Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[REQ] Better authentication support to C# generators #2352

Open
wing328 opened this issue Mar 10, 2019 · 13 comments
Open

[REQ] Better authentication support to C# generators #2352

wing328 opened this issue Mar 10, 2019 · 13 comments
Labels
Client: C-Sharp Enhancement: Feature Feature: OAS 3.0 spec support Hacktoberfest help wanted Server: C-Sharp

Comments

@wing328
Copy link
Member

wing328 commented Mar 10, 2019

Is your feature request related to a problem? Please describe.

Add Bearer authentication support to C# generators

  • C# client
  • C# NET core
  • C# ASPNET
  • C# Nancy

References:
@wing328 wing328 added this to the 4.0.0 milestone Mar 10, 2019
@wing328 wing328 changed the title [REQ] Add Bearer authentication support to C# generators [REQ] Better authentication support to C# generators Mar 25, 2019
@wing328
Copy link
Member Author

wing328 commented Mar 25, 2019

To add better OAuth support to aspnetcore,

openapi-generator/modules/openapi-generator/src/main/resources/JavaSpring/libraries/spring-cloud/clientConfiguration.mustache

Lines 51 to 103 in 0eb385c

{{#isOAuth}}
@Bean
@ConditionalOnProperty("{{{title}}}.security.{{{name}}}.client-id")
public OAuth2FeignRequestInterceptor {{{name}}}RequestInterceptor() {
return new OAuth2FeignRequestInterceptor(new DefaultOAuth2ClientContext(), {{{name}}}ResourceDetails());
}
{{#isCode}}
@Bean
@ConditionalOnProperty("{{{title}}}.security.{{{name}}}.client-id")
@ConfigurationProperties("{{{title}}}.security.{{{name}}}")
public AuthorizationCodeResourceDetails {{{name}}}ResourceDetails() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setAccessTokenUri("{{{tokenUrl}}}");
details.setUserAuthorizationUri("{{{authorizationUrl}}}");
return details;
}
{{/isCode}}
{{#isPassword}}
@Bean
@ConditionalOnProperty("{{{title}}}.security.{{{name}}}.client-id")
@ConfigurationProperties("{{{title}}}.security.{{{name}}}")
public ResourceOwnerPasswordResourceDetails {{{name}}}ResourceDetails() {
ResourceOwnerPasswordResourceDetails details = new ResourceOwnerPasswordResourceDetails();
details.setAccessTokenUri("{{{tokenUrl}}}");
return details;
}
{{/isPassword}}
{{#isApplication}}
@Bean
@ConditionalOnProperty("{{{title}}}.security.{{{name}}}.client-id")
@ConfigurationProperties("{{{title}}}.security.{{{name}}}")
public ClientCredentialsResourceDetails {{{name}}}ResourceDetails() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
details.setAccessTokenUri("{{{tokenUrl}}}");
return details;
}
{{/isApplication}}
{{#isImplicit}}
@Bean
@ConditionalOnProperty("{{{title}}}.security.{{{name}}}.client-id")
@ConfigurationProperties("{{{title}}}.security.{{{name}}}")
public ImplicitResourceDetails {{{name}}}ResourceDetails() {
ImplicitResourceDetails details = new ImplicitResourceDetails();
details.setUserAuthorizationUri("{{{authorizationUrl}}}");
return details;
}
{{/isImplicit}}
{{/isOAuth}}
(in the spring template) is a good starting point.

@SeanFarrow
Copy link
Contributor

@wing328, In order to do this we'll probably need to keep track of whether the security is being set at a global level or on a specific API resource. We'll also need to add specific packages if bearer/oauth is being used at all, particularly on the client side.
How are controllers mapped to api resources in terms of the name?

@wing328
Copy link
Member Author

wing328 commented Mar 28, 2019
edited
Loading

In order to do this we'll probably need to keep track of whether the security is being set at a global level or on a specific API resource

I think we've taken care of this. The security definition in the endpoint level has already taken into account the global setting.

We'll also need to add specific packages if bearer/oauth is being used at all, particularly on the client side.

Yup, we can use {{#hasOAuthMethods}} ... {{/hasOAuthMethods}}

How are controllers mapped to api resources in terms of the name?

Please elaborate with an example.

@SeanFarrow
Copy link
Contributor

SeanFarrow commented Mar 28, 2019 via email

@wing328 wing328 mentioned this issue Mar 30, 2019
Closed
@wing328
Copy link
Member Author

wing328 commented Mar 30, 2019

Do we just need to add packages then?

Sorry I still don't understand the question. We can start with cloning the existing ASP.net Core 2.x generator and make it works with ASP.NET Core 3.0

cc @A-Joshi

@SeanFarrow
Copy link
Contributor

SeanFarrow commented Mar 30, 2019 via email

@SeanFarrow
Copy link
Contributor

What do we need to do to get auth working in C#?

@SeanFarrow
Copy link
Contributor

@wing328 I'm getting back in to development and able to look at this.
Does the oas spec differentiate between OAuth and OpenIDConnect?
If yes, we should probably do that.

@wing328
Copy link
Member Author

wing328 commented Apr 25, 2019

What do we need to do to get auth working in C#?

Which C# generators?

Again clientConfiguration.mustache#L51-L103 is a good starting point, which has better authentication support.

@wing328
Copy link
Member Author

wing328 commented Apr 25, 2019

openapi-generator/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java

Line 1196 in c88174e

.openIdConnectUrl(securityScheme.getOpenIdConnectUrl())

That's the only line I found related to OpenIDConnect support and I agree with you we should support that as well.

@SeanFarrow
Copy link
Contributor

@wing328 That makes sense from a client perspective, is there a sample server that implements authentication?

From looking at the C# asp.net core stuff, I don't think we support any authentication at all, so my question is how is authentication surfaced in properties within the generators on either an individual path, a specific http verb of a path (books/get) for example and then the whole API.

Once I understand all of this/have referenced code to look at, I should be able to crack on with authentication schemes in the next few days. I need this for a project asap.

@wing328 wing328 modified the milestones: 4.0.0, 4.0.1 May 13, 2019
@wing328 wing328 modified the milestones: 4.0.1, 4.0.2 May 31, 2019
@wing328 wing328 modified the milestones: 4.0.2, 4.0.3 Jun 20, 2019
@wing328 wing328 modified the milestones: 4.0.3, 4.1.0 Jul 9, 2019
@wing328 wing328 modified the milestones: 4.1.0, 4.1.1 Aug 9, 2019
@wing328 wing328 removed this from the 4.1.1 milestone Aug 26, 2019
@wing328 wing328 added this to the 4.1.2 milestone Aug 26, 2019
@wing328 wing328 modified the milestones: 4.1.2, 4.1.3 Sep 11, 2019
@wing328 wing328 modified the milestones: 4.1.3, 4.2.0 Oct 4, 2019
@wing328 wing328 removed this from the 4.2.0 milestone Oct 30, 2019
@FredCni
Copy link

FredCni commented Mar 23, 2023
edited
Loading

I'm using aspnetcore generator (server generator)

I have added this into my controller mustache at the method level

{{#hasOAuthMethods}}
        [Authorize("aScope")]
{{/hasOAuthMethods}}

This works fine when I have one scope.

But I'd like to use the scopes defined on each method in the specification.
Is this doable in the mustache in version 6.4.0 or would this require changes to the generator?
If the latter then where to start?

@hae-andrew-young
Copy link

This would be really nice to have!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Client: C-Sharp Enhancement: Feature Feature: OAS 3.0 spec support Hacktoberfest help wanted Server: C-Sharp
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wing328 @SeanFarrow @FredCni @hae-andrew-young