Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simplistic implementation of OpenAPI security block for Auth #3251

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

gzoller
Copy link

@gzoller gzoller commented Dec 12, 2024

When generating the OpenAPI spec from Endpoints using OpenAPIGen.fromEndpoints() there currently is no apparent way to generate the "security" block for per-Endpoint Auth for OpenAPI. Endpoint has an authType field, which doesn't quite to line up 1-to-1 with the OpenAPI spec values for security, however it does include 3 common schemes: BasicAuth, BearerAuth, and DigestAuth. The authType field (AuthType) has some other defined values, such as Custom and Or (not sure what that is), that don't have an apparent map into an OpenApi value. OAuth is notably missing here.

This PR tweaks the OpenAPI gen code to generate the "security" block is one of these 3 auth schemes is specified on an Endpoint using (for exmaple) ".auth(AuthType.Bearer)". This auth type must match the defined scheme. Example below.

Note this PR does not attempt to auto-generate the components.securitySchemes block of OpenAPI. This must be done manually or via a new PR.

  val bearerAuthScheme = OpenAPI.SecurityScheme.Http(
    scheme = "bearer",
    bearerFormat = Some("JWT"), // Optional: specify the token format
    description = Some(Doc.p("Use a Bearer token for authentication."))
  )

  val hello_endpoint = Endpoint(RoutePattern.GET / "hello" ?? (Doc.p("Say hello to the people") + authHeaderDoc))
    .out[String](MediaType.text.plain, Doc.p("Just a hello message")) // force plaintext response, not JSON
    .auth[AuthType.Bearer](AuthType.Bearer). // <<< This will trigger the security block generation

  val openAPI_basic = OpenAPIGen.fromEndpoints(title = "Library API", version = "1.0", hello_endpoint)
  // Not clean, yet not terrible either...at least it's not hand-tooled JSON
  val openAPI = openAPI_basic
          .copy(
            components = Some(Components(
              securitySchemes = ListMap(Key.fromString("BearerAuth").get -> ReferenceOr.Or(bearerAuthScheme)),
              schemas = openAPIFirst.components.get.schemas
              ))
          )

@CLAassistant
Copy link

CLAassistant commented Dec 12, 2024

CLA assistant check
All committers have signed the CLA.

@gzoller gzoller force-pushed the feat/OpenAPIAuth branch 2 times, most recently from 7196a24 to 3b85330 Compare December 12, 2024 06:42
@gzoller gzoller requested a review from kyri-petrou as a code owner January 16, 2025 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants