diff --git a/spec/passkey-server.yaml b/spec/passkey-server.yaml
index 5a9dde8..be409fd 100644
--- a/spec/passkey-server.yaml
+++ b/spec/passkey-server.yaml
@@ -2,7 +2,6 @@ openapi: 3.1.0
info:
version: '1.0'
title: passkey-server
- summary: 'OpenAPI Spec for creating, managing and using passkeys'
description: 'This API shall represent the private and public endpoints for passkey registration, management and authentication'
termsOfService: 'https://www.hanko.io/terms'
contact:
@@ -323,7 +322,7 @@ components:
format: uuid
minLength: 36
maxLength: 36
- examples:
+ example:
- 1f496bcd-49da-4839-a02f-7ce681cdaaaa
tenant_id:
name: tenant_id
@@ -335,7 +334,7 @@ components:
format: uuid
minLength: 36
maxLength: 36
- examples:
+ example:
- 1f496bcd-49da-4839-a02f-7ce681ccb488
X-API-KEY:
name: apiKey
@@ -369,13 +368,9 @@ components:
type: string
maxLength: 128
icon:
- type:
- - string
- - 'null'
+ type: string
display_name:
- type:
- - string
- - 'null'
+ type: string
maxLength: 128
required:
- user_id
@@ -391,9 +386,7 @@ components:
response:
$ref: '#/components/schemas/authenticator-attestation-response'
transports:
- type:
- - array
- - 'null'
+ type: array
uniqueItems: true
items:
type: string
@@ -409,8 +402,21 @@ components:
properties:
response:
$ref: '#/components/schemas/autenticator-assertion-response'
+ clientExtensionResults:
+ type: object
+ properties:
+ appid:
+ type: boolean
+ appidExclude:
+ type: boolean
+ credProps:
+ type: object
+ properties:
+ rk:
+ type: boolean
required:
- response
+ - clientExtensionResults
post-transaction-initialize:
content:
application/json:
@@ -443,9 +449,7 @@ components:
id:
type: string
name:
- type:
- - string
- - 'null'
+ type: string
public_key:
type: string
attestation_type:
@@ -456,9 +460,7 @@ components:
minLength: 36
maxLength: 36
last_used_at:
- type:
- - string
- - 'null'
+ type: string
format: date-time
created_at:
type: string
@@ -491,21 +493,15 @@ components:
type: object
properties:
title:
- type:
- - string
- - 'null'
- examples:
+ type: string
+ example:
- explanatory title
details:
- type:
- - string
- - 'null'
- examples:
+ type: string
+ example:
- Information which helps resolving the problem
status:
- type:
- - integer
- - 'null'
+ type: integer
post-registration-initialize:
description: Example response
content:
@@ -515,43 +511,46 @@ components:
properties:
publicKey:
type: object
- additionalProperties: false
properties:
rp:
$ref: '#/components/schemas/relying-party-entity'
user:
- $ref: '#/components/schemas/user-entity'
+ $ref: '#/components/schemas/public-key-user'
challenge:
type: string
pubKeyCredParams:
- type:
- - array
- - 'null'
+ type: array
items:
$ref: '#/components/schemas/credential-parameter-entity'
timeout:
- type:
- - integer
- - 'null'
+ type: integer
excludeCredentials:
- type:
- - array
- - 'null'
+ type: array
items:
$ref: '#/components/schemas/credential-descriptor-entity'
authenticatorSelection:
$ref: '#/components/schemas/authentication-selection-entity'
attestation:
type: string
+ enum:
+ - direct
+ - enterprise
+ - indirect
+ - none
extensions:
- type: array
- uniqueItems: true
- items:
- type: object
+ type: object
+ properties:
+ appid:
+ type: string
+ appidExclude:
+ type: string
+ credProps:
+ type: boolean
required:
- rp
- user
- challenge
+ - pubKeyCredParams
required:
- publicKey
post-login-initialize:
@@ -563,48 +562,49 @@ components:
properties:
publicKey:
type: object
- additionalProperties: false
properties:
challenge:
type: string
timeout:
- type:
- - integer
- - 'null'
- format: int32
+ type: integer
rpId:
- type:
- - string
- - 'null'
+ type: string
allowCredentials:
- type:
- - array
- - 'null'
