docs: clarify consent request list endpoint (#1859)

Closes #1856
ory · May 16, 2020 · 6dabd9b · 6dabd9b
1 parent 012dfb7
commit 6dabd9b
Show file tree

Hide file tree

Showing 26 changed files with 231 additions and 186 deletions.
diff --git a/.schema/api.swagger.json b/.schema/api.swagger.json
@@ -1335,7 +1335,7 @@
     },
     "/oauth2/auth/sessions/consent": {
       "get": {
-        "description": "This endpoint lists all subject's granted consent sessions, including client and granted scope.\nThe \"Link\" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '\u003chttps://hydra-url/admin/oauth2/auth/sessions/consent?subject={user}\u0026limit={limit}\u0026offset={offset}\u003e; rel=\"{page}\"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'.\nMultiple links can be included in this header, and will be separated by a comma.",
+        "description": "This endpoint lists all subject's granted consent sessions, including client and granted scope.\nIf the subject is unknown or has not granted any consent sessions yet, the endpoint returns an\nempty JSON array with status code 200 OK.\n\n\nThe \"Link\" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '\u003chttps://hydra-url/admin/oauth2/auth/sessions/consent?subject={user}\u0026limit={limit}\u0026offset={offset}\u003e; rel=\"{page}\"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'.\nMultiple links can be included in this header, and will be separated by a comma.",
         "consumes": [
           "application/json"
         ],
@@ -1375,12 +1375,6 @@
               "$ref": "#/definitions/genericError"
             }
           },
-          "404": {
-            "description": "genericError",
-            "schema": {
-              "$ref": "#/definitions/genericError"
-            }
-          },
           "500": {
             "description": "genericError",
             "schema": {
@@ -1831,10 +1825,10 @@
       "description": "It is important that this model object is named JSONWebKey for\n\"swagger generate spec\" to generate only on definition of a\nJSONWebKey.",
       "type": "object",
       "required": [
-        "alg",
-        "kid",
+        "use",
         "kty",
-        "use"
+        "kid",
+        "alg"
       ],
       "properties": {
         "alg": {
@@ -2108,7 +2102,7 @@
       }
     },
     "PluginConfigNetwork": {
-      "description": "PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork plugin config network",
+      "description": "PluginConfigNetwork plugin config network",
       "type": "object",
       "required": [
         "Type"
@@ -2185,7 +2179,7 @@
       }
     },
     "PluginEnv": {
-      "description": "PluginEnv PluginEnv plugin env",
+      "description": "PluginEnv plugin env",
       "type": "object",
       "required": [
         "Description",
@@ -2289,7 +2283,7 @@
     },
     "PluginSettings": {
       "type": "object",
-      "title": "PluginSettings PluginSettings PluginSettings Settings that can be modified by users.",
+      "title": "PluginSettings Settings that can be modified by users.",
       "required": [
         "Args",
         "Devices",
@@ -2328,30 +2322,20 @@
       }
     },
     "PreviousConsentSession": {
-      "description": "PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession The response used to return used consent requests\nsame as HandledLoginRequest, just with consent_request exposed as json",
+      "description": "The response used to return used consent requests\nsame as HandledLoginRequest, just with consent_request exposed as json",
       "type": "object",
       "properties": {
         "consent_request": {
           "$ref": "#/definitions/consentRequest"
         },
         "grant_access_token_audience": {
-          "description": "GrantedAudience sets the audience the user authorized the client to use. Should be a subset of `requested_access_token_audience`.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
+          "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "grant_scope": {
-          "description": "GrantScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
+          "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "handled_at": {
-          "description": "handled at\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time",
-          "type": "string",
-          "format": "date-time"
+          "$ref": "#/definitions/NullTime"
         },
         "remember": {
           "description": "Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same\nclient asks the same user for the same, or a subset of, scope.",
@@ -2375,7 +2359,7 @@
       }
     },
     "VolumeUsageData": {
-      "description": "VolumeUsageData VolumeUsageData Usage details about the volume. This information is used by the\n`GET /system/df` endpoint, and omitted in other endpoints.",
