Great - we'll give this a shot when it lands in 3.12, and thanks! On Wed, Sep 9, 2020 at 6:45 AM Alan Crosswell <a...@columbia.edu> wrote:
> Adam: > > Closing the loop on this thread: > > https://github.com/encode/django-rest-framework/pull/7516 looks like it > will make it into 3.12. If you have a securityScheme that's not one of the > standard ones found in rest_framework.authentication, simply subclass > BaseAuthentication and implement two methods that return the securityScheme > and security requirements objects for that class. I plan on submitting this > approach as a PR to django-oauth-toolkit if and when included in DRF. I've > already got code that generates the necessary OAS stuff to have lists of > security requirements objects with required scopes. > > > On Thu, Aug 20, 2020 at 2:10 PM Alan Crosswell <a...@columbia.edu> wrote: > >> See >> https://github.com/encode/django-rest-framework/pull/6670#issuecomment-677813417 >> >> On Wed, Aug 19, 2020 at 8:45 PM ad...@bit.io <a...@bit.io> wrote: >> >>> Thanks all! >>> >>> This would be great in 3.12, but not critical - I can append the extra >>> security component with a script for now, so I'm not blocked on my work. >>> >>> Thanks! >>> >>> -Adam >>> >>> >>> On Tuesday, August 18, 2020 at 6:03:16 AM UTC-7 Alan Crosswell wrote: >>> >>>> PS: If getting this done for 3.12 would help, I'm game to take a shot >>>> at it. Please let me know. >>>> >>>> On Tue, Aug 18, 2020 at 9:01 AM Alan Crosswell <al...@columbia.edu> >>>> wrote: >>>> >>>>> Yes, see https://github.com/n2ygk/drf-openapi-auth-schema. I had >>>>> originally implemented this as part of a PR >>>>> <https://github.com/django-json-api/django-rest-framework-json-api/pull/772> >>>>> still in the works for DJA (DRF-jsonapi) but pulled it out of that PR as >>>>> it >>>>> was really DRF-specific. I've recently had some free time to resume work >>>>> on >>>>> the DJA PR and the securitySchemes and security object support is crucial >>>>> to actually making this usable for our projects so any help getting this >>>>> support added to DRF (where it belongs) -- and possibly to DOT for the >>>>> oauth component -- would be greatly appreciated. >>>>> >>>>> Notably the DRF openapi schema code has matured a lot and features >>>>> like components are now present in that code and were not at the time, so >>>>> there's definitely a small amount of rework needed. >>>>> >>>>> On Tue, Aug 18, 2020 at 7:03 AM Tom Christie <christ...@gmail.com> >>>>> wrote: >>>>> >>>>>> Heya, >>>>>> >>>>>> So the AutoSchema doesn't currently introspect and autogenerate >>>>>> `securitySchemes` and `security` sections. >>>>>> I think the closest a PR ever got to implementing that was here... >>>>>> https://github.com/encode/django-rest-framework/pull/6915 >>>>>> >>>>>> The best you can get at the moment is subclassing the >>>>>> `SchemaGenerator` >>>>>> <https://www.django-rest-framework.org/api-guide/schemas/#schema-level-customization>, >>>>>> in order to add in the extra sections manually, most likely by >>>>>> overriding `get_schema` >>>>>> <https://github.com/encode/django-rest-framework/blob/355afcf64b27a06c8b48c0291fa3eae61e0c3695/rest_framework/schemas/openapi.py#L67>, >>>>>> and including the extra keys. >>>>>> >>>>>> - T. >>>>>> >>>>>> On Wednesday, 12 August 2020 at 22:53:18 UTC+1 ad...@bit.io wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> Is there some magic to getting AutoSchema to generate an OpenAPI >>>>>>> spec that has a components:security: section? I've enabled the >>>>>>> authentication in settings.py, but I'm not seeing any security section >>>>>>> in >>>>>>> my OpenAPI schema. >>>>>>> >>>>>>> I'd expect to see: >>>>>>> >>>>>>> "components": { >>>>>>> "securitySchemes": { >>>>>>> "bearerAuth": { >>>>>>> "type": "http", >>>>>>> "scheme": "bearer" >>>>>>> } >>>>>>> } >>>>>>> }, >>>>>>> "security": [ >>>>>>> { >>>>>>> "bearerAuth": [] >>>>>>> } >>>>>>> ] >>>>>>> >>>>>>> But don't, which means my code generated from the schema is unaware >>>>>>> of the bearerToken requirements. Has anyone seen a similar problem/know >>>>>>> what I'm doing wrong? >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> -Adam >>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Django REST framework" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to django-rest-fram...@googlegroups.com. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/django-rest-framework/a4dd4cf4-ff5c-4df6-b6e8-b5165e593ac3n%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/django-rest-framework/a4dd4cf4-ff5c-4df6-b6e8-b5165e593ac3n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django REST framework" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-rest-framework+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-rest-framework/b1e55326-c335-4957-8963-89b21621de2bn%40googlegroups.com >>> <https://groups.google.com/d/msgid/django-rest-framework/b1e55326-c335-4957-8963-89b21621de2bn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "Django REST framework" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-rest-framework+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-rest-framework/CAJaAdZiK%2B82FSdqUjbGhSh%2BTT7XzpdyGKzEPPCgTRN8N9Ap6Pw%40mail.gmail.com > <https://groups.google.com/d/msgid/django-rest-framework/CAJaAdZiK%2B82FSdqUjbGhSh%2BTT7XzpdyGKzEPPCgTRN8N9Ap6Pw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/CAEP43uNNNyok-vr_z5Ud%3DDdKW0cGXnwvq1K5RJh%2BW1nUtPBbAA%40mail.gmail.com.
