openapi: 3.0.1 info: title: Thinkific OAuth description: Thinkific's OAuth API for granting access to applications. termsOfService: http://developers.thinkific.com/legal/ contact: email: developers@thinkific.com version: v1 externalDocs: description: Find out more about Thinkifc's API url: http://developers.thinkific.com/api/authorization/ servers: - url: http://{subdomain}.thinkific.com/ tags: - name: OAuth2 description: OAuth Authorization operations paths: /oauth2/authorize: get: tags: - OAuth2 summary: OAuth authorize endpoint description: Redirects user to authorize access in Thinkific operationId: oauthAuthorize parameters: - name: client_id in: query description: Client ID (Client Key) required: true schema: type: string - name: redirect_uri in: query description: URI to redirect once oauth flow succeed required: true schema: type: string - name: response_mode in: query description: oauth expected response mode required: false schema: type: string enum: [query, form_post] - name: response_type in: query description: oauth expected response type required: true schema: type: string enum: [code, id_token, code id_token] - name: scope in: query description: 'identify openid connect scopes, possible values are: openid, profile, email and site' schema: type: string example: openid profile email site - name: nonce in: query description: string value used by the client server to verify ID_Token an avoid replay attacks. schema: type: string example: woid29jjJB1bb - name: state in: query description: state parameter for oauth, the value passed in state will be returned to the application schema: type: string - name: code_challenge in: query description: a base64 url encoded and hashed version of the previously generated code verifier random string schema: type: string - name: code_challenge_method in: query description: the algorithm used to generate the code challenge schema: type: string enum: [S256] responses: 200: description: renders page to user so them can give access to the app 302: description: redirects back to app when user already authorized app 401: description: Unauthorized access /oauth2/token: post: tags: - OAuth2 summary: Generate or refresh access token description: Generates a new oauth2 token security: - clientIdAndClientSecret: [] operationId: requestToken requestBody: required: true content: application/json: schema: type: object properties: grant_type: type: string enum: [authorization_code, refresh_token] code: type: string refresh_token: type: string redirect_uri: type: string code_verifier: type: string required: - grant_type responses: 200: description: success content: token: schema: type: object properties: access_token: type: string description: access token to make secure requests refresh_token: type: string description: refresh token to request a new access token token_type: type: string gid: type: string description: Thinkific's site global id expires_in: type: number description: number of seconds until the access token will become invalid 401: description: Unauthorized access /oauth2/revoke: post: tags: - OAuth2 summary: Revoke access token description: Endpoint to revoke access token security: - clientIdAndClientSecret: [] operationId: revokeToken requestBody: required: true content: application/x-www-form-urlencoded: schema: required: - token type: object properties: token: type: string description: Token to be revoked responses: 200: description: access token revoked 401: description: unauthorized access components: securitySchemes: clientIdAndClientSecret: type: http scheme: basic description: clientId(username) and clientSecret(password) authentication oauth2: type: http scheme: bearer