ss-tools/specs/016-multi-user-auth/contracts/api.yaml

openapi: 3.0.0
info:
  title: Authentication API
  version: 1.0.0
paths:
  /api/auth/login:
    post:
      summary: Login with username/password
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              properties:
                username:
                  type: string
                password:
                  type: string
      responses:
        '200':
          description: Successful login
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Token'
        '401':
          description: Invalid credentials

  /api/auth/login/adfs:
    get:
      summary: Initiate ADFS login flow
      responses:
        '302':
          description: Redirect to ADFS provider

  /api/auth/callback/adfs:
    get:
      summary: ADFS callback handler
      parameters:
        - in: query
          name: code
          schema:
            type: string
          required: true
      responses:
        '200':
          description: Successful login via ADFS
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Token'

  /api/auth/me:
    get:
      summary: Get current user profile
      security:
        - bearerAuth: []
      responses:
        '200':
          description: User profile
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'

  /api/admin/users:
    get:
      summary: List all users
      security:
        - bearerAuth: []
      responses:
        '200':
          description: List of users
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/User'
    post:
      summary: Create a new user
      security:
        - bearerAuth: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserCreate'
      responses:
        '201':
          description: User created

components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
  schemas:
    Token:
      type: object
      properties:
        access_token:
          type: string
        token_type:
          type: string
    User:
      type: object
      properties:
        id:
          type: string
        username:
          type: string
        email:
          type: string
        roles:
          type: array
          items:
            type: string
    UserCreate:
      type: object
      properties:
        username:
          type: string
        password:
          type: string
        roles:
          type: array
          items:
            type: string