├── .github ├── remark.yaml └── workflows │ ├── publish.yaml │ └── test.yaml ├── .gitignore ├── .vscode ├── CHANGELOG.md ├── LICENSE ├── README.md ├── examples ├── collection.json └── item.json ├── json-schema └── schema.json └── package.json /.github/remark.yaml: -------------------------------------------------------------------------------- 1 | plugins: 2 | # Check links 3 | - validate-links 4 | # Apply some recommended defaults for consistency 5 | - remark-preset-lint-consistent 6 | - remark-preset-lint-recommended 7 | - lint-no-html 8 | # General formatting 9 | - - remark-lint-emphasis-marker 10 | - '*' 11 | - remark-lint-hard-break-spaces 12 | - remark-lint-blockquote-indentation 13 | - remark-lint-no-consecutive-blank-lines 14 | - - remark-lint-maximum-line-length 15 | - 150 16 | # Code 17 | - remark-lint-fenced-code-flag 18 | - remark-lint-fenced-code-marker 19 | - remark-lint-no-shell-dollars 20 | - - remark-lint-code-block-style 21 | - 'fenced' 22 | # Headings 23 | - remark-lint-heading-increment 24 | - remark-lint-no-multiple-toplevel-headings 25 | - remark-lint-no-heading-punctuation 26 | - - remark-lint-maximum-heading-length 27 | - 70 28 | - - remark-lint-heading-style 29 | - atx 30 | - - remark-lint-no-shortcut-reference-link 31 | - false 32 | # Lists 33 | - remark-lint-list-item-bullet-indent 34 | - remark-lint-ordered-list-marker-style 35 | - remark-lint-ordered-list-marker-value 36 | - remark-lint-checkbox-character-style 37 | - - remark-lint-unordered-list-marker-style 38 | - '-' 39 | - - remark-lint-list-item-indent 40 | - space 41 | # Tables 42 | - remark-lint-table-pipes 43 | - remark-lint-no-literal-urls 44 | -------------------------------------------------------------------------------- /.github/workflows/publish.yaml: -------------------------------------------------------------------------------- 1 | name: Publish JSON Schema 2 | on: 3 | release: 4 | types: [published] 5 | jobs: 6 | deploy: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - name: Inject env variables 10 | uses: rlespinasse/github-slug-action@v3.x 11 | - uses: actions/checkout@v2 12 | - name: deploy JSON Schema for version ${{ env.GITHUB_REF_SLUG }} 13 | uses: peaceiris/actions-gh-pages@v3 14 | with: 15 | github_token: ${{ secrets.GITHUB_TOKEN }} 16 | publish_dir: json-schema 17 | destination_dir: ${{ env.GITHUB_REF_SLUG }} 18 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: Check Markdown and Examples 2 | on: [push, pull_request] 3 | jobs: 4 | deploy: 5 | runs-on: ubuntu-latest 6 | steps: 7 | - uses: actions/setup-node@v2 8 | with: 9 | node-version: 'lts/*' 10 | - uses: actions/checkout@v2 11 | - run: | 12 | npm install 13 | npm test 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # OS files 2 | .DS_Store 3 | Thumbs.db 4 | 5 | # Editors 6 | /.idea/ 7 | /.vscode/ 8 | 9 | # Node / npm 10 | .npm 11 | /node_modules/ 12 | /package-lock.json 13 | -------------------------------------------------------------------------------- /.vscode: -------------------------------------------------------------------------------- 1 | { 2 | "editor.wordWrap": "wordWrapColumn", 3 | "editor.wrappingIndent": "same", 4 | "editor.wordWrapColumn": 150 5 | } -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [Unreleased] 8 | 9 | ## [v1.1.0] - 2023-04-28 10 | 11 | ### Changed 12 | 13 | - Clarify http and extend http authorization methods [#27](https://github.com/stac-extensions/authentication/pull/27) 14 | - Split Authentication Flows Object into OAuth2 Flow Object and Signed URL Object 15 | - The JSON Schema is much stricter compared to before, actually enforcing many restrictions documented in the written spec 16 | - The Parameter Schemas must comply to JSON Schema draft-07 instead of OpenAPI Schema [#21](https://github.com/stac-extensions/authentication/issues/21) 17 | 18 | ### Fixed 19 | 20 | - JSON Schema supports Catalogs 21 | - Fixed various other issues in the JSON Schema 22 | - Clarified which fields apply to which schema type 23 | - Clarified required fields 24 | - Fixed examples 25 | 26 | ### Removed 27 | 28 | - Removed the provider-specific `planetaryComputer` and `earthdata` scheme types [#32](https://github.com/stac-extensions/authentication/pull/32) 29 | 30 | ## [v1.0.0] - 2023-11-07 31 | 32 | ### Added 33 | 34 | - `responseField` to the authentication object. [#23](https://github.com/AtomicMaps/authentication/pull/23) 35 | - PlanetaryComputer signedURL example. 36 | 37 | - Added parameters object 38 | - Support to describe signed URL request method and parmeters. 