connexion icon indicating copy to clipboard operation
connexion copied to clipboard
verified publisher icon spec-first

Add option to CLI, App and add_api to disable security verification.

Open mjp4 opened this issue 1 year ago • 3 comments

Changes proposed in this pull request:

  • Add option to CLI, App and add_api to disable security verification. This will make it easier to mock out external APIs that specify security, or to disable security for prototyping, for testing, or for deployment behind an API gateway handling security. (As per use case https://connexion.readthedocs.io/en/latest/middleware.html#customizing-the-middleware-stack)

mjp4 avatar Feb 10 '24 17:02 mjp4

Coverage Status

coverage: 94.176% (-0.04%) from 94.214% when pulling d1363001b0ae2d8ca8be345149e6bfe10275689b on mjp4:no-security-option into 3e64fe46e9b8f63f605bdd5a77ad06704c4805b3 on spec-first:main.

coveralls avatar Feb 11 '24 21:02 coveralls

Thanks @mjp4! Agree that this would be useful, we use a gateway for security as well.

I'm still thinking about the approach though. Another option would be to remove the SecurityMiddleware from the stack. That would prevent us from having to propagate this argument everywhere, but would only work on an App level. Let me think about it and come back.

If we add this option, we should update the documentation example you linked though to prevent confusion.

RobbeSneyders avatar Feb 13 '24 22:02 RobbeSneyders

I would prefer removing the security middleware from the stack so we don't need to pass the information along everywhere. For example, imo the security middleware shouldn't have to parse this option but we should not have the security middleware in the middleware stack as a whole

Ruwann avatar May 16 '24 11:05 Ruwann