Ask a Question
Log In / Sign Up
Choose a Product Community
AlertSite
AQTime Pro
BitBar
Collaborator
CrossBrowserTesting
Cucumber Open Source
CucumberStudio
LoadComplete
LoadNinja
QAComplete
ReadyAPI
SoapUI Open Source
Swagger Open Source
SwaggerHub
Swagger Inspector
TestComplete
TestLeft
Zephyr Scale
Zephyr Squad
Zephyr Enterprise
Resources
Ask a Question
Log In Sign Up

Confused about defining the spec for auth

gantiplex
New Contributor
‎01-09-2023 12:00 AM
‎01-09-2023 12:00 AM

Confused about defining the spec for auth

Preface: Unsure of the board this question needs to be posted on . . . there is no OAS specific one.

- If were to have a single endpoint for authentication, I would define like so at the global level: 

 

components:
  securitySchemes:
    OAuth:
      type: oauth2
      description: OAuth2 authentication scheme based on JWT
      flows:
        implicit:
          authorizationUrl: /namespace/auth
          scopes:
            machine: Grants access to namespace for machine operations
            user: Grant access to namespace for a given client's user operations
            reseller: Grant access to namespace for reseller operations
            suppport: Grant access to namespace for support operations
            developer: Grant access to namespace for developer operations
            admin: Grant access to namespace for admin operations
            superadmin: Grant access to namespace for superadmin operations

 

 - But for project specific reasons, I have split the authentication pipeline into the following:  

 

namespace/auth/machine
namespace/auth/user

 

- Confusion is about where to define the security schemes (docs say global components/securitySchemes) and the authorizationUrl

Labels:
0 Kudos
2 REPLIES 2
ponelat
Staff
Staff
‎01-09-2023 03:45 AM
‎01-09-2023 03:45 AM

Hi @gantiplex ,

 

Do you mean to say that the authorizationUrl in your security is unique for each user or machine? 

Something like this... "/namespace/auth/{user}" and "/namespace/auth/{machine}" where "user" is a placeholder for the user's name or ID? 

That isn't possible with OpenAPI spec at the moment.

 

Or are you looking to describe exactly two different URLs, exactly "/namespace/auth/user" and "/namespace/auth/machine? For that it is possible to define as many as you like and to use them on different operations are you need. 

 

As a brief example of how security works (skip if you're familiar with this already)

openapi: 3.0
#...
paths:
  /foo:
    get: 
      security: 
        - authMachine: [...scopes]
        - authUser: [...scopes]
# ...
components:
  securitySchemes:
    authMachine:
    # ...
    authUser:
    # ...

Where you reference named securitySchemes from individual operations or paths.

0 Kudos
gantiplex
New Contributor
‎01-11-2023 05:34 AM
‎01-11-2023 05:34 AM

Example makes sense. I think my confusion was due to singular implicit declaration. Of course you can declare multiple and associate them . . . 😅

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: