mooreds
commented
6 months ago @devmaxde just so I'm totally clear, are you trying to use this API with the JWT in the Authorization header?
Closed devmaxde closed 5 months ago
mooreds
commented
6 months ago @devmaxde just so I'm totally clear, are you trying to use this API with the JWT in the Authorization header?
devmaxde
commented
6 months ago Yeah
devmaxde
commented
6 months ago It seems like this request allows both. The usage of the Cookie and the Header. But because the Header isn't required, you can't set it in the autogenerated package. There are only 3 solutions to that:
mooreds
commented
6 months ago Thanks @devmaxde . There is another option. Validate the JWT locally (which doesn't require a call to this API but is functionally the same). https://github.com/jfbilodeau/jwks-client is one option I found (though I'm no rust expert). I've seen this approach used by other FusionAuth users.
The OpenAPI spec is autogenerated from our client builder repository and the script doesn't handle the metadata for presenting a JWT in a header. We'd like to update that process, but don't currently have a timeline. I'm going to label this issue so when the opportunity presents itself we address it.
More details:
mooreds
commented
6 months ago Also @devmaxde if you could share how you are generating your rust client library from the spec, that would be helpful.
devmaxde
commented
6 months ago Also @devmaxde if you could share how you are generating your rust client library from the spec, that would be helpful.
https://github.com/flexi-servers/fusionauth-rust-client --> https://crates.io/crates/fusionauth
devmaxde
commented
6 months ago I didn't know you had this generator. I'll have a look at it and maybe add a Rust configuration
mooreds
commented
6 months ago @devmaxde seemed easier than I thought, so I created a PR to enable JWT authentication for certain API requests. Submitted it for review.
mooreds
commented
6 months ago Added this fix to the 1.49 milestone, @andrewpai , as that is when the fixed YAML file will be released.
mooreds
commented
6 months ago mooreds
commented
4 months ago Release notes blurb:
Enhanced the OpenAPI specification to support JWT authentication. Previously, operations that used JWTs to authenticate, instead of an API key or no authentication, were not accurately described by the OpenAPI specification. Now they are.
devmaxde
commented
4 months ago When will the openapi.yaml be updated?
mooreds
commented
4 months ago It gets generated when we do a release. Not sure when the next one is scheduled for.
You can also build it yourself by running the ruby script here: https://github.com/FusionAuth/fusionauth-client-builder/tree/master/bin .
OpenAPI Documentation missing Params
Description
My Software is written in Rust for max Performance. Because of that I tried using the OpenAPI Generator to generate the Package. This was also mentioned in #1038. I tried using the /api/jwt/validate function and saw, that the JWT Parameter is missing. You can use the Request by manually adding the Header. Is the Documentation done by Hand? If not can you add a 2nd entry using the Header as Authorization to allow the generated Code to work?
Affects versions
latest (1.49.0)
Expected behavior
Having all Possible Params in the OpenAPI Documentation
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Release notes
Enhanced the OpenAPI specification to support JWT authentication. Previously, operations that used JWTs to authenticate, instead of an API key or no authentication, were not accurately described by the OpenAPI specification. Now they are.