|
229 | 229 | "Alerts" |
230 | 230 | ] |
231 | 231 | } |
| 232 | + }, |
| 233 | + "/jwks": { |
| 234 | + "get": { |
| 235 | + "operationId": "GetJWKS", |
| 236 | + "summary": "Retrieve public keys for signature verification", |
| 237 | + "description": "Authenticated endpoint for partners to retrieve Concur's public keys for validating signed message tokens. Requires company JWT authentication to ensure only authorized partners can access public key information.", |
| 238 | + "responses": { |
| 239 | + "200": { |
| 240 | + "description": "JWKs response with public keys for signature verification", |
| 241 | + "content": { |
| 242 | + "application/json": { |
| 243 | + "schema": { |
| 244 | + "$ref": "#/components/schemas/JWKSResponse" |
| 245 | + } |
| 246 | + } |
| 247 | + } |
| 248 | + }, |
| 249 | + "401": { |
| 250 | + "description": "Unauthorized - Company JWT validation failed or missing", |
| 251 | + "content": { |
| 252 | + "application/json": { |
| 253 | + "schema": { |
| 254 | + "$ref": "#/components/schemas/ErrorMessage" |
| 255 | + } |
| 256 | + } |
| 257 | + } |
| 258 | + }, |
| 259 | + "403": { |
| 260 | + "description": "Forbidden - Valid company JWT but not authorized for key access", |
| 261 | + "content": { |
| 262 | + "application/json": { |
| 263 | + "schema": { |
| 264 | + "$ref": "#/components/schemas/ErrorMessage" |
| 265 | + } |
| 266 | + } |
| 267 | + } |
| 268 | + }, |
| 269 | + "500": { |
| 270 | + "description": "Internal Server Error - Key retrieval failures", |
| 271 | + "content": { |
| 272 | + "application/json": { |
| 273 | + "schema": { |
| 274 | + "$ref": "#/components/schemas/ErrorMessage" |
| 275 | + } |
| 276 | + } |
| 277 | + } |
| 278 | + } |
| 279 | + }, |
| 280 | + "tags": [ |
| 281 | + "Partner Authorization" |
| 282 | + ], |
| 283 | + "security": [ |
| 284 | + { |
| 285 | + "ApiKeyAuth": [] |
| 286 | + } |
| 287 | + ] |
| 288 | + } |
232 | 289 | } |
233 | 290 | }, |
234 | 291 | "components": { |
|
509 | 566 | "description": "Optional field-specific information" |
510 | 567 | } |
511 | 568 | } |
| 569 | + }, |
| 570 | + "JWKSResponse": { |
| 571 | + "type": "object", |
| 572 | + "description": "Response schema for JWKs endpoint containing public keys for signature verification", |
| 573 | + "properties": { |
| 574 | + "keys": { |
| 575 | + "type": "array", |
| 576 | + "items": { |
| 577 | + "type": "object", |
| 578 | + "properties": { |
| 579 | + "kty": { |
| 580 | + "type": "string", |
| 581 | + "description": "Key type (RSA)" |
| 582 | + }, |
| 583 | + "use": { |
| 584 | + "type": "string", |
| 585 | + "description": "Key usage (sig for signature)" |
| 586 | + }, |
| 587 | + "kid": { |
| 588 | + "type": "string", |
| 589 | + "description": "Key identifier for rotation support" |
| 590 | + }, |
| 591 | + "n": { |
| 592 | + "type": "string", |
| 593 | + "description": "RSA public key modulus" |
| 594 | + }, |
| 595 | + "e": { |
| 596 | + "type": "string", |
| 597 | + "description": "RSA public key exponent" |
| 598 | + }, |
| 599 | + "alg": { |
| 600 | + "type": "string", |
| 601 | + "description": "Signing algorithm (RS256)" |
| 602 | + } |
| 603 | + }, |
| 604 | + "required": [ |
| 605 | + "kty", |
| 606 | + "use", |
| 607 | + "kid", |
| 608 | + "n", |
| 609 | + "e", |
| 610 | + "alg" |
| 611 | + ] |
| 612 | + } |
| 613 | + } |
| 614 | + }, |
| 615 | + "required": [ |
| 616 | + "keys" |
| 617 | + ], |
| 618 | + "example": { |
| 619 | + "keys": [ |
| 620 | + { |
| 621 | + "kty": "RSA", |
| 622 | + "use": "sig", |
| 623 | + "kid": "concur-key-1", |
| 624 | + "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt...", |
| 625 | + "e": "AQAB", |
| 626 | + "alg": "RS256" |
| 627 | + } |
| 628 | + ] |
| 629 | + } |
512 | 630 | } |
513 | 631 | } |
514 | 632 | }, |
|
0 commit comments