search

znsio / specmatic

Turn your contracts into executable specifications. Contract Driven Development - Collaboratively Design & Independently Deploy MicroServices & MicroFrontends.
https://specmatic.io
MIT License
280 stars 52 forks source link

oauth2 security, clientCredentials flow #783

Open kiranpatel11 opened 1 year ago

kiranpatel11 commented 1 year ago

We are trying to use specmatic to test against the API secured by oAuth2, clientCredentials flow, and it is running against the production like environment.

Since the application is running in a production like environment, we don't have an option to set it up with the mock security configuration for the purpose of the Contract Testing.

Questions :

kiranpatel11 commented 1 year ago

I could use the oauth2 token using the security section in the specmatic.json, but it uses only the hardcoded value.

is it possible to provide the env variable/placeholder in the specmatic.json security section such that it can be replaced at the runtime ?

{
    "security": {
      "OpenAPI": {
        "securitySchemes": {
          "oAuth2AuthCode": {
            "type": "oauth2",
            "token": "${MY_TOKEN}"
          }
        }
      }
    }
  }
joelrosario commented 1 year ago

@kiranpatel11 thanks for the suggestion. We'll discuss this idea internally and get back.

kiranpatel11 commented 1 year ago

To address the broader range of usecases, It would be great if you can make it configurable

kiranpatel11 commented 1 year ago

@joelrosario ,

Please let me know if this issue is going to get prioritized in near future ?

harikrishnan83 commented 10 months ago

@kiranpatel11 apologies for the radio silence on this. You point about being able to make the token configurable makes sense. We now have ability to pass the bearer token, API keys, etc. for each type of security scheme through environment variables. Here is the documentation. Hope this helps.

About using tokenURL to get the real token, we will get back to you on this. Thanks.