fix: sync discovery schema/spec with IETF-RFC.md #317
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| { | ||
| // Discovery schema for OCM API Discovery (JSON Schema, JSONC for comments). | ||
|
Member
There was a problem hiding this comment. Do we really need to add comments here? This is possibly to be brought to the WG chairs, also to understand how to evolve the spec and keep things aligned between the I-D, the OpenAPI file and the JSON schemas here. Maybe I'd take this change out of the PR as the rest is pretty much good to go, and then we discuss this on its own. |
||
| // | ||
| // Content source of truth: IETF-RFC.md (this repo). | ||
| // | ||
| // Mixed URL forms (per draft wording): | ||
| // - inviteAcceptDialog is a URL path (starts with "/"), resolved at the server origin. | ||
| // - tokenEndPoint is a URL (typically https://...) of the token exchange endpoint. | ||
| // | ||
| "title": "OCM API Discovery", | ||
| "$schema": "https://json-schema.org/draft/2020-12/schema", | ||
| "type": "object", | ||
| "properties": { | ||
| "enabled": { "type": "boolean" }, | ||
| "apiVersion": { "type": "string" }, | ||
| "endPoint": { "type": "string", "format": "uri" }, | ||
| "provider": { "type": "string" }, | ||
| "resourceTypes": { | ||
| "type": "array", | ||
| "items": { "$ref": "#/$defs/resourceType" } | ||
| }, | ||
| "capabilities": { | ||
| "type": "array", | ||
| "description": "Optional capability tokens (for example: enforce-mfa, exchange-token, http-sig, invites, invite-wayf, notifications, protocol-object, webdav-uri).", | ||
| "items": { "type": "string" } | ||
| }, | ||
| "criteria": { | ||
| "type": "array", | ||
| "description": "Optional criteria tokens (for example: http-request-signatures, token-exchange, denylist, allowlist, invite).", | ||
| "items": { "type": "string" } | ||
| }, | ||
| "publicKey": { "$ref": "#/$defs/publicKeyLegacy" }, | ||
| "publicKeys": { | ||
| "type": "array", | ||
| "description": "Optional public keys for RFC 9421 HTTP Message Signatures (see IETF-RFC.md).", | ||
| "items": { "$ref": "#/$defs/publicKeyRfc9421" } | ||
| }, | ||
| "inviteAcceptDialog": { | ||
| "type": "string", | ||
| "pattern": "^/", | ||
| "description": "URL path of a web page where a user can accept an invite (see IETF-RFC.md)." | ||
| }, | ||
| "tokenEndPoint": { | ||
| "type": "string", | ||
| "format": "uri", | ||
| "pattern": "^https?://", | ||
| "description": "URL of the token exchange endpoint (see IETF-RFC.md)." | ||
| } | ||
| }, | ||
| "required": ["enabled", "apiVersion", "endPoint", "resourceTypes"], | ||
| "$defs": { | ||
| "resourceType": { | ||
| "properties": { | ||
| "name": { "type": "string" }, | ||
| "shareTypes": { "type": "array" }, | ||
| "protocols": { "$ref": "#/$defs/protocols" } | ||
| }, | ||
| "required": ["name", "shareTypes", "protocols"] | ||
| }, | ||
| "protocols": { | ||
| "type": "object", | ||
| "minProperties": 1, | ||
| "description": "Additional protocols besides 'webdav', 'webapp' and 'ssh' may be defined.", | ||
| "properties": { | ||
| "webdav": { "type": "string", "pattern": "^/" }, | ||
| "webapp": { "type": "string", "pattern": "^/" }, | ||
| "ssh": { "type": "string" } | ||
| } | ||
| }, | ||
| "publicKeyLegacy": { | ||
| "type": "object", | ||
| "properties": { | ||
| "keyId": { "type": "string" }, | ||
| "publicKeyPem": { "type": "string" } | ||
| }, | ||
| "required": ["keyId", "publicKeyPem"] | ||
| }, | ||
| "publicKeyRfc9421": { | ||
| "type": "object", | ||
| "properties": { | ||
| "keyId": { "type": "string" }, | ||
| "publicKeyPem": { "type": "string" }, | ||
| "algorithm": { "type": "string" } | ||
| }, | ||
| "required": ["keyId", "publicKeyPem", "algorithm"] | ||
| } | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -448,7 +448,7 @@ components: | |
| type: array | ||
| description: > | ||
| Array of public keys for RFC 9421 HTTP Message Signatures. | ||
| Servers advertising the "http-sig" capability MUST provide this field. | ||
| Clients SHOULD prefer RFC 9421 signatures when this capability is present. | ||
| items: | ||
| type: object | ||
|
|
@@ -482,7 +482,7 @@ components: | |
| type: string | ||
| format: uri | ||
| description: > | ||
| Optional URL of the Token Exchange endpoint to obtain bearer tokens in exchange for codes. | ||
| If the `exchange-token` capability is exposed, the tokenEndPoint MUST be advertised in the discovery response. | ||
|
|
||
| **Token Exchange API:** | ||
|
|
@@ -499,7 +499,7 @@ components: | |
| - 400: Token denied (application/json with Error schema) | ||
|
|
||
| See TokenRequest and TokenResponse schemas for the complete data structure. | ||
| example: https://cloud.example.org/ocm/token | ||
| inviteAcceptDialog: | ||
| type: string | ||
| description: > | ||
|
|
@@ -789,7 +789,7 @@ components: | |
| sharedSecret: hfiuhworzwnur98d3wjiwhr | ||
| viewMode: read | ||
| ssh: | ||
| accessTypes: ['datatx'] | ||
| uri: [email protected]:/7c084226-d9a1-11e6-bf26-cec0c932ce01 | ||
| NewNotification: | ||
| type: object | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Happy to see this diagram updated :) the concern is whether to put some
...and refer to the single source of truth in the same document, to avoid this part to drift?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I'll do it!