New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] - Allow payload definition for JWT schema #1971
Comments
I'm unsure if
is valid yaml. |
Do you mean not a valid yml or openApi spec? |
it's not valid yaml.
|
I'd like to see this kind of feature available. Maybe the schema could be something like this: securitySchemes:
AppJwt:
type: http
scheme: bearer
bearerFormat: JWT
properties:
header: '#/components/schemas/AppJwtHeader'
payload: '#/components/schemas/AppJwtPayload'
schemas:
AppJwtPayload:
type: object
properties:
userId:
type: string
AppJwtHeader:
type: object
properties:
alg:
type: string
typ:
type: string Here I'm using different schemas for the header and the payload. I used the |
@DavidePastore iiuc in your proposal, A standard JWT json representation is described in https://tools.ietf.org/html/rfc7515#section-7.2.1 and probably that would be the correct way to define a JWT schema, eg.
Still I don't have a way to describe in a standard way the requirements, which can be impacted not only by the schema but on the validation specifications, eg. see https://github.com/zalando/connexion/blob/master/examples/openapi3/jwt/openapi.yaml#L45 |
HI @ioggstream. Yes, you got the point. Can I help in some ways to add the JWT definition (header and payload) support? |
@DavidePastore I think we should find a suitable way to extend the SecurityScheme. I spent some time trying to do it with mutualTLS but without great results :) I'd start reading some of the issues https://github.com/OAI/OpenAPI-Specification/search?q=securityschemes&type=issues and once there's a proposal we can ping the other folks. |
@darrelmiller do you perceive any interest in this topic? |
I'm not sure this solves your problem, but checkout the third example from a section of the 2020-12 JSON Schema, which is supported in OpenAPI 3.1. |
Thanks @jdesrosiers! The point now is how to associate the JWT syntax to a securityScheme. |
Hello, @MikeRalphson! I would like to use this feature. Can I help with the implementation in any way? |
Is your feature request related to a problem?
Yes. The clients will be able to know what they expect within the payload of the JWT. It will save time to parse the payload on the client-side.
Describe the solution you'd like
In the security schemas sections, the developer should be able to provide the JWT payload as another sub-schema.
Something like:
Thanks.
The text was updated successfully, but these errors were encountered: