Allow customizing httpBearerAuth scheme #872
Comments
|
Can you share a bit more information on where the requirement to have The |
|
@kstich sure ... there's an existing service I'd like to model using smithy that requires the I'm also curious to understand how a generated client for a service with the |
|
I think another good option is to add scheme to httpApiKeyAuth: When used, it would just put "ApiKey" + " " in front of the provided key value for the auth scheme (i.e.,
It would! But I think the change I'm suggesting would mean you wouldn't need to do any custom codegen work. |
|
@mtdowling that sounds fantastic, love it! How can I help? |
|
@glb Have a look at that pull request. I think it enables your use-case |
|
Awesome, thank you! |
|
@DavidOgunsAWS @mtdowling a follow-up question about this. I updated my model to add @httpApiKeyAuth(scheme: "ApiKey", name: "Authorization", in: "header")
@httpBearerAuth
@auth([httpApiKeyAuth, httpBearerAuth])
service Example {
version: "2021-08-19",
resources: [...]
}and ran a build to generate an OpenAPI description of the API. I was a little surprised that it didn't fail because of course the changes aren't there yet to support securitySchemes from generated OpenAPI description "securitySchemes": {
"smithy.api.httpApiKeyAuth": {
"type": "apiKey",
"description": "X-Api-Key authentication",
"name": "Authorization",
"in": "header"
},
"smithy.api.httpBearerAuth": {
"type": "http",
"description": "HTTP Bearer authentication",
"scheme": "Bearer"
}
}It seems like a more accurate translation in this case would be: securitySchemes from generated OpenAPI description "securitySchemes": {
"smithy.api.httpApiKeyAuth": {
"type": "http",
"description": "ApiKey authentication",
"scheme": "ApiKey"
},
"smithy.api.httpBearerAuth": {
"type": "http",
"description": "HTTP Bearer authentication",
"scheme": "Bearer"
}
}i.e. using This conclusion seems to be supported by the OpenAPI specification of
Thoughts (other than the obvious "ApiKey isn't registered in the IANA Authentication Scheme registry")? If you agree that the OpenAPI generation should change, where should I follow up? |
|
Thanks @DavidOgunsAWS ! Now that the PR is merged, does there need to be a release so that the new feature is available, or is there a way for me to pick up a snapshot build? I'm sorry, I'm not very familiar with Gradle so I've just been following the instructions to get things working. I'm assuming I'll need to make changes to my plugins {
java
id("software.amazon.smithy").version("0.5.3")
}
repositories {
mavenLocal()
mavenCentral()
}
buildscript {
dependencies {
classpath("software.amazon.smithy:smithy-openapi:1.10.0")
// The openapi plugin configured in the smithy-build.json example below
// uses the restJson1 protocol defined in the aws-traits package. This
// additional dependency must added to use that protocol.
classpath("software.amazon.smithy:smithy-aws-traits:1.10.0")
}
}
dependencies {
// The dependency for restJson1 is required here too.
implementation("software.amazon.smithy:smithy-aws-traits:1.10.0")
}I've managed to piece this together to get an OpenAPI artifact; would love to understand what the steps are to get a proper client, maybe using awslabs/smithy-typescript, but I'm sure that's out of scope for this repository. |
|
Hey @glb, sorry for the delay in responding. This was released in 1.12.0 on 2021-10-05, so you don't need to do anything fancy in Gradle to use these updates. Regarding the generated security scheme:
Ah, yeah, we're missing I think the documentation given for
I think this would be a great feature request on the smithy-typescript repo: https://github.com/awslabs/smithy-typescript. If you're interested in contributing this, then opening an issue could also be an opportunity to get pointers for how to implement it. |
|
With the changes made in #934 to improve the description, I think this issue is resolved now, and followup work to add support to the TypeScript codegen can be tracked at https://github.com/awslabs/smithy-typescript |
|
Thanks @mtdowling ! |
I'd like to model a service that uses what is effectively the HTTP Bearer authentication mechanism but with a different scheme. Would it be possible to extend the httpBearerAuth trait to support this?
I'm thinking something like this:
which would result in HTTP requests with an
Authorization: ApiKey {key}header. Existing services or services that use theBearerscheme would continue to use@httpBearerAuthwithout the parameter -- I'm hoping that's possible but am still new to the Smithy syntax.Is this possible? Is it a bad idea? Is there a better way to accomplish this? I think the alternative is to create a new
@authDefinitionthat does the right thing, but I don't particularly want to reinvent all of the surrounding codegen ecosystem just to change fromBearertoApiKey. On a related note, I recognize that existing codegen would need to be updated to support this, where would I go to learn more?The text was updated successfully, but these errors were encountered: