Add support for "Bearer Authentication" in operations
Closed this issue · 3 comments
Bearer Authentication can be enabled in Swagger when applying a security
property.
swagger.json
{
"/identity-providers/{id}": {
"delete": {
"consumes": ...,
"parameters": ...,
"produces": ...,
"responses": ...,
"security": [
{
"bearer": []
}
]
}
}
}
Until we figure out how to internally store the access token (this.accessToken
), we can add a parameter to functions which map authenticated endpoints, so that users can supply a callback which is responsible for returning the access token.
Suggestion
async deleteById(id: string, accessTokenCallback: () => Promise<string>): Promise<void> {
const accessToken = await accessTokenCallback();
const config: AxiosRequestConfig = {
headers: {
Authorization: `Bearer ${decodeURIComponent(accessToken)}`
},
method: 'delete',
url: `/identity-providers/${id}`,
withCredentials: true,
};
await this.apiClient.request(config);
}
Maybe the tokenCallback
could be set as an option in the APIClient constructor. And every route which is configured with the bearer security setting would retrieve the token when needed. This way i would not need to add the function to each call in an API which depends on it for every route.
@arkraft Good point, but what about different authorizations for some endpoints? We should maybe also add the tokenCallback
as an optional argument?
@arkraft what we are implementing here is the security
declaration in the operation
object. What you are talking about is the security
declaration in the swagger
object, right?
The difference is, that the security
declaration in an operation
object only apply to this specific operation, while the security
declaration in the swagger
object applies to the whole API.