Background
As of writing, the cpp-pistache-server generator does not support neither HTTP Basic nor Bearer authorization. This feature request proposes an apporach to remedy that.
If a consensus on how to implement this can be established, I am willing to implement it myself.
Suggestion
It is suggested, that
-
Any endpoint+method can have one authorization mechanism. Either Basic or Bearer. If an endpoint+method has both specified in yaml, compilation of the genereated C++ sources should be made impossible and appropriate errors should be reported.
-
The generated c++ sources should only extract and assert the existance of bearer token and credentials from headers.
-
Credentials and tokens should be forwarded to the relevant handler for validation.
The reason for 3. is that the approaches for Basic and for Bearer should be identical. For Basic, a virtual method for simply asserting the validity could suffice. The verified username could then be forwarded to the handler. For Bearer, however, the approach might be remarkable different. For several cases, JWT for example, the entire token might be needed to extract claims in the handler, while merely determining validity could still be determined in a virtual method.
For that reason, it is suggested that both credentials for Basic and the complete token for Bearer are forwarded to the handlers in their entirey.
The code generated buy openapi-generator should ensure that the relevant headers are present and well formed and, for Basic perform decoding and preprocessing. Validation should be deferred to the handlers.
Examples
Basic
This yaml
components:
securitySchemes:
credentials:
type: http
scheme: basic
paths:
/foo:
get:
summary: Lists foos
operationId: listFoos
tags: [ Foos ]
security:
- credentials: []
responses:
'200':
description: A Foo fresh from the Bar.
content:
text/plain:
schema:
type: string
example: "Foo"should result in the following generated c++.
void FoosApiImpl::list_foos(
const BasicCredentials &credentials,
Pistache::Http::ResponseWriter &response)
{
response.send(Pistache::Http::Code::Ok, "Do some Magic!");
}
...
typedef struct
{
std::string username;
std::string password;
} BasicCredentials;Bearer
This yaml
components:
securitySchemes:
jwt:
type: http
scheme: bearer
paths:
/foo:
get:
summary: Lists foos
operationId: listFoos
tags: [ Foos ]
security:
- jwt: []
responses:
'200':
description: A Foo fresh from the Bar.
content:
text/plain:
schema:
type: string
example: "Foo"should result in c++ code similar to this:
void FoosApiImpl::list_foos(
const std::string &token,
Pistache::Http::ResponseWriter &response)
{
response.send(Pistache::Http::Code::Ok, "Do some Magic!");
}Both Basic and Bearer
This yaml
components:
securitySchemes:
jwt:
type: http
scheme: bearer
credentials:
type: http
scheme: basic
paths:
/foo:
get:
summary: Lists foos
operationId: listFoos
tags: [ Foos ]
security:
- jwt: []
- credentials: []
responses:
'200':
description: A Foo fresh from the Bar.
content:
text/plain:
schema:
type: string
example: "Foo"should result in c++ code similar to this:
void FoosApiImpl::list_foos( ... , Pistache::Http::ResponseWriter &response)
{
This code will not compile because c++ pistache server only supports either bearer or basic. Not both.
}Closing Remarks
Background
As of writing, the cpp-pistache-server generator does not support neither HTTP Basic nor Bearer authorization. This feature request proposes an apporach to remedy that.
If a consensus on how to implement this can be established, I am willing to implement it myself.
Suggestion
It is suggested, that
Any endpoint+method can have one authorization mechanism. Either Basic or Bearer. If an endpoint+method has both specified in yaml, compilation of the genereated C++ sources should be made impossible and appropriate errors should be reported.
The generated c++ sources should only extract and assert the existance of bearer token and credentials from headers.
Credentials and tokens should be forwarded to the relevant handler for validation.
The reason for 3. is that the approaches for Basic and for Bearer should be identical. For Basic, a virtual method for simply asserting the validity could suffice. The verified username could then be forwarded to the handler. For Bearer, however, the approach might be remarkable different. For several cases, JWT for example, the entire token might be needed to extract claims in the handler, while merely determining validity could still be determined in a virtual method.
For that reason, it is suggested that both credentials for Basic and the complete token for Bearer are forwarded to the handlers in their entirey.
The code generated buy openapi-generator should ensure that the relevant headers are present and well formed and, for Basic perform decoding and preprocessing. Validation should be deferred to the handlers.
Examples
Basic
This yaml
should result in the following generated c++.
Bearer
This yaml
should result in c++ code similar to this:
Both Basic and Bearer
This yaml
should result in c++ code similar to this:
Closing Remarks