Open tomghyselinck opened 5 years ago
I see you opened a whole bunch of issues. Would you do PRs to fix them ?
I would love to! But unfortunately I don't get the time at work to implement them. If I find some time at home I can try to create some PRs.
I try to make the issues reports as clear as possible.
If you need any further things to verify, please let me know!
any updates on this issue yet?
Description
securitySchemes
)type: apiKey
forin: header
in our OpenAPI v3.0.1 yaml file.python-flask
code.When we start the server, it shows a warning:
... x-apikeyInfoFunc missing
. This definition is required by connexion to identify the module/function which performs the apiKey authorization/authentication. See also what changed in #546 - Rework security flow.It looks like
openapi-generator
(-cli
) does not generate this key in the scheme. Is this intended?The result is that authentication always fails and the server returns
401 - Unauthorized
(No authorization token provided). See also release notes for Connexion 2.0:When we add the
x-apikeyInfoFunc
ourselves, and implement the endpoint, it works fine.The same issue may probably occur with
x-basicInfoFunc
,x-bearerInfoFunc
, etc. See also Security - Connexion 2.0 documentationopenapi-generator version
I used OpenAPI generator CLI version
4.0.0-SNAPSHOT
: https://oss.sonatype.org/content/repositories/snapshots/org/openapitools/openapi-generator-cli/4.0.0-SNAPSHOT/openapi-generator-cli-4.0.0-20181210.103357-85.jarOpenAPI declaration file content or url
See
python-flask-security-endpoint.yaml
in the attached zip-file: python-flask-security-endpoint.zipCommand line used for generation
Steps to reproduce
Generate the server code
./python-flask-security-endpoint.sh
Start the server
(cd ./python-flask-security-endpoint && python3 -m openapi_server)
Perform a client request
curl -X GET "http://localhost:8080/data" -H "accept: application/json" -H "X-Full-Access-Token: 123"
Returns:
Related issues/PRs
I have not found any.
Suggest a fix
x-apikeyInfoFunc
(or any of the others mentioned) is not defined by the user, theopenapi-generator-cli
should generate the endpoint. I expect similar behavior like is done for the path operation endpoints.Note: there may also be need for backward-compatibility with the deprecated
x-tokenInfoUrl
. See also Security - Connexion 2.0 documentation