ciba-grant-3.2.0.md

schemas/v3.1/schema.json

@@ -1240,6 +1240,9 @@
         "authorizationCode": {
           "$ref": "#/$defs/oauth-flows/$defs/authorization-code"
         }
+        "ciba": {
+          "$ref": "#/$defs/oauth-flows/$defs/ciba"
+        }
       },
       "$ref": "#/$defs/specification-extensions",
       "unevaluatedProperties": false,
@@ -1327,7 +1330,44 @@
           ],
           "$ref": "#/$defs/specification-extensions",
           "unevaluatedProperties": false
-        }
+        },
+        "ciba": {
+          "type": "object",
+          "properties": {
+            "authorizationUrl": {
+              "type": "string"
+            },
+            "tokenUrl": {
+              "type": "string"
+            },
+            "refreshUrl": {
+              "type": "string"
+            },
+            "ciba_delivery_modes": {
+               "type": "array",
+               "item": "string"
+            },
+            "ciba_signing_algs": {
+               "type": "array",
+               "item": "string"
+            },
+            "ciba_user_code":{
+               "type": "boolean"
+            },
+            "scopes": {
+              "$ref": "#/$defs/map-of-strings"
+            }
+          },
+          "required": [
+            "authorizationUrl",
+            "tokenUrl",
+            "ciba_delivery_modes",
+            "ciba_signing_algs",
+            "scopes"
+          ],
+          "$ref": "#/$defs/specification-extensions",
+          "unevaluatedProperties": false
+        }       
       }
     },
     "security-requirement": {

schemas/v3.1/schema.yaml

@@ -837,6 +837,8 @@ $defs:
         $ref: '#/$defs/oauth-flows/$defs/client-credentials'
       authorizationCode:
         $ref: '#/$defs/oauth-flows/$defs/authorization-code'
+      ciba:
+        $ref: '#/$defs/oauth-flows/$defs/ciba'
     $ref: '#/$defs/specification-extensions'
     unevaluatedProperties: false
 
@@ -903,6 +905,36 @@ $defs:
           - scopes
         $ref: '#/$defs/specification-extensions'
         unevaluatedProperties: false
+
+      ciba:
+        type: object
+        properties:
+          authorizationUrl:
+            type: string
+          tokenUrl:
+            type: string
+          refreshUrl:
+            type: string
+          ciba_delivery_modes:
+            type: array
+            items:
+              type: string
+          ciba_signing_algs:
+*           type: array
+            items:
+              type: string
+          ciba_user_code:
+            type: boolean
+          scopes:
+            $ref: '#/$defs/map-of-strings'
+        required:
+          - authorizationUrl
+          - tokenUrl
+          - ciba_delivery_modes
+          - ciba_signing_algs
+          - scopes
+        $ref: '#/$defs/specification-extensions'
+        unevaluatedProperties: false
 
   security-requirement:
     type: object

versions/3.2.0.md

@@ -3290,6 +3290,7 @@ Field Name | Type | Description
 <a name="oauthFlowsClientCredentials"></a>clientCredentials| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Client Credentials flow.  Previously called `application` in OpenAPI 2.0.
 <a name="oauthFlowsAuthorizationCode"></a>authorizationCode| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Authorization Code flow.  Previously called `accessCode` in OpenAPI 2.0.
 <a name="oauthFlowsDeviceAuthorization"></s>deviceAuthorization| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Device Authorization flow.
+<a name="oauthFlowsCiba"></a>ciba| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OpenID Connect Client-Initiated Backchannel Authentication Flow.
 
 This object MAY be extended with [Specification Extensions](#specificationExtensions).
 
@@ -3300,11 +3301,14 @@ Configuration details for a supported OAuth Flow
 ##### Fixed Fields
 Field Name | Type | Applies To | Description
 ---|:---:|---|---
-<a name="oauthFlowAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
+<a name="oauthFlowAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`, `"ciba"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
 <a name="oauthFlowDeviceAuthorizationUrl"></s>deviceAuthorizationUrl | `string` | `oauth2` (`"deviceAuthorization"`) | **REQUIRED**. The device authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
-<a name="oauthFlowTokenUrl"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
+<a name="oauthFlowTokenUrl"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`, `"ciba"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
 <a name="oauthFlowRefreshUrl"></a>refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
 <a name="oauthFlowScopes"></a>scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty.
+<a name="backchannelTokenDeliveryModesSupported"></a>cibaDeliveryModes | Array[`string`] | `oauth2` (`"ciba"`) | **REQUIRED**. JSON array containing one or more of the following values: poll, ping, and push.
+<a name="backchannelAuthenticationRequestSigningAlgValues"></a>cibaSigningAlgs | Array[`string`] | `oauth2` (`"ciba"`) |  JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP (OpenIdConnect Provider) for signed authentication requests
+<a name="backchannelUserCodeParameterSupported"></a>ciba_user_code | `boolean` | `oauth2` (`"ciba"`) |  Boolean value specifying whether the OP supports the use of the user_code parameter, with true indicating support. If omitted, the default value is false.
 
 This object MAY be extended with [Specification Extensions](#specificationExtensions).
 
@@ -3328,6 +3332,15 @@ This object MAY be extended with [Specification Extensions](#specificationExtens
         "write:pets": "modify pets in your account",
         "read:pets": "read your pets"
       }
+    },
+    "ciba": {
+      "authorizationUrl": "https://example.com/api/oauth/dialog",
+      "tokenUrl": "https://example.com/api/oauth/token",
+      "scopes": {
+        "write:pets": "modify pets in your account",
+        "read:pets": "read your pets"
+      },
+      "ciba_delivery_modes": ["poll"]
     }
   }
 }