# Copyright 2019 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
swagger: '2.0'
info:
  title: "Matrix Identity Service Authentication API"
  version: "2.0.0"
host: localhost:8090
schemes:
  - https
basePath: /_matrix/identity/v2
consumes:
  - application/json
produces:
  - application/json
securityDefinitions:
  $ref: definitions/security.yaml
paths:
  "/account/register":
    post:
      summary: Exchanges an OpenID token for an access token.
      description: |-
        Exchanges an OpenID token from the homeserver for an access token to
        access the identity server. The request body is the same as the values
        returned by ``/openid/request_token`` in the Client-Server API.
      operationId: registerAccount
      parameters:
        - in: body
          name: body
          schema:
            $ref: "../client-server/definitions/openid_token.yaml"
      responses:
        200:
          description: |-
            A token which can be used to authenticate future requests to the
            identity server.
          examples:
            application/json: {
              "token": "abc123_OpaqueString"
            }
          schema:
            type: object
            properties:
              token:
                type: string
                description: |-
                  An opaque string representing the token to authenticate future
                  requests to the identity server with.
            required: ['token']
  "/account":
    get:
      summary: Gets account holder information for a given token.
      description: |-
        Gets information about what user owns the access token used in the request.
      operationId: getAccount
      security:
        - accessToken: []
      parameters: []
      responses:
        200:
          description: The token holder's information.
          examples:
            application/json: {
              "user_id": "@alice:example.org"
            }
          schema:
            type: object
            properties:
              user_id:
                type: string
                description: The user ID which registered the token.
            required: ['user_id']
        403:
          description: |
            The user must do something in order to use this endpoint. One example
            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
          examples:
            application/json: {
              "errcode": "M_TERMS_NOT_SIGNED",
              "error": "Please accept our updated terms of service before continuing"
            }
          schema:
            $ref: "../client-server/definitions/errors/error.yaml"
  "/account/logout":
    post:
      summary: Logs out an access token, rendering it unusable.
      description: |-
        Logs out the access token, preventing it from being used to authenticate
        future requests to the server.
      operationId: logout
      security:
        - accessToken: []
      parameters: []
      responses:
        200:
          description: The token was successfully logged out.
          examples:
            application/json: {}
          schema:
            type: object
        401:
          description: |-
            The token is not registered or is otherwise unknown to the server.
          examples:
            application/json: {
              "errcode": "M_UNKNOWN_TOKEN",
              "error": "Unrecognised access token"
            }
          schema:
            $ref: "../client-server/definitions/errors/error.yaml"
        403:
          description: |
            The user must do something in order to use this endpoint. One example
            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
          examples:
            application/json: {
              "errcode": "M_TERMS_NOT_SIGNED",
              "error": "Please accept our updated terms of service before continuing"
            }
          schema:
            $ref: "../client-server/definitions/errors/error.yaml"