How to describe optional security? #2802
-
|
This is a valid OpenAPI spec: It indicates that the endpoint can be accessed without security and with security (jwt in this case). Is there a way to represent this in Goa? I don't see an object that can represent NoSecurity as a scheme on the DSL. Actually, there, NoSecurity() seems to be used to reset the need for security of an endpoint. I'll try to make the parameter not required on the Payload, but:
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The code generation algorithm does explicitly handle the case where the payload attribute used to map the credential is not required and in this case provides a nil value to the authorization function. So at least mechanically you should be able to implement the behavior you are after. It should be possible to change the OpenAPI spec generation so it matches the above by doing a similar check. The current code that generates the OpenAPI security section does not have access to the payload so it would have to be modified so that it can access the method payload and check whether the credential field is required or not. |
Beta Was this translation helpful? Give feedback.
The code generation algorithm does explicitly handle the case where the payload attribute used to map the credential is not required and in this case provides a nil value to the authorization function. So at least mechanically you should be able to implement the behavior you are after. It should be possible to change the OpenAPI spec generation so it matches the above by doing a similar check. The current code that generates the OpenAPI security section does not have access to the payload so it would have to be modified so that it can access the method payload and check whether the credential field is required or not.