swagger oauth 明白了,现在呢? [英] swagger oauth got it, so now what?
问题描述
我想将 oauth2 身份验证添加到我的 Web API 中,因此我创建了一个包含安全定义的规范:
I want to add the oauth2 authentication to my web API so i have created a spec with securitydefinitions:
"securityDefinitions": {
"OauthSecurity": {
"type": "oauth2",
"authorizationUrl": "http://localhost/oauth/dialog",
"flow": "implicit",
"scopes": {
"admin": "Admin scope",
"user": "User scope",
"media": "Media scope"
}
}
},
"security": [
{
"OauthSecurity": [
"user"
]
}
],
所以它在我的 API 上生成了一些注释:
so it generated me some annotations on my API:
@io.swagger.annotations.Authorization(value = "OauthSecurity", scopes = {
@io.swagger.annotations.AuthorizationScope(scope = "user", description = "User scope")
})
那我现在如何继续?我仍然可以毫无问题地访问(卷曲没有任何标题或令牌或其他任何东西)我的 API.
So how do i continue now? I still can acces (curl without any headers or tokens or whatsover) my API without any trouble at all.
当然,我可以创建 auth endpdoint,但不知何故我错过了生成的 API 和 oauth 之间的链接.
Sure i can create the auth endpdoint but i somehow miss the link between the generated API and oauth.
推荐答案
已经有一段时间了,根据 this,通过使用 OpenAPI 3.0,您可以:
Been a while and according to this, by using OpenAPI 3.0 you can do:
components:
securitySchemes:
oAuthSample: # <---- arbitrary name
type: oauth2
description: This API uses OAuth 2 with the implicit grant flow. [More info](https://api.example.com/docs/auth)
flows:
implicit: # <---- OAuth flow(authorizationCode, implicit, password or clientCredentials)
authorizationUrl: https://api.example.com/oauth2/authorize
scopes:
read_pets: read your pets
write_pets: modify pets in your account
我目前正在使用 Bearer Auth,效果很好.
I currently am using Bearer Auth, which works pretty well.
希望有帮助!
这篇关于swagger oauth 明白了,现在呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!