openapi-to-postman icon indicating copy to clipboard operation
openapi-to-postman copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

Import OAuth2 flow settings from OpenApi spec

Open gn-stuckenberg opened this issue 3 years ago • 2 comments

Currently an OAuth2 Security Scheme in OpenAPI

 "securitySchemes": {
  "OAuth2": {
      "type": "oauth2",
      "description": "Lorem Ipsum",
      "in": "header",
      "scheme": "https",
      "flows": {
          "authorizationCode": {
              "authorizationUrl": "https://acme.com/oauth/authorize",
              "tokenUrl": "https://acme.com/oauth/token",
              "scopes": {
                  "read_stuff": "Grant read access to stuff"
              }
          }
      }
  }
}

will be converted to

"auth": {
  "type": "oauth2"
}

It would be nice if the settings from the OAuth2 flow would be included:

"auth": {
  "type": "oauth2",
  "oauth2": [
    {
      "key": "grant_type",
      "value": "authorization_code",
      "type": "string"
    },
    {
      "key": "authUrl",
      "value": "https://acme.com/oauth/authorize",
      "type": "string"
    }
    {
      "key": "accessTokenUrl",
      "value": "https://acme.com/oauth/token",
      "type": "string"
    },
    {
      "key": "scope",
      "value": "read_stuff",
      "type": "string"
    },
  ]
},

Beware that there may be multiple OAuth2 flows specified in OpenAPI. Therefore either only import first flow or add selection of flow via configuration option or similar.

gn-stuckenberg avatar Feb 21 '22 13:02 gn-stuckenberg

+1 to this request

suyashcjoshi avatar Jul 20 '22 04:07 suyashcjoshi

+1 to this request

taa-autorola-com avatar Aug 23 '22 09:08 taa-autorola-com

Would be very nice to have, otherwise we need to add some post-processor of the generated collection to include this information.

anikitin avatar Oct 28 '22 21:10 anikitin

@SahilChoudhary22 Can we look into this please^

SaloniV3011 avatar Nov 02 '22 04:11 SaloniV3011

@gn-stuckenberg Hi, this feature was added and released with openapi-to-postman v4.2.0.

PR - https://github.com/postmanlabs/openapi-to-postman/pull/614

Now if we take this Input as an example -

{
    "components": {
        "responses": {},
        "schemas": {},
        "securitySchemes": {
            "OAuth2": {
                "type": "oauth2",
                "description": "Lorem Ipsum",
                "in": "header",
                "scheme": "https",
                "flows": {
                    "authorizationCode": {
                        "authorizationUrl": "https://acme.com/oauth/authorize",
                        "tokenUrl": "https://acme.com/oauth/token",
                        "scopes": {
                            "read_stuff": "Grant read access to stuff"
                        }
                    }
                }
            }
        }
    },
    "info": {
        "title": "API",
        "version": "0.2"
    },
    "openapi": "3.0.0",
    "paths": {},
    "security": [
        {
          "OAuth2": [
            "read:stuff"
          ]
        }
    ],
    "servers": [
        {
            "url": "https://foobar.com",
            "variables": {}
        }
    ],
    "tags": []
}

the following will be the output (auth section)

...
  "auth": {
    "type": "oauth2",
    "oauth2": [
      {
        "key": "scope",
        "value": "read_stuff"
      },
      {
        "key": "accessTokenUrl",
        "value": "https://acme.com/oauth/token"
      },
      {
        "key": "authUrl",
        "value": "https://acme.com/oauth/authorize"
      },
      {
        "key": "grant_type",
        "value": "authorization_code"
      }
    ]
},
...

This should've solved this issue. if it did not, do let me know and I'll be happy to help. 👍

PS: You can observe the same behaviour in the postman app from v9.30.0-220817 and higher. CC: @suyashjoshi @anikitin @SaloniV3011

SahilChoudhary22 avatar Nov 02 '22 07:11 SahilChoudhary22