[Python] Swagger spec 2.0 with global security setting fails

[ensonic]

Description

Swagger-codegen version

2.3.1

Swagger declaration file content or url

I have this in my open-api-spec.json:

  "securityDefinitions": {
    "api_key": {
      "type": "apiKey",
      "name": "x-api-key",
      "in": "header"
    }
  },
  "security": {
    "api_key": []
  }

and in the code I'll do this:

config = my_api.Configuration()
config.api_key['x-api-key'] = api_key
api_client = my_api.ApiClient(config)
registry_client = my_api.MyApi(api_client)

expected would be a header "x-api-key: 12345", but the header is not set :/ I added some logging into the generated api_client.py and auth_settings passed to __call_api() are None. In the generated my_api.py I see auth_settings = [] and I think this is the cultprit.

If you look at the top-level swagger object:
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swagger-object
One can attach a global security setting there.

[wing328]

@ensonic thanks for reporting the issue.

Looks we fixed the problem before: #1365

Have you validated your OpenAPI spec using https://editor.swagger.io or other tools?

[jasonl99]

I am having a nearly-identical problem with the ruby client.

securityDefinitions:
  HttpHeaderApiKey:
    type: apiKey
    in: header
    name: api-key
security:
  - HttpHeaderApiKey: []

Debugging the ruby client, specifically api_client#update_params_for_auth! shows that auth_names is an empty array once it gets here:

def update_params_for_auth!(header_params, query_params, auth_names)
  # auth_names is coming in as [] here
  Array(auth_names).each do |auth_name|
    auth_setting = @config.auth_settings[auth_name]
    next unless auth_setting
    case auth_setting[:in]
    when 'header' then header_params[auth_setting[:key]] = auth_setting[:value]
    when 'query'  then query_params[auth_setting[:key]] = auth_setting[:value]
    else fail ArgumentError, 'Authentication token must be in `query` of `header`'
    end
  end
end

[wing328]

We do have a test case for this:

swagger-codegen/modules/swagger-codegen/src/test/java/io/swagger/codegen/DefaultGeneratorTest.java

Line 96 in c66a0aa

public void testSecurityWithGlobal() throws Exception {

The global security definition in the test spec can be found here: https://github.com/swagger-api/swagger-codegen/blob/master/modules/swagger-codegen/src/test/resources/2_0/globalSecurity.json#L818-L847

[wing328]

Can you please share the full spec via https://gist.github.com so that we can more easily repeat the issue?

[ensonic]

Mistake on my side:

"security": {
    "api_key": []
  }

needs to be:

"security": [
  {
    "api_key": []
  }
]

and

> swagger-codegen validate -i registry.json 
Validating spec file (registry.json)
attribute security is not of type `array`
...

[wing328]

@ensonic no problem. Glad to hear that the issue is resolved.

[wing328]

@jasonl99 if you still need help with the issue, please share the spec with us so that we can troubleshoot more easily.

[jasonl99]

@wing328 My apologies for not reporting back sooner. I went to create a minimally viable example that failed, and found that it worked just fine. That led me to discover my original code had a careless mistake, using an underscore instead of a dash. My header's key was api-key but I I had written the code as config.api_key['api_key'] rather than config.api_key['api-key']. Once I fixed it, it worked fine. I must have looked at that line a dozen times and still didn't catch it. Sorry for the alarm!

[wing328]

@jasonl99 no problem at all. Just let us know if you've further question or feedback.

[manuelaceron]

I'm new with codegen, I'd like some help with this:
I have a single OAuth security scheme with just one scope in my YAML, using codegen it applies the same scope tag to each operation, and I need just one global security tag to be able to generate the annotation @scopes at class level in my Maven project

Thankss