Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To fix #18599
This PR for Rust-Server contains a resolution for issue 18599 (Bearer/oAuth-token parsing missing). The solution also covers api-key and Basic (user-password) authentication.
The bearer, api-key and basic-token parsing are included in the core of the generated code based on a Trait AuthenticationApi. The actual implementation of this Trait is provided by the actual user (injected by user to achieve Inversion of Control (IoC). The example-code (server and client side) has been extended the code that parses the JWT-token and extracts the Scopes from them (server) and client code which creates a Bearer token for testing purpose.
The code check the Signature, the Audience (aud) and the Expiry time (exp) of the Bearer token and provides meaning-full logging on the server-side for the cause of the issue in case of a failure. The client-side only gets the message "unauthorized access".
The code has been tested on an example project to check all output compiles and runs under multiple scenario's.
I would like to ask for a review of someone from the Rust Technical Committee: @frol (2017/07) @farcaller (2017/08) @richardwhiuk (2019/07) @paladinzh (2020/05) @jacob-pro (2022/10)
PR checklist
Commit all changed files.
This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
These must match the expectations made by your contribution.
You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example
./bin/generate-samples.sh bin/configs/java*
.IMPORTANT: Do NOT purge/delete any folders/files (e.g. tests) when regenerating the samples as manually written tests may be removed.
master
(upcoming 7.1.0 minor release - breaking changes with fallbacks),8.0.x
(breaking changes without fallbacks)