Open rishabhpoddar opened 1 year ago
Thank you for sending this to me. Neither of the documents is publicly visible, though.
@ykdojo those docs are internal at the moment. You can follow this issue to be notified when we release this feature.
TODO
Hydra /admin/clients
endpoint behaviours:
GET
/admin/clients/{clientId}
{
""error"": ""Unable to locate the resource"",
""error_description"": """"
}
Expected core response:
{status: OAUTH2_CLIENT_NOT_FOUND_ERROR}
DELETE
/admin/clients/{clientId}
Expected core response:
{status: OK}
{status: OAUTH2_CLIENT_NOT_FOUND_ERROR}
POST
/admin/clients
with json body
valid json body in every aspect: 201 - created client as json body
trying to create a client with already existing client id: 409 and the following json body:
"{
""error"": ""Unable to insert or update resource because a resource with that value exists already"",
""error_description"": """"
}"
invalid json body: 400 - and a json in the {error:..., error_description:...}
format.
Invalid json body here means that some field contained a not allowed value or some field was missing from the input json.
Expected core behaviour:
{status: OK, client: {created_client_json}}
PATCH
/admin/clients/{clientId}
with jsonBody
{error: "error", error_description: "The error is unrecognizable"}
{error: "Unable to locate resource", error_description: ""}
*
as allowed_cors_origins
: 400, {error: errorMsg, error_description: errorDescriptionMsg}
replace
for an empty list instead of add
: see 1.expected core behaviour:
{status: OAUTH2_CLIENT_NOT_FOUND_ERROR}
{status: OK, client: <updated_client_from_hydra>}
Hydra /oauth2/auth endpoint behaviour:
GET
Only GET is supported. Input params are passed as query params.
Response is sent with headers. Location
and Set-Cookies
are the interesting ones for us.
{configured hydra login uri}/login...
, Set-Cookie
header with ory_hydra_login_csrf_....=...
{hydra_instance}/{error_fallback}
with query params of error
and error_description
{clients_redirect_uri}
with error
and error_description
query paramshydra_instance}/{error_fallback}
with query params of error
and error_description
Expected core behaviour:
{configured hydra login uri}
address with the string {apiDomain}
. Response in the format of {status: OK, redirectTo: {apiDomain}..., cookies: [set-cookies]}
{status: OAUTH2_AUTH_ERROR, error: <error_from_hydra>, errorDescription: <error_description_from_hydra>}
{status: OK, redirectTo: returned_redirectTo, cookies: [set-cookies]}
{status: OAUTH2_AUTH_ERROR, error: <error_from_hydra>, errorDescription: <error_description_from_hydra>}
Opened this in favour of: https://github.com/supertokens/for-zenhub/issues/108
We want to support:
Google doc discussion here:
Test case TODOs
TODO
grantType
toOAuth2TokenInfo
. The grantType field should be an enum that includes the following values: AUTH_CODE, REFRESH_TOKEN, AUTH_CODE_PKCE, and CLIENT_CREDENTIALS.query_string
field of type TEXT to auth_code and access_token tablesquery_string
param in request as well as response.buildAccessToken
andbuildIdToken
recipe functions should also return a useDynamicSigningKey arg (which will be true by default).TODOs with hydra:
ory
from the oauth code token.verifyOAuthAccessToken
, which is like getSession, but it only works for oauth access token.verifyOAuthIdToken
http://localhost.com:3005/auth/callback/ory?error=invalid_scope&error_description=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed.+The+OAuth+2.0+Client+is+not+allowed+to+request+scope+%27profilee%27.&state=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BDv%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD
redirect_uri
, but I see no strong reason to disallow it.tenant_id
query param in the auth urltenantId
queryparam when redirecting to the auth pagetenantId
queryparam and only then defaulting to usepublic
client_secret_basic
andnone
fortokenEndpointAuthMethod
(core validation)clientId
andclientSecret
not customizable (generated in the Core)skipConsent
will always be set to true in the core (removed from the interface)accessTokenStrategy
will always be set to jwt in the core (remove from the interface)subjectType
will always be set to public (remove from the interface)authorisationUrlGET
from the API interface and associated inputs from config because we expect users to use a library and to avoid the extra API call.rawUserInfoFromProvider
torawUserInfo
redirectURIOnProviderDashboard
toredirectURI
signInPOST
state
(at least 8 characters) long is required in the authorization url. As per the RFC, it is recommended but not Required. However, Hydra makes it a requirement.WWW-Authenticate: Bearer error="invalid_token", error_description="The access token expired"
header.