-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
missing cookie apiKey authentication mechanism #208
Comments
@matteomazza91 thanks for offering help on this. Please open a PR when you've time and we'll review and get it merged into master quickly. |
Do we need to support this only conditionally for 3.0 specs? I may be misreading the linked PR, but it seems this implicitly adds cookie auth support for 2.0 specs as well. |
you're right. It never checks the version of openAPI. This is correct only for valid input. |
I'm on mobile (which makes search difficult), but I believe we don't explicitly validate the input spec. There are times that a spec may be invalid, but user defined templates don't care. An example could be a missing baseUrl that someone has hardcoded in their custom template. This may not be an issue if we comment that it's a known edge case in the code. If we're not validating input by default, we may want to change that behavior and provide an option to skip validation. Again, I didn't look so this may already be in place. |
ok, so possible solutions:
|
I'd like to avoid the first option. The second option would work, but I'd be concerned that this would lead to lots of version conditionals throughout. So I think the last option is best. I looked briefly and didn't see spec validation on the generate command or on CodegenConfigurator, so it seems this needs to be added (it wasn't a big deal when most users were 2.0 specs). I can look at that tonight or tomorrow. I don't think this needs to be a blocker on merging the addition, and I think a comment that it assumes a validation step prior to generation would remove any confusion. |
Closing this as #240 has been merged. |
What version was this deployed in? I'm running v3.3.0 and had to use You can clone/fork that project and just run |
Previously the |
Description
Security Scheme Object defines that apiKey can be in "query", "header" or "cookie".
Actually the generator allows only "query" and "header" as shown by the following snippet:
Suggest a fix/enhancement
I had already proposed a PR to the swagger-codegen project to solve this issue.
I can start working on it right now.
The text was updated successfully, but these errors were encountered: