Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make it explicit that auth is optional #69

Merged
merged 2 commits into from
Sep 22, 2020
Merged

make it explicit that auth is optional #69

merged 2 commits into from
Sep 22, 2020

Conversation

wiese
Copy link
Contributor

@wiese wiese commented Sep 21, 2020

Auth was added in c077573. Most/All our endpoints are available without
authentication (but some records may be protected) - let's make it
explicit that unauthenticated use is legitimate.

As far as I can tell this has no impact in swagger ui, though.

See
OAI/OpenAPI-Specification#14

itamargiv
itamargiv approved these changes Sep 21, 2020
View reviewed changes
Copy link
Member

@itamargiv itamargiv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fitting, But I'm not sure of the purpose of this then if it has no effect on the UI?

@wiese
Copy link
Contributor Author

wiese commented Sep 22, 2020

I'm not sure of the purpose of this then if it has no effect on the UI?

I'd think "spec first, UI second" - the specification should convey how our API ticks (can be read by humans, too). Would be great if the UI could fully show this as well but I hope we don't have to make this our construction site (now).

itamargiv
itamargiv requested changes Sep 22, 2020
View reviewed changes
Copy link
Member

@itamargiv itamargiv left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd think "spec first, UI second" - the specification should convey how our API ticks (can be read by humans, too).

Totally agreed, I don't think however it will be very clear to people that an empty object means optional auth without the context of the issue you linked here, therefore, I think we should add a note somewhere in the documentation that this is what it means.

@wiese
Add basic description to global API meta information
bab069d
@wiese
make it explicit that auth is optional
cecf575 
Auth was added in c077573. Most/All our endpoints are available without
authentication (but some records may be protected) - let's make it
explicit that unauthenticated use is legitimate.

As far as I can tell this has no impact in swagger ui, though.

See
OAI/OpenAPI-Specification#14
@wiese
Copy link
Contributor Author

wiese commented Sep 22, 2020

I don't think however it will be very clear to people that an empty object means optional auth

I guess it would help if they read the specification.

Having looked at a couple of options of documenting this, I think it does not really fit anywhere and only a dedicated document would really make sense, yet would blow it out of proportion. Tried the general description for now.

itamargiv
itamargiv approved these changes Sep 22, 2020
View reviewed changes
Copy link
Member

@itamargiv itamargiv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! I think this is actually a fine place to document it.

@itamargiv itamargiv merged commit b6e2ae7 into master Sep 22, 2020
@itamargiv itamargiv deleted the optional-auth branch September 22, 2020 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@itamargiv itamargiv itamargiv approved these changes

@addshore addshore Awaiting requested review from addshore

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wiese @itamargiv