add the ability to add authentiction information

Question

add the ability to add authentiction information

Closed this issue 7 years ago · 3 comments

Hello,

I'm started writing our own schema merger and stoped after finding your project.

Currently the only problem with your implemenation is, that nobody can add authentication information to a http call.
I know, that you are using the dereference method from swagger-parser and swagger-parser hasn't the ability to add authentication information.
But swagger-parser also accepts JSON objects, so you can preload it.

I think the best solution and the easiest for you is to add a new option parameter like resolveUrl and allows user specific resolving functions.

swaggerCombine.middleware('docs/swagger.json', { format: 'yaml', resolveUrl: resolveFn }
SwaggerParser.dereference(this.opts.resolveUrl ? this.opts.resolveUrl(api.url) : api.url, this.opts)

After this enhancments is impemented, I will validate you project again.

Thx

Answer 1 · 2017-10-04T09:52:08.000Z

Yes, this is indeed an issue which needs to be addressed. Thanks for pointing this out.

The problem with your proposed solution is that there would be one resolve function for all APIs, which means that if there are multiple API sources which all require different authentications the resolve function would have to handle all of them. This seems kind of complex and moves configuration logic from the config file to the swaggerCombine function call.

I would propose a different solution where all authentications can be configured in the config file, e.g.:

{
  "swagger": "2.0",
  "info": {
    "title": "Swagger Combine Authentication Example",
    "version": "1.0.0"
  },
  "apis": [
    {
      "url": "http://petstore.swagger.io/v2/swagger.json",
      "auth": {
        "username": "admin",
        "password": "secret123"
      }
    },
    {
      "url": "https://api.apis.guru/v2/specs/medium.com/1.0.0/swagger.yaml",
      "headers": {
      	"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6ImFkbWluIiwiYWRtaW4iOnRydWV9.44lJS0jlltzcglq7vgjXMXYRTecBxseN3Dec_LO_osI"
      }
    },
    {
      "url": "https://api.apis.guru/v2/specs/deutschebahn.com/betriebsstellen/v1/swagger.json",
      "headers": {
      	"Authorization": "Basic YWRtaW46c2VjcmV0MTIz"
      }
    }
  ]
}

This solution would allow Basic Auth and oAuth to be used and also other request headers can be added.

Answer 2 · 2017-10-04T10:08:49.000Z

That's correct.
I had my single point of view.

Do you have a roadmap for this enhancement?

Answer 3 · 2017-10-04T11:32:24.000Z

We can start the implementation this week so maybe it will be finished next week.