Open a-h opened 1 year ago
the-pawn-2017
commented
6 months ago I am willing to undertake all this work.Although with some programming experience under my belt, I have only recently started contributing code to the community, specifically through platforms like GitHub, collaborating with others. Your patience may be needed as I navigate linguistic barriers and get accustomed to the workflow processes.
debuggerpk
commented
1 month ago Thank you for your work.
An API generally has some public endpoints and some private endpoints. We set the security per endpoint.
We have an API that has security schema per route, so the method should be available on route as well.
/auth/teams:
post:
summary: Create a new team
description: Create a new team
operationId: create-team
tags:
- auth
requestBody:
description: Team to create
content:
application/json:
schema:
$ref: "#/components/schemas/CreateTeamRequest"
security:
- BearerAuth: []
responses:
"201":
description: Team created
content:
application/json:
schema:
$ref: "#/components/schemas/Team"
"400":
$ref: "../../shared/v1/schema.yaml#/components/responses/BadRequest"
"401":
$ref: "../../shared/v1/schema.yaml#/components/responses/Unauthorized"
"500":
$ref: "../../shared/v1/schema.yaml#/components/responses/InternalServerError"I think the method should be per route.
To add JWT authentication to an API, requires this... as per https://swagger.io/docs/specification/authentication/bearer-authentication/
Since it's so common, maybe it would be better as:
Not sure about how the API would look to support mixed authentication (some handlers authenticated, some open). Maybe that would be out of scope.