Add security.oidc_authenticate specification

lcawl · lcawl · commit e7cb80ba0848 · 2024-12-31T12:19:00.000-08:00
diff --git a/specification/security/oidc_authenticate/Request.ts b/specification/security/oidc_authenticate/Request.ts
@@ -0,0 +1,53 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { RequestBase } from '@_types/Base'
+
+/**
+ * Authenticate OpenID Connect.
+ * Exchange an OpenID Connect authentication response message for an Elasticsearch internal access token and refresh token that can be subsequently used for authentication.
+ *
+ * Elasticsearch exposes all the necessary OpenID Connect related functionality via the OpenID Connect APIs.
+ * These APIs are used internally by Kibana in order to provide OpenID Connect based authentication, but can also be used by other, custom web applications or other clients.
+ * @rest_spec_name security.oidc_authenticate
+ * @availability stack stability=stable visibility=public
+ */
+export interface Request extends RequestBase {
+  body: {
+    /**
+     * Associate a client session with an ID token and mitigate replay attacks.
+     * This value needs to be the same as the one that was provided to the `/_security/oidc/prepare` API or the one that was generated by Elasticsearch and included in the response to that call.
+     */
+    nonce: string
+    /**
+     * The name of the OpenID Connect realm.
+     * This property is useful in cases where multiple realms are defined. */
+    realm?: string
+    /**
+     * The URL to which the OpenID Connect Provider redirected the User Agent in response to an authentication request after a successful authentication.
+     * This URL must be provided as-is (URL encoded), taken from the body of the response or as the value of a location header in the response from the OpenID Connect Provider.
+     */
+    redirect_uri: string
+    /**
+     * Maintain state between the authentication request and the response.
+     * This value needs to be the same as the one that was provided to the `/_security/oidc/prepare` API or the one that was generated by Elasticsearch and included in the response to that call.
+     */
+    state: string
+  }
+}
diff --git a/specification/security/oidc_authenticate/Response.ts b/specification/security/oidc_authenticate/Response.ts
@@ -0,0 +1,29 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { integer } from '@_types/Numeric'
+
+export class Response {
+  body: {
+    access_token: string
+    expires_in: integer
+    refresh_token: string
+    type: string
+  }
+}
