#
# Copyright (C) 2015 The Gravitee team (http://gravitee.io)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

swagger: '2.0'
info:
  description: >-
    Gravitee.io - Access Management - CIBA 1.0 API.
    Defines The interface that must be implemented by an external service in order to manage the Authentication Device Notification.
  version: 2.10.x
  title: Gravitee.io - Access Management - CIBA 1.0 API
  contact:
    email: contact@graviteesource.com
  license:
    name: Apache 2.0
    url: 'http://www.apache.org/licenses/LICENSE-2.0.html'
host: auth.gravitee.io
schemes:
- https
paths:
  /send:
    post:
      tags:
      - CIBA 1.0
      summary: Request an out-of-band authentication of the end-user.
      description: This endpoint will be contacted by AccessManagement to send an authentication notification to the end-user.
      consumes:
        - application/x-www-form-urlencoded
      parameters:
      - in: formData
        name: tid
        description: The unique identifier to the request
        required: true
        type: string
      - in: formData
        name: state
        description: A Signed JWT that must be send back to the AccessManagement callback to trust the response
        required: true
        type: string
      - in: formData
        name: subject
        description: The user identifier
        required: true
        type: string
      - in: formData
        name: scope
        description: The scope of the access request as described by Section 3.3 of the OAuth 2.0 Authorization Framework (may appear multiple time)
        required: true
        type: string
      - in: formData
        name: expire
        description: The expected response time of the end-user (in second)
        required: true
        type: integer
      - in: formData
        name: acr
        description: Requested Authentication Context Class Reference value (may appear multiple time)
        required: true
        type: string
      - in: formData
        name: message
        description: A human-readable identifier or message intended to be displayed on both the consumption device and the authentication device to interlock them together for the transaction by way of a visual cue for the end-user
        required: true
        type: string
      security:
        - client_auth: []
      responses:
        '200':
          description: OK          
          schema:
            $ref: '#/definitions/Response'
        '400':
          description: Bad Request
        '401':
          description: Unauthorized
        '403':
          description: Forbidden
securityDefinitions:
  client_auth:
    type: basic
    description: Base64(clientId:clientSecret)
definitions:
  Response:
    type: object
    properties:
      tid:
        type: string
        description: REQUIRED. The unique identifier provided as request parameter.
      state:
        type: string
        description: REQUIRED. The state provided as request parameter.
      data:
        type: object
        description: OPTIONAL. A map of key/value pairs to provide additional information