neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openapi: update authentication methods to use header-based tokens instead of cookies

Browse Source
This commit is contained in:
juancarmore 2025-10-13 12:07:58 +02:00
parent 479e94add8
commit 4e80b5a060
15 changed files with 131 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/openapi/components/responses/internal/success-generate-participant-token.yaml
View File

@ -1,7 +1,7 @@
description: Successfully generated the participant token description: Successfully generated the participant token
headers: # headers:
Set-Cookie: # Set-Cookie:
$ref: '../../headers/set-cookie-participant-token.yaml' # $ref: '../../headers/set-cookie-participant-token.yaml'
content: content:
application/json: application/json:
schema: schema:

6
backend/openapi/components/responses/internal/success-generate-recording-token.yaml
View File

@ -1,7 +1,7 @@
description: Successfully generated the recording token description: Successfully generated the recording token
headers: # headers:
Set-Cookie: # Set-Cookie:
$ref: '../../headers/set-cookie-recording-token.yaml' # $ref: '../../headers/set-cookie-recording-token.yaml'
content: content:
application/json: application/json:
schema: schema:

10
backend/openapi/components/responses/internal/success-refresh-token.yaml
View File

@ -1,7 +1,7 @@
description: Successfully refreshed the access token description: Successfully refreshed the access token
headers: # headers:
Set-Cookie: # Set-Cookie:
$ref: '../../headers/set-cookie-access-token.yaml' # $ref: '../../headers/set-cookie-access-token.yaml'
content: content:
application/json: application/json:
schema: schema:
@ -10,3 +10,7 @@ content:
message: message:
type: string type: string
example: Access token for user 'admin' successfully refreshed example: Access token for user 'admin' successfully refreshed
accessToken:
type: string
description: >
The new access token to authenticate the user in subsequent requests.

18
backend/openapi/components/responses/internal/success-user-login.yaml
View File

@ -1,9 +1,9 @@
description: Successfully logged in description: Successfully logged in
headers: # headers:
Set-Cookie: # Set-Cookie:
$ref: '../../headers/set-cookie-access-token.yaml' # $ref: '../../headers/set-cookie-access-token.yaml'
Set-Cookie*: # Set-Cookie*:
$ref: '../../headers/set-cookie-refresh-token.yaml' # $ref: '../../headers/set-cookie-refresh-token.yaml'
content: content:
application/json: application/json:
schema: schema:
@ -12,3 +12,11 @@ content:
message: message:
type: string type: string
example: User 'admin' logged in successfully example: User 'admin' logged in successfully
accessToken:
type: string
description: >
The access token to authenticate the user in subsequent requests.
refreshToken:
type: string
description: >
The refresh token to obtain a new access token when the current one expires.

14
backend/openapi/components/responses/internal/success-user-logout.yaml
View File

@ -1,11 +1,11 @@
description: Successfully logged out description: Successfully logged out
headers: # headers:
Set-Cookie: # Set-Cookie:
description: > # description: >
Clears the access and refresh token cookie. # Clears the access and refresh token cookie.
schema: # schema:
type: string # type: string
example: 'OvMeetAccessToken=; Path=/; HttpOnly; SameSite=Strict' # example: 'OvMeetAccessToken=; Path=/; HttpOnly; SameSite=Strict'
content: content:
application/json: application/json:
schema: schema:

52
backend/openapi/components/security.yaml
View File

@ -1,30 +1,54 @@
apiKeyInHeader: apiKeyHeader:
type: apiKey type: apiKey
name: X-API-KEY name: X-API-KEY
in: header in: header
description: > description: >
The API key to authenticate the request. This key is required to access the OpenVidu Meet API. The API key to authenticate the request. This key is required to access the OpenVidu Meet API.
accessTokenCookie: # accessTokenCookie:
# type: apiKey
# name: OvMeetAccessToken
# in: cookie
# description: >
# The JWT token to authenticate the request in case of consuming the API from the OpenVidu Meet frontend.
accessTokenHeader:
type: apiKey type: apiKey
name: OvMeetAccessToken name: Authorization
in: cookie in: header
description: > description: >
The JWT token to authenticate the request in case of consuming the API from the OpenVidu Meet frontend. The JWT token to authenticate the request in case of consuming the API from the OpenVidu Meet frontend.
refreshTokenCookie: # refreshTokenCookie:
# type: apiKey
# name: OvMeetRefreshToken
# in: cookie
# description: >
# The JWT token to refresh the access token when it expires.
refreshTokenHeader:
type: apiKey type: apiKey
name: OvMeetRefreshToken name: X-Refresh-Token
in: cookie in: header
description: > description: >
The JWT token to refresh the access token when it expires.. The JWT token to refresh the access token when it expires.
participantTokenCookie: # participantTokenCookie:
# type: apiKey
# name: OvMeetParticipantToken
# in: cookie
# description: >
# The JWT token to authenticate the participant when entering the room.
participantTokenHeader:
type: apiKey type: apiKey
name: OvMeetParticipantToken name: X-Participant-Token
in: cookie in: header
description: > description: >
The JWT token to authenticate the participant when entering the room. The JWT token to authenticate the participant when entering the room.
recordingTokenCookie: # recordingTokenCookie:
# type: apiKey
# name: OvMeetRecordingToken
# in: cookie
# description: >
# The JWT token containing permissions to access the recordings in a room.
recordingTokenHeader:
type: apiKey type: apiKey
name: OvMeetRecordingToken name: X-Recording-Token
in: cookie in: header
description: > description: >
The JWT token containing permissions to access the recordings in a room. The JWT token containing permissions to access the recordings in a room.

8
backend/openapi/paths/internal/auth.yaml
View File

@ -38,7 +38,7 @@
tags: tags:
- Internal API - Authentication - Internal API - Authentication
security: security:
- refreshTokenCookie: [] - refreshTokenHeader: []
responses: responses:
'200': '200':
$ref: '../../components/responses/internal/success-refresh-token.yaml' $ref: '../../components/responses/internal/success-refresh-token.yaml'
@ -59,7 +59,7 @@
tags: tags:
- Internal API - Authentication - Internal API - Authentication
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
responses: responses:
'201': '201':
$ref: '../../components/responses/internal/success-create-api-key.yaml' $ref: '../../components/responses/internal/success-create-api-key.yaml'
@ -76,7 +76,7 @@
tags: tags:
- Internal API - Authentication - Internal API - Authentication
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
responses: responses:
'200': '200':
$ref: '../../components/responses/internal/success-get-api-keys.yaml' $ref: '../../components/responses/internal/success-get-api-keys.yaml'
@ -90,7 +90,7 @@
tags: tags:
- Internal API - Authentication - Internal API - Authentication
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
responses: responses:
'200': '200':
$ref: '../../components/responses/internal/success-delete-api-key.yaml' $ref: '../../components/responses/internal/success-delete-api-key.yaml'

10
backend/openapi/paths/internal/meet-global-config.yaml
View File

@ -7,7 +7,7 @@
tags: tags:
- Internal API - Global Config - Internal API - Global Config
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
responses: responses:
'200': '200':
$ref: '../../components/responses/internal/success-get-webhooks-config.yaml' $ref: '../../components/responses/internal/success-get-webhooks-config.yaml'
@ -25,7 +25,7 @@
tags: tags:
- Internal API - Global Config - Internal API - Global Config
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
requestBody: requestBody:
$ref: '../../components/requestBodies/internal/update-webhooks-config.yaml' $ref: '../../components/requestBodies/internal/update-webhooks-config.yaml'
responses: responses:
@ -81,7 +81,7 @@
tags: tags:
- Internal API - Global Config - Internal API - Global Config
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
requestBody: requestBody:
$ref: '../../components/requestBodies/internal/update-security-config.yaml' $ref: '../../components/requestBodies/internal/update-security-config.yaml'
responses: responses:
@ -105,7 +105,7 @@
tags: tags:
- Internal API - Global Config - Internal API - Global Config
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
responses: responses:
'200': '200':
$ref: '../../components/responses/internal/success-get-appearance-config.yaml' $ref: '../../components/responses/internal/success-get-appearance-config.yaml'
@ -125,7 +125,7 @@
tags: tags:
- Internal API - Global Config - Internal API - Global Config
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
requestBody: requestBody:
$ref: '../../components/requestBodies/internal/update-appearance-config.yaml' $ref: '../../components/requestBodies/internal/update-appearance-config.yaml'
responses: responses:

6
backend/openapi/paths/internal/meetings.yaml
View File

@ -9,7 +9,7 @@
tags: tags:
- Internal API - Meetings - Internal API - Meetings
security: security:
- participantTokenCookie: [] - participantTokenHeader: []
parameters: parameters:
- $ref: '../../components/parameters/room-id-path.yaml' - $ref: '../../components/parameters/room-id-path.yaml'
- $ref: '../../components/parameters/internal/x-participant-role.yaml' - $ref: '../../components/parameters/internal/x-participant-role.yaml'
@ -35,7 +35,7 @@
tags: tags:
- Internal API - Meetings - Internal API - Meetings
security: security:
- participantTokenCookie: [] - participantTokenHeader: []
parameters: parameters:
- $ref: '../../components/parameters/room-id-path.yaml' - $ref: '../../components/parameters/room-id-path.yaml'
- $ref: '../../components/parameters/internal/participant-identity.yaml' - $ref: '../../components/parameters/internal/participant-identity.yaml'
@ -62,7 +62,7 @@
tags: tags:
- Internal API - Meetings - Internal API - Meetings
security: security:
- participantTokenCookie: [] - participantTokenHeader: []
parameters: parameters:
- $ref: '../../components/parameters/room-id-path.yaml' - $ref: '../../components/parameters/room-id-path.yaml'
- $ref: '../../components/parameters/internal/participant-identity.yaml' - $ref: '../../components/parameters/internal/participant-identity.yaml'

4
backend/openapi/paths/internal/participants.yaml
View File

@ -7,7 +7,7 @@
tags: tags:
- Internal API - Participant - Internal API - Participant
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
requestBody: requestBody:
$ref: '../../components/requestBodies/internal/participant-token-request.yaml' $ref: '../../components/requestBodies/internal/participant-token-request.yaml'
responses: responses:
@ -36,7 +36,7 @@
tags: tags:
- Internal API - Participant - Internal API - Participant
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
requestBody: requestBody:
$ref: '../../components/requestBodies/internal/participant-token-request.yaml' $ref: '../../components/requestBodies/internal/participant-token-request.yaml'
responses: responses:

4
backend/openapi/paths/internal/recordings.yaml
View File

@ -7,7 +7,7 @@
tags: tags:
- Internal API - Recordings - Internal API - Recordings
security: security:
- participantTokenCookie: [] - participantTokenHeader: []
parameters: parameters:
- $ref: '../../components/parameters/internal/x-participant-role.yaml' - $ref: '../../components/parameters/internal/x-participant-role.yaml'
requestBody: requestBody:
@ -42,7 +42,7 @@
tags: tags:
- Internal API - Recordings - Internal API - Recordings
security: security:
- participantTokenCookie: [] - participantTokenHeader: []
parameters: parameters:
- $ref: '../../components/parameters/recording-id.yaml' - $ref: '../../components/parameters/recording-id.yaml'
- $ref: '../../components/parameters/internal/x-participant-role.yaml' - $ref: '../../components/parameters/internal/x-participant-role.yaml'

2
backend/openapi/paths/internal/rooms.yaml
View File

@ -8,7 +8,7 @@
tags: tags:
- Internal API - Rooms - Internal API - Rooms
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
parameters: parameters:
- $ref: '../../components/parameters/room-id-path.yaml' - $ref: '../../components/parameters/room-id-path.yaml'
requestBody: requestBody:

4
backend/openapi/paths/internal/users.yaml
View File

@ -7,7 +7,7 @@
tags: tags:
- Internal API - Users - Internal API - Users
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
responses: responses:
'200': '200':
$ref: '../../components/responses/internal/success-get-profile.yaml' $ref: '../../components/responses/internal/success-get-profile.yaml'
@ -22,7 +22,7 @@
tags: tags:
- Internal API - Users - Internal API - Users
security: security:
- accessTokenCookie: [] - accessTokenHeader: []
requestBody: requestBody:
$ref: '../../components/requestBodies/internal/change-password-request.yaml' $ref: '../../components/requestBodies/internal/change-password-request.yaml'
responses: responses:

50
backend/openapi/paths/recordings.yaml
View File

@ -6,14 +6,14 @@
Retrieves a paginated list of all recordings available in the system. Retrieves a paginated list of all recordings available in the system.
You can apply filters to narrow down the results based on specific criteria. You can apply filters to narrow down the results based on specific criteria.
> **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method, > **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method,
> the `roomId` filter will be ignored and only recordings associated with the room included in the token will be returned. > the `roomId` filter will be ignored and only recordings associated with the room included in the token will be returned.
tags: tags:
- OpenVidu Meet - Recordings - OpenVidu Meet - Recordings
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- recordingTokenCookie: [] - recordingTokenHeader: []
parameters: parameters:
# - $ref: '../components/parameters/recording-status.yaml' # - $ref: '../components/parameters/recording-status.yaml'
- $ref: '../components/parameters/recording-fields.yaml' - $ref: '../components/parameters/recording-fields.yaml'
@ -38,15 +38,15 @@
description: | description: |
Deletes multiple recordings at once with the specified recording IDs. Deletes multiple recordings at once with the specified recording IDs.
> **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method, > **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method,
> all specified recordings must belong to the same room included in the token. > all specified recordings must belong to the same room included in the token.
> If a recording does not belong to that room, it will not be deleted. > If a recording does not belong to that room, it will not be deleted.
tags: tags:
- OpenVidu Meet - Recordings - OpenVidu Meet - Recordings
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- recordingTokenCookie: [] - recordingTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/recording-ids.yaml' - $ref: '../components/parameters/recording-ids.yaml'
responses: responses:
@ -71,15 +71,15 @@
Downloads multiple recordings as a ZIP file with the specified recording IDs. Downloads multiple recordings as a ZIP file with the specified recording IDs.
The ZIP file will contain all recordings in MP4 format. The ZIP file will contain all recordings in MP4 format.
> **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method, > **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method,
> all specified recordings must belong to the same room included in the token. > all specified recordings must belong to the same room included in the token.
> If a recording does not belong to that room, it will not be included in the ZIP file. > If a recording does not belong to that room, it will not be included in the ZIP file.
tags: tags:
- OpenVidu Meet - Recordings - OpenVidu Meet - Recordings
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- recordingTokenCookie: [] - recordingTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/recording-ids.yaml' - $ref: '../components/parameters/recording-ids.yaml'
responses: responses:
@ -118,9 +118,9 @@
tags: tags:
- OpenVidu Meet - Recordings - OpenVidu Meet - Recordings
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- recordingTokenCookie: [] - recordingTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/recording-id.yaml' - $ref: '../components/parameters/recording-id.yaml'
- $ref: '../components/parameters/recording-secret.yaml' - $ref: '../components/parameters/recording-secret.yaml'
@ -150,9 +150,9 @@
tags: tags:
- OpenVidu Meet - Recordings - OpenVidu Meet - Recordings
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- recordingTokenCookie: [] - recordingTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/recording-id.yaml' - $ref: '../components/parameters/recording-id.yaml'
responses: responses:
@ -183,9 +183,9 @@
tags: tags:
- OpenVidu Meet - Recordings - OpenVidu Meet - Recordings
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- recordingTokenCookie: [] - recordingTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/recording-id.yaml' - $ref: '../components/parameters/recording-id.yaml'
- $ref: '../components/parameters/recording-secret.yaml' - $ref: '../components/parameters/recording-secret.yaml'
@ -252,14 +252,14 @@
Retrieves the URL of a recording with the specified recording ID. Retrieves the URL of a recording with the specified recording ID.
This URL is intended to be shared with people who do not have direct access to the recording. This URL is intended to be shared with people who do not have direct access to the recording.
# It can be configured to be accessible by anyone (public access) or restricted to authenticated users only, # It can be configured to be accessible by anyone (public access) or restricted to authenticated users only,
# depending on the `privateAccess` query parameter. # depending on the `privateAccess` query parameter.
tags: tags:
- OpenVidu Meet - Recordings - OpenVidu Meet - Recordings
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- recordingTokenCookie: [] - recordingTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/recording-id.yaml' - $ref: '../components/parameters/recording-id.yaml'
# - $ref: '../components/parameters/private-access.yaml' # - $ref: '../components/parameters/private-access.yaml'

