-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generated OpenAPI spec lacks 'securityDefinitions' key #14268
Comments
@liggitt I think the cleanest change would be to update DefaultOpenAPIConfig to extract info from
WDYT? |
Looking at existing securityDefitions examples in the code, it looks like Oauth is considered a Bearertoken and rthere is no differentiation between that ans ServiceAccount tokens ... |
@simo5 does swagger differentiate between random noise tokens and JWTs? I believe they use the same header. I would assume you need to look at the swagger specification to determine how to represent tokens, certs, etc. |
Swagger (and code in origin) does not differentiate between JWT and other Bearer tokens. |
The generated OpenAPI spec is missing the securityDefinitions section that defines which security mechanisms the API supports (e.g. OAuth, HTTP Basic, etc).
This means clients generated from it using tools like Swagger Codegen lack security context and only work with endpoints that do not require auth.
Version
Current master branch.
Steps To Reproduce
Current Result
No output.
Expected Result
Additional Information
As a concrete example, here is an OpenShift PHP client generated using the 2.3.0 branch of Swagger Codegen from the current OpenShift API spec in master branch. The PHP codegen templates (correctly) only output auth code if the authMethods item is set, which is derived from the securityDefinitions key in the spec.
The example API spec provided by Swagger shows a correctly configured securityDefinitions item.
The text was updated successfully, but these errors were encountered: