{ "swagger": "2.0", "info": { "description": "OAuth服务,提供第三方登录、授权码、令牌管理等功能", "title": "OAuth Service API", "contact": {}, "version": "1.0.0" }, "basePath": "/api/v1", "paths": { "/admin/oauth/clients": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回当前租户下分页的 OAuth 客户端列表,支持按名称和状态过滤", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "列出 OAuth 客户端", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" }, { "type": "string", "description": "按名称搜索", "name": "name", "in": "query" }, { "type": "string", "description": "按状态筛选(active/suspended)", "name": "status", "in": "query" } ], "responses": { "200": { "description": "客户端列表", "schema": { "$ref": "#/definitions/dto.OAuthClientListResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建一个新的 OAuth 客户端,返回凭据(client_secret 仅返回一次)。支持配置 redirect_uris, scopes, grant_types, JWKS, FAPI profile 等。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "创建 OAuth 客户端", "parameters": [ { "description": "创建客户端请求(包含 name, redirect_uris, scopes, grant_types 等)", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.CreateClientRequest" } } ], "responses": { "201": { "description": "创建成功(含 client_id 和 client_secret)", "schema": { "$ref": "#/definitions/dto.CreateClientDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}": { "get": { "security": [ { "bearerAuth": [] } ], "description": "根据 client_id 获取指定客户端的完整信息", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "获取 OAuth 客户端详情", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true } ], "responses": { "200": { "description": "客户端详情", "schema": { "$ref": "#/definitions/dto.OAuthClientItemDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "put": { "security": [ { "bearerAuth": [] } ], "description": "更新指定 OAuth 客户端的配置信息(redirect_uris, scopes, grant_types, name, status, JWKS 等)", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "更新 OAuth 客户端配置", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "description": "更新请求", "name": "request", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.UpdateClientRequest" } } ], "responses": { "200": { "description": "更新成功", "schema": { "$ref": "#/definitions/dto.OAuthClientItemDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "软删除指定的 OAuth 客户端及其关联令牌", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "删除 OAuth 客户端", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true } ], "responses": { "204": { "description": "删除成功(无响应体)", "schema": { "type": "string" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/audit-logs": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回指定客户端的变更审计日志(操作人、操作时间、操作类型、变更详情等)", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "获取 OAuth 客户端审计日志", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "审计日志列表", "schema": { "$ref": "#/definitions/dto.OAuthAuditLogListResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/clone": { "post": { "security": [ { "bearerAuth": [] } ], "description": "克隆指定客户端,返回新凭据(client_secret 仅返回一次)。保留原客户端的 redirect_uris, scopes, grant_types, JWKS 等配置。", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "克隆 OAuth 客户端", "parameters": [ { "type": "string", "description": "源客户端ID", "name": "client_id", "in": "path", "required": true } ], "responses": { "201": { "description": "新客户端(含 client_id 和 client_secret)", "schema": { "$ref": "#/definitions/dto.CloneClientDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/rotate-secret": { "post": { "security": [ { "bearerAuth": [] } ], "description": "为指定客户端生成新密钥,旧密钥立即失效(移至历史表,仍可验证4小时)", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "轮换 OAuth 客户端密钥", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true } ], "responses": { "200": { "description": "新密钥(含 new_secret,仅返回一次)", "schema": { "$ref": "#/definitions/dto.RotateSecretDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/secrets": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回指定客户端的所有密钥元数据(不含密钥值)", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "列出 OAuth 客户端所有密钥", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true } ], "responses": { "200": { "description": "密钥列表(含 secret_id, status, created_at, last_used_at 等)", "schema": { "$ref": "#/definitions/dto.OAuthClientSecretListDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "为指定客户端创建一个新密钥(secret_value 仅返回一次)。最多支持2个有效密钥。", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "创建 OAuth 客户端密钥", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true } ], "responses": { "201": { "description": "新密钥(含 secret_value,仅返回一次)", "schema": { "$ref": "#/definitions/dto.CreateClientSecretDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "409": { "description": "冲突:已达到密钥数量上限(最多2个)", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/secrets/{secret_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "硬删除指定密钥(至少保留一个密钥)", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "删除 OAuth 客户端密钥", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "string", "description": "密钥ID", "name": "secret_id", "in": "path", "required": true } ], "responses": { "204": { "description": "删除成功(无响应体)", "schema": { "type": "string" } }, "400": { "description": "请求参数错误:不能删除最后一个密钥", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端或密钥不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/secrets/{secret_id}/deactivate": { "put": { "security": [ { "bearerAuth": [] } ], "description": "将指定密钥状态设为停用(仍可验证现有令牌,但不接受新令牌)", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "停用 OAuth 客户端密钥", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "string", "description": "密钥ID", "name": "secret_id", "in": "path", "required": true } ], "responses": { "200": { "description": "更新后的密钥信息(status=inactive)", "schema": { "$ref": "#/definitions/dto.OAuthClientSecretDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端或密钥不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/stats": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回指定客户端的令牌使用统计(活跃 token 数、最后请求时间等)", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "获取 OAuth 客户端统计数据", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true } ], "responses": { "200": { "description": "统计数据", "schema": { "$ref": "#/definitions/dto.ClientStatsDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/clients/{client_id}/tokens": { "get": { "security": [ { "bearerAuth": [] } ], "description": "返回指定客户端的活跃访问令牌和刷新令牌列表", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "列出 OAuth 客户端活跃令牌", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" } ], "responses": { "200": { "description": "令牌列表", "schema": { "$ref": "#/definitions/dto.OAuthTokenListResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "撤销指定客户端的所有活跃令牌,支持可选宽限期(grace_period,秒级)", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "撤销 OAuth 客户端所有令牌", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "integer", "description": "宽限期(秒)", "name": "grace_period", "in": "query" } ], "responses": { "200": { "description": "撤销结果(含 revoked_access_tokens, revoked_refresh_tokens 计数)", "schema": { "$ref": "#/definitions/dto.RevokeClientTokensDetailResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "客户端不存在或不属于当前租户", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/devices": { "get": { "security": [ { "bearerAuth": [] } ], "description": "分页列出当前租户下所有设备授权码会话,支持按状态和客户端ID过滤。仅管理员可访问。