Skip to content

Commit

Permalink
Add AWS remote auth login (#7578)
Browse files Browse the repository at this point in the history
  • Loading branch information
idanovo authored Apr 10, 2024
1 parent 99a60cd commit 1e6647b
Show file tree
Hide file tree
Showing 83 changed files with 4,358 additions and 61 deletions.
58 changes: 58 additions & 0 deletions api/authentication.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,12 +72,24 @@ components:
type: string

responses:
BadRequest:
description: Bad Request
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
Unauthorized:
description: Unauthorized
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
Forbidden:
description: Forbidden
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
ServerError:
description: Internal Server Error
content:
Expand Down Expand Up @@ -280,6 +292,9 @@ components:
external_user_identifier:
type: string
description: external_user_identifier is the user DN in LDAP set if user exists with that username and has this password.
IdentityRequest:
type: object

StsAuthRequest:
type: object
required:
Expand All @@ -303,6 +318,15 @@ components:
additionalProperties:
type: string
description: the claims of the token returned from the provider

ExternalPrincipal:
type: object
required:
- id
properties:
id:
type: string

paths:
/ldap/login:
post:
Expand All @@ -328,6 +352,40 @@ paths:
$ref: "#/components/responses/Unauthorized"
default:
$ref: "#/components/responses/ServerError"

/auth/external/principal/login:
post:
tags:
- auth
- external
operationId: externalPrincipalLogin
summary: perform a login using an external authenticator
security: [ ]
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/IdentityRequest"
responses:
200:
description: successful external login
content:
application/json:
schema:
$ref: "#/components/schemas/ExternalPrincipal"
400:
$ref: "#/components/responses/BadRequest"
401:
$ref: "#/components/responses/Unauthorized"
403:
$ref: "#/components/responses/Forbidden"
404:
$ref: "#/components/responses/NotFound"
420:
description: too many requests
default:
$ref: "#/components/responses/ServerError"

/sts/login:
post:
tags:
Expand Down
54 changes: 51 additions & 3 deletions api/swagger.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ components:
type: apiKey
in: cookie
name: saml_auth_session

parameters:
PaginationPrefix:
in: query
Expand Down Expand Up @@ -1049,6 +1050,17 @@ components:
type: string
secret_access_key:
type: string

ExternalLoginInformation:
type: object
required:
- identityRequest
properties:
token_expiration_duration:
type: integer
identityRequest:
type: object

StsAuthRequest:
type: object
required:
Expand All @@ -1066,8 +1078,8 @@ components:
type: integer
format: int64
description: |
The time-to-live for the generated token in seconds. The maximum
value is 3600 seconds (1 hour) max is 12 hours.
The time-to-live for the generated token in seconds. The default
value is 3600 seconds (1 hour) maximum time allowed is 12 hours.
AuthenticationToken:
type: object
required:
Expand Down Expand Up @@ -1820,6 +1832,41 @@ paths:
description: too many requests
default:
$ref: "#/components/responses/ServerError"

/auth/external/principal/login:
post:
tags:
- external
- experimental
- auth
operationId: externalPrincipalLogin
summary: perform a login using an external authenticator
security: []
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/ExternalLoginInformation"
responses:
200:
description: successful external login
content:
application/json:
schema:
$ref: "#/components/schemas/AuthenticationToken"
400:
$ref: "#/components/responses/BadRequest"
401:
$ref: "#/components/responses/Unauthorized"
403:
$ref: "#/components/responses/Forbidden"
404:
$ref: "#/components/responses/NotFound"
420:
description: too many requests
default:
$ref: "#/components/responses/ServerError"

/sts/login:
post:
tags:
Expand All @@ -1842,10 +1889,11 @@ paths:
$ref: "#/components/schemas/AuthenticationToken"
401:
$ref: "#/components/responses/Unauthorized"
420:
description: too many requests
default:
$ref: "#/components/responses/ServerError"


/auth/capabilities:
get:
tags:
Expand Down
3 changes: 3 additions & 0 deletions clients/java-legacy/.openapi-generator/FILES

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions clients/java-legacy/README.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

73 changes: 71 additions & 2 deletions clients/java-legacy/api/openapi.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 1e6647b

Please sign in to comment.