Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security schemes in OpenApi V3 #413

Open
fagossa opened this issue Mar 21, 2022 · 1 comment
Open

Security schemes in OpenApi V3 #413

fagossa opened this issue Mar 21, 2022 · 1 comment

Comments

@fagossa
Copy link

fagossa commented Mar 21, 2022

Hello,

I've being trying to with with an Authorization header using the following pattern

route
  .get('/user/:id(int)')
  .use(authHeader)

...
export const authHeader = Parser
    .headers(t.strict({ Authorization: t.string }))

then with typera-openapi I'am able to generate the related OpenApi v3 specs.

However, it seems that this auth technique is not supported by OpenApi anymore.

They've introduced a concept called security schemes

components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer

Relevant documentation is in here https://swagger.io/docs/specification/authentication/

As far as I know typera does not support security schemas and I'm wondering how this kind of feature could be implemented? maybe extending RouteConstructor? I've just discovered the library today but I'm eager to add the feature with some help.

Thanks a lot for the hard work
@akheron
Copy link
Owner

akheron commented Mar 23, 2022
edited
Loading

Hi! I'm glad to hear you like typera and typera-openapi :)

I wasn't familiar with the security stuff in OpenAPI v3. I read the docs and am now a bit confused about the whole thing.

First, the security schemes are more like data than types, so creating security schemes automatically in typera-openapi is not straightforward. Typera-openapi does it's job solely on the type level by employing the TypeScript compiler API.

Second, the OpenAPI v3 security schemes are global in the sense that they're defined once under components.securitySchemes and then referred to by name. If there was a solution for creating security scheme definitions based on some type-level information, how to assign the global name and reuse the schemes between different routes?

Third, typera doesn't really force (or help) you in building runtime stuff like authentication in any particular way. In the NodeJS world, authentication is usually handled by sophisticated middleware libraries like passport. How to map the use of a third party middleware to any particular security scheme definition?

I think it would be nice to support this stuff, but currently I have no clue on how to do it properly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akheron @fagossa