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "列出设备授权会话", "parameters": [ { "type": "integer", "default": 1, "description": "页码", "name": "page", "in": "query" }, { "type": "integer", "default": 20, "description": "每页数量", "name": "page_size", "in": "query" }, { "type": "string", "description": "状态过滤(pending/authorized/denied/expired)", "name": "status", "in": "query" }, { "type": "string", "description": "客户端ID过滤", "name": "client_id", "in": "query" } ], "responses": { "200": { "description": "设备授权列表", "schema": { "$ref": "#/definitions/dto.ListResponse-dto_DeviceAuthorizationListItem" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/devices/{device_code}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "撤销指定的设备授权会话,将设备授权状态标记为已过期。仅管理员可访问。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "撤销设备授权", "parameters": [ { "type": "string", "description": "设备码", "name": "device_code", "in": "path", "required": true } ], "responses": { "200": { "description": "撤销成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "设备授权不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/providers": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前租户下所有OAuth提供商的列表,包括名称、ID、启用状态等信息。仅管理员可访问。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "列出OAuth提供商", "responses": { "200": { "description": "提供商列表", "schema": { "$ref": "#/definitions/dto.OAuthProviderListDetailResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "post": { "security": [ { "bearerAuth": [] } ], "description": "创建一个新的OAuth提供商配置,包括名称、Client ID、Client Secret、授权/令牌/用户信息端点URL等信息。仅管理员可访问。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "创建OAuth提供商", "parameters": [ { "description": "创建提供商请求(包含 name, display_name, client_id, client_secret, redirect_url, auth_url, token_url, userinfo_url 等)", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AdminCreateProviderRequest" } } ], "responses": { "201": { "description": "创建的提供商信息", "schema": { "$ref": "#/definitions/dto.DataResponse-dto_OAuthProviderItem" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "409": { "description": "冲突:提供商名称已存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/providers/{name}": { "put": { "security": [ { "bearerAuth": [] } ], "description": "更新指定OAuth提供商的配置信息,支持部分更新(仅提交需要修改的字段)。仅管理员可访问。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "更新OAuth提供商", "parameters": [ { "type": "string", "description": "提供商名称", "name": "name", "in": "path", "required": true }, { "description": "更新提供商请求(所有字段均为可选)", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AdminUpdateProviderRequest" } } ], "responses": { "200": { "description": "更新后的提供商信息", "schema": { "$ref": "#/definitions/dto.DataResponse-dto_OAuthProviderItem" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "提供商不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } }, "delete": { "security": [ { "bearerAuth": [] } ], "description": "删除指定的OAuth提供商配置。仅管理员可访问。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "删除OAuth提供商", "parameters": [ { "type": "string", "description": "提供商名称", "name": "name", "in": "path", "required": true } ], "responses": { "200": { "description": "删除成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "提供商不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/providers/{name}/toggle": { "put": { "security": [ { "bearerAuth": [] } ], "description": "启用或禁用指定的OAuth提供商。仅管理员可访问。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "启停OAuth提供商", "parameters": [ { "type": "string", "description": "提供商名称", "name": "name", "in": "path", "required": true }, { "description": "启停请求(包含 enabled 字段)", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.AdminToggleProviderRequest" } } ], "responses": { "200": { "description": "操作成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "提供商不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/admin/oauth/tokens/user/{user_id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "批量撤销指定用户的所有访问令牌和刷新令牌。JWT 认证保护,仅管理员可访问。", "produces": [ "application/json" ], "tags": [ "OAuth 客户端管理" ], "summary": "批量撤销用户令牌", "parameters": [ { "type": "string", "description": "用户ID", "name": "user_id", "in": "path", "required": true } ], "responses": { "200": { "description": "撤销结果(含 revoked_access_tokens, revoked_refresh_tokens 计数)", "schema": { "$ref": "#/definitions/handler.swaggerBatchRevokeDetailResponse" } }, "400": { "description": "请求参数错误:缺少 user_id", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "403": { "description": "权限不足:需要管理员权限", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/internal/introspect": { "post": { "description": "内部令牌自检端点,无JWT认证,仅内部服务间调用。使用系统标准信封 dto_base.DataResponse[T]。与标准 Introspect 端点的区别在于:仅接受 JSON body(不兼容 form-encoded),响应使用系统标准信封而非 OAuth 扁平格式,不暴露给外部 OAuth Client。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth - 内部接口" ], "summary": "内部令牌自检", "parameters": [ { "description": "请求体(包含 token)", "name": "body", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "自检结果(含 active, client_id, user_id, scope, exp)", "schema": { "$ref": "#/definitions/handler.swaggerInternalIntrospectDetailResponse" } }, "400": { "description": "请求参数错误:缺少 token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/internal/revoke-user-tokens": { "post": { "description": "内部API端点,由 identity-service 调用,用于在密码变更/账户锁定/GDPR 擦除时级联撤销 OAuth 令牌。受 InternalAPIKeyAuth + ExtractTenantFromHeaderStrict 中间件保护。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth - 内部接口" ], "summary": "内部撤销用户令牌", "parameters": [ { "description": "请求体(包含 user_id)", "name": "body", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "撤销结果(含 revoked_access_tokens, revoked_refresh_tokens 计数)", "schema": { "$ref": "#/definitions/handler.swaggerBatchRevokeDetailResponse" } }, "400": { "description": "请求参数错误:缺少 user_id", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/oauth/authorize": { "get": { "description": "OAuth 2.0 授权端点。提供 redirect_uri 时返回 302 重定向;未提供时返回 JSON 授权码。支持 PKCE 和 PAR(通过 request_uri)。参考:RFC 6749 §4.1.1-4.1.2.1 (Authorization Code Grant)、RFC 7636 (PKCE)、RFC 9126 (PAR)、OAuth 2.1 可选 iss 参数。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "OAuth 2.0 授权端点", "parameters": [ { "type": "string", "description": "响应类型(仅支持 code)", "name": "response_type", "in": "query", "required": true }, { "type": "string", "description": "客户端ID", "name": "client_id", "in": "query", "required": true }, { "type": "string", "description": "重定向URI", "name": "redirect_uri", "in": "query" }, { "type": "string", "description": "请求的权限范围", "name": "scope", "in": "query" }, { "type": "string", "description": "防CSRF状态参数", "name": "state", "in": "query" }, { "type": "string", "description": "Issuer URL(OAuth 2.1)", "name": "iss", "in": "query" }, { "type": "string", "description": "OIDC nonce 参数", "name": "nonce", "in": "query" }, { "type": "string", "description": "PKCE Code Challenge(RFC 7636)", "name": "code_challenge", "in": "query" }, { "type": "string", "description": "PKCE 方法(S256)", "name": "code_challenge_method", "in": "query" }, { "type": "string", "description": "Authorization Details(RFC 9396)", "name": "authorization_details", "in": "query" }, { "type": "string", "description": "PAR Request URI(RFC 9126)", "name": "request_uri", "in": "query" } ], "responses": { "200": { "description": "授权码(无 redirect_uri 时)", "schema": { "$ref": "#/definitions/handler.authorizeCodeResponse" } }, "302": { "description": "重定向到回调URL并附带 OAuth 错误(invalid_request/invalid_client/unsupported_response_type)", "schema": { "type": "string" } }, "400": { "description": "invalid_request_uri:PAR 请求无效/过期/已使用。参考:RFC 9126。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:授权服务器内部错误。参考:RFC 6749 §5.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } }, "post": { "description": "OAuth 2.0 授权端点(POST 方式)。用户确认授权后,提供 redirect_uri 时返回 302 重定向;未提供时返回 JSON 授权码。支持 PKCE、PAR 和 consent 自动保存。参考:RFC 6749 §4.1.1-4.1.2.1 (Authorization Code Grant)、RFC 7636 (PKCE)、RFC 9126 (PAR)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "OAuth 2.0 授权端点(POST)", "parameters": [ { "description": "授权请求体(包含 response_type, client_id, redirect_uri, scope, state, user_id, approved 等)", "name": "body", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "授权码(无 redirect_uri 时)", "schema": { "$ref": "#/definitions/handler.authorizeCodeResponse" } }, "302": { "description": "重定向到回调URL并附带 OAuth 错误(invalid_request/invalid_client/access_denied)", "schema": { "type": "string" } }, "400": { "description": "invalid_request_uri:PAR 请求无效/过期/已使用。参考:RFC 9126。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "403": { "description": "access_denied:user_id 与认证用户不匹配", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:授权服务器内部错误。参考:RFC 6749 §5.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/consents": { "get": { "security": [ { "bearerAuth": [] } ], "description": "获取当前用户已授权的所有 OAuth 客户端同意记录,包括客户端 ID、授权范围及授权时间。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "获取授权同意列表", "responses": { "200": { "description": "授权同意列表", "schema": { "$ref": "#/definitions/dto.ConsentListResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/oauth/consents/{id}": { "delete": { "security": [ { "bearerAuth": [] } ], "description": "撤销当前用户对特定 OAuth 客户端的一条授权同意记录,撤销后该客户端的访问令牌将失效。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "撤销授权同意", "parameters": [ { "type": "string", "description": "同意记录ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "撤销成功", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "同意记录不存在", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/oauth/device/authorize": { "post": { "description": "OAuth 2.0 设备授权端点。设备发起授权请求,获取 device_code 和 user_code,用户随后在浏览器中输入 user_code 完成授权。公开端点,无需认证。参考:RFC 8628 §3.1 (Device Authorization Grant)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "设备授权请求", "parameters": [ { "description": "设备授权请求(包含 client_id, scope 等)", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.DeviceAuthorizationRequest" } } ], "responses": { "200": { "description": "设备授权响应(含 device_code, user_code, verification_uri, expires_in, interval)", "schema": { "$ref": "#/definitions/dto.DeviceAuthorizationDetailResponse" } }, "400": { "description": "invalid_client:客户端未找到或未激活。参考:RFC 8628 §3.1。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:创建设备授权失败。参考:RFC 8628 §3.1。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/device/verify": { "post": { "security": [ { "bearerAuth": [] } ], "description": "用户在浏览器中输入 user_code 并批准/拒绝设备授权。需要 JWT 认证。参考:RFC 8628 §3.3 (User Interaction)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "设备授权验证(用户侧)", "parameters": [ { "description": "验证请求(包含 user_code, approve 等)", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.DeviceAuthorizationVerifyRequest" } } ], "responses": { "200": { "description": "授权结果(device authorized 或 device authorization denied)", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "400": { "description": "请求参数错误:user_code 无效/过期/已处理", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "404": { "description": "user_code 未找到", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误:更新设备授权状态失败", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/oauth/introspect": { "post": { "description": "OAuth 2.0 令牌自省端点。检查令牌的活跃状态,返回令牌的元数据(sub, client_id, scope, exp 等)。返回扁平 JSON(无 code/message 信封)。参考:RFC 7662 (Token Introspection)。", "consumes": [ "application/x-www-form-urlencoded" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "令牌自省", "parameters": [ { "type": "string", "description": "待检查的令牌(access_token 或 refresh_token)", "name": "token", "in": "formData", "required": true } ], "responses": { "200": { "description": "自省结果(active=true 时包含完整令牌元数据;active=false 时仅返回 active 字段)", "schema": { "$ref": "#/definitions/dto.TokenIntrospectionResponse" } }, "400": { "description": "invalid_request:缺少 token 参数。参考:RFC 7662 §2.1。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:自省服务内部错误", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/pushed-authorization": { "post": { "description": "OAuth 2.0 推送授权请求端点(PAR)。客户端将授权参数提前推送到授权服务器,获取 request_uri 后在授权请求中使用。返回扁平 JSON(无 code/message 信封)。参考:RFC 9126 (Pushed Authorization Requests)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "推送授权请求(PAR)", "parameters": [ { "description": "PAR 请求体(包含 client_id, response_type, scope, state, redirect_uri, client_secret 等)", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.PushedAuthorizationRequest" } } ], "responses": { "201": { "description": "PAR 响应(含 request_uri 和 expires_in)", "schema": { "$ref": "#/definitions/dto.PushedAuthorizationResponse" } }, "400": { "description": "invalid_request:请求参数缺失或无效。参考:RFC 9126。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "401": { "description": "invalid_client:客户端认证失败。参考:RFC 9126。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:存储授权请求失败。参考:RFC 9126。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/refresh": { "post": { "description": "OAuth 2.0 刷新令牌端点。使用 refresh_token 换取新的 access_token 和 refresh_token(轮换)。返回扁平 JSON(无 code/message 信封)。参考:RFC 6749 §6 (Refreshing an Access Token)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "刷新访问令牌", "parameters": [ { "description": "请求体(包含 refresh_token, client_id)", "name": "body", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "刷新后的令牌(含新的 access_token 和 refresh_token)", "schema": { "$ref": "#/definitions/dto.OAuthTokenResponse" } }, "400": { "description": "invalid_request:请求参数缺失或无效。参考:RFC 6749 §5.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "401": { "description": "invalid_grant:refresh_token 无效或过期。参考:RFC 6749 §5.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/register": { "post": { "description": "OAuth 2.0 动态客户端注册端点。客户端自助注册并获取 client_id、client_secret 和 registration_access_token。限流:同一IP每小时最多10次注册。参考:RFC 7591 §2 (Dynamic Client Registration Protocol)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "动态客户端注册", "parameters": [ { "description": "客户端注册请求(包含 client_name, redirect_uris, grant_types, scope 等)", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ClientRegistrationRequest" } } ], "responses": { "201": { "description": "注册成功(含 client_id, client_secret, registration_access_token)。参考:RFC 7591 §2.1。", "schema": { "$ref": "#/definitions/dto.ClientRegistrationDetailResponse" } }, "400": { "description": "invalid_client_metadata:请求元数据无效(缺少 redirect_uris 等)。参考:RFC 7591 §2.3。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "429": { "description": "rate_limit_exceeded:注册频率超限,请稍后重试", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:注册客户端失败", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/register/{client_id}": { "get": { "description": "OAuth 2.0 动态客户端注册读取端点。使用 Registration Access Token 读取客户端当前元数据。参考:RFC 7591 §3 (Client Read Request)。