drf_openapi
drf_openapi copied to clipboard
limdauto
Oauth2 token authentication not recognized
- DRF OpenAPI version: newest
- Python version: 3.6
I try to get a schema documentation for my django-oauth2-toolkit oauth2 authenticated app. DRF Open Api doesn't recognize the oauth2 token authentication but recognizes it as the Basic Django authentication. I need a proper schema.json file
These are my DRF settings:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
# 'rest_framework.authentication.SessionAuthentication',
],
'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.URLPathVersioning',
'DEFAULT_VERSION': '0.1',
'ALLOWED_VERSIONS': ['0.1'],
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
'PAGE_SIZE': 100,
}
What did I do wrong or does DRF Open API just not recognize oauth2? How could I solve this?
As far as I can tell, this is just not well supported in the django-rest-swagger library on which this library builds. They simply have a setting for it, that you can also use when using drf-openapi.
SWAGGER_SETTINGS = {
'SECURITY_DEFINITIONS': {
'oauth2': {
'flow': 'application',
'tokenUrl': '/oauth2/token/',
'scopes': {
'write': 'Write description.',
'read': 'Read description'
}
}
},
}
This will be picked up fine by the schema in JSON format but the Redoc UI (renderer) doesn't do much with it (and leaves authentication blank).
See: https://django-rest-swagger.readthedocs.io/en/latest/settings/
ReDoc in turn also allows some fiddling with it to get it in.
See: https://github.com/Rebilly/ReDoc/blob/master/docs/security-definitions-injection.md
