Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature - add operation filters for Shared Access Key and Certificate authentications in OpenAPI docs #172

Merged
merged 13 commits into from
Aug 27, 2020
Merged

Feature - add operation filters for Shared Access Key and Certificate authentications in OpenAPI docs #172

merged 13 commits into from
Aug 27, 2020

Conversation

stijnmoreels
Copy link
Member

@stijnmoreels stijnmoreels commented Jul 14, 2020
edited
Loading

Making our two authentication mechanisms available on operation level in the OpenAPI docs by providing two custom implemented IOperationFilter instances.

Closes #170
Closes #169

@arcus-automation
Copy link

A new preview package for Arcus.WebApi.All is available on MyGet.

You can pull it locally via the CLI:

PM> Install-Package Arcus.WebApi.All -Version 20200714.0.0-PR-172 -Source https://www.myget.org/F/arcus/api/v3/index.json

stijnmoreels and others added 2 commits July 20, 2020 07:45
@stijnmoreels @tomkerkhove
Update src/Arcus.WebApi.OpenApi.Extensions/CertificateAuthenticationO…
09ecf24 
…perationFilter.cs

Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
@stijnmoreels @tomkerkhove
Update docs/preview/features/openapi/security-definitions.md
2493d58 
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
@arcus-automation
Copy link

A new preview package for Arcus.WebApi.All is available on MyGet.

You can pull it locally via the CLI:

PM> Install-Package Arcus.WebApi.All -Version 20200720.0.0-PR-172 -Source https://www.myget.org/F/arcus/api/v3/index.json

@arcus-automation
Copy link

A new preview package for Arcus.WebApi.All is available on MyGet.

You can pull it locally via the CLI:

PM> Install-Package Arcus.WebApi.All -Version 20200727.0.0-PR-172 -Source https://www.myget.org/F/arcus/api/v3/index.json

tomkerkhove
tomkerkhove suggested changes Aug 25, 2020
View reviewed changes
Copy link
Contributor

@tomkerkhove tomkerkhove left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Just adding a concern with respect to the config side of things for the security definition name.

For example:

swaggerGenerationOptions.OperationFilter<CustomSecurityRequirementsOperationFilter<SharedAccessKeyAuthenticationAttribute>>(ApiKeySecurityDefinitionId);


swaggerGenerationOptions.AddSecurityDefinition(ApiKeySecurityDefinitionId, new OpenApiSecurityScheme
{
    Name = "X-API-Key",
    Type = SecuritySchemeType.ApiKey,
    In = ParameterLocation.Header
});

docs/preview/features/openapi/security-definitions.md Show resolved Hide resolved
docs/preview/features/openapi/security-definitions.md Show resolved Hide resolved
docs/preview/features/openapi/security-definitions.md Outdated
In = ParameterLocation.Header
});

setupAction.OperationFilter<SharedAccessKeyAuthenticationOperationFilter>();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we assuming people use sharedaccesskey & X-API-Key or is this configurable?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made it configurabe.

docs/preview/features/openapi/security-definitions.md Outdated

setupAction.OperationFilter<OAuthAuthorizeOperationFilter>(new object[] {new [] {"myApiScope1", "myApiScope2"});
setupAction.OperationFilter<CertificateAuthenticationOperationFilter>();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, are we assuming certificate or is it configurable? What happens if I use a different name?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made it configurable.

src/Arcus.WebApi.OpenApi.Extensions/CertificateAuthenticationOperationFilter.cs Outdated
#if NETCOREAPP3_1
var scheme = new OpenApiSecurityScheme
{
Scheme = "certificate",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is hardcoded but must match what was defined as a security requirement, we should make this configurable

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made it configurable. Thanks!

src/Arcus.WebApi.OpenApi.Extensions/SharedAccessKeyAuthenticationOperationFilter.cs Outdated
#if NETCOREAPP3_1
var scheme = new OpenApiSecurityScheme
{
Scheme = "sharedaccesskey",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is hardcoded but must match what was defined as a security requirement, we should make this configurable

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made it configurable. Thanks!

@stijnmoreels
Copy link
Member Author

LGTM - Just adding a concern with respect to the config side of things for the security definition name.

For example:

swaggerGenerationOptions.OperationFilter<CustomSecurityRequirementsOperationFilter<SharedAccessKeyAuthenticationAttribute>>(ApiKeySecurityDefinitionId);


swaggerGenerationOptions.AddSecurityDefinition(ApiKeySecurityDefinitionId, new OpenApiSecurityScheme
{
    Name = "X-API-Key",
    Type = SecuritySchemeType.ApiKey,
    In = ParameterLocation.Header
});

Hmm, that isn't the case with the OAuth operation filter we have. Is it bc we don't have these shared access key and certificate operation filters by default in the security scheme?

@tomkerkhove
Copy link
Contributor

I think we should go that route because you can assign any name to the security scheme depending of what you want. We can make it optional and use those as defaults, but allow them to specify something else if they want to maybe?

@stijnmoreels
Copy link
Member Author

I think we should go that route because you can assign any name to the security scheme depending of what you want. We can make it optional and use those as defaults, but allow them to specify something else if they want to maybe?

Yes, that seems appropriate.

@arcus-automation
Copy link

A new preview package for Arcus.WebApi.All is available on MyGet.

You can pull it locally via the CLI:

PM> Install-Package Arcus.WebApi.All -Version 20200827.0.0-PR-172 -Source https://www.myget.org/F/arcus/api/v3/index.json

@stijnmoreels stijnmoreels merged commit 207f7ac into arcus-azure:master Aug 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gverstraete gverstraete gverstraete left review comments

@tomkerkhove tomkerkhove tomkerkhove approved these changes

@fgheysels fgheysels Awaiting requested review from fgheysels

Assignees

@tomkerkhove tomkerkhove

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@stijnmoreels @arcus-automation @tomkerkhove @gverstraete