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "读取客户端注册", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "string", "description": "Bearer \u003cregistration_access_token\u003e", "name": "Authorization", "in": "header", "required": true } ], "responses": { "200": { "description": "客户端元数据", "schema": { "$ref": "#/definitions/dto.ClientRegistrationDetailResponse" } }, "401": { "description": "invalid_token:缺少或无效的 Registration Access Token。参考:RFC 7591 §3.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } }, "put": { "description": "OAuth 2.0 动态客户端注册更新端点。使用 Registration Access Token 更新客户端元数据(redirect_uris, grant_types, scope, JWKS 等)。参考:RFC 7591 §2.2 (Client Update Request)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "更新客户端注册", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "string", "description": "Bearer \u003cregistration_access_token\u003e", "name": "Authorization", "in": "header", "required": true }, { "description": "更新后的客户端元数据", "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/dto.ClientRegistrationUpdateRequest" } } ], "responses": { "200": { "description": "更新后的客户端元数据", "schema": { "$ref": "#/definitions/dto.ClientRegistrationDetailResponse" } }, "400": { "description": "invalid_client_metadata:请求元数据无效", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "401": { "description": "invalid_token:缺少或无效的 Registration Access Token。参考:RFC 7591 §2.3。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:更新客户端注册失败", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } }, "delete": { "description": "OAuth 2.0 动态客户端注册删除端点。使用 Registration Access Token 软删除客户端注册。参考:RFC 7591 §2.3 (Client Delete Request)。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "删除客户端注册", "parameters": [ { "type": "string", "description": "客户端ID", "name": "client_id", "in": "path", "required": true }, { "type": "string", "description": "Bearer \u003cregistration_access_token\u003e", "name": "Authorization", "in": "header", "required": true } ], "responses": { "204": { "description": "删除成功(无响应体)", "schema": { "type": "string" } }, "401": { "description": "invalid_token:缺少或无效的 Registration Access Token。参考:RFC 7591 §2.3。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:删除客户端注册失败", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/revoke": { "post": { "description": "OAuth 2.0 令牌撤销端点。成功返回 200 OK(无响应体)。支持撤销 access_token 和 refresh_token。参考:RFC 7009 (Token Revocation)。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "撤销令牌", "parameters": [ { "description": "请求体(包含 token, token_type_hint)", "name": "body", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "令牌已撤销(无响应体)", "schema": { "type": "string" } }, "400": { "description": "invalid_request:请求参数缺失或无效。参考:RFC 7009 §2.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/risk-assessment": { "get": { "security": [ { "bearerAuth": [] } ], "description": "根据 client_id 查询该 OAuth 客户端的风险评估日志,返回风险评分、风险等级及建议措施。", "consumes": [ "application/json" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "获取OAuth客户端风险评估", "parameters": [ { "type": "string", "description": "OAuth客户端ID", "name": "client_id", "in": "query", "required": true } ], "responses": { "200": { "description": "风险评估结果(含 risk_score, risk_level, recommended_actions)", "schema": { "$ref": "#/definitions/dto.DataResponse-dto_RiskAssessmentResponse" } }, "400": { "description": "请求参数错误:缺少 client_id", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "401": { "description": "未认证:请提供有效的 Bearer Token", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } }, "500": { "description": "服务内部错误", "schema": { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.SimpleResponse" } } } } }, "/oauth/token": { "post": { "description": "OAuth 2.0 令牌端点。支持 authorization_code、refresh_token、client_credentials、urn:ietf:params:oauth:grant-type:device_code 四种授权类型。支持 private_key_jwt 客户端认证和 DPoP。返回扁平 JSON(无 code/message 信封)。参考:RFC 6749 §4.1.3 (Authorization Code Grant)、§4.3 (Resource Owner Password)、§4.4 (Client Credentials)、RFC 6749 §5.1-5.2、RFC 7636 (PKCE)、RFC 8628 §3.4 (Device Code)。", "consumes": [ "application/x-www-form-urlencoded" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "OAuth 2.0 令牌端点", "parameters": [ { "type": "string", "description": "授权类型(authorization_code/refresh_token/client_credentials/urn:ietf:params:oauth:grant-type:device_code)", "name": "grant_type", "in": "formData", "required": true }, { "type": "string", "description": "授权码(authorization_code 时必填)", "name": "code", "in": "formData" }, { "type": "string", "description": "重定向URI(authorization_code 时必填)", "name": "redirect_uri", "in": "formData" }, { "type": "string", "description": "客户端ID", "name": "client_id", "in": "formData" }, { "type": "string", "description": "客户端密钥", "name": "client_secret", "in": "formData" }, { "type": "string", "description": "刷新令牌(refresh_token 时必填)", "name": "refresh_token", "in": "formData" }, { "type": "string", "description": "PKCE Code Verifier(public client 时必填)", "name": "code_verifier", "in": "formData" }, { "type": "string", "description": "设备码(device_code 时必填)", "name": "device_code", "in": "formData" }, { "type": "string", "description": "客户端断言类型(private_key_jwt)", "name": "client_assertion_type", "in": "formData" }, { "type": "string", "description": "客户端断言 JWT(private_key_jwt)", "name": "client_assertion", "in": "formData" } ], "responses": { "200": { "description": "令牌响应(含 access_token, refresh_token, id_token 等)", "schema": { "$ref": "#/definitions/dto.OAuthTokenResponse" } }, "400": { "description": "unsupported_grant_type:不支持的授权类型。参考:RFC 6749 §5.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "401": { "description": "invalid_client:客户端认证失败。参考:RFC 6749 §5.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "429": { "description": "rate_limit_exceeded:请求频率过高,请稍后重试", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:授权服务器内部错误。参考:RFC 6749 §5.2。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/token-exchange": { "post": { "description": "实现 RFC 8693 令牌交换标准,支持 subject_token 和 actor_token 的委托链,将原始 JWT 交换为下游服务的受限访问令牌。用于 NHI Workload 身份委托场景。参考:RFC 8693 (OAuth 2.0 Token Exchange)。", "consumes": [ "application/x-www-form-urlencoded" ], "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "令牌交换(Token Exchange)", "parameters": [ { "enum": [ "urn:ietf:params:oauth:grant-type:token-exchange" ], "type": "string", "description": "授权类型", "name": "grant_type", "in": "formData", "required": true }, { "type": "string", "description": "主体令牌(JWT)", "name": "subject_token", "in": "formData", "required": true }, { "type": "string", "description": "委托方令牌(JWT)", "name": "actor_token", "in": "formData" }, { "type": "string", "description": "请求的权限范围", "name": "scope", "in": "formData" }, { "type": "string", "description": "客户端ID", "name": "client_id", "in": "formData" } ], "responses": { "200": { "description": "交换后的访问令牌(含 access_token, token_type, expires_in, scope)", "schema": { "$ref": "#/definitions/dto.OAuthTokenResponse" } }, "400": { "description": "invalid_scope:请求的 scope 无效或超出范围。参考:RFC 8693。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "401": { "description": "invalid_token:subject_token 无效或过期", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } }, "500": { "description": "server_error:令牌交换服务内部错误", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } }, "/oauth/userinfo": { "get": { "description": "OpenID Connect UserInfo 端点。使用 Bearer Token 认证,返回扁平 UserInfo JSON(无 code/message 信封)。当 scope 包含 \"profile\" 时,从 profile-service 查询用户资料并合并到响应中。