+      "description": "VolumeUsageData Usage details about the volume. This information is used by the\n`GET /system/df` endpoint, and omitted in other endpoints.",
       "type": "object",
       "required": [
         "RefCount",
@@ -2396,20 +2380,12 @@
     },
     "acceptConsentRequest": {
       "type": "object",
-      "title": "AcceptConsentRequest AcceptConsentRequest AcceptConsentRequest AcceptConsentRequest The request payload used to accept a consent request.",
+      "title": "The request payload used to accept a consent request.",
       "properties": {
         "grant_access_token_audience": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
           "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "grant_scope": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
           "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "handled_at": {
@@ -2431,7 +2407,7 @@
     },
     "acceptLoginRequest": {
       "type": "object",
-      "title": "AcceptLoginRequest HandledLoginRequest is the request payload used to accept a login request.",
+      "title": "HandledLoginRequest is the request payload used to accept a login request.",
       "required": [
         "subject"
       ],
@@ -2464,7 +2440,7 @@
     },
     "completedRequest": {
       "type": "object",
-      "title": "CompletedRequest CompletedRequest The response payload sent when accepting or rejecting a login or consent request.",
+      "title": "The response payload sent when accepting or rejecting a login or consent request.",
       "properties": {
         "redirect_to": {
           "description": "RedirectURL is the URL which you should redirect the user to once the authentication process is completed.",
@@ -2474,7 +2450,7 @@
     },
     "consentRequest": {
       "type": "object",
-      "title": "ConsentRequest ConsentRequest Contains information on an ongoing consent request.",
+      "title": "Contains information on an ongoing consent request.",
       "properties": {
         "acr": {
           "description": "ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it\nto express that, for example, a user authenticated using two factor authentication.",
@@ -2506,17 +2482,9 @@
           "type": "string"
         },
         "requested_access_token_audience": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
           "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "requested_scope": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
           "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "skip": {
@@ -2531,7 +2499,7 @@
     },
     "consentRequestSession": {
       "type": "object",
-      "title": "ConsentRequestSession Used to pass session data to a consent request.",
+      "title": "Used to pass session data to a consent request.",
       "properties": {
         "access_token": {
           "description": "AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the\nrefresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.\nIf only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties\ncan access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!",
@@ -2550,11 +2518,10 @@
       }
     },
     "flushInactiveOAuth2TokensRequest": {
-      "description": "FlushInactiveOAuth2TokensRequest flush inactive o auth2 tokens request",
       "type": "object",
       "properties": {
         "notAfter": {
-          "description": "NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history\nof recently issued tokens for auditing.\nFormat: date-time",
+          "description": "NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history\nof recently issued tokens for auditing.",
           "type": "string",
           "format": "date-time"
         }
@@ -2563,7 +2530,7 @@
     "genericError": {
       "description": "Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.",
       "type": "object",
-      "title": "GenericError Error response",
+      "title": "Error response",
       "required": [
         "error"
       ],
@@ -2592,7 +2559,6 @@
       }
     },
     "healthNotReadyStatus": {
-      "description": "HealthNotReadyStatus health not ready status",
       "type": "object",
       "properties": {
         "errors": {
@@ -2605,7 +2571,6 @@
       }
     },
     "healthStatus": {
-      "description": "HealthStatus HealthStatus HealthStatus health status",
       "type": "object",
       "properties": {
         "status": {
@@ -2618,8 +2583,8 @@
       "type": "object",
       "required": [
         "alg",
-        "kid",
-        "use"
+        "use",
+        "kid"
       ],
       "properties": {
         "alg": {
@@ -2638,7 +2603,7 @@
     },
     "loginRequest": {
       "type": "object",
-      "title": "LoginRequest LoginRequest LoginRequest LoginRequest LoginRequest LoginRequest Contains information on an ongoing login request.",
+      "title": "Contains information on an ongoing login request.",
