nanochat/contracts/openapi/auth-api.yaml

openapi: 3.1.0
info:
  title: samosaChaat Auth API
  version: 0.1.0
  description: >
    Contract skeleton for the authentication service. OAuth providers, session
    exchange, and user identity endpoints must conform to this document.    
servers:
  - url: http://auth:8001
paths:
  /health:
    get:
      summary: Readiness probe for the auth service.
      security: []
      responses:
        "200":
          description: Auth service health.
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
                  ready:
                    type: boolean
                required:
                  - status
                  - ready
  /auth/oauth/{provider}/start:
    get:
      summary: Begin an OAuth login flow.
      parameters:
        - $ref: "#/components/parameters/OAuthProvider"
      responses:
        "302":
          description: Redirect to the provider authorization page.
  /auth/oauth/{provider}/callback:
    get:
      summary: Complete an OAuth login flow.
      parameters:
        - $ref: "#/components/parameters/OAuthProvider"
        - in: query
          name: code
          required: true
          schema:
            type: string
      responses:
        "200":
          description: Session established.
          content:
            application/json:
              schema:
                type: object
                properties:
                  user:
                    $ref: ../schemas/user.json
                  access_token:
                    type: string
                required:
                  - user
                  - access_token
  /auth/me:
    get:
      summary: Return the authenticated user profile.
      security:
        - sessionCookie: []
      responses:
        "200":
          description: Current user profile.
          content:
            application/json:
              schema:
                $ref: ../schemas/user.json
  /auth/token/refresh:
    post:
      summary: Exchange a refresh token for a new access token.
      responses:
        "200":
          description: Refreshed session token pair.
          content:
            application/json:
              schema:
                type: object
                properties:
                  access_token:
                    type: string
                  expires_in:
                    type: integer
                required:
                  - access_token
                  - expires_in
components:
  parameters:
    OAuthProvider:
      in: path
      name: provider
      required: true
      schema:
        type: string
        enum:
          - google
          - github
  securitySchemes:
    sessionCookie:
      type: apiKey
      in: cookie
      name: session