-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Swagger Strategy #51
Comments
Thank you. I will look into that. |
no problem @antek-drzewiecki . if you can help me triage this (where the bugs are), i'm happy to put some time in time to get it fixed. |
You got a good point there. There is currently no way to define the base swagger documentation with the correct authorization methods except for manually. Currently what I do is define it manually. I am thinking of a more lasting solution then my 'workaround' This is what i've added to my API description. class API < Grape::API
format :json
use ::WineBouncer::OAuth2
SITE_URL = 'https://www.my-cool-website.com' # Put this in an initializer or somewhere else then here
rescue_from WineBouncer::Errors::OAuthUnauthorizedError do
Rack::Response.new(
{
id: 'unauthenticated',
message: 'Request failed because user is not authenticated.'
}.to_json, 401, 'Content-Type' => 'text/error').finish
end
oauth2
get :hello do
{ hello: "world" }
end
add_swagger_documentation base_path: '/api',
format: :json,
authorizations: {
oauth2: {
type: :oauth2,
scopes: [
{
scope: 'EDIT ME: the scope name',
description: 'EDIT ME: a scope description'
}
],
grantTypes: {
implicit: {
loginEndpoint: {
url: "#{SITE_URL}/oauth/authorize"
},
tokenName: 'access_token'
},
authorization_code: {
tokenRequestEndpoint: {
url: "#{SITE_URL}/oauth/token",
clientIdName: 'client_id',
clientSecretName: 'client_secret'
},
tokenEndpoint: {
url: "#{SITE_URL}//oauth/token/info",
tokenName: 'auth_code'
}
}
}
}
},
models: [] # optional models
end Given your git repository at : https://github.com/whatasunnyday/gsr-api-key/blob/master/app/api/api.rb Will this give the correct swagger docs? |
That looks really good. As a temporary workaround, I've done something a bit simpler. desc 'Return the the authenticated User', {
detail: 'Useful test to see if the client is '\
'correctly authenticated.',
entity: User::Entity,
http_codes: [
Errors::Unauthenticated.http_code
],
headers: {
'Authorization' => {
description: 'OAuth Bearer token used for authentication.',
required: true
}
}
}
get '/' do
...
end This gives me a field to add my access token to send in the header in the swagger docs. |
Nice one, this also makes sense. The downside it that you need to paste the access token across all endpoints you are using. This can get nasty when you have 20 endpoints to consume. I am trying to reproduce your description with, |
Do you want me to update anything on gsr-api-key? I was hoping that would make it easy to reproduce. Or the test case here: ruby-grape/grape-swagger-rails#25 Let me know what you're trying to reproduce. I will happily provide a minimal test case. |
@whatasunnyday , i think there has been some confusion before. I guess the actual problem is the (API Declaration authorisations spec)[https://github.com/swagger-api/swagger-spec/blob/master/versions/1.2.md#52-api-declaration]. In that case |
Yes, that was definitely the case. Thanks. As for the global authorization object, I'll think through a strategy for integrating it into wine_bouncer. |
I got the same problem as @whatasunnyday. |
hey @abarre, there is currently no solution other than work around described above (passing headers key in second desc arg) or passing authorization override to add_swagger_doc. |
Ill try to create an helper method to add the missing information to the swagger_docs. |
Hi,
When I use the the swagger strategy, my endpoint spits this out:
However,
"authorizations": { "oauth2": [] }
isn't correct.It should look something like this (more info on auth spec here).
This started when I posted this issue ruby-grape/grape-swagger-rails#13 on grape-swagger-rails saying that entering an api key would not add it the requests. We believed it was a problem upstream with swagger ui but a maintainer mentioned that the syntax was not swagger compliant (see: swagger-api/swagger-js#555).
The text was updated successfully, but these errors were encountered: