Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v2: Consider changing definition of OpenApiSecurityRequirement #1974

Open
captainsafia opened this issue Nov 27, 2024 · 0 comments
Open

v2: Consider changing definition of OpenApiSecurityRequirement #1974

captainsafia opened this issue Nov 27, 2024 · 0 comments
Assignees
Labels
priority:p2 Medium. Generally has a work-around and a smaller sub-set of customers is affected. SLA <=30 days
Milestone

Comments

@captainsafia
Copy link
Member

captainsafia commented Nov 27, 2024

The OpenApiSecurityRequirement type is currently defined as Dictionary<OpenApiSecurityScheme, IList<string>>.

For v2, we should consider taking a breaking change to define it as Dictionary<string, IList<string>> and support referencing the security scheme by the name used in the components hierarchy in the document.

The OpenAPI specification states that security requirements should an association between { string: string[] } so it strikes me that we can update the type definition to align with this.

This would simplify the code that users have to write when setting security requirements in documents. Instead of:

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.OpenApi;
using Microsoft.OpenApi.Models;

public static class OpenApiOptionsExtensions
{
    public static OpenApiOptions AddBearerTokenAuthentication(this OpenApiOptions options)
    {
        var scheme = new OpenApiSecurityScheme()
        {
            Type = SecuritySchemeType.Http,
            Name = IdentityConstants.BearerScheme,
            Scheme = "Bearer",
            Reference = new()
            {
                Type = ReferenceType.SecurityScheme,
                Id = IdentityConstants.BearerScheme
            }
        };
        options.AddDocumentTransformer((document, context, cancellationToken) =>
        {
            document.Components ??= new();
            document.Components.SecuritySchemes.Add(IdentityConstants.BearerScheme, scheme);
            return Task.CompletedTask;
        });
        options.AddOperationTransformer((operation, context, cancellationToken) =>
        {
            if (context.Description.ActionDescriptor.EndpointMetadata.OfType<IAuthorizeData>().Any())
            {
                operation.Security = [new() { [scheme] = [] }];
            }
            return Task.CompletedTask;
        });
        return options;
    }
}

Users can write:

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.OpenApi;
using Microsoft.OpenApi.Models;

public static class OpenApiOptionsExtensions
{
    public static OpenApiOptions AddBearerTokenAuthentication(this OpenApiOptions options)
    {
        var scheme = new OpenApiSecurityScheme()
        {
            Type = SecuritySchemeType.Http,
            Name = IdentityConstants.BearerScheme,
            Scheme = "Bearer",
            Reference = new()
            {
                Type = ReferenceType.SecurityScheme,
                Id = IdentityConstants.BearerScheme
            }
        };
        options.AddDocumentTransformer((document, context, cancellationToken) =>
        {
            document.Components ??= new();
            document.Components.SecuritySchemes.Add(IdentityConstants.BearerScheme, scheme);
            return Task.CompletedTask;
        });
        options.AddOperationTransformer((operation, context, cancellationToken) =>
        {
            if (context.Description.ActionDescriptor.EndpointMetadata.OfType<IAuthorizeData>().Any())
            {
                operation.Security = [new() { "Bearer" = [] }];
            }
            return Task.CompletedTask;
        });
        return options;
    }
}

Is there a particular reason the object model inlines the SecurityScheme instead of using a name reference?

@RachitMalik12 RachitMalik12 added the priority:p2 Medium. Generally has a work-around and a smaller sub-set of customers is affected. SLA <=30 days label Dec 3, 2024
@RachitMalik12 RachitMalik12 added this to the NET:2.0 milestone Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
priority:p2 Medium. Generally has a work-around and a smaller sub-set of customers is affected. SLA <=30 days
Projects
None yet
Development

No branches or pull requests

3 participants