What's the correct way to have the securityscheme included in the generated swagger?</

Currently, the security scheme section can be configured via <code class="notranslate"

The code you gave: <div class="highlight highlight-source-java notranslate positio

For configuration: <a href="https://github.com/javalin/javalin

OpenAPI SecuritySchemes about javalin-openapi HOT 9 CLOSED

franck-malka commented on June 2, 2024

OpenAPI SecuritySchemes

from javalin-openapi.

Comments (9)

dzikoysk commented on June 2, 2024

Currently, the security scheme section can be configured via OpenApiPluginConfiguration. Take a look at the example module:

javalin-openapi/examples/javalin-gradle-kotlin/src/main/java/io/javalin/openapi/plugin/test/JavalinTest.java

Lines 108 to 125 in 4b8188a

 // Based on official example: https://swagger.io/docs/specification/authentication/oauth2/ 

 .withSecurity(new SecurityComponentConfiguration() 

 .withSecurityScheme("BasicAuth", new BasicAuth()) 

 .withSecurityScheme("BearerAuth", new BearerAuth()) 

 .withSecurityScheme("ApiKeyAuth", new ApiKeyAuth()) 

 .withSecurityScheme("CookieAuth", new CookieAuth("JSESSIONID")) 

 .withSecurityScheme("OpenID", new OpenID("https://example.com/.well-known/openid-configuration")) 

 .withSecurityScheme("OAuth2", new OAuth2("This API uses OAuth 2 with the implicit grant flow.") 

 .withFlow(new ImplicitFlow("https://api.example.com/oauth2/authorize") 

 .withScope("read_pets", "read your pets") 

 .withScope("write_pets", "modify pets in your account") 

 ) 

 .withFlow(new ClientCredentials("https://api.example.com/credentials/authorize")) 

 ) 

 .withGlobalSecurity(new Security("OAuth2") 

 .withScope("write_pets") 

 .withScope("read_pets")) 

 )

from javalin-openapi.

franck-malka commented on June 2, 2024

Yes, this I understand. But I think it should be reflected on the swagger JSON file and I believe it's not. Franck.

…

On Mon, 4 Sept 2023, 18:36 dzikoysk, ***@***.***> wrote: Currently, the security scheme section can be configured via OpenApiPluginConfiguration, take a look at the example module: https://github.com/javalin/javalin-openapi/blob/4b8188a74650d62a8438edf3e9d3b7af0a2592cc/examples/javalin-gradle-kotlin/src/main/java/io/javalin/openapi/plugin/test/JavalinTest.java#L108-L125 — Reply to this email directly, view it on GitHub <#201 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMPYYPV3EU6O6L2D7GEKRWDXYXYRDANCNFSM6AAAAAA4KMG5GY> . You are receiving this because you authored the thread.Message ID: ***@***.***>

from javalin-openapi.

dzikoysk commented on June 2, 2024

I think I need more information, because the example works properly. When you'll visit the OpenApi scheme, the following properties are added to the scheme & Swagger UI picks them up.

Could you provide an example with highlighted difference between generated scheme and expected result?

from javalin-openapi.

franck-malka commented on June 2, 2024

Let's say for example,i use this code .withSecurity(new SecurityComponentConfiguration() .withSecurityScheme("OAuth2", new OAuth2 ("This API uses OAuth 2 with the implicit grant flow.") .withFlow(new ImplicitFlow(" https://api.example.com/oauth2/authorize") .withScope("read_pets", "read your pets") .withScope("write_pets", "modify pets in your account") ) .withFlow(new ClientCredentials(" https://api.example.com/credentials/authorize")) ) .withGlobalSecurity(new Security("OAuth2") .withScope("write_pets") .withScope("read_pets")) )); then the swagger UI looks fine [image: image.png] but the swagger.json looks like this: =================== { "openapi" : "3.0.3", "info" : { "title" : "CAPIF Core Function", "description" : "3GPP TS 29.222 V18.0.0 Common API Framework for 3GPP Northbound APIs", "contact" : { "name" : "Slicce", "url" : "https://www.slicce.co/api-terms-of-service", "email" : ***@***.***" }, "version" : "1.1.5" }, "paths" : { "/api-invovation-logs/v1/{aefId}/logs" : { .... "security" : [ ] } } ========================= and I was expecting something like this: ========================= { "openapi" : "3.0.3", "info" : { "title" : "CAPIF Core Function", "description" : "3GPP TS 29.222 V18.0.0 Common API Framework for 3GPP Northbound APIs", "contact" : { "name" : "Slicce", "url" : "https://www.slicce.co/api-terms-of-service", "email" : ***@***.***" }, "version" : "1.1.5" }, "security" [ {}, { "oAuth2ClientCredentials": [ "client_id" ] } ], "paths" : { "/api-invovation-logs/v1/{aefId}/logs" : { .... I think some clients don't like the fact that the security section is missing.

…

-Franck.

On Mon, Sep 4, 2023 at 6:45 PM dzikoysk ***@***.***> wrote: I think I need more information, because the example works properly. When you'll visit the OpenApi scheme, the following properties are added to the scheme & Swagger UI picks them up. Could you provide an example with highlighted difference between generated scheme and expected result? — Reply to this email directly, view it on GitHub <#201 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMPYYPRWBQ2QZTVMCTCWMDDXYXZQVANCNFSM6AAAAAA4KMG5GY> . You are receiving this because you authored the thread.Message ID: ***@***.***>

from javalin-openapi.

dzikoysk commented on June 2, 2024

The code you gave:

.withSecurity(new SecurityComponentConfiguration()
  .withSecurityScheme("OAuth2", new OAuth2("This API uses OAuth 2 with the implicit grant flow.")
      .withFlow(new ImplicitFlow("https://api.example.com/oauth2/authorize")
      .withScope("read_pets", "read your pets")
      .withScope("write_pets", "modify pets in your account")
  )
  .withFlow(new ClientCredentials("https://api.example.com/credentials/authorize"))
)
.withGlobalSecurity(new Security("OAuth2")
  .withScope("write_pets")
  .withScope("read_pets"))
)

Produces valid scheme:

Make sure that you use the latest version of OpenAPI plugin & annotation processor runs on updated sources (clean package / clean build)

from javalin-openapi.

franck-malka commented on June 2, 2024

I use version 5.6.2-2 and I get an empty security object after clean + package

…

On Tue, Sep 5, 2023 at 12:17 AM dzikoysk ***@***.***> wrote: The code you gave: .withSecurity(new SecurityComponentConfiguration() .withSecurityScheme("OAuth2", new OAuth2("This API uses OAuth 2 with the implicit grant flow.") .withFlow(new ImplicitFlow("https://api.example.com/oauth2/authorize") .withScope("read_pets", "read your pets") .withScope("write_pets", "modify pets in your account") ) .withFlow(new ClientCredentials("https://api.example.com/credentials/authorize")) ) .withGlobalSecurity(new Security("OAuth2") .withScope("write_pets") .withScope("read_pets")) ) Produces valid scheme: [image: obraz] <https://user-images.githubusercontent.com/4235722/265541578-52f4c5d7-2806-4c86-a01a-aabdcec3587d.png> Make sure that you use the latest version of OpenAPI plugin & annotation processor runs on updated sources (clean package / clean build) — Reply to this email directly, view it on GitHub <#201 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMPYYPX5MMDQWKYDQ43GQ43XYZAOVANCNFSM6AAAAAA4KMG5GY> . You are receiving this because you authored the thread.Message ID: ***@***.***>

from javalin-openapi.

dzikoysk commented on June 2, 2024

Could you prepare a small example repository that I can clone & run to reproduce your issue?

from javalin-openapi.

franck-malka commented on June 2, 2024

I understand, i am just missing the security fields in the controller class annotations I found this example security = { @OpenApiSecurity(name = "BasicAuth") } is there a doc for oAuth2.0 specific annotations?

…

-Franck.

On Tue, Sep 5, 2023 at 2:36 PM dzikoysk ***@***.***> wrote: Could you prepare a small example repository that I can clone & run to reproduce your issue? — Reply to this email directly, view it on GitHub <#201 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMPYYPSXA4ZZ637LFCKFKTDXY4FCRANCNFSM6AAAAAA4KMG5GY> . You are receiving this because you authored the thread.Message ID: ***@***.***>

from javalin-openapi.

dzikoysk commented on June 2, 2024

For configuration:

https://github.com/javalin/javalin-openapi/blob/main/openapi-specification/src/main/kotlin/io/javalin/openapi/Security.kt

For annotations:

https://github.com/javalin/javalin-openapi/blob/main/openapi-specification/src/main/kotlin/io/javalin/openapi/OpenApiAnnotations.kt#L154-L159

That's basically all we have, and it reflects 1:1 the OpenAPI specification, so that's the best source of truth there.

from javalin-openapi.

OpenAPI SecuritySchemes about javalin-openapi HOT 9 CLOSED

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

	// Based on official example: https://swagger.io/docs/specification/authentication/oauth2/
	.withSecurity(new SecurityComponentConfiguration()
	.withSecurityScheme("BasicAuth", new BasicAuth())
	.withSecurityScheme("BearerAuth", new BearerAuth())
	.withSecurityScheme("ApiKeyAuth", new ApiKeyAuth())
	.withSecurityScheme("CookieAuth", new CookieAuth("JSESSIONID"))
	.withSecurityScheme("OpenID", new OpenID("https://example.com/.well-known/openid-configuration"))
	.withSecurityScheme("OAuth2", new OAuth2("This API uses OAuth 2 with the implicit grant flow.")
	.withFlow(new ImplicitFlow("https://api.example.com/oauth2/authorize")
	.withScope("read_pets", "read your pets")
	.withScope("write_pets", "modify pets in your account")
	)
	.withFlow(new ClientCredentials("https://api.example.com/credentials/authorize"))
	)
	.withGlobalSecurity(new Security("OAuth2")
	.withScope("write_pets")
	.withScope("read_pets"))
	)