Comments (3)
bajtos
commented on September 28, 2024
To implement this change, we have to migrate to Swagger spec v1.2 (transition docs).
Then we can use authorizations sections to describe auth. See petstore for an example of swagger descriptors including authorizations.
This is my rough idea:
When app.isAuthEnabled is not true, authorizations should be always empty (or not present at all).
Otherwise, the top-level swagger descriptor should configure access-token-based authorization:
authorizations: {
accessToken : {
// Authorization is a name of the HTTP header
type: 'Authorization',
passAs : 'header'
}
}
Now for every public method, we need to decide whether anonymous access is allowed. If it isn't, then the method swagger description should include authorizations: { accessToken: [] } (I am not sure about the exact value here).
from loopback-component-explorer.
raymondfeng
commented on September 28, 2024
+1 to upgrade to Swagger 1.2 which will gives us a better api spec:
- authorization
- model schema
- content-type/accept
- error/status code
https://github.com/wordnik/swagger-core/wiki/1.2-transition
from loopback-component-explorer.
PerfectedApp
commented on September 28, 2024
+1 to upgrade to Swagger 1.2
from loopback-component-explorer.
Related Issues (20)
- With destroyAll exposed, API Explorer does not send where filter (LB 2.x) HOT 2
- Parameters with x-www-form-urlencoded are not included in the curl commandline and are not sent HOT 5
- [email protected] JSONEditor is not defined
- Use a custom swagger spec instead of the default HOT 1
- Upgrade loopback-swagger to latest version please HOT 1
- can't get "through" to show HOT 2
- Properties added in bootscripts or later don't show up in explorer HOT 2
- unresponsive script
- Migrate to Swagger-UI 3.x HOT 4
- `Cannot read property '$ref' of undefined` when using `Base` HOT 4
- API version not being picked up from package.json HOT 2
- File Downloading Bug HOT 2
- Cannot override index.html title using apiInfo HOT 3
- example for loopback 4 usage HOT 3
- loopback.basicAuth is not a function? HOT 2
- lodash security risk for version 2.7.0 HOT 2
- Display error when a model is called 'Array' HOT 2
- Fix the vulnerability caused by swagger-ui HOT 5
- swagger-ui vulnerabilities HOT 19
- Loopback4 version problem!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loopback-component-explorer.