How to deal with authentication

[mzaglia]

How authentication and authorization should be used with spectree?

[kemingy]

Currently, spectree will validate the data and generate the OpenAPI document. If the validation failed, it will return 422 with details. It doesn't support special Auth parameters #56 and status code 401 or 403.

If you want to use this library with authentication and authorization, you can define the schema for headers and do the auth by yourself.

I know this is not perfect. Welcome PR.

[alexted]

The ability to specify whether the endpoints are protected by authorization (particularly per endpoint or/and in general on app level) and if so, to specify what kind of authorization is uses - a very needed feature. Please, add it.
Subscribed to this topic.

[vaosilva]

The ability to specify whether the endpoints are protected by authorization (particularly per endpoint or/and in general on app level) and if so, to specify what kind of authorization is uses - a very needed feature. Please, add it.
Subscribed to this topic.

Yes. Very true. Subscribed as well.
I started using spectree for a flask API I'm contributing to and only later on I noticed the lack of this.
The pull request that implements these features failed the linting due to 3 lines being too long... 😅

[kemingy]

The pull request that implements these features failed the linting due to 3 lines being too long... 😅

Will merge it to another branch and fix the lint today.

[vaosilva]

@kemingy Thanks a lot, and congrats for this awesome project!