      responses:
        "200":
          description: success
          content:
            application/json:
              schema:
                type: object
                properties:
                  roles:
                    type: array
                    items:
                      $ref: '#/components/schemas/IdentityRole'
  /roles/context/{contextId}/{roleId}/share:
    post:
      summary: sharing a role with another identity
      operationId: shareRole
      parameters:
        - in: path
          name: contextId
          schema:
            type: string
            format: ContextId
          required: true
          description: context id
        - in: path
          name: roleId
          schema:
            type: string
            format: RoleId
          required: true
          description: role id
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                email:
                  type: string
                identityId:
                  type: string
                  format: IdentityId
        required: true
      responses:
        "200":
          description: success
        "401":
          description: forbidden
        "400":
          description: bad request
          content:
            application/json:
              schema:
                type: object
                properties:
                  msg:
                    type: string
  /oauth/authorize:
    get:
      summary: oauth authorize
      operationId: oauthAuthorize
      x-dtz-include-headers: true
      parameters: 
        - in: query
          name: response_type
          schema:
            type: string
          required: true
        - in: query
          name: client_id
          schema:
            type: string
          required: true
        - in: query
          name: redirect_uri
          schema:
            type: string
          required: true
        - in: query
          name: scope
          schema:
            type: string
          required: true
        - in: query
          name: state
          schema:
            type: string
        - in: query
          name: nonce
          schema:
            type: string
      responses:
        "302":
          description: success
          headers:
            Location:
              schema:
                type: string
              description: redirect uri
        "401":
          description: unauthorized
  /oauth/token:
    post:
      summary: oauth token request
      description: oauth token request
      operationId: oauthToken
      security: []
      requestBody:
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/OauthTokenRequest'
        required: true
      responses:
        "200":
          description: success
          content: 
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'      
components:
  schemas:
    ApikeyRequest:
      type: object
      properties:
        apiKey:
          type: string
        contextId:
          type: string
          format: ContextId
      required:
      - apiKey
    ErrorResponse:
      required:
      - status
      type: object
      properties:
        status:
          type: string
    SignupRequest:
      type: object
      properties:
        email:
          type: string
        password:
          type: string
      required:
        - email
        - password
    AuthRequest:
      type: object
      properties:
        username:
          type: string
        password:
          type: string
        scopes:
          type: array
          items:
            type: string
      required:
        - username
        - password
    ChangeContextRequest:
      type: object
      properties:
        contextId:
          type: string
          format: ContextId
    TokenResponse:
      type: object
      properties:
        access_token:
          type: string
        scope:
          type: string
        token_type:
          type: string
        expires_in:
          type: number
      required:
      - access_token
      - token_type
      - expires_in
    AbstractRole:
      type: object
      properties:
        roleId:
          type: string
          format: RoleId
        roleAlias:
          type: string
        roleScope:
          type: string
      required:
      - roleId
      - roleScope
    ContextRole:
      type: object
      properties:
        roleId:
          type: string
          format: RoleId
        abstractRoleId:
          type: string
          format: RoleId
        roleAlias:
          type: string
        roleScope:
          type: string
        assignedToUser:
          type: boolean
      required:
        - roleId
        - roleAlias
        - roleScope
    IdentityRole:
      type: object
      properties:
        roleId:
          type: string
          format: RoleId
        abstractRoleId:
          type: string
          format: RoleId
        roleAlias:
          type: string
        roleScope:
          type: string
        assignedToUser:
          type: boolean
      required:
        - roleId
        - roleAlias
        - roleScope
        - exposure
    Role:
      type: object
      properties:
        roleId:
          type: string
          format: RoleId
        roleAlias:
          type: string
        roleScope:
          type: string
        contextId:
          type: string
          format: ContextId
        exposure:
          type: string
        assignedToUser:
          type: boolean
      required:
        - roleId
        - roleAlias
        - roleScope
        - exposure
    OauthTokenRequest:
      type: object
      properties:
        grant_type:
          type: string
        client_id:
          type: string
        client_secret:
          type: string
        redirect_uri:
          type: string
        code:
          type: string
      required:
      - grant_type
      - client_id
      - client_secret
      - redirect_uri
      - code
  securitySchemes:
    dtz_oauth:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://identity.dtz.rocks/api/2021-02-21/oauth/authorize
          tokenUrl: https://identity.dtz.rocks/api/2021-02-21/oauth/token
          scopes: {}
    dtz_apikey:
      type: apiKey
      in: header
      name: X-API-KEY
    dtz-cookie:
      type: apiKey
      in: cookie
      name: dtz_auth
security:
  - dtz_apikey: []
  - dtz_oauth: []
  - dtz-cookie: []