mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
da3ba59f7e
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Waiting to run
Web App CI / check-types (push) Waiting to run
Web App CI / test (push) Waiting to run
Web App CI / build (push) Waiting to run
445 lines
14 KiB
YAML
445 lines
14 KiB
YAML
/api/v4/oauth/apps:
|
|
post:
|
|
tags:
|
|
- OAuth
|
|
summary: Register OAuth app
|
|
description: >
|
|
Register an OAuth 2.0 client application with Mattermost as the service
|
|
provider.
|
|
|
|
##### Permissions
|
|
|
|
Must have `manage_oauth` permission.
|
|
operationId: CreateOAuthApp
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: object
|
|
required:
|
|
- name
|
|
- description
|
|
- callback_urls
|
|
- homepage
|
|
properties:
|
|
name:
|
|
type: string
|
|
description: The name of the client application
|
|
description:
|
|
type: string
|
|
description: A short description of the application
|
|
icon_url:
|
|
type: string
|
|
description: A URL to an icon to display with the application
|
|
callback_urls:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: A list of callback URLs for the appliation
|
|
homepage:
|
|
type: string
|
|
description: A link to the website of the application
|
|
is_trusted:
|
|
type: boolean
|
|
description: Set this to `true` to skip asking users for permission
|
|
is_public:
|
|
type: boolean
|
|
description: Set this to `true` to create a public client (no client secret). Public clients must use PKCE for authorization.
|
|
description: OAuth application to register
|
|
required: true
|
|
responses:
|
|
"201":
|
|
description: App registration successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/OAuthApp"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
get:
|
|
tags:
|
|
- OAuth
|
|
summary: Get OAuth apps
|
|
description: >
|
|
Get a page of OAuth 2.0 client applications registered with Mattermost.
|
|
|
|
##### Permissions
|
|
|
|
With `manage_oauth` permission, the apps registered by the logged in user are returned. With `manage_system_wide_oauth` permission, all apps regardless of creator are returned.
|
|
operationId: GetOAuthApps
|
|
parameters:
|
|
- name: page
|
|
in: query
|
|
description: The page to select.
|
|
schema:
|
|
type: integer
|
|
default: 0
|
|
- name: per_page
|
|
in: query
|
|
description: The number of apps per page.
|
|
schema:
|
|
type: integer
|
|
default: 60
|
|
responses:
|
|
"200":
|
|
description: OAuthApp list retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/OAuthApp"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
"/api/v4/oauth/apps/{app_id}":
|
|
get:
|
|
tags:
|
|
- OAuth
|
|
summary: Get an OAuth app
|
|
description: >
|
|
Get an OAuth 2.0 client application registered with Mattermost.
|
|
|
|
##### Permissions
|
|
|
|
If app creator, must have `mange_oauth` permission otherwise `manage_system_wide_oauth` permission is required.
|
|
operationId: GetOAuthApp
|
|
parameters:
|
|
- name: app_id
|
|
in: path
|
|
description: Application client id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: App retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/OAuthApp"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
put:
|
|
tags:
|
|
- OAuth
|
|
summary: Update an OAuth app
|
|
description: >
|
|
Update an OAuth 2.0 client application based on OAuth struct.
|
|
|
|
##### Permissions
|
|
|
|
If app creator, must have `mange_oauth` permission otherwise `manage_system_wide_oauth` permission is required.
|
|
operationId: UpdateOAuthApp
|
|
parameters:
|
|
- name: app_id
|
|
in: path
|
|
description: Application client id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: object
|
|
required:
|
|
- id
|
|
- name
|
|
- description
|
|
- callback_urls
|
|
- homepage
|
|
properties:
|
|
id:
|
|
type: string
|
|
description: The id of the client application
|
|
name:
|
|
type: string
|
|
description: The name of the client application
|
|
description:
|
|
type: string
|
|
description: A short description of the application
|
|
icon_url:
|
|
type: string
|
|
description: A URL to an icon to display with the application
|
|
callback_urls:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: A list of callback URLs for the appliation
|
|
homepage:
|
|
type: string
|
|
description: A link to the website of the application
|
|
is_trusted:
|
|
type: boolean
|
|
description: Set this to `true` to skip asking users for permission. It
|
|
will be set to false if value is not provided.
|
|
description: OAuth application to update
|
|
required: true
|
|
responses:
|
|
"200":
|
|
description: App update successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/OAuthApp"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
delete:
|
|
tags:
|
|
- OAuth
|
|
summary: Delete an OAuth app
|
|
description: >
|
|
Delete and unregister an OAuth 2.0 client application
|
|
|
|
##### Permissions
|
|
|
|
If app creator, must have `mange_oauth` permission otherwise `manage_system_wide_oauth` permission is required.
|
|
operationId: DeleteOAuthApp
|
|
parameters:
|
|
- name: app_id
|
|
in: path
|
|
description: Application client id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: App deletion successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
"/api/v4/oauth/apps/{app_id}/regen_secret":
|
|
post:
|
|
tags:
|
|
- OAuth
|
|
summary: Regenerate OAuth app secret
|
|
description: >
|
|
Regenerate the client secret for an OAuth 2.0 client application
|
|
registered with Mattermost.
|
|
|
|
##### Permissions
|
|
|
|
If app creator, must have `mange_oauth` permission otherwise `manage_system_wide_oauth` permission is required.
|
|
operationId: RegenerateOAuthAppSecret
|
|
parameters:
|
|
- name: app_id
|
|
in: path
|
|
description: Application client id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Secret regeneration successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/OAuthApp"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
"/api/v4/oauth/apps/{app_id}/info":
|
|
get:
|
|
tags:
|
|
- OAuth
|
|
summary: Get info on an OAuth app
|
|
description: >
|
|
Get public information about an OAuth 2.0 client application registered
|
|
with Mattermost. The application's client secret will be blanked out.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated.
|
|
operationId: GetOAuthAppInfo
|
|
parameters:
|
|
- name: app_id
|
|
in: path
|
|
description: Application client id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: App retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/OAuthApp"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
/.well-known/oauth-authorization-server:
|
|
get:
|
|
tags:
|
|
- OAuth
|
|
summary: Get OAuth 2.0 Authorization Server Metadata
|
|
description: >
|
|
Get the OAuth 2.0 Authorization Server Metadata as defined in RFC 8414.
|
|
This endpoint provides metadata about the OAuth 2.0 authorization server's
|
|
configuration, including supported endpoints, grant types, response types,
|
|
and authentication methods.
|
|
|
|
##### Permissions
|
|
|
|
No authentication required. This endpoint is publicly accessible to allow
|
|
OAuth clients to discover the authorization server's configuration.
|
|
|
|
##### Notes
|
|
|
|
- This endpoint implements RFC 8414 (OAuth 2.0 Authorization Server Metadata)
|
|
- The metadata is dynamically generated based on the server's configuration
|
|
- OAuth Service Provider must be enabled in system settings for this endpoint to be available
|
|
operationId: GetAuthorizationServerMetadata
|
|
responses:
|
|
"200":
|
|
description: Metadata retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/AuthorizationServerMetadata"
|
|
"501":
|
|
description: OAuth Service Provider is not enabled
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/AppError"
|
|
/api/v4/oauth/apps/register:
|
|
post:
|
|
tags:
|
|
- OAuth
|
|
summary: Register OAuth client using Dynamic Client Registration
|
|
description: >
|
|
Register an OAuth 2.0 client application using Dynamic Client Registration (DCR)
|
|
as defined in RFC 7591. This endpoint allows clients to register without requiring
|
|
administrative approval.
|
|
|
|
##### Permissions
|
|
|
|
No authentication required. This endpoint implements the OAuth 2.0 Dynamic Client
|
|
Registration Protocol and can be called by unauthenticated clients.
|
|
|
|
##### Notes
|
|
|
|
- This endpoint follows RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol)
|
|
- The `client_uri` field, when provided, will be mapped to the OAuth app's homepage
|
|
- All registered clients are marked as dynamically registered
|
|
- Dynamic client registration must be enabled in system settings
|
|
operationId: RegisterOAuthClient
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/ClientRegistrationRequest"
|
|
description: OAuth client registration request
|
|
required: true
|
|
responses:
|
|
"201":
|
|
description: Client registration successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/ClientRegistrationResponse"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|
|
"/api/v4/users/{user_id}/oauth/apps/authorized":
|
|
get:
|
|
tags:
|
|
- OAuth
|
|
summary: Get authorized OAuth apps
|
|
description: >
|
|
Get a page of OAuth 2.0 client applications authorized to access a
|
|
user's account.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated as the user or have `edit_other_users` permission.
|
|
operationId: GetAuthorizedOAuthAppsForUser
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
description: User GUID
|
|
required: true
|
|
schema:
|
|
type: string
|
|
- name: page
|
|
in: query
|
|
description: The page to select.
|
|
schema:
|
|
type: integer
|
|
default: 0
|
|
- name: per_page
|
|
in: query
|
|
description: The number of apps per page.
|
|
schema:
|
|
type: integer
|
|
default: 60
|
|
responses:
|
|
"200":
|
|
description: OAuthApp list retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/OAuthApp"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"501":
|
|
$ref: "#/components/responses/NotImplemented"
|