feat: use SetCookie for access and refresh tokens
This commit is contained in:
parent
2929a6e4bc
commit
69e8a8dc79
GPG key ID:
0251623741027CFC
3 changed files with 246 additions and 182 deletions
|
|
@ -1,4 +1,4 @@
|
|||
openapi: 3.1.0
|
||||
openapi: 3.1.1
|
||||
info:
|
||||
title: Auth Service
|
||||
version: 1.0.0
|
||||
|
|
@ -58,6 +58,14 @@ paths:
|
|||
responses:
|
||||
"200":
|
||||
description: Sign-in result with JWT
|
||||
# headers:
|
||||
# Set-Cookie:
|
||||
# schema:
|
||||
# type: array
|
||||
# items:
|
||||
# type: string
|
||||
# explode: true
|
||||
# style: simple
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
|
|
@ -71,42 +79,89 @@ paths:
|
|||
user_id:
|
||||
type: string
|
||||
nullable: true
|
||||
token:
|
||||
type: string
|
||||
description: JWT token to access protected endpoints
|
||||
nullable: true
|
||||
|
||||
/auth/verify-token:
|
||||
post:
|
||||
summary: Verify JWT validity
|
||||
tags: [Auth]
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: object
|
||||
required: [token]
|
||||
properties:
|
||||
token:
|
||||
type: string
|
||||
description: JWT token to validate
|
||||
responses:
|
||||
"200":
|
||||
description: Token validation result
|
||||
"401":
|
||||
description: Access denied due to invalid credentials
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
valid:
|
||||
type: boolean
|
||||
description: True if token is valid
|
||||
user_id:
|
||||
type: string
|
||||
nullable: true
|
||||
description: User ID extracted from token if valid
|
||||
error:
|
||||
type: string
|
||||
nullable: true
|
||||
description: Error message if token is invalid
|
||||
example: "Access denied"
|
||||
# /auth/verify-token:
|
||||
# post:
|
||||
# summary: Verify JWT validity
|
||||
# tags: [Auth]
|
||||
# requestBody:
|
||||
# required: true
|
||||
# content:
|
||||
# application/json:
|
||||
# schema:
|
||||
# type: object
|
||||
# required: [token]
|
||||
# properties:
|
||||
# token:
|
||||
# type: string
|
||||
# description: JWT token to validate
|
||||
# responses:
|
||||
# "200":
|
||||
# description: Token validation result
|
||||
# content:
|
||||
# application/json:
|
||||
# schema:
|
||||
# type: object
|
||||
# properties:
|
||||
# valid:
|
||||
# type: boolean
|
||||
# description: True if token is valid
|
||||
# user_id:
|
||||
# type: string
|
||||
# nullable: true
|
||||
# description: User ID extracted from token if valid
|
||||
# error:
|
||||
# type: string
|
||||
# nullable: true
|
||||
# description: Error message if token is invalid
|
||||
# /auth/refresh-token:
|
||||
# post:
|
||||
# summary: Refresh JWT using a refresh token
|
||||
# tags: [Auth]
|
||||
# requestBody:
|
||||
# required: true
|
||||
# content:
|
||||
# application/json:
|
||||
# schema:
|
||||
# type: object
|
||||
# required: [refresh_token]
|
||||
# properties:
|
||||
# refresh_token:
|
||||
# type: string
|
||||
# description: JWT refresh token obtained from sign-in
|
||||
# responses:
|
||||
# "200":
|
||||
# description: New access (and optionally refresh) token
|
||||
# content:
|
||||
# application/json:
|
||||
# schema:
|
||||
# type: object
|
||||
# properties:
|
||||
# valid:
|
||||
# type: boolean
|
||||
# description: True if refresh token was valid
|
||||
# user_id:
|
||||
# type: string
|
||||
# nullable: true
|
||||
# description: User ID extracted from refresh token
|
||||
# access_token:
|
||||
# type: string
|
||||
# description: New access token
|
||||
# nullable: true
|
||||
# refresh_token:
|
||||
# type: string
|
||||
# description: New refresh token (optional)
|
||||
# nullable: true
|
||||
# error:
|
||||
# type: string
|
||||
# nullable: true
|
||||
# description: Error message if refresh token is invalid
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue