search

papsign / Ktor-OpenAPI-Generator

Ktor OpenAPI/Swagger 3 Generator
Apache License 2.0
241 stars 42 forks source link

Can't set name of token parameter or cookie name in SecurityScheme #114

Closed Szer closed 2 years ago

Szer commented 2 years ago

Problem

Let's say I want to obtain cookie security scheme like in OpenSpec example

openapi: 3.0.0
...
# 1) Define the cookie name
components:
  securitySchemes:
    cookieAuth:         # arbitrary name for the security scheme; will be used in the "security" key later
      type: apiKey
      in: cookie
      name: JSESSIONID  # cookie name
# 2) Apply cookie auth globally to all operations
security:
  - cookieAuth: []

If I'll create such description with the code:

AuthProvider.Security(
    SecuritySchemeModel(
        SecuritySchemeType.apiKey,
        `in` = APIKeyLocation.cookie,
        name = "JSESSIONID",
    ),
    emptyList<Scopes>()
)

It will create such definition in swagger: image

"JSESSIONID": {
    "in": "cookie",
    "type": "apiKey"
},

As you see there is no name field inside security scheme, which make spec invalid.

Expected

At least name should appear INSIDE security scheme as well for spec to be valid.

"JSESSIONID": {
    "in": "cookie",
    "type": "apiKey",
    "name": "JSESSIONID",
},

Research

The problem is in these lines of code https://github.com/papsign/Ktor-OpenAPI-Generator/blob/f7e7048c945c65526a38efe655fa60e88d0fc19a/src/main/kotlin/com/papsign/ktor/openapigen/model/security/SecuritySchemeModel.kt#L21-L23

First of all, it uses name field as security scheme reference name Second, it strips name field from serializing to resulted spec.

Therefore there is no way to set up name field, and current name field is used as security scheme arbitrary reference name.

Proposal

Add another field to separate reference name from name field