39 | 40 | - Links examples in `README.md` 41 | 42 | - `security:refs` parameter to Link objects in Items or Collections. 43 | 44 | - Added `schemes` Item and Collection property which defines all the security schemas. 45 | - Added Asset parameter `refs` which specifies which schemes from `schemes` can be used for an asset. 46 | 47 | ### Changed 48 | 49 | - Changed extension title to `authorization` and the field extension to `auth:` 50 | 51 | - Changed `type` keys to camelCase 52 | 53 | - Updated `item.json` and `collection.json` for OpenAPI 54 | - Updated `schema.json` for for OpenAPI 55 | - Updated `item.json` and `collection.json` to handle multiple authentication schemes 56 | - Updated `schema.json` for the updated security object structure 57 | 58 | - Updated schema to `schema` to limit string values to the list of client names. 59 | - Re-added Updated schema to `schemas` make any `type` value valid 60 | 61 | - Reformatted to align with the OpenAPI spec 62 | - Changed parameters in camelCase to snake_case 63 | 64 | ### Deprecated 65 | 66 | ### Removed 67 | 68 | - Removed summaries example 69 | 70 | ### Fixed 71 | 72 | [Unreleased]: 73 | [v1.1.0]: 74 | [v1.0.0]: 75 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Authentication Extension Specification 2 | 3 | - **Title:** Authentication 4 | - **Identifier:** 5 | - **Field Name Prefix:** auth 6 | - **Scope:** Catalog, Collection, Item, Asset, Links 7 | - **Extension [Maturity Classification](https://github.com/radiantearth/stac-spec/tree/master/extensions/README.md#extension-maturity):** Proposal 8 | - **Owner**: @jamesfisher-gis 9 | 10 | The Authentication extension to the [STAC](https://github.com/radiantearth/stac-spec) specification provides a standard set of fields to 11 | describe authentication and authorization schemes, flows, and scopes required to access Assets and Links that align with the 12 | [OpenAPI security spec](https://swagger.io/docs/specification/authentication/) 13 | 14 | The Authentication extension also includes support for other [authentication schemes](https://github.com/stac-utils/stac-asset#clients) specified in 15 | [stac-asset](https://github.com/stac-utils/stac-asset) library. A `signedUrl` scheme type can be specified that describes authentication via signed 16 | URLs returned from a user-defined API. See the [Signed URL](#url-signing) section for a Lambda function example. 17 | 18 | - Examples: 19 | - [Item example](examples/item.json): Shows the basic usage of the extension in a STAC Item 20 | - [Collection example](examples/collection.json): Shows the basic usage of the extension in a STAC Collection 21 | - [JSON Schema](json-schema/schema.json) 22 | - [Changelog](./CHANGELOG.md) 23 | 24 | ## Fields 25 | 26 | The fields in the table below can be used in these parts of STAC documents: 27 | 28 | - [x] Catalogs 29 | - [x] Collections 30 | - [x] Item Properties (incl. Summaries in Collections) 31 | - [ ] Assets (for both Collections and Items, incl. Item Asset Definitions in Collections) 32 | - [ ] Links 33 | 34 | | Field Name | Type | Description | 35 | | -------------- | ------------------------------------------------------------ | ----------- | 36 | | `auth:schemes` | Map | A property that contains all of the [scheme definitions](#authentication-scheme-object) used by Assets and Links in the STAC Item or Collection. | 37 | 38 | --- 39 | 40 | The fields in the table below can be used in these parts of STAC documents: 41 | 42 | - [ ] Catalogs 43 | - [ ] Collections 44 | - [ ] Item Properties (incl. Summaries in Collections) 45 | - [x] Assets (for both Collections and Items, incl. Item Asset Definitions in Collections) 46 | - [x] Links 47 | 48 | | Field Name | Type | Description | 49 | | ----------- | ---------- | ----------- | 50 | | `auth:refs` | \[string\] | A property that specifies which schemes in `auth:schemes` may be used to access an Asset or Link. | 51 | 52 | ### Scheme Types 53 | 54 | The `type` value is not restricted to the following values, so a practitioner may define a custom authentication or authorization scheme not 55 | included in the scheme type standards below. 