Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GG-7031 added open api spec files #87

Merged
merged 2 commits into from
Apr 20, 2023
Merged

GG-7031 added open api spec files #87

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3f1358e
GG-7031 added open api spec files
jinbal-hmrc Apr 12, 2023
d74e970
GG-7031 added security scopes
jinbal-hmrc Apr 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
342 changes: 342 additions & 0 deletions public/api/conf/1.0/application.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,342 @@
openapi: 3.0.3
info:
title: User Information
description: >-
Access to user information is controlled through scopes. Each access token (OAuth 2.0 Bearer Token) is associated with a set of scopes at login. When a request is made for user information, only information belonging to the provided scopes is returned. The information is returned in the form of claims, which sometimes are simple fields and sometimes objects that contain further fields.
Here is a list of supported scopes and the claims they contain. The details of each claim, including any contained fields, is documented further down.
* 'profile': given_name, middle_name, family_name, birthdate
* 'address': address
* 'email': email
* 'openid:hmrc-enrolments': hmrc_enrolments
* 'openid:government-gateway': government_gateway
* 'openid:mdtp': mdtp
* 'openid:gov-uk-identifiers': uk_gov_nino
contact: {}
version: '1.0'
servers:
- url: https://api.service.hmrc.gov.uk/
variables: {}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At root level, we need to insert a securitySchemes property as per this example: https://github.com/hmrc/open-api-example-microservice/blob/main/resources/public/api/conf/1.0/application.yaml#L42.

Ensure the scopes match those provided in the API definition: https://github.com/hmrc/openid-connect-userinfo/blob/main/app/views/definition.scala.txt.

Finally, each endpoint needs a security property declaring to which scopes it is restricted, as shown on these lines:

You may need to refer to the RAML or consult someone familiar with this service to determine what those restrictions are.

security:
- userRestricted:
- "profile"
- "address"
- "email"
- "openid:hmrc-enrolments"
- "openid:government-gateway"
- "openid:mdtp"
- "openid:gov-uk-identifiers"
paths:
/userinfo/:
get:
tags:
- userinfo
summary: Get user information
description: Retrieves OpenID Connect compliant information about the signed-in user
operationId: Getuserinformation
parameters: []
responses:
'200':
description: ''
headers: {}
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/Userinforesponse'
- example:
given_name: John
family_name: Smith
middle_name: Scott
address:
formatted: >-
221B Baker Street
London
NW1 9NT
Great Britain
postal_code: NW1 9NT
country: Great Britain
country_code: GB
email: John.Smith@abc.uk
birthdate: 1950-01-01
uk_gov_nino: AA000003D
hmrc_enrolments:
- key: IR-SA
identifiers:
- key: UTR
value: '174371121'
state: activated
government_gateway:
user_id: '019283'
roles:
- User
affinity_group: Individual
user_name: John
agent_code: 123456-abc
agent_friendly_name: AC Accounting
agent_id: AC
gateway_token: token-value-1234
unread_message_count: 0
mdtp:
device_id: device_id-12345
session_id: session_id_123455
examples:
example-1:
value:
given_name: John
family_name: Smith
middle_name: Scott
address:
formatted: >-
221B Baker Street
London
NW1 9NT
Great Britain
postal_code: NW1 9NT
country: Great Britain
country_code: GB
email: John.Smith@abc.uk
birthdate: 1950-01-01
uk_gov_nino: AA000003D
hmrc_enrolments:
- key: IR-SA
identifiers:
- key: UTR
value: '174371121'
state: activated
government_gateway:
user_id: '019283'
roles:
- User
affinity_group: Individual
user_name: John
agent_code: 123456-abc
agent_friendly_name: AC Accounting
agent_id: AC
gateway_token: token-value-1234
unread_message_count: 0
mdtp:
device_id: device_id-12345
session_id: session_id_123455
'403':
description: ''
headers: {}
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/errorResponse'
- example:
code: FORBIDDEN
examples:
BadRequest:
description: Forbidden operation
value:
code: FORBIDDEN
deprecated: false
components:
schemas:
errorResponse:
title: errorResponse
required:
- code
type: object
properties:
code:
type: string
Address:
title: Address
type: object
properties:
formatted:
type: string
description: End-user's mailing address, formatted for display or use on a mailing label.
example: >-
221B Baker Street

