WIP: Add Oauth2 Password flow

[guillemcanal]

This feature add support for the Oauth2 password flow when described like so in a Swagger 2.0 file:

securityDefinitions:
  auth:
    type: oauth2
    flow: password
    tokenUrl: http://domain.tld/oauth/token

This is pretty much a work in progress because it don't include unit/functional tests and it contains some unrelated work here and there, but I think it's worth a look ;)

[darosh]

@guillemcanal Thanks for your PR. I appreciate it, but the "work in progress" and "unrelated work" stuff makes it (hoping understandably) harder to analyze for me. :). Do you know about any live spec and instance we could use for simple test of the UI of this password flow? Like some specs in https://apis.guru/browse-apis/ ? This repo seems to be popular (42 stars, yay!) so I will probably update it (beginning with dependencies update etc first) soon.

[guillemcanal]

Yup sorry for the mess. I'll clean that up A.S.A.P.

Regarding the security scheme section, it is well documented on the official OpenAPI/Swagger2.0 specification

Basically, an oauth2 password is not that different, except that you don't need an authorizationUrl

We you have:

securityDefinitions:
  myAuth:
    type: oauth2
    flow: password
    tokenUrl: http://my.oauth-server.tld/token
    scopes:
      read: Read anything
      write: Write anything
      god: Activate god mode

...and the following on an operation:

/something:
  get:
    summary: Get something
    description: Blah Blah...
    responses:
      200:
        description: Yeah! Okay
    security:
      - myAuth: [read, write]

Then the oauth2 form should ask for a username and password. It will then issue a request to the endpoint described in securityDefinitions.myAuth.tokenUrl to obtain a token:

curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'grant_type=password&client_id=swagger-ui&username=johndoe&password=p@$$w0rd' \
http://my.oauth-server.tld/token