Any plans on validating security data in request?

[playpauseandstop]

Hi,

First of all, thanks a lot for openapi-core library. It (as well as pyramid_openapi3) helps me a lot for bringing OpenAPI 3 support for aiohttp.web applications (see https://github.com/playpauseandstop/rororo, if you're interested).

However, I'd like to know whether you have any plans in providing security data validation within openapi-core?

As you might now OpenAPI 3 allows user to secure operation with one or several security schemes, such as,

• Basic HTTP
• JWT Token
• API Key
• OpenID Connect
• OAuth2

But latest openapi-core release: 0.12.0 doesn't allow developer to check whether request contains requested security data or not.

In my library, rororo, I managed to check security data for simpler cases in Basic HTTP, JWT Token & API Key and wonder whether you plan to add this security check to openapi-core?

If you're interested, I'm willing to help with given feature.

Thanks

[p1c2u]

@playpauseandstop

That's not something in high priorities. You code is very useful and can be considered as good starting point. I will try to prepare PoC shortly. Thanks.

[p1c2u]

Prepare basic security process. Feel free to extend it.