London

NW1 9NT

Great Britain
postal_code:
type: string
description: End-user's Zip code or postal code.
example: NW1 9NT
country:
type: string
description: End-user's country name.
example: Great Britain
country_code:
type: string
description: ISO 3166 Alpha-2-code of a given country
example: GB
GovernmentGateway:
title: GovernmentGateway
type: object
properties:
user_id:
type: string
description: Cred id
example: '1012345'
roles:
type: array
items:
type: string
description: List of user's roles
user_name:
type: string
description: Government Gateway user name
example: Bob
affinity_group:
type: string
description: User affinity group
example: Individual
agent_code:
type: string
description: Agent code
example: 123456-abc
agent_friendly_name:
type: string
description: Agent friendly name
example: AC Accounting
agent_id:
type: string
description: Agent id
example: AC
gateway_token:
type: string
description: Government gateway token
example: '123456789'
unread_message_count:
type: integer
description: Unread message count
format: int32
example: 234
description: Legacy properties based on government gateway input.
HmrcEnrolment:
title: HmrcEnrolment
required:
- key
- identifiers
- state
type: object
properties:
key:
type: string
description: HMRC service name.
example: IR-SA
identifiers:
type: array
items:
$ref: '#/components/schemas/Identifier'
description: End-user's identifiers associated to this HMRC service.
example:
- key: UTR
value: '174371121'
state:
allOf:
- $ref: '#/components/schemas/State'
- description: End-user's HMRC enrolment status.
Identifier:
title: Identifier
required:
- key
- value
type: object
properties:
key:
type: string
example: UTR
value:
type: string
example: '174371121'
Mdtp:
title: Mdtp
type: object
properties:
device_id:
type: string
description: Device id
example: '3012345'
session_id:
type: string
description: Session id
example: '2012345'
description: Mdtp information based on government gateway input
State:
title: State
enum:
- awaitingActivation
- activated
- Active
- Activated
- pending
- givenToAgent
type: string
description: End-user's HMRC enrolment status.
Userinforesponse:
title: Userinforesponse
type: object
properties:
given_name:
type: string
description: End-user's first name.
example: Thomas
middle_name:
type: string
description: End user's middle name.
example: A.
family_name:
type: string
description: End-user's last name.
example: Delgado
email:
type: string
description: User email
example: Cling.Eastwood@wildwest.com
birthdate:
type: string
description: End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format.
example: 1996-08-10
uk_gov_nino:
type: string
description: End-User's National Insurance Number.
example: AA000003D
address:
$ref: '#/components/schemas/Address'
hmrc_enrolments:
type: array
items:
$ref: '#/components/schemas/HmrcEnrolment'
description: End-user's HMRC enrolments.
mdtp:
allOf:
- $ref: '#/components/schemas/Mdtp'
- description: Mdtp information based on government gateway input
government_gateway:
allOf:
- $ref: '#/components/schemas/GovernmentGateway'
- description: Legacy properties based on government gateway input.
description: User Info
securitySchemes:
userRestricted:
type: oauth2
description: |
HMRC supports OAuth 2.0 for authenticating user restricted API requests using an OAuth 2.0 Bearer Token in the AUTHORIZATION header.
See https://developer.service.hmrc.gov.uk/api-documentation/docs/authorisation/user-restricted-endpoints for details.
flows:
authorizationCode:
authorizationUrl: https://api.service.hmrc.gov.uk/oauth/authorize
tokenUrl: https://api.service.hmrc.gov.uk/oauth/token
refreshUrl: https://api.service.hmrc.gov.uk/oauth/refresh
scopes:
"profile": given_name, middle_name, family_name
"address": address
"email": email
"openid:hmrc-enrolments": hmrc_enrolments
"openid:government-gateway": government_gateway
"openid:mdtp": mdtp
"openid:gov-uk-identifiers": uk_gov_nino
tags:
- name: userinfo
description: ''
2 changes: 1 addition & 1 deletion public/api/conf/1.0/docs/scopes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Access to user information is controlled through scopes. Each access token (OAut

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scopes.md can be deleted. All its content is included in the OAS YAML info.description property.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was planning to delete all the legacy docs/files in a separate PR once its been validated

Here is a list of supported scopes and the claims they contain. The details of each claim, including any contained fields, is documented further down.

* 'profile': given_name, middle_name, familiy_name, birthdate
* 'profile': given_name, middle_name, family_name, birthdate
* 'address': address
* 'email': email
* 'openid:hmrc-enrolments': hmrc_enrolments
Expand Down
Loading