Enhancement: Injectable security constructs that fill security
and securityScheme
#3203
Labels
Enhancement
This is a new feature or request
Summary
There are 4 ways to authenticate/authorize requests:
AbstractAuthenticationMiddleware
middlewareAbstractSecurityConfig
middlewareThere are certain shortcomings:
AbstractAuthenticationMiddleware
does not addsecurity
andsecurityScheme
(but you can define it per layer)AbstractSecurityConfig
injectssecurity
andsecurityScheme
globally instead of per operation (Bug:AbstractSecurityConfig
setssecurity
for all paths, even thoseexclude
d #3013). Also, you can only define it per application, not per layer (ie. routers, controllers, handlers). Even if Bug:AbstractSecurityConfig
setssecurity
for all paths, even thoseexclude
d #3013 gets fixed, it's inconvenient having to exclude routes per path (string values) and not being able to define this per layer.Usual DI logic works just fine, but if you don't actually need the value it injects, linters may nag you and IDEs render the parameter as grayed out (because it's not used). Plus, it's not possible to adjust the
security
/securityScheme
via it (at least not without hacks).Guards don't support DI, and cannot alter
security
/securityScheme
What's needed is a mechanism that:
security
per layer andsecurityScheme
(when needed, to the global level)Basic Example
So, with the idea that:
security
andsecurityScheme
are filled automatically and only where neededSomething like that?
Drawbacks and Impact
No response
Unresolved questions
No response
Note
While we are open for sponsoring on GitHub Sponsors and
OpenCollective, we also utilize Polar.sh to engage in pledge-based sponsorship.
Check out all issues funded or available for funding on our Polar.sh dashboard
The text was updated successfully, but these errors were encountered: