Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix security schemes in OpenAPI definitions #1772

Merged
merged 9 commits into from
Apr 9, 2024
Merged

Fix security schemes in OpenAPI definitions #1772

merged 9 commits into from
Apr 9, 2024

Conversation

zecakeh
Copy link
Contributor

@zecakeh zecakeh commented Mar 29, 2024
edited by github-actions bot
Loading

There are not a lot of different changes but there is a lot of search & replace.

The changes are:

  • Add the Authorization: Bearer security scheme as a different possibility to the query parameter for the client-server and identity APIs.
  • Fix the definition of the security scheme of the application service, to take advantage of the built-in OpenAPI schemes
  • Use $ref properly to reuse the security schemes. It's a bit more verbose as each scheme needs to be imported individually.

This can be reviewed per commit.

There is no difference in the spec output, only in the OpenAPI output.

Preview: https://pr1772--matrix-spec-previews.netlify.app

@zecakeh
Add more variants of the security schemes for the client-server API
ae4e837 
Adds the `Authorization: Bearer` possibility.
Also clarifies on two endpoints that only an appservice access token can be used.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Fix import of securitySchemes in client-server API
6e9ecd1 
$ref is not authorized for the full object. Each scheme must be referenced individually.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Fix definition of application-service API security scheme
e5b67f8 
Use the recommended way of declaring the `Authorization: Bearer` header.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Fix import of securitySchemes in application-service API
2fab7f7 
$ref is not authorized for the full object. Each scheme must be referenced individually.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Add Authorization: Bearer variant of security schemes for identity API
173240d 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Fix import of securitySchemes in identity API
7da22f0 
$ref is not authorized for the full object. Each scheme must be referenced individually.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Fix definition of server-server API security scheme
d9767cf 
Use the recommended way of declaring HTTP Authorization header.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh
Fix import of securitySchemes in server-server API
b55d359 
$ref is not authorized for the full object. Each scheme must be referenced individually.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh zecakeh requested a review from a team as a code owner March 29, 2024 11:34
@zecakeh
Add changelogs
fb1e174 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
@zecakeh zecakeh mentioned this pull request Mar 29, 2024
Merged
KitsuneRal
KitsuneRal approved these changes Mar 30, 2024
View reviewed changes
Copy link
Member

@KitsuneRal KitsuneRal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, LGTM; I wonder though if we should deprecate usage of the query to pass access tokens, because security. I admit it’s a subject for an MSC, so just an aside.

@KitsuneRal KitsuneRal merged commit efe72d3 into matrix-org:main Apr 9, 2024
12 checks passed
@zecakeh zecakeh deleted the security-schemes branch April 9, 2024 16:13
@zecakeh zecakeh mentioned this pull request Apr 19, 2024
Open
53 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KitsuneRal KitsuneRal KitsuneRal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zecakeh @KitsuneRal