Is there a RAML definition of the OAuth 2.0 RFC? I see lots of RAML files that refer to using OAuth 2, but I am looking for a definition of OAuth 2.0 itself written in RAML. In other words, what would a RAML file look like for the OAuth2 authorization server itself?
Do you mean something like that:
securitySchemes: - oauth_2_0: description: | Dropbox supports OAuth 2.0 for authenticating all API requests. type: OAuth 2.0 describedBy: headers: Authorization: description: | Used to send a valid OAuth 2 access token. Do not use with the "access_token" query string parameter. type: string queryParameters: access_token: description: | Used to send a valid OAuth 2 access token. Do not use together with the "Authorization" header type: string responses: 401: description: | Bad or expired token. This can happen if the user or Dropbox revoked or expired an access token. To fix, you should re- authenticate the user. 403: description: | Bad OAuth request (wrong consumer key, bad nonce, expired timestamp...). Unfortunately, re-authenticating the user won't help here. settings: authorizationUri: https://www.dropbox.com/1/oauth2/authorize accessTokenUri: https://api.dropbox.com/1/oauth2/token authorizationGrants: [ code, token ]
Thank you for your response. That is not quite what I was asking about. I was thinking more about a RAML file that documented what was defined in RFC 6749 and related specs.
I am new to RAML, but I think what you have shown is how to described using the RAML “securitySchemes” mechanism how to define what parameters are there and what they mean.
I was more curious if there was a RAML definition of OAUth itself (when gets are used vs. posts, etc.)
I don’t think that is something possible. Maybe someone else can jump on this as well cc @Aldo_Bucchi