Support for Bearer token in the header for OAuth2

[skasturi]

In OAuth2, I am not able to get the Bearer token set in the header automatically. How do I get it working?

[mission-liao]

I'm not familiar with Bearer token, and it seems this part is more precisely defined in 3.0 spec (OAI/OpenAPI-Specification#807).

Right now OAuth2 supports in pyswagger is users need to provide the final token (to pyswagger.Security) after finishing the OAuth2 flow.

Reply @skasturi
The swagger.json should at least contain this definition (this is the minimum requirement of server support OAuth2 token in Bearer format):

...
"securityDefinitions":{
   "your_token":{
      "type":"apiKey",
      "in":"header",
      "name":"Authorization"
   }
}
...

And once you get the token, you need to update it to pyswagger.Security object with what Bearer token described

import Security from pyswagger
your_token = xxxxxxxxx # assume you get the Bearer token somewhere
s = Security(app)
s.update_with('your_token', 'Bearer ' + your_token)

If you've done those and still can't make Bearer token set in header automatically, please let me know, it's definitely a bug.

[skasturi]

Hi @mission-liao Thank you very much for you response. What you mentioned is what I am trying to do to hack this out. But I believe we should support this in pyswagger natively. As you mentioned looks like it is part of v 3.0 spec. But, I guess it is simple enough to be added even now. What do you think?

[mission-liao]

I think yes, I can add those defined in 3.0 to current implementation of pyswagger, since they'll be supported later.

[erikpotterbsx]

Thanks, I need this too

My temporary solution is to manually add the token to the header:

token = get_token()  # get the token somehow

client = Client()
client._Client__s.headers['Authorization'] = 'Bearer ' + token

[mission-liao]

@erikpotterbsx @skasturi what I prefer to provide is to support partial of 3.0 spec in current pyswagger, that is, pyswagger can read the spec contains

scheme: "bearer"

and automatically prefix "Bearer " with token when assigned to "Authorization" in header.

However, I guess it's not the solution you need because the swagger.json provided by service also needs to be modified to "partially fit" to Open API 3.0 spec.

I guess what you need is to have a special method in pyswagger.Security, will automatically prefix "Bearer " when providing tokens, right?

[mission-liao]

Here is my proposal:

• a new function would be added to pyswagger.Security to prefix 'bearer ' automatically.
• when that function is used, a flag would be added to the pyswagger.Security to indicate that object can't be used with OpenAPI 3.0 (service supports Open API 3.0 should use new schema to declare this part)

[mission-liao]

prefer to postpone this issue, because there is little thing we can do at this moment:

we can provide a special method (or a dedicated class) for users to specifically set a Bearer token, however, it's not a big imporvement for usage because users can still set a Bearer token by prefixing the token with "Bearer " by themselves.

[skasturi]

Thanks for the patience @mission-liao. I think we can live with this for now while support for 3.0 is being implemented.