{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://schema.yext.com/config/pages/authentication-policy",
  "$version": "1",
  "type": "object",
  "title": "Authentication Policy",
  "description": "Configures an authentication policy.",
  "properties": {
    "$id": {
      "type": "string",
      "minLength": 1,
      "maxLength": 64
    },
    "$schema": {
      "const": "https://schema.yext.com/config/pages/authentication-policy/v1"
    },
    "name": {
      "type": "string",
      "description": "The name of the authentication policy",
      "minLength": 1,
      "maxLength": 255
    },
    "authentication": {
      "type": "object",
      "properties": {
        "yext": {
          "type": "boolean"
        },
        "oidc": {
          "type": "object",
          "properties": {
            "clientId": {
              "type": "string",
              "description": "The Client ID provided by the OIDC Identity Provider."
            },
            "clientSecret": {
              "type": "string",
              "description": "The Client Secret provided by the OIDC Identity Provider."
            },
            "loginUrl": {
              "type": "string",
              "description": "The login URL provided by the OIDC Identity Provider."
            },
            "configurationEndpoint": {
              "type": "string",
              "description": "An optional endpoint used for OIDC configuration discovery. This endpoint may be needed for some Identity Providers where the configuration endpoint cannot be derived from the loginURL. When this endpoint is provided, the loginURL will be used as the issuer endpoint regardless of the one provided in the discovery document."
            },
            "scopes": {
              "type": "array",
              "description": "An optional list of scopes to include in the authentication request to the OIDC Identity Provider. If not provided, the default scopes of [\"openid\", \"profile\", \"email\"] will be used."
            }
          },
          "required": [
            "clientId",
            "clientSecret",
            "loginUrl"
          ]
        },
        "password": {
          "type": "object",
          "properties": {
            "passwordValue": {
              "type": "string"
            }
          },
          "required": [
            "passwordValue"
          ]
        }
      },
      "oneOf": [
        {
          "required": [
            "yext"
          ]
        },
        {
          "required": [
            "oidc"
          ]
        },
        {
          "required": [
            "password"
          ]
        }
      ]
    },
    "apiTokens": {
      "type": "array",
      "description": "A list of all api tokens for the policy",
      "items": {
        "$ref": "#/definitions/token"
      }
    }
  },
  "required": [
    "$id",
    "$schema",
    "name",
    "authentication"
  ],
  "definitions": {
    "token": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string"
        },
        "keyId": {
          "type": "string"
        },
        "claims": {
          "type": "object",
          "properties": {
            "aud": {
              "type": "string"
            },
            "expiresIn": {
              "type": "integer"
            },
            "query": {
              "type": "object",
              "properties": {
                "experienceVersion": {
                  "type": "string",
                  "minimum": 1,
                  "maximum": 50,
                  "description": "The version label of the Answers experience associated with the event."
                }
              },
              "default": {
                "experienceVersion": "STAGING"
              }
            }
          },
          "required": [
            "aud",
            "expiresIn"
          ]
        },
        "scope": {
          "type": "string"
        }
      },
      "required": [
        "name",
        "keyId",
        "claims"
      ]
    }
  }
}