Closed
Description
openedon Aug 1, 2024
OpenAPI manifest can contain API security definitions using the security scheme and they can be referenced either globally or per operation.
If the security scheme is provided and the auth type is supported (vide #5071) Kiota should create the right auth object in the plugin manifest.
The object pattern is like the following:
"runtimes":
[
{
"auth": {
"type": "<string>",
"reference_id": "<string>"
}
}
]Pattern A will be used for HTTP+Bearer Token, API Key and OpenId Connect:
"runtimes":
[
{
"auth":
{
"type": "ApiKeyPluginVault",
"reference_id": "{{<security_scheme_name>_REGISTRATION_ID}}"
}
}
]Pattern B will be used for Oauth:
"runtimes":
[
{
"auth":
{
"type": "OAuthPluginVault",
"reference_id": "{{<security_scheme_name>_CONFIGURATION_ID}}"
}
}
]For the reference_id, we are using the same pattern as TTK. Vide https://github.com/OfficeDev/teams-toolkit/blob/7422a1dffb7d54ca5e926e025fcdc72ae0380e17/packages/spec-parser/src/manifestUpdater.ts#L122
Acceptance Criteria:
- Only the following types are supported: http (with "scheme" = "bearer", https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml), oauth2 and openIdConnect. Any other type will return an error which will contain a list of supported auth types.
- Auth object will be generated only if the operation object has a security value and the root document has a security section.
- The generated auth object will match the auth type- Pattern A or B above.
- Only one entry in the operation security is allowed. More entries will return an error.
- Operation Security Requirement Object name needs to correspond to a security scheme defined in the document Security Schemes, error will be returned otherwise.
- Scopes of an OAuth type will be added to a new field - its name TBD.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Assignees
Labels
Type
Projects
Status
Done ✔️