       "properties": {
         "challenge": {
           "description": "Challenge is the identifier (\"login challenge\") of the login request. It is used to\nidentify the session.",
@@ -2655,17 +2620,9 @@
           "type": "string"
         },
         "requested_access_token_audience": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
           "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "requested_scope": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
           "$ref": "#/definitions/StringSlicePipeDelimiter"
         },
         "session_id": {
@@ -2835,7 +2792,7 @@
     "oAuth2TokenIntrospection": {
       "description": "https://tools.ietf.org/html/rfc7662",
       "type": "object",
-      "title": "OAuth2TokenIntrospection Introspection contains an access token's session data as specified by IETF RFC 7662, see:",
+      "title": "Introspection contains an access token's session data as specified by IETF RFC 7662, see:",
       "required": [
         "active"
       ],
@@ -2904,32 +2861,26 @@
       }
     },
     "oauth2TokenResponse": {
-      "description": "Oauth2TokenResponse Oauth2TokenResponse Oauth2TokenResponse Oauth2TokenResponse The Access Token Response",
+      "description": "The Access Token Response",
       "type": "object",
       "properties": {
         "access_token": {
-          "description": "access token",
           "type": "string"
         },
         "expires_in": {
-          "description": "expires in",
           "type": "integer",
           "format": "int64"
         },
         "id_token": {
-          "description": "id token",
           "type": "string"
         },
         "refresh_token": {
-          "description": "refresh token",
           "type": "string"
         },
         "scope": {
-          "description": "scope",
           "type": "string"
         },
         "token_type": {
-          "description": "token type",
           "type": "string"
         }
       }
@@ -2974,30 +2925,25 @@
       "title": "The request payload used to accept a login or consent request.",
       "properties": {
         "error": {
-          "description": "error",
           "type": "string"
         },
         "error_debug": {
-          "description": "error debug",
           "type": "string"
         },
         "error_description": {
-          "description": "error description",
           "type": "string"
         },
         "error_hint": {
-          "description": "error hint",
           "type": "string"
         },
         "status_code": {
-          "description": "status code",
           "type": "integer",
           "format": "int64"
         }
       }
     },
     "userinfoResponse": {
-      "description": "UserinfoResponse The userinfo response",
+      "description": "The userinfo response",
       "type": "object",
       "properties": {
         "birthdate": {
@@ -3080,7 +3026,6 @@
       }
     },
     "version": {
-      "description": "Version Version version",
       "type": "object",
       "properties": {
         "version": {
@@ -3092,7 +3037,7 @@
     "wellKnown": {
       "description": "It includes links to several endpoints (e.g. /oauth2/token) and exposes information on supported signature algorithms\namong others.",
       "type": "object",
-      "title": "WellKnown WellKnown WellKnown WellKnown represents important OpenID Connect discovery metadata",
+      "title": "WellKnown represents important OpenID Connect discovery metadata",
       "required": [
         "issuer",
         "authorization_endpoint",

diff --git a/consent/handler.go b/consent/handler.go
@@ -128,6 +128,10 @@ func (h *Handler) DeleteConsentSession(w http.ResponseWriter, r *http.Request, p
 // Lists all consent sessions of a subject
 //
 // This endpoint lists all subject's granted consent sessions, including client and granted scope.
+// If the subject is unknown or has not granted any consent sessions yet, the endpoint returns an
+// empty JSON array with status code 200 OK.
+//
+//
 // The "Link" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '<https://hydra-url/admin/oauth2/auth/sessions/consent?subject={user}&limit={limit}&offset={offset}>; rel="{page}"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'.
 // Multiple links can be included in this header, and will be separated by a comma.
 //
@@ -142,7 +146,6 @@ func (h *Handler) DeleteConsentSession(w http.ResponseWriter, r *http.Request, p
 //     Responses:
 //       200: handledConsentRequestList
 //       400: genericError
-//       404: genericError
 //       500: genericError
 func (h *Handler) GetConsentSessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	subject := r.URL.Query().Get("subject")

diff --git a/internal/httpclient/client/admin/admin_client.go b/internal/httpclient/client/admin/admin_client.go