openapi-generator icon indicating copy to clipboard operation
openapi-generator copied to clipboard

Published 20 hours ago verified publisher icon OpenAPITools

Issue 18599 rust server auth

Open cvkem opened this issue 1 year ago • 2 comments

This PR for Rust-Server contains a resolution for issue 18599 (Bearer/oAuth-token parsing missing). The solution also covers api-key and Basic (user-password) authentication.

The bearer, api-key and basic-token parsing are included in the core of the generated code based on a Trait AuthenticationApi. The actual implementation of this Trait is provided by the actual user (injected by user to achieve Inversion of Control (IoC). The example-code (server and client side) has been extended the code that parses the JWT-token and extracts the Scopes from them (server) and client code which creates a Bearer token for testing purpose.

The code check the Signature, the Audience (aud) and the Expiry time (exp) of the Bearer token and provides meaning-full logging on the server-side for the cause of the issue in case of a failure. The client-side only gets the message "unauthorized access".

The code has been tested on an example project to check all output compiles and runs under multiple scenario's.

I would like to ask for a review of someone from the Rust Technical Committee: @frol (2017/07) @farcaller (2017/08) @richardwhiuk (2019/07) @paladinzh (2020/05) @jacob-pro (2022/10)

PR checklist

  • [ x] Read the contribution guidelines.
  • [ x] Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
  • [x ] Run the following to build the project and update samples: 
    ./mvnw clean package 
./bin/generate-samples.sh ./bin/configs/*.yaml
./bin/utils/export_docs_generators.sh
    (For Windows users, please run the script in Git BASH) Commit all changed files. This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master. These must match the expectations made by your contribution. You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/configs/java*. IMPORTANT: Do NOT purge/delete any folders/files (e.g. tests) when regenerating the samples as manually written tests may be removed.
  • [x ] File the PR against the correct branch: master (upcoming 7.1.0 minor release - breaking changes with fallbacks), 8.0.x (breaking changes without fallbacks)
  • [x ] If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.

cvkem avatar May 16 '24 21:05 cvkem

https://github.com/OpenAPITools/openapi-generator/actions/runs/9119392437/job/25147922695?pr=18692

can you please take a look at the test failure when you've time?

wing328 avatar May 19 '24 11:05 wing328

Thanks @wing328 for flagging the issue and providing the link with the details. Based on this information I was able to reproduce the issue on my local machine and provide the fix to the template, and double-checked this solves the issue.

I have pushed an update template and included newly generated sample files.

cvkem avatar May 19 '24 19:05 cvkem

thanks for the PR. let's give it a try

wing328 avatar May 26 '24 08:05 wing328