OAuth2 support

[OleMchls]

Hey there,

I was wondering if you folks have a opinion on how swagger_yard should define OAuth2 based auth. Because with the current pattern of @authorization it seems to be very complicated. The OAuth2 SECURITY SCHEME OBJECT has a few more parameters to configure.

Excerpt from the 2.0 specs http://swagger.io/specification/#securitySchemeObject

petstore_auth:
  type: oauth2
  authorizationUrl: http://swagger.io/api/oauth/dialog
  flow: implicit
  scopes:
    write:pets: modify pets in your account
    read:pets: read your pets

I wanted to add support for it (first w/o support for scopes), but wanted to check your ideas first. Before I head in the wrong direction. Also having more complex yard tags seems not very common in this gem.

Two ideas I was thinking of:

1. Add it to @authorization tag

In order to implement this, there must be a way to integrate more parameters into the tag. Like flow and the flow dependent urls like authorizationUrl.

2. Add a securityDefinitions option to SwaggerYard::Configuration

This would be the easier solution. Adding a attribute to the config so it can be used with @authorize_with I image the config block look like this:

SwaggerYard.configure do |config|
  config.security_definitions['petstore_oauth'] = {
    type: "oauth2",
    authorizationUrl: "http://swagger.io/api/oauth/dialog",
    flow: :implicit
  }
  ....
end

If you have any more ideas, I'd love to hear your feedback! I'd also love to hear some thoughts on scopes.

cheers!

[nicksieger]

I think that the authorization support is not very well thought out and could use some rework. I like your second suggestion using @authorize_with as a starting point. Security definitions feel more global to me than could be declared in a controller with tags.

That said, if you have a way that you're leaning, you're in the driver's seat if you are willing to submit the work! Thanks for the suggestions.