OpenAPI-Specification icon indicating copy to clipboard operation
OpenAPI-Specification copied to clipboard
verified publisher icon OAI

Use wildcard or regex in cookie name in Cookie Authentication

Open lauradP opened this issue 5 years ago • 2 comments

Hi, I need to use Cookie Authentication for my APIs, but the authentication cookie name's in my app changes every time you log in (only the cookie name prefix is known: shibsession).

I was looking for a way to specify cookies name pattern instead of the exact name. Is there such a feature?

lauradP avatar Jul 26 '20 07:07 lauradP

The API I'm describing has a similar problem. Although the API is the same across tenants, the cookie name depends on the tenant.

In this case, it would be helpful to be able use a template for the name, rather than just a string as indicated in https://spec.openapis.org/oas/v3.1.0#security-scheme-object.

For example:

securitySchemes:
  cookieAuth:
    type: apiKey
    description: >-
      The cookie name is a random string.
      The tenant administrator can view the string in
      Tenant Settings > Global Settings > Cookie.
    in: cookie
    # Actual name is something like: 
    #name: 46b42b4229cd7a3
    name: {tenantCookieName}

markcraig avatar Dec 08 '21 12:12 markcraig