OpenAPITools
Preliminary openIdConnect support
PR checklist
- [x] Read the contribution guidelines.
- [x] If contributing template-only or documentation-only changes which will change sample output, build the project before.
- [x] Run the shell script(s) under
./bin/(or Windows batch scripts under.\bin\windows) to update Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit, and these must match the expectations made by your contribution. You only need to run./bin/{LANG}-petstore.sh,./bin/openapi3/{LANG}-petstore.shif updating the code or mustache templates for a language ({LANG}) (e.g. php, ruby, python, etc). - [x] File the PR against the correct branch:
master,4.3.x,5.0.x. Default:master. - [x] Copy the technical committee to review the pull request if your PR is targeting a particular programming language.
Preliminary openIdConnect support
This is a (somewhat simplistic) approach to include some openIdConnect support into openapi-generator. As openIdConnect is simply a specialization of OAuth2 [1], I extented CodegenSecurity to include the isOpenIdConnect field. If this field is set to true, isOAuth is also set true.
Openid retrieves most information from openIdConnectUrl [2]. The JSON available at this URL is specified by the discovery protocol [3]. In the new Class OpenIdConnect, I retrieve the information and construct CodegenSecurity objects from it. This means that the openIdConnect discovery stuff is mainly consumed as OAuth2 flows (that are already handled by openapi-generator).
This should be enough to fix #4406 and similiar bugs were the fix is simply to treat openIdConnect as some sort of OAuth2.
Certainly this solution could be extended (later) for more openIdConnect specific stuff.
[1] https://blog.runscope.com/posts/understanding-oauth-2-and-openid-connect [2] https://swagger.io/docs/specification/authentication/openid-connect-discovery/ [3] https://openid.net/specs/openid-connect-discovery-1_0.html
Thanks for the PR but your commit (as shown in the Commits tab) is not linked to your Github account, which means this PR won't count as your contribution in https://github.com/OpenAPITools/openapi-generator/graphs/contributors.
Let me know if you need help fixing it.
Ref: https://github.com/OpenAPITools/openapi-generator/wiki/FAQ#how-can-i-update-commits-that-are-not-linked-to-my-github-account
@wing328: Thank you for your comment, I've updated and merge-squashed my PR with an appropriate author email.
Looks like it's causing issues. E.g. haskell client generator:
ERROR: Failed to run haskell-http-client
--
5961 | java -jar ./modules/openapi-generator-cli/target/openapi-generator-cli.jar generate -i modules/openapi-generator/src/test/resources/2_0/petstore-with-fake-endpoints-models-for-testing.yaml -g haskell-http-client -o /tmp/openapi-generator-test-fake-petstore/2.0/haskell-http-client
Ref: https://cloud.drone.io/OpenAPITools/openapi-generator/2464
@aanno2 can you please file a PR (or update this PR) to include only the enhancements without updating all the samples to start with? That will make it easier to review and accept your PR.
@wing328: As requested I have updated this PR (a) to the current master and (b) removed the modifications of samples.
What are the plans with this? openIdConnect is a well established standard. What are the reasons why this PR seems to be stale since 2 years?
I've got no clue why this has not been merged in time. I have written the changes for a professional project of mine that is still in production. But I even wonder if it is still relevant.
Well, I did it as aanno2 (still me) because I had problems to use my normal account due to strange security constraints at my former working place.
Are you planning on merging this ? OIDC is widely used, and the lack of it's support is a real pain.
