pyswagger
pyswagger copied to clipboard
Support for Bearer token in the header for OAuth2
In OAuth2, I am not able to get the Bearer token set in the header automatically. How do I get it working?
I'm not familiar with Bearer token, and it seems this part is more precisely defined in 3.0 spec (https://github.com/OAI/OpenAPI-Specification/pull/807).
Right now OAuth2 supports in pyswagger is users need to provide the final token (to pyswagger.Security) after finishing the OAuth2 flow.
Reply @skasturi The swagger.json should at least contain this definition (this is the minimum requirement of server support OAuth2 token in Bearer format):
...
"securityDefinitions":{
"your_token":{
"type":"apiKey",
"in":"header",
"name":"Authorization"
}
}
...
And once you get the token, you need to update it to pyswagger.Security object with what Bearer token described
import Security from pyswagger
your_token = xxxxxxxxx # assume you get the Bearer token somewhere
s = Security(app)
s.update_with('your_token', 'Bearer ' + your_token)
If you've done those and still can't make Bearer token set in header automatically, please let me know, it's definitely a bug.
Hi @mission-liao Thank you very much for you response. What you mentioned is what I am trying to do to hack this out. But I believe we should support this in pyswagger natively. As you mentioned looks like it is part of v 3.0 spec. But, I guess it is simple enough to be added even now. What do you think?
I think yes, I can add those defined in 3.0 to current implementation of pyswagger, since they'll be supported later.
Thanks, I need this too
My temporary solution is to manually add the token to the header:
token = get_token() # get the token somehow
client = Client()
client._Client__s.headers['Authorization'] = 'Bearer ' + token
@erikpotterbsx @skasturi what I prefer to provide is to support partial of 3.0 spec in current pyswagger, that is, pyswagger can read the spec contains
scheme: "bearer"
and automatically prefix "Bearer " with token when assigned to "Authorization" in header.
However, I guess it's not the solution you need because the swagger.json provided by service also needs to be modified to "partially fit" to Open API 3.0 spec.
I guess what you need is to have a special method in pyswagger.Security, will automatically prefix "Bearer " when providing tokens, right?
Here is my proposal:
- a new function would be added to pyswagger.Security to prefix 'bearer ' automatically.
- when that function is used, a flag would be added to the pyswagger.Security to indicate that object can't be used with OpenAPI 3.0 (service supports Open API 3.0 should use new schema to declare this part)
prefer to postpone this issue, because there is little thing we can do at this moment:
we can provide a special method (or a dedicated class) for users to specifically set a Bearer token, however, it's not a big imporvement for usage because users can still set a Bearer token by prefixing the token with "Bearer " by themselves.
Thanks for the patience @mission-liao. I think we can live with this for now while support for 3.0 is being implemented.