Add Oauth 1.0 Support #217
Comments
|
We are 2 days away from this, from the server + spec point of view. You can track the progress in this sample: https://github.com/wordnik/swagger-core/tree/develop-1.3/samples/scala-jaxrs The key points being:
Furthermore the description of the oauth endpoints appears in the resource listing like such (subject to change!): {
"apiVersion": "1.0.0",
"swaggerVersion": "1.2",
"basePath": "http://localhost:8002/api",
"apis": [
{
"path": "/api-docs/user",
"description": "Operations about user"
},
{
"path": "/api-docs/pet",
"description": "Operations about pets"
}
],
"authorizations": {
"oauth2": {
"type": "oauth2",
"scopes": [
"PUBLIC"
],
"grantTypes": {
"implicit": {
"loginEndpoint": {
"url": "http://localhost:8002/oauth/dialog"
},
"tokenName": "access_code"
},
"authorization_code": {
"tokenRequestEndpoint": {
"url": "http://localhost:8002/oauth/requestToken",
"clientIdName": "client_id",
"clientSecretName": "client_secret"
},
"tokenEndpoint": {
"url": "http://localhost:8002/oauth/token",
"tokenName": "access_code"
}
}
}
},
"apiKey": {
"type": "apiKey"
}
}
}
@GET
@Path("/{petId}")
@ApiOperation(value = "Find pet by ID",
notes = "Returns a pet based on ID",
response = classOf[Pet],
produces = "application/json,application/xml",
authorizations = "oauth2")which appear in the api declaration: "apis": [
{
"path": "/pet/{petId}",
"operations": [
{
"authorizations": [
"oauth2"
],
"parameters": [The next steps, after finalizing the spec format, is to update the swagger.js library to consume the updated spec, then move it into the swagger-ui. Feedback welcome! |
|
Will this support oauth 1.0 and will it support optional access tokens? |
|
have been focusing on oauth 2, but describing oauth 1 should be no problem |
|
Yeah, would be nice to have that as well as the optional access token & secret when doing it. |
|
Probably won't make it into 1.3.0-RC1 but hopefully by release, oauth 1.0 will be supported. |
|
When is release planned for? |
|
RC1 will be today. final as soon as possible :) |
|
Awesome! Yeah, we're really in desperate need of a consistent testing tool and Swagger is looking like the front-runner. If the Oauth 1.0 support makes it in, we'll be set. Is there somewhere I can check in at to stay up to date with progress? |
|
Did OAuth 1.0a make it into the 1.3 release in any way? |
|
No.
|
|
Any chance that it's in your roadmap at all? |
|
OAuth 1.0 is currently not supported by the Swagger Specification so it We just kicked off the Swagger 2.0 specification procedure, so feel free to
|
|
Done; thanks! |
|
Since it we now manage the spec separately, I'll close this issue for now. Should OAuth 1.0 support be added with the new version of the spec, it will also be supported by the version of swagger-core supporting that. |
It would be nice if I could document API end points as requiring a consumer key, consumer secret and optionally an access token and access secret.
These could then be used, along with a random nonce to automatically generate a signature for the current request.
Further to this, it'd be nice if these combinations could be set up as profiles in the documentation data for the API tester to make use or overridden.
Endpoint documentation would have to specify:
Oauth version (1.0).
Signature method
Query string or header injection of Oauth data
Consumer key + consumer secret
Token key + token secret
Nonce (randomly changed after every request, but directly settable for testing nonce collisions)
The text was updated successfully, but these errors were encountered: