open-api icon indicating copy to clipboard operation
open-api copied to clipboard

Published 20 hours ago verified publisher icon kogosoftwarellc

[express-openapi] - request authorisation

Open j-zimnowoda opened this issue 4 years ago • 0 comments

Hi,

The express-openapi is a great framework that I am using a lot these days.

I am wondering how do you implement request authorisation?

Here are the solutions that I came up so far:

authorization as x-express-openapi-additional-middleware

pros:

  • can return HTTP 403 if not authorised

cons:

  • is executed for all request (no knowledge about api spec security)
  • requires parsing operationDoc to decide if the request shall be checked or not

authorization as securityHandler

pros:

  • is executed only for request that have defined securitySchema

cons:

  • can return only HTTP 401 if not authorised (403 is preferred)
  • inability to throw an exception and catch it error middleware

Non mentioned approach fully satisfies me. I am wondering if you have ever faced this issue and if you have some guideline.

Regards

j-zimnowoda avatar May 20 '20 12:05 j-zimnowoda