当配置了 verification-service 时,额外查询年龄分组/未成年人状态。参考:OpenID Connect Core 1.0 §5.3 (UserInfo Endpoint)。", "produces": [ "application/json" ], "tags": [ "OAuth" ], "summary": "获取用户信息", "parameters": [ { "type": "string", "description": "Bearer \u003caccess_token\u003e", "name": "Authorization", "in": "header", "required": true } ], "responses": { "200": { "description": "UserInfo 响应(含 sub, name, email, picture 等 OIDC 标准声明)", "schema": { "$ref": "#/definitions/dto.OIDCUserInfoResponse" } }, "401": { "description": "invalid_token:Token 无效或已过期。参考:OIDC Core §5.3。", "schema": { "$ref": "#/definitions/dto.OAuthErrorResponse" } } } } } }, "definitions": { "dto.AdminCreateProviderRequest": { "type": "object", "required": [ "client_id", "client_secret", "name" ], "properties": { "auth_url": { "type": "string" }, "client_id": { "type": "string" }, "client_secret": { "type": "string" }, "display_name": { "type": "string" }, "enabled": { "type": "boolean" }, "name": { "type": "string" }, "redirect_url": { "type": "string" }, "scopes": { "type": "string" }, "token_url": { "type": "string" }, "user_info_url": { "type": "string" } } }, "dto.AdminToggleProviderRequest": { "type": "object", "properties": { "enabled": { "type": "boolean" } } }, "dto.AdminUpdateProviderRequest": { "type": "object", "properties": { "auth_url": { "type": "string" }, "client_id": { "type": "string" }, "client_secret": { "type": "string" }, "display_name": { "type": "string" }, "redirect_url": { "type": "string" }, "scopes": { "type": "string" }, "token_url": { "type": "string" }, "user_info_url": { "type": "string" } } }, "dto.AuthorizationDetailDTO": { "type": "object", "properties": { "actions": { "description": "操作", "type": "array", "items": { "type": "string" }, "example": [ "[\"list_accounts\"", "\"read_balances\"]" ] }, "constraints": { "description": "扩展约束", "type": "object", "additionalProperties": true }, "data_types": { "description": "数据类型", "type": "array", "items": { "type": "string" }, "example": [ "[\"account_details\"", "\"balances\"]" ] }, "identifier": { "description": "标识符", "type": "string", "example": "account-12345" }, "locations": { "description": "位置", "type": "array", "items": { "type": "string" }, "example": [ "[\"https://example.com/accounts\"]" ] }, "type": { "description": "授权类型", "type": "string", "example": "account_information" } } }, "dto.BatchRevokeUserTokensResponse": { "type": "object", "properties": { "revoked_access_tokens": { "type": "integer" }, "revoked_refresh_tokens": { "type": "integer" } } }, "dto.ClientRegistrationDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.ClientRegistrationResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.ClientRegistrationRequest": { "description": "OAuth 2.0 Dynamic Client Registration request (RFC 7591 §2)", "type": "object", "required": [ "redirect_uris" ], "properties": { "application_type": { "description": "应用类型", "type": "string", "example": "web" }, "client_name": { "description": "客户端名称", "type": "string", "example": "My Application" }, "client_uri": { "description": "客户端主页URL", "type": "string", "example": "https://app.example.com" }, "contacts": { "description": "联系人", "type": "array", "items": { "type": "string" }, "example": [ "[\"admin@example.com\"]" ] }, "grant_types": { "description": "授权类型", "type": "array", "items": { "type": "string" }, "example": [ "[\"authorization_code\"", "\"refresh_token\"]" ] }, "jwks": { "description": "JWKS文档", "type": "string" }, "jwks_uri": { "description": "JWKS URI", "type": "string", "example": "https://app.example.com/jwks.json" }, "logo_uri": { "description": "Logo URL", "type": "string", "example": "https://app.example.com/logo.png" }, "policy_uri": { "description": "隐私政策URL", "type": "string", "example": "https://app.example.com/privacy" }, "redirect_uris": { "description": "回调URI列表", "type": "array", "minItems": 1, "items": { "type": "string" }, "example": [ "[\"https://app.example.com/callback\"]" ] }, "scope": { "description": "权限范围", "type": "string", "example": "openid profile email" }, "software_id": { "description": "软件ID", "type": "string", "example": "my-app-v1" }, "software_version": { "description": "软件版本", "type": "string", "example": "1.0.0" }, "token_endpoint_auth_method": { "description": "Token端点认证方法", "type": "string", "example": "client_secret_basic" }, "tos_uri": { "description": "服务条款URL", "type": "string", "example": "https://app.example.com/tos" } } }, "dto.ClientRegistrationResponse": { "description": "OAuth 2.0 Dynamic Client Registration response (RFC 7591 §2.1)", "type": "object", "properties": { "application_type": { "description": "应用类型", "type": "string", "example": "web" }, "client_id": { "description": "客户端ID", "type": "string", "example": "01JNXXXXX..." }, "client_id_issued_at": { "description": "客户端ID签发时间", "type": "integer", "example": 1715692800 }, "client_name": { "description": "客户端名称", "type": "string", "example": "My Application" }, "client_secret": { "description": "客户端密钥", "type": "string", "example": "sec_abc123..." }, "client_secret_expires_at": { "description": "客户端密钥过期时间(0=永不过期)", "type": "integer", "example": 0 }, "client_uri": { "description": "客户端主页URL", "type": "string", "example": "https://app.example.com" }, "contacts": { "description": "联系人", "type": "array", "items": { "type": "string" }, "example": [ "[\"admin@example.com\"]" ] }, "grant_types": { "description": "授权类型", "type": "array", "items": { "type": "string" }, "example": [ "[\"authorization_code\"", "\"refresh_token\"]" ] }, "logo_uri": { "description": "Logo URL", "type": "string", "example": "https://app.example.com/logo.png" }, "policy_uri": { "description": "隐私政策URL", "type": "string", "example": "https://app.example.com/privacy" }, "redirect_uris": { "description": "回调URI列表", "type": "array", "items": { "type": "string" }, "example": [ "[\"https://app.example.com/callback\"]" ] }, "registration_access_token": { "description": "注册管理Token", "type": "string", "example": "reg_abc123..." }, "registration_client_uri": { "description": "注册管理URI", "type": "string", "example": "https://authms.example.com/api/v1/oauth/register/app-123" }, "scope": { "description": "权限范围", "type": "string", "example": "openid profile email" }, "token_endpoint_auth_method": { "description": "认证方法", "type": "string", "example": "client_secret_basic" }, "tos_uri": { "description": "服务条款URL", "type": "string", "example": "https://app.example.com/tos" } } }, "dto.ClientRegistrationUpdateRequest": { "description": "OAuth 2.0 Dynamic Client Registration update request (RFC 7591 §2.2)", "type": "object", "properties": { "application_type": { "type": "string" }, "client_name": { "type": "string" }, "client_uri": { "type": "string" }, "contacts": { "type": "array", "items": { "type": "string" } }, "grant_types": { "type": "array", "items": { "type": "string" } }, "jwks": { "type": "string" }, "jwks_uri": { "type": "string" }, "logo_uri": { "type": "string" }, "policy_uri": { "type": "string" }, "redirect_uris": { "type": "array", "items": { "type": "string" } }, "scope": { "type": "string" }, "software_id": { "type": "string" }, "software_version": { "type": "string" }, "token_endpoint_auth_method": { "type": "string" }, "tos_uri": { "type": "string" } } }, "dto.ClientStatsDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.ClientStatsResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.ClientStatsResponse": { "description": "OAuth客户端令牌统计信息", "type": "object", "properties": { "active_refresh_tokens": { "type": "integer", "example": 