{"openapi":"3.1.0","info":{"title":"SDEP - Auth API","description":"Authentication endpoints for machine-to-machine OAuth2 Client Credentials flow via Keycloak.","version":"PRD-0.0.1-2604241245"},"servers":[{"url":"/api/auth/v1"}],"paths":{"/token":{"post":{"tags":["auth"],"summary":"Get access token (JWT bearer)","description":"Token endpoint for machine-to-machine authentication using OAuth 2.0 Client Credentials Grant. Supports both HTTP Basic Authentication and form parameters.","operationId":"post_auth_token","requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"$ref":"#/components/schemas/Auth.TokenRequest"}}}},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}}},"500":{"description":"Internal Server Error - an unexpected issue occurred that prevented the request from being completed"},"503":{"description":"Service Unavailable - temporarily unable to process requests due to overload, maintenance, or dependency issues (database/authorization server)"},"400":{"description":"Bad Request - missing client credentials","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized - authentication failed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}},"components":{"schemas":{"Auth.TokenRequest":{"properties":{"client_id":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Client Id","description":"Client ID for M2M authentication"},"client_secret":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Client Secret","description":"Client secret for M2M authentication"},"grant_type":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Grant Type","description":"OAuth2 grant type (client_credentials)"}},"type":"object","title":"Auth.TokenRequest"},"TokenResponse":{"properties":{"access_token":{"type":"string","title":"Access Token","description":"OAuth2 bearer access token to be used in the Authorization header of subsequent API requests"},"token_type":{"type":"string","title":"Token Type","description":"Type of token issued (typically 'Bearer')"},"expires_in":{"type":"integer","title":"Expires In","description":"Lifetime of the access token in seconds"}},"type":"object","required":["access_token","token_type","expires_in"],"title":"Auth.TokenResponse","description":"OAuth2 token response model"},"ErrorDetail":{"properties":{"msg":{"type":"string","title":"Msg","description":"Human-readable error message"},"type":{"type":"string","title":"Type","description":"Error type identifier"},"loc":{"anyOf":[{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array"},{"type":"null"}],"title":"Loc","description":"Location of the error (e.g. ['body', 'fieldName'])"}},"type":"object","required":["msg","type"],"title":"Error.Detail","description":"Detail of a single error."},"ErrorResponse":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ErrorDetail"},"type":"array","title":"Detail","description":"List of error details"}},"type":"object","required":["detail"],"title":"Error.Response","description":"Standardized error response format."}}}}