Forum Discussion

gantiplex's avatar
gantiplex
New Contributor
2 years ago

Confused about defining the spec for auth

Preface: Unsure of the board this question needs to be posted on . . . there is no OAS specific one.

- If were to have a single endpoint for authentication, I would define like so at the global level: 

 

components:
  securitySchemes:
    OAuth:
      type: oauth2
      description: OAuth2 authentication scheme based on JWT
      flows:
        implicit:
          authorizationUrl: /namespace/auth
          scopes:
            machine: Grants access to namespace for machine operations
            user: Grant access to namespace for a given client's user operations
            reseller: Grant access to namespace for reseller operations
            suppport: Grant access to namespace for support operations
            developer: Grant access to namespace for developer operations
            admin: Grant access to namespace for admin operations
            superadmin: Grant access to namespace for superadmin operations

 

 - But for project specific reasons, I have split the authentication pipeline into the following:  

 

namespace/auth/machine
namespace/auth/user

 

- Confusion is about where to define the security schemes (docs say global components/securitySchemes) and the authorizationUrl

2 Replies

  • Hi gantiplex ,

     

    Do you mean to say that the authorizationUrl in your security is unique for each user or machine? 

    Something like this... "/namespace/auth/{user}" and "/namespace/auth/{machine}" where "user" is a placeholder for the user's name or ID? 

    That isn't possible with OpenAPI spec at the moment.

     

    Or are you looking to describe exactly two different URLs, exactly "/namespace/auth/user" and "/namespace/auth/machine? For that it is possible to define as many as you like and to use them on different operations are you need. 

     

    As a brief example of how security works (skip if you're familiar with this already)

    openapi: 3.0
    #...
    paths:
      /foo:
        get: 
          security: 
            - authMachine: [...scopes]
            - authUser: [...scopes]
    # ...
    components:
      securitySchemes:
        authMachine:
        # ...
        authUser:
        # ...

    Where you reference named securitySchemes from individual operations or paths.

  • gantiplex's avatar
    gantiplex
    New Contributor

    Example makes sense. I think my confusion was due to singular implicit declaration. Of course you can declare multiple and associate them . . . ğŸ˜…