openapi: 3.1.1
info:
  title: Auth Service
  version: 1.0.0

servers:
  - url: /auth

paths:
  /sign-up:
    post:
      summary: Sign up a new user
      operationId: postSignUp
      tags: [Auth]
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required: [nickname, pass]
              properties:
                nickname:
                  type: string
                pass:
                  type: string
                  format: password
      responses:
        "200":
          description: Sign-up result
          content:
            application/json:
              schema:
                required:
                  - user_id
                type: object
                properties:
                  user_id:
                    type: integer
                    format: int64

  /sign-in:
    post:
      summary: Sign in a user and return JWT
      operationId: postSignIn
      tags: [Auth]
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required: [nickname, pass]
              properties:
                nickname:
                  type: string
                pass:
                  type: string
                  format: password
      responses:
        # This one also sets two cookies: access_token and refresh_token
        "200":
          description: Sign-in result with JWT
          content:
            application/json:
              schema:
                required:
                  - user_id
                  - user_name
                type: object
                properties:
                  user_id:
                    type: integer
                    format: int64
                  user_name:
                    type: string
        "401":
          $ref: '#/components/responses/UnauthorizedError'

  /get-impersonation-token:
    post:
      summary: Get service impersontaion token
      operationId: getImpersonationToken
      tags: [Auth]
      security:
        - bearerAuth: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                user_id:
                  type: integer
                  format: int64
                external_id:
                  type: integer
                  format: int64
              oneOf:
                - required: ["user_id"]
                - required: ["external_id"]
      responses:
        "200":
          description: Generated impersonation access token
          content:
            application/json:
              schema:
                type: object
                required:
                  - access_token
                properties:
                  access_token:
                    type: string
                    description: JWT access token
        "401":
          $ref: '#/components/responses/UnauthorizedError'

  /refresh-tokens:
    get:
      summary: Refreshes access_token and refresh_token
      operationId: refreshTokens
      tags: [Auth]
      responses:
        # This one sets two cookies: access_token and refresh_token
        "200":
          description: Refresh success
        "400":
          $ref: '#/components/responses/ClientError'
        "401":
          $ref: '#/components/responses/UnauthorizedError'
        "500":
          $ref: '#/components/responses/ServerError'

components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
  responses:
    UnauthorizedError:
      description: Access token is missing or invalid
    ServerError:
      description: ServerError
    ClientError:
      description: ClientError