neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openapi: update authentication methods to use header-based tokens instead of cookies

Browse Source
This commit is contained in:
juancarmore 2025-10-13 12:07:58 +02:00
parent 479e94add8
commit 4e80b5a060
15 changed files with 131 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/openapi/components/responses/internal/success-generate-participant-token.yaml
View File

@ -1,7 +1,7 @@
description: Successfully generated the participant token
headers:
Set-Cookie:
$ref: '../../headers/set-cookie-participant-token.yaml'
# headers:
# Set-Cookie:
# $ref: '../../headers/set-cookie-participant-token.yaml'
content:
application/json:
schema:

6
backend/openapi/components/responses/internal/success-generate-recording-token.yaml
View File

@ -1,7 +1,7 @@
description: Successfully generated the recording token
headers:
Set-Cookie:
$ref: '../../headers/set-cookie-recording-token.yaml'
# headers:
# Set-Cookie:
# $ref: '../../headers/set-cookie-recording-token.yaml'
content:
application/json:
schema:

10
backend/openapi/components/responses/internal/success-refresh-token.yaml
View File

@ -1,7 +1,7 @@
description: Successfully refreshed the access token
headers:
Set-Cookie:
$ref: '../../headers/set-cookie-access-token.yaml'
# headers:
# Set-Cookie:
# $ref: '../../headers/set-cookie-access-token.yaml'
content:
application/json:
schema:
@ -10,3 +10,7 @@ content:
message:
type: string
example: Access token for user 'admin' successfully refreshed
accessToken:
type: string
description: >
The new access token to authenticate the user in subsequent requests.

18
backend/openapi/components/responses/internal/success-user-login.yaml
View File

@ -1,9 +1,9 @@
description: Successfully logged in
headers:
Set-Cookie:
$ref: '../../headers/set-cookie-access-token.yaml'
Set-Cookie*:
$ref: '../../headers/set-cookie-refresh-token.yaml'
# headers:
# Set-Cookie:
# $ref: '../../headers/set-cookie-access-token.yaml'
# Set-Cookie*:
# $ref: '../../headers/set-cookie-refresh-token.yaml'
content:
application/json:
schema:
@ -12,3 +12,11 @@ content:
message:
type: string
example: User 'admin' logged in successfully
accessToken:
type: string
description: >
The access token to authenticate the user in subsequent requests.
refreshToken:
type: string
description: >
The refresh token to obtain a new access token when the current one expires.

14
backend/openapi/components/responses/internal/success-user-logout.yaml
View File

@ -1,11 +1,11 @@
description: Successfully logged out
headers:
Set-Cookie:
description: >
Clears the access and refresh token cookie.
schema:
type: string
example: 'OvMeetAccessToken=; Path=/; HttpOnly; SameSite=Strict'
# headers:
# Set-Cookie:
# description: >
# Clears the access and refresh token cookie.
# schema:
# type: string
# example: 'OvMeetAccessToken=; Path=/; HttpOnly; SameSite=Strict'
content:
application/json:
schema:

52
backend/openapi/components/security.yaml
View File

@ -1,30 +1,54 @@
apiKeyInHeader:
apiKeyHeader:
type: apiKey
name: X-API-KEY
in: header
description: >
The API key to authenticate the request. This key is required to access the OpenVidu Meet API.
accessTokenCookie:
# accessTokenCookie:
# type: apiKey
# name: OvMeetAccessToken
# in: cookie
# description: >
# The JWT token to authenticate the request in case of consuming the API from the OpenVidu Meet frontend.
accessTokenHeader:
type: apiKey
name: OvMeetAccessToken
in: cookie
name: Authorization
in: header
description: >
The JWT token to authenticate the request in case of consuming the API from the OpenVidu Meet frontend.
refreshTokenCookie:
# refreshTokenCookie:
# type: apiKey
# name: OvMeetRefreshToken
# in: cookie
# description: >
# The JWT token to refresh the access token when it expires.
refreshTokenHeader:
type: apiKey
name: OvMeetRefreshToken
in: cookie
name: X-Refresh-Token
in: header
description: >
The JWT token to refresh the access token when it expires..
participantTokenCookie:
The JWT token to refresh the access token when it expires.
# participantTokenCookie:
# type: apiKey
# name: OvMeetParticipantToken
# in: cookie
# description: >
# The JWT token to authenticate the participant when entering the room.
participantTokenHeader:
type: apiKey
name: OvMeetParticipantToken
in: cookie
name: X-Participant-Token
in: header
description: >
The JWT token to authenticate the participant when entering the room.
recordingTokenCookie:
# recordingTokenCookie:
# type: apiKey
# name: OvMeetRecordingToken
# in: cookie
# description: >
# The JWT token containing permissions to access the recordings in a room.
recordingTokenHeader:
type: apiKey
name: OvMeetRecordingToken
in: cookie
name: X-Recording-Token
in: header
description: >
The JWT token containing permissions to access the recordings in a room.

8
backend/openapi/paths/internal/auth.yaml
View File

@ -38,7 +38,7 @@
tags:
- Internal API - Authentication
security:
- refreshTokenCookie: []
- refreshTokenHeader: []
responses:
'200':
$ref: '../../components/responses/internal/success-refresh-token.yaml'
@ -59,7 +59,7 @@
tags:
- Internal API - Authentication
security:
- accessTokenCookie: []
- accessTokenHeader: []
responses:
'201':
$ref: '../../components/responses/internal/success-create-api-key.yaml'
@ -76,7 +76,7 @@
tags:
- Internal API - Authentication
security:
- accessTokenCookie: []
- accessTokenHeader: []
responses:
'200':
$ref: '../../components/responses/internal/success-get-api-keys.yaml'
@ -90,7 +90,7 @@
tags:
- Internal API - Authentication
security:
- accessTokenCookie: []
- accessTokenHeader: []
responses:
'200':
$ref: '../../components/responses/internal/success-delete-api-key.yaml'

10
backend/openapi/paths/internal/meet-global-config.yaml
View File

@ -7,7 +7,7 @@
tags:
- Internal API - Global Config
security:
- accessTokenCookie: []
- accessTokenHeader: []
responses:
'200':
$ref: '../../components/responses/internal/success-get-webhooks-config.yaml'
@ -25,7 +25,7 @@
tags:
- Internal API - Global Config
security:
- accessTokenCookie: []
- accessTokenHeader: []
requestBody:
$ref: '../../components/requestBodies/internal/update-webhooks-config.yaml'
responses:
@ -81,7 +81,7 @@
tags:
- Internal API - Global Config
security:
- accessTokenCookie: []
- accessTokenHeader: []
requestBody:
$ref: '../../components/requestBodies/internal/update-security-config.yaml'
responses:
@ -105,7 +105,7 @@
tags:
- Internal API - Global Config
security:
- accessTokenCookie: []
- accessTokenHeader: []
responses:
'200':
$ref: '../../components/responses/internal/success-get-appearance-config.yaml'
@ -125,7 +125,7 @@
tags:
- Internal API - Global Config
security:
- accessTokenCookie: []
- accessTokenHeader: []
requestBody:
$ref: '../../components/requestBodies/internal/update-appearance-config.yaml'
responses:

6
backend/openapi/paths/internal/meetings.yaml
View File

@ -9,7 +9,7 @@
tags:
- Internal API - Meetings
security:
- participantTokenCookie: []
- participantTokenHeader: []
parameters:
- $ref: '../../components/parameters/room-id-path.yaml'
- $ref: '../../components/parameters/internal/x-participant-role.yaml'
@ -35,7 +35,7 @@
tags:
- Internal API - Meetings
security:
- participantTokenCookie: []
- participantTokenHeader: []
parameters:
- $ref: '../../components/parameters/room-id-path.yaml'
- $ref: '../../components/parameters/internal/participant-identity.yaml'
@ -62,7 +62,7 @@
tags:
- Internal API - Meetings
security:
- participantTokenCookie: []
- participantTokenHeader: []
parameters:
- $ref: '../../components/parameters/room-id-path.yaml'
- $ref: '../../components/parameters/internal/participant-identity.yaml'

4
backend/openapi/paths/internal/participants.yaml
View File

@ -7,7 +7,7 @@
tags:
- Internal API - Participant
security:
- accessTokenCookie: []
- accessTokenHeader: []
requestBody:
$ref: '../../components/requestBodies/internal/participant-token-request.yaml'
responses:
@ -36,7 +36,7 @@
tags:
- Internal API - Participant
security:
- accessTokenCookie: []
- accessTokenHeader: []
requestBody:
$ref: '../../components/requestBodies/internal/participant-token-request.yaml'
responses:

4
backend/openapi/paths/internal/recordings.yaml
View File

@ -7,7 +7,7 @@
tags:
- Internal API - Recordings
security:
- participantTokenCookie: []
- participantTokenHeader: []
parameters:
- $ref: '../../components/parameters/internal/x-participant-role.yaml'
requestBody:
@ -42,7 +42,7 @@
tags:
- Internal API - Recordings
security:
- participantTokenCookie: []
- participantTokenHeader: []
parameters:
- $ref: '../../components/parameters/recording-id.yaml'
- $ref: '../../components/parameters/internal/x-participant-role.yaml'

2
backend/openapi/paths/internal/rooms.yaml
View File

@ -8,7 +8,7 @@
tags:
- Internal API - Rooms
security:
- accessTokenCookie: []
- accessTokenHeader: []
parameters:
- $ref: '../../components/parameters/room-id-path.yaml'
requestBody:

4
backend/openapi/paths/internal/users.yaml
View File

@ -7,7 +7,7 @@
tags:
- Internal API - Users
security:
- accessTokenCookie: []
- accessTokenHeader: []
responses:
'200':
$ref: '../../components/responses/internal/success-get-profile.yaml'
@ -22,7 +22,7 @@
tags:
- Internal API - Users
security:
- accessTokenCookie: []
- accessTokenHeader: []
requestBody:
$ref: '../../components/requestBodies/internal/change-password-request.yaml'
responses:

50
backend/openapi/paths/recordings.yaml
View File

@ -6,14 +6,14 @@
Retrieves a paginated list of all recordings available in the system.
You can apply filters to narrow down the results based on specific criteria.
> **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method,
> **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method,
> the `roomId` filter will be ignored and only recordings associated with the room included in the token will be returned.
tags:
- OpenVidu Meet - Recordings
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- recordingTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- recordingTokenHeader: []
parameters:
# - $ref: '../components/parameters/recording-status.yaml'
- $ref: '../components/parameters/recording-fields.yaml'
@ -38,15 +38,15 @@
description: |
Deletes multiple recordings at once with the specified recording IDs.
> **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method,
> **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method,
> all specified recordings must belong to the same room included in the token.
> If a recording does not belong to that room, it will not be deleted.
tags:
- OpenVidu Meet - Recordings
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- recordingTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- recordingTokenHeader: []
parameters:
- $ref: '../components/parameters/recording-ids.yaml'
responses:
@ -71,15 +71,15 @@
Downloads multiple recordings as a ZIP file with the specified recording IDs.
The ZIP file will contain all recordings in MP4 format.
> **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method,
> **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method,
> all specified recordings must belong to the same room included in the token.
> If a recording does not belong to that room, it will not be included in the ZIP file.
tags:
- OpenVidu Meet - Recordings
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- recordingTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- recordingTokenHeader: []
parameters:
- $ref: '../components/parameters/recording-ids.yaml'
responses:
@ -118,9 +118,9 @@
tags:
- OpenVidu Meet - Recordings
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- recordingTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- recordingTokenHeader: []
parameters:
- $ref: '../components/parameters/recording-id.yaml'
- $ref: '../components/parameters/recording-secret.yaml'
@ -150,9 +150,9 @@
tags:
- OpenVidu Meet - Recordings
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- recordingTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- recordingTokenHeader: []
parameters:
- $ref: '../components/parameters/recording-id.yaml'
responses:
@ -183,9 +183,9 @@
tags:
- OpenVidu Meet - Recordings
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- recordingTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- recordingTokenHeader: []
parameters:
- $ref: '../components/parameters/recording-id.yaml'
- $ref: '../components/parameters/recording-secret.yaml'
@ -252,14 +252,14 @@
Retrieves the URL of a recording with the specified recording ID.
This URL is intended to be shared with people who do not have direct access to the recording.
# It can be configured to be accessible by anyone (public access) or restricted to authenticated users only,
# It can be configured to be accessible by anyone (public access) or restricted to authenticated users only,
# depending on the `privateAccess` query parameter.
tags:
- OpenVidu Meet - Recordings
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- recordingTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- recordingTokenHeader: []
parameters:
- $ref: '../components/parameters/recording-id.yaml'
# - $ref: '../components/parameters/private-access.yaml'

32
backend/openapi/paths/rooms.yaml
View File

@ -8,8 +8,8 @@
tags:
- OpenVidu Meet - Rooms
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
requestBody:
$ref: '../components/requestBodies/create-room-request.yaml'
responses:
@ -32,8 +32,8 @@
tags:
- OpenVidu Meet - Rooms
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
parameters:
- $ref: '../components/parameters/room-name.yaml'
- $ref: '../components/parameters/room-fields.yaml'
@ -64,8 +64,8 @@
tags:
- OpenVidu Meet - Rooms
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
parameters:
- $ref: '../components/parameters/room-ids.yaml'
- $ref: '../components/parameters/meeting-deletion-policy.yaml'
@ -92,9 +92,9 @@
tags:
- OpenVidu Meet - Rooms
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- participantTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- participantTokenHeader: []
parameters:
- $ref: '../components/parameters/room-id-path.yaml'
- $ref: '../components/parameters/room-fields.yaml'
@ -128,8 +128,8 @@
tags:
- OpenVidu Meet - Rooms
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
parameters:
- $ref: '../components/parameters/room-id-path.yaml'
- $ref: '../components/parameters/meeting-deletion-policy.yaml'
@ -160,9 +160,9 @@
tags:
- OpenVidu Meet - Rooms
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- participantTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
- participantTokenHeader: []
parameters:
- $ref: '../components/parameters/room-id-path.yaml'
- $ref: '../components/parameters/internal/x-participant-role.yaml'
@ -189,8 +189,8 @@
tags:
- OpenVidu Meet - Rooms
security:
- apiKeyInHeader: []
- accessTokenCookie: []
- apiKeyHeader: []
- accessTokenHeader: []
parameters:
- $ref: '../components/parameters/room-id-path.yaml'
requestBody: