# Copyright 2017 Kamax.io
# Copyright 2018 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

swagger: '2.0'
info:
  title: "Matrix Federation OpenID API"
  version: "1.0.0"
host: localhost:8448
schemes:
  - https
basePath: /_matrix/federation/v1
produces:
  - application/json
paths:
  "/openid/userinfo":
    get:
      summary: Exchange an OpenID token for user information
      description: |-
        Exchanges an OpenID access token for information about the user
        who generated the token. Currently this only exposes the Matrix
        User ID of the owner.
      operationId: exchangeOpenIdToken
      parameters:
        - in: path
          name: access_token
          type: string
          description: |-
            The OpenID access token to get information about the owner for.
          required: true
          x-example: SomeT0kenHere
      responses:
        200:
          description: |-
            Information about the user who generated the OpenID access token.
          schema:
            type: object
            properties:
              sub:
                type: string
                description: The Matrix User ID who generated the token.
                example: "@alice:example.com"
            required: ['sub']
        401:
          description: The token was not recognized or has expired.
          schema:
            $ref: "../client-server/definitions/errors/error.yaml"
          examples:
            application/json: {
              "errcode": "M_UNKNOWN_TOKEN",
              "error": "Access token unknown or expired"
            }