> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Envie ou rotacione as credenciais OAuth2 do Dataprev

> Armazena (ou rotaciona) o segredo de client_credentials OAuth2 do tenant para o endpoint de token do Dataprev no cofre de segredos do tenant e ativa o indicador de oauth presente. A resposta NUNCA devolve o client secret.



## OpenAPI

````yaml pt/openapi/v3-current/consignado.yaml put /v1/credentials/dataprev/oauth
openapi: 3.1.0
info:
  contact:
    email: contact@lerian.studio
    name: Lerian Studio
    url: https://lerian.studio
  description: >-
    Superfície OpenAPI 3.1 do Lerian Consignado — Dataprev, o rail de jornada de
    crédito que custodia as credenciais de acesso ao Dataprev de cada tenant.
    Cobre o estado das credenciais por tenant mais a rotação do certificado de
    cliente e das credenciais OAuth2. O material secreto é gravado no cofre de
    segredos do tenant e nenhuma operação o retorna.
  license:
    name: Lerian Studio General License
  title: Lerian Consignado API
  version: 1.0.0
servers: []
security:
  - BearerAuth: []
tags:
  - description: Custódia de credenciais de rail externo por tenant (upload + estado)
    name: Credentials
paths:
  /v1/credentials/dataprev/oauth:
    put:
      tags:
        - Credentials
      summary: Envie ou rotacione as credenciais OAuth2 do Dataprev
      description: >-
        Armazena (ou rotaciona) o segredo de client_credentials OAuth2 do tenant
        para o endpoint de token do Dataprev no cofre de segredos do tenant e
        ativa o indicador de oauth presente. A resposta NUNCA devolve o client
        secret.
      operationId: putDataprevOAuth
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PutOAuthRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CredentialStatusResponse'
          description: OK
        default:
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/Detail'
          description: Error
      security:
        - BearerAuth: []
components:
  schemas:
    PutOAuthRequest:
      additionalProperties: false
      properties:
        clientId:
          description: OAuth2 client_credentials client id.
          maxLength: 512
          minLength: 1
          type: string
        clientSecret:
          description: OAuth2 client_credentials client secret.
          maxLength: 4096
          minLength: 1
          type: string
      required:
        - clientId
        - clientSecret
      type: object
    CredentialStatusResponse:
      additionalProperties: false
      properties:
        certFingerprint:
          description: >-
            SHA-256 hex fingerprint of the stored certificate (absent when
            none).
          examples:
            - 3b1f...c0
          type: string
        certNotAfter:
          description: RFC 3339 cert expiry (UTC); absent when no cert is stored.
          examples:
            - '2027-01-01T00:00:00Z'
          format: date-time
          type: string
        certPresent:
          description: Whether a client certificate is stored for the tenant.
          type: boolean
        oauthPresent:
          description: Whether OAuth2 client_credentials are stored for the tenant.
          type: boolean
        provider:
          description: External rail the credentials belong to.
          examples:
            - dataprev
          type: string
        updatedAt:
          description: Last-update timestamp (RFC 3339, UTC).
          examples:
            - '2026-06-23T12:00:00Z'
          format: date-time
          type: string
      required:
        - provider
        - certPresent
        - oauthPresent
        - updatedAt
      type: object
    Detail:
      additionalProperties: false
      properties:
        code:
          description: >-
            Stable, machine-readable domain error code scoped to the emitting
            service (format: <SERVICE>-NNNN).
          examples:
            - ERR-0001
          type: string
        detail:
          description: >-
            A human-readable explanation specific to this occurrence of the
            problem.
          examples:
            - Property foo is required but is missing.
          type: string
        errors:
          description: Optional list of individual error details
          items:
            $ref: '#/components/schemas/ErrorDetail'
          type:
            - array
            - 'null'
        instance:
          description: >-
            A URI reference that identifies the specific occurrence of the
            problem.
          examples:
            - https://example.com/error-log/abc123
          format: uri
          type: string
        status:
          description: HTTP status code
          examples:
            - 400
          format: int64
          type: integer
        title:
          description: >-
            A short, human-readable summary of the problem type. This value
            should not change between occurrences of the error.
          examples:
            - Bad Request
          type: string
        type:
          default: about:blank
          description: A URI reference to human-readable documentation for the error.
          examples:
            - https://example.com/errors/example
          format: uri
          type: string
      type: object
    ErrorDetail:
      additionalProperties: false
      properties:
        location:
          description: >-
            Where the error occurred, e.g. 'body.items[3].tags' or
            'path.thing-id'
          type: string
        message:
          description: Error message text
          type: string
        value:
          description: The value at the given location
      type: object
  securitySchemes:
    BearerAuth:
      bearerFormat: JWT
      description: JWT bearer token issued by the identity provider.
      scheme: bearer
      type: http

````