search

swagger-api / swagger-codegen

swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
http://swagger.io
Apache License 2.0
17.03k stars 6.03k forks source link

[Python] client use of api_key shows little evidence of working as intended #4456

Closed dlamblin closed 7 years ago

dlamblin commented 7 years ago
Description

I've generated a python client for an api that uses in-header tokens for authentication. You can see a write up of the minimalized version of the issue at: http://stackoverflow.com/questions/41291995/the-specifics-of-adding-a-header-to-an-api-call-with-a-swagger-codegen-client-in

Swagger-codegen version

The version hosted at editor.swagger.io on 2016-12-20 (to 22)

Swagger declaration file content or url
---
swagger: "2.0"
info:
  description: "API"
  version: "TEMPORARY"
  title: "User Details"
  termsOfService: "http://wiki.company.net/tos"
  contact:
    name: "…"
  license:
    name: "…"
host: "api.company.net"
basePath: "/api/v1"
tags:
- name: "supplier"
  description: "Supplier"
schemes:
- "https"
produces:
- "application/json"
paths:
  /user/details:
    get:
      tags:
      - "supplier"
      summary: "userDetails"
      operationId: "getApiV1UserDetails"
      consumes:
      - "application/json"
      produces:
      - "application/json;charset=utf-8"
      parameters:
      - name: "user"
        in: "query"
        description: "user id"
        required: true
        type: "integer"
        format: "Long"
      responses:
        200:
          description: "OK"
          schema:
            $ref: "#/definitions/SupplierResponseOfUserDetailsDto"
        401:
          description: "Unauthorized"
        403:
          description: "Forbidden"
        404:
          description: "Not Found"
definitions:
  SupplierResponseOfUserDetailsDto:
    type: "object"
    properties:
      body:
        $ref: "#/definitions/UserDetailsDto"
      message:
        type: "string"
      successful:
        type: "boolean"
  UserDetailsDto:
    type: "object"
    properties:
      name:
        type: "string"

from __future__ import print_function
import time
import swagger_client
from swagger_client import ApiClient
from swagger_client import Configuration
from swagger_client.rest import ApiException
from pprint import pprint

# Setup the authentication token header
swagger_client.configuration.api_key['X-CAG-Authorization'] = \
    'access-key=31337-70k3n'
swagger_client.configuration.api_key_prefix['X-CAG-Authorization'] = \
    'AG_CONSUMER_TOKEN'
# create an instance of the API class
api_instance = swagger_client.SupplierApi()
user = 1
try:
    api_response = api_instance.get_api_v1_user_details(user)
    pprint(api_response)
except ApiException as e:
    print("Exception when calling "
          "SupplierApi->get_api_v1_user_details: %s\n" % e)
Command line used for generation

Used the editor's codegen However the API seems to work with the token when I use curl with -H 'X-CAG-Authorization: AG_CONSUMER_TOKEN access-key=31337-70k3n'

Steps to reproduce

See the http://stackoverflow.com/questions/41291995/the-specifics-of-adding-a-header-to-an-api-call-with-a-swagger-codegen-client-in

Related issues

Unknown.

Suggest a Fix

Documentation showing an end to end use of an api key AND documentation showing how to debug or log exactly what is requested (headers).

dlamblin commented 7 years ago

I'm not very familiar with Github issues, can I label this "Client: Python" and "Issue: Bug"?

wing328 commented 7 years ago

@dlamblin sorry you don't have right to do that and I've just labeled it for you.

I've replied in SO: http://stackoverflow.com/a/41455961/677735. Please take a look.

dlamblin commented 7 years ago

@wing328 So… the api authors gave two different production end points for the api, and it turns out only one works and they differ by a letter. It was a matter of sticking to the one that works. Therefore, it's not a bug in codegen. It would be helpful to have some troubleshooting documentation and a little bit about how to debug these, but then the project covers so many languages and environments that I understand that things are kept brief.

wing328 commented 7 years ago

@dlamblin would the debug switch help: https://github.com/swagger-api/swagger-codegen/blob/master/samples/client/petstore/python/petstore_api/configuration.py#L80 ?

I agree the documentation can be further improved and we can add a new section to the auto-generated README.md on how to use the debug-related setting in configuration.py.

(If you like Swagger Codegen, please upvote our ProductHunt page)

wing328 commented 7 years ago

@dlamblin the debug switch should print out the header and body of HTTP requests and responses.

Please let us know how it can be further improved to address the problem you encountered.