32
backend/openapi/paths/rooms.yaml
View File

@ -8,8 +8,8 @@
tags: tags:
- OpenVidu Meet - Rooms - OpenVidu Meet - Rooms
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
requestBody: requestBody:
$ref: '../components/requestBodies/create-room-request.yaml' $ref: '../components/requestBodies/create-room-request.yaml'
responses: responses:
@ -32,8 +32,8 @@
tags: tags:
- OpenVidu Meet - Rooms - OpenVidu Meet - Rooms
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/room-name.yaml' - $ref: '../components/parameters/room-name.yaml'
- $ref: '../components/parameters/room-fields.yaml' - $ref: '../components/parameters/room-fields.yaml'
@ -64,8 +64,8 @@
tags: tags:
- OpenVidu Meet - Rooms - OpenVidu Meet - Rooms
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/room-ids.yaml' - $ref: '../components/parameters/room-ids.yaml'
- $ref: '../components/parameters/meeting-deletion-policy.yaml' - $ref: '../components/parameters/meeting-deletion-policy.yaml'
@ -92,9 +92,9 @@
tags: tags:
- OpenVidu Meet - Rooms - OpenVidu Meet - Rooms
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- participantTokenCookie: [] - participantTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/room-id-path.yaml' - $ref: '../components/parameters/room-id-path.yaml'
- $ref: '../components/parameters/room-fields.yaml' - $ref: '../components/parameters/room-fields.yaml'
@ -128,8 +128,8 @@
tags: tags:
- OpenVidu Meet - Rooms - OpenVidu Meet - Rooms
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/room-id-path.yaml' - $ref: '../components/parameters/room-id-path.yaml'
- $ref: '../components/parameters/meeting-deletion-policy.yaml' - $ref: '../components/parameters/meeting-deletion-policy.yaml'
@ -160,9 +160,9 @@
tags: tags:
- OpenVidu Meet - Rooms - OpenVidu Meet - Rooms
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
- participantTokenCookie: [] - participantTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/room-id-path.yaml' - $ref: '../components/parameters/room-id-path.yaml'
- $ref: '../components/parameters/internal/x-participant-role.yaml' - $ref: '../components/parameters/internal/x-participant-role.yaml'
@ -189,8 +189,8 @@
tags: tags:
- OpenVidu Meet - Rooms - OpenVidu Meet - Rooms
security: security:
- apiKeyInHeader: [] - apiKeyHeader: []
- accessTokenCookie: [] - accessTokenHeader: []
parameters: parameters:
- $ref: '../components/parameters/room-id-path.yaml' - $ref: '../components/parameters/room-id-path.yaml'
requestBody: requestBody: