Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[http-client-csharp] cookie auth is generating incorrect code #5302

Closed
Tracked by #5207
ArcturusZhang opened this issue Dec 9, 2024 · 4 comments · Fixed by #5496
Closed
Tracked by #5207

[http-client-csharp] cookie auth is generating incorrect code #5302

ArcturusZhang opened this issue Dec 9, 2024 · 4 comments · Fixed by #5496
Labels
emitter:client:csharp Issue for the C# client emitter: @typespec/http-client-csharp

Comments

@ArcturusZhang
Copy link
Member

Our current code is treating cookie key authentication as if it is a header key authentication with the specific header name.
This is incorrect.

Proposal: since we could identify the type of authentication (including which kind of api key auth) from the output of TCGC, we should be able to report a diagnostic from the emitter and treat it as if there is no auth.
@ArcturusZhang ArcturusZhang added the emitter:client:csharp Issue for the C# client emitter: @typespec/http-client-csharp label Dec 9, 2024
@lirenhe lirenhe mentioned this issue Dec 9, 2024
Open
3 tasks
@JoshLove-msft
Copy link
Contributor

@ArcturusZhang is your suggestion to handle this in the emitter as opposed to the generator? i.e. the emitter filters out the cookie header key from the authentication model?

@ArcturusZhang
Copy link
Member Author

I think this is a thing that we must do in the emitter.
Our emitter is translating output from TCGC into ours, and TCGC already did this for us, they have this type defined as auth type:

export type HttpAuth = BasicAuth | BearerAuth | ApiKeyAuth<ApiKeyLocation, string> | Oauth2Auth<OAuth2Flow[]> | OpenIDConnectAuth | NoAuth;

We only support part of them in our emitter: ApiKeyAuth and Oauth2Auth.
The implementation in our MGC code always assume ApiKeyAuth is header, but actually the information from TCGC has a ApiKeyLocation and it could be header, query or cookie.
Related code here:

typespec/packages/http-client-csharp/emitter/src/lib/service-authentication.ts

Line 50 in 6ffff89

return { ApiKey: { Name: scheme.name } } as InputAuth;

@lirenhe lirenhe mentioned this issue Dec 12, 2024
Open
3 tasks
@ArcturusZhang ArcturusZhang mentioned this issue Jan 6, 2025
Merged
@JoshLove-msft
Copy link
Contributor

Should this be a cadl-ranch scenario? We should add it into the specs. We should warn and skip in the case of cookie auth.

@m-nash m-nash mentioned this issue Jan 13, 2025
Open
@m-nash
Copy link
Member

m-nash commented Jan 13, 2025

Created an issue for for the spector scenario #5584

github-merge-queue bot pushed a commit that referenced this issue Jan 14, 2025
@ArcturusZhang
report diagnostics on unsupported auth (#5496)
74ec773 
Fixes #5302

it works like this: 

![image](https://github.com/user-attachments/assets/18641e23-cca3-49f1-b2e9-96d95eabc852)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
emitter:client:csharp Issue for the C# client emitter: @typespec/http-client-csharp
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

report diagnostics on unsupported auth ArcturusZhang/typespec
3 participants
@ArcturusZhang @JoshLove-msft @m-nash