Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable empty security definition #1075

Merged
merged 1 commit into from
Jan 6, 2020
Merged

enable empty security definition #1075

merged 1 commit into from
Jan 6, 2020

Conversation

mblaettler
Copy link
Contributor

This allows to use optional authentication and provide different
responses to authenticated users via the same API-Endpoint.

Fixes #1036

Changes proposed in this pull request:

  • Enable optimal authentication
  • Provide different information to logged in customers via the same API endpoint

cognifloyd
cognifloyd reviewed Dec 10, 2019
View reviewed changes
Copy link
Contributor

@cognifloyd cognifloyd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of typos.
Also, can you point me to a section in the OpenAPI or Swagger spec that talks about empty security definitions?

tests/fixtures/secure_endpoint/openapi.yaml Outdated Show resolved Hide resolved
tests/fixtures/secure_endpoint/swagger.yaml Outdated Show resolved Hide resolved
@mblaettler @cognifloyd
enable empty security definition
b14e235 
This allows to use optional authentication and provide different
responses to authenticated users via the same API-Endpoint.

Co-Authored-By: Jacob Floyd <cognifloyd@gmail.com>
@mblaettler
Copy link
Contributor Author

Thanks for fixing my typos. I squashed them into my commit.

An empty security definition is not explicitly defined within the OpenAPI specification. But according to a comment in the OpenAPI-Secification Repo it should be possible.

i also found support within the go server library as of this discussion.

It would be great to see this feature within connexion, because there are a lot of use cases for optional auth. E.g. providing demo data for unauthenticated users or provide publicly available data (e.g. OpenData) without authorization and protected data via the same API endpoint.

@bilalshaikh42
Copy link

bilalshaikh42 commented Jan 2, 2020
edited
Loading

Hello,
I just wanted to add my support for this. This would be incredibly helpful for us.
Is there any eta on when this might be merged in?

@hjacobs
Copy link
Contributor

hjacobs commented Jan 6, 2020

👍

@hjacobs hjacobs merged commit f55cb1c into spec-first:master Jan 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cognifloyd cognifloyd cognifloyd left review comments

Assignees
No one assigned
Labels
waiting contributor feedback
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Optional security for webservice not working
4 participants
@mblaettler @bilalshaikh42 @hjacobs @cognifloyd