-
-
Notifications
You must be signed in to change notification settings - Fork 771
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add API-key scope checking #1837
Add API-key scope checking #1837
Conversation
The current documentation mentions that API-key security supports scopes: " The function should accept the following arguments: - apikey - required_scopes (optional) " However, the scopes were not passed to the checker.
Thanks @etvahala! 2 points:
|
Some of the unit tests used internal methods, fixed the tests with the added scopes-parameter.
Fixed the unit tests. The scope support for API keys was introduced in this OpenAPI spec commit, by introducing weasel words "...and the list MAY be empty if authorization does not require a specified scope.". |
Thanks @etvahala! I don't think the line you linked is relevant, but the next one is:
See also this OpenAPI issue. So seems to align with the spec indeed 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, one small suggestion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! The current implementation looks good to me.
I believe we should also extend it to other security schemes, not only API keys?
For full reference, in the past, connexion re-used the scopes
value from other security schemes as required_scopes
as argument value security schemes that didn't allow scopes
. This was addressed in PR #1474
Can somebody merge this in? |
Fixes # N/A
The current documentation mentions that API-key
security supports scopes: "
The function should accept the following arguments:
However, the scopes were not passed to the checker.
Changes proposed in this pull request: