{
  "openapi": "3.0.0",
  "info": {
    "contact": {
      "name": "stephane.chretien@thalesgroup.com"
    },
    "title": "D1 OAuth API",
    "version": "1.0",
    "description": "D1 OAuth 2.0 outgoing flow. \nThis endpoint shall support HTTP POST Client Credentials grant requests in x-www-form-urlencoded content type as specified here: https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2"
  },
  "servers": [
    {
      "url": "https://YOUR_DOMAIN/authz/d1/v1"
    }
  ],
  "security": [],
  "paths": {
    "/oauth2/token": {
      "post": {
        "description": "This request is used by Thales to retrieve an OAUTH 2.0 access authorization token to be used for outgoing issuer API requests.",
        "parameters": [
          {
            "schema": {
              "type": "string",
              "example": "Basic aXNfdGJhbmswMToxMjM="
            },
            "in": "header",
            "name": "authorization",
            "description": "The authorization header includes a client secret in base64URL encoded format following this syntax: Basic \"[clientId:client secret]\" as per https://www.rfc-editor.org/rfc/rfc2617",
            "required": true
          }
        ],
        "requestBody": {
          "content": {
            "application/x-www-form-urlencoded": {
              "schema": {
                "$ref": "#/components/schemas/auth2Request"
              },
              "examples": {}
            }
          }
        },
        "responses": {
          "200": {
            "description": "Default allowed response",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "access_token": {
                      "type": "string",
                      "description": "The access token issued by the authorization server",
                      "example": "ey...HRT6LOON7w",
                      "readOnly": true
                    },
                    "expires_in": {
                      "type": "string",
                      "description": "Remaining time in seconds for the access_token to expire.",
                      "example": "900",
                      "readOnly": true
                    },
                    "scope": {
                      "type": "string",
                      "description": "Scope of the access_token.",
                      "readOnly": true
                    },
                    "token_type": {
                      "description": "Type of the access_token that will be used to call Issuer APIs.",
                      "example": "Bearer",
                      "enum": [
                        "Bearer"
                      ]
                    },
                    "expires_at": {
                      "type": "string",
                      "example": "2023-06-06T05:05:59.711Z",
                      "description": "Access token expiration timestamp",
                      "readOnly": true
                    }
                  },
                  "required": [
                    "access_token",
                    "token_type"
                  ]
                }
              }
            }
          },
          "400": {
            "description": "Bad request"
          }
        },
        "summary": "Get Authorization Token",
        "operationId": "getAccessToken"
      }
    }
  },
  "components": {
    "schemas": {
      "auth2Request": {
        "type": "object",
        "title": "Authorization request body",
        "properties": {
          "grant_type": {
            "type": "string",
            "enum": [
              "client_credentials"
            ]
          },
          "scope": {
            "description": "Access request scope as optionally defined by the issuer ",
            "type": "string"
          }
        },
        "required": [
          "grant_type"
        ]
      }
    }
  }
}