Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where to set security scheme to enable auth token to be sent #36

Closed
Morriz opened this issue Feb 26, 2017 · 7 comments
Closed

Where to set security scheme to enable auth token to be sent #36

Morriz opened this issue Feb 26, 2017 · 7 comments

Comments

@Morriz
Copy link

Morriz commented Feb 26, 2017

Just a question
@Morriz
Copy link
Author

Morriz commented Feb 27, 2017

I have now got it working with auth, through trial and error, like this:

In the {service}/index.js file I have this section:

const _service = service(options);
  _service.docs = {
    securities: ['create', 'update', 'patch', 'remove']
  };
  app.use('/activity', _service);

but this seems redundant, as that information is given by setting the restrictToAuthenticated hooks. Can those calls not 'inflect' where they come from and set this information automatically?

@daffl
Copy link
Member

daffl commented Feb 28, 2017

Not at the moment since hooks don't add any additional information in to the service. Another way might be to set it globally as done in the Sequelize example in /~https://github.com/feathersjs/feathers-swagger/blob/master/example/sequelize/app.js#L52-L63

@idealley
Copy link

idealley commented Mar 22, 2017
edited
Loading

I got the security to work for the documentation as follow:

in app.js I configure swagger (in a module to simplify the code):

   const swOptions = require('./swagger/swagger');
   ...
   app.use()
   ...
  .configure(swagger(swOptions))

The module is configured as follow:

module.exports = {
    docsPath: '/docs',
    uiIndex: path.join(__dirname, 'docs.html'),
    info: {
      title: 'Title of the Documentation',
      description: 'Available endpoints'
    },
    securityDefinitions: {
      bearer: {
        type: "apiKey",
        name: "authorization",
        in: "header"
      }
    },
    security: [
      {
        bearer: []
      }
    ]
};

You need to set the 'securityDefinisions' and the security array as far as I am using the default authorization of feathers I need to say that I will be sending a bearer token. I define what is the bearer for the swagger UI to be able to generate the correct buttons (authorize one).

screen shot 2017-03-22 at 09 31 43

Then per service I can now set per route if this route needs authorization or not. So when you instantiate a service, you need:

  // Initialize our service with any options it requires
  app.use('/users', Object.assign(service(options), {
      docs: def
    }));

I am passing a definition which allows: custom description of the endpoint, to add params definition, examples etc.

For example if you want to limit a create route to authorized users:

module.exports = {
  description: 'Users of the API (requires administrator role)',
  find: {
  },
  get: {
  },
  create: {
    security: [    {
      bearer: []
    }]
  },
  update: {
  },
  patch: {
  },
  remove: {
  }
};

As far as security is an array you can pass it other security strategies and of course you can pass other objects for each method here is another example with method definition:

const params = require('./parameters');

module.exports = {
  description: 'ERS Articles',
  find: {
    security: [    {
      bearer: []
    }],
    description: 'Get articles relative to a node with the node', 
    summary: 'Returns the category (node) and its outgoing relatives with the association ers:article',parameters: [
        params.qname,
        params.limit,
        params.skip
    ],
    responses: {
      "200": {
            description: 'successful operation',
            schema: {
              type: "object",
              example:
                {
                    "data": [],
                    "category": [],
                    "_sys": {
                        "next": 'string',
                        "prev": 'string'
                    },
                    "limit": 'int',
                    "skip": 'int',
                    "total": "coming soon"
                }
              
            },
      },
      "404": {
            description: 'not found',
            schema: {
              type: "string"
            }
      }
    },
    produces: ["application/json"]
  }
};

I have externalised the params as I need to reuse the same one on other services.

I hope this configuration may help someone ;) as it did not work right away... some trial and error involved...

@idealley idealley mentioned this issue Apr 7, 2017
Closed
@kairos666 kairos666 mentioned this issue Feb 11, 2018
Closed
@HarisHashim HarisHashim mentioned this issue May 28, 2018
Closed
2 tasks
@Mairu
Copy link
Collaborator

Mairu commented May 24, 2019

Example of authentication configuration was added to the repository.

@Mairu Mairu closed this as completed May 24, 2019
@gauravbhusare
Copy link

gauravbhusare commented Dec 11, 2019
edited
Loading

I am not able to get that authorize button on top
image

I have added
securityDefinitions: { bearer: { type: "apiKey", name: "authorization", in: "header" } }, security: [ { bearer: [] } ]
above code.

@Mairu
Copy link
Collaborator

Mairu commented Dec 11, 2019

See /~https://github.com/feathersjs-ecosystem/feathers-swagger/blob/master/example/swagger-v2/security.js for a working example.

You also have to define the securities for the services.

@gauravbhusare
Copy link

Thank you so much @Mairu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@daffl @idealley @Morriz @Mairu @gauravbhusare