Add support for "Bearer Authentication" in operations
Closed this issue · 3 comments
Bearer Authentication can be enabled in Swagger when applying a security property.
swagger.json
{
"/identity-providers/{id}": {
"delete": {
"consumes": ...,
"parameters": ...,
"produces": ...,
"responses": ...,
"security": [
{
"bearer": []
}
]
}
}
}Until we figure out how to internally store the access token (this.accessToken), we can add a parameter to functions which map authenticated endpoints, so that users can supply a callback which is responsible for returning the access token.
Suggestion
async deleteById(id: string, accessTokenCallback: () => Promise<string>): Promise<void> {
const accessToken = await accessTokenCallback();
const config: AxiosRequestConfig = {
headers: {
Authorization: `Bearer ${decodeURIComponent(accessToken)}`
},
method: 'delete',
url: `/identity-providers/${id}`,
withCredentials: true,
};
await this.apiClient.request(config);
}Maybe the tokenCallback could be set as an option in the APIClient constructor. And every route which is configured with the bearer security setting would retrieve the token when needed. This way i would not need to add the function to each call in an API which depends on it for every route.
@arkraft Good point, but what about different authorizations for some endpoints? We should maybe also add the tokenCallback as an optional argument?
@arkraft what we are implementing here is the security declaration in the operation object. What you are talking about is the security declaration in the swagger object, right?
The difference is, that the security declaration in an operation object only apply to this specific operation, while the security declaration in the swagger object applies to the whole API.