OASIS OData TC - Vocabularies

Authorization Vocabulary

Namespace: Org.OData.Authorization.V1

The Authorization Vocabulary provides terms for describing authorization requirements of the service

Terms

Term Type Description
SecuritySchemes [SecurityScheme] At least one of the specified security schemes are required to make a request against the service
Authorizations [Authorization] Lists the methods supported by the service to authorize access

SecurityScheme

Property Type Description
Authorization SchemeName The name of a required authorization scheme
RequiredScopes [String] The names of scopes required from this authorization scheme

Authorization

Base type for all Authorization types

Derived Types:

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme

OpenIDConnect: Authorization

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
IssuerUrl URL Issuer location for the OpenID Provider. Configuration information can be obtained by appending /.well-known/openid-configuration to this Url.

Http: Authorization

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scheme String HTTP Authorization scheme to be used in the Authorization header, as per RFC7235
BearerFormat String? Format of the bearer token

OAuthAuthorization: Authorization

Derived Types:

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url

OAuth2ClientCredentials: OAuthAuthorization

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
TokenUrl URL Token Url

OAuth2Implicit: OAuthAuthorization

Security note: OAuth2 implicit grant is considered to be not secure and should not be used by clients, see OAuth 2.0 Security Best Current Practice.

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
AuthorizationUrl URL Authorization URL

OAuth2Password: OAuthAuthorization

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
TokenUrl URL Token Url

OAuth2AuthCode: OAuthAuthorization

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
Scopes [AuthorizationScope] Available scopes
RefreshUrl URL? Refresh Url
AuthorizationUrl URL Authorization URL
TokenUrl URL Token Url

AuthorizationScope

Property Type Description
Scope String Scope name
Grant String? Identity that has access to the scope or can grant access to the scope.
Description String Description of the scope

ApiKey: Authorization

Property Type Description
Name String Name that can be used to reference the authorization scheme
Description String? Description of the authorization scheme
KeyName String The name of the header or query parameter
Location KeyLocation Whether the API Key is passed in the header or as a query option

KeyLocation

Member Value Description
Header 0 API Key is passed in the header
QueryOption 1 API Key is passed as a query option
Cookie 2 API Key is passed as a cookie

SchemeName

Type: String

The name of the authorization scheme.