Apikey #26
Apikey #26
Conversation
…dd it as a security specification
|
.. but I guess half the code generators don't support that properly, right? |
I cannot remember why I didn't specified it that way :). It could be that the code generators didn't (or still don't) support this, maybe I just overlooked it? Did you try it out? |
Yeah. Looks bad. :( The code generators seem to be in much worse shape than the specification language itself. At one point we may want to fork a version of the spec which doesn't care about broken code generators. |
Yes and I think a big issue is that some languages simply don't support the concepts that the spec offers. Also I am not familiar with most languages used in the generator, so it's not easy for me (and I think most devs) to actually fix stuff. Sure I can do it in 1 or 2 languages, but we provide hand crafted clients for these languages... ;). |
.. which would be okay if they were then presenting a "best effort" at presenting the spec in language-native concepts, and if that's not possible, just return (say) a map, or the closest possible thing from which you can then proceed manually. But for example the API key thing is outright broken in the python client, you just can't set it. |
|
I confirmed issue 7269, but the proposed workaround didn't work for me, and the reason in 7847 (sadly) wasn't the reason for me. To be clear, that is for my solution (according to the spec, the correct one). Yours works fine. :) |
And I like that you clarified that that was unintentional. :-D |
| @@ -20,6 +20,11 @@ | |||
| "in": "query" | |||
| } | |||
| }, | |||
| "security": [ | |||
| { | |||
| "api_key": [] | |||
There was a problem hiding this comment.
Did you try to name the api key explicitly like key or is this the default?
Not sure how, but maybe this is the problem?
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#securitySchemeObject
|
HAHAHAHAHA, found the root cause. Can we please not name one of our schemas |
|
I'm going to sleep now, but I now endorse this pull request again, since I have no further reason to believe it breaks other clients except the Python client, which it breaks for unrelated reasons which are easy to fix. |
|
Glad you figured it out :) Regarding the configuration thing it might be similar to what we had with break: swagger-api/swagger-codegen#3846 but we do not really know the reserved words |
|
Hmm yeah, but that's something I can live with / understand why this is super-hard to maintain upstream.. I'll try and fix a PR for the documentation issue (#7269) tomorrow. |
|
I'm happy with this now: It works, and if swagger-client accepts my PR, the documentation for Python will also be allright. (And the solution that can even now be found on Google works now, because I renamend |
|
We need to update the java-examples. In Java this looks a bit ugly due to the required cast and arbitrary ((ApiKeyAuth) geocoding.getApiClient().getAuthentication("api_key")).setApiKey(key);
GeocodingResponse geocodingResponse = geocoding.geocodeGet("bautzen", "de", 5, false, "", "default");vs. before: |
|
I think @karussell is right, it might be better to convert
Where are these examples? |
It is just a notation from swagger. The api key
https://github.com/graphhopper/directions-api-clients/tree/master/java-examples |
It's a name that we specified in the swagger, so I think we could change it to just key. Which would probably make more sense, since we use just key in the url. But maybe Thanks for pointing me to the examples, I must have missed them :). |
|
@michaz can you write here how this change makes the python code easier / better? The java code definitely looks worse:
But maybe this is language specific ... |
You pass it once to the client, upon construction, instead of per request. That's all, really. But that's not how I was reasoning. I see it primarily as a specification language, not as an input to a code generator, and I was trying to use it as prescribed. The auto-generated API test / documentation page definitely makes more sense then. If you're writing the spec "for the code generator", then don't mind me, we're doing different things then. |
ok
The main intend is to get an easier access to our API. So we do this here too, yes. But probably the Java code generator needs an update if python is not much harder. The Java creation code looks really ugly. |
|
And now that Swagger forked into OpenAPITools due to some maintainer issues: https://github.com/OpenAPITools/ I'm not even sure where to post new issues :( |
|
This will change with the new spec and it is required to change the API key via: ApiClient client = new ApiClient();
client.setApiKey("some key");
api.setApiClient(client);This will become clear in the java-examples of this pull request: #38 |
Remove API key as an individual query parameter from all paths, and add it as a security specification.
This is clearly the way it is intended, as now I can suddenly use the Swagger tool without entering the API key twice.