Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: add support for authentication #11

Open
a-h opened this issue Oct 27, 2023 · 2 comments
Open

feature request: add support for authentication #11

a-h opened this issue Oct 27, 2023 · 2 comments

Comments

@a-h
Copy link
Owner

a-h commented Oct 27, 2023
edited
Loading

To add JWT authentication to an API, requires this... as per https://swagger.io/docs/specification/authentication/bearer-authentication/

	spec, err := api.Spec()
	if err != nil {
		log.Error("failed to create spec", slog.Any("error", err))
		os.Exit(1)
	}

	spec.Components.SecuritySchemes = map[string]*openapi3.SecuritySchemeRef{
		"bearerAuth": {
			Value: openapi3.NewJWTSecurityScheme(),
		},
	}

	securitySchemeToScopes := openapi3.NewSecurityRequirement()
	securitySchemeToScopes.Authenticate("bearerAuth")
	spec.Security = *openapi3.NewSecurityRequirements().
		With(securitySchemeToScopes)

Since it's so common, maybe it would be better as:

        api.SetAuth(rest.JWTBearerAuth())

	spec, err := api.Spec()
	if err != nil {
		log.Error("failed to create spec", slog.Any("error", err))
		os.Exit(1)
	}

Not sure about how the API would look to support mixed authentication (some handlers authenticated, some open). Maybe that would be out of scope.
@the-pawn-2017
Copy link

I am willing to undertake all this work.Although with some programming experience under my belt, I have only recently started contributing code to the community, specifically through platforms like GitHub, collaborating with others. Your patience may be needed as I navigate linguistic barriers and get accustomed to the workflow processes.

@debuggerpk
Copy link

debuggerpk commented Oct 20, 2024
edited
Loading

Thank you for your work.

An API generally has some public endpoints and some private endpoints. We set the security per endpoint.

We have an API that has security schema per route, so the method should be available on route as well.

  /auth/teams:
    post:
      summary: Create a new team
      description: Create a new team
      operationId: create-team
      tags:
        - auth
      requestBody:
        description: Team to create
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/CreateTeamRequest"
      security:
        - BearerAuth: []
      responses:
        "201":
          description: Team created
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Team"
        "400":
          $ref: "../../shared/v1/schema.yaml#/components/responses/BadRequest"
        "401":
          $ref: "../../shared/v1/schema.yaml#/components/responses/Unauthorized"
        "500":
          $ref: "../../shared/v1/schema.yaml#/components/responses/InternalServerError"

I think the method should be per route.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@a-h @debuggerpk @the-pawn-2017