openapi: 3.0.1 info: title: Authentication Demo description: Demonstrate various authentication methods supported by RapiDoc servers: - url: https://reqres.in/api/ - url: https://graph.microsoft.com/V1.0 description: Uses OAuth Flows paths: /users/{userId}: get: description: One User from reqres.in (No Security) parameters: - in: path name: userId schema: type: integer example: 3 required: true description: Numeric ID of the user to get /users: get: description: Users from MS-Active (OAuth Security) security: - ms-oauth: /fake-api-that-need-multiple-security-1: get: description: API that needs 2 API Keys security: - api_key1: [] api_key2: [] /fake-api-that-need-one-security-out-of-two: get: description: API that any one API Key from the list of 2 security: - api_key1: [] - api_key2: [] /fake-api-that-need-basic-and-apikey: get: description: API that need API Key and HTTP Basic security: - http-basic: [] - http-bearer: [] /fake-api-that-with-complex-security: get: description: API with a complex security requirements security: - ms-oauth: - User.ReadBasic.All - Directory.Read.All - http-basic: [] - api_key_cookie: [] - api_key1: [] api_key2: [] components: securitySchemes: http-basic: type: http scheme: basic http-bearer: type: http scheme: bearer api_key1: type: apiKey name: Authorization in: header api_key2: type: apiKey name: specialKey in: header api_key_cookie: description: API Key that should be sent in cookie authorization filters. type: apiKey name: api_key_cookie in: cookie ms-oauth: type: oauth2 description: | ### IMPORTANT !!! Works only when client (`this html`) is served from `http://localhost:8080/...` because the registered client has a redirect url pointing to `http://localhost:8080/examples/oauth-receiver.html` In order to experiment with OAuth system you can do the floowing 1. Signup with https://portal.azure.com/ if you havent already 2. Register an app with Microsoft Azure (Instructions: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) - Registering an App will generate a `client-id` and `client-secret`. Anyone who has this can make calls to the API 3. Create some users in MS Active Directory 4. Provide permissions to your APP to access MS Graph API which allow you to query the users from MS Active Directory **OAUTH FLOWS** - There are 4 different OAuth flows. checkout how various oauth flows utilizes `client-id` and `client-secret` - **Authorization Code** - Requires `client-id` and `client-secret` - **Client Credentials** - Requires `client-id` and `client-secret` - **Implicit** - Requires only `client-id` - **Password** - Requires `username` and `password` _deprecated in oauth 2.0_ --- x-client-id: 0801ecad-97a5-4bed-bd5e-0528afecc1d6 flows: authorizationCode: authorizationUrl: https://login.microsoftonline.com/546ffd36-88d5-494c-b126-57cc823bb5ea/oauth2/v2.0/authorize tokenUrl: https://login.microsoftonline.com/546ffd36-88d5-494c-b126-57cc823bb5ea/oauth2/v2.0/token scopes: https://graph.microsoft.com/User.ReadBasic.All: Read logged users basic info https://graph.microsoft.com/User.Read.All: Read logged users data https://graph.microsoft.com/Directory.Read.All: Read User list from directory clientCredentials: tokenUrl: https://login.microsoftonline.com/546ffd36-88d5-494c-b126-57cc823bb5ea/oauth2/v2.0/token scopes: https://graph.microsoft.com/User.ReadBasic.All: Read logged users basic info https://graph.microsoft.com/User.Read.All: Read logged users data implicit: authorizationUrl: https://login.microsoftonline.com/546ffd36-88d5-494c-b126-57cc823bb5ea/oauth2/v2.0/authorize scopes: https://graph.microsoft.com/User.ReadBasic.All: Read logged users basic info https://graph.microsoft.com/User.Read.All: Read logged users data password: okenUrl: https://login.microsoftonline.com/546ffd36-88d5-494c-b126-57cc823bb5ea/oauth2/v2.0/token scopes: https://graph.microsoft.com/User.ReadBasic.All: Read logged users basic info https://graph.microsoft.com/User.Read.All: Read logged users data