microsoft/typespec

Public

mirrored from https://github.com/microsoft/typespecAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
a6b7827fcd2db3bf604d42e235216c8d5b244f13

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

packages/http/lib/auth.tsp

194lines · modecode

1namespace TypeSpec.Http;
2
3@doc("Authentication type")
4enum AuthType {
5 @doc("HTTP")
6 http,
7
8 @doc("API key")
9 apiKey,
10
11 @doc("OAuth2")
12 oauth2,
13
14 @doc("OpenID connect")
15 openIdConnect,
16}
17
18/**
19 * Basic authentication is a simple authentication scheme built into the HTTP protocol.
20 * The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password.
21 * For example, to authorize as demo / `p@55w0rd` the client would send
22 * ```
23 * Authorization: Basic ZGVtbzpwQDU1dzByZA==
24 * ```
25 */
26@doc("")
27model BasicAuth {
28 @doc("Http authentication")
29 type: AuthType.http;
30
31 @doc("basic auth scheme")
32 scheme: "basic";
33}
34
35/**
36 * Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens.
37 * The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request.
38 * The client must send this token in the Authorization header when making requests to protected resources:
39 * ```
40 * Authorization: Bearer <token>
41 * ```
42 */
43@doc("")
44model BearerAuth {
45 @doc("Http authentication")
46 type: AuthType.http;
47
48 @doc("bearer auth scheme")
49 scheme: "bearer";
50}
51
52@doc("Describes the location of the API key")
53enum ApiKeyLocation {
54 @doc("API key is a header value")
55 header,
56
57 @doc("API key is a query parameter")
58 query,
59
60 @doc("API key is found in a cookie")
61 cookie,
62}
63
64/**
65 * An API key is a token that a client provides when making API calls. The key can be sent in the query string:
66 *
67 * ```
68 * GET /something?api_key=abcdef12345
69 * ```
70 *
71 * or as a request header
72 *
73 * ```
74 * GET /something HTTP/1.1
75 * X-API-Key: abcdef12345
76 * ```
77 *
78 * or as a cookie
79 *
80 * ```
81 * GET /something HTTP/1.1
82 * Cookie: X-API-KEY=abcdef12345
83 * ```
84 *
85 * @template TLocation The location of the API key
86 * @template TName The name of the API key
87 */
88@doc("")
89model ApiKeyAuth<TLocation extends ApiKeyLocation, TName extends string> {
90 @doc("API key authentication")
91 type: AuthType.apiKey;
92
93 @doc("location of the API key")
94 in: TLocation;
95
96 @doc("name of the API key")
97 name: TName;
98}
99
100/**
101 * OAuth 2.0 is an authorization protocol that gives an API client limited access to user data on a web server.
102 * OAuth relies on authentication scenarios called flows, which allow the resource owner (user) to share the protected content from the resource server without sharing their credentials.
103 * For that purpose, an OAuth 2.0 server issues access tokens that the client applications can use to access protected resources on behalf of the resource owner.
104 * For more information about OAuth 2.0, see oauth.net and RFC 6749.
105 * @template TFlows The list of supported OAuth2 flows
106 */
107@doc("")
108model OAuth2Auth<TFlows extends OAuth2Flow[]> {
109 @doc("OAuth2 authentication")
110 type: AuthType.oauth2;
111
112 @doc("Supported OAuth2 flows")
113 flows: TFlows;
114}
115
116@doc("Describes the OAuth2 flow type")
117enum OAuth2FlowType {
118 @doc("authorization code flow")
119 authorizationCode,
120
121 @doc("implcit flow")
122 implicit,
123
124 @doc("password flow")
125 password,
126
127 @doc("client credential flow")
128 clientCredentials,
129}
130
131alias OAuth2Flow = AuthorizationCodeFlow | ImplicitFlow | PasswordFlow | ClientCredentialsFlow;
132
133@doc("Authorization Code flow")
134model AuthorizationCodeFlow {
135 @doc("authorization code flow")
136 type: OAuth2FlowType.authorizationCode;
137
138 @doc("the authorization URL")
139 authorizationUrl: string;
140
141 @doc("the token URL")
142 tokenUrl: string;
143
144 @doc("the refresh URL")
145 refreshUrl?: string;
146
147 @doc("list of scopes for the credential")
148 scopes: string[];
149}
150
151@doc("Implicit flow")
152model ImplicitFlow {
153 @doc("implicit flow")
154 type: OAuth2FlowType.implicit;
155
156 @doc("the authorization URL")
157 authorizationUrl: string;
158
159 @doc("the refresh URL")
160 refreshUrl?: string;
161
162 @doc("list of scopes for the credential")
163 scopes: string[];
164}
165
166@doc("Resource Owner Password flow")
167model PasswordFlow {
168 @doc("password flow")
169 type: OAuth2FlowType.password;
170
171 @doc("the authorization URL")
172 authorizationUrl: string;
173
174 @doc("the refresh URL")
175 refreshUrl?: string;
176
177 @doc("list of scopes for the credential")
178 scopes: string[];
179}
180
181@doc("Client credentials flow")
182model ClientCredentialsFlow {
183 @doc("client credential flow")
184 type: OAuth2FlowType.clientCredentials;
185
186 @doc("the token URL")
187 tokenUrl: string;
188
189 @doc("the refresh URL")
190 refreshUrl?: string;
191
192 @doc("list of scopes for the credential")
193 scopes: string[];
194}