HAAPI Data Model

The Curity Hypermedia Authentication API (HAAPI) allows OAuth clients to request tokens from the Curity Identity Server in an API-driven way, i.e., without requiring a browser to perform the user authentication and consent interactions.

This document specifies a schema for the data model of the responses provided by the server. The schema is defined based on concepts described in the JSON Schema specification.

Clients consuming the HAAPI can be programmed against the data model described in this schema. Any response that is valid according to this schema should be handled graciously by a compliant HAAPI Client.

JSON Schemas

If you need the actual JSON schemas, you can get them from the links below:

• Core JSON SchemaDownload JSON
• BankID Plugin JSON SchemaDownload JSON
• Encap Plugin JSON SchemaDownload JSON
• WebAuthn Plugin JSON SchemaDownload JSON

The JSON schemas, while not being very easy to read, can be used with automation tools to, among other things, generate client source code and validate server/plugins responses to make sure it's conforming to the contract.

Schema version: http://json-schema.org/draft-07/schema#

Model Root (allOf)

• Step

• Authentication Step

• Redirection Step

• Registration Step

• Polling Step

• Continue Same Step

• OAuth Authorization Response

• User Consent Step

• Consentor Step

• Authentication Failed

• Invalid Input

• Incorrect Credentials

• Error Authorization Response

• Unexpected Problem

• Too Many Attempts

• User Error

• Mismatch Between Session and Token

Model Root > Step (object)

Properties

Model Root > Step > type (string)

The type of a step, which defines the schema for the step.

Details

Model Root > Step > Metadata Object (object)

Object with additional information about the response. A client may ignore the information present in this object.

Properties

Model Root > Step > Metadata Object > templateArea (string)

The value for a custom template area defined for the client or authenticator

Model Root > Step > Metadata Object > viewName (string)

The name for the view that produced the response

Model Root > Authentication Step (if)

• Condition: {"type":"authentication-step"}

• Then: Authentication Step

Model Root > Redirection Step (if)

• Condition: {"type":"redirection-step"}

• Then: Redirection Step

Model Root > Registration Step (if)

• Condition: {"type":"registration-step"}

• Then: Registration Step

Model Root > Polling Step (if)

• Condition: {"type":"polling-step"}

• Then: Polling Step

Model Root > Continue Same Step (if)

• Condition: {"type":"continue-same-step"}

• Then: Continue Same Step

Model Root > OAuth Authorization Response (if)

• Condition: {"type":"oauth-authorization-response"}

• Then: OAuth Authorization Response

Model Root > User Consent Step (if)

• Condition: {"type":"user-consent-step"}

• Then: User Consent Step

Model Root > Consentor Step (if)

• Condition: {"type":"consentor-step"}

• Then: Consentor Step

Model Root > Authentication Failed (if)

• Condition: {"type":"https://curity.se/problems/authentication-failed"}

• Then: Problem

Model Root > Invalid Input (if)

• Condition: {"type":"https://curity.se/problems/invalid-input"}

• Then: Invalid Input Problem

Model Root > Incorrect Credentials (if)

• Condition: {"type":"https://curity.se/problems/incorrect-credentials"}

• Then: Problem

Model Root > Error Authorization Response (if)

• Condition: {"type":"https://curity.se/problems/error-authorization-response"}

• Then: Authorization Problem

Model Root > Unexpected Problem (if)

• Condition: {"type":"https://curity.se/problems/unexpected"}

• Then: Problem

Model Root > Too Many Attempts (if)

• Condition: {"type":"https://curity.se/problems/too-many-attempts"}

• Then: Problem

Model Root > User Error (if)

• Condition: {"type":"https://curity.se/problems/generic-user-error"}

• Then: Problem

Model Root > Mismatch Between Session and Token (if)

• Condition: {"type":"https://curity.se/problems/mismatch-between-session-and-access-token"}

• Then: Problem