pyswagger icon indicating copy to clipboard operation
pyswagger copied to clipboard

Support for Bearer token in the header for OAuth2

Open skasturi opened this issue 8 years ago • 8 comments

In OAuth2, I am not able to get the Bearer token set in the header automatically. How do I get it working?

skasturi avatar Nov 30 '16 21:11 skasturi

I'm not familiar with Bearer token, and it seems this part is more precisely defined in 3.0 spec (https://github.com/OAI/OpenAPI-Specification/pull/807).

Right now OAuth2 supports in pyswagger is users need to provide the final token (to pyswagger.Security) after finishing the OAuth2 flow.

Reply @skasturi The swagger.json should at least contain this definition (this is the minimum requirement of server support OAuth2 token in Bearer format):

...
"securityDefinitions":{
   "your_token":{
      "type":"apiKey",
      "in":"header",
      "name":"Authorization"
   }
}
...

And once you get the token, you need to update it to pyswagger.Security object with what Bearer token described

import Security from pyswagger
your_token = xxxxxxxxx # assume you get the Bearer token somewhere
s = Security(app)
s.update_with('your_token', 'Bearer ' + your_token)

If you've done those and still can't make Bearer token set in header automatically, please let me know, it's definitely a bug.

mission-liao avatar Dec 01 '16 13:12 mission-liao

Hi @mission-liao Thank you very much for you response. What you mentioned is what I am trying to do to hack this out. But I believe we should support this in pyswagger natively. As you mentioned looks like it is part of v 3.0 spec. But, I guess it is simple enough to be added even now. What do you think?

skasturi avatar Dec 18 '16 04:12 skasturi

I think yes, I can add those defined in 3.0 to current implementation of pyswagger, since they'll be supported later.

mission-liao avatar Dec 19 '16 05:12 mission-liao

Thanks, I need this too

My temporary solution is to manually add the token to the header:

token = get_token()  # get the token somehow

client = Client()
client._Client__s.headers['Authorization'] = 'Bearer ' + token

erikpotterbsx avatar Dec 19 '16 20:12 erikpotterbsx

@erikpotterbsx @skasturi what I prefer to provide is to support partial of 3.0 spec in current pyswagger, that is, pyswagger can read the spec contains

scheme: "bearer"

and automatically prefix "Bearer " with token when assigned to "Authorization" in header.

However, I guess it's not the solution you need because the swagger.json provided by service also needs to be modified to "partially fit" to Open API 3.0 spec.

I guess what you need is to have a special method in pyswagger.Security, will automatically prefix "Bearer " when providing tokens, right?

mission-liao avatar Dec 23 '16 05:12 mission-liao

Here is my proposal:

  • a new function would be added to pyswagger.Security to prefix 'bearer ' automatically.
  • when that function is used, a flag would be added to the pyswagger.Security to indicate that object can't be used with OpenAPI 3.0 (service supports Open API 3.0 should use new schema to declare this part)

mission-liao avatar Dec 31 '16 00:12 mission-liao

prefer to postpone this issue, because there is little thing we can do at this moment:

we can provide a special method (or a dedicated class) for users to specifically set a Bearer token, however, it's not a big imporvement for usage because users can still set a Bearer token by prefixing the token with "Bearer " by themselves.

mission-liao avatar Jan 09 '17 01:01 mission-liao

Thanks for the patience @mission-liao. I think we can live with this for now while support for 3.0 is being implemented.

skasturi avatar Feb 22 '17 04:02 skasturi