Skip to content

SAML 2.0 Bearer flow as alternative to Authorization Code flow#5412

Draft
HeikoTheissen wants to merge 2 commits into
OAI:v3.3-devfrom
HeikoTheissen:v3.3-dev
Draft

SAML 2.0 Bearer flow as alternative to Authorization Code flow#5412
HeikoTheissen wants to merge 2 commits into
OAI:v3.3-devfrom
HeikoTheissen:v3.3-dev

Conversation

@HeikoTheissen

Copy link
Copy Markdown

SAML 2.0 Bearer flow is an OAuth authentication flow with principal propagation which, unlike Authorization Code flow, does not prompt the user for consent. It is typically used for integration between business systems where trust has been set up centrally by administrators and individual users (employees) need not consent.

This pull request introduces SAML 2.0 Bearer flow as a new option into the OpenAPI Security Scheme Object.

  • schema changes are included in this pull request

Comment thread src/oas.md
| <a name="oauth-flow-authorization-url"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. |
| <a name="oauth-flow-device-authorization-url"></a>deviceAuthorizationUrl | `string` | `oauth2` (`"deviceAuthorization"`) | **REQUIRED**. The device authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. |
| <a name="oauth-flow-token-url"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. |
| <a name="oauth-flow-samlmetadata-url"></a>samlMetadataUrl | `string` | `oauth2` (`"saml2Bearer"`) | The metadata URL for the SAML entity that accepts the SAML assertion. This MUST be in the form of a URL. |

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to advertise this? Other meta-information (like where to register a new OAuth client) are not advertised here either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant