{ "openapi": "3.0.3", "info": { "title": "Roalla Auth Hub API", "version": "1.1.0", "description": "Central authentication hub for Roalla apps and client projects." }, "servers": [{ "url": "https://sso.roalla.com" }], "paths": { "/api/health": { "get": { "summary": "Health check", "responses": { "200": { "description": "OK" } } } }, "/api/status": { "get": { "summary": "Platform verification report", "responses": { "200": { "description": "Status JSON" } } } }, "/authorize": { "get": { "summary": "Start OAuth2 authorization code + PKCE flow", "parameters": [ { "name": "client_id", "in": "query", "required": true, "schema": { "type": "string" } }, { "name": "return_url", "in": "query", "required": true, "schema": { "type": "string" } }, { "name": "code_challenge", "in": "query", "required": true, "schema": { "type": "string" } } ], "responses": { "302": { "description": "Redirect to login or back with code" } } } }, "/oauth/token": { "post": { "summary": "Exchange code or refresh token", "responses": { "200": { "description": "Tokens" } } } }, "/oauth/introspect": { "post": { "summary": "Token introspection (RFC 7662-style)", "responses": { "200": { "description": "active + claims" } } } }, "/.well-known/jwks.json": { "get": { "summary": "JSON Web Key Set", "responses": { "200": { "description": "JWKS" } } } }, "/.well-known/openid-configuration": { "get": { "summary": "OIDC discovery", "responses": { "200": { "description": "Discovery document" } } } }, "/api/register-client": { "post": { "summary": "Register app with scoped registration token", "security": [{ "RegistrationToken": [] }], "responses": { "200": { "description": "Client registered" } } } }, "/api/admin/clients": { "get": { "summary": "List clients", "security": [{ "AdminKey": [] }] }, "post": { "summary": "Create/update client", "security": [{ "AdminKey": [] }] } }, "/api/admin/registration-tokens": { "post": { "summary": "Create scoped registration token", "security": [{ "AdminKey": [] }] } }, "/api/portal/onboard": { "post": { "summary": "Automated onboarding (register + portal token + verify)", "security": [{ "RegistrationToken": [] }], "responses": { "200": { "description": "Client registered with portal_token and env_snippet" } } } }, "/api/portal/auth": { "post": { "summary": "Validate portal or registration token", "responses": { "200": { "description": "Access type and clients" } } } }, "/api/account/whoami": { "get": { "summary": "Current user (session or Bearer)", "responses": { "200": { "description": "Signed-in state" } } } }, "/oauth/userinfo": { "get": { "summary": "OIDC UserInfo", "security": [{ "BearerAuth": [] }], "responses": { "200": { "description": "Standard claims" } } } }, "/api/admin/webhooks/process": { "post": { "summary": "Process pending webhook queue", "security": [{ "AdminKey": [] }] } } }, "components": { "securitySchemes": { "AdminKey": { "type": "http", "scheme": "bearer", "description": "ADMIN_API_KEY" }, "RegistrationToken": { "type": "http", "scheme": "bearer", "description": "Scoped onboarding token (reg_…)" }, "PortalToken": { "type": "http", "scheme": "bearer", "description": "Client portal token (cpt_…)" }, "BearerAuth": { "type": "http", "scheme": "bearer", "description": "Access token" } } } }