Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add bearer auth scheme as the default security scheme #4386

Open
jannyHou opened this issue Jan 8, 2020 · 5 comments
Open

Add bearer auth scheme as the default security scheme #4386

jannyHou opened this issue Jan 8, 2020 · 5 comments
Assignees

Comments

@jannyHou
Copy link
Contributor

@jannyHou jannyHou commented Jan 8, 2020

Suggestion

After story #4380 finished, we can add a security spec enhancer to have the bearer auth scheme as the default(or built-in) security scheme. So that explorer has the authorization dialog for people to inject the token per request.

Use Cases

Add an OAI enhancer that add the following spec into OpenAPI spec generated in the rest server:

"components": {
    "securitySchemes": {
      "jwt": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "JWT"
      }
    },

Examples

See the screenshot in https://loopback.io/doc/en/lb4/Authentication-Tutorial.html#specifying-the-security-settings-in-the-openapi-specification

Acceptance criteria

  • add a security spec enhancer to have the bearer auth scheme as the default(or built-in) security scheme
@jannyHou jannyHou added the feature label Jan 8, 2020
@dougal83

This comment was marked as outdated.

Copy link
Contributor

@dougal83 dougal83 commented Jan 8, 2020

Good idea to add to develop the schema. Personally I'd be more specific and name it jwt rather than bearerAuth.

      "jwt": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "JWT"
      }
@jannyHou

This comment has been minimized.

Copy link
Contributor Author

@jannyHou jannyHou commented Jan 8, 2020

@dougal83 ah, true jwt is more accurate 👍

@emonddr

This comment has been minimized.

Copy link
Contributor

@emonddr emonddr commented Jan 9, 2020

@dougal83 , @jannyHou ,

Regarding the comment

Good idea to add to develop the schema. Personally I'd be more specific and name it jwt rather than bearerAuth.

Exactly what are we talking about here?

The title of the github issue :
Add bearer auth scheme as the default security scheme ?

Or

image

in https://loopback.io/doc/en/lb4/Authentication-Tutorial.html#specifying-the-security-settings-in-the-openapi-specification ?

Because the OpenAPI spec examples above (not the screen cap) do not have
bearerAuth

Please clarify.

Thanks

:)

@dougal83

This comment has been minimized.

Copy link
Contributor

@dougal83 dougal83 commented Jan 10, 2020

Hey @emonddr

This issue is to enhance the openApi spec by adding to components.

I've just jumped on it to suggest a name change from bearerAuth to jwt. I'm aware that bearerAuth is currently in use so if consensus for change is found then all instances would need to be updated. The bearerFormat property is just arbitrary and so using jwt as security scheme name would be better IMO.

Considering the top level security property of openapi spec, it would be easier to grasp the nature without looking up the schema:

  "security": [
    {
      "jwt": []
    }
  ],

Really me nitpicking atm.

@dhmlau dhmlau added the help wanted label Jan 15, 2020
@dhmlau

This comment has been minimized.

Copy link
Member

@dhmlau dhmlau commented Jan 15, 2020

@strongloop/loopback-next @strongloop/loopback-maintainers @mschnee

Call for contribution:
This task is part of the epic "Allow out-of-box token based authentication in API Explorer" , that we wish to get it done in 2020Q1. If you're interested in working on it, please leave a message here and we'll assign it to you. We'll take the first person who responds. 😬

Happy contributing!

@dougal83 dougal83 self-assigned this Jan 30, 2020
dougal83 added a commit to dougal83/loopback-next that referenced this issue Feb 3, 2020
add security enhancer to add default security scheme

impl. strongloop#4386

Signed-off-by: Douglas McConnachie <dougal83+git@gmail.com>
dougal83 added a commit to dougal83/loopback-next that referenced this issue Feb 3, 2020
add security enhancer to add default security scheme

impl. strongloop#4386

Signed-off-by: Douglas McConnachie <dougal83+git@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.