Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Spike] Token based authentication in API Explorer #2027

Closed
dhmlau opened this issue Nov 13, 2018 · 13 comments
Closed

[Spike] Token based authentication in API Explorer #2027

dhmlau opened this issue Nov 13, 2018 · 13 comments

Comments

@dhmlau
Copy link
Member

@dhmlau dhmlau commented Nov 13, 2018

Timebox to 5 days

Description / Steps to reproduce / Feature proposal

User experience

Go to API Explorer, login and set the token so that API Explorer can use the token for subsequent request.

Originated from #1035 (comment)

Acceptance Criteria

  • Investigate whether swagger ui support token based authentication
  • and what changes/workaround needed in order to make it work
  • create a list of follow-up tasks (user stories) describing changes we need to make in order to make token based authentication work in our API Explorer

References

@nabdelgadir nabdelgadir changed the title Token based authentication in API Explorer [Spike] Token based authentication in API Explorer Nov 20, 2018
@nabdelgadir nabdelgadir added the spike label Nov 20, 2018
@dhmlau dhmlau mentioned this issue Nov 27, 2018
11 of 22 tasks complete
@hacksparrow hacksparrow self-assigned this Jan 8, 2019
@hacksparrow

This comment has been minimized.

Copy link
Member

@hacksparrow hacksparrow commented Jan 8, 2019

Conclusion: Swagger UI provides UI for setting the token, we don't have to create additional UI. Links to example and discussion - #2210 (comment).

@hacksparrow hacksparrow closed this Jan 8, 2019
@bajtos

This comment has been minimized.

Copy link
Member

@bajtos bajtos commented Jan 8, 2019

I disagree with closing this story. A spike it's done when there is a list of follow-up stories describing what needs to happen next.

In this particular case, we need user stories describing changes that we need to make to enable token-based authentication in API Explorer rendered for LB4 applications. Based on the discussion in #2210, I think we will need to describe security schemas in the OAI spec generated for our apps, but that's something to figure out as part of this spike.

@bajtos bajtos reopened this Jan 8, 2019
@dhmlau dhmlau mentioned this issue Jan 8, 2019
9 of 29 tasks complete
@lygstate

This comment has been minimized.

Copy link

@lygstate lygstate commented Feb 8, 2019

when this got to be fixed

@jotamora

This comment has been minimized.

Copy link

@jotamora jotamora commented Jul 28, 2019

Hello,

Anybody can said to me if there is someone working in that? If there is someone working, anybody knows, more less, when can be ready?

Thanks.

@agnes512 agnes512 mentioned this issue Jul 31, 2019
18 of 32 tasks complete
@shendkardevesh

This comment has been minimized.

Copy link

@shendkardevesh shendkardevesh commented Aug 4, 2019

hi @bajtos,
i tried to set headers by @param.header.string('token') token?: string in controller which gives me option to enter token for a api, which get's set in header.
which in ui gives me -
image

doing this is a correct way or we need something exactly same as in swagger-ui.

@nflaig

This comment has been minimized.

Copy link

@nflaig nflaig commented Aug 5, 2019

Hi @shendkardevesh,

right now I also face the problem that the explorer is completely unusable for me because there is no option to set headers so I have to use Postman instead.

This looks like a good workaround but you would need to add @param.header.string('token') token?: string to every controller method which seems odd if you don't even use the token there.

Do you know if there is a way to just add this once somewhere and the input field shows up for every endpoint?

@hacksparrow

This comment has been minimized.

Copy link
Member

@hacksparrow hacksparrow commented Aug 5, 2019

@nflaig

This comment has been minimized.

Copy link

@nflaig nflaig commented Aug 5, 2019

@hacksparrow are there instructions on how to enable this for loopback 4 applications?

@hacksparrow

This comment has been minimized.

Copy link
Member

@hacksparrow hacksparrow commented Aug 5, 2019

@nflaig the link I pasted above is all we have for now. It is more of a Swagger UI thing. It would help to have our own instruction, though.

@frbuceta

This comment has been minimized.

Copy link
Contributor

@frbuceta frbuceta commented Aug 29, 2019

Hi, I want to work on this feature (yes i am able)

My idea is to add securityScheme when registering a@loopback/authentication strategy and add security to the endpoints when the decoratorexample --> @authenticate('BasicStrategy')is defined

Any idea how I can do?

@dhmlau

This comment has been minimized.

Copy link
Member Author

@dhmlau dhmlau commented Sep 9, 2019

@frbuceta, @jannyHou has created a PR on the result of the spike. Could you please take a look? strongloop/loopback4-example-shopping#267

@jannyHou

This comment has been minimized.

Copy link
Contributor

@jannyHou jannyHou commented Sep 13, 2019

Follow-up story created:

  • Create a formal PR to add this feature in explorer: #3740
  • Contribute the security spec from auth strategy and merge it into the OpenAPI spec: #3669
@jannyHou

This comment has been minimized.

Copy link
Contributor

@jannyHou jannyHou commented Sep 16, 2019

@jannyHou jannyHou closed this Sep 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
10 participants
You can’t perform that action at this time.