56 | 57 | | Name | Description | 58 | | ------------------- | ----------- | 59 | | `http` | Simple HTTP authentication mechanisms (Basic, Bearer, Digest, etc.). | 60 | | `s3` | Simple S3 authentication. | 61 | | `signedUrl` | Signs URLs with a user-defined authentication API. | 62 | | `oauth2` | [Open Authentication (OAuth) 2.0](https://datatracker.ietf.org/doc/html/rfc6749) configuration | 63 | | `apiKey` | Description of [API key](https://swagger.io/docs/specification/authentication/api-keys/) authentication included in request headers, query parameters, or cookies. | 64 | | `openIdConnect` | Description of [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) authentication | 65 | 66 | ### Authentication Scheme Object 67 | 68 | The Authentication Scheme extends the 69 | [OpenAPI security spec](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object) 70 | for support of OAuth2.0, API Key, and OpenID Connect authentication. 71 | All the [authentication clients](https://github.com/stac-utils/stac-asset#clients) included in the 72 | [stac-asset](https://github.com/stac-utils/stac-asset) 73 | library can be described, as well as a custom signed URL authentication scheme. 74 | 75 | | Field Name | Type | Applies to | Description | 76 | | ------------------ | ------------------------------------------------------------ | --------------------- | ------------------------------------------------------------ | 77 | | `type` | string | *All* | **REQUIRED**. The authentication scheme type used to access the data (`http` \| `s3` \| `signedUrl` \| `oauth2` \| `apiKey` \| `openIdConnect` \| a custom scheme type ). | 78 | | `description` | string | *All* | Additional instructions for authentication. [CommonMark 0.29](https://commonmark.org/) syntax MAY be used for rich text representation. | 79 | | `name` | string | `apiKey` | **REQUIRED.** The name of the header, query, or cookie parameter to be used. | 80 | | `in` | string | `apiKey` | **REQUIRED.** The location of the API key (`query` \| `header` \| `cookie`). | 81 | | `scheme` | string | `http` | **REQUIRED.** The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). (`basic` \| `bearer` \| `digest` \| `dpop` \| `hoba` \| `mutual` \| `negotiate` \| `oauth` (1.0) \| `privatetoken` \| `scram-sha-1` \| `scram-sha-256` \| `vapid`) | 82 | | `flows` | Map | `oauth2`, `signedUrl` | **REQUIRED.** Scenarios an API client performs to get an access token from the authorization server. For `oauth2` the following keys are pre-defined for the corresponding OAuth flows: `authorizationCode` \| `implicit` \| `password ` \| `clientCredentials`. The OAuth2 Flow Object applies for `oauth2`, the Signed URL Object applies to `signedUrl`. | 83 | | `openIdConnectUrl` | string | `openIdConnect` | **REQUIRED.** OpenID Connect URL to discover OpenID configuration values. This MUST be in the form of a URL. | 84 | 85 | The column "Applies to" specifies for which values of `type` the fields only apply. 86 | They are also only required in this context. 87 | 88 | ### OAuth2 Flow Object 89 | 90 | Based on the [OpenAPI OAuth Flow Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#oauth-flows-object). 91 | Allows configuration of the supported OAuth Flows. 92 | 93 | | Field Name | Type | Description | 94 | | ------------------ | ----------------------- | ------------------------------------------------------------ | 95 | | `authorizationUrl` | `string` | **REQUIRED** for parent keys: `"implicit"`, `"authorizationCode"`. The authorization URL to be used for this flow. This MUST be in the form of a URL. | 96 | | `tokenUrl` | `string` | **REQUIRED** for parent keys: `"password"`, `"clientCredentials"`, `"authorizationCode"`. The token URL to be used for this flow. This MUST be in the form of a URL. | 97 | | `scopes` | Map<`string`, `string`> | **REQUIRED.** The available scopes for the authentication scheme. A map between the scope name and a short description for it. The map MAY be empty. | 98 | | `refreshUrl` | `string` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. | 99 | 100 | ### Signed URL Object 101 | 102 | | Field Name | Type | Description | 103 | | ------------------ | -------------------------------------------------- | ------------------------------------------------------------ | 104 | | `method` | `string` | **REQUIRED.** The method to be used for requests | 105 | | `authorizationApi` | `string` | **REQUIRED.** The signed URL API endpoint to be used for this flow. If not inferred from the client environment, this must be defined in the authentication flow. | 106 | | `parameters` | Map | Parameter definition for requests to the `authorizationApi` | 107 | | `responseField` | string | Key name for the signed URL field in an `authorizationApi` response | 108 | 109 | ### Parameter Object 110 | 111 | Definition for a request parameter. 112 | 113 | | Field Name | Type | Description | 114 | | ------------- | --------- | ------------------------------------------------------------ | 115 | | `in` | `string` | **REQUIRED.