Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global @security support #407

Open
alyoshark opened this issue Jun 10, 2019 · 9 comments
Open

Global @security support #407

alyoshark opened this issue Jun 10, 2019 · 9 comments
Labels
enhancement

Comments

@alyoshark
Copy link

Is your feature request related to a problem? Please describe.
It's cumbersome to specify @Security on every controller if the entire API requires the same authentication mechanism.

Describe the solution you'd like
Something like below on the global context

// @title My Awesome API
// @version 1.0
// @description This Is My Awesome API That Requires Global Security Check
// @host my.awesome.site
// @BasePath /api
// @Security ApiKeyAuth
// @securityDefinitions.apikey ApiKeyAuth
// @in header
// @name My-Auth-Key

Describe alternatives you've considered
Can't think of a fair alternative to this

Additional context
It's quite common for internal API application to use a global authentication mechanism. Would be great if it can be added.

If you think this request is applicable and needs help, I can work out a PR later.
Thank you for providing such a great tool ❤️
@ubogdan
Copy link
Contributor

ubogdan commented Jul 7, 2019
edited
Loading

The context doesn't apply all the time: I recently wrote a API that have 2 different security mechanisms for admin and user side.
On the other hand writing code annotation is less then 1% of the project coding time.

If we go on this path , we can also setup a default @accept and @produce , @failure XXX and when a new developer will take a into documentation and code will start wondering where they came from .

I personalty don't see it's as a feature.

@kuoshijia
Copy link

The global @Security tag is supported by specs 2.0. It certainly helps for swift developing. Hope you guys could add this feature later.

@kuoshijia
Copy link

Any progress on this? Simply parse the @Security comment in global scope will do

@batara666
Copy link

how

@markus-wa
Copy link
Contributor

markus-wa commented Jun 1, 2021
edited
Loading

the documentation suggests this is possible, but somehow no matter what I try, I can't get security definitions into my swagger.yaml 🤔

my problem was calling swag init --parseDependency instead of swag init -g routes.go --parseDependency when my main API definition isn't in main.go - interestingly most fields were still being picked up but not licensing and security. Ignore that last bit, was looking in the wrong place.

Might be good to give a warning if certain fields aren't set

@liuzou1991
Copy link

Any progress?
Now I have to manually edit the docs.go file after each swag init to add global security.

@ubogdan
Copy link
Contributor

ubogdan commented Aug 3, 2022

@liuzou1991 This is an Open Source project, and any contribution is welcome.

@bekabaz
Copy link

bekabaz commented May 31, 2023

There is actually a problem in Postman by excluding this functionality. Without a global security directive, Postman sets the API to "No Auth" at the root level. While not a Swagger problem, it becomes a problem when other providers rely on the full Swagger spec to be implemented. If I have time I can look through and see what fix would be possible.

@bekabaz
Copy link

bekabaz commented May 31, 2023

@ubogdan Is there any documentation on the flow within the code?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@alyoshark @ubogdan @markus-wa @bekabaz @liuzou1991 @kuoshijia @batara666