Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: enable auth token dialog in api explorer #301

Merged
merged 1 commit into from Oct 9, 2019

Conversation

@emonddr
Copy link
Contributor

emonddr commented Oct 3, 2019

Make the authentication token dialog available in API Explorer

Connected to strongloop/loopback-next#3740

@emonddr emonddr requested review from jannyHou and raymondfeng as code owners Oct 3, 2019
@emonddr

This comment has been minimized.

Copy link
Contributor Author

emonddr commented Oct 3, 2019

Hmm, I no longer see the Servers combo box

image

in the top left of API Explorer.

It is missing now:

image

Comparing generated OpenAPI spec from original code, and OpenAPI spec generated by the code in my first commit, I see a missing section:

image

I will try the original approach @jannyHou tried in the 1st commit of her PoC.

5f9b027

@emonddr

This comment has been minimized.

Copy link
Contributor Author

emonddr commented Oct 3, 2019

If we add securitySchemes to the open api spec post app.boot(), then the
servers information is preserved (not wiped out) in the Open API Spec, and I see the
Servers combo box AND the Authorize button at the top of the
API Explorer

image

Somehow, in the approached used in 1st commit, when specifying settings via this.api( {...}), it wipes out the servers info.

@emonddr emonddr force-pushed the dremond_openapi_auth_token branch 2 times, most recently from e8dea8d to 461361d Oct 7, 2019
@agnes512

This comment has been minimized.

Copy link

agnes512 commented Oct 8, 2019

One of the criteria:

Decide the scope of the endpoints that you want to secure with the bearer security schema. (The spike apply it globally, but the formal PR should decide the scope first)

Do we include the endpoint scope in this PR?

import {SecuritySchemeObject, ReferenceObject} from '@loopback/openapi-v3';
import {OpenApiSpec} from '@loopback/rest';

export const SECURITY_SPEC_OPERATION = [{bearerAuth: []}];

This comment has been minimized.

Copy link
@raymondfeng

raymondfeng Oct 8, 2019

Member

OPERATION_SECURITY_SPEC?

@emonddr

This comment has been minimized.

Copy link
Contributor Author

emonddr commented Oct 9, 2019

The default OpenAPI schema created by rest.component.ts

is:

{
	"openapi": "3.0.0",
	"info": {
		"title": "LoopBack Application",
		"version": "1.0.0"
	},
	"paths": {},
	"servers": [{
		"url": "/"
	}]
}

and then rest.server.ts adds to the "paths" portion and the "component.schemas" portion of the OpenAPI spec.

@emonddr

This comment has been minimized.

Copy link
Contributor Author

emonddr commented Oct 9, 2019

One of the criteria:

Decide the scope of the endpoints that you want to secure with the bearer security schema. (The spike apply it globally, but the formal PR should decide the scope first)

Do we include the endpoint scope in this PR?

The original shopping cart example only secured 1 endpoint : /users/me .
And to send the JWT token to that endpoint, the user had to use: a) curl command, or b) another REST Client like Postman. Now that the API Explorer has the capability to set and use a JWT token, the user can perform this in the API Explorer completely.
To avoid changing the sample too much, we will only specify the security requirement object setting on the /users/me endpoint (not globally for all endpoints)

There are other changes coming to the sample... adding authorization on top of the authentication. Any major changes should happen in that work. :)

@emonddr emonddr force-pushed the dremond_openapi_auth_token branch from 461361d to 5885255 Oct 9, 2019
Make the authentication token dialog available in API Explorer

Signed-off-by: Dominique Emond <dremond@ca.ibm.com>
@emonddr emonddr force-pushed the dremond_openapi_auth_token branch from 5885255 to b0d61db Oct 9, 2019
@emonddr emonddr merged commit 3fd791b into master Oct 9, 2019
3 checks passed
3 checks passed
DCO DCO
Details
Travis CI - Pull Request Build Passed
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
@emonddr emonddr deleted the dremond_openapi_auth_token branch Oct 9, 2019
@emonddr emonddr mentioned this pull request Oct 11, 2019
3 of 3 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.