** The location of the parameter (`query` \| `header` \| `body`). | 116 | | `required` | `boolean` | **REQUIRED.** Setting for optional or required parameter. | 117 | | `description` | `string` | Plain language description of the parameter | 118 | | `schema` | `object` | Schema object following the [JSON Schema draft-07](https://json-schema.org/) | 119 | 120 | ## Examples 121 | 122 | `auth:schemes` may be referenced identically in a STAC Asset or Link objects. Examples of these two use-cases are provided below. 123 | 124 | ### Schema definitions 125 | 126 | ```json 127 | "auth:schemes": { 128 | "oauth": { 129 | "type": "oauth2", 130 | "description": "requires a login and user token", 131 | "flows": { 132 | "authorizationUrl": "https://example.com/oauth/authorize", 133 | "tokenUrl": "https://example.com/oauth/token", 134 | "scopes": {} 135 | } 136 | } 137 | } 138 | ``` 139 | 140 | ### Links reference 141 | 142 | ```json 143 | "links": [ 144 | { 145 | "href": "https://example.com/examples/collection.json", 146 | "rel": "self" 147 | }, 148 | { 149 | "href": "https://example.com/examples/item.json", 150 | "rel": "item", 151 | "auth:refs": [ 152 | "oauth" 153 | ] 154 | } 155 | ] 156 | ``` 157 | 158 | ### Asset reference 159 | 160 | ```json 161 | "assets": { 162 | "data": { 163 | "href": "https://example.com/examples/file.xyz", 164 | "title": "Secure Asset Example", 165 | "type": "application/vnd.example", 166 | "roles": [ 167 | "data" 168 | ], 169 | "auth:refs": [ 170 | "oauth" 171 | ] 172 | } 173 | } 174 | ``` 175 | 176 | ### URL Signing 177 | 178 | The `signedUrl` scheme type indicates that authentication will be handled by an API which generates and returns a signed URL. A signed URL 179 | authentication scheme can be defined with 180 | ```json 181 | "auth:schemes": { 182 | "signed_url_auth": { 183 | "type": "signedUrl", 184 | "description": "Requires an authentication API", 185 | "flows": { 186 | "authorizationCode": { 187 | "authorizationApi": "https://example.com/signed_url/authorize", 188 | "method": "POST", 189 | "parameters": { 190 | "bucket": { 191 | "in": "body", 192 | "required": true, 193 | "description": "asset bucket", 194 | "schema": { 195 | "type": "string", 196 | "examples": "example-bucket" 197 | } 198 | }, 199 | "key": { 200 | "in": "body", 201 | "required": true, 202 | "description": "asset key", 203 | "schema": { 204 | "type": "string", 205 | "examples": "path/to/example/asset.xyz" 206 | } 207 | } 208 | }, 209 | "responseField": "signed_url" 210 | } 211 | } 212 | } 213 | } 214 | ``` 215 | 216 | and generated via a Gateway API and the following Lambda function. 217 | 218 | ```python 219 | import boto3 220 | from botocore.client import Config 221 | import os 222 | import json 223 | 224 | def lambda_handler(event, context): 225 | try: 226 | s3Client = boto3.client("s3") 227 | except Exception as e: 228 | return { 229 | "statusCode": 400, 230 | "body": json.dumps({ 231 | "error": (e) 232 | }) 233 | } 234 | 235 | body = json.loads(event["body"]) 236 | key = body["key"] 237 | bucketName = body["bucket"] 238 | 239 | try: 240 | URL = s3Client.generate_presigned_url( 241 | "get_object", 242 | Params = {"Bucket": bucketName, "Key":key}, 243 | ExpiresIn = 360 244 | ) 245 | 246 | return ({ 247 | "statusCode": 200, 248 | "body": json.dumps({ 249 | "signed_url": URL 250 | }), 251 | "headers":{ 252 | "Access-Control-Allow-Origin": "*", 253 | "Access-Control-Allow-Headers": "*" 254 | } 255 | 256 | }) 257 | except Exception as e: 258 | return { 259 | "statusCode": 400, 260 | "body": json.dumps({ 261 | "error": (e) 262 | }) 263 | } 264 | ``` 265 | 266 | Where the response looks like 267 | 268 | ```json 269 | { 270 | "signed_url": "https://.s3..amazonaws.com/?AWSAccessKeyId=&Signature=&x-amz-security-token=&Expires=" 271 | } 272 | ``` 273 | 274 | The authentication API can be called on the client side based on an AWS S3 href (`https://.s3..amazonaws.com/`) with the 275 | following code snippet. 276 | 277 | ```javascript 278 | 279 | let signed_url; 280 | const auth_api = ""; 281 | 282 | function createSignedRequestBody(href) { 283 | const bucket = href.split(".")[0].split("//")[1]; 284 | const key = href.split("/").slice(3).join("/").replace(/\+/g, " "); 285 | return { 286 | method: "POST", 287 | headers: { 288 | Accept: "application/json", 289 | "Content-Type": "application/json", 290 | }, 291 | body: JSON.stringify({ bucket: bucket, key: key }), 292 | redirect: "follow", 293 | }; 294 | } 295 | 296 | Promise( 297 | fetch(auth_api, createSignedRequestBody(href)) 298 | .then((resp) => resp.json()) 299 | .then((respJson) => { 300 | signed_url = respJson.signed_url; 301 | }) 302 | ); 303 | 304 | ``` 305 | 306 | ### Planetary Computer URL Signing 307 | 308 | Planetary Computer uses the same signed URL pattern described above. Here is an example of how to configure a `signedUrl` `auth:scheme` for the [Planetary Computer Data Authentication API](https://planetarycomputer.microsoft.com/docs/reference/sas/) 309 | 310 | ```json 311 | "auth:schemes": { 312 | "plantetary_computer_auth": { 313 | "type": "signedUrl", 314 | "description": "Requires authorization from Planetary Computer", 315 | "flows": { 316 | "authorizationCode": { 317 | "authorizationApi": "https://planetarycomputer.microsoft.com/api/sas/v1/sign", 318 | "method": "GET", 319 | "parameters": { 320 | "href": { 321 | "in": "query", 322 | "required": true, 323 | "description": "HREF (URL) to sign", 324 | "schema": { 325 | "type": "string", 326 | } 327 | }, 328 | "duration": { 329 | "in": "query", 330 | "required": false, 331 | "description": "The duration, in minutes, that the SAS token will be valid. Only valid for approved users.", 332 | "schema": { 333 | "type": "integer", 334 | } 335 | }, 336 | "_id": { 337 | "in": "query", 338 | "required": false, 339 | "description": "Third party user identifier for metrics tracking.", 340 | "schema": { 341 | "type": "string" 342 | } 343 | } 344 | }, 345 | "responseField": "href" 346 | } 347 | } 348 | } 349 | } 350 | ``` 351 | 352 | ### Simple S3 authentication 353 | 354 | To use simple S3 authentication one has to set some environmental variables with S3 credentials: 355 | 356 | - `AWS_SECRET_ACCESS_KEY` 357 | - `AWS_ACCESS_KEY_ID` 358 | 359 | **or** specify a [user profile](https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-files.html#cli-configure-files-format) 360 | with a proper reference to `AWS_PROFILE` in the file `AWS_CONFIG_FILE`. 361 | 362 | For more information please see either 363 | [GDAL vsis3](https://gdal.org/en/latest/user/virtual_file_systems.html#vsis3-aws-s3-files) or 364 | [AWS CLI](https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-files.html) documentation. 365 | 366 | Additionally, if the `s3` authentication method is referred to through `auth:refs`, you should disable signing requests, 367 | e.g. through setting `AWS_NO_SIGN_REQUEST` to `NO`. Otherwise it should be `YES`. 368 | 369 | ## Contributing 370 | 371 | All contributions are subject to the 372 | [STAC Specification Code of Conduct](https://github.com/radiantearth/stac-spec/blob/master/CODE_OF_CONDUCT.md). 373 | For contributions, please follow the 374 | [STAC specification contributing guide](https://github.com/radiantearth/stac-spec/blob/master/CONTRIBUTING.md) Instructions 375 | for running tests are copied here for convenience. 376 | 377 | ### Running tests 378 | 379 | The same checks that run as checks on PR's are part of the repository and can be run locally to verify that changes are valid. 380 | To run tests locally, you'll need `npm`, which is a standard part of any [node.js installation](https://nodejs.org/en/download/). 381 | 382 | First you'll need to install everything with npm once. Just navigate to the root of this repository and on 383 | your command line run: 384 | 385 | ```bash 386 | npm install 387 | ``` 388 | 389 | Then to check markdown formatting and test the examples against the JSON schema, you can run: 390 | 391 | ```bash 392 | npm test 393 | ``` 394 | 395 | This will spit out the same texts that you see online, and you can then go and fix your markdown or examples. 396 | 397 | If the tests reveal formatting problems with the examples, you can fix them with: 398 | 399 | ```bash 400 | npm run format-examples 401 | ``` 402 | -------------------------------------------------------------------------------- /examples/collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "stac_version": "1.0.0", 3 | "stac_extensions": [ 4 | "https://stac-extensions.github.io/item-assets/v1.0.0/schema.json", 5 | "https://stac-extensions.github.io/authentication/v1.1.0/schema.json" 6 | ], 7 | "type": "Collection", 8 | "id": "collection", 9 | "title": "A title", 10 | "description": "A description", 11 | "license": "Apache-2.0", 12 | "extent": { 13 | "spatial": { 14 | "bbox": [ 15 | [ 16 | 172.9, 17 | 1.3, 18 | 173, 19 | 1.4 20 | ] 21 | ] 22 | }, 23 | "temporal": { 24 | "interval": [ 25 | [ 26 | "2015-06-23T00:00:00Z", 27 | null 28 | ] 29 | ] 30 | } 31 | }, 32 | "auth:schemes": { 33 | "oauth": { 34 | "type": "oauth2", 35 | "description": "requires a login and user token", 36 | "flows": { 37 | "authorizationCode": { 38 | "authorizationUrl": "https://example.com/oauth/authorize", 39 | "tokenUrl": "https://example.com/oauth/token", 40 | "scopes": { 41 | "read:example": "Read the example data", 42 | "write:example": "Write the example data", 43 | "admin:example": "Read/write/delete the example data" 44 | } 45 | } 46 | } 47 | }, 48 | "signed_url_auth": { 49 | "type": "signedUrl", 50 | "description": "Requires an authentication API", 51 | "flows": { 52 | "auth": { 53 | "authorizationApi": "https://example.com/signed_url/authorize", 54 | "method": "POST", 55 | "parameters": { 56 | "bucket": { 57 | "in": "body", 58 | "required": true, 59 | "description": "asset-bucket", 60 | "schema": { 61 | "type": "string", 62 | "examples": [ 63 | "example-bucket" 64 | ] 65 | } 66 | }, 67 | "key": { 68 | "in": "body", 69 | "required": true, 70 | "description": "asset key", 71 | "schema": { 72 | "type": "string", 73 | "examples": [ 74 | "path/to/example/asset.xyz" 75 | ] 76 | } 77 | } 78 | }, 79 | "responseField": "signed_url" 80 | } 81 | } 82 | } 83 | }, 84 | "assets": { 85 | "example": { 86 | "href": "https://example.com/examples/file.xyz", 87 | "title": "Secure Collection Asset Example", 88 | "type": "application/vnd.example", 89 | "roles": [ 90 | "data" 91 | ], 92 | "auth:refs": [ 93 | "signed_url_auth" 94 | ] 95 | } 96 | }, 97 | "item_assets": { 98 | "data": { 99 | "title": "Secure Collection Asset Example", 100 | "type": "application/vnd.example", 101 | "roles": [ 102 | "data" 103 | ], 104 | "auth:refs": [ 105 | "oauth" 106 | ] 107 | } 108 | }, 109 | "summaries": { 110 | "datetime": { 111 | "minimum": "2015-06-23T00:00:00Z", 112 | "maximum": "2019-07-10T13:44:56Z" 113 | } 114 | }, 115 | "links": [ 116 | { 117 | "href": "https://example.com/examples/collection.json", 118 | "rel": "self" 119 | }, 120 | { 121 | "href": "https://example.com/examples/item.json", 122 | "rel": "item", 123 | "auth:refs": [ 124 | "oauth" 125 | ] 126 | } 127 | ] 128 | } -------------------------------------------------------------------------------- /examples/item.json: -------------------------------------------------------------------------------- 1 | { 2 | "stac_version": "1.0.0", 3 | "stac_extensions": [ 4 | "https://stac-extensions.github.io/authentication/v1.1.0/schema.json" 5 | ], 6 | "type": "Feature", 7 | "id": "item", 8 | "bbox": [ 9 | 172.9, 10 | 1.3, 11 | 173, 12 | 1.4 13 | ], 14 | "geometry": { 15 | "type": "Polygon", 16 | "coordinates": [ 17 | [ 18 | [ 19 | 172.9, 20 | 1.3 21 | ], 22 | [ 23 | 173, 24 | 1.3 25 | ], 26 | [ 27 | 173, 28 | 1.4 29 | ], 30 | [ 31 | 172.9, 32 | 1.4 33 | ], 34 | [ 35 | 172.9, 36 | 1.3 37 | ] 38 | ] 39 | ] 40 | }, 41 | "properties": { 42 | "datetime": "2020-12-11T22:38:32Z", 43 | "auth:schemes": { 44 | "oauth": { 45 | "type": "oauth2", 46 | "description": "requires a login and user token", 47 | "flows": { 48 | "authorizationCode": { 49 | "authorizationUrl": "https://example.com/oauth/authorize", 50 | "tokenUrl": "https://example.com/oauth/token", 51 | "scopes": { 52 | "read:example": "Read the example data", 53 | "write:example": "Write the example data", 54 | "admin:example": "Read/write/delete the example data" 55 | } 56 | } 57 | } 58 | }, 59 | "none": { 60 | "type": "http", 61 | "scheme": "basic", 62 | "description": "Free access without restrictions" 63 | } 64 | } 65 | }, 66 | "links": [ 67 | { 68 | "href": "https://example.com/examples/item.json", 69 | "rel": "self" 70 | } 71 | ], 72 | "assets": { 73 | "data": { 74 | "href": "https://example.com/examples/file.xyz", 75 | "title": "Secure Asset Example", 76 | "type": "application/vnd.example", 77 | "roles": [ 78 | "data" 79 | ], 80 | "auth:refs": [ 81 | "oauth" 82 | ] 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /json-schema/schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "$id": "https://stac-extensions.github.io/authentication/v1.1.0/schema.json", 4 | "title": "Authentication Extension", 5 | "description": "STAC Authentication Extension for STAC Catalogs, STAC Collections, STAC Items, STAC Assets, and STAC Links.", 6 | "type": "object", 7 | "required": [ 8 | "stac_extensions" 9 | ], 10 | "properties": { 11 | "stac_extensions": { 12 | "type": "array", 13 | "contains": { 14 | "const": "https://stac-extensions.github.io/authentication/v1.1.0/schema.json" 15 | } 16 | } 17 | }, 18 | "oneOf": [ 19 | { 20 | "$comment": "This is the schema for STAC Items.", 21 | "type": "object", 22 | "required": [ 23 | "type", 24 | "properties" 25 | ], 26 | "properties": { 27 | "type": { 28 | "const": "Feature" 29 | }, 30 | "properties": { 31 | "$ref": "#/definitions/schemes_field" 32 | }, 33 | "assets": { 34 | "$ref": "#/definitions/assets" 35 | }, 36 | "links": { 37 | "$ref": "#/definitions/links" 38 | } 39 | } 40 | }, 41 | { 42 | "$comment": "This is the schema for STAC Collections", 43 | "type": "object", 44 | "required": [ 45 | "type" 46 | ], 47 | "properties": { 48 | "type": { 49 | "const": "Collection" 50 | }, 51 | "assets": { 52 | "$ref": "#/definitions/assets" 53 | }, 54 | "item_assets": { 55 | "$ref": "#/definitions/assets" 56 | }, 57 | "links": { 58 | "$ref": "#/definitions/links" 59 | } 60 | }, 61 | "allOf": [ 62 | { 63 | "$ref": "#/definitions/schemes_field" 64 | } 65 | ] 66 | }, 67 | { 68 | "$comment": "This is the schema for STAC Catalogs", 69 | "type": "object", 70 | "required": [ 71 | "type" 72 | ], 73 | "properties": { 74 | "type": { 75 | "const": "Catalog" 76 | }, 77 | "links": { 78 | "$ref": "#/definitions/links" 79 | } 80 | }, 81 | "allOf": [ 82 | { 83 | "$ref": "#/definitions/schemes_field" 84 | } 85 | ] 86 | } 87 | ], 88 | "definitions": { 89 | "schemes_field": { 90 | "type": "object", 91 | "required": [ 92 | "auth:schemes" 93 | ], 94 | "properties": { 95 | "auth:schemes": { 96 | "type": "object", 97 | "patternProperties": { 98 | "^.*$": { 99 | "$ref": "#/definitions/auth_scheme" 100 | } 101 | }, 102 | "additionalProperties": false 103 | } 104 | }, 105 | "patternProperties": { 106 | "^(?!auth:)": {} 107 | }, 108 | "additionalProperties": false 109 | }, 110 | "refs_field": { 111 | "type": "object", 112 | "properties": { 113 | "auth:refs": { 114 | "type": "array", 115 | "items": { 116 | "type": "string" 117 | } 118 | } 119 | }, 120 | "patternProperties": { 121 | "^(?!auth:)": {} 122 | }, 123 | "additionalProperties": false 124 | }, 125 | "assets": { 126 | "type": "object", 127 | "additionalProperties": { 128 | "allOf": [ 129 | { 130 | "$ref": "#/definitions/refs_field" 131 | }, 132 | { 133 | "type": "object", 134 | "properties": { 135 | "alternate": { 136 | "$ref": "#/definitions/refs_field" 137 | } 138 | } 139 | } 140 | ] 141 | } 142 | }, 143 | "links": { 144 | "type": "array", 145 | "items": { 146 | "$ref": "#/definitions/refs_field" 147 | } 148 | }, 149 | "auth_scheme": { 150 | "required": [ 151 | "type" 152 | ], 153 | "properties": { 154 | "type": { 155 | "title": "Scheme keyword", 156 | "type": "string", 157 | "examples": [ 158 | "http", 159 | "s3", 160 | "signedUrl", 161 | "oauth2", 162 | "apiKey", 163 | "openIdConnect" 164 | ] 165 | }, 166 | "description": { 167 | "title": "Authentication scheme description", 168 | "type": "string" 169 | } 170 | }, 171 | "allOf": [ 172 | { 173 | "if": { 174 | "type": "object", 175 | "properties": { 176 | "type": { 177 | "type": "string", 178 | "const": "apiKey" 179 | } 180 | } 181 | }, 182 | "then": { 183 | "type": "object", 184 | "required": [ 185 | "name", 186 | "in" 187 | ], 188 | "properties": { 189 | "name": { 190 | "title": "API Key header, query, or cookie parameter name", 191 | "type": "string", 192 | "examples": [ 193 | "x-api-key" 194 | ] 195 | }, 196 | "in": { 197 | "title": "Location of the API Key", 198 | "type": "string", 199 | "examples": [ 200 | "query", 201 | "header", 202 | "cookie" 203 | ] 204 | } 205 | } 206 | }, 207 | "else": { 208 | "type": "object", 209 | "properties": { 210 | "name": false, 211 | "in": false 212 | } 213 | } 214 | }, 215 | { 216 | "if": { 217 | "type": "object", 218 | "properties": { 219 | "type": { 220 | "type": "string", 221 | "const": "http" 222 | } 223 | } 224 | }, 225 | "then": { 226 | "type": "object", 227 | "required": [ 228 | "scheme" 229 | ], 230 | "properties": { 231 | "scheme": { 232 | "title": "Name of the http authentication scheme", 233 | "type": "string", 234 | "examples": [ 235 | "basic", 236 | "bearer", 237 | "digest", 238 | "dpop", 239 | "hoba", 240 | "mutual", 241 | "negotiate", 242 | "oauth", 243 | "privatetoken", 244 | "scram-sha-1", 245 | "scram-sha-256", 246 | "vapid" 247 | ] 248 | } 249 | } 250 | }, 251 | "else": { 252 | "type": "object", 253 | "properties": { 254 | "scheme": false 255 | } 256 | } 257 | }, 258 | { 259 | "if": { 260 | "type": "object", 261 | "properties": { 262 | "type": { 263 | "type": "string", 264 | "enum": [ 265 | "oauth2", 266 | "signedUrl" 267 | ] 268 | } 269 | } 270 | }, 271 | "then": { 272 | "type": "object", 273 | "required": [ 274 | "flows" 275 | ], 276 | "if": { 277 | "type": "object", 278 | "properties": { 279 | "type": { 280 | "type": "string", 281 | "const": "oauth2" 282 | } 283 | } 284 | }, 285 | "then": { 286 | "type": "object", 287 | "title": "OAuth2 Flows", 288 | "properties": { 289 | "flows": { 290 | "additionalProperties": { 291 | "$ref": "#/definitions/oauth2_flow" 292 | }, 293 | "allOf": [ 294 | { 295 | "patternProperties": { 296 | "^(implicit|authorizationCode)*$": { 297 | "required": [ 298 | "authorizationUrl" 299 | ] 300 | }, 301 | "^(password|clientCredentials|authorizationCode)*$": { 302 | "required": [ 303 | "tokenUrl" 304 | ] 305 | } 306 | } 307 | } 308 | ] 309 | } 310 | } 311 | }, 312 | "else": { 313 | "type": "object", 314 | "title": "Signed URL", 315 | "properties": { 316 | "flows": { 317 | "additionalProperties": { 318 | "$ref": "#/definitions/signed_url_flow" 319 | } 320 | } 321 | } 322 | } 323 | }, 324 | "else": { 325 | "type": "object", 326 | "properties": { 327 | "flows": false 328 | } 329 | } 330 | }, 331 | { 332 | "if": { 333 | "type": "object", 334 | "properties": { 335 | "type": { 336 | "type": "string", 337 | "const": "openIdConnect" 338 | } 339 | } 340 | }, 341 | "then": { 342 | "type": "object", 343 | "required": [ 344 | "openIdConnectUrl" 345 | ], 346 | "properties": { 347 | "openIdConnectUrl": { 348 | "title": "This URL returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details", 349 | "type": "string" 350 | } 351 | } 352 | }, 353 | "else": { 354 | "type": "object", 355 | "properties": { 356 | "openIdConnectUrl": false 357 | } 358 | } 359 | } 360 | ] 361 | }, 362 | "oauth2_flow": { 363 | "type": "object", 364 | "required": [ 365 | "scopes" 366 | ], 367 | "properties": { 368 | "authorizationUrl": { 369 | "title": "The authorization URL to be used", 370 | "type": "string", 371 | "format": "uri" 372 | }, 373 | "tokenUrl": { 374 | "title": "The token URL to be used", 375 | "type": "string", 376 | "format": "uri" 377 | }, 378 | "refreshUrl": { 379 | "title": "The URL to be used for obtaining refresh tokens", 380 | "type": "string", 381 | "format": "uri" 382 | }, 383 | "scopes": { 384 | "title": "The available scopes for the authentication scheme", 385 | "type": "object", 386 | "additionalProperties": { 387 | "type": "string" 388 | } 389 | } 390 | } 391 | }, 392 | "signed_url_flow": { 393 | "type": "object", 394 | "required": [ 395 | "method", 396 | "authorizationApi" 397 | ], 398 | "properties": { 399 | "authorizationApi": { 400 | "title": "The signed URL API endpoint to be used", 401 | "type": "string", 402 | "format": "uri" 403 | }, 404 | "method": { 405 | "title": "HTTP request method", 406 | "type": "string", 407 | "examples": [ 408 | "POST", 409 | "GET" 410 | ] 411 | }, 412 | "responseField": { 413 | "title": "Key name for the signed URL field in an authorizationApi response", 414 | "type": "string" 415 | }, 416 | "parameters": { 417 | "title": "Parameter definitions for requests to the authorizationApi", 418 | "additionalProperties": { 419 | "type": "object", 420 | "required": [ 421 | "in", 422 | "required" 423 | ], 424 | "properties": { 425 | "in": { 426 | "title": "Location of the parameter", 427 | "type": "string", 428 | "examples": [ 429 | "query", 430 | "header", 431 | "body" 432 | ] 433 | }, 434 | "required": { 435 | "title": "Setting for optional or required parameter", 436 | "type": "boolean" 437 | }, 438 | "description": { 439 | "title": "Plain language description of the parameter", 440 | "type": "string" 441 | }, 442 | "schema": { 443 | "$ref": "http://json-schema.org/draft-07/schema" 444 | } 445 | } 446 | } 447 | } 448 | } 449 | } 450 | } 451 | } 452 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "stac-extensions", 3 | "version": "1.1.0", 4 | "scripts": { 5 | "test": "npm run check-markdown && npm run check-examples", 6 | "check-markdown": "remark . -f -r .github/remark.yaml", 7 | "check-examples": "stac-node-validator . --lint --verbose --schemaMap https://stac-extensions.github.io/authentication/v1.1.0/schema.json=./json-schema/schema.json", 8 | "format-examples": "stac-node-validator . --format --schemaMap https://stac-extensions.github.io/authentication/v1.1.0/schema.json=./json-schema/schema.json" 9 | }, 10 | "dependencies": { 11 | "remark-cli": "^8.0.0", 12 | "remark-lint": "^7.0.0", 13 | "remark-lint-no-html": "^2.0.0", 14 | "remark-preset-lint-consistent": "^3.0.0", 15 | "remark-preset-lint-markdown-style-guide": "^3.0.0", 16 | "remark-preset-lint-recommended": "^4.0.0", 17 | "remark-validate-links": "^10.0.0", 18 | "stac-node-validator": "^1.0.0" 19 | } 20 | } 21 | --------------------------------------------------------------------------------