+ type: array
items:
- type: string
+ $ref: '#/components/schemas/credential-descriptor-entity'
userVerification:
- type:
- - string
- - 'null'
+ type: string
+ enum:
+ - discouraged
+ - preferred
+ - required
extensions:
- type:
- - array
- - 'null'
- uniqueItems: true
- items:
- type: object
- additionalProperties: false
+ type: object
+ properties:
+ appid:
+ type: boolean
+ appidExclude:
+ type: boolean
+ credProps:
+ type: object
+ properties:
+ rk:
+ type: boolean
required:
- challenge
- required:
- - publicKey
+ mediation:
+ type: string
+ enum:
+ - optional
+ - required
+ - silent
jwks:
description: Example response
content:
application/json:
schema:
type: object
- additionalProperties: false
properties:
keys:
type: array
@@ -617,23 +617,23 @@ components:
alg:
type: string
readOnly: true
- examples:
+ example:
- RS256
e:
type: string
readOnly: true
- examples:
+ example:
- AAAA
kid:
type: string
format: uuid
readOnly: true
- examples:
+ example:
- 483b2499-1ed7-4325-94e3-97e8118ceee9
kty:
type: string
readOnly: true
- examples:
+ example:
- RSA
'n':
type: string
@@ -641,7 +641,7 @@ components:
use:
type: string
readOnly: true
- examples:
+ example:
- sig
minProperties: 6
minProperties: 1
@@ -651,7 +651,6 @@ components:
application/json:
schema:
type: object
- additionalProperties: false
properties:
token:
type: string
@@ -665,10 +664,12 @@ components:
properties:
rawId:
type: string
- clientExtensionResults:
- type: object
authenticatorAttachment:
type: string
+ enum:
+ - cross-platform
+ - platform
+ - null
required:
- rawId
credential:
@@ -678,7 +679,8 @@ components:
id:
type: string
type:
- type: string
+ enum:
+ - public-key
required:
- id
- type
@@ -691,9 +693,7 @@ components:
attestationObject:
type: string
transports:
- type:
- - array
- - 'null'
+ type: array
uniqueItems: true
items:
type: string
@@ -718,9 +718,7 @@ components:
signature:
type: string
userHandle:
- type:
- - string
- - 'null'
+ type: string | null
required:
- authenticatorData
- signature
@@ -731,8 +729,6 @@ components:
properties:
id:
type: string
- required:
- - id
- $ref: '#/components/schemas/credential-entity'
credential-entity:
type: object
@@ -740,32 +736,29 @@ components:
properties:
name:
type: string
- icon:
- type:
- - string
- - 'null'
required:
- name
- user-entity:
- title: user-entity
- allOf:
- - type: object
- properties:
- id:
- type: string
- displayName:
- type:
- - string
- - 'null'
- required:
- - id
- - $ref: '#/components/schemas/credential-entity'
+ public-key-user:
+ type: object
+ title: public-key-user
+ properties:
+ id:
+ type: string
+ displayName:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - displayName
+ - name
credential-parameter-entity:
type: object
title: credential-parameter-entity
properties:
type:
- type: string
+ enum:
+ - public-key
alg:
type: integer
format: int32
@@ -777,16 +770,21 @@ components:
title: credential-descriptor-entity
properties:
type:
- type: string
+ enum:
+ - public-key
id:
type: string
transports:
- type:
- - array
- - 'null'
+ type: array
uniqueItems: true
items:
type: string
+ enum:
+ - ble
+ - hybrid
+ - internal
+ - nfc
+ - usb
required:
- type
- id
@@ -795,19 +793,22 @@ components:
title: authentication-selection-entity
properties:
authenticatorAttachement:
- type:
- - string
- - 'null'
+ type: string
+ enum:
+ - cross-platform
+ - platform
requireResidentKey:
- type:
- - boolean
- - 'null'
+ type: boolean
default: false
residentKey:
- type:
- - string
- - 'null'
+ type: string
+ enum:
+ - discouraged
+ - preferred
+ - required
userVerification:
- type:
- - string
- - 'null'
+ type: string
+ enum:
+ - discouraged
+ - preferred
+ - required