-
-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client security doesn't work with v3 of the spec #556
Comments
I'll take a look at it @KhudaDad414 . |
@oviecodes let me take this one, If you have any progress on this then feel free to open a PR or you can review my PR as you know best how authentication works. |
okay @Souvikns |
After playing with the codebase I found that the errors are originating from Line 31 in 25ab916
This function basically tries to check if auth config provided from the auth function match the spec, but now with V3 the way of accessing the config has changed and thus it fails to read the spec for security schemes and thus get undefined errors.
There is also a problem with the logic we are using for providing and parsing Security for spec V2 security:
- token: []
- userPass: []
- apiKey: []
- UserOrPassKey: []
- oauth:
- write:pets
- read:pets
Security for spec V3 servers:
OpenAI:
host: api.openai.com
protocol: https
security:
- $ref: '#/components/securitySchemes/openAI'
components:
securitySchemes:
openAI:
type: http
scheme: bearer
name: token Currently, we are providing the export async function clientAuth({ serverName }) {
console.log("serverName", serverName)
return {
token: process.env.TOKEN,
oauth: process.env.OAUTH2,
apiKey: process.env.APIKEY,
userPass: {
user: process.env.USERNAME,
password: process.env.PASSWORD
}
}
} This is not possible with the spec v3 and also there are better ways of passing in the parameters now. I think one way to solve this issue, is by modifying both the ParsingNow we should parse the Auth FunctionInstead of passing the authentication parameters according to the type of the async function clientAuth({serverName}) {
return {
openAI: {
token: process.env.TOKEN
}
}
}
|
@Souvikns, your purposed solution makes sense to me. 👍 |
Yeah, @Souvikns , but how do we handle people that will use spec v2? or are we suppose to support just v3 and later going forward |
We are trying to have Glee officially support spec 3.0 and onwards. |
🎉 This issue has been resolved in version 0.32.14 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Describe the bug
Consider this AsyncAPI file:
when I use this asyncapi file with the following auth function:
I get the following error:
How to Reproduce
Creat an http client and try to use the
bearer
authentication method.Expected behavior
It should authenticate the client as expected.
cc: @oviecodes
The text was updated successfully, but these errors were encountered: