{"note":"OpenAPI conversion -- returning structured metadata","name":"authentiq-io","description":"Authentiq Connect API","version":"1.0","base_url":"https://connect.authentiq.io/","endpoints":9,"raw":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Authentiq Connect API\n@base https://connect.authentiq.io/\n@version 1.0\n@auth OAuth2 | ApiKey Authorization in header | OAuth2 | OAuth2 | OAuth2\n@endpoints 9\n@toc authorize(1), token(1), userinfo(1), client(5), {client_id}(1)\n\n@group authorize\n@endpoint GET /authorize\n@desc Authenticate a user\n@required {client_id: any # A client ID obtained from the [Dashboard](https://dashboard.authentiq.com/)., response_type: any # The OIDC response type to use for this authentication flow. Valid choices are `code`, `id_token`, `token`, `token id_token`, `code id_token` `code token` and `code token id_token`, but a client can be configured with a more restricted set., scope: any # The space-separated identity claims to request from the end-user. Always include `openid` as a scope for compatibility with OIDC., redirect_uri: any # The location to redirect to after (un)successful authentication. See OIDC for the parameters passed in the query string (`response_mode=query`) or as fragments (`response_mode=fragment`). Unless the client is in test-mode this must be one of the registered redirect URLs., state: any # An opaque string that will be passed back to the redirect URL and therefore can be used to communicate client side state and prevent CSRF attacks.}\n@optional {response_mode: any # Whether to append parameters to the redirect URL in the query string (`query`) or as fragments (`fragment`). This option usually has a sensible default for each of the response types., nonce: any # An nonce provided by the client (and opaque to Authentiq Connect) that will be included in any ID Token generated for this session. Clients should use the nonce to mitigate replay attacks., display: any # The authentication display mode, which can be one of `page`, `popup` or `modal`. Defaults to `page`., prompt: any # Space-delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The supported values are: `none`, `login`, `consent`. If `consent` the end-user is asked to (re)confirm what claims they share. Use `none` to check for an active session., max_age: any # Specifies the allowable elapsed time in seconds since the last time the end-user was actively authenticated., ui_locales: any # Specifies the preferred language to use on the authorization page, as a space-separated list of BCP47 language tags. Ignored at the moment.}\n@errors {302: A successful or erroneous authentication response., 303: *Sign in with Authentiq* page, popup or modal.}\n\n@endgroup\n\n@group token\n@endpoint POST /token\n@desc Obtain an ID Token\n@required {client_id: any # The registered client ID., client_secret: any # The registered client ID secret., grant_type: any # The authorization grant type, must be `authorization_code`., code: any # The authorization code previously obtained from the Authentication endpoint., redirect_uri: any # The redirect URL that was used previously with the Authentication endpoint.}\n@optional {Authorization: any # HTTP Basic authorization header.}\n@returns(200) Token response\n@errors {400: OAuth 2.0 error response, 401: OAuth 2.0 error response}\n\n@endgroup\n\n@group userinfo\n@endpoint GET /userinfo\n@desc Retrieve a user profile\n@returns(200) UserInfo response\n@errors {401: OAuth 2.0 error response}\n\n@endgroup\n\n@group client\n@endpoint GET /client\n@desc List clients\n@returns(200) A list of Client Objects.\n\n@endpoint POST /client\n@desc Register a client\n@required {body: any # Client Object}\n@returns(201) Client created\n\n@endpoint GET /client/{client_id}\n@desc View a client\n@required {client_id: any # Client identifier}\n@returns(200) Client found\n\n@endpoint PUT /client/{client_id}\n@desc Update a client\n@required {client_id: any # Client identifier, body: any # Client Object}\n@returns(200) Client updated\n\n@endpoint DELETE /client/{client_id}\n@desc Delete a client\n@required {client_id: any # Client identifier}\n@returns(204) Client deleted\n\n@endgroup\n\n@group {client_id}\n@endpoint GET /{client_id}/iframe\n@desc Include a session iframe\n@required {client_id: any # Client identifier}\n@returns(200) OK\n\n@endgroup\n\n@end\n"}