swagger-js icon indicating copy to clipboard operation
swagger-js copied to clipboard

Published 20 hours ago verified publisher icon swagger-api

applySecurities fails as securityDef is returned as undefined.

Open sahilkhanna opened this issue 3 years ago • 4 comments

securityDef is returning undefined because get function is not able to look through nested object. Although the spec included the security definition get functioned failed to look for securitySchemes key. https://github.com/swagger-api/swagger-js/blob/e0003d0d29a561a36c01004a3b65bdae5bc56b84/src/execute/oas3/build-request.js#L94

This is probably because the webpack config doesn't enable the Deep property path support for methods like _.get, _.has, & _.set. feature set

I was using https://swaggerapis.rainmaker.espressif.com/ API which involves getting an AccessToken(apiKey) after sending a login request. All rest of the authorised API calls used this token for verification. Whenever I made a request, securityDef would be undefined and API call would not execute.

I highly suspect the fix is just to add the above feature set to the loadlash module.

Thanks.

sahilkhanna avatar Jan 31 '22 11:01 sahilkhanna

Hey there,

unfortunately we are also facing this issue for our solution since version 3.17.0. The 3.16.1 works totally fine but if you debug into the code and go to line 94 mentioned above, the spec has got components as well as securitySchemes but lodash can't extract the definition.

Our securitySchemes are as following:

components:
  securitySchemes:
    keycloak:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: /auth/realms/ourrealm/protocol/openid-connect/auth
          tokenUrl: /auth/realms/ourrealm/protocol/openid-connect/token
          scopes:
            our-scope: our-scope

Could you please take a look? This would save us from restructuring our frontend completely. Unfortunately this software needs to stay for some more years and we can't risk staying on a 2 year old version.

If you need some more information, please do not hesitate to contact me ;)

Best Regards Jonas

jonasvoelcker avatar Apr 06 '23 11:04 jonasvoelcker

I am running into the same issue, tho at some point I got it resolved by uninstall lodash and swagger-client and installing swagger-client again... However that does not work anymore and neither using 3.16.1 :(

transfluxus avatar May 15 '23 09:05 transfluxus

oh well it works with 3.16.1 , but its not possible to use it with the LodashWebpackPlugin

transfluxus avatar May 15 '23 09:05 transfluxus

Hey there,

here's a brief update to our problems above:

The securitySchemes problem seems to be fixed but we didn't notice it because there was another new problem, which showed the exact same behavior.

We were using 'openapi.yaml' as url and '/api' as server. In combination this resulted in a failure on this line:

const parsedUrl = ourUrl && contextUrl ? parseURIReference(_empty.url.resolve(contextUrl, ourUrl)) : parseURIReference(ourUrl);

It might be possible that the _empty-module was missing because of not using Webpack, we managed to fix it through using this initialization instead as it doesn't set the contextUrl any more:

image

jonasvoelcker avatar Jan 02 '24 18:01 jonasvoelcker