Description
When you declare an operation with a security section, this defines the security models and
scopes which are required by the operation. This information is partially used, and in particular
the operation required scopes are not available to the model generator.
For example, if we define two OpenAPI 3.0 operations with same
security but two different scopes:
paths:
/agents:
...
security:
- oauth: ['agent:register']
/hosts
security:
- oauth: ['host:create']
and the security scheme would define "oauth":
components:
securitySchemes:
agent_auth:
type: oauth2
flows:
password:
tokenUrl:
'https://hyperion.vacs.fr/hyperion/api/v1/oauth/token'
scopes:
'agent:register': Register a new monitoring agent
'host:create': Register and create a host
Then, the generated server operation will require that all the scopes are available.
(Instead of only checking for agent:register for the first operation and host:create for the second.
openapi-generator version
3.3.0
OpenAPI declaration file content or url
Command line used for generation
java -jar openapi-generator-cli.jar generate --generator-name ada-server -i hyperion.yaml \
-DprojectName=hyperion --model-package Hyperion.Rest
Steps to reproduce
Related issues/PRs
Suggest a fix/enhancement
The information is available internally within the SecurityRequirement list associated with each operation. This is not available to model templates.
By updating the language code generator we can access this information from fromOperation and create a vendor specific extension attribute that provides the information. I've done it in two steps:
- In fromOperation, add a x-scopes attribute that lists the operation security required scopes,
- In postProcessOperationsWithModels, build a new list of authMethods that only contain the operation required scopes (and not all of them), and put that list in the x-auth-scopes attribute.
- Update the server templates to use the x-auth-scopes instead of authMethods.
Description
When you declare an operation with a security section, this defines the security models and
scopes which are required by the operation. This information is partially used, and in particular
the operation required scopes are not available to the model generator.
For example, if we define two OpenAPI 3.0 operations with same
security but two different scopes:
and the security scheme would define "oauth":
Then, the generated server operation will require that all the scopes are available.
(Instead of only checking for agent:register for the first operation and host:create for the second.
openapi-generator version
3.3.0
OpenAPI declaration file content or url
Command line used for generation
Steps to reproduce
Related issues/PRs
Suggest a fix/enhancement
The information is available internally within the SecurityRequirement list associated with each operation. This is not available to model templates.
By updating the language code generator we can access this information from fromOperation and create a vendor specific extension attribute that provides the information. I've done it in two steps: