[javascript, typescript-node] HTTP / Bearer Scheme does not generate clients that use Bearer Tokens

[johnkoerner]

Description

Setting up an API that uses a bearer token should result in clients that send the Bearer XXXX value in the Authorization header. However the javascript and typescript-node clients generate code that wants to send a username/password combination in the header.

openapi-generator version

3.2.3

OpenAPI declaration file content or url

components:
  securitySchemes:
    bearerAuth:            # arbitrary name for the security scheme
      type: http
      scheme: bearer
      bearerFormat: JWT  

Full sample: https://gist.github.com/johnkoerner/952becd82bbb238b51907791d0a13d32

Command line used for generation

openapi-generator generate -i Test.yaml -g typescript-node -o ./ts

Steps to reproduce

Generate a typescript-node or javascript client that uses authentication with the bearer scheme.

Suggest a fix/enhancement

When the bearer scheme is specified, then the Authorization header should be specified with the Bearer {accessToken} format. It appears that the OAuth2 flow already supports the Bearer token format.

Note: I only tested with javascript and typescript-node other client generators may have similar issues.

[CaptEmulation]

Not sure that any clients support it. Looking at https://github.com/OpenAPITools/openapi-generator/blob/master/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultCodegen.java#L3034-L3087 there does not seem to be any bearer support

[Gabrn]

Same issue for typescript-axios

[wing328]

May I know if anyone has time to add the bearer support? or sponsor the fix via BountySource similar to these bounties?

• https://www.bountysource.com/issues/66123212-javascript-client-produces-a-wrong-object-for-a-string-enum-type-that-is-used-with-ref
• https://www.bountysource.com/issues/66124155-javascript-parameters-naming-in-functions-documentation-and-file-name-is-wrong

[wing328]

UPDATE: https://github.com/OpenAPITools/openapi-generator/pull/1470 includes the enhancement: https://github.com/OpenAPITools/openapi-generator/pull/1470/files#diff-d7978f0dcc3f8a06f35df3b87c156d4dR33

[mrvdot]

[Update: Just realized #1470 is already merged]

I should be able to update the JS/TS clients. I need it fixed in typescript-axios for a current project anyway.

[mrvdot]

Working on this at https://github.com/mrvdot/openapi-generator/tree/enable-bearer-auth-js-ts. This is my first change for the generator, so any comments/critiques are welcome.

• [x] typescript-axios
• [x] typescript-fetch
  • I added the bearer auth to this, however couldn't get the generated API to work (appears to be something wrong with the configuration class). Will review again after updating the rest, but believe the bearer auth change is correct.
• [ ] javascript (does not appear to have basic auth implemented yet either)
• [ ] javascript-es6 (does not appear to have basic auth implemented yet either)
• [ ] typescript-angular
• [ ] typescript-angularjs
• [ ] typescript-aurelia
• [ ] typescript-inversify
• [ ] typescript-jquery
• [ ] typescript-node

[Gabrn]

Any news on this?

[mrvdot]

@Gabrn typescript-axios and typescript-fetch are done, and you're welcome to build from the repo mentioned above if you need those now. I probably won't have time for the others until this weekend

[MilanParikh]

@mrvdot For the typescript-fetch generator I believe the issue with the configuration class is here

I generated an API and realized that the accessKey field takes an optional scopes parameter but apiKey does not, and either of those can be used for bearer auth. Hopefully this is helpful?

[grokify]

Just found this issue because the Go / Golang client has the same issue. When specifying a bearer token, basicAuth is implemented.

Of note, in addition to taking an access token, it would be nice to take a refresh token as well so the client can refresh the token itself.

This is something Go can do as I'm passing in a custom Go *http.Client with this capability to the client now. When I do this, I can use a static non-expiring token or a *http.Client that will refresh the token.

[quezak]

Hello! do you have any updates on this? I see that this was already fixed as a bug for typescript-axios, but I see it's still not implemented in typescript-node, don't know about the other tyepscript targets.

[macjohnny]

implemented for typescript-node in https://github.com/OpenAPITools/openapi-generator/pull/4633

[Huluti]

@wing328 can be closed i think :)