You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Allow creating authentication handlers for an OpenAPI security scheme dynamically based on the concrete security requirement. Currently, it is only possible to add a static security handler for a specific feature. It would be nice to be able to derive one from the security requirement, because, as the OpenAPI 3.1 specification states wrt. security requirements:
For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band.
This information is fixed per route and thus a per-scheme factory function could be applied to build the security handler for a specific route.
Use cases
In our use case, we are using role-based JWT authorization and would like to create a handler that combines authentication and authorization in a single step. For this, it would be nice to define the roles required for a specific endpoint already in the OpenAPI specification, which is permitted since version 3.1.
Now, it would be cool to be able to automatically create the required handler based on the OpenAPI specification, e.g.
Describe the feature
Allow creating authentication handlers for an OpenAPI security scheme dynamically based on the concrete security requirement. Currently, it is only possible to add a static security handler for a specific feature. It would be nice to be able to derive one from the security requirement, because, as the OpenAPI 3.1 specification states wrt. security requirements:
This information is fixed per route and thus a per-scheme factory function could be applied to build the security handler for a specific route.
Use cases
In our use case, we are using role-based JWT authorization and would like to create a handler that combines authentication and authorization in a single step. For this, it would be nice to define the roles required for a specific endpoint already in the OpenAPI specification, which is permitted since version 3.1.
Now, it would be cool to be able to automatically create the required handler based on the OpenAPI specification, e.g.
Note that, for our use case, the security scheme is not a required argument, although it might be for others, so I am envisioning a signature like so:
Contribution
I am willing to contribute this feature if you think it is useful.
The text was updated successfully, but these errors were encountered: