docusaurus-openapi-docs icon indicating copy to clipboard operation
docusaurus-openapi-docs copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

Mask password fields

Open drwelby opened this issue 1 year ago • 2 comments

OpenAPI supports optional "formats" on certain types:

https://spec.openapis.org/oas/v3.1.0#data-types

One of these is format: password for hinting to clients to mask the input.

This would be a useful addition so that docs can be used in demos and screencasts without revealing the presenter's password.

drwelby avatar Feb 28 '24 16:02 drwelby

I'm not very fluent in Typescript but after poking around I think that this could work with the existing components with

password = {param.format} or maybe password = {param.format | false} around here: https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/blob/a3b467ca3234f0bc88c761631d07a2f1284d6773/packages/docusaurus-theme-openapi-docs/src/theme/ApiExplorer/ParamOptions/ParamFormItems/ParamTextFormItem.tsx#L23

The question then is what should happen in the code samples - could they render as asterisks?

drwelby avatar Feb 28 '24 17:02 drwelby

Hi @drwelby, we looked at masking password input in the past but, since they are ultimately displayed in code snippets, it seemed like a moot point. Still, there may be some value in masking the input field since it's more visible.

I suppose we could find a way to mask in code snippets but still send the real password when "Send API Request" is clicked.

sserrata avatar Mar 21 '24 17:03 sserrata