From 3f1358efa76a4d89bb9c2269cba01a8356d2295f Mon Sep 17 00:00:00 2001 From: Jin Bal Date: Wed, 12 Apr 2023 18:04:57 +0100 Subject: [PATCH 1/2] GG-7031 added open api spec files --- public/api/conf/1.0/application.yaml | 320 ++++++++++++++++++++++++ public/api/conf/1.0/common/overview.md | 1 + public/api/conf/1.1/application.yaml | 332 +++++++++++++++++++++++++ public/api/conf/1.1/common/overview.md | 1 + 4 files changed, 654 insertions(+) create mode 100644 public/api/conf/1.0/application.yaml create mode 100644 public/api/conf/1.0/common/overview.md create mode 100644 public/api/conf/1.1/application.yaml create mode 100644 public/api/conf/1.1/common/overview.md diff --git a/public/api/conf/1.0/application.yaml b/public/api/conf/1.0/application.yaml new file mode 100644 index 0000000..4c671e5 --- /dev/null +++ b/public/api/conf/1.0/application.yaml @@ -0,0 +1,320 @@ +openapi: 3.0.0 +info: + title: User Information + description: >- + Access to user information is controlled through scopes. Each access token (OAuth 2.0 Bearer Token) is associated with a set of scopes at login. When a request is made for user information, only information belonging to the provided scopes is returned. The information is returned in the form of claims, which sometimes are simple fields and sometimes objects that contain further fields. + Here is a list of supported scopes and the claims they contain. The details of each claim, including any contained fields, is documented further down. + * 'profile': given_name, middle_name, family_name, birthdate + * 'address': address + * 'email': email + * 'openid:hmrc-enrolments': hmrc_enrolments + * 'openid:government-gateway': government_gateway + * 'openid:mdtp': mdtp + * 'openid:gov-uk-identifiers': uk_gov_nino + contact: {} + version: '1.0' +servers: +- url: https://api.service.hmrc.gov.uk/ + variables: {} +paths: + /userinfo/: + get: + tags: + - userinfo + summary: Get user information + description: Retrieves OpenID Connect compliant information about the signed-in user + operationId: Getuserinformation + parameters: [] + responses: + '200': + description: '' + headers: {} + content: + application/json: + schema: + allOf: + - $ref: '#/components/schemas/Userinforesponse' + - example: + given_name: John + family_name: Smith + middle_name: Scott + address: + formatted: >- + 221B Baker Street + + London + + NW1 9NT + + Great Britain + postal_code: NW1 9NT + country: Great Britain + country_code: GB + email: John.Smith@abc.uk + birthdate: 1950-01-01 + uk_gov_nino: AA000003D + hmrc_enrolments: + - key: IR-SA + identifiers: + - key: UTR + value: '174371121' + state: activated + government_gateway: + user_id: '019283' + roles: + - User + affinity_group: Individual + user_name: John + agent_code: 123456-abc + agent_friendly_name: AC Accounting + agent_id: AC + gateway_token: token-value-1234 + unread_message_count: 0 + mdtp: + device_id: device_id-12345 + session_id: session_id_123455 + examples: + example-1: + value: + given_name: John + family_name: Smith + middle_name: Scott + address: + formatted: >- + 221B Baker Street + + London + + NW1 9NT + + Great Britain + postal_code: NW1 9NT + country: Great Britain + country_code: GB + email: John.Smith@abc.uk + birthdate: 1950-01-01 + uk_gov_nino: AA000003D + hmrc_enrolments: + - key: IR-SA + identifiers: + - key: UTR + value: '174371121' + state: activated + government_gateway: + user_id: '019283' + roles: + - User + affinity_group: Individual + user_name: John + agent_code: 123456-abc + agent_friendly_name: AC Accounting + agent_id: AC + gateway_token: token-value-1234 + unread_message_count: 0 + mdtp: + device_id: device_id-12345 + session_id: session_id_123455 + '403': + description: '' + headers: {} + content: + application/json: + schema: + allOf: + - $ref: '#/components/schemas/errorResponse' + - example: + code: FORBIDDEN + examples: + BadRequest: + description: Forbidden operation + value: + code: FORBIDDEN + deprecated: false +components: + schemas: + errorResponse: + title: errorResponse + required: + - code + type: object + properties: + code: + type: string + Address: + title: Address + type: object + properties: + formatted: + type: string + description: End-user's mailing address, formatted for display or use on a mailing label. + example: >- + 221B Baker Street + + London + + NW1 9NT + + Great Britain + postal_code: + type: string + description: End-user's