swagger-codegen icon indicating copy to clipboard operation
swagger-codegen copied to clipboard
verified publisher icon swagger-api

[Nodejs] Typescript-axios generated client not applying security schemes

Open mastersilv3r opened this issue 1 year ago • 2 comments

Description

The generated client is not setting the access token in the header to the API calls, as per the security scheme mentioned in the Swagger spec. Even though I am explicitly passing the accessToken in the Configuration to the factory method.

My Code

import {PetApiFactory} from './api';
import {Configuration} from './configuration';

const c = new Configuration({
    "accessToken": "",
    "basePath": "https://petstore3.swagger.io/api/v3"
})

PetApiFactory(c).getPetById(207)
.then(console.log)
.catch(console.error);
Swagger-codegen version

7.2.0

Swagger declaration file content or url
Relevant Swagger part
"/pet/{petId}": {
			"get": {
				"tags": [
					"pet"
				],
				"summary": "Find pet by ID",
				"description": "Returns a single pet",
				"operationId": "getPetById",
				"security": [
					{
						"api_key": []
					},
					{
						"petstore_auth": [
							"write:pets",
							"read:pets"
						]
					}
				]
			},
Gist

Gist of Full Swagger File can be found here

Command line used for generation
java -jar openapi-generator-cli.jar generate     -i swagger.json     -o pet-store-client     -g typescript-axios
Steps to reproduce
  • [ ] Download the json file from the gist or use standard swagger 3.0 of pet store found at https://petstore3.swagger.io/
  • [ ] Generate the code via command shared above
  • [ ] cd pet-store-client //Go to the generated folder
  • [ ] touch main.ts //Create a ts file
  • [ ] Copy the code I have shared above in the ts file
  • [ ] Build and run the file. You will see in the console.log that the request headers do not have any header called accessToken set in them.
headers: Object [AxiosHeaders] {
      Accept: 'application/json, text/plain, */*',
      'Content-Type': undefined,
      'User-Agent': 'axios/1.6.5',
      'Accept-Encoding': 'gzip, compress, deflate, br'
    },

I am getting a successful response

data: {
    id: 207,
    category: { id: 207, name: 'Dogs' },
    name: 'doggie',
    photoUrls: [ 'string' ],
    tags: [ [Object] ],
    status: 'available'
  }
  • [ ] This is the issue. There should be accessToken header set in this request because I am configuring it. I have searched the full log but did not find it anywhere.

Or, have I got it all wrong and am not using it properly?

mastersilv3r avatar Feb 05 '24 20:02 mastersilv3r

@mastersilv3r This should do the job for you!

        const apiConfig: Configuration = {
            basePath: Environment.rBaseUrl,
            baseOptions: {
                headers: {
                    'Authorization': `Bearer ${Environment.AuthToken}`,
                },
            },
        };

rey4eel avatar Feb 19 '24 14:02 rey4eel

I had a very similar issue. What @rey4eel suggested works for your case but the token in my case will expire after the timeout so I need accessToken: asyncTokenFcn. Long story short, for me to get the config to work, I just need to specify the security for my endpoint in my openapi yaml.

I had to go into the generated code - setBearerAuthToObject was generated but never called. Then check the template to see what condition the call to setBearerAuthToObject is generated. So finally I realize I should be able to specify security type for my endpoint. :P And now I finally understand the meaning of Defined By ToolingExtension for Authorizations in the doc.

heyiming avatar Apr 22 '24 15:04 heyiming