-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make it explicit that auth is optional #69
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fitting, But I'm not sure of the purpose of this then if it has no effect on the UI?
I'd think "spec first, UI second" - the specification should convey how our API ticks (can be read by humans, too). Would be great if the UI could fully show this as well but I hope we don't have to make this our construction site (now). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd think "spec first, UI second" - the specification should convey how our API ticks (can be read by humans, too).
Totally agreed, I don't think however it will be very clear to people that an empty object means optional auth without the context of the issue you linked here, therefore, I think we should add a note somewhere in the documentation that this is what it means.
Auth was added in c077573. Most/All our endpoints are available without authentication (but some records may be protected) - let's make it explicit that unauthenticated use is legitimate. As far as I can tell this has no impact in swagger ui, though. See OAI/OpenAPI-Specification#14
69d0b94
to
cecf575
Compare
I guess it would help if they read the specification. Having looked at a couple of options of documenting this, I think it does not really fit anywhere and only a dedicated document would really make sense, yet would blow it out of proportion. Tried the general description for now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! I think this is actually a fine place to document it.
Auth was added in c077573. Most/All our endpoints are available without
authentication (but some records may be protected) - let's make it
explicit that unauthenticated use is legitimate.
As far as I can tell this has no impact in swagger ui, though.
See
OAI/OpenAPI-Specification#14