Zip code or postal code. + example: NW1 9NT + country: + type: string + description: End-user's country name. + example: Great Britain + country_code: + type: string + description: ISO 3166 Alpha-2-code of a given country + example: GB + GovernmentGateway: + title: GovernmentGateway + type: object + properties: + user_id: + type: string + description: Cred id + example: '1012345' + roles: + type: array + items: + type: string + description: List of user's roles + user_name: + type: string + description: Government Gateway user name + example: Bob + affinity_group: + type: string + description: User affinity group + example: Individual + agent_code: + type: string + description: Agent code + example: 123456-abc + agent_friendly_name: + type: string + description: Agent friendly name + example: AC Accounting + agent_id: + type: string + description: Agent id + example: AC + gateway_token: + type: string + description: Government gateway token + example: '123456789' + unread_message_count: + type: integer + description: Unread message count + format: int32 + example: 234 + description: Legacy properties based on government gateway input. + HmrcEnrolment: + title: HmrcEnrolment + required: + - key + - identifiers + - state + type: object + properties: + key: + type: string + description: HMRC service name. + example: IR-SA + identifiers: + type: array + items: + $ref: '#/components/schemas/Identifier' + description: End-user's identifiers associated to this HMRC service. + example: + - key: UTR + value: '174371121' + state: + allOf: + - $ref: '#/components/schemas/State' + - description: End-user's HMRC enrolment status. + Identifier: + title: Identifier + required: + - key + - value + type: object + properties: + key: + type: string + example: UTR + value: + type: string + example: '174371121' + Mdtp: + title: Mdtp + type: object + properties: + device_id: + type: string + description: Device id + example: '3012345' + session_id: + type: string + description: Session id + example: '2012345' + description: Mdtp information based on government gateway input + State: + title: State + enum: + - awaitingActivation + - activated + - Active + - Activated + - pending + - givenToAgent + type: string + description: End-user's HMRC enrolment status. + Userinforesponse: + title: Userinforesponse + type: object + properties: + given_name: + type: string + description: End-user's first name. + example: Thomas + middle_name: + type: string + description: End user's middle name. + example: A. + family_name: + type: string + description: End-user's last name. + example: Delgado + email: + type: string + description: User email + example: Cling.Eastwood@wildwest.com + birthdate: + type: string + description: End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. + example: 1996-08-10 + uk_gov_nino: + type: string + description: End-User's National Insurance Number. + example: AA000003D + address: + $ref: '#/components/schemas/Address' + hmrc_enrolments: + type: array + items: + $ref: '#/components/schemas/HmrcEnrolment' + description: End-user's HMRC enrolments. + mdtp: + allOf: + - $ref: '#/components/schemas/Mdtp' + - description: Mdtp information based on government gateway input + government_gateway: + allOf: + - $ref: '#/components/schemas/GovernmentGateway' + - description: Legacy properties based on government gateway input. + description: User Info +tags: +- name: userinfo + description: '' diff --git a/public/api/conf/1.0/common/overview.md b/public/api/conf/1.0/common/overview.md new file mode 100644 index 0000000..01f707e --- /dev/null +++ b/public/api/conf/1.0/common/overview.md @@ -0,0 +1 @@ +The User Information API provides information about the signed-in user, in an OpenID Connect compliant format. diff --git a/public/api/conf/1.1/application.yaml b/public/api/conf/1.1/application.yaml new file mode 100644 index 0000000..ef6ed93 --- /dev/null +++ b/public/api/conf/1.1/application.yaml @@ -0,0 +1,332 @@ +openapi: 3.0.0 +info: + title: User Information + description: >- + Access to user information is controlled through scopes. Each access token (OAuth 2.0 Bearer Token) is associated with a set of scopes at login. When a request is made for user information, only information belonging to the provided scopes is returned. The information is returned in the form of claims, which sometimes are simple fields and sometimes objects that contain further