Skip to content

OpenAPI SecuritySchemes are ignored #12

Description

@Rafael17

Hi! I have an openapi.json with the following security scheme:

"components": {
    "securitySchemes": {
      "OAuth2": {
        "type": "oauth2",
        "flows": {
          "authorizationCode": {
            "authorizationUrl": "https://example.com/oauth/authorize",
            "tokenUrl": "https://example.com/oauth/token",
            "scopes": {
              "read": "Grants read access",
              "write": "Grants write access",
              "admin": "Grants access to admin operations"
            }
          }
        }
      }
    },
    "schemas": {}
  },

and one of the endpoint uses it like this

"/example/{id}": {
  "get": {
    "parameters": [
      {
        "schema": {
          "minLength": 1,
          "type": "string"
        },
        "in": "path",
        "name": "id",
        "required": true
      }
    ],
    "security": [
      {
        "OAuth2": [
          "read"
        ]
      }
    ]
  }

I'm also extending fetch to add an interceptor for Auth:

export const fetchWithInterceptor = (input: URL | RequestInfo, options?: RequestInit | undefined) => {
  const token = getAuthToken();
  const headers = {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${token}`,
    ...options?.headers,
  };

  return fetch(input, {
    ...options,
    headers,
  });
};

const client = createClient({
  schema,
  baseUrl: 'https://example.com',
  fetch: fetchWithInterceptor
})

However, it seems like securitySchemes is ignored, so I'm not able to get authorizationCode details to properly create the interceptor, since some endpoints use different schemas.

Any thoughts on how I should implement Authentication?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions