hhs-ams config spec added to docs

HHS · May 9, 2023 · e2fe5f0 · e2fe5f0
1 parent 5d3a51a
commit e2fe5f0
Show file tree

Hide file tree

Showing 2 changed files with 310 additions and 8 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": null,
     "lines": null
   },
-  "generated_at": "2023-04-21T18:54:27Z",
+  "generated_at": "2023-05-09T15:13:27Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -89,7 +89,7 @@
     ],
     "backend/data_tools/Pipfile.lock": [
       {
-        "hashed_secret": "623ed3eee32ee75624c8bae57a810e70cb20bfec",
+        "hashed_secret": "f930856702ab3f1644ca9534a6b0ddb5e1d3a0de",
         "is_secret": false,
         "is_verified": false,
         "line_number": 4,
@@ -99,14 +99,16 @@
     ],
     "backend/ops_api/.secrets.baseline": [
       {
-        "hashed_secret": "422802c4680dc943c8a5dcd6e9b919dd9c713b4f",
+        "hashed_secret": "7dad2b86f75c01a448296a9b65378a044968cb24",
+        "is_secret": false,
         "is_verified": false,
         "line_number": 82,
         "type": "Hex High Entropy String",
         "verified_result": null
       },
       {
-        "hashed_secret": "422802c4680dc943c8a5dcd6e9b919dd9c713b4f",
+        "hashed_secret": "7dad2b86f75c01a448296a9b65378a044968cb24",
+        "is_secret": false,
         "is_verified": false,
         "line_number": 82,
         "type": "Secret Keyword",
@@ -131,7 +133,7 @@
     ],
     "backend/ops_api/Pipfile.lock": [
       {
-        "hashed_secret": "d5af014cd9290561e5e8b07a5d80e52735a2d739",
+        "hashed_secret": "5defba270013df8c61969709123850c33dbc4492",
         "is_secret": false,
         "is_verified": false,
         "line_number": 4,
@@ -152,7 +154,7 @@
     "backend/ops_api/ops/environment/default_settings.py": [
       {
         "hashed_secret": "60ca8b161ee50e40662c3664e2701456e7eae82b",
-        "is_secret": false,
+        "is_secret": true,
         "is_verified": false,
         "line_number": 6,
         "type": "Basic Auth Credentials",
@@ -162,7 +164,7 @@
     "docker-compose.e2e.yml": [
       {
         "hashed_secret": "60ca8b161ee50e40662c3664e2701456e7eae82b",
-        "is_secret": false,
+        "is_secret": true,
         "is_verified": false,
         "line_number": 12,
         "type": "Secret Keyword",
@@ -172,7 +174,7 @@
     "docker-compose.yml": [
       {
         "hashed_secret": "60ca8b161ee50e40662c3664e2701456e7eae82b",
-        "is_secret": false,
+        "is_secret": true,
         "is_verified": false,
         "line_number": 12,
         "type": "Secret Keyword",
@@ -189,6 +191,16 @@
         "verified_result": null
       }
     ],
+    "docs/hhs-ams.json": [
+      {
+        "hashed_secret": "87b3c620c1596bf09b00fe195a2e9a332c9db193",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 18,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "frontend/cypress.config.js": [
       {
         "hashed_secret": "d31a51d0c476d055d9ba7c2559fa92185975e49a",

diff --git a/docs/hhs-ams.json b/docs/hhs-ams.json
@@ -0,0 +1,290 @@
+{
+    "issuer": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO",
+    "authorization_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/auth",
+    "token_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/token",
+    "introspection_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/token/introspect",
+    "userinfo_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/userinfo",
+    "end_session_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/logout",
+    "frontchannel_logout_session_supported": true,
+    "frontchannel_logout_supported": true,
+    "jwks_uri": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/certs",
+    "check_session_iframe": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/login-status-iframe.html",
+    "grant_types_supported": [
+        "authorization_code",
+        "implicit",
+        "refresh_token",
+        "password",
+        "client_credentials",
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:openid:params:grant-type:ciba"
+    ],
+    "acr_values_supported": [
+        "0",
+        "1"
+    ],
+    "response_types_supported": [
+        "code",
+        "none",
+        "id_token",
+        "token",
+        "id_token token",
+        "code id_token",
+        "code token",
+        "code id_token token"
+    ],
+    "subject_types_supported": [
+        "public",
+        "pairwise"
+    ],
+    "id_token_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "HS256",
+        "HS512",
+        "ES256",
+        "RS256",
+        "HS384",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512"
+    ],
+    "id_token_encryption_alg_values_supported": [
+        "RSA-OAEP",
+        "RSA-OAEP-256",
+        "RSA1_5"
+    ],
+    "id_token_encryption_enc_values_supported": [
+        "A256GCM",
+        "A192GCM",
+        "A128GCM",
+        "A128CBC-HS256",
+        "A192CBC-HS384",
+        "A256CBC-HS512"
+    ],
+    "userinfo_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "HS256",
+        "HS512",
+        "ES256",
+        "RS256",
+        "HS384",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512",
+        "none"
+    ],
+    "userinfo_encryption_alg_values_supported": [
+        "RSA-OAEP",
+        "RSA-OAEP-256",
+        "RSA1_5"
+    ],
+    "userinfo_encryption_enc_values_supported": [
+        "A256GCM",
+        "A192GCM",
+        "A128GCM",
+        "A128CBC-HS256",
+        "A192CBC-HS384",
+        "A256CBC-HS512"
+    ],
+    "request_object_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "HS256",
+        "HS512",
+        "ES256",
+        "RS256",
+        "HS384",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512",
+        "none"
+    ],
+    "request_object_encryption_alg_values_supported": [
+        "RSA-OAEP",
+        "RSA-OAEP-256",
+        "RSA1_5"
+    ],
+    "request_object_encryption_enc_values_supported": [
+        "A256GCM",
+        "A192GCM",
+        "A128GCM",
+        "A128CBC-HS256",
+        "A192CBC-HS384",
+        "A256CBC-HS512"
+    ],
+    "response_modes_supported": [
+        "query",
+        "fragment",
+        "form_post",
+        "query.jwt",
+        "fragment.jwt",
+        "form_post.jwt",
+        "jwt"
+    ],
+    "registration_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/clients-registrations/openid-connect",
+    "token_endpoint_auth_methods_supported": [
+        "private_key_jwt",
+        "client_secret_basic",
+        "client_secret_post",
+        "tls_client_auth",
+        "client_secret_jwt"
+    ],
+    "token_endpoint_auth_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "HS256",
+        "HS512",
+        "ES256",
+        "RS256",
+        "HS384",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512"
+    ],
+    "introspection_endpoint_auth_methods_supported": [
+        "private_key_jwt",
+        "client_secret_basic",
+        "client_secret_post",
+        "tls_client_auth",
+        "client_secret_jwt"
+    ],
+    "introspection_endpoint_auth_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "HS256",
+        "HS512",
+        "ES256",
+        "RS256",
+        "HS384",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512"
+    ],
+    "authorization_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "HS256",
+        "HS512",
+        "ES256",
+        "RS256",
+        "HS384",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512"
+    ],
+    "authorization_encryption_alg_values_supported": [
+        "RSA-OAEP",
+        "RSA-OAEP-256",
+        "RSA1_5"
+    ],
+    "authorization_encryption_enc_values_supported": [
+        "A256GCM",
+        "A192GCM",
+        "A128GCM",
+        "A128CBC-HS256",
+        "A192CBC-HS384",
+        "A256CBC-HS512"
+    ],
+    "claims_supported": [
+        "aud",
+        "sub",
+        "iss",
+        "auth_time",
+        "name",
+        "given_name",
+        "family_name",
+        "preferred_username",
+        "email",
+        "acr"
+    ],
+    "claim_types_supported": [
+        "normal"
+    ],
+    "claims_parameter_supported": true,
+    "scopes_supported": [
+        "openid",
+        "phone",
+        "address",
+        "roles",
+        "web-origins",
+        "offline_access",
+        "profile",
+        "acr",
+        "email",
+        "microprofile-jwt"
+    ],
+    "request_parameter_supported": true,
+    "request_uri_parameter_supported": true,
+    "require_request_uri_registration": true,
+    "code_challenge_methods_supported": [
+        "plain",
+        "S256"
+    ],
+    "tls_client_certificate_bound_access_tokens": true,
+    "revocation_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/revoke",
+    "revocation_endpoint_auth_methods_supported": [
+        "private_key_jwt",
+        "client_secret_basic",
+        "client_secret_post",
+        "tls_client_auth",
+        "client_secret_jwt"
+    ],
+    "revocation_endpoint_auth_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "HS256",
+        "HS512",
+        "ES256",
+        "RS256",
+        "HS384",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512"
+    ],
+    "backchannel_logout_supported": true,
+    "backchannel_logout_session_supported": true,
+    "device_authorization_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/auth/device",
+    "backchannel_token_delivery_modes_supported": [
+        "poll",
+        "ping"
+    ],
+    "backchannel_authentication_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/ext/ciba/auth",
+    "backchannel_authentication_request_signing_alg_values_supported": [
+        "PS384",
+        "ES384",
+        "RS384",
+        "ES256",
+        "RS256",
+        "ES512",
+        "PS256",
+        "PS512",
+        "RS512"
+    ],
+    "require_pushed_authorization_requests": false,
+    "pushed_authorization_request_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/ext/par/request",
+    "mtls_endpoint_aliases": {
+        "token_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/token",
+        "revocation_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/revoke",
+        "introspection_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/token/introspect",
+        "device_authorization_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/auth/device",
+        "registration_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/clients-registrations/openid-connect",
+        "userinfo_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/userinfo",
+        "pushed_authorization_request_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/ext/par/request",
+        "backchannel_authentication_endpoint": "https://sso-stage.acf.hhs.gov/auth/realms/ACF-SSO/protocol/openid-connect/ext/ciba/auth"
+    }
+}