fields. + Here is a list of supported scopes and the claims they contain. The details of each claim, including any contained fields, is documented further down. + * 'profile': given_name, middle_name, family_name, birthdate + * 'address': address + * 'email': email + * 'openid:hmrc-enrolments': hmrc_enrolments + * 'openid:government-gateway': government_gateway + * 'openid:mdtp': mdtp + * 'openid:gov-uk-identifiers': uk_gov_nino + contact: {} + version: '1.1' +servers: +- url: https://api.service.hmrc.gov.uk/ + variables: {} +paths: + /userinfo/: + get: + tags: + - userinfo + summary: Get user information + description: Retrieves OpenID Connect compliant information about the signed-in user + operationId: Getuserinformation + parameters: [] + responses: + '200': + description: '' + headers: {} + content: + application/json: + schema: + allOf: + - $ref: '#/components/schemas/Userinforesponse' + - example: + given_name: John + family_name: Smith + middle_name: Scott + address: + formatted: >- + 221B Baker Street + + London + + NW1 9NT + + Great Britain + postal_code: NW1 9NT + country: Great Britain + country_code: GB + email: John.Smith@abc.uk + birthdate: 1950-01-01 + uk_gov_nino: AA000003D + hmrc_enrolments: + - key: IR-SA + identifiers: + - key: UTR + value: '174371121' + state: activated + government_gateway: + user_id: '019283' + roles: + - User + affinity_group: Individual + user_name: John + agent_code: 123456-abc + agent_friendly_name: AC Accounting + agent_id: AC + gateway_token: token-value-1234 + unread_message_count: 0 + profile_uri: https://www.ete.tax.service.gov.uk/manage/user/0001111 + group_profile_uri: https://www.ete.tax.service.gov.uk/manage/group/1110000 + mdtp: + device_id: device_id-12345 + session_id: session_id_123455 + examples: + example-1: + value: + given_name: John + family_name: Smith + middle_name: Scott + address: + formatted: >- + 221B Baker Street + + London + + NW1 9NT + + Great Britain + postal_code: NW1 9NT + country: Great Britain + country_code: GB + email: John.Smith@abc.uk + birthdate: 1950-01-01 + uk_gov_nino: AA000003D + hmrc_enrolments: + - key: IR-SA + identifiers: + - key: UTR + value: '174371121' + state: activated + government_gateway: + user_id: '019283' + roles: + - User + affinity_group: Individual + user_name: John + agent_code: 123456-abc + agent_friendly_name: AC Accounting + agent_id: AC + gateway_token: token-value-1234 + unread_message_count: 0 + profile_uri: https://www.ete.tax.service.gov.uk/manage/user/0001111 + group_profile_uri: https://www.ete.tax.service.gov.uk/manage/group/1110000 + mdtp: + device_id: device_id-12345 + session_id: session_id_123455 + '403': + description: '' + headers: {} + content: + application/json: + schema: + allOf: + - $ref: '#/components/schemas/errorResponse' + - example: + code: FORBIDDEN + examples: + BadRequest: + description: Forbidden operation + value: + code: FORBIDDEN + deprecated: false +components: + schemas: + errorResponse: + title: errorResponse + required: + - code + type: object + properties: + code: + type: string + Address: + title: Address + type: object + properties: + formatted: + type: string + description: End-user's mailing address, formatted for display or use on a mailing label. + example: >- + 221B Baker Street + + London + + NW1 9NT + + Great Britain + postal_code: + type: string + description: End-user's Zip code or postal code. + example: NW1 9NT + country: + type: string + description: End-user's country name. + example: Great Britain + country_code: + type: string + description: ISO 3166 Alpha-2-code of a given country + example: GB + GovernmentGateway: + title: GovernmentGateway + type: object + properties: + user_id: + type: string + description: Cred id + example: '1012345' + roles: + type: array + items: + type: string + description: List of user's roles + user_name: + type: string + description: Government Gateway user name + example: Bob + affinity_group: + type: string + description: User affinity group + example: Individual + agent_code: + type: string + description: Agent code + example: 123456-abc + agent_friendly_name: + type: string + description: Agent friendly name + example: AC Accounting + agent_id: + type: string + description: Agent id + example: AC + gateway_token: + type: string + description: Government gateway token + example: '123456789' + unread_message_count: + type: integer + description: Unread message count + format: int32 + example: 234 + profile_uri: + type: string + description: The manage user details for the current user + example: https://www.ete.tax.service.gov.uk/manage/user/0001111 + group_profile_uri: + type: string + description: The manage group details for the current user + example: https://www.ete.tax.service.gov.uk/manage/group/1110000 + description: Legacy properties based on government gateway input. + HmrcEnrolment: + title: HmrcEnrolment + required: + - key + - identifiers + - state + type: object + properties: + key: + type: string + description: HMRC service name. + example: IR-SA + identifiers: + type: array + items: + $ref: '#/components/schemas/Identifier' + description: End-user's identifiers associated to this HMRC service. + example: + - key: UTR + value: '174371121' + state: + allOf: + - $ref: '#/components/schemas/State' + - description: End-user's HMRC enrolment status. + Identifier: + title: Identifier + required: + - key + - value + type: object + properties: + key: + type: string + example: UTR + value: + type: string + example: '174371121' + Mdtp: + title: Mdtp + type: object + properties: + device_id: + type: string + description: Device id + example: '3012345' + session_id: + type: string + description: Session id + example: '2012345' + description: Mdtp information based on government gateway input + State: + title: State + enum: + - awaitingActivation + - activated + - Active + - Activated + - pending + - givenToAgent + type: string + description: End-user's HMRC enrolment status. + Userinforesponse: + title: Userinforesponse + type: object + properties: + given_name: + type: string + description: End-user's first name. + example: Thomas + middle_name: + type: string + description: End user's middle name. + example: A. + family_name: + type: string + description: End-user's last name. + example: Delgado + email: + type: string + description: User email + example: Cling.Eastwood@wildwest.com + birthdate: + type: string + description: End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. + example: 1996-08-10 + uk_gov_nino: + type: string + description: End-User's National Insurance Number. + example: AA000003D + address: + $ref: '#/components/schemas/Address' + hmrc_enrolments: + type: array + items: + $ref: '#/components/schemas/HmrcEnrolment' + description: End-user's HMRC enrolments. + mdtp: + allOf: + - $ref: '#/components/schemas/Mdtp' + - description: Mdtp information based on government gateway input + government_gateway: + allOf: + - $ref: '#/components/schemas/GovernmentGateway' + - description: Legacy properties based on government gateway input. + description: User Info +tags: +- name: userinfo + description: '' diff --git a/public/api/conf/1.1/common/overview.md b/public/api/conf/1.1/common/overview.md new file mode 100644 index 0000000..01f707e --- /dev/null +++ b/public/api/conf/1.1/common/overview.md @@ -0,0 +1 @@ +The User Information API provides information about the signed-in user, in an OpenID Connect compliant format. From d74e970c5f5550bf528f373bd673eddc210e1aa6 Mon Sep 17 00:00:00 2001 From: Jin Bal Date: Mon, 17 Apr 2023 12:28:45 +0100 Subject: [PATCH 2/2] GG-7031 added security scopes --- public/api/conf/1.0/application.yaml | 36 ++++++++++++++---- public/api/conf/1.0/docs/scopes.md | 2 +- public/api/conf/1.1/application.yaml | 39 +++++++++++++++----- public/api/conf/1.1/common/overview.md | 1 - public/api/conf/{1.0 => }/common/overview.md | 0 5 files changed, 59 insertions(+), 19 deletions(-) delete mode 100644 public/api/conf/1.1/common/overview.md rename public/api/conf/{1.0 => }/common/overview.md (100%) diff --git a/public/api/conf/1.0/application.yaml b/public/api/conf/1.0/application.yaml index 4c671e5..8b727b5 100644 --- a/public/api/conf/1.0/application.yaml +++ b/public/api/conf/1.0/application.yaml @@ -1,4 +1,4 @@ -openapi: 3.0.0 +openapi: 3.0.3 info: title: User Information description: >- @@ -16,6 +16,15 @@ info: servers: - url: https://api.service.hmrc.gov.uk/ variables: {} +security: + - userRestricted: + - "profile" + - "address" + - "email" + - "openid:hmrc-enrolments" + - "openid:government-gateway" + - "openid:mdtp" + - "openid:gov-uk-identifiers" paths: /userinfo/: get: @@ -41,11 +50,8 @@ paths: address: formatted: >- 221B Baker Street - London - NW1 9NT - Great Britain postal_code: NW1 9NT country: Great Britain @@ -82,11 +88,8 @@ paths: address: formatted: >- 221B Baker Street - London - NW1 9NT - Great Britain postal_code: NW1 9NT country: Great Britain @@ -315,6 +318,25 @@ components: - $ref: '#/components/schemas/GovernmentGateway' - description: Legacy properties based on government gateway input. description: User Info + securitySchemes: + userRestricted: + type: oauth2 + description: | + HMRC supports OAuth 2.0 for authenticating user restricted API requests using an OAuth 2.0 Bearer Token in the AUTHORIZATION header. + See https://developer.service.hmrc.gov.uk/api-documentation/docs/authorisation/user-restricted-endpoints for details. + flows: + authorizationCode: + authorizationUrl: https://api.service.hmrc.gov.uk/oauth/authorize + tokenUrl: https://api.service.hmrc.gov.uk/oauth/token + refreshUrl: https://api.service.hmrc.gov.uk/oauth/refresh + scopes: + "profile": given_name, middle_name, family_name + "address": address + "email": email + "openid:hmrc-enrolments": hmrc_enrolments + "openid:government-gateway": government_gateway + "openid:mdtp": mdtp + "openid:gov-uk-identifiers": uk_gov_nino tags: - name: userinfo description: '' diff --git a/public/api/conf/1.0/docs/scopes.md b/public/api/conf/1.0/docs/scopes.md index e407ac2..f5c23d6 100644 --- a/public/api/conf/1.0/docs/scopes.md +++ b/public/api/conf/1.0/docs/scopes.md @@ -2,7 +2,7 @@ Access to user information is controlled through scopes. Each access token (OAut Here is a list of supported scopes and the claims they contain. The details of each claim, including any contained fields, is documented further down. -* 'profile': given_name, middle_name, familiy_name, birthdate +* 'profile': given_name, middle_name, family_name, birthdate * 'address': address * 'email': email * 'openid:hmrc-enrolments': hmrc_enrolments diff --git a/public/api/conf/1.1/application.yaml b/public/api/conf/1.1/application.yaml index ef6ed93..8a6920a 100644 --- a/public/api/conf/1.1/application.yaml +++ b/public/api/conf/1.1/application.yaml @@ -1,4 +1,4 @@ -openapi: 3.0.0 +openapi: 3.0.3 info: title: User Information description: >- @@ -16,6 +16,15 @@ info: servers: - url: https://api.service.hmrc.gov.uk/ variables: {} +security: + - userRestricted: + - "profile" + - "address" + - "email" + - "openid:hmrc-enrolments" + - "openid:government-gateway" + - "openid:mdtp" + - "openid:gov-uk-identifiers" paths: /userinfo/: get: @@ -41,11 +50,8 @@ paths: address: formatted: >- 221B Baker Street - London - NW1 9NT - Great Britain postal_code: NW1 9NT country: Great Britain @@ -84,11 +90,8 @@ paths: address: formatted: >- 221B Baker Street - London - NW1 9NT - Great Britain postal_code: NW1 9NT country: Great Britain @@ -153,11 +156,8 @@ components: description: End-user's mailing address, formatted for display or use on a mailing label. example: >- 221B Baker Street - London - NW1 9NT - Great Britain postal_code: type: string @@ -327,6 +327,25 @@ components: - $ref: '#/components/schemas/GovernmentGateway' - description: Legacy properties based on government gateway input. description: User Info + securitySchemes: + userRestricted: + type: oauth2 + description: | + HMRC supports OAuth 2.0 for authenticating user restricted API requests using an OAuth 2.0 Bearer Token in the AUTHORIZATION header. + See https://developer.service.hmrc.gov.uk/api-documentation/docs/authorisation/user-restricted-endpoints for details. + flows: + authorizationCode: + authorizationUrl: https://api.service.hmrc.gov.uk/oauth/authorize + tokenUrl: https://api.service.hmrc.gov.uk/oauth/token + refreshUrl: https://api.service.hmrc.gov.uk/oauth/refresh + scopes: + "profile": given_name, middle_name, family_name + "address": address + "email": email + "openid:hmrc-enrolments": hmrc_enrolments + "openid:government-gateway": government_gateway + "openid:mdtp": mdtp + "openid:gov-uk-identifiers": uk_gov_nino tags: - name: userinfo description: '' diff --git a/public/api/conf/1.1/common/overview.md b/public/api/conf/1.1/common/overview.md deleted file mode 100644 index 01f707e..0000000 --- a/public/api/conf/1.1/common/overview.md +++ /dev/null @@ -1 +0,0 @@ -The User Information API provides information about the signed-in user, in an OpenID Connect compliant format. diff --git a/public/api/conf/1.0/common/overview.md b/public/api/conf/common/overview.md similarity index 100% rename from public/api/conf/1.0/common/overview.md rename to public/api/conf/common/overview.md