diff --git a/JsonSchemas/Credentials.json b/JsonSchemas/Credentials.json new file mode 100644 index 000000000..86aaa8bb4 --- /dev/null +++ b/JsonSchemas/Credentials.json @@ -0,0 +1,421 @@ +{ + "$id": "https://microsoft.com/schemas/microsoft.identity.web", + "$schema": "http://json-schema.org/draft-07/schema#", + "definitions": { + "CertificateSource": { + "enum": [ + "KeyVault", + "Base64Encoded", + "Path", + "StoreWithThumbprint", + "StoreWithDistinguishedName" + ], + "description": "Enumeration of credential sources." + }, + "ClientCredentialSource": { + "enum": [ + "KeyVault", + "ClientSecret", + "Base64Encoded", + "Path", + "StoreWithThumbprint", + "StoreWithDistinguishedName", + "SignedAssertionFromManagedIdentity", + "SignedAssertionFilePath", + "SignedAssertionFromVault" + ], + "description": "Enumeration of credential sources." + }, + "DecryptCredentialSource": { + "enum": [ + "KeyVault", + "Base64Encoded", + "Path", + "StoreWithThumbprint", + "StoreWithDistinguishedName", + "AutoDecryptKeys" + ], + "description": "Enumeration of credential sources." + }, + "ClientCertificatesDescription": { + "type": "object", + "properties": { + "SourceType": { + "$ref": "#/definitions/CertificateSource" + } + }, + "required": [ + "SourceType" + ], + "anyOf": [ + { + "if": { + "properties": { + "SourceType": { + "const": "KeyVault" + } + } + }, + "then": { + "properties": { + "KeyVaultUrl": { + "type": "string" + }, + "KeyVaultCertificateName": { + "type": "string" + } + }, + "required": [ + "SourceType", + "KeyVaultUrl", + "KeyVaultCertificateName" + ] + } + }, + { + "if": { + "properties": { + "SourceType": { + "const": "Base64Encoded" + } + } + }, + "then": { + "properties": { + "Base64EncodedValue": { + "type": "string" + } + }, + "required": [ + "SourceType", + "Base64EncodedValue" + ] + } + }, + { + "if": { + "properties": { + "SourceType": { + "const": "Path" + } + } + }, + "then": { + "properties": { + "CertificateDiskPath": { + "type": "string" + }, + "CertificatePassword": { + "type": "string" + } + }, + "required": [ + "SourceType", + "CertificateDiskPath" + ] + } + }, + { + "if": { + "properties": { + "SourceType": { + "const": "StoreWithThumbprint" + } + } + }, + "then": { + "properties": { + "CertificateStorePath": { + "type": "string" + }, + "CertificateThumbprint": { + "type": "string" + } + }, + "required": [ + "SourceType", + "CertificateStorePath", + "CertificateThumbprint" + ] + } + }, + { + "if": { + "properties": { + "SourceType": { + "const": "StoreWithDistinguishedName" + } + } + }, + "then": { + "properties": { + "CertificateStorePath": { + "type": "string" + }, + "CertificateDistinguishedName": { + "type": "string" + } + }, + "required": [ + "SourceType", + "CertificateStorePath", + "CertificateDistinguishedName" + ] + } + } + ] + }, + "ClientCredentialsDescription": { + "type": "object", + "properties": { + "SourceType": { + "$ref": "#/definitions/ClientCredentialSource" + } + }, + "required": [ + "SourceType" + ], + "anyOf": [ + { + "$ref": "#/definitions/ClientCertificatesDescription" + }, + { + "if": { + "properties": { + "SourceType": { + "const": "ClientSecret" + } + } + }, + "then": { + "properties": { + "ClientSecret": { + "type": "string" + } + }, + "required": [ + "SourceType", + "ClientSecret" + ] + } + }, + { + "if": { + "properties": { + "SourceType": { + "const": "SignedAssertionFromManagedIdentity" + } + } + }, + "then": { + "properties": { + "ManagedIdentityClientId": { + "type": "string" + }, + "TokenExchangeUrl": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "SourceType" + ] + } + }, + { + "if": { + "properties": { + "SourceType": { + "const": "SignedAssertionFilePath" + } + } + }, + "then": { + "properties": { + "SignedAssertionFileDiskPath": { + "type": "string" + } + }, + "required": [ + "SourceType" + ] + } + }, + { + "if": { + "properties": { + "SourceType": { + "const": "SignedAssertionFromVault" + } + } + }, + "then": { + "properties": { + "KeyVaultUrl": { + "type": "string" + }, + "KeyVaultCertificateName": { + "type": "string" + } + }, + "required": [ + "SourceType", + "KeyVaultUrl", + "KeyVaultCertificateName" + ] + } + } + ] + }, + "AuthorizationHeaderProviderOptions": { + "type": "object", + "properties": { + "BaseUrl": { + "type": [ + "string" + ] + }, + "RelativePath": { + "type": "string", + "default": "" + }, + "HttpMethod": { + "type": "string" + }, + "AcquireTokenOptions": { + "$ref": "#/definitions/AcquireTokenOptions" + }, + "ProtocolScheme": { + "type": "string", + "default": "Bearer" + }, + "RequestAppToken": { + "type": "boolean", + "default": false + } + } + }, + "AcquireTokenOptions": { + "type": "object", + "properties": { + "AuthenticationOptionsName": { + "type": [ + "string", + "null" + ] + }, + "ExtraQueryParameters": { + "type": [ + "string", + "null" + ] + }, + "ExtraHeadersParameters": { + "type": [ + "object", + "null" + ] + }, + "Claims": { + "type": [ + "string" + ] + }, + "ForceRefresh": { + "type": "boolean", + "default": false + }, + "ManagedIdentity": { + "$ref": "#/definitions/ManagedIdentityOptions" + }, + "LongRunningWebApiSessionKey": { + "type": [ + "string" + ] + }, + "Tenant": { + "type": [ + "string" + ] + } + } + }, + "ManagedIdentityOptions": { + "type": "object", + "properties": { + "UserAssignedClientId": { + "type": [ + "string" + ] + } + } + }, + "DownstreamApiOptions": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AuthorizationHeaderProviderOptions" + } + ], + "properties": { + "Scopes": { + "type": [ + "array" + ], + "items": { + "type": "string" + } + }, + "AcceptHeader": { + "type": "string", + "default": "application/json" + }, + "ContentType": { + "type": "string", + "default": "application/json" + } + }, + "required": [ + "Scopes" + ] + }, + "TokenDecryptionCredentialsDescription": { + "type": "object", + "properties": { + "SourceType": { + "$ref": "#/definitions/DecryptCredentialSource" + } + }, + "required": [ + "SourceType" + ], + "anyOf": [ + { + "$ref": "#/definitions/ClientCertificatesDescription" + }, + { + "if": { + "properties": { + "SourceType": { + "const": "AutoDecryptKeys" + } + } + }, + "then": { + "properties": { + "DecryptKeysAuthenticationOptions": { + "$ref": "#/definitions/AuthorizationHeaderProviderOptions" + } + }, + "required": [ + "SourceType", + "DecryptKeysAuthenticationOptions" + ] + } + } + ] + } + } +} diff --git a/JsonSchemas/microsoft-identity-web.json b/JsonSchemas/microsoft-identity-web.json new file mode 100644 index 000000000..49ccf999d --- /dev/null +++ b/JsonSchemas/microsoft-identity-web.json @@ -0,0 +1,89 @@ +{ + "$id": "https://microsoft.com/Mise/schemas/AzureAdSection", + "$schema": "http://json-schema.org/draft-07/schema#", + "definitions": { + "AzureAdSection": { + "type": "object", + "properties": { + "Instance": { + "type": "string", + "default": "https://login.microsoftonline.com", + "description": "Cloud instance, to be used with TenantId. Exclusive of Authority." + }, + "TenantId": { + "type": "string", + "description": "Tenants accepted by the application." + }, + "ClientId": { + "type": "string" + }, + "Authority": { + "type": "string", + "description": "The IdP authority. Exclusive of Instance + TenantId." + }, + "ShowPII": { + "type": "boolean" + }, + "ExtraQueryParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "AzureRegion": { + "type": "string" + }, + "ClientCredentials": { + "type": "array", + "items": { + "$ref": "./Credentials.json#/definitions/ClientCredentialsDescription" + } + }, + "SendX5C": { + "type": "boolean" + }, + "ClientCapabilities": { + "type": "array", + "items": { + "type": "string" + } + }, + "Audiences": { + "type": "array", + "items": { + "type": "string" + } + }, + "TokenDecryptionCredentials": { + "type": "array", + "items": { + "$ref": "./Credentials.json#/definitions/TokenDecryptionCredentialsDescription" + } + } + }, + "required": [ + "Instance", + "TenantId", + "ClientId" + ] + } + }, + "type": "object", + "properties": { + "Version": { + "type": "string" + }, + "AzureAd": { + "$ref": "#/definitions/AzureAdSection" + }, + "DownstreamApis": { + "type": "object", + "additionalProperties": { + "$ref": "./Credentials.json#/definitions/DownstreamApiOptions" + } + } + }, + "required": [ + "AzureAd" + ] +} \ No newline at end of file