5 }, "active_tokens": { "type": "integer", "example": 10 }, "client_id": { "type": "string", "example": "client-001" }, "last_request_at": { "type": "string", "example": "2026-04-15T10:30:00Z" } } }, "dto.CloneClientDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.CloneClientResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.CloneClientResponse": { "description": "克隆客户端的结果,包含新客户端的 secret(仅返回一次)", "type": "object", "properties": { "client_auth_methods": { "type": "string", "example": "[\"client_secret_basic\",\"private_key_jwt\"]" }, "client_id": { "type": "string", "example": "app-456" }, "client_secret": { "type": "string", "example": "secret_xyz789" }, "cors_origins": { "type": "array", "items": { "type": "string" }, "example": [ "[\"https://app.example.com\"]" ] }, "fapi_profile": { "type": "string", "example": "fapi1" }, "grant_types": { "type": "array", "items": { "type": "string" }, "example": [ "[\"authorization_code\"", "\"refresh_token\"]" ] }, "id": { "type": "string", "example": "01JNXXXXX..." }, "jwks_uri": { "type": "string", "example": "https://client.example.com/.well-known/jwks.json" }, "name": { "type": "string", "example": "My Application (clone)" }, "redirect_uris": { "type": "array", "items": { "type": "string" }, "example": [ "[\"https://app.example.com/callback\"]" ] }, "scopes": { "type": "array", "items": { "type": "string" }, "example": [ "[\"openid\"", "\"profile\"", "\"email\"]" ] }, "status": { "type": "string", "example": "active" } } }, "dto.ConsentListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "type": "array", "items": { "$ref": "#/definitions/dto.ConsentResponse" } }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.ConsentResponse": { "type": "object", "properties": { "client_id": { "type": "string", "example": "app-123" }, "granted_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "id": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "scopes": { "type": "string", "example": "openid profile email" } } }, "dto.CreateClientDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.CreateClientResponse" }, "message": { "type": "string" } } }, "dto.CreateClientRequest": { "type": "object", "required": [ "name", "redirect_uris" ], "properties": { "client_auth_methods": { "type": "array", "items": { "type": "string" } }, "fapi_profile": { "type": "string" }, "grant_types": { "type": "array", "items": { "type": "string" } }, "is_confidential": { "type": "boolean" }, "jwks": { "type": "string" }, "jwks_uri": { "type": "string" }, "logo_url": { "type": "string" }, "name": { "type": "string" }, "privacy_policy": { "type": "string" }, "redirect_uris": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "scopes": { "type": "array", "items": { "type": "string" } }, "terms_url": { "type": "string" }, "website": { "type": "string" } } }, "dto.CreateClientResponse": { "description": "OAuth客户端创建结果", "type": "object", "properties": { "client_auth_methods": { "type": "string", "example": "[\"client_secret_basic\",\"private_key_jwt\"]" }, "client_id": { "type": "string", "example": "app-123" }, "client_secret": { "type": "string", "example": "secret_abc123" }, "cors_origins": { "type": "array", "items": { "type": "string" }, "example": [ "[\"https://app.example.com\"]" ] }, "fapi_profile": { "type": "string", "example": "fapi1" }, "grant_types": { "type": "array", "items": { "type": "string" }, "example": [ "[\"authorization_code\"", "\"refresh_token\"]" ] }, "id": { "type": "string", "example": "01JNXXXXX..." }, "is_confidential": { "type": "boolean", "example": true }, "jwks": { "type": "string" }, "jwks_uri": { "type": "string", "example": "https://client.example.com/.well-known/jwks.json" }, "logo_url": { "type": "string", "example": "https://app.example.com/logo.png" }, "name": { "type": "string", "example": "My Application" }, "privacy_policy": { "type": "string", "example": "https://app.example.com/privacy" }, "redirect_uris": { "type": "array", "items": { "type": "string" }, "example": [ "[\"https://app.example.com/callback\"]" ] }, "scopes": { "type": "array", "items": { "type": "string" }, "example": [ "[\"openid\"", "\"profile\"", "\"email\"]" ] }, "status": { "type": "string", "example": "active" }, "terms_url": { "type": "string", "example": "https://app.example.com/terms" }, "website": { "type": "string", "example": "https://app.example.com" } } }, "dto.CreateClientSecretDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.CreateClientSecretResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.CreateClientSecretResponse": { "description": "OAuth客户端密钥创建结果,secret_value 仅在此响应中返回一次", "type": "object", "properties": { "created_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "secret_id": { "type": "string", "example": "secret-abc123" }, "secret_value": { "type": "string", "example": "sec_xyz789..." }, "status": { "type": "string", "example": "active" } } }, "dto.DataResponse-dto_OAuthProviderItem": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.OAuthProviderItem" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.DataResponse-dto_RiskAssessmentResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.RiskAssessmentResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.DeviceAuthorizationDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.DeviceAuthorizationResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.DeviceAuthorizationListItem": { "type": "object", "properties": { "client_id": { "type": "string", "example": "app-123" }, "created_at": { "type": "string", "example": "2026-01-15T10:20:00Z" }, "device_code": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "expires_at": { "type": "string", "example": "2026-01-15T10:30:00Z" }, "interval": { "type": "integer", "example": 5 }, "poll_count": { "type": "integer", "example": 3 }, "scope": { "type": "string", "example": "openid profile" }, "status": { "type": "string", "example": "pending" }, "updated_at": { "type": "string", "example": "2026-01-15T10:22:00Z" }, "user_code": { "type": "string", "example": "BDJW-DSXQ" }, "user_id": { "type": "string", "example": "user-abc" } } }, "dto.DeviceAuthorizationRequest": { "description": "设备码授权请求(RFC 8628 §3.1)", "type": "object", "required": [ "client_id" ], "properties": { "client_id": { "type": "string", "example": "app-123" }, "scope": { "type": "string", "example": "openid profile" } } }, "dto.DeviceAuthorizationResponse": { "description": "设备码授权响应(RFC 8628 §3.2)", "type": "object", "properties": { "device_code": { "type": "string", "example": "01ARZ3NDEKTSV4RRFFQ69G5FAV" }, "expires_in": { "type": "integer", "example": 600 }, "interval": { "type": "integer", "example": 5 }, "user_code": { "type": "string", "example": "BDJW-DSXQ" }, "verification_uri": { "type": "string", "example": "https://authms.example.com/device" } } }, "dto.DeviceAuthorizationVerifyRequest": { "description": "用户在浏览器中授权设备(RFC 8628 §3.3)", "type": "object", "required": [ "approve", "user_code" ], "properties": { "approve": { "type": "boolean", "example": true }, "user_code": { "type": "string", "example": "BDJW-DSXQ" } } }, "dto.InternalIntrospectResponse": { "type": "object", "properties": { "active": { "type": "boolean" }, "client_id": { "type": "string" }, "exp": { "type": "integer" }, "scope": { "type": "string" }, "user_id": { "type": "string" } } }, "dto.ListResponse-dto_DeviceAuthorizationListItem": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.DeviceAuthorizationListItem" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.OAuthAuditLogItem": { "type": "object", "properties": { "action": { "type": "string" }, "id": { "type": "string" }, "ip": { "type": "string" }, "level": { "type": "string" }, "message": { "type": "string" }, "module": { "type": "string" }, "operator_id": { "type": "string" }, "operator_type": { "type": "string" }, "status": { "type": "integer" }, "target_id": { "type": "string" }, "target_type": { "type": "string" }, "tenant_id": { "type": "string" }, "timestamp": { "type": "integer" } } }, "dto.OAuthAuditLogListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.OAuthAuditLogItem" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.OAuthClientItem": { "type": "object", "properties": { "client_auth_methods": { "type": "string", "example": "[\"client_secret_basic\",\"private_key_jwt\"]" }, "client_id": { "type": "string", "example": "app-123" }, "cors_origins": { "type": "array", "items": { "type": "string" }, "example": [ "[\"https://app.example.com\"]" ] }, "created_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "deleted_at": { "type": "string" }, "fapi_profile": { "type": "string", "example": "fapi1" }, "grant_types": { "type": "array", "items": { "type": "string" }, "example": [ "[\"authorization_code\"]" ] }, "id": { "type": "string", "example": "client_abc123" }, "is_confidential": { "type": "boolean", "example": true }, "jwks_uri": { "type": "string", "example": "https://client.example.com/.well-known/jwks.json" }, "logo_url": { "type": "string", "example": "https://app.example.com/logo.png" }, "name": { "type": "string", "example": "My App" }, "privacy_policy": { "type": "string", "example": "https://app.example.com/privacy" }, "redirect_uris": { "type": "array", "items": { "type": "string" }, "example": [ "[\"https://app.example.com/callback\"]" ] }, "scopes": { "type": "array", "items": { "type": "string" }, "example": [ "[\"openid\"", "\"profile\"]" ] }, "secret_last_four": { "type": "string", "example": "bcde" }, "status": { "type": "string", "example": "active" }, "tenant_id": { "type": "string", "example": "tenant_abc123" }, "terms_url": { "type": "string", "example": "https://app.example.com/terms" }, "updated_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "website": { "type": "string", "example": "https://app.example.com" } } }, "dto.OAuthClientItemDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.OAuthClientItem" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.OAuthClientListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.OAuthClientItem" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.OAuthClientSecretDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.OAuthClientSecretResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.OAuthClientSecretListData": { "description": "OAuth客户端密钥列表", "type": "object", "properties": { "secrets": { "type": "array", "items": { "$ref": "#/definitions/dto.OAuthClientSecretResponse" } } } }, "dto.OAuthClientSecretListDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.OAuthClientSecretListData" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.OAuthClientSecretResponse": { "description": "OAuth客户端密钥信息,不含实际密钥值", "type": "object", "properties": { "created_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "description": { "type": "string", "example": "Secondary client secret" }, "expires_at": { "type": "string", "example": "2026-05-15T10:30:00Z" }, "last_used_at": { "type": "string", "example": "2026-04-15T12:00:00Z" }, "secret_id": { "type": "string", "example": "secret-abc123" }, "status": { "type": "string", "example": "active" }, "updated_at": { "type": "string", "example": "2026-04-15T10:30:00Z" } } }, "dto.OAuthErrorResponse": { "description": "OAuth标准错误响应", "type": "object", "properties": { "error": { "description": "错误码", "type": "string", "example": "invalid_request" }, "error_description": { "description": "错误描述", "type": "string", "example": "Missing required parameter" }, "error_uri": { "description": "错误URI", "type": "string", "example": "https://docs.example.com/errors" }, "state": { "description": "状态", "type": "string", "example": "state-123" } } }, "dto.OAuthProviderItem": { "type": "object", "properties": { "auth_url": { "type": "string", "example": "https://github.com/login/oauth/authorize" }, "client_id": { "type": "string", "example": "client-id" }, "created_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "display_name": { "type": "string", "example": "GitHub" }, "enabled": { "type": "boolean", "example": true }, "id": { "type": "string", "example": "prov_abc123" }, "name": { "type": "string", "example": "github" }, "redirect_url": { "type": "string", "example": "https://app.example.com/callback" }, "scopes": { "type": "string", "example": "[\"read:user\",\"user:email\"]" }, "tenant_id": { "type": "string", "example": "tenant_abc123" }, "token_url": { "type": "string", "example": "https://github.com/login/oauth/access_token" }, "updated_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "user_info_url": { "type": "string", "example": "https://api.github.com/user" } } }, "dto.OAuthProviderListData": { "type": "object", "properties": { "providers": { "type": "array", "items": { "$ref": "#/definitions/dto.OAuthProviderItem" } } } }, "dto.OAuthProviderListDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.OAuthProviderListData" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.OAuthTokenItem": { "description": "OAuth令牌信息,不包含令牌原文", "type": "object", "properties": { "created_at": { "type": "string", "example": "2026-04-15T10:30:00Z" }, "expires_at": { "type": "string", "example": "2026-04-15T10:45:00Z" }, "scope": { "type": "string", "example": "openid profile email" }, "token_type": { "type": "string", "example": "access_token" }, "user_id": { "type": "string", "example": "usr_abc123" } } }, "dto.OAuthTokenListResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "items": { "description": "统一使用 items", "type": "array", "items": { "$ref": "#/definitions/dto.OAuthTokenItem" } }, "message": { "type": "string" }, "pagination": { "description": "分页信息(嵌套对象)", "allOf": [ { "$ref": "#/definitions/gitee_com_linmes_authms_base_dto.PageInfo" } ] }, "timestamp": { "type": "string" }, "total": { "description": "总条数(平铺,便于直接读取)", "type": "integer" } } }, "dto.OAuthTokenResponse": { "description": "OAuth令牌响应", "type": "object", "properties": { "access_token": { "description": "访问令牌", "type": "string", "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }, "authorization_details": { "description": "RAR授权详情", "type": "array", "items": { "$ref": "#/definitions/dto.AuthorizationDetailDTO" } }, "expires_in": { "description": "过期秒数", "type": "integer", "example": 3600 }, "id_token": { "description": "OIDC ID令牌", "type": "string", "example": "eyJhbGci..." }, "refresh_token": { "description": "刷新令牌", "type": "string", "example": "rt_abc123" }, "scope": { "description": "范围", "type": "string", "example": "openid