apiVersion: naftiko.io/v1alpha1
kind: Capability
metadata:
  name: banno-authentication-framework
  title: Banno Authentication Framework
  provider: jack-henry
  api: banno-authentication-framework
  description: >-
    OAuth 2.0 + OpenID Connect identity surface for Banno. Issues access,
    identity, and refresh tokens; powers the permissions flow that enforces
    scopes on every Consumer and Admin API endpoint.
  tags:
    - Authentication
    - OAuth
    - OpenID Connect
    - Identity
spec:
  baseUrl: https://api.banno.com
  auth:
    type: openIdConnect
    discoveryUrl: https://api.banno.com/a/oidc/.well-known/openid-configuration
  operations:
    - id: getDiscovery
      title: Get OpenID Connect Discovery Document
      method: GET
      path: /a/oidc/.well-known/openid-configuration
    - id: getJwks
      title: Get JWKS
      method: GET
      path: /a/oidc/.well-known/jwks.json
    - id: authorize
      title: Authorize OAuth Request
      method: GET
      path: /a/oidc/authorize
    - id: exchangeToken
      title: Exchange Token
      method: POST
      path: /a/oidc/token
    - id: getUserInfo
      title: Get UserInfo
      method: GET
      path: /a/oidc/userinfo