OpenAPI 3.0 specification

david-gibbs-ig · July 22, 2023, 9:59am

Feature:
OpenAPI 3.0 specification

Description:
I cannot find an OpenAPI 3 specification for the Auth0 Management API. I have seen that there are long-standing requests for this feature. The absence of an OAS is surprising given the good quality of Auth0 documents and the investment in developer support. OAS 3 is quite mature, it would be a good investment of time now to update API docs and to publish the spec.

Use-case:
We need to build integrations for automation with the management API and I would be able to generate most of the code required if there was an OAS. The generated code would be maintainable if Auth0 updates their API. This will reduce the costs of development and management for Auth0 clients. Some Auth0 competitors already offer this to a good standard : https://raw.githubusercontent.com/FusionAuth/fusionauth-openapi/main/openapi.yaml

konrad.sopala · July 26, 2023, 12:13pm

Hey there David!

Thanks for creating this one! Make sure to upvote it so that it gets as much attention as possible. We review those feedback cards on a monthly basis and will let you know once we make any updates on that front!

ch4mp · December 5, 2024, 1:04am

I’d like to draw the Auth0 product team’s attention to the importance of this feature request which is now 1.5 years old.

As pointed out by David, this would be a huge energy saver for those who, like me, are maintaining backends with REST clients generated from OpenAPI specs.

Also, as David pointed out, this is something competitors have been doing for quite some time already. For instance, I use Keycloak’s spec to call its admin API with generated clients. To declare a REST service, I need no more than this:

@Configuration
public class RestConfig {
  @Bean
  UsersApi usersApi(RestClient keycloakAdminClient) throws Exception {
    return new RestClientHttpExchangeProxyFactoryBean<>(UsersApi.class, keycloakAdminClient).getObject();
  }
}

I can then inject that service and use it in my own controllers as follows:

@RestController
@RequestMapping(path = "/skill-tests")
@RequiredArgsConstructor
public class SkillTestController {
  private final UsersApi keycloakUsersApi;
  ...
  private List<UserRepresentation> getUsers(final String username) {
    return keycloakUsersApi.adminRealmsRealmUsersGet("quiz", Optional.empty(), Optional.empty(),
        Optional.empty(), Optional.empty(), Optional.of(true), Optional.empty(), Optional.empty(),
        Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(),
        Optional.empty(), Optional.of(username)).getBody();
  }
}

Note that I wrote absolutely no code for DTOs, REST clients request authorization with OAuth2 access tokens acquired with client credentials, or requests themselves (base-path, path, HTTP verbs to use, request params names and serialization, body (de)serialization, etc.).

UsersApi interface and UserRepresentation DTO are generated from the OpenAPI spec. The keycloakAdminClient is defined and configured by a Boot starter of mine, and the UsersApi implementation is generated by Spring.

When I upgrade Keycloak version, all I have to do is update the OpenAPI spec, and if there were breaking changes in the endpoints I use, I’d get compilation errors (I never had so far).

t333456 · December 20, 2024, 1:11pm

How is it possible that Auth0 are providing a REST API in %current year% without an OpenAPI-specification? Frankly embarrassing.

Topic		Replies	Views
OpenAPI Specification for Auth0 APIs Help testing , integrations , openapi , contract	3	5586	March 2, 2018
Spec for Auth0 API Help api	2	3262	October 2, 2019
Auth0 + OpenAPI 3.0 Help auth0 , api , openapi	13	11167	February 19, 2024
RFC8693 OAuth 2.0 Token Exchange Feedback api , oauth2	10	7577	September 27, 2024
Management and Authentication API analytics in Auth0 Dashboard Feedback authentication-api , auth0 , management-api , dashboard , analytics	1	2734	October 12, 2021

OpenAPI 3.0 specification

Related topics