profile email" }, "token_type": { "description": "令牌类型", "type": "string", "example": "Bearer" } } }, "dto.OIDCUserInfoResponse": { "type": "object", "properties": { "age_group": { "type": "string" }, "birthdate": { "type": "string", "example": "1990-01-15" }, "client_id": { "description": "Internal", "type": "string", "example": "app-123" }, "family_name": { "type": "string", "example": "Doe" }, "gender": { "type": "string", "example": "male" }, "given_name": { "type": "string", "example": "John" }, "is_minor": { "description": "Verification (age/minor status)", "type": "boolean" }, "locale": { "type": "string", "example": "en-US" }, "name": { "description": "OIDC Standard Claims(可选,scope=profile 时填充)", "type": "string", "example": "John Doe" }, "nickname": { "type": "string", "example": "Johnny" }, "picture": { "type": "string", "example": "https://cdn.example.com/avatars/usr_abc123.jpg" }, "preferred_username": { "type": "string", "example": "john" }, "scope": { "type": "string", "example": "openid profile" }, "sub": { "description": "用户ID(必填)", "type": "string", "example": "usr_abc123" }, "updated_at": { "type": "integer", "example": 1743728400 }, "website": { "type": "string", "example": "https://johndoe.com" }, "zoneinfo": { "type": "string", "example": "America/Los_Angeles" } } }, "dto.PushedAuthorizationRequest": { "description": "PAR请求参数", "type": "object", "required": [ "client_id", "redirect_uri", "response_type", "scope" ], "properties": { "authorization_details": { "description": "RAR授权详情", "type": "array", "items": { "$ref": "#/definitions/dto.AuthorizationDetailDTO" } }, "client_id": { "description": "客户端ID", "type": "string", "example": "app-123" }, "client_secret": { "description": "客户端密钥", "type": "string", "example": "secret_abc123" }, "code_challenge": { "description": "代码挑战", "type": "string", "example": "E9Melhoa2Ow..." }, "code_challenge_method": { "description": "挑战方法", "type": "string", "example": "S256" }, "nonce": { "description": "随机数", "type": "string", "example": "nonce-123" }, "redirect_uri": { "description": "回调URI", "type": "string", "example": "https://app.example.com/callback" }, "resources": { "description": "资源", "type": "array", "items": { "type": "string" } }, "response_type": { "description": "响应类型", "type": "string", "example": "code" }, "scope": { "description": "范围", "type": "string", "example": "openid profile" }, "state": { "description": "状态", "type": "string", "example": "state-123" } } }, "dto.PushedAuthorizationResponse": { "description": "PAR响应", "type": "object", "properties": { "expires_in": { "description": "过期秒数", "type": "integer", "example": 90 }, "request_uri": { "description": "请求URI", "type": "string", "example": "urn:example:request_uri:xxx" } } }, "dto.RevokeClientTokensDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.RevokeClientTokensResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.RevokeClientTokensResponse": { "description": "撤销客户端所有令牌的结果", "type": "object", "properties": { "grace_period": { "type": "integer", "example": 3600 }, "revoked_access_tokens": { "type": "integer", "example": 10 }, "revoked_refresh_tokens": { "type": "integer", "example": 5 } } }, "dto.RiskAssessmentResponse": { "description": "OAuth风险评估结果", "type": "object", "properties": { "assessment_id": { "description": "评估ID", "type": "string", "example": "risk_abc123" }, "recommended_actions": { "description": "建议操作", "type": "array", "items": { "type": "string" } }, "requires_step_up": { "description": "需要增强", "type": "boolean", "example": false }, "risk_indicators": { "description": "风险指标", "type": "array", "items": { "type": "string" } }, "risk_level": { "description": "风险等级", "type": "string", "example": "medium" }, "risk_score": { "description": "风险评分", "type": "integer", "example": 45 } } }, "dto.RotateSecretDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.RotateSecretResponse" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "dto.RotateSecretResponse": { "type": "object", "properties": { "client_id": { "type": "string" }, "new_secret": { "type": "string" }, "rotated_at": { "type": "string" } } }, "dto.TokenIntrospectionResponse": { "description": "令牌自检结果", "type": "object", "properties": { "active": { "description": "是否有效", "type": "boolean", "example": true }, "aud": { "description": "受众", "type": "string", "example": "auth-ms" }, "client_id": { "description": "客户端ID", "type": "string", "example": "app-123" }, "exp": { "description": "过期时间", "type": "integer", "example": 1713187200 }, "iat": { "description": "签发时间", "type": "integer", "example": 1713183600 }, "scope": { "description": "范围", "type": "string", "example": "openid profile" }, "sub": { "description": "用户ID", "type": "string", "example": "usr_abc123" }, "token_type": { "description": "令牌类型", "type": "string", "example": "Bearer" }, "username": { "description": "用户名", "type": "string", "example": "user@example.com" } } }, "dto.UpdateClientRequest": { "type": "object", "properties": { "client_auth_methods": { "type": "array", "items": { "type": "string" } }, "fapi_profile": { "type": "string" }, "grant_types": { "type": "array", "items": { "type": "string" } }, "is_confidential": { "type": "boolean" }, "jwks": { "type": "string" }, "jwks_uri": { "type": "string" }, "logo_url": { "type": "string" }, "name": { "type": "string" }, "privacy_policy": { "type": "string" }, "redirect_uris": { "type": "array", "items": { "type": "string" } }, "scopes": { "type": "array", "items": { "type": "string" } }, "status": { "type": "string" }, "terms_url": { "type": "string" }, "website": { "type": "string" } } }, "gitee_com_linmes_authms_base_dto.PageInfo": { "type": "object", "properties": { "has_next": { "description": "HasNext indicates whether there is a next page", "type": "boolean" }, "has_prev": { "description": "HasPrev indicates whether there is a previous page", "type": "boolean" }, "page": { "description": "Page is the current page number (1-based)", "type": "integer" }, "page_size": { "description": "PageSize is the number of items per page", "type": "integer" }, "total": { "description": "Total is the total number of items across all pages", "type": "integer" }, "total_pages": { "description": "TotalPages is the total number of pages", "type": "integer" } } }, "gitee_com_linmes_authms_base_dto.SimpleResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" }, "timestamp": { "type": "string" } } }, "handler.authorizeCodeResponse": { "type": "object", "properties": { "code": { "type": "string" }, "state": { "type": "string" } } }, "handler.swaggerBatchRevokeDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.BatchRevokeUserTokensResponse" }, "message": { "type": "string" } } }, "handler.swaggerInternalIntrospectDetailResponse": { "type": "object", "properties": { "code": { "type": "integer" }, "data": { "$ref": "#/definitions/dto.InternalIntrospectResponse" }, "message": { "type": "string" } } } }, "securityDefinitions": { "bearerAuth": { "description": "Type \"Bearer\" followed by a space and JWT token.", "type": "apiKey", "name": "Authorization", "in": "header" } }, "tags": [ { "description": "OAuth 2.0 / OIDC 标准接口:授权码、令牌、自省、撤销", "name": "OAuth" }, { "description": "OAuth 客户端注册、配置、密钥轮换", "name": "OAuth客户端管理" }, { "description": "OpenID Connect 相关接口:发现、用户信息、会话管理", "name": "OIDC" } ] }