From 03364ac0c5858f200d3c8b8409c017e89b7c7bd6 Mon Sep 17 00:00:00 2001
From: Eric Hoekstra <e.hoekstra@zorgoporde.nl>
Date: Tue, 11 Jun 2024 10:06:38 +0200
Subject: [PATCH] Added security scheme and some minor changes.

---
 redocly.yaml |  2 ++
 zoo-api.yaml | 44 +++++++++++++++++++++++++++++++-------------
 2 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/redocly.yaml b/redocly.yaml
index efc6c61..033aa4b 100644
--- a/redocly.yaml
+++ b/redocly.yaml
@@ -8,6 +8,8 @@ rules:
   no-unused-components: warn
 theme:
   openapi:
+    # No code generation in the open source version Redoc of Redocly.
     generateCodeSamples:
       languages:
+        - lang: curl
         - lang: JavaScript
diff --git a/zoo-api.yaml b/zoo-api.yaml
index 27cc8e1..6fcaf29 100644
--- a/zoo-api.yaml
+++ b/zoo-api.yaml
@@ -2,24 +2,22 @@ openapi: 3.1.0
 info:
   title: Zorg op Orde API
   description: |-
-    Copyright Zorg op Orde – All rights reserved.
+    This documentation is also available in <a href="/zoo-api-bundle.yaml">OpenAPI 3.1.0 yaml format</a>. 
     
-    This documentation is available in <a href="/zoo-api-bundle.yaml">OpenAPI 3.1.0 yaml format</a>.
+    Copyright by Zorg op Orde, all rights reserved. 
   contact:
     name: Zorg op Orde
     email: api@zorgoporde.nl
-  version: 0.1-DEV
-#servers:
-#  - url: https://tools.zorgoporde.nl/api1
-#    description: Production
-#  - url: https://acc.zorgoporde.nl/api1
-#    description: Testing
+  version: v0.9
+# In open source Redoc only for reference, only in the paid Redocly there are Try-it consoles.
+servers:
+  - url: https://tools.zorgoporde.nl/api1
+    description: Production
+  - url: https://acc.zorgoporde.nl/api1
+    description: Testing
 security: 
-  -  
+  - BearerAuth: []
 tags:
-  - name: Core
-    description: |-
-      API for cross-cutting API concerns, such as authentication and the springboard.
   - name: Patient
     description: |-
       API for retrieving medical dossier data and concerns based on looking up a
@@ -218,4 +216,24 @@ components:
                   - practice
                   - patient
     MandateMissing:
-      description: Indicated practice is known but has not authorized ZOO to share this information with signer.
\ No newline at end of file
+      description: Indicated practice is known but has not authorized ZOO to share this information with signer.
+  securitySchemes:
+    BearerAuth:
+      in: header
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+      description: |-
+        The string "Bearer " followed by a single-use signed JWT token with the mandatory claims as stated in the table below.. The JWT must be signed, preferably with `HS256`.
+
+        <table>
+        <tr><th>Claim</th><th colspan="2">Description</th></tr>
+        <tr><td>kid</td><td>key id</td><td>A string identifying a trusted signer; agreed upon between user and Zorg op Orde beforehand.</td></tr>
+        <tr><td>iat</td><td>Issued at</td><td>Time when this JWT was created and signed. To make up for clock differences, up to five minutes in the future are allowed.</td></tr>
+        <tr><td>jti</td><td>Identifier</td><td>A unique string of 10 characters or longer, used to prevent replay. Any given identifier can not be used more than once. As a consequence a JWT can only used once.</td></tr>
+        <tr><td>agb</td><td>AGB of the GP</td><td>AGB code (Medical entity identifier), the lookup will be done on the medical dossier data of this practice or entity. The agb may be specified with or without prefix zeros.</td></tr>
+        <tr><td>exp</td><td>Expires at</td><td><i>OPTIONAL</i> If included, the request must not be received after this time. May be up to 10 minutes in the future. The difference between the exp claim and the iat must be 20 minutes or less and iat &lt; exp. </td></tr>
+        <tr><td>nbf</td><td>Not before</td><td><i>OPTIONAL</i> If included, the request must not be received before this time. Should not be set in the future.</td></tr>
+        </table>
+
+