bravado
bravado copied to clipboard
Bravado fails to parse Security Definitions in OSS projects
I'm using two open source projects. Namely - Grocy and Gitea, which have their respective specifications hosted on demo instances. I tried to user their API via open-cli, which in turn uses Bravado. I'm using Arch Linux:
Python 3.7.4 (default, Oct 4 2019, 06:57:26)
[GCC 9.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import bravado
>>> bravado.version
'10.3.2'
I've got this output running the following command for Grocy:
open-cli --verbose https://en.demo.grocy.info/api/openapi/specification
.
It is complaining about security parameters.
I've nearly the same output for Gitea (complaining about SecurityParameters also). I can't seem to get deom's spec for Gitea, so I'm attaching swagger file for it.
I want to understand - is this an issue with Bravado or respective projects I'm using (and their respective methods of api generation)?
@ASMfreaK Thanks for reporting the issue. Something that I would highlight is that the specifications in https://en.demo.grocy.info/api/openapi/specification are Open Api specifications, while bravado does support Swagger 2.0 .
Checking the output linked for Gitea I notice that the endpoint /users/{username}/tokens/{token}
does have a token
path parameter, but all the endpoints have the Token
security definition.
This means that the endpoint has 2 token
parameters (one in the path and one in the query).
This is not an issue on the Swagger specification but rather an issue/limitation within the bravado library as it does not support multiple parameters with the same name on different location. Honestly I have no good idea to work this around ;(