jdillon
commented
6 years ago Will have a look to see how to add that detail via annotations to the endpoints. The apitoken can be used in place of password using BASIC auth.
Closed stevespringett closed 6 years ago
jdillon
commented
6 years ago Will have a look to see how to add that detail via annotations to the endpoints. The apitoken can be used in place of password using BASIC auth.
jdillon
commented
6 years ago Looks like best I can do ATM is probably:
"securityDefinitions": {
"basicAuth": {
"description": "Username and password",
"type": "basic"
},
"apiToken": {
"description": "Username and API token as password",
"type": "basic"
}
},And then:
"security": [
{
"basicAuth": []
},
{
"apiToken": []
}
]... on the path definitions.
Both however are just "basic" auth schemes.
jdillon
commented
6 years ago this change to include securityDefinitions is published now
stevespringett
commented
6 years ago Fantastic. Thank you.
The user account settings (https://ossindex.sonatype.org/user/settings) provide a way to generate API Tokens for use with the service. However, the Swagger definition (https://ossindex.sonatype.org/swagger.json) does not specify how to send the API Token to the service.
Inspecting https://github.com/sonatype/ossindex-public/blob/master/client/src/main/java/org/sonatype/ossindex/service/client/transport/HttpUrlConnectionTransport.java#L124 reveals that the "Authorization" header is used. This should be documented in the Swagger definition.