Add response to successful assertion.

tidepool-org · Jul 24, 2023 · 6407a5e · 6407a5e
1 parent bcdc45a
commit 6407a5e
Show file tree

Hide file tree

Showing 5 changed files with 138 additions and 2,533 deletions.
diff --git a/reference/auth.v1.yaml b/reference/auth.v1.yaml
@@ -776,15 +776,15 @@ paths:
       operationId: VerifyAssertion
       summary: Verify an assertion.
       description: >-
-        This verifies in assertion. Currently it returns an empty response on success, but in the future, when our partner API's are available, it will return a secret of some kind, certificate, key, etc. This can only happen after attestation has been verified and an assertion challenge has been requested.
+        This verifies an assertion and returns X.509 certficates.
       requestBody:
         content:
           'application/json':
             schema:
               $ref: './auth/models/assertionverify.v1.yaml'
       responses:
-        '204':
-          description: The assertion was verified successfully.
+        '200':
+          $ref: '#/components/responses/Assertion'
         '400':
           $ref: './common/responses/badrequest.v1.yaml'
         '401':
@@ -1081,4 +1081,13 @@ components:
       content:
         'application/json':
           schema:
-            $ref: './auth/models/appchallenge.v1.yaml'
+            $ref: './auth/models/appchallenge.v1.yaml'
+    Assertion:
+      description: 'Certificates returned upon successful assertion.'
+      headers:
+        'X-Tidepool-Session-Token':
+          $ref: './common/headers/tidepoolsessiontoken.v1.yaml'
+      content:
+        'application/json':
+          schema:
+            $ref: './auth/models/assertionsecret.v1.yaml'
diff --git a/reference/auth/models/assertionsecret.v1.yaml b/reference/auth/models/assertionsecret.v1.yaml
@@ -0,0 +1,20 @@
+title: AssertionSecret
+description: Data sent back upon successful app assertion. This will include X.509 certificates.
+type: object
+properties:
+  certificates:
+    description: X.509 certificates to be used for client authentication.
+    type: array
+    items:
+      type: object
+      properties:
+        content:
+          type: string
+          description: base64 encoded X.509 certificate in DER format.
+        ttlInDays:
+          type: integer
+        type:
+          type: string
+          oneOf:
+            - CONSTRAINED
+            - WILDCARD
diff --git a/reference/auth/models/assertionverify.v1.yaml b/reference/auth/models/assertionverify.v1.yaml
@@ -11,6 +11,15 @@ properties:
       challenge:
         type: string
         minLength: 1
+      partner:
+        description: Code name of partner to retrieve certificate from.
+        type: string
+        minLength: 1
+        enum:
+          - Coastal
+      partnerData:
+        description: Actual data to send to partner API.
+        $ref: './coastaldata.v1.yaml'
     description: Actual data requested by client. Must include the previously requested challenge.
   keyId:
     $ref: './keyid.v1.yaml'

diff --git a/reference/auth/models/coastaldata.v1.yaml b/reference/auth/models/coastaldata.v1.yaml
@@ -0,0 +1,24 @@
+title: CoastalData
+description: Data to send to Coastal's API.
+type: object
+properties:
+  rcTypeId:
+    type: string
+  rcInstanceId:
+    type: string
+  rcHWVersions:
+    type: array
+    items:
+      type: string
+  rcSWVersions:
+    type: array
+    items:
+      type: string
+  phdTypeId:
+    type: string
+  phdInstanceId:
+    type: string
+  csr:
+    type: string
+  rcbMac:
+    type: string