{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://developer.transmitsecurity.com/schemas/oidc-authentication", "title": "Transmit Security One-Time Login Schemas", "description": "JSON Schema definitions for Transmit Security oidc-authentication API", "definitions": { "ApiLogoutResponse": { "type": "object", "properties": { "sessions_count": { "type": "number", "description": "Number of logged out sessions" } }, "required": [ "sessions_count" ] }, "BadRequestException": { "type": "object", "properties": {} }, "InvalidTokenHttpError": { "type": "object", "properties": { "message": { "type": "string", "example": "Invalid token" }, "error_code": { "type": "number", "example": 401 } }, "required": [ "message", "error_code" ] }, "ApiTokenExchangeRequestInput": { "type": "object", "properties": { "code": { "type": "string", "description": "Authorization code returned in the redirect URI as a query parameter upon successful authentication", "example": "GZxLFKTDCnlANVTxNvaWz7AIGPpXqZYSXdAwjiWRuOH" }, "client_id": { "type": "string", "description": "Client ID of the application requesting the token", "example": "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV", "maxLength": 50 }, "client_secret": { "type": "string", "description": "Client Secret of the application requesting the token", "example": "FzxvdDMbvxnc45sdfb789XCVGEW6usazxcvbw3KPsb23", "maxLength": 50 } }, "required": [ "code", "client_id", "client_secret" ] }, "ApiTokenExchangeResponse": { "type": "object", "properties": { "id_token": { "type": "string" }, "access_token": { "type": "string" }, "refresh_token": { "type": "string" }, "is_user_created": { "type": "boolean", "description": "Indicates if this is a new user or not" } }, "required": [ "id_token", "access_token", "refresh_token", "is_user_created" ] }, "BadRequestHttpError": { "type": "object", "properties": { "message": { "example": "Bad request", "type": "array", "items": { "type": "string" } }, "error_code": { "type": "number", "example": 400 } }, "required": [ "message", "error_code" ] }, "ApiSendLoginEmailInput": { "type": "object", "properties": { "email": { "type": "string", "example": "name@example.com", "description": "Email of the user" }, "redirect_uri": { "type": "string", "example": "https://www.example.com/verify", "description": "URI that will receive the authorization code. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal." }, "create_new_user": { "type": "boolean", "example": false, "description": "Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided email. If enabled, public signups must also be configured as allowed for the application.", "default": false }, "resource": { "type": "string", "description": "URI of the resource the request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application." }, "email_content": { "description": "Texts, logo and color to render email template with", "allOf": [ { "$ref": "#/components/schemas/EmailContentAttributes" } ] }, "require_mfa": { "type": "boolean", "example": true, "description": "Require multi factor authentication for this authentication request.", "default": false }, "claims": { "type": "object", "example": { "id_token": { "roles": null } }, "description": "Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the [OIDC Standard](https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter). For supported claims and how to request custom claims, see the [ID Token Reference](https://developer.transmitsecurity.com/openapi/id_token_reference/)." }, "client_attributes": { "description": "Client attributes", "allOf": [ { "$ref": "#/components/schemas/ClientAttributes" } ] }, "org_id": { "type": "string", "description": "Organization ID, used for member login in B2B scenarios" } }, "required": [ "email", "redirect_uri" ] }, "ApiSendEmailResponse": { "type": "object", "properties": { "message": { "type": "string", "example": "Email sent successfully" } }, "required": [ "message" ] }, "NotFoundHttpError": { "type": "object", "properties": { "message": { "type": "string" }, "error_code": { "type": "number", "example": 404 } }, "required": [ "message", "error_code" ] }, "ApiSendOtpEmailRequestInput": { "type": "object", "properties": { "email": { "type": "string", "example": "name@example.com", "description": "Email of the user" }, "redirect_uri": { "type": "string", "example": "https://www.example.com/verify", "description": "URI that will receive the authorization code. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal." }, "create_new_user": { "type": "boolean", "example": false, "description": "Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided email. If enabled, public signups must also be configured as allowed for the application.", "default": false }, "resource": { "type": "string", "description": "URI of the resource the request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application." }, "email_content": { "description": "Texts, logo and color to render email template with", "allOf": [ { "$ref": "#/components/schemas/EmailContentAttributes" } ] }, "require_mfa": { "type": "boolean", "example": true, "description": "Require multi factor authentication for this authentication request.", "default": false }, "claims": { "type": "object", "example": { "id_token": { "roles": null } }, "description": "Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the [OIDC Standard](https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter). For supported claims and how to request custom claims, see the [ID Token Reference](https://developer.transmitsecurity.com/openapi/id_token_reference/)." }, "client_attributes": { "description": "Client attributes", "allOf": [ { "$ref": "#/components/schemas/ClientAttributes" } ] }, "org_id": { "type": "string", "description": "Organization ID, used for member login in B2B scenarios" }, "approval_data": { "type": "object", "example": { "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT", "sum": "200" }, "description": "Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication." } }, "required": [ "email", "redirect_uri" ] }, "ApiSendOtpEmailResponse": { "type": "object", "properties": { "message": { "type": "string", "readOnly": true, "example": "OTP email sent" }, "approval_data": { "type": "object", "readOnly": true, "example": { "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT", "sum": "200" }, "description": "Approval data object, if passed in the request." } }, "required": [ "message" ] }, "ApiValidateAuthEmailOtpInput": { "type": "object", "properties": { "email": { "type": "string", "description": "Email that the OTP was sent to" }, "passcode": { "type": "string", "description": "Email code to validate" }, "response_type": { "type": "string", "description": "Response type requested for the authentication flow.", "default": "code", "enum": [ "code", "id_token" ] }, "nonce": { "type": "string", "description": "A random value that will associate the client request with the ID token, and used to mitigate replay attacks. It will be added to the ID token and the backend service should only accept ID tokens that include the same nonce value as the one included in the original request." } }, "required": [ "email", "passcode" ] }, "RedirectUriResponse": { "type": "object", "properties": { "result": { "type": "string", "readOnly": true, "description": "URI used to complete the flow. Sending a GET request to this URI will redirect the browser to your redirect URI with a code to exchange for user tokens." } }, "required": [ "result" ] }, "ApiSendAuthSmsOtpInput": { "type": "object", "properties": { "custom_message": { "type": "string", "description": "Message to send, must contain {otp} and {app} placeholders to be replaced with one time password and application name. Limited to 140 characters" }, "sender_id": { "type": "string", "description": "The sender name that appears as the message sender on recipients devices. Limited to 11 characters. Limited support see https://docs.aws.amazon.com/sns/latest/dg/sns-supported-regions-countries.html" }, "phone_number": { "type": "string", "description": "Phone number to send the OTP to" }, "create_new_user": { "type": "boolean", "description": "Indicates whether to create a new user at the end of the authentication flow if a user is not found for the provided phone number. If enabled, public signups must also be configured as allowed for the application.", "default": false }, "redirect_uri": { "type": "string", "description": "URI that will receive the authorization code once the SMS OTP is validated. This is the server GET endpoint used to call the token endpoint, and should accept 'code' as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal" }, "require_mfa": { "type": "boolean", "example": true, "default": false, "description": "Require multi factor authentication for this authentication request." }, "claims": { "type": "object", "example": { "id_token": { "roles": null } }, "description": "Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the [OIDC Standard](https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter). For supported claims and how to request custom claims, see the [ID Token Reference](https://developer.transmitsecurity.com/openapi/id_token_reference/)." }, "approval_data": { "type": "object", "example": { "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT", "sum": "200" }, "description": "Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication." }, "org_id": { "type": "string", "description": "Organization ID, used for member login in B2B scenarios" } }, "required": [ "phone_number", "create_new_user", "redirect_uri" ] }, "ApiSendAuthSmsResponse": { "type": "object", "properties": { "message": { "type": "string", "readOnly": true, "example": "SMS sent" }, "approval_data": { "type": "object", "readOnly": true, "example": { "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT", "sum": "200" }, "description": "Approval data object, if passed in the request." } }, "required": [ "message" ] }, "ApiValidateAuthSmsOtpInput": { "type": "object", "properties": { "phone_number": { "type": "string", "description": "Phone number that the SMS OTP was sent to" }, "passcode": { "type": "string", "description": "OTP to validate" }, "response_type": { "type": "string", "description": "Response type requested for the authentication flow.", "default": "code", "enum": [ "code", "id_token" ] }, "nonce": { "type": "string", "description": "A random value that will associate the client request with the ID token, and used to mitigate replay attacks. It will be added to the ID token and the backend service should only accept ID tokens that include the same nonce value as the one included in the original request." } }, "required": [ "phone_number", "passcode" ] }, "EmailContentAttributes": { "type": "object", "properties": { "subject": { "type": "string", "description": "The subject of the email" }, "primaryColor": { "type": "string", "example": "#6981FF", "description": "Primary color of the email, specified as a Hex color" }, "base64logo": { "type": "string", "description": "Base64 encoded image for email logo. The string length must be less than or equal to 20000 characters" }, "headerText": { "type": "string", "description": "The header of the email" }, "bodyText": { "type": "string", "description": "The body of the email" }, "linkText": { "type": "string", "description": "The text of the link button in the email" }, "infoText": { "type": "string", "description": "Any extra information in the email" }, "footerText": { "type": "string", "example": "If you didn't request this email, you can safely ignore it.", "description": "The footer of the email" }, "senderName": { "type": "string", "description": "Name of the sender of the email" } }, "required": [ "subject" ] }, "ClientAttributes": { "type": "object", "properties": { "user_agent": { "type": "string" }, "ip_address": { "type": "string" } } } } }