openapi: 3.0.0 info: title: Auth Server 2.2 version: '2.2' description: servers: - url: 'https://auth.sandbox.geopagos.com' paths: /oauth/token: post: summary: '' tags: - API Endpoints operationId: post-token responses: '200': description: OK content: application/json: schema: type: object properties: token_type: type: string example: Bearer default: Bearer expires_in: type: string example: '3600' access_token: type: string refresh_token: type: string examples: authorization_code: value: token_type: Bearer expires_in: '3600' access_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhcmllbDEyMyIsImp0aSI6IjM3ZDM4YzhjMWEyOTQ3NzNiZTM4OTBlNDMxNmVkMzg2ZWZmYTU5OTE5N2E1N2RkM2YxNzFmYmJhMjRjZDk1NDg5YmZkNjVjNmQzNzI0Y2M1IiwiaWF0IjoxNjAyMTIyMjQ0LCJuYmYiOjE2MDIxMjIyNDQsImV4cCI6MTYwMjEyNTg0NCwic3ViIjoiY2xpZW50QG1haWwuY29tIiwic2NvcGVzIjpbImNyZWF0ZSIsInJlYWQiXX0.InZ3E9G3vIygOU3fBoEnaa_3Jjgslul6gXKaxuEJBgtxZcMJ3RNgd8EsHIwVg5qBUAreLn0enSOARbSCNPqKN0oOQFeTaNas8ZPctNjAhG1mtaVx2FhIdQAEJx_Fvei8oxFLgSFUXyHryVxRtZmGeI841Z191NUC6PitaZZ8pWMRVydTGoNNmHz_WIyKU8ib9Z_ refresh_token: def50200345558fbee4e53882e495b6d8eb12640bea4cdfb3908f887beb88217d75129a30258ca4e3098c5a68cb5325bc55f0805b961878bcf347edd4a8f5e94389d331cba8a76b3dc6f9177ca5fcbd9f31dc1ab433e00f81cddc39926b91c3d6249f0512119ae3f4f398659be7c075219c968f5f4f36feb1349331a89e9b2f8675ba9f038ad8d506a56d359126057fe1b414f251ef476066d116e3e34f9a6428252ea3e77b69e30cfc591192d8c081c0354d5a9602a5c22a53c492f1b5d611864792fee97806e0315fc3413ff9d32b91e0480dd14e32332b97abd7baf89cab77e310c68c913bffba5cc6621d6c8e12de2c41eb22d0d0fb541d73b0dbd3b92e1 client_credentials: value: token_type: Bearer expires_in: '3600' access_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhcmllbDEyMyIsImp0aSI6IjM3ZDM4YzhjMWEyOTQ3NzNiZTM4OTBlNDMxNmVkMzg2ZWZmYTU5OTE5N2E1N2RkM2YxNzFmYmJhMjRjZDk1NDg5YmZkNjVjNmQzNzI0Y2M1IiwiaWF0IjoxNjAyMTIyMjQ0LCJuYmYiOjE2MDIxMjIyNDQsImV4cCI6MTYwMjEyNTg0NCwic3ViIjoiY2xpZW50QG1haWwuY29tIiwic2NvcGVzIjpbImNyZWF0ZSIsInJlYWQiXX0.InZ3E9G3vIygOU3fBoEnaa_3Jjgslul6gXKaxuEJBgtxZcMJ3RNgd8EsHIwVg5qBUAreLn0enSOARbSCNPqKN0oOQFeTaNas8ZPctNjAhG1mtaVx2FhIdQAEJx_Fvei8oxFLgSFUXyHryVxRtZmGeI841Z191NUC6PitaZZ8pWMRVydTGoNNmHz_WIyKU8ib9Z_ refresh_token: value: token_type: Bearer expires_in: '3600' access_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhcmllbDEyMyIsImp0aSI6IjM3ZDM4YzhjMWEyOTQ3NzNiZTM4OTBlNDMxNmVkMzg2ZWZmYTU5OTE5N2E1N2RkM2YxNzFmYmJhMjRjZDk1NDg5YmZkNjVjNmQzNzI0Y2M1IiwiaWF0IjoxNjAyMTIyMjQ0LCJuYmYiOjE2MDIxMjIyNDQsImV4cCI6MTYwMjEyNTg0NCwic3ViIjoiY2xpZW50QG1haWwuY29tIiwic2NvcGVzIjpbImNyZWF0ZSIsInJlYWQiXX0.InZ3E9G3vIygOU3fBoEnaa_3Jjgslul6gXKaxuEJBgtxZcMJ3RNgd8EsHIwVg5qBUAreLn0enSOARbSCNPqKN0oOQFeTaNas8ZPctNjAhG1mtaVx2FhIdQAEJx_Fvei8oxFLgSFUXyHryVxRtZmGeI841Z191NUC6PitaZZ8pWMRVydTGoNNmHz_WIyKU8ib9Z_ refresh_token: def50200345558fbee4e53882e495b6d8eb12640bea4cdfb3908f887beb88217d75129a30258ca4e3098c5a68cb5325bc55f0805b961878bcf347edd4a8f5e94389d331cba8a76b3dc6f9177ca5fcbd9f31dc1ab433e00f81cddc39926b91c3d6249f0512119ae3f4f398659be7c075219c968f5f4f36feb1349331a89e9b2f8675ba9f038ad8d506a56d359126057fe1b414f251ef476066d116e3e34f9a6428252ea3e77b69e30cfc591192d8c081c0354d5a9602a5c22a53c492f1b5d611864792fee97806e0315fc3413ff9d32b91e0480dd14e32332b97abd7baf89cab77e310c68c913bffba5cc6621d6c8e12de2c41eb22d0d0fb541d73b0dbd3b92e1 '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string error_description: type: string examples: invalid_request: value: error: invalid_request error_description: 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.' invalid_grant: value: error: invalid_grant error_description: 'Authorization code,password or redirect url failed' invalid_scope: value: error: invalid_scope error_description: scope failed unauthorized_client: value: error: unauthorized_client error_description: permission to use grant type denied unsupported_grant_type: value: error: unsupported_grant_type error_description: grant type not recognized '401': description: |- Unauthorized: invalid client_id or client secret content: application/json: schema: type: object properties: error: type: string error_description: type: string examples: invalid_client: value: error: invalid_client error_description: Client authentication failed requestBody: required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/authorization_code' - $ref: '#/components/schemas/refresh_token' - $ref: '#/components/schemas/client_credentials' examples: authorization_code: value: grant_type: authorization_code code: def5020030c6399f51b8332b271d15882859d78b9f7b3460c539da072f47d710684cfc4469be3a5202703d87cebd715435479eed899ece5ba77238f9285a6e326b513ebf87f70823d6b79c22b3700c79d26df398bcc46416794b052f99da18440d71e9e76b3e3577b256f4402a6ec66d5dd98d37affd0435a8fe936baf05943a20fce21d4a2aeee36d0f1ed7e87ebbfc34d806c588492f26b8af44eed0a99c148ff6e5063b810242d4cdb2837aa280c4c8297a6263f31f11c914e1c23e2fa273a0817bae8cf26796e404fca0d091a7e12f0346c55c194169f5ab7eb373aab20d464141407f08e8de9974e6b33b3e3ada9550967cf9208800a1ccd8daa5329b6c182abbdac9c7223c9b3d1249c424c416de93fb9422993bddda711f6784d03ef4aeb6774edc3358a437a782a8a1ef375020aa90a64f52c00c9f9f057cc079ffaa92912f812a72befce7133e71511c4347799379f57054f70bc2efeb959e947b63f12a63e1e99266d161c323a75b redirect_uri: 'https://client-url.com/callback' client_id: c7f33898-331e-4406-980d-991152533f0a client_secret: aw34er7fj8du6rbv6 scope: '*' refresh_token: value: grant_type: refresh_token refresh_token: def50200345558fbee4e53882e495b6d8eb12640bea4cdfb3908f887beb88217d75129a30258ca4e3098c5a68cb5325bc55f0805b961878bcf347edd4a8f5e94389d331cba8a76b3dc6f9177ca5fcbd9f31dc1ab433e00f81cddc39926b91c3d6249f0512119ae3f4f398659be7c075219c968f5f4f36feb1349331a89e9b2f8675ba9f038ad8d506a56d359126057fe1b414f251ef476066d116e3e34f9a6428252ea3e77b69e30cfc591192d8c081c0354d5a9602a5c22a53c492f1b5d611864792fee97806e0315fc3413ff9d32b91e0480dd14e32332b97abd7baf89cab77e310c68c913bffba5cc6621d6c8e12de2c41eb22d0d0fb541d73b0dbd3b92e1 client_id: c7f33898-331e-4406-980d-991152533f0a client_secret: aw34er7fj8du6rbv6 scope: '*' client_credentials: value: grant_type: client_credentials client_id: c7f33898-331e-4406-980d-991152533f0a client_secret: aw34er7fj8du6rbv6 scope: '*' description: In this endpoint we can obtain an access token by sending the corresponding parameters depending on the case. parameters: [] /oauth/authorize: get: summary: '' tags: - API Endpoints responses: '302': description: |- In this case, everything went well. The user was authenticated through a login and gave his consent. Now the user will be redirected to the url specified in the parameters sent by the client application. example: https://client-url.com/callback?code=your_authorization_code_here content: text/html: schema: type: object examples: example-1: value: {} headers: {} '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string error_description: type: string examples: unsupported_grant_type: value: error: unsupported_grant_type error_description: The authorization grant type is not supported by the authorization server. invalid_scope: value: error: invalid_scope error_description: scope failed '401': description: |- Unauthorized: The causes can be: invalid client_id invalid redirect_uri The client account does not have a redirect_uri loaded content: application/json: schema: type: object properties: error: type: string error_description: type: string examples: invalid_client_id: value: error: invalid_client error_description: Client authentication failed operationId: get-authorize description: |- This endpoint allows obtaining an "authorization code". It is a code that is used to change it in a second step in edpoint "/token" for an access token. parameters: - schema: type: string in: query name: client_id required: true description: 'it is an identifier of the client application, registered in the authorization server.' - schema: type: string default: code in: query name: response_type required: true description: This parameter is the one that says what type of OAuth 2.0 flow we are going to follow to retrieve the token. In this case it is "code". - schema: type: string example: 'http://mydomain/callback' in: query name: redirect_uri description: |- When the client authentication finishes, we need to specify a URL back to our application. This URL must also be saved as part of our client application registration on the authorization server. - schema: type: string in: query name: scope description: |- It is used to say "why do I want this authorization?" They are the permits that are being requested. The way to specify multiple scopes is through a blank space between them. components: schemas: authorization_code: title: authorization_code type: object x-examples: {} description: authorization_code properties: grant_type: type: string default: authorization_code code: type: string description: | the authorization code from the query string redirect_uri: type: string description: the client redirect URI client_id: type: string description: the client identifier client_secret: type: string scope: type: string description: a comma delimited list of scopes or * for all required: - grant_type - code - redirect_uri - client_id - client_secret refresh_token: title: refresh_token type: object description: refresh_token x-examples: {} properties: grant_type: type: string default: refresh_token refresh_token: type: string client_id: type: string client_secret: type: string scope: type: string description: a comma delimited list of scopes or * for all required: - grant_type - refresh_token - client_id - client_secret client_credentials: title: client_credentials type: object properties: client_id: type: string format: uuid client_secret: type: string grant_type: type: string default: client_credentials scope: type: string description: a comma delimited list of scopes or * for all required: - client_id - client_secret - grant_type